v36.2.0

feat(event): deprecate parameter and functions using legacy crypto (#4697 ) (#4700 )
(cherry picked from commit 6b93e11e2c) Co-authored-by: Florian D <florianduros@element.io>
2025-02-11 14:23:11 +00:00 · 2025-02-06 14:53:08 +00:00 · 2025-02-04 12:29:59 +00:00 · 2025-02-03 14:25:56 +00:00 · 2025-02-03 09:03:58 +00:00 · 2025-02-03 08:48:00 +00:00
384 changed files with 20327 additions and 11983 deletions
@@ -1,22 +0,0 @@
-{
-    "sourceMaps": true,
-    "presets": [
-        [
-            "@babel/preset-env",
-            {
-                "targets": {
-                    "node": 10
-                },
-                "modules": "commonjs"
-            }
-        ],
-        "@babel/preset-typescript"
-    ],
-    "plugins": [
-        "@babel/plugin-proposal-numeric-separator",
-        "@babel/plugin-proposal-class-properties",
-        "@babel/plugin-proposal-object-rest-spread",
-        "@babel/plugin-syntax-dynamic-import",
-        "@babel/plugin-transform-runtime"
-    ]
-}
@@ -1,5 +1,5 @@
 module.exports = {
-    plugins: ["matrix-org", "import", "jsdoc"],
+    plugins: ["matrix-org", "import", "jsdoc", "n"],
    extends: ["plugin:matrix-org/babel", "plugin:matrix-org/jest", "plugin:import/typescript"],
    parserOptions: {
        project: ["./tsconfig.json"],
@@ -49,6 +49,26 @@ module.exports = {
            },
        ],

+        "no-restricted-properties": [
+            "error",
+            {
+                object: "window",
+                property: "setImmediate",
+                message: "Use setTimeout instead.",
+            },
+        ],
+        "no-restricted-globals": [
+            "error",
+            {
+                name: "setImmediate",
+                message: "Use setTimeout instead.",
+            },
+            {
+                name: "global",
+                message: "Use globalThis instead.",
+            },
+        ],
+
        "import/no-restricted-paths": [
            "error",
            {
@@ -92,10 +112,8 @@ module.exports = {
                "@typescript-eslint/ban-ts-comment": "off",
                // We're okay with assertion errors when we ask for them
                "@typescript-eslint/no-non-null-assertion": "off",
-
-                // The non-TypeScript rule produces false positives
-                "func-call-spacing": "off",
-                "@typescript-eslint/func-call-spacing": ["error"],
+                // We do this sometimes to brand interfaces
+                "@typescript-eslint/no-empty-object-type": "off",

                "quotes": "off",
                // We use a `logger` intermediary module
@@ -112,6 +130,15 @@ module.exports = {
                // These need a bit more work before we can enable
                // "jsdoc/check-param-names": "error",
                // "jsdoc/check-indentation": "error",
+                // Ensure .ts extension on imports outside of tests
+                "n/file-extension-in-import": [
+                    "error",
+                    "always",
+                    {
+                        tryExtensions: [".ts"],
+                    },
+                ],
+                "no-extra-boolean-cast": "error",
            },
        },
        {
@@ -2,11 +2,13 @@
 /.github/workflows/**     @matrix-org/element-web-team
 /package.json             @matrix-org/element-web-team
 /yarn.lock                @matrix-org/element-web-team
+/scripts/**               @matrix-org/element-web-team
 /src/webrtc               @matrix-org/element-call-reviewers
 /src/matrixrtc               @matrix-org/element-call-reviewers
 /spec/*/webrtc            @matrix-org/element-call-reviewers
 /spec/*/matrixrtc            @matrix-org/element-call-reviewers

+/src/crypto-api           @matrix-org/element-crypto-web-reviewers
 /src/crypto               @matrix-org/element-crypto-web-reviewers
 /src/rust-crypto          @matrix-org/element-crypto-web-reviewers
 /spec/integ/crypto        @matrix-org/element-crypto-web-reviewers
@@ -2,7 +2,7 @@

 ## Checklist

-   [ ] Tests written for new code (and old code if feasible).
-   [ ] New or updated `public`/`exported` symbols have accurate [TSDoc](https://tsdoc.org/) documentation.
-   [ ] Linter and other CI checks pass.
-   [ ] Sign-off given on the changes (see [CONTRIBUTING.md](https://github.com/matrix-org/matrix-js-sdk/blob/develop/CONTRIBUTING.md)).
+- [ ] Tests written for new code (and old code if feasible).
+- [ ] New or updated `public`/`exported` symbols have accurate [TSDoc](https://tsdoc.org/) documentation.
+- [ ] Linter and other CI checks pass.
+- [ ] Sign-off given on the changes (see [CONTRIBUTING.md](https://github.com/matrix-org/matrix-js-sdk/blob/develop/CONTRIBUTING.md)).
@@ -22,7 +22,7 @@ runs:

        - name: Upload tarball signature
          if: ${{ inputs.upload-url }}
-          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
          with:
              upload_url: ${{ inputs.upload-url }}
              asset_path: ${{ env.VERSION }}.tar.gz.asc
@@ -29,13 +29,13 @@ runs:

        - name: Upload asset signatures
          if: inputs.gpg-fingerprint
-          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
          with:
              upload_url: ${{ inputs.upload-url }}
              asset_path: ${{ inputs.asset-path }}.asc

        - name: Upload assets
-          uses: shogo82148/actions-upload-release-asset@8f032eff0255912cc9c8455797fd6d72f25c7ab7 # v1
+          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
          with:
              upload_url: ${{ inputs.upload-url }}
              asset_path: ${{ inputs.asset-path }}
@@ -0,0 +1,43 @@
+- name: "A-Element-R"
+  description: "Issues affecting the port of Element's crypto layer to Rust"
+  color: "bfd4f2"
+- name: "A-Packaging"
+  description: "Packaging, signing, releasing"
+  color: "bfd4f2"
+- name: "A-Technical-Debt"
+  color: "bfd4f2"
+- name: "A-Testing"
+  description: "Testing, code coverage, etc."
+  color: "bfd4f2"
+- name: "backport staging"
+  description: "Label to automatically backport PR to staging branch"
+  color: "B60205"
+- name: "Dependencies"
+  description: "Pull requests that update a dependency file"
+  color: "0366d6"
+- name: "Easy"
+  color: "5dc9f7"
+- name: "Sponsored"
+  color: "ffc8f4"
+- name: "T-Deprecation"
+  description: "A pull request that makes something deprecated"
+  color: "98e6ae"
+- name: "T-Other"
+  description: "Questions, user support, anything else"
+  color: "98e6ae"
+- name: "X-Blocked"
+  color: "ff7979"
+- name: "X-Breaking-Change"
+  color: "ff7979"
+- name: "X-Reverted"
+  description: "PR has been reverted"
+  color: "F68AA3"
+- name: "X-Upcoming-Release-Blocker"
+  description: "This does not affect the current release cycle but will affect the next one"
+  color: "e99695"
+- name: "Z-Community-PR"
+  description: "Issue is solved by a community member's PR"
+  color: "ededed"
+- name: "Z-Flaky-Test"
+  description: "A test is raising false alarms"
+  color: "ededed"
@@ -7,10 +7,12 @@ on:
        branches:
            - develop

+permissions: {} # We use ELEMENT_BOT_TOKEN instead
+
 jobs:
    backport:
        name: Backport
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        # Only react to merged PRs for security reasons.
        # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target.
        if: >
@@ -5,16 +5,19 @@ on:
        workflows: ["Static Analysis"]
        types:
            - completed
-
+permissions: {}
 jobs:
    netlify:
        if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
+        permissions:
+            actions: read
+            deployments: write
        steps:
            - name: 📥 Download artifact
              uses: actions/download-artifact@v4
              with:
-                  github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  github-token: ${{ secrets.GITHUB_TOKEN }}
                  run-id: ${{ github.event.workflow_run.id }}
                  name: docs
                  path: docs
@@ -13,7 +13,7 @@ on:
    #
    #push:
    #    branches: [develop, master]
-
+permissions: {} # No permissions required
 concurrency:
    group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch || github.run_id }}
    cancel-in-progress: ${{ github.event.workflow_run.event == 'pull_request' }}
@@ -21,13 +21,13 @@ concurrency:
 jobs:
    playwright:
        name: Playwright
-        uses: matrix-org/matrix-react-sdk/.github/workflows/end-to-end-tests.yaml@develop
+        uses: element-hq/element-web/.github/workflows/end-to-end-tests.yaml@develop
        permissions:
            actions: read
            issues: read
            pull-requests: read
        with:
-            react-sdk-repository: matrix-org/matrix-react-sdk
+            matrix-js-sdk-sha: ${{ github.sha }}
            # We only want to run the playwright tests on merge queue to prevent regressions
            # from creeping in. They take a long time to run and consume multiple concurrent runners.
            skip: ${{ github.event_name != 'merge_group' }}
@@ -3,6 +3,7 @@ on:
    push:
        branches: [develop]
 concurrency: ${{ github.workflow }}-${{ github.ref }}
+permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
    notify-downstream:
        # Only respect triggers from our develop branch, ignore that of forks
@@ -12,12 +13,10 @@ jobs:
            fail-fast: false
            matrix:
                include:
-                    - repo: vector-im/element-web
+                    - repo: element-hq/element-web
                      event: element-web-notify
-                    - repo: matrix-org/matrix-react-sdk
-                      event: upstream-sdk-notify

-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
              uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
@@ -9,12 +9,13 @@ on:
            ELEMENT_BOT_TOKEN:
                required: true
 concurrency: ${{ github.workflow }}-${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
    changelog:
        name: Preview Changelog
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
-            - uses: mheap/github-action-required-labels@132879b972cb7f2ac593006455875098e73cc7f2 # v5
+            - uses: mheap/github-action-required-labels@388fd6af37b34cdfe5a23b37060e763217e58b03 # v5
              if: github.event_name != 'merge_group'
              with:
                  labels: |
@@ -29,7 +30,7 @@ jobs:

    prevent-blocked:
        name: Prevent Blocked
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        permissions:
            pull-requests: read
        steps:
@@ -42,8 +43,10 @@ jobs:

    community-prs:
        name: Label Community PRs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: github.event.action == 'opened'
+        permissions:
+            pull-requests: write
        steps:
            - name: Check membership
              if: github.event.pull_request.user.login != 'renovate[bot]'
@@ -69,7 +72,7 @@ jobs:

    close-if-fork-develop:
        name: Forbid develop branch fork contributions
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: >
            github.event.action == 'opened' &&
            github.event.pull_request.head.ref == 'develop' &&
@@ -0,0 +1,38 @@
+name: Release Sanity checks
+on:
+    workflow_call:
+        secrets:
+            ELEMENT_BOT_TOKEN:
+                required: false
+        inputs:
+            repository:
+                type: string
+                required: false
+                default: ${{ github.repository }}
+                description: "The repository (in form owner/repo) to check for release blockers"
+
+permissions: {}
+jobs:
+    checks:
+        name: Sanity checks
+        runs-on: ubuntu-24.04
+        steps:
+            - name: Check for X-Release-Blocker label on any open issues or PRs
+              uses: actions/github-script@v7
+              env:
+                  REPO: ${{ inputs.repository }}
+              with:
+                  github-token: ${{ secrets.ELEMENT_BOT_TOKEN || secrets.GITHUB_TOKEN }}
+                  script: |
+                      const { REPO } = process.env;
+                      const { data } = await github.rest.search.issuesAndPullRequests({
+                          q: `repo:${REPO} label:X-Release-Blocker is:open`,
+                          per_page: 50,
+                      });
+
+                      if (data.total_count) {
+                          data.items.forEach(item => {
+                              core.error(`Release blocker: ${item.html_url}`);
+                          });
+                          core.setFailed(`Found release blockers!`);
+                      }
@@ -8,9 +8,12 @@ on:
                type: string
                required: false
 concurrency: release-drafter-action
+permissions: {}
 jobs:
    draft:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
+        permissions:
+            contents: write
        steps:
            - name: 🧮 Checkout code
              uses: actions/checkout@v4
@@ -56,7 +59,7 @@ jobs:
                  script: |
                      const { RELEASE_ID: releaseId, DEPENDENCY, VERSION } = process.env;
                      const { owner, repo } = context.repo;
-                      const script = require("./.action-repo/scripts/release/merge-release-notes.js");
+                      const script = require("./.action-repo/scripts/release/merge-release-notes.cjs");

                      let deps = [];
                      if (DEPENDENCY.includes("/")) {
@@ -8,6 +8,9 @@ on:
        branches: [staging]
    workflow_dispatch: {}
 concurrency: ${{ github.workflow }}
+permissions: {}
 jobs:
    draft:
+        permissions:
+            contents: write
        uses: matrix-org/matrix-js-sdk/.github/workflows/release-drafter-workflow.yml@develop
@@ -13,12 +13,14 @@ on:
                type: string
                required: false
 concurrency: ${{ github.workflow }}
+permissions: {} # Uses ELEMENT_BOT_TOKEN
 jobs:
    merge:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4
              with:
+                  # We will be pushing to this branch and want the CI to run after we do so we cannot use the GITHUB_TOKEN
                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                  fetch-depth: 0

@@ -34,6 +36,7 @@ jobs:
            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install --frozen-lockfile"
@@ -48,9 +51,6 @@ jobs:
                  git checkout develop
                  git merge -X ours master

-            - name: Run post-merge-master script to revert package.json fields
-              run: ./.action-repo/scripts/release/post-merge-master.sh
-
            - name: Reset dependencies
              if: inputs.dependencies
              run: |
@@ -60,26 +60,25 @@ jobs:
                      CURRENT_VERSION=$(cat package.json | jq -r .dependencies[\"$PACKAGE\"])
                      echo "Current $PACKAGE version is $CURRENT_VERSION"

-                      if [ "$CURRENT_VERSION" == "null" ]
+                      if [[ "$CURRENT_VERSION" == "null" ]]
                      then
                          echo "Unable to find $PACKAGE in package.json"
                          exit 1
                      fi

-                      if [ "$CURRENT_VERSION" == "develop" ]
+                      if [[ "$CURRENT_VERSION" == *"#develop" ]]
                      then
                          echo "Not updating dependency $PACKAGE"
                          continue
                      fi

-                      echo "Resetting $1 to develop branch..."
+                      echo "Resetting $PACKAGE to develop branch..."
                      yarn add "github:matrix-org/$PACKAGE#develop"
                      git add -u
                      git commit -m "Reset $PACKAGE back to develop branch"
                  done <<< "$DEPENDENCIES"
              env:
                  DEPENDENCIES: ${{ inputs.dependencies }}
-                  FINAL: ${{ inputs.final }}

            - name: Push changes
              run: git push origin develop
@@ -20,14 +20,6 @@ on:
                description: Publish to npm
                type: boolean
                default: false
-            downstreams:
-                description: List of github projects (owner/repo) which should have their dependency bumped to the newly released version (in JSON string array string syntax)
-                type: string
-                required: false
-            include-changes:
-                description: Project to include changelog entries from in this release.
-                type: string
-                required: false
            gpg-fingerprint:
                description: Fingerprint of the GPG key to use for signing the git tag and assets, if any.
                type: string
@@ -42,16 +34,31 @@ on:
                description: The number of expected assets, including signatures, excluding generated zip & tarball.
                type: number
                required: false
+        outputs:
+            npm-id:
+                description: "The npm package@version string we published"
+                value: ${{ jobs.npm.outputs.id }}
+permissions: {}
 jobs:
+    checks:
+        name: Sanity checks
+        permissions:
+            issues: read
+            pull-requests: read
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-checks.yml@develop
+
    release:
        name: Release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        environment: Release
+        needs: checks
+        permissions:
+            contents: write
        steps:
            - name: Load GPG key
              id: gpg
              if: inputs.gpg-fingerprint
-              uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6
+              uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6
              with:
                  gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
                  passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -69,6 +76,7 @@ jobs:
            - uses: actions/checkout@v4
              with:
                  ref: staging
+                  # We will be pushing to this branch and want the CI to run after we do so we cannot use the GITHUB_TOKEN
                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                  fetch-depth: 0

@@ -120,6 +128,7 @@ jobs:
            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install dependencies
              run: "yarn install --frozen-lockfile"
@@ -139,7 +148,9 @@ jobs:
                  done

            - name: Bump package.json version
-              run: yarn version --no-git-tag-version --new-version "${VERSION#v}"
+              run: |
+                  yarn version --no-git-tag-version --new-version "${VERSION#v}"
+                  git add package.json

            - name: Add to CHANGELOG.md
              if: inputs.final
@@ -161,11 +172,6 @@ jobs:
              env:
                  RELEASE_NOTES: ${{ steps.draft-release.outputs.body }}

-            - name: Run pre-release script to update package.json fields
-              run: |
-                  ./.action-repo/scripts/release/pre-release.sh
-                  git add package.json
-
            - name: Commit changes
              run: git commit -m "$VERSION"

@@ -279,7 +285,9 @@ jobs:
    post-release:
        name: Post release steps
        needs: release
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
+        permissions:
+            issues: write
        steps:
            - id: repository
              run: echo "REPO=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT
@@ -303,29 +311,3 @@ jobs:
    #                  wait-interval: 10
    #                  check-name: merge
    #                  allowed-conclusions: success
-
-    bump-downstreams:
-        name: Update npm dependency in downstream projects
-        needs: npm
-        runs-on: ubuntu-latest
-        if: inputs.downstreams
-        strategy:
-            matrix:
-                repo: ${{ fromJSON(inputs.downstreams) }}
-        steps:
-            - uses: actions/checkout@v4
-              with:
-                  repository: ${{ matrix.repo }}
-                  ref: staging
-                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
-
-            - name: Bump dependency
-              env:
-                  DEPENDENCY: ${{ needs.npm.outputs.id }}
-              run: |
-                  git config --global user.email "releases@riot.im"
-                  git config --global user.name "RiotRobot"
-                  yarn upgrade "$DEPENDENCY" --exact
-                  git add package.json yarn.lock
-                  git commit -am"Upgrade dependency to $DEPENDENCY"
-                  git push origin staging
@@ -8,10 +8,11 @@ on:
            id:
                description: "The npm package@version string we published"
                value: ${{ jobs.npm.outputs.id }}
+permissions: {} # No permissions required
 jobs:
    npm:
        name: Publish to npm
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        outputs:
            id: ${{ steps.npm-publish.outputs.id }}
        steps:
@@ -25,6 +26,7 @@ jobs:
              with:
                  cache: "yarn"
                  registry-url: "https://registry.npmjs.org"
+                  node-version-file: package.json

            - name: 🔨 Install dependencies
              run: "yarn install --frozen-lockfile"
@@ -38,6 +40,10 @@ jobs:
                  tag: next
                  ignore-scripts: false

+            - name: Check npm package was published
+              if: steps.npm-publish.outputs.id == ''
+              run: exit 1
+
            - name: 🎖️ Add `latest` dist-tag to final releases
              if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.')
              run: npm dist-tag add "$release" latest
@@ -21,20 +21,55 @@ on:
                type: boolean
                default: true
 concurrency: ${{ github.workflow }}
+permissions: {} # No permissions required
 jobs:
    release:
        uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop
+        permissions:
+            contents: write
+            issues: write
+            pull-requests: read
        secrets: inherit
        with:
            final: ${{ inputs.mode == 'final' }}
            npm: ${{ inputs.npm }}
-            downstreams: '["matrix-org/matrix-react-sdk", "element-hq/element-web"]'
+
+    bump-downstreams:
+        name: Update npm dependency in downstream projects
+        needs: release
+        runs-on: ubuntu-24.04
+        strategy:
+            matrix:
+                repo:
+                    - element-hq/element-web
+        steps:
+            - uses: actions/checkout@v4
+              with:
+                  repository: ${{ matrix.repo }}
+                  ref: staging
+                  token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+                  node-version: "lts/*"
+
+            - name: Bump dependency
+              env:
+                  DEPENDENCY: ${{ needs.release.outputs.npm-id }}
+              run: |
+                  git config --global user.email "releases@riot.im"
+                  git config --global user.name "RiotRobot"
+                  yarn upgrade "$DEPENDENCY" --exact
+                  git add package.json yarn.lock
+                  git commit -am"Upgrade dependency to $DEPENDENCY"
+                  git push origin staging

    docs:
        name: Publish Documentation
        needs: release
        if: inputs.docs
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - name: 🧮 Checkout code
              uses: actions/checkout@v4
@@ -43,6 +78,7 @@ jobs:
              uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: 🔨 Install dependencies
              run: "yarn install --frozen-lockfile"
@@ -59,7 +95,7 @@ jobs:
        environment:
            name: github-pages
            url: ${{ steps.deployment.outputs.page_url }}
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        needs: docs
        # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
        permissions:
@@ -5,23 +5,29 @@ on:
        secrets:
            SONAR_TOKEN:
                required: true
+            # No longer used
            ELEMENT_BOT_TOKEN:
-                required: true
+                required: false
        inputs:
            sharded:
                type: boolean
                required: false
                description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact"
+permissions: {}
 jobs:
    sonarqube:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: |
            github.event.workflow_run.conclusion == 'success' &&
            github.event.workflow_run.event != 'merge_group'
+        permissions:
+            actions: read
+            statuses: write
+            id-token: write # sonar
        steps:
            # We create the status here and then update it to success/failure in the `report` stage
            # This provides an easy link to this workflow_run from the PR before Sonarcloud is done.
-            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+            - uses: guibranco/github-status-action-v2@ecd54a02cf761e85a8fb328fe937710fd4227cda
              with:
                  authToken: ${{ secrets.GITHUB_TOKEN }}
                  state: pending
@@ -30,7 +36,7 @@ jobs:
                  target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

            - name: "🧮 Checkout code"
-              uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
              with:
                  repository: ${{ github.event.workflow_run.head_repository.full_name }}
                  ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow
@@ -40,7 +46,7 @@ jobs:
              uses: actions/download-artifact@v4
              if: ${{ !inputs.sharded }}
              with:
-                  github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  github-token: ${{ secrets.GITHUB_TOKEN }}
                  run-id: ${{ github.event.workflow_run.id }}
                  name: coverage
                  path: coverage
@@ -48,22 +54,28 @@ jobs:
              uses: actions/download-artifact@v4
              if: inputs.sharded
              with:
-                  github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  github-token: ${{ secrets.GITHUB_TOKEN }}
                  run-id: ${{ github.event.workflow_run.id }}
                  pattern: coverage-*
                  path: coverage
                  merge-multiple: true
+            - name: Check coverage artifact
+              run: |
+                  if [ ! -d coverage ]; then
+                      echo "Coverage not found. Exiting with failure."
+                      exit 1
+                  fi

            - id: extra_args
              run: |
                  coverage=$(find coverage -type f -name '*lcov.info' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
                  echo "sonar.javascript.lcov.reportPaths=$coverage" >> sonar-project.properties
-                  reports=$(find coverage -type f -name 'jest-sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
+                  reports=$(find coverage -type f -name '*sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
                  echo "sonar.testExecutionReportPaths=$reports" >> sonar-project.properties

            - name: "🩻 SonarCloud Scan"
              id: sonarcloud
-              uses: matrix-org/sonarcloud-workflow-action@v3.2
+              uses: matrix-org/sonarcloud-workflow-action@v3.3
              # workflow_run fails report against the develop commit always, we don't want that for PRs
              continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }}
              with:
@@ -75,7 +87,7 @@ jobs:
                  revision: ${{ github.event.workflow_run.head_sha }}
                  token: ${{ secrets.SONAR_TOKEN }}

-            - uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+            - uses: guibranco/github-status-action-v2@ecd54a02cf761e85a8fb328fe937710fd4227cda
              if: always()
              with:
                  authToken: ${{ secrets.GITHUB_TOKEN }}
@@ -7,10 +7,15 @@ on:
 concurrency:
    group: ${{ github.workflow }}-${{ github.event.workflow_run.head_branch }}
    cancel-in-progress: true
+permissions: {}
 jobs:
    sonarqube:
        name: 🩻 SonarQube
        if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event != 'merge_group'
+        permissions:
+            actions: read
+            statuses: write
+            id-token: write # sonar
        uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
        secrets:
            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
@@ -8,16 +8,18 @@ on:
 concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true
+permissions: {} # No permissions needed
 jobs:
    ts_lint:
        name: "Typescript Syntax Check"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install"
@@ -25,25 +27,16 @@ jobs:
            - name: Typecheck
              run: "yarn run lint:types"

-            - name: Switch js-sdk to release mode
-              run: |
-                  scripts/switch_package_to_release.js
-                  yarn install
-                  yarn run build:compile
-                  yarn run build:types
-
-            - name: Typecheck (release mode)
-              run: "yarn run lint:types"
-
    js_lint:
        name: "ESLint"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install"
@@ -51,8 +44,8 @@ jobs:
            - name: Run Linter
              run: "yarn run lint:js"

-    workflow_lint:
-        name: "Workflow Lint"
+    node_example_lint:
+        name: "Node.js example"
        runs-on: ubuntu-latest
        steps:
            - uses: actions/checkout@v4
@@ -60,6 +53,42 @@ jobs:
            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json
+
+            - name: Install Deps
+              run: "yarn install"
+
+            - name: Build Types
+              run: "yarn build:types"
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "npm"
+                  node-version-file: "examples/node/package.json"
+                  # cache-dependency-path: '**/package-lock.json'
+
+            - name: Install Example Deps
+              run: "npm install"
+              working-directory: "examples/node"
+
+            - name: Check Syntax
+              run: "node --check app.js"
+              working-directory: "examples/node"
+
+            - name: Typecheck
+              run: "npx tsc"
+              working-directory: "examples/node"
+
+    workflow_lint:
+        name: "Workflow Lint"
+        runs-on: ubuntu-24.04
+        steps:
+            - uses: actions/checkout@v4
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install --frozen-lockfile"
@@ -69,19 +98,20 @@ jobs:

    docs:
        name: "JSDoc Checker"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install"

            - name: Generate Docs
-              run: "yarn run gendoc --treatWarningsAsErrors"
+              run: "yarn run gendoc --treatWarningsAsErrors --suppressCommentWarningsInDeclarationFiles"

            - name: Upload Artifact
              uses: actions/upload-artifact@v4
@@ -93,16 +123,51 @@ jobs:

    analyse_dead_code:
        name: "Analyse Dead Code"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/checkout@v4

            - uses: actions/setup-node@v4
              with:
                  cache: "yarn"
+                  node-version-file: package.json

            - name: Install Deps
              run: "yarn install --frozen-lockfile"

            - name: Run linter
              run: "yarn run lint:knip"
+
+    element-web:
+        name: Downstream tsc element-web
+        if: github.event_name == 'merge_group'
+        runs-on: ubuntu-24.04
+        steps:
+            - uses: actions/checkout@v4
+              with:
+                  repository: element-hq/element-web
+
+            - uses: actions/setup-node@v4
+              with:
+                  cache: "yarn"
+                  node-version: "lts/*"
+
+            - name: Install Dependencies
+              run: "./scripts/layered.sh"
+              env:
+                  # tell layered.sh to check out the right sha of the JS-SDK
+                  JS_SDK_GITHUB_BASE_REF: ${{ github.sha }}
+
+            - name: Typecheck
+              run: "yarn run lint:types"
+
+    # Hook for branch protection to skip downstream typechecking outside of merge queues
+    downstream:
+        name: Downstream Typescript Syntax Check
+        runs-on: ubuntu-24.04
+        if: always()
+        needs:
+            - element-web
+        steps:
+            - if: needs.element-web.result != 'skipped' && needs.element-web.result != 'success'
+              run: exit 1
@@ -0,0 +1,22 @@
+name: Sync labels
+on:
+    workflow_dispatch: {}
+    schedule:
+        - cron: "0 1 * * *" # 1am every day
+    push:
+        branches:
+            - develop
+        paths:
+            - .github/labels.yml
+permissions: {} # We use ELEMENT_BOT_TOKEN instead
+jobs:
+    sync-labels:
+        uses: element-hq/element-meta/.github/workflows/sync-labels.yml@develop
+        with:
+            LABELS: |
+                element-hq/element-meta
+                .github/labels.yml
+            DELETE: true
+            WET: true
+        secrets:
+            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
@@ -10,15 +10,16 @@ concurrency:
    cancel-in-progress: true
 env:
    ENABLE_COVERAGE: ${{ github.event_name != 'merge_group' }}
+permissions: {} # No permissions required
 jobs:
    jest:
        name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})"
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        timeout-minutes: 10
        strategy:
            matrix:
                specs: [integ, unit]
-                node: [18, "lts/*", 21]
+                node: ["lts/*", 22]
        steps:
            - name: Checkout code
              uses: actions/checkout@v4
@@ -63,26 +64,59 @@ jobs:
                      coverage
                      !coverage/lcov-report

-    matrix-react-sdk:
-        name: Downstream test matrix-react-sdk
+    # Dummy completion job to simplify branch protections
+    jest-complete:
+        name: Jest tests
+        needs: jest
+        if: always()
+        runs-on: ubuntu-24.04
+        steps:
+            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
+              run: exit 1
+
+    element-web:
+        name: Downstream test element-web
        if: github.event_name == 'merge_group'
-        uses: matrix-org/matrix-react-sdk/.github/workflows/tests.yml@develop
+        uses: element-hq/element-web/.github/workflows/tests.yml@develop
+        permissions:
+            statuses: write
        with:
            disable_coverage: true
            matrix-js-sdk-sha: ${{ github.sha }}

+    complement-crypto:
+        name: "Run Complement Crypto tests"
+        if: github.event_name == 'merge_group'
+        permissions: read-all
+        uses: matrix-org/complement-crypto/.github/workflows/single_sdk_tests.yml@main
+        with:
+            use_js_sdk: "."
+
+    # we need this so the job is reported properly when run in a merge queue
+    downstream-complement-crypto:
+        name: Downstream Complement Crypto tests
+        runs-on: ubuntu-24.04
+        if: always()
+        needs:
+            - complement-crypto
+        steps:
+            - if: needs.complement-crypto.result != 'skipped' && needs.complement-crypto.result != 'success'
+              run: exit 1
+
    # Hook for branch protection to skip downstream testing outside of merge queues
    # and skip sonarcloud coverage within merge queues
    downstream:
        name: Downstream tests
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        if: always()
        needs:
-            - matrix-react-sdk
+            - element-web
+        permissions:
+            statuses: write
        steps:
            - name: Skip SonarCloud on merge queues
              if: env.ENABLE_COVERAGE == 'false'
-              uses: Sibz/github-status-action@071b5370da85afbb16637d6eed8524a06bc2053e # v1
+              uses: guibranco/github-status-action-v2@ecd54a02cf761e85a8fb328fe937710fd4227cda
              with:
                  authToken: ${{ secrets.GITHUB_TOKEN }}
                  state: success
@@ -91,5 +125,5 @@ jobs:
                  sha: ${{ github.sha }}
                  target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

-            - if: needs.matrix-react-sdk.result != 'skipped' && needs.matrix-react-sdk.result != 'success'
+            - if: needs.element-web.result != 'skipped' && needs.element-web.result != 'success'
              run: exit 1
@@ -3,10 +3,10 @@ name: Move new issues into Issue triage board
 on:
    issues:
        types: [opened]
-
+permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
    automate-project-columns-next:
-        runs-on: ubuntu-latest
+        runs-on: ubuntu-24.04
        steps:
            - uses: actions/add-to-project@main
              with:
@@ -3,9 +3,9 @@ name: Move labelled issues to correct projects
 on:
    issues:
        types: [labeled]
-
+permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
    call-triage-labelled:
-        uses: vector-im/element-web/.github/workflows/triage-labelled.yml@develop
+        uses: element-hq/element-web/.github/workflows/triage-labelled.yml@develop
        secrets:
            ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
@@ -1,3 +1,370 @@
+Changes in [36.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.2.0) (2025-02-11)
+==================================================================================================
+## 🦖 Deprecations
+
+* [Backport staging] Deprecate parameter and functions using legacy crypto in `models/event.ts` ([#4700](https://github.com/matrix-org/matrix-js-sdk/pull/4700)). Contributed by @RiotRobot.
+
+## ✨ Features
+
+* Improve types around Terms ([#4674](https://github.com/matrix-org/matrix-js-sdk/pull/4674)). Contributed by @t3chguy.
+* Provide more options for starting dehydration ([#4664](https://github.com/matrix-org/matrix-js-sdk/pull/4664)). Contributed by @uhoreg.
+* Device Dehydration | js-sdk: store/load dehydration key ([#4599](https://github.com/matrix-org/matrix-js-sdk/pull/4599)). Contributed by @BillCarsonFr.
+* Add unspecced backup disable flag ([#4661](https://github.com/matrix-org/matrix-js-sdk/pull/4661)). Contributed by @dbkr.
+* Switch OIDC primarily to new `/auth_metadata` API ([#4626](https://github.com/matrix-org/matrix-js-sdk/pull/4626)). Contributed by @t3chguy.
+* Add `CryptoApi.resetEncryption` ([#4614](https://github.com/matrix-org/matrix-js-sdk/pull/4614)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+
+* Fix topic types ([#4678](https://github.com/matrix-org/matrix-js-sdk/pull/4678)). Contributed by @Half-Shot.
+* Handle empty m.room.topic ([#4673](https://github.com/matrix-org/matrix-js-sdk/pull/4673)). Contributed by @Half-Shot.
+* `CryptoApi.resetEncryption` should always create a new key backup ([#4648](https://github.com/matrix-org/matrix-js-sdk/pull/4648)). Contributed by @florianduros.
+
+
+Changes in [36.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.1.0) (2025-01-28)
+==================================================================================================
+## ✨ Features
+
+* Deprecate `MatrixClient.login` and replace with `loginRequest` ([#4632](https://github.com/matrix-org/matrix-js-sdk/pull/4632)). Contributed by @richvdh.
+* Use `SyncCryptoCallback` api instead of legacy crypto in sliding sync ([#4624](https://github.com/matrix-org/matrix-js-sdk/pull/4624)). Contributed by @florianduros.
+* Distinguish room state and timeline events in embedded clients ([#4574](https://github.com/matrix-org/matrix-js-sdk/pull/4574)). Contributed by @robintown.
+* Allow setting default secret storage key id to null ([#4615](https://github.com/matrix-org/matrix-js-sdk/pull/4615)). Contributed by @florianduros.
+* Add authenticated media to getAvatarUrl in room and room-member models ([#4616](https://github.com/matrix-org/matrix-js-sdk/pull/4616)). Contributed by @m004.
+* Send MSC3981 'recurse' param on `/relations` endpoint on Matrix 1.10 servers ([#4023](https://github.com/matrix-org/matrix-js-sdk/pull/4023)). Contributed by @dbkr.
+
+## 🐛 Bug Fixes
+
+* [Backport staging] Revert "Distinguish room state and timeline events in embedded clients (#4574)" ([#4657](https://github.com/matrix-org/matrix-js-sdk/pull/4657)). Contributed by @RiotRobot.
+* Change randomString et al to be secure ([#4621](https://github.com/matrix-org/matrix-js-sdk/pull/4621)). Contributed by @dbkr.
+* Fix issue with sentinels being incorrect on m.room.member events ([#4609](https://github.com/matrix-org/matrix-js-sdk/pull/4609)). Contributed by @t3chguy.
+
+
+Changes in [36.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.0.0) (2025-01-14)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove support for "legacy" MSC3898 group calling in MatrixRTCSession and CallMembership ([#4583](https://github.com/matrix-org/matrix-js-sdk/pull/4583)). Contributed by @toger5.
+
+## ✨ Features
+
+* MatrixRTC: Implement expiry logic for CallMembership and additional test coverage ([#4587](https://github.com/matrix-org/matrix-js-sdk/pull/4587)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Don't retry on 4xx responses ([#4601](https://github.com/matrix-org/matrix-js-sdk/pull/4601)). Contributed by @dbkr.
+* Upgrade matrix-sdk-crypto-wasm to 12.1.0 ([#4596](https://github.com/matrix-org/matrix-js-sdk/pull/4596)). Contributed by @andybalaam.
+* Avoid key prompts when resetting crypto ([#4586](https://github.com/matrix-org/matrix-js-sdk/pull/4586)). Contributed by @dbkr.
+* Handle when aud OIDC claim is an Array ([#4584](https://github.com/matrix-org/matrix-js-sdk/pull/4584)). Contributed by @liamdiprose.
+* Save the key backup key to 4S during `bootstrapSecretStorage ` ([#4542](https://github.com/matrix-org/matrix-js-sdk/pull/4542)). Contributed by @dbkr.
+* Only re-prepare MatrixrRTC delayed disconnection event on 404  ([#4575](https://github.com/matrix-org/matrix-js-sdk/pull/4575)). Contributed by @toger5.
+
+
+Changes in [35.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v35.1.0) (2024-12-18)
+==================================================================================================
+This release updates matrix-sdk-crypto-wasm to fix a bug which could prevent loading stored crypto state from storage.
+
+## 🐛 Bug Fixes
+
+* Upgrade matrix-sdk-crypto-wasm to 1.11.0 ([#4593](https://github.com/matrix-org/matrix-js-sdk/pull/4593)).
+
+
+Changes in [35.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v35.0.0) (2024-12-17)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+This release contains several breaking changes which will need code changes in your app. Most notably, `initCrypto()`
+no longer exists and has been moved to `initLegacyCrypto()` in preparation for the eventual removal of Olm. You can
+continue to use legacy Olm crypto for now by calling `initLegacyCrypto()` instead.
+
+You may also need to make further changes if you use more advanced APIs. See the individual PRs (listed in order of size of change) for specific APIs changed and how to migrate.
+
+* Rename `MatrixClient.initCrypto` into `MatrixClient.initLegacyCrypto` ([#4567](https://github.com/matrix-org/matrix-js-sdk/pull/4567)). Contributed by @florianduros.
+* Support MSC4222 `state_after` ([#4487](https://github.com/matrix-org/matrix-js-sdk/pull/4487)). Contributed by @dbkr.
+* Avoid use of Buffer as it does not exist in the Web natively ([#4569](https://github.com/matrix-org/matrix-js-sdk/pull/4569)). Contributed by @t3chguy.
+
+## 🦖 Deprecations
+
+* Deprecate remaining legacy functions and move `CryptoEvent.LegacyCryptoStoreMigrationProgress` handler ([#4560](https://github.com/matrix-org/matrix-js-sdk/pull/4560)). Contributed by @florianduros.
+
+## ✨ Features
+
+* Rename `MatrixClient.initCrypto` into `MatrixClient.initLegacyCrypto` ([#4567](https://github.com/matrix-org/matrix-js-sdk/pull/4567)). Contributed by @florianduros.
+* Avoid use of Buffer as it does not exist in the Web natively ([#4569](https://github.com/matrix-org/matrix-js-sdk/pull/4569)). Contributed by @t3chguy.
+* Re-send MatrixRTC media encryption keys for a new joiner even if a rotation is in progress ([#4561](https://github.com/matrix-org/matrix-js-sdk/pull/4561)). Contributed by @hughns.
+* Support MSC4222 `state_after` ([#4487](https://github.com/matrix-org/matrix-js-sdk/pull/4487)). Contributed by @dbkr.
+* Revert "Fix room state being updated with old (now overwritten) state and emitting for those updates. (#4242)" ([#4532](https://github.com/matrix-org/matrix-js-sdk/pull/4532)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Fix age field check in event echo processing ([#3635](https://github.com/matrix-org/matrix-js-sdk/pull/3635)). Contributed by @stas-demydiuk.
+
+
+Changes in [34.13.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.13.0) (2024-12-03)
+====================================================================================================
+## 🦖 Deprecations
+
+* Deprecate `MatrixClient.isEventSenderVerified` ([#4527](https://github.com/matrix-org/matrix-js-sdk/pull/4527)). Contributed by @florianduros.
+* Add `restoreKeybackup` to `CryptoApi`. ([#4476](https://github.com/matrix-org/matrix-js-sdk/pull/4476)). Contributed by @florianduros.
+
+## ✨ Features
+
+* Ensure we disambiguate display names which look like MXIDs ([#4540](https://github.com/matrix-org/matrix-js-sdk/pull/4540)). Contributed by @t3chguy.
+* Add `CryptoApi.getBackupInfo` ([#4512](https://github.com/matrix-org/matrix-js-sdk/pull/4512)). Contributed by @florianduros.
+* Fix local echo in embedded mode ([#4498](https://github.com/matrix-org/matrix-js-sdk/pull/4498)). Contributed by @toger5.
+* Add `restoreKeybackup` to `CryptoApi`. ([#4476](https://github.com/matrix-org/matrix-js-sdk/pull/4476)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+
+* Fix `RustBackupManager` remaining values after current backup removal ([#4537](https://github.com/matrix-org/matrix-js-sdk/pull/4537)). Contributed by @florianduros.
+
+
+Changes in [34.12.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.12.0) (2024-11-19)
+====================================================================================================
+## 🦖 Deprecations
+
+* Deprecate `MatrixClient.getKeyBackupVersion` ([#4505](https://github.com/matrix-org/matrix-js-sdk/pull/4505)). Contributed by @florianduros.
+* Deprecate unused callbacks in `CryptoCallbacks` ([#4501](https://github.com/matrix-org/matrix-js-sdk/pull/4501)). Contributed by @florianduros.
+
+## ✨ Features
+
+* Handle M\_MAX\_DELAY\_EXCEEDED errors ([#4511](https://github.com/matrix-org/matrix-js-sdk/pull/4511)). Contributed by @AndrewFerr.
+* Allow configuration of MatrixRTC timers when calling joinRoomSession() ([#4510](https://github.com/matrix-org/matrix-js-sdk/pull/4510)). Contributed by @hughns.
+* When state says you've left ongoing call, rejoin ([#4342](https://github.com/matrix-org/matrix-js-sdk/pull/4342)). Contributed by @AndrewFerr.
+* Remove redundant type arguments in function call ([#4507](https://github.com/matrix-org/matrix-js-sdk/pull/4507)). Contributed by @AndrewFerr.
+* MatrixRTCSession: handle rate limit errors ([#4494](https://github.com/matrix-org/matrix-js-sdk/pull/4494)). Contributed by @AndrewFerr.
+* Send/receive error details with widgets ([#4492](https://github.com/matrix-org/matrix-js-sdk/pull/4492)). Contributed by @AndrewFerr.
+* Capture HTTP error response headers \& handle Retry-After header (MSC4041) ([#4471](https://github.com/matrix-org/matrix-js-sdk/pull/4471)). Contributed by @AndrewFerr.
+* Add RoomWidgetClient.sendToDeviceViaWidgetApi() ([#4475](https://github.com/matrix-org/matrix-js-sdk/pull/4475)). Contributed by @hughns.
+
+
+Changes in [34.11.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.11.1) (2024-11-12)
+====================================================================================================
+# Security
+- Fixes for [CVE-2024-50336](https://nvd.nist.gov/vuln/detail/CVE-2024-50336) / [GHSA-xvg8-m4x3-w6xr](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr).
+
+Changes in [34.11.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.11.0) (2024-11-12)
+====================================================================================================
+# Security
+- Fixes for [CVE-2024-50336](https://nvd.nist.gov/vuln/detail/CVE-2024-50336) / [GHSA-xvg8-m4x3-w6xr](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-xvg8-m4x3-w6xr).
+
+Changes in [34.10.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.10.0) (2024-11-05)
+====================================================================================================
+## 🦖 Deprecations
+
+* Deprecate `CreateSecretStorageOpts.keyBackupInfo` used in `CryptoApi.bootstrapSecretStorage.` ([#4474](https://github.com/matrix-org/matrix-js-sdk/pull/4474)). Contributed by @florianduros.
+* Add CryptoApi.encryptToDeviceMessages() and deprecate Crypto.encryptAndSendToDevices() ([#4380](https://github.com/matrix-org/matrix-js-sdk/pull/4380)). Contributed by @hughns.
+* Remove abandoned MSC3886, MSC3903, MSC3906 experimental implementations ([#4469](https://github.com/matrix-org/matrix-js-sdk/pull/4469)). Contributed by @t3chguy.
+* Deprecate `MatrixClient.getDehydratedDevice` ([#4467](https://github.com/matrix-org/matrix-js-sdk/pull/4467)). Contributed by @florianduros.
+* Deprecate top level crypto events re-export ([#4444](https://github.com/matrix-org/matrix-js-sdk/pull/4444)). Contributed by @florianduros.
+
+## ✨ Features
+
+* Add CryptoApi.encryptToDeviceMessages() and deprecate Crypto.encryptAndSendToDevices() ([#4380](https://github.com/matrix-org/matrix-js-sdk/pull/4380)). Contributed by @hughns.
+* Do not rotate MatrixRTC media encryption key when a new member joins a session ([#4472](https://github.com/matrix-org/matrix-js-sdk/pull/4472)). Contributed by @hughns.
+* Avoid `<sender>|<session>` notation in log messages ([#4473](https://github.com/matrix-org/matrix-js-sdk/pull/4473)). Contributed by @richvdh.
+* Refactor/simplify Promises in MatrixRTCSession ([#4466](https://github.com/matrix-org/matrix-js-sdk/pull/4466)). Contributed by @AndrewFerr.
+* Prepare delayed call leave events more reliably ([#4447](https://github.com/matrix-org/matrix-js-sdk/pull/4447)). Contributed by @AndrewFerr.
+
+## 🐛 Bug Fixes
+
+* Fix DelayedEventInfo type ([#4446](https://github.com/matrix-org/matrix-js-sdk/pull/4446)). Contributed by @AndrewFerr.
+
+
+Changes in [34.9.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.9.0) (2024-10-22)
+==================================================================================================
+## 🦖 Deprecations
+
+* Deprecate the crypto events which are not used by the rust-crypto ([#4442](https://github.com/matrix-org/matrix-js-sdk/pull/4442)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+
+* Fix the rust crypto import in esm environments. ([#4445](https://github.com/matrix-org/matrix-js-sdk/pull/4445)). Contributed by @saul-jb.
+* Fix MatrixRTC sender key wrapping ([#4441](https://github.com/matrix-org/matrix-js-sdk/pull/4441)). Contributed by @hughns.
+
+
+Changes in [34.8.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.8.0) (2024-10-15)
+==================================================================================================
+This release removes insecure functionality, resolving CVE-2024-47080 / GHSA-4jf8-g8wp-cx7c.
+
+Changes in [34.7.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.7.0) (2024-10-08)
+==================================================================================================
+## 🦖 Deprecations
+
+* RTCSession cleanup: deprecate getKeysForParticipant() and getEncryption(); add emitEncryptionKeys() ([#4427](https://github.com/matrix-org/matrix-js-sdk/pull/4427)). Contributed by @hughns.
+
+## ✨ Features
+
+* Bump matrix-rust-sdk to 9.1.0 ([#4435](https://github.com/matrix-org/matrix-js-sdk/pull/4435)). Contributed by @richvdh.
+* Rotate Matrix RTC media encryption key when a new member joins a call for Post Compromise Security ([#4422](https://github.com/matrix-org/matrix-js-sdk/pull/4422)). Contributed by @hughns.
+* Update media event content types to include captions ([#4403](https://github.com/matrix-org/matrix-js-sdk/pull/4403)). Contributed by @tulir.
+* Update OIDC registration types to match latest MSC2966 state ([#4432](https://github.com/matrix-org/matrix-js-sdk/pull/4432)). Contributed by @t3chguy.
+* Add `CryptoApi.pinCurrentUserIdentity` and `UserIdentity.needsUserApproval` ([#4415](https://github.com/matrix-org/matrix-js-sdk/pull/4415)). Contributed by @richvdh.
+
+
+Changes in [34.6.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.6.0) (2024-09-24)
+==================================================================================================
+## 🦖 Deprecations
+
+* Element-R: Mark unsupported MatrixClient methods as deprecated ([#4389](https://github.com/matrix-org/matrix-js-sdk/pull/4389)). Contributed by @richvdh.
+
+## ✨ Features
+
+* Add crypto mode setting for invisible crypto, and apply it to decrypting events ([#4407](https://github.com/matrix-org/matrix-js-sdk/pull/4407)). Contributed by @uhoreg.
+* Don't share full key history for RTC per-participant encryption ([#4406](https://github.com/matrix-org/matrix-js-sdk/pull/4406)). Contributed by @hughns.
+* Export membership types ([#4405](https://github.com/matrix-org/matrix-js-sdk/pull/4405)). Contributed by @Johennes.
+* Fix sending redacts in embedded (widget) mode ([#4398](https://github.com/matrix-org/matrix-js-sdk/pull/4398)). Contributed by @toger5.
+* Expose the event ID of a call membership ([#4395](https://github.com/matrix-org/matrix-js-sdk/pull/4395)). Contributed by @robintown.
+* MSC4133 - Extended profiles ([#4391](https://github.com/matrix-org/matrix-js-sdk/pull/4391)). Contributed by @Half-Shot.
+
+
+Changes in [34.5.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.5.0) (2024-09-10)
+==================================================================================================
+## 🦖 Deprecations
+
+* Deprecate unused callback hooks `CryptoCallbacks.onSecretRequested` and `CryptoCallbacks.getDehydrationKey` ([#4376](https://github.com/matrix-org/matrix-js-sdk/pull/4376)). Contributed by @richvdh.
+
+
+Changes in [34.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.4.0) (2024-08-27)
+==================================================================================================
+## ✨ Features
+
+* Use non-legacy calls if any are found ([#4337](https://github.com/matrix-org/matrix-js-sdk/pull/4337)). Contributed by @AndrewFerr.
+
+## 🐛 Bug Fixes
+
+* Retry event decryption failures on first failure ([#4346](https://github.com/matrix-org/matrix-js-sdk/pull/4346)). Contributed by @hughns.
+* Ensure "type" = "module" ES declaration in pre-release.sh ([#4350](https://github.com/matrix-org/matrix-js-sdk/pull/4350)). Contributed by @BLCK-B.
+* Handle MatrixRTC encryption keys arriving out of order ([#4345](https://github.com/matrix-org/matrix-js-sdk/pull/4345)). Contributed by @hughns.
+* Resend MatrixRTC encryption keys if a membership has changed ([#4343](https://github.com/matrix-org/matrix-js-sdk/pull/4343)). Contributed by @hughns.
+
+
+Changes in [34.3.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.3.1) (2024-08-20)
+==================================================================================================
+# Security
+- Fixes for [CVE-2024-42369](https://nvd.nist.gov/vuln/detail/CVE-2024-42369) / [GHSA-vhr5-g3pm-49fm](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-vhr5-g3pm-49fm).
+
+Changes in [34.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.3.0) (2024-08-13)
+==================================================================================================
+## ✨ Features
+
+* Bump matrix-widget-api ([#4336](https://github.com/matrix-org/matrix-js-sdk/pull/4336)). Contributed by @AndrewFerr.
+* Also check for MSC3757 for session state keys ([#4334](https://github.com/matrix-org/matrix-js-sdk/pull/4334)). Contributed by @AndrewFerr.
+* Support Futures via widgets ([#4311](https://github.com/matrix-org/matrix-js-sdk/pull/4311)). Contributed by @AndrewFerr.
+* Support MSC4140: Delayed events (Futures) ([#4294](https://github.com/matrix-org/matrix-js-sdk/pull/4294)). Contributed by @AndrewFerr.
+* Handle late-arriving `m.room_key.withheld` messages ([#4310](https://github.com/matrix-org/matrix-js-sdk/pull/4310)). Contributed by @richvdh.
+* Be specific about what is considered a MSC4143 call member event. ([#4328](https://github.com/matrix-org/matrix-js-sdk/pull/4328)). Contributed by @toger5.
+* Add index.ts for matrixrtc module ([#4314](https://github.com/matrix-org/matrix-js-sdk/pull/4314)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Fix hashed ID server lookups with no Olm ([#4333](https://github.com/matrix-org/matrix-js-sdk/pull/4333)). Contributed by @dbkr.
+
+
+Changes in [34.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.2.0) (2024-07-30)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* Element-R: detect "withheld key" UTD errors, and mark them as such ([#4302](https://github.com/matrix-org/matrix-js-sdk/pull/4302)). Contributed by @richvdh.
+
+
+Changes in [34.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.1.0) (2024-07-16)
+==================================================================================================
+## ✨ Features
+
+* Add ability to choose how many timeline events to sync when peeking ([#4300](https://github.com/matrix-org/matrix-js-sdk/pull/4300)). Contributed by @jgarplind.
+* Remove redundant hack for using the old pickle key in rust crypto ([#4282](https://github.com/matrix-org/matrix-js-sdk/pull/4282)). Contributed by @richvdh.
+* Add fetching the well known in embedded mode. ([#4259](https://github.com/matrix-org/matrix-js-sdk/pull/4259)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Fix room state being updated with old (now overwritten) state and emitting for those updates. ([#4242](https://github.com/matrix-org/matrix-js-sdk/pull/4242)). Contributed by @toger5.
+* Fix incorrect "Olm is not available" errors ([#4301](https://github.com/matrix-org/matrix-js-sdk/pull/4301)). Contributed by @richvdh.
+* Fix build for example script ([#4286](https://github.com/matrix-org/matrix-js-sdk/pull/4286)). Contributed by @richvdh.
+* Declare matrix-js-sdk as an ES module ([#4285](https://github.com/matrix-org/matrix-js-sdk/pull/4285)). Contributed by @richvdh.
+
+
+Changes in [34.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v34.0.0) (2024-07-08)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Fetch capabilities in the background ([#4246](https://github.com/matrix-org/matrix-js-sdk/pull/4246)). Contributed by @dbkr.
+
+## ✨ Features
+
+* Prefix the user+device state key if needed ([#4262](https://github.com/matrix-org/matrix-js-sdk/pull/4262)). Contributed by @AndrewFerr.
+* Use legacy call membership if anyone else is ([#4260](https://github.com/matrix-org/matrix-js-sdk/pull/4260)). Contributed by @AndrewFerr.
+* Fetch capabilities in the background ([#4246](https://github.com/matrix-org/matrix-js-sdk/pull/4246)). Contributed by @dbkr.
+* Use server name instead of homeserver url to allow well-known lookups during QR OIDC reciprocation ([#4233](https://github.com/matrix-org/matrix-js-sdk/pull/4233)). Contributed by @t3chguy.
+* Add via parameter for MSC4156 ([#4247](https://github.com/matrix-org/matrix-js-sdk/pull/4247)). Contributed by @Johennes.
+* Make the js-sdk compatible with MSC preferred foci and active focus. ([#4195](https://github.com/matrix-org/matrix-js-sdk/pull/4195)). Contributed by @toger5.
+* Replace usages of setImmediate with setTimeout for wider compatibility ([#4240](https://github.com/matrix-org/matrix-js-sdk/pull/4240)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* [Backport staging] Fix "Unable to restore session" error ([#4299](https://github.com/matrix-org/matrix-js-sdk/pull/4299)). Contributed by @RiotRobot.
+* [Backport staging] Fix error when sending encrypted messages in large rooms ([#4297](https://github.com/matrix-org/matrix-js-sdk/pull/4297)). Contributed by @RiotRobot.
+* Element-R: Fix resource leaks in verification logic ([#4263](https://github.com/matrix-org/matrix-js-sdk/pull/4263)). Contributed by @richvdh.
+* Upgrade Rust Crypto SDK to 6.1.0 ([#4261](https://github.com/matrix-org/matrix-js-sdk/pull/4261)). Contributed by @richvdh.
+* Correctly transform base64 with multiple instances of + or / ([#4252](https://github.com/matrix-org/matrix-js-sdk/pull/4252)). Contributed by @robintown.
+* Work around spec bug for m.room.avatar state event content type ([#4245](https://github.com/matrix-org/matrix-js-sdk/pull/4245)). Contributed by @t3chguy.
+
+
+Changes in [33.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v33.1.0) (2024-06-18)
+==================================================================================================
+## ✨ Features
+
+* MSC4108 support OIDC QR code login ([#4134](https://github.com/matrix-org/matrix-js-sdk/pull/4134)). Contributed by @t3chguy.
+* Add crypto methods for export and import of secrets bundle ([#4227](https://github.com/matrix-org/matrix-js-sdk/pull/4227)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* Fix screen sharing in recent Chrome ([#4243](https://github.com/matrix-org/matrix-js-sdk/pull/4243)). Contributed by @RiotRobot.
+* Fix incorrect assumptions about required fields in /search response ([#4228](https://github.com/matrix-org/matrix-js-sdk/pull/4228)). Contributed by @t3chguy.
+* Fix the queueToDevice tests for the new fakeindexeddb ([#4225](https://github.com/matrix-org/matrix-js-sdk/pull/4225)). Contributed by @dbkr.
+
+
+Changes in [33.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v33.0.0) (2024-06-04)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove more deprecated methods, fields, and exports ([#4217](https://github.com/matrix-org/matrix-js-sdk/pull/4217)). Contributed by @t3chguy.
+* Remove deprecated methods and fields ([#4201](https://github.com/matrix-org/matrix-js-sdk/pull/4201)). Contributed by @t3chguy.
+
+## 🦖 Deprecations
+
+* Remove more deprecated methods, fields, and exports ([#4217](https://github.com/matrix-org/matrix-js-sdk/pull/4217)). Contributed by @t3chguy.
+* Remove deprecated methods and fields ([#4201](https://github.com/matrix-org/matrix-js-sdk/pull/4201)). Contributed by @t3chguy.
+
+## ✨ Features
+
+* `initRustCrypto`: allow app to pass in the store key directly ([#4210](https://github.com/matrix-org/matrix-js-sdk/pull/4210)). Contributed by @richvdh.
+* Preserve ESM for async imports to work correctly ([#4187](https://github.com/matrix-org/matrix-js-sdk/pull/4187)). Contributed by @ms-dosx86.
+
+## 🐛 Bug Fixes
+
+* Don't run migration for Rust crypto if the legacy store is empty ([#4218](https://github.com/matrix-org/matrix-js-sdk/pull/4218)). Contributed by @andybalaam.
+* Bump matrix-sdk-crypto-wasm to 5.0.0 ([#4216](https://github.com/matrix-org/matrix-js-sdk/pull/4216)). Contributed by @richvdh.
+* Wire up verification cancel \& mismatch for rust crypto ([#4202](https://github.com/matrix-org/matrix-js-sdk/pull/4202)). Contributed by @t3chguy.
+* Only pass id\_server if we had one to begin with ([#4200](https://github.com/matrix-org/matrix-js-sdk/pull/4200)). Contributed by @t3chguy.
+
+
+Changes in [32.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.4.0) (2024-05-22)
+==================================================================================================
+* No changes
+
+
+Changes in [32.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.3.0) (2024-05-21)
+==================================================================================================
+## ✨ Features
+
+* Simplify OIDC types \& export `decodeIdToken` ([#4193](https://github.com/matrix-org/matrix-js-sdk/pull/4193)). Contributed by @t3chguy.
+* Add helpers for authenticated media, and associated documentation ([#4185](https://github.com/matrix-org/matrix-js-sdk/pull/4185)). Contributed by @turt2live.
+
+## 🐛 Bug Fixes
+
+* Fix state\_events.ts types ([#4196](https://github.com/matrix-org/matrix-js-sdk/pull/4196)). Contributed by @t3chguy.
+* Fix sendEventHttpRequest for `m.room.redaction` events without `redacts` ([#4192](https://github.com/matrix-org/matrix-js-sdk/pull/4192)). Contributed by @t3chguy.
+
+
 Changes in [32.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v32.2.0) (2024-05-07)
 ==================================================================================================
 ## ✨ Features
@@ -21,6 +21,10 @@ endpoints from before Matrix 1.1, for example.

 # Quickstart

+> [!IMPORTANT]
+> Servers may require or use authenticated endpoints for media (images, files, avatars, etc). See the
+> [Authenticated Media](#authenticated-media) section for information on how to enable support for this.
+
 Using `yarn` instead of `npm` is recommended. Please see the Yarn [install guide](https://classic.yarnpkg.com/en/docs/install)
 if you do not have it already.

@@ -34,8 +38,8 @@ client.publicRooms(function (err, data) {
 });
 ```

-See below for how to include libolm to enable end-to-end-encryption. Please check
-[the Node.js terminal app](examples/node) for a more complex example.
+See [below](#end-to-end-encryption-support) for how to enable end-to-end-encryption, or check
+[the Node.js terminal app](https://github.com/matrix-org/matrix-js-sdk/tree/develop/examples/node) for a more complex example.

 To start the client:

@@ -89,31 +93,59 @@ Object.keys(client.store.rooms).forEach((roomId) => {
 });
 ```

+## Authenticated media
+
+Servers supporting [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916) (Matrix 1.11) will require clients, like
+yours, to include an `Authorization` header when `/download`ing or `/thumbnail`ing media. For NodeJS environments this
+may be as easy as the following code snippet, though web browsers may need to use [Service Workers](https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API)
+to append the header when using the endpoints in `<img />` elements and similar.
+
+```javascript
+const downloadUrl = client.mxcUrlToHttp(
+    /*mxcUrl=*/ "mxc://example.org/abc123", // the MXC URI to download/thumbnail, typically from an event or profile
+    /*width=*/ undefined, // part of the thumbnail API. Use as required.
+    /*height=*/ undefined, // part of the thumbnail API. Use as required.
+    /*resizeMethod=*/ undefined, // part of the thumbnail API. Use as required.
+    /*allowDirectLinks=*/ false, // should generally be left `false`.
+    /*allowRedirects=*/ true, // implied supported with authentication
+    /*useAuthentication=*/ true, // the flag we're after in this example
+);
+const img = await fetch(downloadUrl, {
+    headers: {
+        Authorization: `Bearer ${client.getAccessToken()}`,
+    },
+});
+// Do something with `img`.
+```
+
+> [!WARNING]
+> In future the js-sdk will _only_ return authentication-required URLs, mandating population of the `Authorization` header.
+
 ## What does this SDK do?

 This SDK provides a full object model around the Matrix Client-Server API and emits
 events for incoming data and state changes. Aside from wrapping the HTTP API, it:

-   Handles syncing (via `/sync`)
-   Handles the generation of "friendly" room and member names.
-   Handles historical `RoomMember` information (e.g. display names).
-   Manages room member state across multiple events (e.g. it handles typing, power
-    levels and membership changes).
-   Exposes high-level objects like `Rooms`, `RoomState`, `RoomMembers` and `Users`
-    which can be listened to for things like name changes, new messages, membership
-    changes, presence changes, and more.
-   Handle "local echo" of messages sent using the SDK. This means that messages
-    that have just been sent will appear in the timeline as 'sending', until it
-    completes. This is beneficial because it prevents there being a gap between
-    hitting the send button and having the "remote echo" arrive.
-   Mark messages which failed to send as not sent.
-   Automatically retry requests to send messages due to network errors.
-   Automatically retry requests to send messages due to rate limiting errors.
-   Handle queueing of messages.
-   Handles pagination.
-   Handle assigning push actions for events.
-   Handles room initial sync on accepting invites.
-   Handles WebRTC calling.
+- Handles syncing (via `/sync`)
+- Handles the generation of "friendly" room and member names.
+- Handles historical `RoomMember` information (e.g. display names).
+- Manages room member state across multiple events (e.g. it handles typing, power
+  levels and membership changes).
+- Exposes high-level objects like `Rooms`, `RoomState`, `RoomMembers` and `Users`
+  which can be listened to for things like name changes, new messages, membership
+  changes, presence changes, and more.
+- Handle "local echo" of messages sent using the SDK. This means that messages
+  that have just been sent will appear in the timeline as 'sending', until it
+  completes. This is beneficial because it prevents there being a gap between
+  hitting the send button and having the "remote echo" arrive.
+- Mark messages which failed to send as not sent.
+- Automatically retry requests to send messages due to network errors.
+- Automatically retry requests to send messages due to rate limiting errors.
+- Handle queueing of messages.
+- Handles pagination.
+- Handle assigning push actions for events.
+- Handles room initial sync on accepting invites.
+- Handles WebRTC calling.

 # Usage

@@ -159,6 +191,7 @@ As well as the primary entry point (`matrix-js-sdk`), there are several other en
 | `matrix-js-sdk/lib/crypto-api` | Cryptography functionality.                                                                         |
 | `matrix-js-sdk/lib/types`      | Low-level types, reflecting data structures defined in the Matrix spec.                             |
 | `matrix-js-sdk/lib/testing`    | Test utilities, which may be useful in test code but should not be used in production code.         |
+| `matrix-js-sdk/lib/utils/*.js` | A set of modules exporting standalone functions (and their types).                                  |

 ## Examples

@@ -270,44 +303,131 @@ Then visit `http://localhost:8005` to see the API docs.

 # End-to-end encryption support

-**This section is outdated.** Use of `libolm` is deprecated and we are replacing it with support
-from the matrix-rust-sdk (https://github.com/element-hq/element-web/issues/21972).
+`matrix-js-sdk`'s end-to-end encryption support is based on the [WebAssembly bindings](https://github.com/matrix-org/matrix-rust-sdk-crypto-wasm) of the Rust [matrix-sdk-crypto](https://github.com/matrix-org/matrix-rust-sdk/tree/main/crates/matrix-sdk-crypto) library.

-The SDK supports end-to-end encryption via the Olm and Megolm protocols, using
-[libolm](https://gitlab.matrix.org/matrix-org/olm). It is left up to the
-application to make libolm available, via the `Olm` global.
+## Initialization

-It is also necessary to call `await matrixClient.initCrypto()` after creating a new
-`MatrixClient` (but **before** calling `matrixClient.startClient()`) to
-initialise the crypto layer.
+**Do not use `matrixClient.initLegacyCrypto()`. This method is deprecated and no longer maintained.**

-If the `Olm` global is not available, the SDK will show a warning, as shown
-below; `initCrypto()` will also fail.
+To initialize the end-to-end encryption support in the matrix client:

-```
-Unable to load crypto module: crypto will be disabled: Error: global.Olm is not defined
+```javascript
+// Create a new matrix client
+const matrixClient = sdk.createClient({
+    baseUrl: "http://localhost:8008",
+    accessToken: myAccessToken,
+    userId: myUserId,
+});
+
+// Initialize to enable end-to-end encryption support.
+await matrixClient.initRustCrypto();
 ```

-If the crypto layer is not (successfully) initialised, the SDK will continue to
-work for unencrypted rooms, but it will not support the E2E parts of the Matrix
-specification.
+After calling `initRustCrypto`, you can obtain a reference to the [`CryptoApi`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html) interface, which is the main entry point for end-to-end encryption, by calling [`MatrixClient.getCrypto`](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html#getCrypto).

-To provide the Olm library in a browser application:
+**WARNING**: the cryptography stack is not thread-safe. Having multiple `MatrixClient` instances connected to the same Indexed DB will cause data corruption and decryption failures. The application layer is responsible for ensuring that only one `MatrixClient` issue is instantiated at a time.

-   download the transpiled libolm (from https://packages.matrix.org/npm/olm/).
-   load `olm.js` as a `<script>` _before_ `browser-matrix.js`.
+## Secret storage

-To provide the Olm library in a node.js application:
+You should normally set up [secret storage](https://spec.matrix.org/v1.12/client-server-api/#secret-storage) before using the end-to-end encryption. To do this, call [`CryptoApi.bootstrapSecretStorage`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html#bootstrapSecretStorage).
+`bootstrapSecretStorage` can be called unconditionally: it will only set up the secret storage if it is not already set up (unless you use the `setupNewSecretStorage` parameter).

-   `yarn add https://packages.matrix.org/npm/olm/olm-3.1.4.tgz`
-    (replace the URL with the latest version you want to use from
-    https://packages.matrix.org/npm/olm/)
-   `global.Olm = require('olm');` _before_ loading `matrix-js-sdk`.
+```javascript
+const matrixClient = sdk.createClient({
+    ...,
+    cryptoCallbacks: {
+        getSecretStorageKey: async (keys) => {
+            // This function should prompt the user to enter their secret storage key.
+            return mySecretStorageKeys;
+        },
+    },
+});

-If you want to package Olm as dependency for your node.js application, you can
-use `yarn add https://packages.matrix.org/npm/olm/olm-3.1.4.tgz`. If your
-application also works without e2e crypto enabled, add `--optional` to mark it
-as an optional dependency.
+matrixClient.getCrypto().bootstrapSecretStorage({
+    // This function will be called if a new secret storage key (aka recovery key) is needed.
+    // You should prompt the user to save the key somewhere, because they will need it to unlock secret storage in future.
+    createSecretStorageKey: async () => {
+        return mySecretStorageKey;
+    },
+});
+```
+
+The example above will create a new secret storage key if secret storage was not previously set up.
+The secret storage data will be encrypted using the secret storage key returned in [`createSecretStorageKey`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CreateSecretStorageOpts.html#createSecretStorageKey).
+
+We recommend that you prompt the user to re-enter this key when [`CryptoCallbacks.getSecretStorageKey`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoCallbacks.html#getSecretStorageKey) is called (when the secret storage access is needed).
+
+## Set up cross-signing
+
+To set up cross-signing to verify devices and other users, call
+[`CryptoApi.bootstrapCrossSigning`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html#bootstrapCrossSigning):
+
+```javascript
+matrixClient.getCrypto().bootstrapCrossSigning({
+    authUploadDeviceSigningKeys: async (makeRequest) => {
+        return makeRequest(authDict);
+    },
+});
+```
+
+The [`authUploadDeviceSigningKeys`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.BootstrapCrossSigningOpts.html#authUploadDeviceSigningKeys)
+callback is required in order to upload newly-generated public cross-signing keys to the server.
+
+## Key backup
+
+If the user doesn't already have a [key backup](https://spec.matrix.org/v1.12/client-server-api/#server-side-key-backups) you should create one:
+
+```javascript
+// Check if we have a key backup.
+// If checkKeyBackupAndEnable returns null, there is no key backup.
+const hasKeyBackup = (await matrixClient.getCrypto().checkKeyBackupAndEnable()) !== null;
+
+// Create the key backup
+await matrixClient.getCrypto().resetKeyBackup();
+```
+
+## Verify a new device
+
+Once the cross-signing is set up on one of your devices, you can verify another device with two methods:
+
+1. Use `CryptoApi.bootstrapCrossSigning`.
+
+    `bootstrapCrossSigning` will call the [CryptoCallbacks.getSecretStorageKey](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoCallbacks.html#getSecretStorageKey) callback. The device is verified with the private cross-signing keys fetched from the secret storage.
+
+2. Request an interactive verification against existing devices, by calling [CryptoApi.requestOwnUserVerification](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html#requestOwnUserVerification).
+
+## Migrating from the legacy crypto stack to Rust crypto
+
+If your application previously used the legacy crypto stack, (i.e, it called `MatrixClient.initLegacyCrypto()`), you will
+need to migrate existing devices to the Rust crypto stack.
+
+This migration happens automatically when you call `initRustCrypto()` instead of `initLegacyCrypto()`,
+but you need to provide the legacy [`cryptoStore`](https://matrix-org.github.io/matrix-js-sdk/interfaces/matrix.ICreateClientOpts.html#cryptoStore) and [`pickleKey`](https://matrix-org.github.io/matrix-js-sdk/interfaces/matrix.ICreateClientOpts.html#pickleKey) to [`createClient`](https://matrix-org.github.io/matrix-js-sdk/functions/matrix.createClient.html):
+
+```javascript
+// You should provide the legacy crypto store and the pickle key to the matrix client in order to migrate the data.
+const matrixClient = sdk.createClient({
+    cryptoStore: myCryptoStore,
+    pickleKey: myPickleKey,
+    baseUrl: "http://localhost:8008",
+    accessToken: myAccessToken,
+    userId: myUserId,
+});
+
+// The migration will be done automatically when you call `initRustCrypto`.
+await matrixClient.initRustCrypto();
+```
+
+To follow the migration progress, you can listen to the [`CryptoEvent.LegacyCryptoStoreMigrationProgress`](https://matrix-org.github.io/matrix-js-sdk/enums/crypto_api.CryptoEvent.html#LegacyCryptoStoreMigrationProgress) event:
+
+```javascript
+// When progress === total === -1, the migration is finished.
+matrixClient.on(CryptoEvent.LegacyCryptoStoreMigrationProgress, (progress, total) => {
+    ...
+});
+```
+
+The Rust crypto stack is not supported in a lot of deprecated methods of [`MatrixClient`](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html). If you use them, you should migrate to the [`CryptoApi`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html). Also, the legacy `MatrixClient.crypto` object is not available any more: you should use `MatrixClient.getCrypto()` instead.

 # Contributing

@@ -0,0 +1,52 @@
+module.exports = {
+    sourceMaps: true,
+    presets: [
+        [
+            "@babel/preset-env",
+            {
+                targets: {
+                    esmodules: true,
+                },
+                // We want to output ES modules for the final build (mostly to ensure that
+                // async imports work correctly). However, jest doesn't support ES modules very
+                // well yet (see https://github.com/jestjs/jest/issues/9430), so we use commonjs
+                // when testing.
+                modules: process.env.NODE_ENV === "test" ? "commonjs" : false,
+            },
+        ],
+        [
+            "@babel/preset-typescript",
+            {
+                // When using the transpiled javascript in `lib`, Node.js requires `.js` extensions on any `import`
+                // specifiers. However, Jest uses the TS source (via babel) and fails to resolve the `.js` names.
+                // To resolve this,we use the `.ts` names in the source, and rewrite the `import` specifiers to use
+                // `.js` during transpilation, *except* when we are targetting Jest.
+                rewriteImportExtensions: process.env.NODE_ENV !== "test",
+            },
+        ],
+    ],
+    plugins: [
+        "@babel/plugin-transform-numeric-separator",
+        "@babel/plugin-transform-class-properties",
+        "@babel/plugin-transform-object-rest-spread",
+        "@babel/plugin-syntax-dynamic-import",
+        "@babel/plugin-transform-runtime",
+        [
+            "search-and-replace",
+            {
+                // Since rewriteImportExtensions doesn't work on dynamic imports (yet), we need to manually replace
+                // the dynamic rust-crypto import.
+                // (see https://github.com/babel/babel/issues/16750)
+                rules:
+                    process.env.NODE_ENV !== "test"
+                        ? [
+                              {
+                                  search: "./rust-crypto/index.ts",
+                                  replace: "./rust-crypto/index.js",
+                              },
+                          ]
+                        : [],
+            },
+        ],
+    ],
+};
@@ -1,8 +1,8 @@
 # Summary

-   [Introduction](../README.md)
+- [Introduction](../README.md)

 # Deep dive

-   [Storage notes](storage-notes.md)
-   [Unverified devices](warning-on-unverified-devices.md)
+- [Storage notes](storage-notes.md)
+- [Unverified devices](warning-on-unverified-devices.md)
@@ -20,19 +20,19 @@ blurrier.

 When we are low on disk space overall or near the group limit / origin quota:

-   Chrome
-    -   Log database may fail to start with AbortError
-    -   IndexedDB fails to start for crypto: AbortError in connect from
-        indexeddb-store-worker
-    -   When near the quota, QuotaExceededError is used more consistently
-   Firefox
-    -   The first error will be QuotaExceededError
-    -   Future write attempts will fail with various errors when space is low,
-        including nonsense like "InvalidStateError: A mutation operation was
-        attempted on a database that did not allow mutations."
-    -   Once you start getting errors, the DB is effectively wedged in read-only
-        mode
-    -   Can revive access if you reopen the DB
+- Chrome
+    - Log database may fail to start with AbortError
+    - IndexedDB fails to start for crypto: AbortError in connect from
+      indexeddb-store-worker
+    - When near the quota, QuotaExceededError is used more consistently
+- Firefox
+    - The first error will be QuotaExceededError
+    - Future write attempts will fail with various errors when space is low,
+      including nonsense like "InvalidStateError: A mutation operation was
+      attempted on a database that did not allow mutations."
+    - Once you start getting errors, the DB is effectively wedged in read-only
+      mode
+    - Can revive access if you reopen the DB

 ## Cache Eviction

@@ -41,9 +41,9 @@ limited by a single quota, in practice, browsers appear to handle `localStorage`
 separately from the others, so it has a separate quota limit and isn't evicted
 when low on space.

-   Chrome, Firefox
-    -   IndexedDB for origin deleted
-    -   Local Storage remains in place
+- Chrome, Firefox
+    - IndexedDB for origin deleted
+    - Local Storage remains in place

 ## Persistent Storage

@@ -51,20 +51,20 @@ Storage Standard offers a `navigator.storage.persist` API that can be used to
 request persistent storage that won't be deleted by the browser because of low
 space.

-   Chrome
-    -   Chrome 75 seems to grant this without any prompt based on [interaction
-        criteria](https://developers.google.com/web/updates/2016/06/persistent-storage)
-   Firefox
-    -   Firefox 67 shows a prompt to grant
-    -   Reverting persistent seems to require revoking permission _and_ clearing
-        site data
+- Chrome
+    - Chrome 75 seems to grant this without any prompt based on [interaction
+      criteria](https://developers.google.com/web/updates/2016/06/persistent-storage)
+- Firefox
+    - Firefox 67 shows a prompt to grant
+    - Reverting persistent seems to require revoking permission _and_ clearing
+      site data

 ## Storage Estimation

 Storage Standard offers a `navigator.storage.estimate` API to get some clue of
 how much space remains.

-   Chrome, Firefox
-    -   Can run this at any time to request an estimate of space remaining
-   Firefox
-    -   Returns `0` for `usage` if a site is persisted
+- Chrome, Firefox
+    - Can run this at any time to request an estimate of space remaining
+- Firefox
+    - Returns `0` for `usage` if a site is persisted
@@ -17,13 +17,13 @@ Warn when you initial sync if the room has any new undefined devices since you w

 Warn when the user tries to send a message:

-   If the room has unverified devices which the user has not yet been told about in the context of this room
-    ...or in the context of this user? currently all verification is per-user, not per-room.
-    ...this should be good enough.
+- If the room has unverified devices which the user has not yet been told about in the context of this room
+  ...or in the context of this user? currently all verification is per-user, not per-room.
+  ...this should be good enough.

-   so track whether we have warned the user or not about unverified devices - blocked, unverified, verified, unverified_warned.
-    throw an error when trying to encrypt if there are pure unverified devices there
-    app will have to search for the devices which are pure unverified to warn about them - have to do this from MembersList anyway?
-    -   or megolm could warn which devices are causing the problems.
+- so track whether we have warned the user or not about unverified devices - blocked, unverified, verified, unverified_warned.
+  throw an error when trying to encrypt if there are pure unverified devices there
+  app will have to search for the devices which are pure unverified to warn about them - have to do this from MembersList anyway?
+    - or megolm could warn which devices are causing the problems.

 Why do we wait to establish outbound sessions? It just makes a horrible pause when we first try to send a message... but could otherwise unnecessarily consume resources?
@@ -1,9 +1,15 @@
+import clc from "cli-color";
+import fs from "fs";
+import readline from "readline";
+import sdk, { ClientEvent, EventType, MsgType, RoomEvent } from "matrix-js-sdk";
+import { KnownMembership } from "matrix-js-sdk/lib/@types/membership.js";
+
+var myHomeServer = "http://localhost:8008";
 var myUserId = "@example:localhost";
 var myAccessToken = "QGV4YW1wbGU6bG9jYWxob3N0.qPEvLuYfNBjxikiCjP";
-var sdk = require("matrix-js-sdk");
-var clc = require("cli-color");
+
 var matrixClient = sdk.createClient({
-    baseUrl: "http://localhost:8008",
+    baseUrl: myHomeServer,
    accessToken: myAccessToken,
    userId: myUserId,
 });
@@ -15,7 +21,6 @@ var numMessagesToShow = 20;

 // Reading from stdin
 var CLEAR_CONSOLE = "\x1B[2J";
-var readline = require("readline");
 var rl = readline.createInterface({
    input: process.stdin,
    output: process.stdout,
@@ -89,20 +94,14 @@ rl.on("line", function (line) {
            );
        } else if (line.indexOf("/file ") === 0) {
            var filename = line.split(" ")[1].trim();
-            var stream = fs.createReadStream(filename);
-            matrixClient
-                .uploadContent({
-                    stream: stream,
-                    name: filename,
-                })
-                .then(function (url) {
-                    var content = {
-                        msgtype: "m.file",
-                        body: filename,
-                        url: JSON.parse(url).content_uri,
-                    };
-                    matrixClient.sendMessage(viewingRoom.roomId, content);
+            let buffer = fs.readFileSync("./your_file_name");
+            matrixClient.uploadContent(new Blob([buffer])).then(function (response) {
+                matrixClient.sendMessage(viewingRoom.roomId, {
+                    msgtype: MsgType.File,
+                    body: filename,
+                    url: response.content_uri,
                });
+            });
        } else {
            matrixClient.sendTextMessage(viewingRoom.roomId, line).finally(function () {
                printMessages();
@@ -138,7 +137,7 @@ rl.on("line", function (line) {
 // ==== END User input

 // show the room list after syncing.
-matrixClient.on("sync", function (state, prevState, data) {
+matrixClient.on(ClientEvent.Sync, function (state, prevState, data) {
    switch (state) {
        case "PREPARED":
            setRoomList();
@@ -149,7 +148,7 @@ matrixClient.on("sync", function (state, prevState, data) {
    }
 });

-matrixClient.on("Room", function () {
+matrixClient.on(ClientEvent.Room, function () {
    setRoomList();
    if (!viewingRoom) {
        printRoomList();
@@ -158,11 +157,11 @@ matrixClient.on("Room", function () {
 });

 // print incoming messages.
-matrixClient.on("Room.timeline", function (event, room, toStartOfTimeline) {
+matrixClient.on(RoomEvent.Timeline, function (event, room, toStartOfTimeline) {
    if (toStartOfTimeline) {
        return; // don't print paginated results
    }
-    if (!viewingRoom || viewingRoom.roomId !== room.roomId) {
+    if (!viewingRoom || viewingRoom.roomId !== room?.roomId) {
        return; // not viewing a room or viewing the wrong room.
    }
    printLine(event);
@@ -305,7 +304,7 @@ function printRoomInfo(room) {
    print(eTypeHeader + sendHeader + contentHeader);
    print(new Array(100).join("-"));
    eventMap.keys().forEach(function (eventType) {
-        if (eventType === "m.room.member") {
+        if (eventType === EventType.RoomMember) {
            return;
        } // use /members instead.
        var eventEventMap = eventMap.get(eventType);
@@ -343,7 +342,7 @@ function printLine(event) {
        name = name.slice(0, maxNameWidth - 1) + "\u2026";
    }

-    if (event.getType() === "m.room.message") {
+    if (event.getType() === EventType.RoomMessage) {
        body = event.getContent().body;
    } else if (event.isState()) {
        var stateName = event.getType();
@@ -381,7 +380,7 @@ function print(str, formatter) {
        }
        console.log.apply(console.log, newArgs);
    } else {
-        console.log.apply(console.log, arguments);
+        console.log.apply(console.log, [...arguments]);
    }
 }

@@ -394,4 +393,4 @@ function fixWidth(str, len) {
    return str;
 }

-matrixClient.startClient(numMessagesToShow); // messages for each room.
+matrixClient.startClient({ initialSyncLimit: numMessagesToShow });
@@ -3,12 +3,18 @@
    "version": "0.0.0",
    "description": "",
    "main": "app.js",
-    "scripts": {
-        "preinstall": "npm install ../.."
-    },
    "author": "",
    "license": "Apache 2.0",
+    "type": "module",
    "dependencies": {
-        "cli-color": "^1.0.0"
+        "cli-color": "^1.0.0",
+        "matrix-js-sdk": "^34.5.0"
+    },
+    "devDependencies": {
+        "@types/cli-color": "^2.0.6",
+        "typescript": "^5.6.2"
+    },
+    "engines": {
+        "node": ">=20.0.0"
    }
 }
@@ -0,0 +1,14 @@
+{
+    "compilerOptions": {
+        "target": "es2022",
+        "module": "commonjs",
+        "esModuleInterop": true,
+        "noImplicitAny": false,
+        "noEmit": true,
+        "skipLibCheck": true,
+        "allowJs": true,
+        "checkJs": true,
+        "strict": true
+    },
+    "include": ["app.js"]
+}
@@ -39,7 +39,7 @@ if (env["GITHUB_ACTIONS"] !== undefined) {

    // if we're running against the develop branch, also enable the slow test reporter
    if (env["GITHUB_REF"] == "refs/heads/develop") {
-        reporters.push("<rootDir>/spec/slowReporter.js");
+        reporters.push("<rootDir>/spec/slowReporter.cjs");
    }
    config.reporters = reporters;
 }
@@ -6,11 +6,21 @@ export default {
        "src/types.ts",
        "src/browser-index.ts",
        "src/indexeddb-worker.ts",
+        "src/crypto-api/index.ts",
+        "src/testing.ts",
+        "src/matrix.ts",
        "scripts/**",
        "spec/**",
-        "release.sh",
-        // For now, we include all source files as entrypoints as we have been bad about gutwrenched imports
-        "src/**",
+        // XXX: these look entirely unused
+        "src/crypto/aes.ts",
+        "src/crypto/crypto.ts",
+        "src/crypto/recoverykey.ts",
+        // XXX: these should be re-exported by one of the supported exports
+        "src/matrixrtc/index.ts",
+        "src/sliding-sync.ts",
+        "src/webrtc/groupCall.ts",
+        "src/webrtc/stats/media/mediaTrackStats.ts",
+        "src/rendezvous/RendezvousChannel.ts",
    ],
    project: ["**/*.{js,ts}"],
    ignore: ["examples/**"],
@@ -33,4 +43,6 @@ export default {
        "dist",
    ],
    ignoreExportsUsedInFile: true,
+    includeEntryExports: false,
+    exclude: ["enumMembers"],
 } satisfies KnipConfig;
@@ -1,9 +1,9 @@
 {
    "name": "matrix-js-sdk",
-    "version": "32.2.0",
+    "version": "36.2.0",
    "description": "Matrix Client-Server SDK for Javascript",
    "engines": {
-        "node": ">=18.0.0"
+        "node": ">=20.0.0"
    },
    "scripts": {
        "prepack": "yarn build",
@@ -31,13 +31,10 @@
    "keywords": [
        "matrix-org"
    ],
+    "type": "module",
    "main": "./lib/index.js",
    "browser": "./lib/browser-index.js",
-    "matrix_src_main": "./src/index.ts",
-    "matrix_src_browser": "./src/browser-index.ts",
-    "matrix_lib_main": "./lib/index.js",
-    "matrix_lib_browser": "./lib/browser-index.js",
-    "matrix_lib_typings": "./lib/index.d.ts",
+    "typings": "./lib/index.d.ts",
    "author": "matrix.org",
    "license": "Apache-2.0",
    "files": [
@@ -53,19 +50,20 @@
    ],
    "dependencies": {
        "@babel/runtime": "^7.12.5",
-        "@matrix-org/matrix-sdk-crypto-wasm": "^4.9.0",
+        "@matrix-org/matrix-sdk-crypto-wasm": "^13.0.0",
+        "@matrix-org/olm": "3.2.15",
        "another-json": "^0.2.0",
-        "bs58": "^5.0.0",
+        "bs58": "^6.0.0",
        "content-type": "^1.0.4",
        "jwt-decode": "^4.0.0",
        "loglevel": "^1.7.1",
        "matrix-events-sdk": "0.0.1",
-        "matrix-widget-api": "^1.6.0",
+        "matrix-widget-api": "^1.10.0",
        "oidc-client-ts": "^3.0.1",
        "p-retry": "4",
        "sdp-transform": "^2.14.1",
        "unhomoglyph": "^1.0.6",
-        "uuid": "9"
+        "uuid": "11"
    },
    "devDependencies": {
        "@action-validator/cli": "^0.6.0",
@@ -74,41 +72,41 @@
        "@babel/core": "^7.12.10",
        "@babel/eslint-parser": "^7.12.10",
        "@babel/eslint-plugin": "^7.12.10",
-        "@babel/plugin-proposal-class-properties": "^7.12.1",
-        "@babel/plugin-proposal-numeric-separator": "^7.12.7",
-        "@babel/plugin-proposal-object-rest-spread": "^7.12.1",
        "@babel/plugin-syntax-dynamic-import": "^7.8.3",
+        "@babel/plugin-transform-class-properties": "^7.12.1",
+        "@babel/plugin-transform-numeric-separator": "^7.12.7",
+        "@babel/plugin-transform-object-rest-spread": "^7.12.1",
        "@babel/plugin-transform-runtime": "^7.12.10",
        "@babel/preset-env": "^7.12.11",
        "@babel/preset-typescript": "^7.12.7",
        "@casualbot/jest-sonar-reporter": "2.2.7",
-        "@matrix-org/olm": "3.2.15",
        "@peculiar/webcrypto": "^1.4.5",
+        "@stylistic/eslint-plugin": "^2.9.0",
        "@types/bs58": "^4.0.1",
        "@types/content-type": "^1.1.5",
        "@types/debug": "^4.1.7",
-        "@types/domexception": "^4.0.0",
        "@types/jest": "^29.0.0",
        "@types/node": "18",
        "@types/sdp-transform": "^2.4.5",
-        "@types/uuid": "9",
-        "@typescript-eslint/eslint-plugin": "^7.0.0",
-        "@typescript-eslint/parser": "^7.0.0",
+        "@types/uuid": "10",
+        "@typescript-eslint/eslint-plugin": "^8.0.0",
+        "@typescript-eslint/parser": "^8.0.0",
        "babel-jest": "^29.0.0",
+        "babel-plugin-search-and-replace": "^1.1.1",
        "debug": "^4.3.4",
-        "domexception": "^4.0.0",
-        "eslint": "8.57.0",
+        "eslint": "8.57.1",
        "eslint-config-google": "^0.14.0",
        "eslint-config-prettier": "^9.0.0",
        "eslint-import-resolver-typescript": "^3.5.1",
        "eslint-plugin-import": "^2.26.0",
        "eslint-plugin-jest": "^28.0.0",
-        "eslint-plugin-jsdoc": "^48.0.0",
-        "eslint-plugin-matrix-org": "^1.0.0",
-        "eslint-plugin-tsdoc": "^0.2.17",
-        "eslint-plugin-unicorn": "^52.0.0",
+        "eslint-plugin-jsdoc": "^50.0.0",
+        "eslint-plugin-matrix-org": "^2.0.1",
+        "eslint-plugin-n": "^14.0.0",
+        "eslint-plugin-tsdoc": "^0.4.0",
+        "eslint-plugin-unicorn": "^56.0.0",
        "fake-indexeddb": "^5.0.2",
-        "fetch-mock": "9.11.0",
+        "fetch-mock": "11.1.5",
        "fetch-mock-jest": "^1.5.1",
        "husky": "^9.0.0",
        "jest": "^29.0.0",
@@ -119,19 +117,18 @@
        "lint-staged": "^15.0.2",
        "matrix-mock-request": "^2.5.0",
        "node-fetch": "^2.7.0",
-        "prettier": "3.2.5",
-        "rimraf": "^5.0.0",
+        "prettier": "3.4.2",
+        "rimraf": "^6.0.0",
        "ts-node": "^10.9.2",
-        "typedoc": "^0.25.10",
+        "typedoc": "^0.27.0",
        "typedoc-plugin-coverage": "^3.0.0",
-        "typedoc-plugin-mdn-links": "^3.0.3",
-        "typedoc-plugin-missing-exports": "^2.0.0",
-        "typescript": "^5.3.3"
+        "typedoc-plugin-mdn-links": "^4.0.0",
+        "typedoc-plugin-missing-exports": "^3.0.0",
+        "typescript": "^5.4.2"
    },
    "@casualbot/jest-sonar-reporter": {
        "outputDirectory": "coverage",
        "outputName": "jest-sonar-report.xml",
        "relativePaths": true
-    },
-    "typings": "./lib/index.d.ts"
+    }
 }
@@ -112,7 +112,14 @@ const main = async ({ github, releaseId, dependencies }) => {
    const { GITHUB_REPOSITORY } = process.env;
    const [owner, repo] = GITHUB_REPOSITORY.split("/");

+    const { data: release } = await github.rest.repos.getRelease({
+        owner,
+        repo,
+        release_id: releaseId,
+    });
+
    const sections = Object.fromEntries(categories.map((cat) => [cat, []]));
+    parseReleaseNotes(release.body, sections);
    for (const dependency of dependencies) {
        const releases = await getReleases(github, dependency);
        for (const release of releases) {
@@ -120,12 +127,6 @@ const main = async ({ github, releaseId, dependencies }) => {
        }
    }

-    const { data: release } = await github.rest.repos.getRelease({
-        owner,
-        repo,
-        release_id: releaseId,
-    });
-
    const intro = release.body.split(HEADING_PREFIX, 2)[0].trim();

    let output = "";
@@ -1,22 +0,0 @@
-#!/bin/bash
-
-# When merging to develop, we need revert the `main` and `typings` fields if we adjusted them previously.
-for i in main typings browser
-do
-    # If a `lib` prefixed value is present, it means we adjusted the field earlier at publish time, so we should revert it now.
-    if [ "$(jq -r ".matrix_lib_$i" package.json)" != "null" ]; then
-        # If there's a `src` prefixed value, use that, otherwise delete.
-        # This is used to delete the `typings` field and reset `main` back to the TypeScript source.
-        src_value=$(jq -r ".matrix_src_$i" package.json)
-        if [ "$src_value" != "null" ]; then
-            jq ".$i = .matrix_src_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-        else
-            jq "del(.$i)" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-        fi
-    fi
-done
-
-if [ -n "$(git ls-files --modified package.json)" ]; then
-    echo "Committing develop package.json"
-    git commit package.json -m "Resetting package fields for development"
-fi
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-# For the published and dist versions of the package,
-# we copy the `matrix_lib_main` and `matrix_lib_typings` fields to `main` and `typings` (if they exist).
-# This small bit of gymnastics allows us to use the TypeScript source directly for development without
-# needing to build before linting or testing.
-
-for i in main typings browser
-do
-    lib_value=$(jq -r ".matrix_lib_$i" package.json)
-    if [ "$lib_value" != "null" ]; then
-        jq ".$i = .matrix_lib_$i" package.json > package.json.new && mv package.json.new package.json && yarn prettier --write package.json
-    fi
-done
@@ -1,17 +0,0 @@
-#!/usr/bin/env node
-
-const fsProm = require("fs/promises");
-
-const PKGJSON = "package.json";
-
-async function main() {
-    const pkgJson = JSON.parse(await fsProm.readFile(PKGJSON, "utf8"));
-    for (const field of ["main", "typings"]) {
-        if (pkgJson["matrix_lib_" + field] !== undefined) {
-            pkgJson[field] = pkgJson["matrix_lib_" + field];
-        }
-    }
-    await fsProm.writeFile(PKGJSON, JSON.stringify(pkgJson, null, 2));
-}
-
-main();
@@ -66,7 +66,7 @@ export class TestClient implements IE2EKeyReceiver, ISyncResponder {
            userId: userId,
            accessToken: accessToken,
            deviceId: deviceId,
-            fetchFn: this.httpBackend.fetchFn as typeof global.fetch,
+            fetchFn: this.httpBackend.fetchFn as typeof globalThis.fetch,
            ...options,
        };
        if (!fullOptions.cryptoStore) {
@@ -21,7 +21,7 @@ import { IDBFactory } from "fake-indexeddb";
 import { CRYPTO_BACKENDS, InitCrypto, syncPromise } from "../../test-utils/test-utils";
 import { AuthDict, createClient, CryptoEvent, MatrixClient } from "../../../src";
 import { mockInitialApiRequests, mockSetupCrossSigningRequests } from "../../test-utils/mockEndpoints";
-import { encryptAES } from "../../../src/crypto/aes";
+import encryptAESSecretStorageItem from "../../../src/utils/encryptAESSecretStorageItem.ts";
 import { CryptoCallbacks, CrossSigningKey } from "../../../src/crypto-api";
 import { SECRET_STORAGE_ALGORITHM_V1_AES } from "../../../src/secret-storage";
 import { ISyncResponder, SyncResponder } from "../../test-utils/SyncResponder";
@@ -169,17 +169,17 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
            mockInitialApiRequests(aliceClient.getHomeserverUrl());

            // Encrypt the private keys and return them in the /sync response as if they are in Secret Storage
-            const masterKey = await encryptAES(
+            const masterKey = await encryptAESSecretStorageItem(
                MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
                encryptionKey,
                "m.cross_signing.master",
            );
-            const selfSigningKey = await encryptAES(
+            const selfSigningKey = await encryptAESSecretStorageItem(
                SELF_CROSS_SIGNING_PRIVATE_KEY_BASE64,
                encryptionKey,
                "m.cross_signing.self_signing",
            );
-            const userSigningKey = await encryptAES(
+            const userSigningKey = await encryptAESSecretStorageItem(
                USER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
                encryptionKey,
                "m.cross_signing.user_signing",
@@ -19,7 +19,7 @@ import anotherjson from "another-json";
 import fetchMock from "fetch-mock-jest";
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
-import { MockResponse, MockResponseFunction } from "fetch-mock";
+import FetchMock from "fetch-mock";
 import Olm from "@matrix-org/olm";

 import * as testUtils from "../../test-utils/test-utils";
@@ -83,12 +83,14 @@ import {
    CrossSigningKey,
    CryptoCallbacks,
    DecryptionFailureCode,
+    DeviceIsolationMode,
    EventShieldColour,
    EventShieldReason,
    KeyBackupInfo,
+    AllDevicesIsolationMode,
+    OnlySignedDevicesIsolationMode,
 } from "../../../src/crypto-api";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
-import { IKeyBackup } from "../../../src/crypto/backup";
 import {
    createOlmAccount,
    createOlmSession,
@@ -103,6 +105,7 @@ import { ToDevicePayload } from "../../../src/models/ToDeviceMessage";
 import { AccountDataAccumulator } from "../../test-utils/AccountDataAccumulator";
 import { UNSIGNED_MEMBERSHIP_FIELD } from "../../../src/@types/event";
 import { KnownMembership } from "../../../src/@types/membership";
+import { KeyBackup } from "../../../src/rust-crypto/backup.ts";

 afterEach(() => {
    // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -133,7 +136,7 @@ async function expectSendRoomKey(
    recipientOlmAccount: Olm.Account,
    recipientOlmSession: Olm.Session | null = null,
 ): Promise<Olm.InboundGroupSession> {
-    const Olm = global.Olm;
+    const Olm = globalThis.Olm;
    const testRecipientKey = JSON.parse(recipientOlmAccount.identity_keys())["curve25519"];

    function onSendRoomKey(content: any): Olm.InboundGroupSession {
@@ -157,7 +160,7 @@ async function expectSendRoomKey(
    return await new Promise<Olm.InboundGroupSession>((resolve) => {
        fetchMock.putOnce(
            new RegExp("/sendToDevice/m.room.encrypted/"),
-            (url: string, opts: RequestInit): MockResponse => {
+            (url: string, opts: RequestInit): FetchMock.MockResponse => {
                const content = JSON.parse(opts.body as string);
                resolve(onSendRoomKey(content));
                return {};
@@ -216,7 +219,7 @@ async function expectSendMegolmMessage(
 }

 describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string, initCrypto: InitCrypto) => {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        // currently we use libolm to implement the crypto in the tests, so need it to be present.
        logger.warn("not running megolm tests: Olm not present");
        return;
@@ -227,7 +230,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
    const oldBackendOnly = backend === "rust-sdk" ? test.skip : test;
    const newBackendOnly = backend !== "rust-sdk" ? test.skip : test;

-    const Olm = global.Olm;
+    const Olm = globalThis.Olm;

    let testOlmAccount = {} as unknown as Olm.Account;
    let testSenderKey = "";
@@ -291,7 +294,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
     * @param response - the response to return from the request. Normally an {@link IClaimOTKsResult}
     *   (or a function that returns one).
     */
-    function expectAliceKeyClaim(response: MockResponse | MockResponseFunction) {
+    function expectAliceKeyClaim(response: FetchMock.MockResponse | FetchMock.MockResponseFunction) {
        const rootRegexp = escapeRegExp(new URL("/_matrix/client/", aliceClient.getHomeserverUrl()).toString());
        fetchMock.postOnce(new RegExp(rootRegexp + "(r0|v3)/keys/claim"), response);
    }
@@ -630,6 +633,27 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                expect(ev.decryptionFailureReason).toEqual(DecryptionFailureCode.HISTORICAL_MESSAGE_USER_NOT_JOINED);
            });

+            newBackendOnly(
+                "fails with NOT_JOINED if user is not member of room (MSC4115 unstable prefix)",
+                async () => {
+                    fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+                        status: 404,
+                        body: { errcode: "M_NOT_FOUND", error: "No current backup version." },
+                    });
+                    expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+                    await startClientAndAwaitFirstSync();
+
+                    const ev = await sendEventAndAwaitDecryption({
+                        unsigned: {
+                            [UNSIGNED_MEMBERSHIP_FIELD.altName!]: "leave",
+                        },
+                    });
+                    expect(ev.decryptionFailureReason).toEqual(
+                        DecryptionFailureCode.HISTORICAL_MESSAGE_USER_NOT_JOINED,
+                    );
+                },
+            );
+
            newBackendOnly(
                "fails with another error when the server reports user was a member of the room",
                async () => {
@@ -654,6 +678,30 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                },
            );

+            newBackendOnly(
+                "fails with another error when the server reports user was a member of the room (MSC4115 unstable prefix)",
+                async () => {
+                    // This tests that when the server reports that the user
+                    // was invited at the time the event was sent, then we
+                    // don't get a HISTORICAL_MESSAGE_USER_NOT_JOINED error,
+                    // and instead get some other error, since the user should
+                    // have gotten the key for the event.
+                    fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+                        status: 404,
+                        body: { errcode: "M_NOT_FOUND", error: "No current backup version." },
+                    });
+                    expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+                    await startClientAndAwaitFirstSync();
+
+                    const ev = await sendEventAndAwaitDecryption({
+                        unsigned: {
+                            [UNSIGNED_MEMBERSHIP_FIELD.altName!]: "invite",
+                        },
+                    });
+                    expect(ev.decryptionFailureReason).toEqual(DecryptionFailureCode.HISTORICAL_MESSAGE_NO_KEY_BACKUP);
+                },
+            );
+
            newBackendOnly(
                "fails with another error when the server reports user was a member of the room",
                async () => {
@@ -676,6 +724,118 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                    expect(ev.decryptionFailureReason).toEqual(DecryptionFailureCode.HISTORICAL_MESSAGE_NO_KEY_BACKUP);
                },
            );
+
+            newBackendOnly(
+                "fails with another error when the server reports user was a member of the room (MSC4115 unstable prefix)",
+                async () => {
+                    // This tests that when the server reports the user's
+                    // membership, and reports that the user was joined, then we
+                    // don't get a HISTORICAL_MESSAGE_USER_NOT_JOINED error, and
+                    // instead get some other error.
+                    fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+                        status: 404,
+                        body: { errcode: "M_NOT_FOUND", error: "No current backup version." },
+                    });
+                    expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+                    await startClientAndAwaitFirstSync();
+
+                    const ev = await sendEventAndAwaitDecryption({
+                        unsigned: {
+                            [UNSIGNED_MEMBERSHIP_FIELD.altName!]: "join",
+                        },
+                    });
+                    expect(ev.decryptionFailureReason).toEqual(DecryptionFailureCode.HISTORICAL_MESSAGE_NO_KEY_BACKUP);
+                },
+            );
+        });
+
+        describe("IsolationMode decryption tests", () => {
+            newBackendOnly(
+                "OnlySigned mode - fails with an error when cross-signed sender is required but sender is not cross-signed",
+                async () => {
+                    const decryptedEvent = await setUpTestAndDecrypt(new OnlySignedDevicesIsolationMode());
+
+                    // It will error as an unknown device because we haven't fetched
+                    // the sender's device keys.
+                    expect(decryptedEvent.isDecryptionFailure()).toBe(true);
+                    expect(decryptedEvent.decryptionFailureReason).toEqual(DecryptionFailureCode.UNKNOWN_SENDER_DEVICE);
+                },
+            );
+
+            newBackendOnly(
+                "NoIsolation mode - Decrypts with warning when cross-signed sender is required but sender is not cross-signed",
+                async () => {
+                    const decryptedEvent = await setUpTestAndDecrypt(new AllDevicesIsolationMode(false));
+
+                    expect(decryptedEvent.isDecryptionFailure()).toBe(false);
+
+                    expect(await aliceClient.getCrypto()!.getEncryptionInfoForEvent(decryptedEvent)).toEqual({
+                        shieldColour: EventShieldColour.RED,
+                        shieldReason: EventShieldReason.UNKNOWN_DEVICE,
+                    });
+                },
+            );
+
+            async function setUpTestAndDecrypt(isolationMode: DeviceIsolationMode): Promise<MatrixEvent> {
+                // This tests that a message will not be decrypted if the sender
+                // is not sufficiently trusted according to the selected crypto
+                // mode.
+                //
+                // This test is almost the same as the "Alice receives a megolm
+                // message" test, with the main difference that we set the
+                // crypto mode.
+                expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+
+                // Start by using Invisible crypto mode
+                aliceClient.getCrypto()!.setDeviceIsolationMode(isolationMode);
+
+                await startClientAndAwaitFirstSync();
+
+                const p2pSession = await createOlmSession(testOlmAccount, keyReceiver);
+                const groupSession = new Olm.OutboundGroupSession();
+                groupSession.create();
+
+                // make the room_key event
+                const roomKeyEncrypted = encryptGroupSessionKey({
+                    recipient: aliceClient.getUserId()!,
+                    recipientCurve25519Key: keyReceiver.getDeviceKey(),
+                    recipientEd25519Key: keyReceiver.getSigningKey(),
+                    olmAccount: testOlmAccount,
+                    p2pSession: p2pSession,
+                    groupSession: groupSession,
+                    room_id: ROOM_ID,
+                });
+
+                // encrypt a message with the group session
+                const messageEncrypted = encryptMegolmEvent({
+                    senderKey: testSenderKey,
+                    groupSession: groupSession,
+                    room_id: ROOM_ID,
+                });
+
+                // Alice gets both the events in a single sync
+                const syncResponse = {
+                    next_batch: 1,
+                    to_device: {
+                        events: [roomKeyEncrypted],
+                    },
+                    rooms: {
+                        join: {
+                            [ROOM_ID]: { timeline: { events: [messageEncrypted] } },
+                        },
+                    },
+                };
+
+                syncResponder.sendOrQueueSyncResponse(syncResponse);
+                await syncPromise(aliceClient);
+
+                const room = aliceClient.getRoom(ROOM_ID)!;
+                const event = room.getLiveTimeline().getEvents()[0];
+                expect(event.isEncrypted()).toBe(true);
+
+                // it probably won't be decrypted yet, because it takes a while to process the olm keys
+                return await testUtils.awaitDecryption(event);
+            }
        });

        it("Decryption fails with Unable to decrypt for other errors", async () => {
@@ -1167,7 +1327,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,

            const syncResponse = getSyncResponse(["@bob:xyz"]);
            // Every 2 messages in the room, the session should be rotated
-            syncResponse.rooms[Category.Join][ROOM_ID].state.events[0].content = {
+            syncResponse.rooms[Category.Join][ROOM_ID].state!.events[0].content = {
                algorithm: "m.megolm.v1.aes-sha2",
                rotation_period_msgs: 2,
            };
@@ -1223,7 +1383,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
            const oneHourInMs = 60 * 60 * 1000;

            // Every 1h the session should be rotated
-            syncResponse.rooms[Category.Join][ROOM_ID].state.events[0].content = {
+            syncResponse.rooms[Category.Join][ROOM_ID].state!.events[0].content = {
                algorithm: "m.megolm.v1.aes-sha2",
                rotation_period_ms: oneHourInMs,
            };
@@ -1351,7 +1511,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,

        fetchMock.putOnce(
            { url: new RegExp("/send/"), name: "send-event" },
-            (url: string, opts: RequestInit): MockResponse => {
+            (url: string, opts: RequestInit): FetchMock.MockResponse => {
                const content = JSON.parse(opts.body as string);
                logger.log("/send:", content);
                // make sure that a new session is used
@@ -1416,7 +1576,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,

        // mark the device as known, and resend.
        aliceClient.setDeviceKnown(aliceClient.getUserId()!, "DEVICE_ID");
-        expectAliceKeyClaim((url: string, opts: RequestInit): MockResponse => {
+        expectAliceKeyClaim((url: string, opts: RequestInit): FetchMock.MockResponse => {
            const content = JSON.parse(opts.body as string);
            expect(content.one_time_keys[aliceClient.getUserId()!].DEVICE_ID).toEqual("signed_curve25519");
            return getTestKeysClaimResponse(aliceClient.getUserId()!);
@@ -1581,7 +1741,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
            groupSession: groupSession,
            room_id: ROOM_ID,
        });
-        await testClient.client.initCrypto();
+        await testClient.client.initLegacyCrypto();
        const keys = [
            {
                room_id: ROOM_ID,
@@ -1693,7 +1853,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,

    oldBackendOnly("Alice receives shared history before being invited to a room by the sharer", async () => {
        const beccaTestClient = new TestClient("@becca:localhost", "foobar", "bazquux");
-        await beccaTestClient.client.initCrypto();
+        await beccaTestClient.client.initLegacyCrypto();

        expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
        await startClientAndAwaitFirstSync();
@@ -1737,13 +1897,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
        const aliceOtks = await keyReceiver.awaitOneTimeKeyUpload();
        const aliceOtkId = Object.keys(aliceOtks)[0];
        const aliceOtk = aliceOtks[aliceOtkId];
-        const p2pSession = new global.Olm.Session();
+        const p2pSession = new globalThis.Olm.Session();
        await beccaTestClient.client.crypto!.cryptoStore.doTxn(
            "readonly",
            [IndexedDBCryptoStore.STORE_ACCOUNT],
            (txn) => {
                beccaTestClient.client.crypto!.cryptoStore.getAccount(txn, (pickledAccount: string | null) => {
-                    const account = new global.Olm.Account();
+                    const account = new globalThis.Olm.Account();
                    try {
                        account.unpickle(beccaTestClient.client.crypto!.olmDevice.pickleKey, pickledAccount!);
                        p2pSession.create_outbound(account, keyReceiver.getDeviceKey(), aliceOtk.key);
@@ -1847,7 +2007,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,

    oldBackendOnly("Alice receives shared history before being invited to a room by someone else", async () => {
        const beccaTestClient = new TestClient("@becca:localhost", "foobar", "bazquux");
-        await beccaTestClient.client.initCrypto();
+        await beccaTestClient.client.initLegacyCrypto();

        expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
        await startClientAndAwaitFirstSync();
@@ -1885,13 +2045,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
        const aliceOtks = await keyReceiver.awaitOneTimeKeyUpload();
        const aliceOtkId = Object.keys(aliceOtks)[0];
        const aliceOtk = aliceOtks[aliceOtkId];
-        const p2pSession = new global.Olm.Session();
+        const p2pSession = new globalThis.Olm.Session();
        await beccaTestClient.client.crypto!.cryptoStore.doTxn(
            "readonly",
            [IndexedDBCryptoStore.STORE_ACCOUNT],
            (txn) => {
                beccaTestClient.client.crypto!.cryptoStore.getAccount(txn, (pickledAccount: string | null) => {
-                    const account = new global.Olm.Account();
+                    const account = new globalThis.Olm.Account();
                    try {
                        account.unpickle(beccaTestClient.client.crypto!.olmDevice.pickleKey, pickledAccount!);
                        p2pSession.create_outbound(account, keyReceiver.getDeviceKey(), aliceOtk.key);
@@ -2112,11 +2272,11 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
            const inboundGroupSessionPromise = expectSendRoomKey("@bob:xyz", testOlmAccount);

            // ... and finally, send the room key. We block the response until `sendRoomMessageDefer` completes.
-            const sendRoomMessageDefer = defer<MockResponse>();
+            const sendRoomMessageDefer = defer<FetchMock.MockResponse>();
            const reqProm = new Promise<IContent>((resolve) => {
                fetchMock.putOnce(
                    new RegExp("/send/m.room.encrypted/"),
-                    async (url: string, opts: RequestInit): Promise<MockResponse> => {
+                    async (url: string, opts: RequestInit): Promise<FetchMock.MockResponse> => {
                        resolve(JSON.parse(opts.body as string));
                        return await sendRoomMessageDefer.promise;
                    },
@@ -2265,8 +2425,84 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
    });

    describe("m.room_key.withheld handling", () => {
-        // TODO: there are a bunch more tests for this sort of thing in spec/unit/crypto/algorithms/megolm.spec.ts.
-        //   They should be converted to integ tests and moved.
+        describe.each([
+            ["m.blacklisted", "The sender has blocked you.", DecryptionFailureCode.MEGOLM_KEY_WITHHELD],
+            [
+                "m.unverified",
+                "The sender has disabled encrypting to unverified devices.",
+                DecryptionFailureCode.MEGOLM_KEY_WITHHELD_FOR_UNVERIFIED_DEVICE,
+            ],
+        ])(
+            "Decryption fails with withheld error if a withheld notice with code '%s' is received",
+            (withheldCode, expectedMessage, expectedErrorCode) => {
+                it.each(["before", "after"])("%s the event", async (when) => {
+                    expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+                    await startClientAndAwaitFirstSync();
+
+                    // A promise which resolves, with the MatrixEvent which wraps the event, once the decryption fails.
+                    let awaitDecryption = emitPromise(aliceClient, MatrixEventEvent.Decrypted);
+
+                    // Send Alice an encrypted room event which looks like it was encrypted with a megolm session
+                    async function sendEncryptedEvent() {
+                        const event = {
+                            ...testData.ENCRYPTED_EVENT,
+                            origin_server_ts: Date.now(),
+                        };
+                        const syncResponse = {
+                            next_batch: 1,
+                            rooms: { join: { [ROOM_ID]: { timeline: { events: [event] } } } },
+                        };
+
+                        syncResponder.sendOrQueueSyncResponse(syncResponse);
+                        await syncPromise(aliceClient);
+                    }
+
+                    // Send Alice a withheld notice
+                    async function sendWithheldMessage() {
+                        const withheldMessage = {
+                            type: "m.room_key.withheld",
+                            sender: "@bob:example.com",
+                            content: {
+                                algorithm: "m.megolm.v1.aes-sha2",
+                                room_id: ROOM_ID,
+                                sender_key: testData.ENCRYPTED_EVENT.content!.sender_key,
+                                session_id: testData.ENCRYPTED_EVENT.content!.session_id,
+                                code: withheldCode,
+                                reason: "zzz",
+                            },
+                        };
+
+                        syncResponder.sendOrQueueSyncResponse({
+                            next_batch: 1,
+                            to_device: { events: [withheldMessage] },
+                        });
+                        await syncPromise(aliceClient);
+                    }
+
+                    if (when === "before") {
+                        await sendWithheldMessage();
+                        await sendEncryptedEvent();
+                    } else {
+                        await sendEncryptedEvent();
+                        // Make sure that the first attempt to decrypt has happened before the withheld arrives
+                        await awaitDecryption;
+                        awaitDecryption = emitPromise(aliceClient, MatrixEventEvent.Decrypted);
+                        await sendWithheldMessage();
+                    }
+
+                    const ev = await awaitDecryption;
+                    expect(ev.getContent()).toEqual({
+                        body: `** Unable to decrypt: DecryptionError: ${expectedMessage} **`,
+                        msgtype: "m.bad.encrypted",
+                    });
+
+                    expect(ev.decryptionFailureReason).toEqual(expectedErrorCode);
+
+                    // `isEncryptedDisabledForUnverifiedDevices` should be true for `m.unverified` and false for other errors.
+                    expect(ev.isEncryptedDisabledForUnverifiedDevices).toEqual(withheldCode === "m.unverified");
+                });
+            },
+        );

        oldBackendOnly("does not block decryption on an 'm.unavailable' report", async function () {
            // there may be a key downloads for alice
@@ -2885,6 +3121,32 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                const mskId = await aliceClient.getCrypto()!.getCrossSigningKeyId(CrossSigningKey.Master)!;
                expect(signatures![aliceClient.getUserId()!][`ed25519:${mskId}`]).toBeDefined();
            });
+
+            newBackendOnly("should upload existing megolm backup key to a new 4S store", async () => {
+                const backupKeyTo4SPromise = awaitMegolmBackupKeyUpload();
+
+                // we need these to set up the mocks but we don't actually care whether they
+                // resolve because we're not testing those things in this test.
+                awaitCrossSigningKeyUpload("master");
+                awaitCrossSigningKeyUpload("user_signing");
+                awaitCrossSigningKeyUpload("self_signing");
+                awaitSecretStorageKeyStoredInAccountData();
+
+                mockSetupCrossSigningRequests();
+                mockSetupMegolmBackupRequests("1");
+
+                await aliceClient.getCrypto()!.bootstrapCrossSigning({});
+                await aliceClient.getCrypto()!.resetKeyBackup();
+
+                await aliceClient.getCrypto()!.bootstrapSecretStorage({
+                    setupNewSecretStorage: true,
+                    createSecretStorageKey,
+                    setupNewKeyBackup: false,
+                });
+
+                await backupKeyTo4SPromise;
+                expect(accountDataAccumulator.accountDataEvents.get("m.megolm_backup.v1")).toBeDefined();
+            });
        });

        describe("Manage Key Backup", () => {
@@ -2902,11 +3164,11 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                // Import a new key that should be uploaded
                const newKey = testData.MEGOLM_SESSION_DATA;

-                const awaitKeyUploaded = new Promise<IKeyBackup>((resolve) => {
+                const awaitKeyUploaded = new Promise<KeyBackup>((resolve) => {
                    fetchMock.put(
                        "path:/_matrix/client/v3/room_keys/keys",
                        (url, request) => {
-                            const uploadPayload: IKeyBackup = JSON.parse(request.body?.toString() ?? "{}");
+                            const uploadPayload: KeyBackup = JSON.parse((request.body as string) ?? "{}");
                            resolve(uploadPayload);
                            return {
                                status: 200,
@@ -2973,7 +3235,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                fetchMock.post(
                    "path:/_matrix/client/v3/room_keys/version",
                    (url, request) => {
-                        const backupData: KeyBackupInfo = JSON.parse(request.body?.toString() ?? "{}");
+                        const backupData: KeyBackupInfo = JSON.parse((request.body as string) ?? "{}");
                        backupData.version = newVersion;
                        backupData.count = 0;
                        backupData.etag = "zer";
@@ -3035,15 +3297,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
        });
    });

-    describe("Check if the cross signing keys are available for a user", () => {
+    describe("User identity", () => {
+        let keyResponder: E2EKeyResponder;
        beforeEach(async () => {
-            // anything that we don't have a specific matcher for silently returns a 404
-            fetchMock.catch(404);
-
-            const keyResponder = new E2EKeyResponder(aliceClient.getHomeserverUrl());
+            keyResponder = new E2EKeyResponder(aliceClient.getHomeserverUrl());
            keyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
            keyResponder.addDeviceKeys(SIGNED_TEST_DEVICE_DATA);
-            keyResponder.addKeyReceiver(BOB_TEST_USER_ID, keyReceiver);
+            keyResponder.addKeyReceiver(TEST_USER_ID, keyReceiver);
            keyResponder.addCrossSigningData(BOB_SIGNED_CROSS_SIGNING_KEYS_DATA);
            keyResponder.addDeviceKeys(BOB_SIGNED_TEST_DEVICE_DATA);

@@ -3059,6 +3319,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
                .getCrypto()!
                .userHasCrossSigningKeys(BOB_TEST_USER_ID, true);
            expect(hasCrossSigningKeysForUser).toBe(true);
+
+            const verificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(BOB_TEST_USER_ID);
+            expect(verificationStatus.isVerified()).toBe(false);
+            expect(verificationStatus.isCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.wasCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.needsUserApproval).toBe(false);
        });

        it("Cross signing keys are available for a tracked user", async () => {
@@ -3069,11 +3335,60 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
            // Alice is the local user and should be tracked !
            const hasCrossSigningKeysForUser = await aliceClient.getCrypto()!.userHasCrossSigningKeys(TEST_USER_ID);
            expect(hasCrossSigningKeysForUser).toBe(true);
+
+            const verificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(BOB_TEST_USER_ID);
+            expect(verificationStatus.isVerified()).toBe(false);
+            expect(verificationStatus.isCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.wasCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.needsUserApproval).toBe(false);
        });

        it("Cross signing keys are not available for an unknown user", async () => {
            const hasCrossSigningKeysForUser = await aliceClient.getCrypto()!.userHasCrossSigningKeys("@unknown:xyz");
            expect(hasCrossSigningKeysForUser).toBe(false);
+
+            const verificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(BOB_TEST_USER_ID);
+            expect(verificationStatus.isVerified()).toBe(false);
+            expect(verificationStatus.isCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.wasCrossSigningVerified()).toBe(false);
+            expect(verificationStatus.needsUserApproval).toBe(false);
+        });
+
+        newBackendOnly("An unverified user changes identity", async () => {
+            // We have to be tracking Bob's keys, which means we need to share a room with him
+            syncResponder.sendOrQueueSyncResponse({
+                ...getSyncResponse([BOB_TEST_USER_ID]),
+                device_lists: { changed: [BOB_TEST_USER_ID] },
+            });
+            await syncPromise(aliceClient);
+
+            const hasCrossSigningKeysForUser = await aliceClient.getCrypto()!.userHasCrossSigningKeys(BOB_TEST_USER_ID);
+            expect(hasCrossSigningKeysForUser).toBe(true);
+
+            // Bob changes his cross-signing keys
+            keyResponder.addCrossSigningData(testData.BOB_ALT_SIGNED_CROSS_SIGNING_KEYS_DATA);
+            syncResponder.sendOrQueueSyncResponse({
+                next_batch: "2",
+                device_lists: { changed: [BOB_TEST_USER_ID] },
+            });
+            await syncPromise(aliceClient);
+
+            await aliceClient.getCrypto()!.userHasCrossSigningKeys(BOB_TEST_USER_ID, true);
+
+            {
+                const verificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(BOB_TEST_USER_ID);
+                expect(verificationStatus.isVerified()).toBe(false);
+                expect(verificationStatus.isCrossSigningVerified()).toBe(false);
+                expect(verificationStatus.wasCrossSigningVerified()).toBe(false);
+                expect(verificationStatus.needsUserApproval).toBe(true);
+            }
+
+            // Pinning the new identity should clear the needsUserApproval flag.
+            await aliceClient.getCrypto()!.pinCurrentUserIdentity(BOB_TEST_USER_ID);
+            {
+                const verificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(BOB_TEST_USER_ID);
+                expect(verificationStatus.needsUserApproval).toBe(false);
+            }
        });
    });

@@ -3210,7 +3525,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
            return client;
        }

-        function mkEncryptionEvent(content: Object) {
+        function mkEncryptionEvent(content: object) {
            return mkEventCustom({
                sender: persistentStoreClient.getSafeUserId(),
                type: "m.room.encryption",
@@ -3223,7 +3538,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("crypto (%s)", (backend: string,
         *
         * @param stateEvents - Additional state events for the test room
         */
-        function getSyncResponseWithState(stateEvents: Array<Object>) {
+        function getSyncResponseWithState(stateEvents: Array<object>) {
            const roomResponse = {
                state: {
                    events: [
@@ -17,11 +17,13 @@ limitations under the License.
 import "fake-indexeddb/auto";
 import fetchMock from "fetch-mock-jest";

-import { createClient, ClientEvent, MatrixClient, MatrixEvent } from "../../../src";
+import { ClientEvent, createClient, MatrixClient, MatrixEvent } from "../../../src";
+import { CryptoEvent } from "../../../src/crypto-api/index";
 import { RustCrypto } from "../../../src/rust-crypto/rust-crypto";
 import { AddSecretStorageKeyOpts } from "../../../src/secret-storage";
 import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
+import { emitPromise, EventCounter } from "../../test-utils/test-utils";

 describe("Device dehydration", () => {
    it("should rehydrate and dehydrate a device", async () => {
@@ -40,6 +42,12 @@ describe("Device dehydration", () => {

        await initializeSecretStorage(matrixClient, "@alice:localhost", "http://test.server");

+        const creationEventCounter = new EventCounter(matrixClient, CryptoEvent.DehydratedDeviceCreated);
+        const dehydrationKeyCachedEventCounter = new EventCounter(matrixClient, CryptoEvent.DehydrationKeyCached);
+        const rehydrationStartedCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationStarted);
+        const rehydrationCompletedCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationCompleted);
+        const rehydrationProgressCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationProgress);
+
        // count the number of times the dehydration key gets set
        let setDehydrationCount = 0;
        matrixClient.on(ClientEvent.AccountData, (event: MatrixEvent) => {
@@ -74,6 +82,8 @@ describe("Device dehydration", () => {
        await crypto.startDehydration();

        expect(dehydrationCount).toEqual(1);
+        expect(creationEventCounter.counter).toEqual(1);
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(1);

        // a week later, we should have created another dehydrated device
        const dehydrationPromise = new Promise<void>((resolve, reject) => {
@@ -81,7 +91,10 @@ describe("Device dehydration", () => {
        });
        jest.advanceTimersByTime(7 * 24 * 60 * 60 * 1000);
        await dehydrationPromise;
+
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(1);
        expect(dehydrationCount).toEqual(2);
+        expect(creationEventCounter.counter).toEqual(2);

        // restart dehydration -- rehydrate the device that we created above,
        // and create a new dehydrated device.  We also set `createNewKey`, so
@@ -113,6 +126,39 @@ describe("Device dehydration", () => {
        expect(setDehydrationCount).toEqual(2);
        expect(eventsResponse.mock.calls).toHaveLength(2);

+        expect(rehydrationStartedCounter.counter).toEqual(1);
+        expect(rehydrationCompletedCounter.counter).toEqual(1);
+        expect(creationEventCounter.counter).toEqual(3);
+        expect(rehydrationProgressCounter.counter).toEqual(1);
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(2);
+
+        // test that if we get an error when we try to rotate, it emits an event
+        fetchMock.put("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", {
+            status: 500,
+            body: {
+                errcode: "M_UNKNOWN",
+                error: "Unknown error",
+            },
+        });
+        const rotationErrorEventPromise = emitPromise(matrixClient, CryptoEvent.DehydratedDeviceRotationError);
+        jest.advanceTimersByTime(7 * 24 * 60 * 60 * 1000);
+        await rotationErrorEventPromise;
+
+        // Restart dehydration, but return an error for GET /dehydrated_device so that rehydration fails.
+        fetchMock.get("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", {
+            status: 500,
+            body: {
+                errcode: "M_UNKNOWN",
+                error: "Unknown error",
+            },
+        });
+        fetchMock.put("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", (_, opts) => {
+            return {};
+        });
+        const rehydrationErrorEventPromise = emitPromise(matrixClient, CryptoEvent.RehydrationError);
+        await crypto.startDehydration(true);
+        await rehydrationErrorEventPromise;
+
        matrixClient.stopClient();
    });
 });
@@ -21,8 +21,8 @@ import { Mocked } from "jest-mock";

 import {
    createClient,
-    CryptoApi,
-    CryptoEvent,
+    Crypto,
+    encodeBase64,
    ICreateClientOpts,
    IEvent,
    IMegolmSessionData,
@@ -42,10 +42,10 @@ import {
 } from "../../test-utils/test-utils";
 import * as testData from "../../test-utils/test-data";
 import { KeyBackupInfo, KeyBackupSession } from "../../../src/crypto-api/keybackup";
-import { IKeyBackup } from "../../../src/crypto/backup";
 import { flushPromises } from "../../test-utils/flushPromises";
 import { defer, IDeferred } from "../../../src/utils";
-import { DecryptionFailureCode } from "../../../src/crypto-api";
+import { decodeRecoveryKey, DecryptionFailureCode, CryptoEvent } from "../../../src/crypto-api";
+import { KeyBackup } from "../../../src/rust-crypto/backup.ts";

 const ROOM_ID = testData.TEST_ROOM_ID;

@@ -91,7 +91,7 @@ function mockUploadEmitter(
                    },
                };
            }
-            const uploadPayload: IKeyBackup = JSON.parse(request.body?.toString() ?? "{}");
+            const uploadPayload: KeyBackup = JSON.parse((request.body as string) ?? "{}");
            let count = 0;
            for (const [roomId, value] of Object.entries(uploadPayload.rooms)) {
                for (const sessionId of Object.keys(value.sessions)) {
@@ -117,8 +117,10 @@ function mockUploadEmitter(
 describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backend: string, initCrypto: InitCrypto) => {
    // oldBackendOnly is an alternative to `it` or `test` which will skip the test if we are running against the
    // Rust backend. Once we have full support in the rust sdk, it will go away.
-    // const oldBackendOnly = backend === "rust-sdk" ? test.skip : test;
-    // const newBackendOnly = backend === "libolm" ? test.skip : test;
+    const oldBackendOnly = backend === "rust-sdk" ? test.skip : test;
+    const newBackendOnly = backend === "libolm" ? test.skip : test;
+
+    const isNewBackend = backend === "rust-sdk";

    let aliceClient: MatrixClient;
    /** an object which intercepts `/sync` requests on the test homeserver */
@@ -247,9 +249,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
            // On the first decryption attempt, decryption fails.
            await awaitDecryption(event);
            expect(event.decryptionFailureReason).toEqual(
-                backend === "libolm"
-                    ? DecryptionFailureCode.MEGOLM_UNKNOWN_INBOUND_SESSION_ID
-                    : DecryptionFailureCode.HISTORICAL_MESSAGE_WORKING_BACKUP,
+                isNewBackend
+                    ? DecryptionFailureCode.HISTORICAL_MESSAGE_WORKING_BACKUP
+                    : DecryptionFailureCode.MEGOLM_UNKNOWN_INBOUND_SESSION_ID,
            );

            // Eventually, decryption succeeds.
@@ -310,10 +312,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
    });

    describe("recover from backup", () => {
-        let aliceCrypto: CryptoApi;
+        let aliceCrypto: Crypto.CryptoApi;

        beforeEach(async () => {
            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+            fetchMock.get(
+                `path:/_matrix/client/v3/room_keys/version/${testData.SIGNED_BACKUP_DATA.version}`,
+                testData.SIGNED_BACKUP_DATA,
+            );

            aliceClient = await initTestClient();
            aliceCrypto = aliceClient.getCrypto()!;
@@ -344,20 +350,29 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                onKeyCached = resolve;
            });

+            await aliceCrypto.storeSessionBackupPrivateKey(
+                decodeRecoveryKey(testData.BACKUP_DECRYPTION_KEY_BASE58),
+                check!.backupInfo!.version!,
+            );
+
            const result = await advanceTimersUntil(
-                aliceClient.restoreKeyBackupWithRecoveryKey(
-                    testData.BACKUP_DECRYPTION_KEY_BASE58,
-                    undefined,
-                    undefined,
-                    check!.backupInfo!,
-                    {
-                        cacheCompleteCallback: () => onKeyCached(),
-                    },
-                ),
+                isNewBackend
+                    ? aliceCrypto.restoreKeyBackup()
+                    : aliceClient.restoreKeyBackupWithRecoveryKey(
+                          testData.BACKUP_DECRYPTION_KEY_BASE58,
+                          undefined,
+                          undefined,
+                          check!.backupInfo!,
+                          {
+                              cacheCompleteCallback: () => onKeyCached(),
+                          },
+                      ),
            );

            expect(result.imported).toStrictEqual(1);

+            if (isNewBackend) return;
+
            await awaitKeyCached;

            // The key should be now cached
@@ -398,8 +413,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe

        it("Should import full backup in chunks", async function () {
            const importMockImpl = jest.fn();
-            // @ts-ignore - mock a private method for testing purpose
-            aliceCrypto.importBackedUpRoomKeys = importMockImpl;
+            if (isNewBackend) {
+                // @ts-ignore - mock a private method for testing purpose
+                jest.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
+            } else {
+                // @ts-ignore - mock a private method for testing purpose
+                jest.spyOn(aliceCrypto, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
+            }

            // We need several rooms with several sessions to test chunking
            const { response, expectedTotal } = createBackupDownloadResponse([45, 300, 345, 12, 130]);
@@ -408,17 +428,26 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe

            const check = await aliceCrypto.checkKeyBackupAndEnable();

-            const progressCallback = jest.fn();
-            const result = await aliceClient.restoreKeyBackupWithRecoveryKey(
-                testData.BACKUP_DECRYPTION_KEY_BASE58,
-                undefined,
-                undefined,
-                check!.backupInfo!,
-                {
-                    progressCallback,
-                },
+            await aliceCrypto.storeSessionBackupPrivateKey(
+                decodeRecoveryKey(testData.BACKUP_DECRYPTION_KEY_BASE58),
+                check!.backupInfo!.version!,
            );

+            const progressCallback = jest.fn();
+            const result = await (isNewBackend
+                ? aliceCrypto.restoreKeyBackup({
+                      progressCallback,
+                  })
+                : aliceClient.restoreKeyBackupWithRecoveryKey(
+                      testData.BACKUP_DECRYPTION_KEY_BASE58,
+                      undefined,
+                      undefined,
+                      check!.backupInfo!,
+                      {
+                          progressCallback,
+                      },
+                  ));
+
            expect(result.imported).toStrictEqual(expectedTotal);
            // Should be called 5 times: 200*4 plus one chunk with the remaining 32
            expect(importMockImpl).toHaveBeenCalledTimes(5);
@@ -451,8 +480,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
        });

        it("Should continue to process backup if a chunk import fails and report failures", async function () {
-            // @ts-ignore - mock a private method for testing purpose
-            aliceCrypto.importBackedUpRoomKeys = jest
+            const importMockImpl = jest
                .fn()
                .mockImplementationOnce(() => {
                    // Fail to import first chunk
@@ -461,22 +489,36 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                // Ok for other chunks
                .mockResolvedValue(undefined);

+            if (isNewBackend) {
+                // @ts-ignore - mock a private method for testing purpose
+                jest.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
+            } else {
+                // @ts-ignore - mock a private method for testing purpose
+                jest.spyOn(aliceCrypto, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
+            }
+
            const { response, expectedTotal } = createBackupDownloadResponse([100, 300]);

            fetchMock.get("express:/_matrix/client/v3/room_keys/keys", response);

            const check = await aliceCrypto.checkKeyBackupAndEnable();
+            await aliceCrypto.storeSessionBackupPrivateKey(
+                decodeRecoveryKey(testData.BACKUP_DECRYPTION_KEY_BASE58),
+                check!.backupInfo!.version!,
+            );

            const progressCallback = jest.fn();
-            const result = await aliceClient.restoreKeyBackupWithRecoveryKey(
-                testData.BACKUP_DECRYPTION_KEY_BASE58,
-                undefined,
-                undefined,
-                check!.backupInfo!,
-                {
-                    progressCallback,
-                },
-            );
+            const result = await (isNewBackend
+                ? aliceCrypto.restoreKeyBackup({ progressCallback })
+                : aliceClient.restoreKeyBackupWithRecoveryKey(
+                      testData.BACKUP_DECRYPTION_KEY_BASE58,
+                      undefined,
+                      undefined,
+                      check!.backupInfo!,
+                      {
+                          progressCallback,
+                      },
+                  ));

            expect(result.total).toStrictEqual(expectedTotal);
            // A chunk failed to import
@@ -527,20 +569,26 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
            fetchMock.get("express:/_matrix/client/v3/room_keys/keys", response);

            const check = await aliceCrypto.checkKeyBackupAndEnable();
-
-            const result = await aliceClient.restoreKeyBackupWithRecoveryKey(
-                testData.BACKUP_DECRYPTION_KEY_BASE58,
-                undefined,
-                undefined,
-                check!.backupInfo!,
+            await aliceCrypto.storeSessionBackupPrivateKey(
+                decodeRecoveryKey(testData.BACKUP_DECRYPTION_KEY_BASE58),
+                check!.backupInfo!.version!,
            );

+            const result = await (isNewBackend
+                ? aliceCrypto.restoreKeyBackup()
+                : aliceClient.restoreKeyBackupWithRecoveryKey(
+                      testData.BACKUP_DECRYPTION_KEY_BASE58,
+                      undefined,
+                      undefined,
+                      check!.backupInfo!,
+                  ));
+
            expect(result.total).toStrictEqual(expectedTotal);
            // A chunk failed to import
            expect(result.imported).toStrictEqual(expectedTotal - decryptionFailureCount);
        });

-        it("recover specific session from backup", async function () {
+        oldBackendOnly("recover specific session from backup", async function () {
            fetchMock.get(
                "express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id",
                testData.CURVE25519_KEY_BACKUP_DATA,
@@ -560,7 +608,33 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
            expect(result.imported).toStrictEqual(1);
        });

-        it("Fails on bad recovery key", async function () {
+        newBackendOnly(
+            "Should get the decryption key from the secret storage and restore the key backup",
+            async function () {
+                // @ts-ignore - mock a private method for testing purpose
+                jest.spyOn(aliceCrypto.secretStorage, "get").mockResolvedValue(testData.BACKUP_DECRYPTION_KEY_BASE64);
+
+                const fullBackup = {
+                    rooms: {
+                        [ROOM_ID]: {
+                            sessions: {
+                                [testData.MEGOLM_SESSION_DATA.session_id]: testData.CURVE25519_KEY_BACKUP_DATA,
+                            },
+                        },
+                    },
+                };
+                fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
+
+                await aliceCrypto.loadSessionBackupPrivateKeyFromSecretStorage();
+                const decryptionKey = await aliceCrypto.getSessionBackupPrivateKey();
+                expect(encodeBase64(decryptionKey!)).toStrictEqual(testData.BACKUP_DECRYPTION_KEY_BASE64);
+
+                const result = await aliceCrypto.restoreKeyBackup();
+                expect(result.imported).toStrictEqual(1);
+            },
+        );
+
+        oldBackendOnly("Fails on bad recovery key", async function () {
            const fullBackup = {
                rooms: {
                    [ROOM_ID]: {
@@ -584,6 +658,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                ),
            ).rejects.toThrow();
        });
+
+        newBackendOnly("Should throw an error if the decryption key is not found in cache", async () => {
+            await expect(aliceCrypto.restoreKeyBackup()).rejects.toThrow("No decryption key found in crypto store");
+        });
    });

    describe("backupLoop", () => {
@@ -796,7 +874,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe

            const result = await aliceCrypto.checkKeyBackupAndEnable();
            expect(result).toBeTruthy();
-            jest.runAllTimers();
+            jest.advanceTimersByTime(10 * 60 * 1000);
            await failurePromise;

            // Fix the endpoint to do successful uploads
@@ -829,7 +907,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
            });

            // run the timers, which will make the backup loop redo the request
-            await jest.runAllTimersAsync();
+            await jest.advanceTimersByTimeAsync(10 * 60 * 1000);
            await successPromise;
            await allKeysUploadedPromise;
        });
@@ -890,6 +968,40 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
        expect(backupStatus).toStrictEqual(testData.SIGNED_BACKUP_DATA.version);
    });

+    newBackendOnly("getKeyBackupInfo() should not return a backup if the active backup has been deleted", async () => {
+        // 404 means that there is no active backup
+        fetchMock.get("express:/_matrix/client/v3/room_keys/version", 404);
+        fetchMock.delete(`express:/_matrix/client/v3/room_keys/version/${testData.SIGNED_BACKUP_DATA.version}`, {});
+
+        aliceClient = await initTestClient();
+        const aliceCrypto = aliceClient.getCrypto()!;
+        await aliceClient.startClient();
+
+        // tell Alice to trust the dummy device that signed the backup
+        await waitForDeviceList();
+        await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);
+        await aliceCrypto.checkKeyBackupAndEnable();
+
+        // At this point there is no backup
+        expect(await aliceCrypto.getKeyBackupInfo()).toBeNull();
+
+        // Return now the backup
+        fetchMock.get("express:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
+            overwriteRoutes: true,
+        });
+
+        expect(await aliceCrypto.getKeyBackupInfo()).toStrictEqual(testData.SIGNED_BACKUP_DATA);
+
+        // Delete the backup and we are expecting the key backup to be disabled
+        const keyBackupStatus = defer<boolean>();
+        aliceClient.once(CryptoEvent.KeyBackupStatus, (enabled) => keyBackupStatus.resolve(enabled));
+        await aliceCrypto.deleteKeyBackupVersion(testData.SIGNED_BACKUP_DATA.version!);
+        expect(await keyBackupStatus.promise).toBe(false);
+
+        // The backup info should not be available anymore
+        expect(await aliceCrypto.getKeyBackupInfo()).toBeNull();
+    });
+
    describe("isKeyBackupTrusted", () => {
        it("does not trust a backup signed by an untrusted device", async () => {
            aliceClient = await initTestClient();
@@ -345,10 +345,10 @@ describe("MatrixClient crypto", () => {

    beforeEach(async () => {
        aliTestClient = new TestClient(aliUserId, aliDeviceId, aliAccessToken);
-        await aliTestClient.client.initCrypto();
+        await aliTestClient.client.initLegacyCrypto();

        bobTestClient = new TestClient(bobUserId, bobDeviceId, bobAccessToken);
-        await bobTestClient.client.initCrypto();
+        await bobTestClient.client.initLegacyCrypto();

        aliMessages = [];
        bobMessages = [];
@@ -85,15 +85,15 @@ export function bootstrapCrossSigningTestOlmAccount(
    deviceId: string,
    keyBackupInfo: KeyBackupInfo[] = [],
 ): Partial<IDownloadKeyResult> {
-    const olmAliceMSK = new global.Olm.PkSigning();
+    const olmAliceMSK = new globalThis.Olm.PkSigning();
    const masterPrivkey = olmAliceMSK.generate_seed();
    const masterPubkey = olmAliceMSK.init_with_seed(masterPrivkey);

-    const olmAliceUSK = new global.Olm.PkSigning();
+    const olmAliceUSK = new globalThis.Olm.PkSigning();
    const userPrivkey = olmAliceUSK.generate_seed();
    const userPubkey = olmAliceUSK.init_with_seed(userPrivkey);

-    const olmAliceSSK = new global.Olm.PkSigning();
+    const olmAliceSSK = new globalThis.Olm.PkSigning();
    const sskPrivkey = olmAliceSSK.generate_seed();
    const sskPubkey = olmAliceSSK.init_with_seed(sskPrivkey);

@@ -181,7 +181,7 @@ export async function createOlmSession(
    const otkId = Object.keys(keys)[0];
    const otk = keys[otkId];

-    const session = new global.Olm.Session();
+    const session = new globalThis.Olm.Session();
    session.create_outbound(olmAccount, recipientTestClient.getDeviceKey(), otk.key);
    return session;
 }
@@ -23,6 +23,7 @@ import { populateStore } from "../../test-utils/test_indexeddb_cryptostore_dump"
 import { MSK_NOT_CACHED_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/no_cached_msk_dump";
 import { IDENTITY_NOT_TRUSTED_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/unverified";
 import { FULL_ACCOUNT_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/full_account";
+import { EMPTY_ACCOUNT_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/empty_account";

 jest.setTimeout(15000);

@@ -65,18 +66,36 @@ describe("MatrixClient.initRustCrypto", () => {
        expect(databaseNames).toEqual(expect.arrayContaining(["matrix-js-sdk::matrix-sdk-crypto"]));
    });

-    it("should create the meta db if given a pickleKey", async () => {
+    it("should create the meta db if given a storageKey", async () => {
        const matrixClient = createClient({
            baseUrl: "http://test.server",
            userId: "@alice:localhost",
            deviceId: "aliceDevice",
-            pickleKey: "testKey",
        });

        // No databases.
        expect(await indexedDB.databases()).toHaveLength(0);

-        await matrixClient.initRustCrypto();
+        await matrixClient.initRustCrypto({ storageKey: new Uint8Array(32) });
+
+        // should have two indexed dbs now
+        const databaseNames = (await indexedDB.databases()).map((db) => db.name);
+        expect(databaseNames).toEqual(
+            expect.arrayContaining(["matrix-js-sdk::matrix-sdk-crypto", "matrix-js-sdk::matrix-sdk-crypto-meta"]),
+        );
+    });
+
+    it("should create the meta db if given a storagePassword", async () => {
+        const matrixClient = createClient({
+            baseUrl: "http://test.server",
+            userId: "@alice:localhost",
+            deviceId: "aliceDevice",
+        });
+
+        // No databases.
+        expect(await indexedDB.databases()).toHaveLength(0);
+
+        await matrixClient.initRustCrypto({ storagePassword: "the cow is on the moon" });

        // should have two indexed dbs now
        const databaseNames = (await indexedDB.databases()).map((db) => db.name);
@@ -266,6 +285,38 @@ describe("MatrixClient.initRustCrypto", () => {
            });
        });

+        it("should not migrate if account data is missing", async () => {
+            // See https://github.com/element-hq/element-web/issues/27447
+
+            // Given we have an almost-empty legacy account in the database
+            fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
+                status: 404,
+                body: { errcode: "M_NOT_FOUND", error: "No backup found" },
+            });
+            fetchMock.post("path:/_matrix/client/v3/keys/query", EMPTY_ACCOUNT_DATASET.keyQueryResponse);
+
+            const testStoreName = "test-store";
+            await populateStore(testStoreName, EMPTY_ACCOUNT_DATASET.dumpPath);
+            const cryptoStore = new IndexedDBCryptoStore(indexedDB, testStoreName);
+
+            const matrixClient = createClient({
+                baseUrl: "http://test.server",
+                userId: EMPTY_ACCOUNT_DATASET.userId,
+                deviceId: EMPTY_ACCOUNT_DATASET.deviceId,
+                cryptoStore,
+                pickleKey: EMPTY_ACCOUNT_DATASET.pickleKey,
+            });
+
+            // When we start Rust crypto, potentially triggering an upgrade
+            const progressListener = jest.fn();
+            matrixClient.addListener(CryptoEvent.LegacyCryptoStoreMigrationProgress, progressListener);
+
+            await matrixClient.initRustCrypto();
+
+            // Then no error occurs, and no upgrade happens
+            expect(progressListener.mock.calls.length).toBe(0);
+        }, 60000);
+
        describe("Legacy trust migration", () => {
            async function populateAndStartLegacyCryptoStore(dumpPath: string): Promise<IndexedDBCryptoStore> {
                const testStoreName = "test-store";
@@ -399,10 +450,9 @@ describe("MatrixClient.clearStores", () => {
            baseUrl: "http://test.server",
            userId: "@alice:localhost",
            deviceId: "aliceDevice",
-            pickleKey: "testKey",
        });

-        await matrixClient.initRustCrypto();
+        await matrixClient.initRustCrypto({ storagePassword: "testKey" });
        expect(await indexedDB.databases()).toHaveLength(2);
        await matrixClient.stopClient();

@@ -0,0 +1,152 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "fetch-mock-jest";
+import "fake-indexeddb/auto";
+import { IDBFactory } from "fake-indexeddb";
+
+import { CRYPTO_BACKENDS, getSyncResponse, InitCrypto, syncPromise } from "../../test-utils/test-utils";
+import { createClient, MatrixClient } from "../../../src";
+import * as testData from "../../test-utils/test-data";
+import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
+import { SyncResponder } from "../../test-utils/SyncResponder";
+import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+
+afterEach(() => {
+    // reset fake-indexeddb after each test, to make sure we don't leak connections
+    // cf https://github.com/dumbmatter/fakeIndexedDB#wipingresetting-the-indexeddb-for-a-fresh-state
+    // eslint-disable-next-line no-global-assign
+    indexedDB = new IDBFactory();
+});
+
+/**
+ * Integration tests for to-device messages functionality.
+ *
+ * These tests work by intercepting HTTP requests via fetch-mock rather than mocking out bits of the client, so as
+ * to provide the most effective integration tests possible.
+ */
+describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backend: string, initCrypto: InitCrypto) => {
+    let aliceClient: MatrixClient;
+
+    /** an object which intercepts `/keys/query` requests on the test homeserver */
+    let e2eKeyResponder: E2EKeyResponder;
+
+    beforeEach(
+        async () => {
+            // anything that we don't have a specific matcher for silently returns a 404
+            fetchMock.catch(404);
+            fetchMock.config.warnOnFallback = false;
+
+            const homeserverUrl = "https://server.com";
+            aliceClient = createClient({
+                baseUrl: homeserverUrl,
+                userId: testData.TEST_USER_ID,
+                accessToken: "akjgkrgjsalice",
+                deviceId: testData.TEST_DEVICE_ID,
+            });
+
+            e2eKeyResponder = new E2EKeyResponder(homeserverUrl);
+            new E2EKeyReceiver(homeserverUrl);
+            const syncResponder = new SyncResponder(homeserverUrl);
+
+            // add bob as known user
+            syncResponder.sendOrQueueSyncResponse(getSyncResponse([testData.BOB_TEST_USER_ID]));
+
+            // Silence warnings from the backup manager
+            fetchMock.getOnce(new URL("/_matrix/client/v3/room_keys/version", homeserverUrl).toString(), {
+                status: 404,
+                body: { errcode: "M_NOT_FOUND" },
+            });
+
+            fetchMock.get(new URL("/_matrix/client/v3/pushrules/", homeserverUrl).toString(), {});
+            fetchMock.get(new URL("/_matrix/client/versions/", homeserverUrl).toString(), {});
+            fetchMock.post(
+                new URL(
+                    `/_matrix/client/v3/user/${encodeURIComponent(testData.TEST_USER_ID)}/filter`,
+                    homeserverUrl,
+                ).toString(),
+                { filter_id: "fid" },
+            );
+
+            await initCrypto(aliceClient);
+        },
+        /* it can take a while to initialise the crypto library on the first pass, so bump up the timeout. */
+        10000,
+    );
+
+    afterEach(async () => {
+        aliceClient.stopClient();
+        fetchMock.mockReset();
+    });
+
+    describe("encryptToDeviceMessages", () => {
+        it("returns empty batch for device that is not known", async () => {
+            await aliceClient.startClient();
+
+            const toDeviceBatch = await aliceClient
+                .getCrypto()
+                ?.encryptToDeviceMessages(
+                    "m.test.event",
+                    [{ userId: testData.BOB_TEST_USER_ID, deviceId: testData.BOB_TEST_DEVICE_ID }],
+                    {
+                        some: "content",
+                    },
+                );
+
+            expect(toDeviceBatch).toBeDefined();
+            const { batch, eventType } = toDeviceBatch!;
+            expect(eventType).toBe("m.room.encrypted");
+            expect(batch.length).toBe(0);
+        });
+
+        it("returns encrypted batch for known device", async () => {
+            await aliceClient.startClient();
+            e2eKeyResponder.addDeviceKeys(testData.BOB_SIGNED_TEST_DEVICE_DATA);
+            fetchMock.post("express:/_matrix/client/v3/keys/claim", () => ({
+                one_time_keys: testData.BOB_ONE_TIME_KEYS,
+            }));
+            await syncPromise(aliceClient);
+
+            const toDeviceBatch = await aliceClient
+                .getCrypto()
+                ?.encryptToDeviceMessages(
+                    "m.test.event",
+                    [{ userId: testData.BOB_TEST_USER_ID, deviceId: testData.BOB_TEST_DEVICE_ID }],
+                    {
+                        some: "content",
+                    },
+                );
+
+            expect(toDeviceBatch?.batch.length).toBe(1);
+            expect(toDeviceBatch?.eventType).toBe("m.room.encrypted");
+            const { deviceId, payload, userId } = toDeviceBatch!.batch[0];
+            expect(deviceId).toBe(testData.BOB_TEST_DEVICE_ID);
+            expect(userId).toBe(testData.BOB_TEST_USER_ID);
+            expect(payload.algorithm).toBe("m.olm.v1.curve25519-aes-sha2");
+            expect(payload.sender_key).toEqual(expect.any(String));
+            expect(payload.ciphertext).toEqual(
+                expect.objectContaining({
+                    [testData.BOB_SIGNED_TEST_DEVICE_DATA.keys[`curve25519:${testData.BOB_TEST_DEVICE_ID}`]]: {
+                        body: expect.any(String),
+                        type: 0,
+                    },
+                }),
+            );
+
+            // for future: check that bob's device can decrypt the ciphertext?
+        });
+    });
+});
@@ -17,7 +17,7 @@ limitations under the License.
 import "fake-indexeddb/auto";

 import anotherjson from "another-json";
-import { MockResponse } from "fetch-mock";
+import FetchMock from "fetch-mock";
 import fetchMock from "fetch-mock-jest";
 import { IDBFactory } from "fake-indexeddb";
 import { createHash } from "crypto";
@@ -78,6 +78,7 @@ import {
    encryptGroupSessionKey,
    encryptMegolmEvent,
    encryptSecretSend,
+    getTestOlmAccountKeys,
    ToDeviceEvent,
 } from "./olm-utils";
 import { KeyBackupInfo } from "../../../src/crypto-api";
@@ -90,11 +91,12 @@ jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });

 beforeAll(async () => {
    // we use the libolm primitives in the test, so init the Olm library
-    await global.Olm.init();
+    await globalThis.Olm.init();
 });

 // load the rust library. This can take a few seconds on a slow GH worker.
 beforeAll(async () => {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
    const RustSdkCryptoJs = await require("@matrix-org/matrix-sdk-crypto-wasm");
    await RustSdkCryptoJs.initAsync();
 }, 10000);
@@ -263,7 +265,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st

            // The dummy device makes up a curve25519 keypair and sends the public bit back in an `m.key.verification.key'
            // We use the Curve25519, HMAC and HKDF implementations in libolm, for now
-            const olmSAS = new global.Olm.SAS();
+            const olmSAS = new globalThis.Olm.SAS();
            returnToDeviceMessageFromSync(buildSasKeyMessage(transactionId, olmSAS.get_pubkey()));

            // alice responds with a 'key' ...
@@ -357,7 +359,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st

            // The dummy device makes up a curve25519 keypair and uses the hash in an 'm.key.verification.accept'
            // We use the Curve25519, HMAC and HKDF implementations in libolm, for now
-            const olmSAS = new global.Olm.SAS();
+            const olmSAS = new globalThis.Olm.SAS();
            const commitmentStr = olmSAS.get_pubkey() + anotherjson.stringify(toDeviceMessage);

            sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.key");
@@ -472,21 +474,23 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
            expect(request.phase).toEqual(VerificationPhase.Ready);

            // we should now have QR data we can display
-            const qrCodeBuffer = (await request.generateQRCode())!;
-            expect(qrCodeBuffer).toBeTruthy();
+            const rawQrCodeBuffer = (await request.generateQRCode())!;
+            expect(rawQrCodeBuffer).toBeTruthy();
+            const qrCodeBuffer = new Uint8Array(rawQrCodeBuffer);

+            const textDecoder = new TextDecoder();
            // https://spec.matrix.org/v1.7/client-server-api/#qr-code-format
-            expect(qrCodeBuffer.subarray(0, 6).toString("latin1")).toEqual("MATRIX");
-            expect(qrCodeBuffer.readUint8(6)).toEqual(0x02); // version
-            expect(qrCodeBuffer.readUint8(7)).toEqual(0x02); // mode
-            const txnIdLen = qrCodeBuffer.readUint16BE(8);
-            expect(qrCodeBuffer.subarray(10, 10 + txnIdLen).toString("utf-8")).toEqual(transactionId);
+            expect(textDecoder.decode(qrCodeBuffer.slice(0, 6))).toEqual("MATRIX");
+            expect(qrCodeBuffer[6]).toEqual(0x02); // version
+            expect(qrCodeBuffer[7]).toEqual(0x02); // mode
+            const txnIdLen = (qrCodeBuffer[8] << 8) + qrCodeBuffer[9];
+            expect(textDecoder.decode(qrCodeBuffer.slice(10, 10 + txnIdLen))).toEqual(transactionId);
            // Alice's device's public key comes next, but we have nothing to do with it here.
-            // const aliceDevicePubKey = qrCodeBuffer.subarray(10 + txnIdLen, 32 + 10 + txnIdLen);
-            expect(qrCodeBuffer.subarray(42 + txnIdLen, 32 + 42 + txnIdLen)).toEqual(
-                Buffer.from(MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64, "base64"),
+            // const aliceDevicePubKey = qrCodeBuffer.slice(10 + txnIdLen, 32 + 10 + txnIdLen);
+            expect(encodeUnpaddedBase64(qrCodeBuffer.slice(42 + txnIdLen, 32 + 42 + txnIdLen))).toEqual(
+                MASTER_CROSS_SIGNING_PUBLIC_KEY_BASE64,
            );
-            const sharedSecret = qrCodeBuffer.subarray(74 + txnIdLen);
+            const sharedSecret = qrCodeBuffer.slice(74 + txnIdLen);

            // we should still be "Ready" and have no verifier
            expect(request.phase).toEqual(VerificationPhase.Ready);
@@ -804,7 +808,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
            // we should now have QR data we can display
            const qrCodeBuffer = (await request.generateQRCode())!;
            expect(qrCodeBuffer).toBeTruthy();
-            const sharedSecret = qrCodeBuffer.subarray(74 + transactionId.length);
+            const sharedSecret = qrCodeBuffer.slice(74 + transactionId.length);

            // the dummy device "scans" the displayed QR code and acknowledges it with a "m.key.verification.start"
            returnToDeviceMessageFromSync(buildReciprocateStartMessage(transactionId, sharedSecret));
@@ -989,6 +993,18 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
            aliceClient.setGlobalErrorOnUnknownDevices(false);
            syncResponder.sendOrQueueSyncResponse(getSyncResponse([BOB_TEST_USER_ID]));
            await syncPromise(aliceClient);
+
+            // Rust crypto requires the sender's device keys before it accepts a
+            // verification request.
+            if (backend === "rust-sdk") {
+                const crypto = aliceClient.getCrypto()!;
+
+                const bobDeviceKeys = getTestOlmAccountKeys(testOlmAccount, BOB_TEST_USER_ID, "BobDevice");
+                e2eKeyResponder.addDeviceKeys(bobDeviceKeys);
+                syncResponder.sendOrQueueSyncResponse({ device_lists: { changed: [BOB_TEST_USER_ID] } });
+                await syncPromise(aliceClient);
+                await crypto.getUserDeviceInfo([BOB_TEST_USER_ID]);
+            }
        });

        /**
@@ -1511,7 +1527,7 @@ function expectSendToDeviceMessage(msgtype: string): Promise<{ messages: any }>
    return new Promise((resolve) => {
        fetchMock.putOnce(
            new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/${escapeRegExp(msgtype)}`),
-            (url: string, opts: RequestInit): MockResponse => {
+            (url: string, opts: RequestInit): FetchMock.MockResponse => {
                resolve(JSON.parse(opts.body as string));
                return {};
            },
@@ -1535,7 +1551,7 @@ function mockSecretRequestAndGetPromises(): Map<string, Promise<string>> {

    fetchMock.put(
        new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/m.secret.request`),
-        (url: string, opts: RequestInit): MockResponse => {
+        (url: string, opts: RequestInit): FetchMock.MockResponse => {
            const messages = JSON.parse(opts.body as string).messages[TEST_USER_ID];
            // rust crypto broadcasts to all devices, old crypto to a specific device, take the first one
            const content = Object.values(messages)[0] as any;
@@ -1626,7 +1642,7 @@ function buildReadyMessage(
 }

 /** build an m.key.verification.start to-device message suitable for the m.reciprocate.v1 flow, originating from the dummy device */
-function buildReciprocateStartMessage(transactionId: string, sharedSecret: Uint8Array) {
+function buildReciprocateStartMessage(transactionId: string, sharedSecret: ArrayBuffer) {
    return {
        type: "m.key.verification.start",
        content: {
@@ -1722,7 +1738,7 @@ function buildQRCode(
    key2Base64: string,
    sharedSecret: string,
    mode = 0x02,
-): Uint8Array {
+): Uint8ClampedArray {
    // https://spec.matrix.org/v1.7/client-server-api/#qr-code-format

    const qrCodeBuffer = Buffer.alloc(150); // oversize
@@ -1738,5 +1754,5 @@ function buildQRCode(
    idx += qrCodeBuffer.write(sharedSecret, idx);

    // truncate to the right length
-    return qrCodeBuffer.subarray(0, idx);
+    return new Uint8ClampedArray(qrCodeBuffer.subarray(0, idx));
 }
@@ -67,7 +67,7 @@ function getSyncResponse(roomMembers: string[]) {
 }

 describe("DeviceList management:", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("not running deviceList tests: Olm not present");
        return;
    }
@@ -77,7 +77,7 @@ describe("DeviceList management:", function () {

    async function createTestClient() {
        const testClient = new TestClient("@alice:localhost", "xzcvb", "akjgkrgjs", sessionStoreBackend);
-        await testClient.client.initCrypto();
+        await testClient.client.initLegacyCrypto();
        return testClient;
    }

@@ -1144,7 +1144,7 @@ describe("MatrixClient event timelines", function () {

        const prom = emitPromise(room, ThreadEvent.Update);
        // Assume we're seeing the reply while loading backlog
-        await room.addLiveEvents([THREAD_REPLY2]);
+        await room.addLiveEvents([THREAD_REPLY2], { addToState: false });
        httpBackend
            .when(
                "GET",
@@ -1155,7 +1155,7 @@ describe("MatrixClient event timelines", function () {
            });
        await flushHttp(prom);
        // but while loading the metadata, a new reply has arrived
-        await room.addLiveEvents([THREAD_REPLY3]);
+        await room.addLiveEvents([THREAD_REPLY3], { addToState: false });
        const thread = room.getThread(THREAD_ROOT_UPDATED.event_id!)!;
        // then the events should still be all in the right order
        expect(thread.events.map((it) => it.getId())).toEqual([
@@ -1247,7 +1247,7 @@ describe("MatrixClient event timelines", function () {

        const prom = emitPromise(room, ThreadEvent.Update);
        // Assume we're seeing the reply while loading backlog
-        await room.addLiveEvents([THREAD_REPLY2]);
+        await room.addLiveEvents([THREAD_REPLY2], { addToState: false });
        httpBackend
            .when(
                "GET",
@@ -1263,7 +1263,7 @@ describe("MatrixClient event timelines", function () {
            });
        await flushHttp(prom);
        // but while loading the metadata, a new reply has arrived
-        await room.addLiveEvents([THREAD_REPLY3]);
+        await room.addLiveEvents([THREAD_REPLY3], { addToState: false });
        const thread = room.getThread(THREAD_ROOT_UPDATED.event_id!)!;
        // then the events should still be all in the right order
        expect(thread.events.map((it) => it.getId())).toEqual([
@@ -1560,7 +1560,7 @@ describe("MatrixClient event timelines", function () {
                thread.initialEventsFetched = true;
                const prom = emitPromise(room, ThreadEvent.NewReply);
                respondToEvent(THREAD_ROOT_UPDATED);
-                await room.addLiveEvents([THREAD_REPLY2]);
+                await room.addLiveEvents([THREAD_REPLY2], { addToState: false });
                await httpBackend.flushAllExpected();
                await prom;
                expect(thread.length).toBe(2);
@@ -1685,7 +1685,7 @@ describe("MatrixClient event timelines", function () {
                thread.initialEventsFetched = true;
                const prom = emitPromise(room, ThreadEvent.Update);
                respondToEvent(THREAD_ROOT_UPDATED);
-                await room.addLiveEvents([THREAD_REPLY_REACTION]);
+                await room.addLiveEvents([THREAD_REPLY_REACTION], { addToState: false });
                await httpBackend.flushAllExpected();
                await prom;
                expect(thread.length).toBe(1); // reactions don't count towards the length of a thread
@@ -168,14 +168,17 @@ describe("MatrixClient", function () {
                    type: "test",
                    content: {},
                });
-            room.addLiveEvents([
-                utils.mkMembership({
-                    user: userId,
-                    room: roomId,
-                    mship: KnownMembership.Join,
-                    event: true,
-                }),
-            ]);
+            room.addLiveEvents(
+                [
+                    utils.mkMembership({
+                        user: userId,
+                        room: roomId,
+                        mship: KnownMembership.Join,
+                        event: true,
+                    }),
+                ],
+                { addToState: true },
+            );
            httpBackend.verifyNoOutstandingRequests();
            store.storeRoom(room);

@@ -188,14 +191,17 @@ describe("MatrixClient", function () {
            const roomId = "!roomId:server";
            const roomAlias = "#my-fancy-room:server";
            const room = new Room(roomId, client, userId);
-            room.addLiveEvents([
-                utils.mkMembership({
-                    user: userId,
-                    room: roomId,
-                    mship: KnownMembership.Join,
-                    event: true,
-                }),
-            ]);
+            room.addLiveEvents(
+                [
+                    utils.mkMembership({
+                        user: userId,
+                        room: roomId,
+                        mship: KnownMembership.Join,
+                        event: true,
+                    }),
+                ],
+                { addToState: true },
+            );
            store.storeRoom(room);

            // The method makes a request to resolve the alias
@@ -257,7 +263,7 @@ describe("MatrixClient", function () {
                .when("POST", "/knock/" + encodeURIComponent(roomId))
                .check((request) => {
                    expect(request.data).toEqual({ reason: opts.reason });
-                    expect(request.queryParams).toEqual({ server_name: opts.viaServers });
+                    expect(request.queryParams).toEqual({ server_name: opts.viaServers, via: opts.viaServers });
                })
                .respond(200, { room_id: roomId });

@@ -275,14 +281,17 @@ describe("MatrixClient", function () {
                    content: {},
                });

-            room.addLiveEvents([
-                utils.mkMembership({
-                    user: userId,
-                    room: roomId,
-                    mship: KnownMembership.Knock,
-                    event: true,
-                }),
-            ]);
+            room.addLiveEvents(
+                [
+                    utils.mkMembership({
+                        user: userId,
+                        room: roomId,
+                        mship: KnownMembership.Knock,
+                        event: true,
+                    }),
+                ],
+                { addToState: true },
+            );

            httpBackend.verifyNoOutstandingRequests();
            store.storeRoom(room);
@@ -641,9 +650,9 @@ describe("MatrixClient", function () {
        }

        beforeEach(function () {
-            // running initCrypto should trigger a key upload
+            // running initLegacyCrypto should trigger a key upload
            httpBackend.when("POST", "/keys/upload").respond(200, {});
-            return Promise.all([client.initCrypto(), httpBackend.flush("/keys/upload", 1)]);
+            return Promise.all([client.initLegacyCrypto(), httpBackend.flush("/keys/upload", 1)]);
        });

        afterEach(() => {
@@ -1293,18 +1302,109 @@ describe("MatrixClient", function () {
    });

    describe("getCapabilities", () => {
-        it("should cache by default", async () => {
+        it("should return cached capabilities if present", async () => {
+            const capsObject = {
+                "m.change_password": false,
+            };
+
+            httpBackend!.when("GET", "/versions").respond(200, {});
+            httpBackend!.when("GET", "/pushrules").respond(200, {});
+            httpBackend!.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
            httpBackend.when("GET", "/capabilities").respond(200, {
-                capabilities: {
-                    "m.change_password": false,
-                },
+                capabilities: capsObject,
            });
-            const prom = httpBackend.flushAllExpected();
-            const capabilities1 = await client.getCapabilities();
-            const capabilities2 = await client.getCapabilities();
+
+            client.startClient();
+            await httpBackend!.flushAllExpected();
+
+            expect(await client.getCapabilities()).toEqual(capsObject);
+        });
+
+        it("should fetch capabilities if cache not present", async () => {
+            const capsObject = {
+                "m.change_password": false,
+            };
+
+            httpBackend.when("GET", "/capabilities").respond(200, {
+                capabilities: capsObject,
+            });
+
+            const capsPromise = client.getCapabilities();
+            await httpBackend!.flushAllExpected();
+
+            expect(await capsPromise).toEqual(capsObject);
+        });
+    });
+
+    describe("getCachedCapabilities", () => {
+        it("should return cached capabilities or undefined", async () => {
+            const capsObject = {
+                "m.change_password": false,
+            };
+
+            httpBackend!.when("GET", "/versions").respond(200, {});
+            httpBackend!.when("GET", "/pushrules").respond(200, {});
+            httpBackend!.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
+            httpBackend.when("GET", "/capabilities").respond(200, {
+                capabilities: capsObject,
+            });
+
+            expect(client.getCachedCapabilities()).toBeUndefined();
+
+            client.startClient();
+
+            await httpBackend!.flushAllExpected();
+
+            expect(client.getCachedCapabilities()).toEqual(capsObject);
+        });
+    });
+
+    describe("fetchCapabilities", () => {
+        const capsObject = {
+            "m.change_password": false,
+        };
+
+        beforeEach(() => {
+            httpBackend.when("GET", "/capabilities").respond(200, {
+                capabilities: capsObject,
+            });
+        });
+
+        afterEach(() => {
+            jest.useRealTimers();
+        });
+
+        it("should always fetch capabilities and then cache", async () => {
+            const prom = client.fetchCapabilities();
+            await httpBackend.flushAllExpected();
+            const caps = await prom;
+
+            expect(caps).toEqual(capsObject);
+        });
+
+        it("should write-through the cache", async () => {
+            httpBackend!.when("GET", "/versions").respond(200, {});
+            httpBackend!.when("GET", "/pushrules").respond(200, {});
+            httpBackend!.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
+
+            client.startClient();
+            await httpBackend!.flushAllExpected();
+
+            expect(client.getCachedCapabilities()).toEqual(capsObject);
+
+            const newCapsObject = {
+                "m.change_password": true,
+            };
+
+            httpBackend.when("GET", "/capabilities").respond(200, {
+                capabilities: newCapsObject,
+            });
+
+            const prom = client.fetchCapabilities();
+            await httpBackend.flushAllExpected();
            await prom;

-            expect(capabilities1).toStrictEqual(capabilities2);
+            expect(client.getCachedCapabilities()).toEqual(newCapsObject);
        });
    });

@@ -1815,6 +1915,28 @@ describe("MatrixClient", function () {
            return prom;
        });
    });
+
+    describe("getDomain", () => {
+        it("should return null if no userId is set", () => {
+            const client = new MatrixClient({ baseUrl: "http://localhost" });
+            expect(client.getDomain()).toBeNull();
+        });
+
+        it("should return the domain of the userId", () => {
+            expect(client.getDomain()).toBe("localhost");
+        });
+    });
+
+    describe("getUserIdLocalpart", () => {
+        it("should return null if no userId is set", () => {
+            const client = new MatrixClient({ baseUrl: "http://localhost" });
+            expect(client.getUserIdLocalpart()).toBeNull();
+        });
+
+        it("should return the localpart of the userId", () => {
+            expect(client.getUserIdLocalpart()).toBe("alice");
+        });
+    });
 });

 function withThreadId(event: MatrixEvent, newThreadId: string): MatrixEvent {
@@ -1825,7 +1947,6 @@ function withThreadId(event: MatrixEvent, newThreadId: string): MatrixEvent {

 const buildEventMessageInThread = (root: MatrixEvent) =>
    new MatrixEvent({
-        age: 80098509,
        content: {
            "algorithm": "m.megolm.v1.aes-sha2",
            "ciphertext": "ENCRYPTEDSTUFF",
@@ -1846,12 +1967,10 @@ const buildEventMessageInThread = (root: MatrixEvent) =>
        sender: "@andybalaam-test1:matrix.org",
        type: "m.room.encrypted",
        unsigned: { age: 80098509 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventPollResponseReference = () =>
    new MatrixEvent({
-        age: 80098509,
        content: {
            "algorithm": "m.megolm.v1.aes-sha2",
            "ciphertext": "ENCRYPTEDSTUFF",
@@ -1869,7 +1988,6 @@ const buildEventPollResponseReference = () =>
        sender: "@andybalaam-test1:matrix.org",
        type: "m.room.encrypted",
        unsigned: { age: 80106237 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventReaction = (event: MatrixEvent) =>
@@ -1909,7 +2027,6 @@ const buildEventRedaction = (event: MatrixEvent) =>

 const buildEventPollStartThreadRoot = () =>
    new MatrixEvent({
-        age: 80108647,
        content: {
            algorithm: "m.megolm.v1.aes-sha2",
            ciphertext: "ENCRYPTEDSTUFF",
@@ -1923,12 +2040,10 @@ const buildEventPollStartThreadRoot = () =>
        sender: "@andybalaam-test1:matrix.org",
        type: "m.room.encrypted",
        unsigned: { age: 80108647 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventReply = (target: MatrixEvent) =>
    new MatrixEvent({
-        age: 80098509,
        content: {
            "algorithm": "m.megolm.v1.aes-sha2",
            "ciphertext": "ENCRYPTEDSTUFF",
@@ -1947,12 +2062,10 @@ const buildEventReply = (target: MatrixEvent) =>
        sender: "@andybalaam-test1:matrix.org",
        type: "m.room.encrypted",
        unsigned: { age: 80098509 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventRoomName = () =>
    new MatrixEvent({
-        age: 80123249,
        content: {
            name: "1 poll, 1 vote, 1 thread",
        },
@@ -1963,12 +2076,10 @@ const buildEventRoomName = () =>
        state_key: "",
        type: "m.room.name",
        unsigned: { age: 80123249 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventEncryption = () =>
    new MatrixEvent({
-        age: 80123383,
        content: {
            algorithm: "m.megolm.v1.aes-sha2",
        },
@@ -1979,12 +2090,10 @@ const buildEventEncryption = () =>
        state_key: "",
        type: "m.room.encryption",
        unsigned: { age: 80123383 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventGuestAccess = () =>
    new MatrixEvent({
-        age: 80123473,
        content: {
            guest_access: "can_join",
        },
@@ -1995,12 +2104,10 @@ const buildEventGuestAccess = () =>
        state_key: "",
        type: "m.room.guest_access",
        unsigned: { age: 80123473 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventHistoryVisibility = () =>
    new MatrixEvent({
-        age: 80123556,
        content: {
            history_visibility: "shared",
        },
@@ -2011,12 +2118,10 @@ const buildEventHistoryVisibility = () =>
        state_key: "",
        type: "m.room.history_visibility",
        unsigned: { age: 80123556 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventJoinRules = () =>
    new MatrixEvent({
-        age: 80123696,
        content: {
            join_rule: KnownMembership.Invite,
        },
@@ -2027,12 +2132,10 @@ const buildEventJoinRules = () =>
        state_key: "",
        type: "m.room.join_rules",
        unsigned: { age: 80123696 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventPowerLevels = () =>
    new MatrixEvent({
-        age: 80124105,
        content: {
            ban: 50,
            events: {
@@ -2063,12 +2166,10 @@ const buildEventPowerLevels = () =>
        state_key: "",
        type: "m.room.power_levels",
        unsigned: { age: 80124105 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventMember = () =>
    new MatrixEvent({
-        age: 80125279,
        content: {
            avatar_url: "mxc://matrix.org/aNtbVcFfwotudypZcHsIcPOc",
            displayname: "andybalaam-test1",
@@ -2081,12 +2182,10 @@ const buildEventMember = () =>
        state_key: "@andybalaam-test1:matrix.org",
        type: "m.room.member",
        unsigned: { age: 80125279 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 const buildEventCreate = () =>
    new MatrixEvent({
-        age: 80126105,
        content: {
            room_version: "6",
        },
@@ -2097,7 +2196,6 @@ const buildEventCreate = () =>
        state_key: "",
        type: "m.room.create",
        unsigned: { age: 80126105 },
-        user_id: "@andybalaam-test1:matrix.org",
    });

 function assertObjectContains(obj: Record<string, any>, expected: any): void {
@@ -80,7 +80,7 @@ describe("MatrixClient opts", function () {
        let client: MatrixClient;
        beforeEach(function () {
            client = new MatrixClient({
-                fetchFn: httpBackend.fetchFn as typeof global.fetch,
+                fetchFn: httpBackend.fetchFn as typeof globalThis.fetch,
                store: undefined,
                baseUrl: baseUrl,
                userId: userId,
@@ -135,7 +135,7 @@ describe("MatrixClient opts", function () {
        let client: MatrixClient;
        beforeEach(function () {
            client = new MatrixClient({
-                fetchFn: httpBackend.fetchFn as typeof global.fetch,
+                fetchFn: httpBackend.fetchFn as typeof globalThis.fetch,
                store: new MemoryStore() as IStore,
                baseUrl: baseUrl,
                userId: userId,
@@ -333,7 +333,7 @@ describe("MatrixClient room timelines", function () {
                name: userName,
                url: "mxc://some/url",
            });
-            oldMshipEvent.prev_content = {
+            oldMshipEvent.unsigned!.prev_content = {
                displayname: "Old Alice",
                avatar_url: undefined,
                membership: KnownMembership.Join,
@@ -105,13 +105,13 @@ describe("MatrixClient syncing errors", () => {

        await client!.startClient();
        expect(await syncEvents[0].promise).toBe(SyncState.Error);
-        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
        expect(await syncEvents[1].promise).toBe(SyncState.Error);
-        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
        expect(await syncEvents[2].promise).toBe(SyncState.Prepared);
-        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
        expect(await syncEvents[3].promise).toBe(SyncState.Syncing);
-        jest.runAllTimers(); // this will skip forward to trigger the keepAlive/sync
+        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
        expect(await syncEvents[4].promise).toBe(SyncState.Syncing);
    });

@@ -119,6 +119,7 @@ describe("MatrixClient syncing errors", () => {
        jest.useFakeTimers();
        fetchMock.config.overwriteRoutes = false;
        fetchMock
+            .get("end:capabilities", {})
            .getOnce("end:versions", {}) // first version check without credentials needs to succeed
            .get("end:versions", unknownTokenErrorData) // further version checks fails with 401
            .get("end:pushrules/", 401) // fails with 401 without an error. This does happen in practice e.g. with Synapse
@@ -50,6 +50,13 @@ import { THREAD_RELATION_TYPE } from "../../src/models/thread";
 import { IActionsObject } from "../../src/pushprocessor";
 import { KnownMembership } from "../../src/@types/membership";

+declare module "../../src/@types/event" {
+    interface AccountDataEvents {
+        a: {};
+        b: {};
+    }
+}
+
 describe("MatrixClient syncing", () => {
    const selfUserId = "@alice:localhost";
    const selfAccessToken = "aseukfgwef";
@@ -112,7 +119,7 @@ describe("MatrixClient syncing", () => {
        });

        it("should emit RoomEvent.MyMembership for invite->leave->invite cycles", async () => {
-            await client!.initCrypto();
+            await client!.initRustCrypto();

            const roomId = "!cycles:example.org";

@@ -227,7 +234,7 @@ describe("MatrixClient syncing", () => {
        });

        it("should emit RoomEvent.MyMembership for knock->leave->knock cycles", async () => {
-            await client!.initCrypto();
+            await client!.initRustCrypto();

            const roomId = "!cycles:example.org";

@@ -556,7 +563,7 @@ describe("MatrixClient syncing", () => {
        });

        it("should resolve incoming invites from /sync", () => {
-            syncData.rooms.join[roomOne].state.events.push(
+            syncData.rooms.join[roomOne].state!.events.push(
                utils.mkMembership({
                    room: roomOne,
                    mship: KnownMembership.Invite,
@@ -577,7 +584,7 @@ describe("MatrixClient syncing", () => {
            return Promise.all([httpBackend!.flushAllExpected(), awaitSyncEvent()]).then(() => {
                const member = client!.getRoom(roomOne)!.getMember(userC)!;
                expect(member.name).toEqual("The Boss");
-                expect(member.getAvatarUrl("home.server.url", 1, 1, "", false, false)).toBeTruthy();
+                expect(member.getAvatarUrl("https://home.server.url", 1, 1, "", false, false)).toBeTruthy();
            });
        });

@@ -589,7 +596,7 @@ describe("MatrixClient syncing", () => {
                    name: "The Ghost",
                }) as IMinimalEvent,
            ];
-            syncData.rooms.join[roomOne].state.events.push(
+            syncData.rooms.join[roomOne].state!.events.push(
                utils.mkMembership({
                    room: roomOne,
                    mship: KnownMembership.Invite,
@@ -617,7 +624,7 @@ describe("MatrixClient syncing", () => {
                    name: "The Ghost",
                }) as IMinimalEvent,
            ];
-            syncData.rooms.join[roomOne].state.events.push(
+            syncData.rooms.join[roomOne].state!.events.push(
                utils.mkMembership({
                    room: roomOne,
                    mship: KnownMembership.Invite,
@@ -644,7 +651,7 @@ describe("MatrixClient syncing", () => {
        });

        it("should no-op if resolveInvitesToProfiles is not set", () => {
-            syncData.rooms.join[roomOne].state.events.push(
+            syncData.rooms.join[roomOne].state!.events.push(
                utils.mkMembership({
                    room: roomOne,
                    mship: KnownMembership.Invite,
@@ -1373,6 +1380,114 @@ describe("MatrixClient syncing", () => {
                expect(stateEventEmitCount).toEqual(2);
            });
        });
+
+        describe("msc4222", () => {
+            const roomOneSyncOne = {
+                "timeline": {
+                    events: [
+                        utils.mkMessage({
+                            room: roomOne,
+                            user: otherUserId,
+                            msg: "hello",
+                        }),
+                    ],
+                },
+                "org.matrix.msc4222.state_after": {
+                    events: [
+                        utils.mkEvent({
+                            type: "m.room.name",
+                            room: roomOne,
+                            user: otherUserId,
+                            content: {
+                                name: "Initial room name",
+                            },
+                        }),
+                        utils.mkMembership({
+                            room: roomOne,
+                            mship: KnownMembership.Join,
+                            user: otherUserId,
+                        }),
+                        utils.mkMembership({
+                            room: roomOne,
+                            mship: KnownMembership.Join,
+                            user: selfUserId,
+                        }),
+                        utils.mkEvent({
+                            type: "m.room.create",
+                            room: roomOne,
+                            user: selfUserId,
+                            content: {},
+                        }),
+                    ],
+                },
+            };
+            const roomOneSyncTwo = {
+                "org.matrix.msc4222.state_after": {
+                    events: [
+                        utils.mkEvent({
+                            type: "m.room.topic",
+                            room: roomOne,
+                            user: selfUserId,
+                            content: { topic: "A new room topic" },
+                        }),
+                    ],
+                },
+                "state": {
+                    events: [
+                        utils.mkEvent({
+                            type: "m.room.name",
+                            room: roomOne,
+                            user: selfUserId,
+                            content: { name: "A new room name" },
+                        }),
+                    ],
+                },
+            };
+
+            it("should ignore state events in timeline when state_after is present", async () => {
+                httpBackend!.when("GET", "/sync").respond(200, {
+                    rooms: {
+                        join: { [roomOne]: roomOneSyncOne },
+                    },
+                });
+                httpBackend!.when("GET", "/sync").respond(200, {
+                    rooms: {
+                        join: { [roomOne]: roomOneSyncTwo },
+                    },
+                });
+
+                client!.startClient();
+                return Promise.all([httpBackend!.flushAllExpected(), awaitSyncEvent(2)]).then(() => {
+                    const room = client!.getRoom(roomOne)!;
+                    expect(room.name).toEqual("Initial room name");
+                    expect(room.currentState.getStateEvents("m.room.topic", "")?.getContent().topic).toBe(
+                        "A new room topic",
+                    );
+                });
+            });
+
+            it("should respect state events in state_after for left rooms", async () => {
+                httpBackend!.when("GET", "/sync").respond(200, {
+                    rooms: {
+                        join: { [roomOne]: roomOneSyncOne },
+                    },
+                });
+                httpBackend!.when("GET", "/sync").respond(200, {
+                    rooms: {
+                        leave: { [roomOne]: roomOneSyncTwo },
+                    },
+                });
+
+                client!.startClient();
+                return Promise.all([httpBackend!.flushAllExpected(), awaitSyncEvent(2)]).then(() => {
+                    const room = client!.getRoom(roomOne)!;
+                    expect(room.name).toEqual("Initial room name");
+                    expect(room.currentState.getStateEvents("m.room.topic", "")?.getContent().topic).toBe(
+                        "A new room topic",
+                    );
+                });
+            });
+        });
    });

    describe("timeline", () => {
@@ -2274,6 +2389,57 @@ describe("MatrixClient syncing", () => {
                }),
            ]);
        });
+
+        describe("msc4222", () => {
+            it("should respect state events in state_after for left rooms", async () => {
+                httpBackend!.when("POST", "/filter").respond(200, {
+                    filter_id: "another_id",
+                });
+
+                httpBackend!.when("GET", "/sync").respond(200, {
+                    rooms: {
+                        leave: {
+                            [roomOne]: {
+                                "org.matrix.msc4222.state_after": {
+                                    events: [
+                                        utils.mkEvent({
+                                            type: "m.room.topic",
+                                            room: roomOne,
+                                            user: selfUserId,
+                                            content: { topic: "A new room topic" },
+                                        }),
+                                    ],
+                                },
+                                "state": {
+                                    events: [
+                                        utils.mkEvent({
+                                            type: "m.room.name",
+                                            room: roomOne,
+                                            user: selfUserId,
+                                            content: { name: "A new room name" },
+                                        }),
+                                    ],
+                                },
+                            },
+                        },
+                    },
+                });
+
+                const [[room]] = await Promise.all([
+                    client!.syncLeftRooms(),
+
+                    // first flush the filter request; this will make syncLeftRooms make its /sync call
+                    httpBackend!.flush("/filter").then(() => {
+                        return httpBackend!.flushAllExpected();
+                    }),
+                ]);
+
+                expect(room.name).toEqual("Empty room");
+                expect(room.currentState.getStateEvents("m.room.topic", "")?.getContent().topic).toBe(
+                    "A new room topic",
+                );
+            });
+        });
    });

    describe("peek", () => {
@@ -2281,67 +2447,70 @@ describe("MatrixClient syncing", () => {
            httpBackend!.expectedRequests = [];
        });

-        it("should return a room based on the room initialSync API", async () => {
-            httpBackend!.when("GET", `/rooms/${encodeURIComponent(roomOne)}/initialSync`).respond(200, {
-                room_id: roomOne,
-                membership: KnownMembership.Leave,
-                messages: {
-                    start: "start",
-                    end: "end",
-                    chunk: [
+        it.each([undefined, 100])(
+            "should return a room based on the room initialSync API with limit %s",
+            async (limit) => {
+                httpBackend!.when("GET", `/rooms/${encodeURIComponent(roomOne)}/initialSync`).respond(200, {
+                    room_id: roomOne,
+                    membership: KnownMembership.Leave,
+                    messages: {
+                        start: "start",
+                        end: "end",
+                        chunk: [
+                            {
+                                content: { body: "Message 1" },
+                                type: "m.room.message",
+                                event_id: "$eventId1",
+                                sender: userA,
+                                origin_server_ts: 12313525,
+                                room_id: roomOne,
+                            },
+                            {
+                                content: { body: "Message 2" },
+                                type: "m.room.message",
+                                event_id: "$eventId2",
+                                sender: userB,
+                                origin_server_ts: 12315625,
+                                room_id: roomOne,
+                            },
+                        ],
+                    },
+                    state: [
                        {
-                            content: { body: "Message 1" },
-                            type: "m.room.message",
-                            event_id: "$eventId1",
+                            content: { name: "Room Name" },
+                            type: "m.room.name",
+                            event_id: "$eventId",
                            sender: userA,
-                            origin_server_ts: 12313525,
-                            room_id: roomOne,
-                        },
-                        {
-                            content: { body: "Message 2" },
-                            type: "m.room.message",
-                            event_id: "$eventId2",
-                            sender: userB,
-                            origin_server_ts: 12315625,
+                            origin_server_ts: 12314525,
+                            state_key: "",
                            room_id: roomOne,
                        },
                    ],
-                },
-                state: [
-                    {
-                        content: { name: "Room Name" },
-                        type: "m.room.name",
-                        event_id: "$eventId",
-                        sender: userA,
-                        origin_server_ts: 12314525,
-                        state_key: "",
-                        room_id: roomOne,
-                    },
-                ],
-                presence: [
-                    {
-                        content: {},
-                        type: "m.presence",
-                        sender: userA,
-                    },
-                ],
-            });
-            httpBackend!.when("GET", "/events").respond(200, { chunk: [] });
+                    presence: [
+                        {
+                            content: {},
+                            type: "m.presence",
+                            sender: userA,
+                        },
+                    ],
+                });
+                httpBackend!.when("GET", "/events").respond(200, { chunk: [] });

-            const prom = client!.peekInRoom(roomOne);
-            await httpBackend!.flushAllExpected();
-            const room = await prom;
+                const prom = client!.peekInRoom(roomOne, limit);
+                await httpBackend!.flushAllExpected();
+                const room = await prom;

-            expect(room.roomId).toBe(roomOne);
-            expect(room.getMyMembership()).toBe(KnownMembership.Leave);
-            expect(room.name).toBe("Room Name");
-            expect(room.currentState.getStateEvents("m.room.name", "")?.getId()).toBe("$eventId");
-            expect(room.timeline[0].getContent().body).toBe("Message 1");
-            expect(room.timeline[1].getContent().body).toBe("Message 2");
-            client?.stopPeeking();
-            httpBackend!.when("GET", "/events").respond(200, { chunk: [] });
-            await httpBackend!.flushAllExpected();
-        });
+                expect(room.roomId).toBe(roomOne);
+                expect(room.getMyMembership()).toBe(KnownMembership.Leave);
+                expect(room.name).toBe("Room Name");
+                expect(room.currentState.getStateEvents("m.room.name", "")?.getId()).toBe("$eventId");
+                expect(room.timeline[0].getContent().body).toBe("Message 1");
+                expect(room.timeline[1].getContent().body).toBe("Message 2");
+                client?.stopPeeking();
+                httpBackend!.when("GET", "/events").respond(200, { chunk: [] });
+                await httpBackend!.flushAllExpected();
+            },
+        );
    });

    describe("user account data", () => {
@@ -2403,7 +2572,7 @@ describe("MatrixClient syncing (IndexedDB version)", () => {

    it("should emit ClientEvent.Room when invited while using indexeddb crypto store", async () => {
        const idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
-            cryptoStore: new IndexedDBCryptoStore(global.indexedDB, "tests"),
+            cryptoStore: new IndexedDBCryptoStore(globalThis.indexedDB, "tests"),
        });
        const idbHttpBackend = idbTestClient.httpBackend;
        const idbClient = idbTestClient.client;
@@ -2411,7 +2580,7 @@ describe("MatrixClient syncing (IndexedDB version)", () => {
        idbHttpBackend.when("GET", "/pushrules/").respond(200, {});
        idbHttpBackend.when("POST", "/filter").respond(200, { filter_id: "a filter id" });

-        await idbClient.initCrypto();
+        await idbClient.initRustCrypto();

        const roomId = "!invite:example.org";

@@ -2483,7 +2652,7 @@ describe("MatrixClient syncing (IndexedDB version)", () => {

        let idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
            store: new IndexedDBStore({
-                indexedDB: global.indexedDB,
+                indexedDB: globalThis.indexedDB,
                dbName: "test",
            }),
        });
@@ -2555,7 +2724,7 @@ describe("MatrixClient syncing (IndexedDB version)", () => {

        idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
            store: new IndexedDBStore({
-                indexedDB: global.indexedDB,
+                indexedDB: globalThis.indexedDB,
                dbName: "test",
            }),
        });
@@ -128,7 +128,7 @@ describe("MatrixClient syncing", () => {

        const thread = mkThread({ room, client: client!, authorId: selfUserId, participantUserIds: [selfUserId] });
        const threadReply = thread.events.at(-1)!;
-        await room.addLiveEvents([thread.rootEvent]);
+        await room.addLiveEvents([thread.rootEvent], { addToState: false });

        // Initialize read receipt datastructure before testing the reaction
        room.addReceiptToStructure(thread.rootEvent.getId()!, ReceiptType.Read, selfUserId, { ts: 1 }, false);
@@ -0,0 +1,354 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { QrCodeData, QrCodeMode } from "@matrix-org/matrix-sdk-crypto-wasm";
+import { mocked } from "jest-mock";
+import fetchMock from "fetch-mock-jest";
+
+import {
+    MSC4108FailureReason,
+    MSC4108RendezvousSession,
+    MSC4108SecureChannel,
+    MSC4108SignInWithQR,
+    PayloadType,
+    RendezvousError,
+} from "../../../src/rendezvous";
+import { defer } from "../../../src/utils";
+import {
+    ClientPrefix,
+    DEVICE_CODE_SCOPE,
+    IHttpOpts,
+    IMyDevice,
+    MatrixClient,
+    MatrixError,
+    MatrixHttpApi,
+} from "../../../src";
+import { makeDelegatedAuthConfig } from "../../test-utils/oidc";
+
+function makeMockClient(opts: { userId: string; deviceId: string; msc4108Enabled: boolean }): MatrixClient {
+    const baseUrl = "https://example.com";
+    const crypto = {
+        exportSecretsForQrLogin: jest.fn(),
+    };
+    const client = {
+        doesServerSupportUnstableFeature(feature: string) {
+            return Promise.resolve(opts.msc4108Enabled && feature === "org.matrix.msc4108");
+        },
+        getUserId() {
+            return opts.userId;
+        },
+        getDeviceId() {
+            return opts.deviceId;
+        },
+        baseUrl,
+        getDomain: () => "example.com",
+        getDevice: jest.fn(),
+        getCrypto: jest.fn(() => crypto),
+        getAuthMetadata: jest.fn().mockResolvedValue(makeDelegatedAuthConfig("https://issuer/", [DEVICE_CODE_SCOPE])),
+    } as unknown as MatrixClient;
+    client.http = new MatrixHttpApi<IHttpOpts & { onlyData: true }>(client, {
+        baseUrl: client.baseUrl,
+        prefix: ClientPrefix.Unstable,
+        onlyData: true,
+    });
+    return client;
+}
+
+describe("MSC4108SignInWithQR", () => {
+    beforeEach(() => {
+        fetchMock.get("https://issuer/jwks", {
+            status: 200,
+            headers: {
+                "Content-Type": "application/json",
+            },
+            keys: [],
+        });
+    });
+
+    afterEach(() => {
+        fetchMock.reset();
+    });
+
+    const url = "https://fallbackserver/rz/123";
+    const deviceId = "DEADB33F";
+    const verificationUri = "https://example.com/verify";
+    const verificationUriComplete = "https://example.com/verify/complete";
+
+    it("should generate qr code data as expected", async () => {
+        const session = new MSC4108RendezvousSession({
+            url,
+        });
+        const channel = new MSC4108SecureChannel(session);
+        const login = new MSC4108SignInWithQR(channel, false);
+
+        await login.generateCode();
+        const code = login.code;
+        expect(code).toHaveLength(71);
+        const text = new TextDecoder().decode(code);
+        expect(text.startsWith("MATRIX")).toBeTruthy();
+        expect(text.endsWith(url)).toBeTruthy();
+
+        // Assert that the code is stable
+        await login.generateCode();
+        expect(login.code).toEqual(code);
+    });
+
+    describe("should be able to connect as a reciprocating device", () => {
+        let client: MatrixClient;
+        let ourLogin: MSC4108SignInWithQR;
+        let opponentLogin: MSC4108SignInWithQR;
+
+        beforeEach(async () => {
+            let ourData = defer<string>();
+            let opponentData = defer<string>();
+
+            const ourMockSession = {
+                send: jest.fn(async (newData) => {
+                    ourData.resolve(newData);
+                }),
+                receive: jest.fn(() => {
+                    const prom = opponentData.promise;
+                    prom.then(() => {
+                        opponentData = defer();
+                    });
+                    return prom;
+                }),
+                url,
+                cancelled: false,
+                cancel: () => {
+                    // @ts-ignore
+                    ourMockSession.cancelled = true;
+                    ourData.resolve("");
+                },
+            } as unknown as MSC4108RendezvousSession;
+            const opponentMockSession = {
+                send: jest.fn(async (newData) => {
+                    opponentData.resolve(newData);
+                }),
+                receive: jest.fn(() => {
+                    const prom = ourData.promise;
+                    prom.then(() => {
+                        ourData = defer();
+                    });
+                    return prom;
+                }),
+                url,
+            } as unknown as MSC4108RendezvousSession;
+
+            client = makeMockClient({ userId: "@alice:example.com", deviceId: "alice", msc4108Enabled: true });
+
+            const ourChannel = new MSC4108SecureChannel(ourMockSession);
+            const qrCodeData = QrCodeData.fromBytes(
+                await ourChannel.generateCode(QrCodeMode.Reciprocate, client.getDomain()!),
+            );
+            const opponentChannel = new MSC4108SecureChannel(opponentMockSession, qrCodeData.publicKey);
+
+            ourLogin = new MSC4108SignInWithQR(ourChannel, true, client);
+            opponentLogin = new MSC4108SignInWithQR(opponentChannel, false);
+        });
+
+        it("should be able to connect with opponent and share server name & check code", async () => {
+            await Promise.all([
+                expect(ourLogin.negotiateProtocols()).resolves.toEqual({}),
+                expect(opponentLogin.negotiateProtocols()).resolves.toEqual({ serverName: client.getDomain() }),
+            ]);
+
+            expect(ourLogin.checkCode).toBe(opponentLogin.checkCode);
+        });
+
+        it("should be able to connect with opponent and share verificationUri", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
+
+            await Promise.all([
+                expect(ourLogin.deviceAuthorizationGrant()).resolves.toEqual({
+                    verificationUri: verificationUriComplete,
+                }),
+                // We don't have the new device side of this flow implemented at this time so mock it
+                // @ts-ignore
+                opponentLogin.send({
+                    type: PayloadType.Protocol,
+                    protocol: "device_authorization_grant",
+                    device_authorization_grant: {
+                        verification_uri: verificationUri,
+                        verification_uri_complete: verificationUriComplete,
+                    },
+                    device_id: deviceId,
+                }),
+            ]);
+        });
+
+        it("should abort if device already exists", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
+
+            await Promise.all([
+                expect(ourLogin.deviceAuthorizationGrant()).rejects.toThrow("Specified device ID already exists"),
+                // We don't have the new device side of this flow implemented at this time so mock it
+                // @ts-ignore
+                opponentLogin.send({
+                    type: PayloadType.Protocol,
+                    protocol: "device_authorization_grant",
+                    device_authorization_grant: {
+                        verification_uri: verificationUri,
+                    },
+                    device_id: deviceId,
+                }),
+            ]);
+        });
+
+        it("should abort on unsupported protocol", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            await Promise.all([
+                expect(ourLogin.deviceAuthorizationGrant()).rejects.toThrow(
+                    "Received a request for an unsupported protocol",
+                ),
+                // We don't have the new device side of this flow implemented at this time so mock it
+                // @ts-ignore
+                opponentLogin.send({
+                    type: PayloadType.Protocol,
+                    protocol: "device_authorization_grant_v2",
+                    device_authorization_grant: {
+                        verification_uri: verificationUri,
+                    },
+                    device_id: deviceId,
+                }),
+            ]);
+        });
+
+        it("should be able to connect with opponent and share secrets", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            // We don't have the new device side of this flow implemented at this time so mock it
+            // @ts-ignore
+            ourLogin.expectingNewDeviceId = "DEADB33F";
+
+            const ourProm = ourLogin.shareSecrets();
+
+            // Consume the ProtocolAccepted message which would normally be handled by step 4 which we do not have here
+            // @ts-ignore
+            await opponentLogin.receive();
+
+            mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
+
+            const secrets = {
+                cross_signing: { master_key: "mk", user_signing_key: "usk", self_signing_key: "ssk" },
+            };
+            client.getCrypto()!.exportSecretsBundle = jest.fn().mockResolvedValue(secrets);
+
+            const payload = {
+                secrets: expect.objectContaining(secrets),
+            };
+            await Promise.all([
+                expect(ourProm).resolves.toEqual(payload),
+                expect(opponentLogin.shareSecrets()).resolves.toEqual(payload),
+            ]);
+        });
+
+        it("should abort if device doesn't come up by timeout", async () => {
+            jest.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
+                fn();
+                // TODO: mock timers properly
+                return -1 as any;
+            });
+            jest.spyOn(Date, "now").mockImplementation(() => {
+                return 12345678 + mocked(setTimeout).mock.calls.length * 1000;
+            });
+
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            // We don't have the new device side of this flow implemented at this time so mock it
+            // @ts-ignore
+            ourLogin.expectingNewDeviceId = "DEADB33F";
+
+            // @ts-ignore
+            await opponentLogin.send({
+                type: PayloadType.Success,
+            });
+            mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
+
+            const ourProm = ourLogin.shareSecrets();
+            await expect(ourProm).rejects.toThrow("New device not found");
+        });
+
+        it("should abort on unexpected errors", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            // We don't have the new device side of this flow implemented at this time so mock it
+            // @ts-ignore
+            ourLogin.expectingNewDeviceId = "DEADB33F";
+
+            // @ts-ignore
+            await opponentLogin.send({
+                type: PayloadType.Success,
+            });
+            mocked(client.getDevice).mockRejectedValue(
+                new MatrixError({ errcode: "M_UNKNOWN", error: "The message" }, 500),
+            );
+
+            await expect(ourLogin.shareSecrets()).rejects.toThrow("The message");
+        });
+
+        it("should abort on declined login", async () => {
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            await ourLogin.declineLoginOnExistingDevice();
+            await expect(opponentLogin.shareSecrets()).rejects.toThrow(
+                new RendezvousError("Failed", MSC4108FailureReason.UserCancelled),
+            );
+        });
+
+        it("should not send secrets if user cancels", async () => {
+            jest.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
+                fn();
+                // TODO: mock timers properly
+                return -1 as any;
+            });
+
+            await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
+
+            // We don't have the new device side of this flow implemented at this time so mock it
+            // @ts-ignore
+            ourLogin.expectingNewDeviceId = "DEADB33F";
+
+            const ourProm = ourLogin.shareSecrets();
+            const opponentProm = opponentLogin.shareSecrets();
+
+            // Consume the ProtocolAccepted message which would normally be handled by step 4 which we do not have here
+            // @ts-ignore
+            await opponentLogin.receive();
+
+            const deferred = defer<IMyDevice>();
+            mocked(client.getDevice).mockReturnValue(deferred.promise);
+
+            ourLogin.cancel(MSC4108FailureReason.UserCancelled).catch(() => {});
+            deferred.resolve({} as IMyDevice);
+
+            const secrets = {
+                cross_signing: { master_key: "mk", user_signing_key: "usk", self_signing_key: "ssk" },
+            };
+            client.getCrypto()!.exportSecretsBundle = jest.fn().mockResolvedValue(secrets);
+
+            await Promise.all([
+                expect(ourProm).rejects.toThrow("User cancelled"),
+                expect(opponentProm).rejects.toThrow("Unexpected message received"),
+            ]);
+        });
+    });
+});
@@ -44,12 +44,21 @@ import { logger } from "../../src/logger";
 import { emitPromise } from "../test-utils/test-utils";
 import { defer } from "../../src/utils";
 import { KnownMembership } from "../../src/@types/membership";
+import { SyncCryptoCallbacks } from "../../src/common-crypto/CryptoBackend";
+
+declare module "../../src/@types/event" {
+    interface AccountDataEvents {
+        global_test: {};
+        tester: {};
+    }
+}

 describe("SlidingSyncSdk", () => {
    let client: MatrixClient | undefined;
    let httpBackend: MockHttpBackend | undefined;
    let sdk: SlidingSyncSdk | undefined;
    let mockSlidingSync: SlidingSync | undefined;
+    let syncCryptoCallback: SyncCryptoCallbacks | undefined;
    const selfUserId = "@alice:localhost";
    const selfAccessToken = "aseukfgwef";

@@ -119,8 +128,9 @@ describe("SlidingSyncSdk", () => {
        mockSlidingSync = mockifySlidingSync(new SlidingSync("", new Map(), {}, client, 0));
        if (testOpts.withCrypto) {
            httpBackend!.when("GET", "/room_keys/version").respond(404, {});
-            await client!.initCrypto();
-            syncOpts.cryptoCallbacks = syncOpts.crypto = client!.crypto;
+            await client!.initRustCrypto({ useIndexedDB: false });
+            syncCryptoCallback = client!.getCrypto() as unknown as SyncCryptoCallbacks;
+            syncOpts.cryptoCallbacks = syncCryptoCallback;
        }
        httpBackend!.when("GET", "/_matrix/client/v3/pushrules").respond(200, {});
        sdk = new SlidingSyncSdk(mockSlidingSync, client, testOpts, syncOpts);
@@ -601,13 +611,13 @@ describe("SlidingSyncSdk", () => {
            mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomId, {
                initial: true,
                name: "Room with Invite",
-                required_state: [],
-                timeline: [
+                required_state: [
                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                    mkOwnStateEvent(EventType.RoomMember, { membership: KnownMembership.Join }, selfUserId),
                    mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
                    mkOwnStateEvent(EventType.RoomMember, { membership: KnownMembership.Invite }, invitee),
                ],
+                timeline: [],
            });
            await httpBackend!.flush("/profile", 1, 1000);
            await emitPromise(client!, RoomMemberEvent.Name);
@@ -633,13 +643,6 @@ describe("SlidingSyncSdk", () => {
            ext = findExtension("e2ee");
        });

-        afterAll(async () => {
-            // needed else we do some async operations in the background which can cause Jest to whine:
-            // "Cannot log after tests are done. Did you forget to wait for something async in your test?"
-            // Attempted to log "Saving device tracking data null"."
-            client!.crypto!.stop();
-        });
-
        it("gets enabled on the initial request only", () => {
            expect(ext.onRequest(true)).toEqual({
                enabled: true,
@@ -648,28 +651,28 @@ describe("SlidingSyncSdk", () => {
        });

        it("can update device lists", () => {
-            client!.crypto!.processDeviceLists = jest.fn();
+            syncCryptoCallback!.processDeviceLists = jest.fn();
            ext.onResponse({
                device_lists: {
                    changed: ["@alice:localhost"],
                    left: ["@bob:localhost"],
                },
            });
-            expect(client!.crypto!.processDeviceLists).toHaveBeenCalledWith({
+            expect(syncCryptoCallback!.processDeviceLists).toHaveBeenCalledWith({
                changed: ["@alice:localhost"],
                left: ["@bob:localhost"],
            });
        });

        it("can update OTK counts and unused fallback keys", () => {
-            client!.crypto!.processKeyCounts = jest.fn();
+            syncCryptoCallback!.processKeyCounts = jest.fn();
            ext.onResponse({
                device_one_time_keys_count: {
                    signed_curve25519: 42,
                },
                device_unused_fallback_key_types: ["signed_curve25519"],
            });
-            expect(client!.crypto!.processKeyCounts).toHaveBeenCalledWith({ signed_curve25519: 42 }, [
+            expect(syncCryptoCallback!.processKeyCounts).toHaveBeenCalledWith({ signed_curve25519: 42 }, [
                "signed_curve25519",
            ]);
        });
@@ -921,13 +924,12 @@ describe("SlidingSyncSdk", () => {
            const roomId = "!room:id";
            mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomId, {
                name: "Room with typing",
-                required_state: [],
-                timeline: [
+                required_state: [
                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                    mkOwnStateEvent(EventType.RoomMember, { membership: KnownMembership.Join }, selfUserId),
                    mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
-                    mkOwnEvent(EventType.RoomMessage, { body: "hello" }),
                ],
+                timeline: [mkOwnEvent(EventType.RoomMessage, { body: "hello" })],
                initial: true,
            });
            await emitPromise(client!, ClientEvent.Room);
@@ -962,13 +964,12 @@ describe("SlidingSyncSdk", () => {
            const roomId = "!room:id";
            mockSlidingSync!.emit(SlidingSyncEvent.RoomData, roomId, {
                name: "Room with typing",
-                required_state: [],
-                timeline: [
+                required_state: [
                    mkOwnStateEvent(EventType.RoomCreate, {}, ""),
                    mkOwnStateEvent(EventType.RoomMember, { membership: KnownMembership.Join }, selfUserId),
                    mkOwnStateEvent(EventType.RoomPowerLevels, { users: { [selfUserId]: 100 } }, ""),
-                    mkOwnEvent(EventType.RoomMessage, { body: "hello" }),
                ],
+                timeline: [mkOwnEvent(EventType.RoomMessage, { body: "hello" })],
                initial: true,
            });
            const room = client!.getRoom(roomId)!;
@@ -19,7 +19,7 @@ import { logger } from "../src/logger";

 // try to load the olm library.
 try {
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
    globalThis.Olm = require("@matrix-org/olm");
    logger.log("loaded libolm");
 } catch (e) {
@@ -14,10 +14,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-import DOMException from "domexception";
-
-global.DOMException = DOMException as typeof global.DOMException;
-
 jest.mock("../src/http-api/utils", () => ({
    ...jest.requireActual("../src/http-api/utils"),
    // We mock timeoutSignal otherwise it causes tests to leave timers running
@@ -15,7 +15,6 @@ limitations under the License.
 */

 import fetchMock from "fetch-mock-jest";
-import { MockOptionsMethodPut } from "fetch-mock";

 import { ISyncResponder } from "./SyncResponder";

@@ -28,7 +27,7 @@ export class AccountDataAccumulator {
     * Will be updated when fetchMock intercepts calls to PUT `/_matrix/client/v3/user/:userId/account_data/`.
     * Will be used by `sendSyncResponseWithUpdatedAccountData`
     */
-    public accountDataEvents: Map<String, any> = new Map();
+    public accountDataEvents: Map<string, any> = new Map();

    /**
     * Intercept requests to set a particular type of account data.
@@ -40,7 +39,10 @@ export class AccountDataAccumulator {
     * @param opts - options to pass to fetchMock
     * @returns a Promise which will resolve (with the content of the account data) once it is set.
     */
-    public interceptSetAccountData(accountDataType: string, opts?: MockOptionsMethodPut): Promise<any> {
+    public interceptSetAccountData(
+        accountDataType: string,
+        opts?: Parameters<(typeof fetchMock)["put"]>[2],
+    ): Promise<any> {
        return new Promise((resolve) => {
            // Called when the cross signing key is uploaded
            fetchMock.put(
@@ -99,7 +101,7 @@ export class AccountDataAccumulator {
                    })),
                },
            });
-        } catch (err) {
+        } catch {
            // Might fail with "Cannot queue more than one /sync response" if called too often.
            // It's ok if it fails here, the sync response is cumulative and will contain
            // the latest account data.
@@ -17,7 +17,7 @@ limitations under the License.
 import debugFunc from "debug";
 import { Debugger } from "debug";
 import fetchMock from "fetch-mock-jest";
-import { MockResponse } from "fetch-mock";
+import FetchMock from "fetch-mock";

 /** Interface implemented by classes that intercept `/sync` requests from test clients
 *
@@ -80,7 +80,7 @@ export class SyncResponder implements ISyncResponder {
        );
    }

-    private async onSyncRequest(): Promise<MockResponse> {
+    private async onSyncRequest(): Promise<FetchMock.MockResponse> {
        switch (this.state) {
            case SyncResponderState.IDLE: {
                this.debug("Got /sync request: waiting for response to be ready");
@@ -101,9 +101,8 @@ export const makeGeolocationPosition = ({
 }: {
    timestamp?: number;
    coords: Partial<GeolocationCoordinates>;
-}): GeolocationPosition => ({
-    timestamp: timestamp ?? 1647256791840,
-    coords: {
+}): GeolocationPosition => {
+    const { toJSON, ...coordsJSON } = {
        accuracy: 1,
        latitude: 54.001927,
        longitude: -8.253491,
@@ -112,5 +111,16 @@ export const makeGeolocationPosition = ({
        heading: null,
        speed: null,
        ...coords,
-    },
-});
+    };
+    const posJSON = {
+        timestamp: timestamp ?? 1647256791840,
+        coords: {
+            toJSON: () => coordsJSON,
+            ...coordsJSON,
+        },
+    };
+    return {
+        toJSON: () => posJSON,
+        ...posJSON,
+    };
+};
@@ -88,6 +88,6 @@ export const mockClientMethodsEvents = () => ({
 export const mockClientMethodsServer = (): Partial<Record<MethodLikeKeys<MatrixClient>, unknown>> => ({
    getIdentityServerUrl: jest.fn(),
    getHomeserverUrl: jest.fn(),
-    getCapabilities: jest.fn().mockReturnValue({}),
+    getCachedCapabilities: jest.fn().mockReturnValue({}),
    doesServerSupportUnstableFeature: jest.fn().mockResolvedValue(false),
 });
@@ -88,7 +88,7 @@ export function mockSetupMegolmBackupRequests(backupVersion: string): void {
    });

    fetchMock.post("path:/_matrix/client/v3/room_keys/version", (url, request) => {
-        const backupData: KeyBackupInfo = JSON.parse(request.body?.toString() ?? "{}");
+        const backupData: KeyBackupInfo = JSON.parse((request.body as string) ?? "{}");
        backupData.version = backupVersion;
        backupData.count = 0;
        backupData.etag = "zer";
@@ -14,39 +14,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-import { OidcClientConfig, ValidatedIssuerMetadata } from "../../src";
-
-/**
- * Makes a valid OidcClientConfig with minimum valid values
- * @param issuer used as the base for all other urls
- * @returns OidcClientConfig
- */
-export const makeDelegatedAuthConfig = (issuer = "https://auth.org/"): OidcClientConfig => {
-    const metadata = mockOpenIdConfiguration(issuer);
-
-    return {
-        accountManagementEndpoint: issuer + "account",
-        registrationEndpoint: metadata.registration_endpoint,
-        authorizationEndpoint: metadata.authorization_endpoint,
-        tokenEndpoint: metadata.token_endpoint,
-        metadata,
-    };
-};
-
-/**
- * Useful for mocking <issuer>/.well-known/openid-configuration
- * @param issuer used as the base for all other urls
- * @returns ValidatedIssuerMetadata
- */
-export const mockOpenIdConfiguration = (issuer = "https://auth.org/"): ValidatedIssuerMetadata => ({
-    issuer,
-    revocation_endpoint: issuer + "revoke",
-    token_endpoint: issuer + "token",
-    authorization_endpoint: issuer + "auth",
-    registration_endpoint: issuer + "registration",
-    device_authorization_endpoint: issuer + "device",
-    jwks_uri: issuer + "jwks",
-    response_types_supported: ["code"],
-    grant_types_supported: ["authorization_code", "refresh_token"],
-    code_challenge_methods_supported: ["S256"],
-});
+export { makeDelegatedAuthConfig, mockOpenIdConfiguration } from "../../src/testing.ts";
@@ -66,6 +66,7 @@ BOB_DATA = {
    "TEST_DEVICE_CURVE_PRIVATE_KEY_BYTES": b"Deadmuledeadmuledeadmuledeadmule",

    "MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Doyouspeakwhaaaaaaaaaaaaaaaaaale",
+    "ALT_MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"DoYouSpeakWhaaaaaaaaaaaaaaaaaale",
    "USER_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Useruseruseruseruseruseruseruser",
    "SELF_CROSS_SIGNING_PRIVATE_KEY_BYTES": b"Selfselfselfselfselfselfselfself",

@@ -208,7 +209,7 @@ def build_test_data(user_data, prefix = "") -> str:

    backup_recovery_key = export_recovery_key(user_data["B64_BACKUP_DECRYPTION_KEY"])

-    return f"""\
+    result = f"""\
 export const {prefix}TEST_USER_ID = "{user_data['TEST_USER_ID']}";
 export const {prefix}TEST_DEVICE_ID = "{user_data['TEST_DEVICE_ID']}";
 export const {prefix}TEST_ROOM_ID = "{user_data['TEST_ROOM_ID']}";
@@ -239,7 +240,7 @@ export const {prefix}USER_CROSS_SIGNING_PRIVATE_KEY_BASE64 = "{b64_user_signing_

 /** Signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
 export const {prefix}SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
-        json.dumps(build_cross_signing_keys_data(user_data), indent=4)
+        json.dumps(build_cross_signing_keys_data(user_data, user_data["MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]), indent=4)
 };

 /** Signed OTKs, returned by `POST /keys/claim` */
@@ -279,12 +280,20 @@ export const {prefix}CLEAR_EVENT: Partial<IEvent> = {json.dumps(clear_event, ind
 export const {prefix}ENCRYPTED_EVENT: Partial<IEvent> = {json.dumps(encrypted_event, indent=4)};
 """

+    alt_master_key = user_data.get("ALT_MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES")
+    if alt_master_key is not None:
+        result += f"""
+/** A second set of signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
+export const {prefix}ALT_SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
+        json.dumps(build_cross_signing_keys_data(user_data, alt_master_key), indent=4)
+};
+"""

-def build_cross_signing_keys_data(user_data) -> dict:
+    return result
+
+def build_cross_signing_keys_data(user_data, master_key_bytes) -> dict:
    """Build the signed cross-signing-keys data for return from /keys/query"""
-    master_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(
-        user_data["MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES"]
-    )
+    master_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(master_key_bytes)
    b64_master_public_key = encode_base64(
        master_private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
    )
@@ -449,3 +449,50 @@ export const BOB_ENCRYPTED_EVENT: Partial<IEvent> = {
    "origin_server_ts": 1507753886000
 };

+/** A second set of signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
+export const BOB_ALT_SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
+    "master_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:MCYxU7myKVkoQ55VYw/rXdg5cEupRfDdHmFPJUmR5+E": "MCYxU7myKVkoQ55VYw/rXdg5cEupRfDdHmFPJUmR5+E"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "master"
+            ]
+        }
+    },
+    "self_signing_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:DaScI3WulBvDjf/d2vdyP5Cgjdypn1c/PSDX23MgN+A": "DaScI3WulBvDjf/d2vdyP5Cgjdypn1c/PSDX23MgN+A"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "self_signing"
+            ],
+            "signatures": {
+                "@bob:xyz": {
+                    "ed25519:MCYxU7myKVkoQ55VYw/rXdg5cEupRfDdHmFPJUmR5+E": "eDZETBRUw9yW0WJnBZ7vxo12TW09Yb7/47qBPKZzPZzZEvs9M82dnAOtWUv00mcTdp2K9GpeFYDQJ6qLQgxaCA"
+                }
+            }
+        }
+    },
+    "user_signing_keys": {
+        "@bob:xyz": {
+            "keys": {
+                "ed25519:lXP89FP6zvFH9TSbU1S8uSdAsVawm1NmV6z+Rfr3lEw": "lXP89FP6zvFH9TSbU1S8uSdAsVawm1NmV6z+Rfr3lEw"
+            },
+            "user_id": "@bob:xyz",
+            "usage": [
+                "user_signing"
+            ],
+            "signatures": {
+                "@bob:xyz": {
+                    "ed25519:MCYxU7myKVkoQ55VYw/rXdg5cEupRfDdHmFPJUmR5+E": "Q1CbIXvp2BxBsu3F/eZ1ZpuR5rXIt0+FrrA/l6itskpW748xwMoIKxQRVQqs87kh7pCsWEoTy6FzIL8nV+P6BQ"
+                }
+            }
+        }
+    }
+};
+
@@ -86,7 +86,7 @@ export function getSyncResponse(roomMembers: string[], roomId = TEST_ROOM_ID): I
    };

    for (let i = 0; i < roomMembers.length; i++) {
-        roomResponse.state.events.push(
+        roomResponse.state!.events.push(
            mkMembershipCustom({
                membership: KnownMembership.Join,
                sender: roomMembers[i],
@@ -127,7 +127,7 @@ export function mock<T>(constr: { new (...args: any[]): T }, name: string): T {
            if (constr.prototype[key] instanceof Function) {
                result[key] = jest.fn();
            }
-        } catch (ex) {
+        } catch {
            // Direct access to some non-function fields of DOM prototypes may
            // cause exceptions.
            // Overwriting will not work either in that case.
@@ -173,8 +173,10 @@ export function mkEvent(opts: IEventOpts & { event?: boolean }, client?: MatrixC
        room_id: opts.room,
        sender: opts.sender || opts.user, // opts.user for backwards-compat
        content: opts.content,
-        prev_content: opts.prev_content,
-        unsigned: opts.unsigned || {},
+        unsigned: {
+            ...opts.unsigned,
+            prev_content: opts.prev_content,
+        },
        event_id: "$" + testEventIndex++ + "-" + Math.random() + "-" + Math.random(),
        txn_id: "~" + Math.random(),
        redacts: opts.redacts,
@@ -558,12 +560,25 @@ export const CRYPTO_BACKENDS: Record<string, InitCrypto> = {};
 export type InitCrypto = (_: MatrixClient) => Promise<void>;

 CRYPTO_BACKENDS["rust-sdk"] = (client: MatrixClient) => client.initRustCrypto();
-if (global.Olm) {
-    CRYPTO_BACKENDS["libolm"] = (client: MatrixClient) => client.initCrypto();
+if (globalThis.Olm) {
+    CRYPTO_BACKENDS["libolm"] = (client: MatrixClient) => client.initLegacyCrypto();
 }

 export const emitPromise = (e: EventEmitter, k: string): Promise<any> => new Promise((r) => e.once(k, r));

+/**
+ * Counts the number of times that an event was emitted.
+ */
+export class EventCounter {
+    public counter;
+    constructor(emitter: EventEmitter, event: string) {
+        this.counter = 0;
+        emitter.on(event, () => {
+            this.counter++;
+        });
+    }
+}
+
 /**
 * Advance the fake timers in a loop until the given promise resolves or rejects.
 *
@@ -0,0 +1,10 @@
+## Dump of an empty libolm indexeddb cryptostore to test skipping migration
+
+A dump of an account which is almost completely empty, and totally unsuitable
+for use as a real account.
+
+This dump was manually created by copying and editing full_account.
+
+Created to test
+["Unable to restore session" error due due to half-initialised legacy indexeddb crypto store #27447](https://github.com/element-hq/element-web/issues/27447).
+We should not launch the Rust migration code when we find a DB in this state.
@@ -0,0 +1,14 @@
+{
+    "account": [],
+    "device_data": [],
+    "inbound_group_sessions": [],
+    "inbound_group_sessions_withheld": [],
+    "notified_error_devices": [],
+    "outgoingRoomKeyRequests": [],
+    "parked_shared_history": [],
+    "rooms": [],
+    "session_problems": [],
+    "sessions": [],
+    "sessions_needing_backup": [],
+    "shared_history_inbound_group_sessions": []
+}
@@ -0,0 +1,35 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { DumpDataSetInfo } from "../index";
+
+/**
+ * A key query response containing the current keys of the tested user.
+ * To be used during tests with fetchmock.
+ */
+const KEYS_QUERY_RESPONSE = { device_keys: { "@emptyuser:example.com": {} } };
+
+/**
+ * A dataset containing the information for the tested user.
+ * To be used during tests.
+ */
+export const EMPTY_ACCOUNT_DATASET: DumpDataSetInfo = {
+    userId: "@emptyuser:example.com",
+    deviceId: "EMPTYDEVIC",
+    pickleKey: "+/bcdefghijklmnopqrstu1/zyxvutsrqponmlkjih2",
+    keyQueryResponse: KEYS_QUERY_RESPONSE,
+    dumpPath: "spec/test-utils/test_indexeddb_cryptostore_dump/empty_account/dump.json",
+};
@@ -1,3 +1,19 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 import { DumpDataSetInfo } from "../index";

 /**
@@ -1,3 +1,19 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 import { KeyBackupInfo } from "../../../../src/crypto-api/keybackup";
 import { DumpDataSetInfo } from "../index";

@@ -1,3 +1,19 @@
+/*
+Copyright 2024 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 import { DumpDataSetInfo } from "../index";

 /**
@@ -178,6 +178,6 @@ export const populateThread = ({
 }: MakeThreadProps): MakeThreadResult => {
    const ret = mkThread({ room, client, authorId, participantUserIds, length, ts });
    ret.thread.initialEventsFetched = true;
-    room.addLiveEvents(ret.events);
+    room.addLiveEvents(ret.events, { addToState: false });
    return ret;
 };
@@ -147,10 +147,13 @@ export class MockRTCPeerConnection {
    }

    constructor() {
-        this.localDescription = {
+        const localDescriptionJSON = {
            sdp: DUMMY_SDP,
-            type: "offer",
-            toJSON: function () {},
+            type: "offer" as RTCSdpType,
+        };
+        this.localDescription = {
+            toJSON: () => localDescriptionJSON,
+            ...localDescriptionJSON,
        };

        this.readyToNegotiate = new Promise<void>((resolve) => {
@@ -265,7 +268,7 @@ export class MockRTCRtpTransceiver {
        this.peerConn.needsNegotiation = true;
    }

-    public setCodecPreferences = jest.fn<void, RTCRtpCodecCapability[]>();
+    public setCodecPreferences = jest.fn<void, RTCRtpCodec[]>();
 }

 export class MockMediaStreamTrack {
@@ -478,6 +481,9 @@ export class MockCallMatrixClient extends TypedEventEmitter<EmittedEvents, Emitt
    public getUserId(): string {
        return this.userId;
    }
+    public getSafeUserId(): string {
+        return this.userId;
+    }

    public getDeviceId(): string {
        return this.deviceId;
@@ -579,11 +585,11 @@ export class MockCallFeed {
 }

 export function installWebRTCMocks() {
-    global.navigator = {
+    globalThis.navigator = {
        mediaDevices: new MockMediaDevices().typed(),
    } as unknown as Navigator;

-    global.window = {
+    globalThis.window = {
        // @ts-ignore Mock
        RTCPeerConnection: MockRTCPeerConnection,
        // @ts-ignore Mock
@@ -593,13 +599,13 @@ export function installWebRTCMocks() {
        getUserMedia: () => new MockMediaStream("local_stream"),
    };
    // @ts-ignore Mock
-    global.document = {};
+    globalThis.document = {};

    // @ts-ignore Mock
-    global.AudioContext = MockAudioContext;
+    globalThis.AudioContext = MockAudioContext;

    // @ts-ignore Mock
-    global.RTCRtpReceiver = {
+    globalThis.RTCRtpReceiver = {
        getCapabilities: jest.fn<RTCRtpCapabilities, [string]>().mockReturnValue({
            codecs: [],
            headerExtensions: [],
@@ -607,7 +613,7 @@ export function installWebRTCMocks() {
    };

    // @ts-ignore Mock
-    global.RTCRtpSender = {
+    globalThis.RTCRtpSender = {
        getCapabilities: jest.fn<RTCRtpCapabilities, [string]>().mockReturnValue({
            codecs: [],
            headerExtensions: [],
@@ -9,7 +9,7 @@ import { defer } from "../../src/utils";

 describe("onResumedSync", () => {
    let batch: IndexedToDeviceBatch | null;
-    let shouldFailSendToDevice: Boolean;
+    let shouldFailSendToDevice: boolean;
    let onSendToDeviceFailure: () => void;
    let onSendToDeviceSuccess: () => void;
    let resumeSync: (newState: SyncState, oldState: SyncState) => void;
@@ -22,12 +22,12 @@ import { AutoDiscovery } from "../../src/autodiscovery";

 // keep to reset the fetch function after using MockHttpBackend
 // @ts-ignore private property
-const realAutoDiscoveryFetch: typeof global.fetch = AutoDiscovery.fetchFn;
+const realAutoDiscoveryFetch: typeof globalThis.fetch = AutoDiscovery.fetchFn;

 describe("AutoDiscovery", function () {
    const getHttpBackend = (): MockHttpBackend => {
        const httpBackend = new MockHttpBackend();
-        AutoDiscovery.setFetchFn(httpBackend.fetchFn as typeof global.fetch);
+        AutoDiscovery.setFetchFn(httpBackend.fetchFn as typeof globalThis.fetch);
        return httpBackend;
    };

@@ -857,7 +857,7 @@ describe("AutoDiscovery", function () {
                const expected = {
                    "m.homeserver": {
                        state: AutoDiscoveryAction.FAIL_ERROR,
-                        error: AutoDiscovery.ERROR_HOMESERVER_TOO_OLD,
+                        error: AutoDiscovery.ERROR_UNSUPPORTED_HOMESERVER_SPEC_VERSION,
                        base_url: "https://example.org",
                    },
                    "m.identity_server": {
@@ -15,34 +15,10 @@ limitations under the License.
 */

 import { TextEncoder, TextDecoder } from "util";
-import NodeBuffer from "node:buffer";

 import { decodeBase64, encodeBase64, encodeUnpaddedBase64, encodeUnpaddedBase64Url } from "../../src/base64";

-describe.each(["browser", "node"])("Base64 encoding (%s)", (env) => {
-    let origBuffer = Buffer;
-
-    beforeAll(() => {
-        if (env === "browser") {
-            origBuffer = Buffer;
-            // @ts-ignore
-            // eslint-disable-next-line no-global-assign
-            Buffer = undefined;
-
-            global.atob = NodeBuffer.atob;
-            global.btoa = NodeBuffer.btoa;
-        }
-    });
-
-    afterAll(() => {
-        // eslint-disable-next-line no-global-assign
-        Buffer = origBuffer;
-        // @ts-ignore
-        global.atob = undefined;
-        // @ts-ignore
-        global.btoa = undefined;
-    });
-
+describe("Base64 encoding", () => {
    it("Should decode properly encoded data", () => {
        const decoded = new TextDecoder().decode(decodeBase64("ZW5jb2RpbmcgaGVsbG8gd29ybGQ="));

@@ -50,17 +26,18 @@ describe.each(["browser", "node"])("Base64 encoding (%s)", (env) => {
    });

    it("Should encode unpadded URL-safe base64", () => {
-        const toEncode = "?????";
+        // Chosen to have padding and multiple instances of / and + in the base64
+        const toEncode = "???????⊕⊗⊗";
        const data = new TextEncoder().encode(toEncode);

        const encoded = encodeUnpaddedBase64Url(data);
-        expect(encoded).toEqual("Pz8_Pz8");
+        expect(encoded).toEqual("Pz8_Pz8_P-KKleKKl-KKlw");
    });

    it("Should decode URL-safe base64", () => {
-        const decoded = new TextDecoder().decode(decodeBase64("Pz8_Pz8="));
+        const decoded = new TextDecoder().decode(decodeBase64("Pz8_Pz8_P-KKleKKl-KKlw=="));

-        expect(decoded).toStrictEqual("?????");
+        expect(decoded).toStrictEqual("???????⊕⊗⊗");
    });

    it("Encode unpadded should not have padding", () => {
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Matrix.org Foundation C.I.C.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { keyFromAuthData } from "../../../src/common-crypto/key-passphrase.ts";
+
+describe("key-passphrase", () => {
+    describe("keyFromAuthData", () => {
+        it("should throw an error if salt or iterations are missing", async () => {
+            // missing salt
+            expect(() => keyFromAuthData({ private_key_iterations: 5 }, "passphrase")).toThrow(
+                "Salt and/or iterations not found: this backup cannot be restored with a passphrase",
+            );
+
+            // missing iterations
+            expect(() => keyFromAuthData({ private_key_salt: "salt" }, "passphrase")).toThrow(
+                "Salt and/or iterations not found: this backup cannot be restored with a passphrase",
+            );
+        });
+
+        it("should derive key from auth data", async () => {
+            const key = await keyFromAuthData({ private_key_salt: "salt", private_key_iterations: 5 }, "passphrase");
+            expect(key).toBeDefined();
+        });
+    });
+});
@@ -29,10 +29,10 @@ describe("Beacon content helpers", () => {
    describe("makeBeaconInfoContent()", () => {
        const mockDateNow = 123456789;
        beforeEach(() => {
-            jest.spyOn(global.Date, "now").mockReturnValue(mockDateNow);
+            jest.spyOn(globalThis.Date, "now").mockReturnValue(mockDateNow);
        });
        afterAll(() => {
-            jest.spyOn(global.Date, "now").mockRestore();
+            jest.spyOn(globalThis.Date, "now").mockRestore();
        });
        it("create fully defined event content", () => {
            expect(makeBeaconInfoContent(1234, true, "nice beacon_info", LocationAssetType.Pin)).toEqual({
@@ -207,6 +207,17 @@ describe("Topic content helpers", () => {
                ],
            });
        });
+
+        it("creates an empty event when the topic is falsey", () => {
+            expect(makeTopicContent(undefined)).toEqual({
+                topic: undefined,
+                [M_TOPIC.name]: [],
+            });
+            expect(makeTopicContent(null)).toEqual({
+                topic: null,
+                [M_TOPIC.name]: [],
+            });
+        });
    });

    describe("parseTopicContent()", () => {
@@ -257,5 +268,26 @@ describe("Topic content helpers", () => {
                html: "<b>pizza</b>",
            });
        });
+
+        it("parses legacy event content", () => {
+            expect(
+                parseTopicContent({
+                    topic: "pizza",
+                }),
+            ).toEqual({
+                text: "pizza",
+            });
+        });
+
+        it("uses legacy event content when new topic key is invalid", () => {
+            expect(
+                parseTopicContent({
+                    "topic": "pizza",
+                    "m.topic": {} as any,
+                }),
+            ).toEqual({
+                text: "pizza",
+            });
+        });
    });
 });
@@ -63,18 +63,51 @@ describe("ContentRepo", function () {
            );
        });

-        it("should put fragments from mxc:// URIs after any query parameters", function () {
-            const mxcUri = "mxc://server.name/resourceid#automade";
-            expect(getHttpUriForMxc(baseUrl, mxcUri, 32)).toEqual(
-                baseUrl + "/_matrix/media/v3/thumbnail/server.name/resourceid" + "?width=32#automade",
+        it("should return an authenticated URL when requested", function () {
+            const mxcUri = "mxc://server.name/resourceid";
+            expect(getHttpUriForMxc(baseUrl, mxcUri, undefined, undefined, undefined, undefined, true, true)).toEqual(
+                baseUrl + "/_matrix/client/v1/media/download/server.name/resourceid?allow_redirect=true",
+            );
+            expect(getHttpUriForMxc(baseUrl, mxcUri, 64, 64, "scale", undefined, true, true)).toEqual(
+                baseUrl +
+                    "/_matrix/client/v1/media/thumbnail/server.name/resourceid?width=64&height=64&method=scale&allow_redirect=true",
            );
        });

-        it("should put fragments from mxc:// URIs at the end of the HTTP URI", function () {
-            const mxcUri = "mxc://server.name/resourceid#automade";
-            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual(
-                baseUrl + "/_matrix/media/v3/download/server.name/resourceid#automade",
+        it("should force-enable allow_redirects when useAuthentication is set true", function () {
+            const mxcUri = "mxc://server.name/resourceid";
+            expect(getHttpUriForMxc(baseUrl, mxcUri, undefined, undefined, undefined, undefined, false, true)).toEqual(
+                baseUrl + "/_matrix/client/v1/media/download/server.name/resourceid?allow_redirect=true",
            );
+            expect(getHttpUriForMxc(baseUrl, mxcUri, 64, 64, "scale", undefined, false, true)).toEqual(
+                baseUrl +
+                    "/_matrix/client/v1/media/thumbnail/server.name/resourceid?width=64&height=64&method=scale&allow_redirect=true",
+            );
+        });
+
+        it("should drop mxc urls with invalid server_name", () => {
+            const mxcUri = "mxc://server.name:test/foobar";
+            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual("");
+        });
+
+        it("should drop mxc urls with invalid media_id", () => {
+            const mxcUri = "mxc://server.name/foobar:test";
+            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual("");
+        });
+
+        it("should drop mxc urls attempting a path traversal attack", () => {
+            const mxcUri = "mxc://../../../../foo";
+            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual("");
+        });
+
+        it("should drop mxc urls attempting to pass query parameters", () => {
+            const mxcUri = "mxc://server.name/foobar?bar=baz";
+            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual("");
+        });
+
+        it("should drop mxc urls with too many parts", () => {
+            const mxcUri = "mxc://server.name/foo//bar";
+            expect(getHttpUriForMxc(baseUrl, mxcUri)).toEqual("");
        });
    });
 });
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2024 The Matrix.org Foundation C.I.C.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { decodeRecoveryKey, encodeRecoveryKey } from "../../../src/crypto-api";
+
+describe("recovery key", () => {
+    describe("decodeRecoveryKey", () => {
+        it("should thrown an incorrect length error", () => {
+            const key = [0, 1];
+            const encodedKey = encodeRecoveryKey(key)!;
+
+            expect(() => decodeRecoveryKey(encodedKey)).toThrow("Incorrect length");
+        });
+
+        it("should thrown an incorrect parity", () => {
+            const key = Array.from({ length: 32 }, (_, i) => i);
+            let encodedKey = encodeRecoveryKey(key)!;
+            // Mutate the encoded key to have incorrect parity
+            encodedKey = encodedKey.replace("EsSz", "EsSZ");
+
+            expect(() => decodeRecoveryKey(encodedKey!)).toThrow("Incorrect parity");
+        });
+
+        it("should decode a valid encoded key", () => {
+            const key = Array.from({ length: 32 }, (_, i) => i);
+            const encodedKey = encodeRecoveryKey(key)!;
+
+            expect(decodeRecoveryKey(encodedKey)).toEqual(new Uint8Array(key));
+        });
+    });
+});
@@ -26,8 +26,9 @@ import { CryptoBackend } from "../../src/common-crypto/CryptoBackend";
 import { EventDecryptionResult } from "../../src/common-crypto/CryptoBackend";
 import * as testData from "../test-utils/test-data";
 import { KnownMembership } from "../../src/@types/membership";
+import type { DeviceInfoMap } from "../../src/crypto/DeviceList";

-const Olm = global.Olm;
+const Olm = globalThis.Olm;

 function awaitEvent(emitter: EventEmitter, event: string): Promise<void> {
    return new Promise((resolve) => {
@@ -118,7 +119,7 @@ describe("Crypto", function () {

    it("getVersion() should return the current version of the olm library", async () => {
        const client = new TestClient("@alice:example.com", "deviceid").client;
-        await client.initCrypto();
+        await client.initLegacyCrypto();

        const olmVersionTuple = Crypto.getOlmVersion();
        expect(client.getCrypto()?.getVersion()).toBe(
@@ -129,7 +130,7 @@ describe("Crypto", function () {
    describe("encrypted events", function () {
        it("provides encryption information for events from unverified senders", async function () {
            const client = new TestClient("@alice:example.com", "deviceid").client;
-            await client.initCrypto();
+            await client.initLegacyCrypto();

            // unencrypted event
            const event = {
@@ -209,7 +210,7 @@ describe("Crypto", function () {
            let client: MatrixClient;
            beforeEach(async () => {
                client = new TestClient("@alice:example.com", "deviceid").client;
-                await client.initCrypto();
+                await client.initLegacyCrypto();

                // mock out the verification check
                client.crypto!.checkUserTrust = (userId) => new UserTrustLevel(true, false, false);
@@ -305,7 +306,7 @@ describe("Crypto", function () {

        it("doesn't throw an error when attempting to decrypt a redacted event", async () => {
            const client = new TestClient("@alice:example.com", "deviceid").client;
-            await client.initCrypto();
+            await client.initLegacyCrypto();

            const event = new MatrixEvent({
                content: {},
@@ -438,10 +439,10 @@ describe("Crypto", function () {
            secondAliceClient = new TestClient("@alice:example.com", "secondAliceDevice").client;
            bobClient = new TestClient("@bob:example.com", "bobdevice").client;
            claraClient = new TestClient("@clara:example.com", "claradevice").client;
-            await aliceClient.initCrypto();
-            await secondAliceClient.initCrypto();
-            await bobClient.initCrypto();
-            await claraClient.initCrypto();
+            await aliceClient.initLegacyCrypto();
+            await secondAliceClient.initLegacyCrypto();
+            await bobClient.initLegacyCrypto();
+            await claraClient.initLegacyCrypto();
        });

        afterEach(async function () {
@@ -607,7 +608,7 @@ describe("Crypto", function () {
            event.claimedEd25519Key = null;
            try {
                await bobClient.crypto!.decryptEvent(event);
-            } catch (e) {
+            } catch {
                // we expect this to fail because we don't have the
                // decryption keys yet
            }
@@ -1110,7 +1111,7 @@ describe("Crypto", function () {
            jest.spyOn(logger, "debug").mockImplementation(() => {});
            jest.setTimeout(10000);
            const client = new TestClient("@a:example.com", "dev").client;
-            await client.initCrypto();
+            await client.initLegacyCrypto();
            client.crypto!.isCrossSigningReady = async () => false;
            client.crypto!.baseApis.uploadDeviceSigningKeys = jest.fn().mockResolvedValue(null);
            client.crypto!.baseApis.setAccountData = jest.fn().mockResolvedValue(null);
@@ -1146,9 +1147,9 @@ describe("Crypto", function () {

            client = new TestClient("@alice:example.org", "aliceweb");

-            // running initCrypto should trigger a key upload
+            // running initLegacyCrypto should trigger a key upload
            client.httpBackend.when("POST", "/keys/upload").respond(200, {});
-            await Promise.all([client.client.initCrypto(), client.httpBackend.flush("/keys/upload", 1)]);
+            await Promise.all([client.client.initLegacyCrypto(), client.httpBackend.flush("/keys/upload", 1)]);

            encryptedPayload = {
                algorithm: "m.olm.v1.curve25519-aes-sha2",
@@ -1245,12 +1246,123 @@ describe("Crypto", function () {
        });
    });

+    describe("encryptToDeviceMessages", () => {
+        let client: TestClient;
+        let ensureOlmSessionsForDevices: jest.SpiedFunction<typeof olmlib.ensureOlmSessionsForDevices>;
+        let encryptMessageForDevice: jest.SpiedFunction<typeof olmlib.encryptMessageForDevice>;
+        const payload = { hello: "world" };
+        let encryptedPayload: object;
+        let crypto: Crypto;
+
+        beforeEach(async () => {
+            ensureOlmSessionsForDevices = jest.spyOn(olmlib, "ensureOlmSessionsForDevices");
+            ensureOlmSessionsForDevices.mockResolvedValue(new Map());
+            encryptMessageForDevice = jest.spyOn(olmlib, "encryptMessageForDevice");
+            encryptMessageForDevice.mockImplementation(async (...[result, , , , , , payload]) => {
+                result.plaintext = { type: 0, body: JSON.stringify(payload) };
+            });
+
+            client = new TestClient("@alice:example.org", "aliceweb");
+
+            // running initLegacyCrypto should trigger a key upload
+            client.httpBackend.when("POST", "/keys/upload").respond(200, {});
+            await Promise.all([client.client.initLegacyCrypto(), client.httpBackend.flush("/keys/upload", 1)]);
+
+            encryptedPayload = {
+                algorithm: "m.olm.v1.curve25519-aes-sha2",
+                sender_key: client.client.crypto!.olmDevice.deviceCurve25519Key,
+                ciphertext: { plaintext: { type: 0, body: JSON.stringify(payload) } },
+            };
+
+            crypto = client.client.getCrypto() as Crypto;
+        });
+
+        afterEach(async () => {
+            ensureOlmSessionsForDevices.mockRestore();
+            encryptMessageForDevice.mockRestore();
+            await client.stop();
+        });
+
+        it("returns encrypted batch where devices known", async () => {
+            const deviceInfoMap: DeviceInfoMap = new Map([
+                [
+                    "@bob:example.org",
+                    new Map([
+                        ["bobweb", new DeviceInfo("bobweb")],
+                        ["bobmobile", new DeviceInfo("bobmobile")],
+                    ]),
+                ],
+                ["@carol:example.org", new Map([["caroldesktop", new DeviceInfo("caroldesktop")]])],
+            ]);
+            jest.spyOn(crypto.deviceList, "downloadKeys").mockResolvedValue(deviceInfoMap);
+            // const deviceInfoMap = await this.downloadKeys(Array.from(userIds), false);
+
+            const batch = await client.client.getCrypto()?.encryptToDeviceMessages(
+                "m.test.type",
+                [
+                    { userId: "@bob:example.org", deviceId: "bobweb" },
+                    { userId: "@bob:example.org", deviceId: "bobmobile" },
+                    { userId: "@carol:example.org", deviceId: "caroldesktop" },
+                    { userId: "@carol:example.org", deviceId: "carolmobile" }, // not known
+                ],
+                payload,
+            );
+            expect(crypto.deviceList.downloadKeys).toHaveBeenCalledWith(
+                ["@bob:example.org", "@carol:example.org"],
+                false,
+            );
+            expect(encryptMessageForDevice).toHaveBeenCalledTimes(3);
+            const expectedPayload = expect.objectContaining({
+                ...encryptedPayload,
+                "org.matrix.msgid": expect.any(String),
+                "sender_key": expect.any(String),
+            });
+            expect(batch?.eventType).toEqual("m.room.encrypted");
+            expect(batch?.batch.length).toEqual(3);
+            expect(batch).toEqual({
+                eventType: "m.room.encrypted",
+                batch: expect.arrayContaining([
+                    {
+                        userId: "@bob:example.org",
+                        deviceId: "bobweb",
+                        payload: expectedPayload,
+                    },
+                    {
+                        userId: "@bob:example.org",
+                        deviceId: "bobmobile",
+                        payload: expectedPayload,
+                    },
+                    {
+                        userId: "@carol:example.org",
+                        deviceId: "caroldesktop",
+                        payload: expectedPayload,
+                    },
+                ]),
+            });
+        });
+
+        it("returns empty batch if no devices known", async () => {
+            jest.spyOn(crypto.deviceList, "downloadKeys").mockResolvedValue(new Map());
+            const batch = await crypto.encryptToDeviceMessages(
+                "m.test.type",
+                [
+                    { deviceId: "AAA", userId: "@user1:domain" },
+                    { deviceId: "BBB", userId: "@user1:domain" },
+                    { deviceId: "CCC", userId: "@user2:domain" },
+                ],
+                payload,
+            );
+            expect(batch?.eventType).toEqual("m.room.encrypted");
+            expect(batch?.batch).toEqual([]);
+        });
+    });
+
    describe("checkSecretStoragePrivateKey", () => {
        let client: TestClient;

        beforeEach(async () => {
            client = new TestClient("@alice:example.org", "aliceweb");
-            await client.client.initCrypto();
+            await client.client.initLegacyCrypto();
        });

        afterEach(async () => {
@@ -1276,7 +1388,7 @@ describe("Crypto", function () {

        beforeEach(async () => {
            client = new TestClient("@alice:example.org", "aliceweb");
-            await client.client.initCrypto();
+            await client.client.initLegacyCrypto();
        });

        afterEach(async () => {
@@ -1302,7 +1414,7 @@ describe("Crypto", function () {

        beforeEach(async () => {
            client = new TestClient("@alice:example.org", "aliceweb");
-            await client.client.initCrypto();
+            await client.client.initLegacyCrypto();
        });

        afterEach(async function () {
@@ -44,13 +44,13 @@ badKey[0] ^= 1;
 const masterKeyPub = "nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk";

 describe("CrossSigningInfo.getCrossSigningKey", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm backup unit tests: libolm not present");
        return;
    }

    beforeAll(function () {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    it("should throw if no callback is provided", async () => {
@@ -80,7 +80,7 @@ describe("CrossSigningInfo.getCrossSigningKey", function () {
        expect(pubKey).toEqual(masterKeyPub);
        // check that the pkSigning object corresponds to the pubKey
        const signature = pkSigning.sign("message");
-        const util = new global.Olm.Utility();
+        const util = new globalThis.Olm.Utility();
        try {
            util.ed25519_verify(pubKey, "message", signature);
        } finally {
@@ -199,7 +199,7 @@ describe("CrossSigningInfo.getCrossSigningKey", function () {
 * it's not possible to get one in normal execution unless you hack as we do here.
 */
 describe.each([
-    ["IndexedDBCryptoStore", () => new IndexedDBCryptoStore(global.indexedDB, "tests")],
+    ["IndexedDBCryptoStore", () => new IndexedDBCryptoStore(globalThis.indexedDB, "tests")],
    ["LocalStorageCryptoStore", () => new IndexedDBCryptoStore(undefined!, "tests")],
    [
        "MemoryCryptoStore",
@@ -43,10 +43,10 @@ const MegolmEncryption = algorithms.ENCRYPTION_CLASSES.get("m.megolm.v1.aes-sha2

 const ROOM_ID = "!ROOM:ID";

-const Olm = global.Olm;
+const Olm = globalThis.Olm;

 describe("MegolmDecryption", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm unit tests: libolm not present");
        return;
    }
@@ -101,7 +101,7 @@ describe("MegolmDecryption", function () {
    describe("receives some keys:", function () {
        let groupSession: OutboundGroupSession;
        beforeEach(async function () {
-            groupSession = new global.Olm.OutboundGroupSession();
+            groupSession = new globalThis.Olm.OutboundGroupSession();
            groupSession.create();

            // construct a fake decrypted key event via the use of a mocked
@@ -610,7 +610,11 @@ describe("MegolmDecryption", function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient1 = new TestClient("@bob:example.com", "bobdevice1").client;
        const bobClient2 = new TestClient("@bob:example.com", "bobdevice2").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient1.initCrypto(), bobClient2.initCrypto()]);
+        await Promise.all([
+            aliceClient.initLegacyCrypto(),
+            bobClient1.initLegacyCrypto(),
+            bobClient2.initLegacyCrypto(),
+        ]);
        const aliceDevice = aliceClient.crypto!.olmDevice;
        const bobDevice1 = bobClient1.crypto!.olmDevice;
        const bobDevice2 = bobClient2.crypto!.olmDevice;
@@ -704,7 +708,7 @@ describe("MegolmDecryption", function () {
    it("does not block unverified devices when sending verification events", async function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient = new TestClient("@bob:example.com", "bobdevice").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient.initCrypto()]);
+        await Promise.all([aliceClient.initLegacyCrypto(), bobClient.initLegacyCrypto()]);
        const bobDevice = bobClient.crypto!.olmDevice;

        const encryptionCfg = {
@@ -789,7 +793,7 @@ describe("MegolmDecryption", function () {
    it("notifies devices when unable to create olm session", async function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient = new TestClient("@bob:example.com", "bobdevice").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient.initCrypto()]);
+        await Promise.all([aliceClient.initLegacyCrypto(), bobClient.initLegacyCrypto()]);
        const aliceDevice = aliceClient.crypto!.olmDevice;
        const bobDevice = bobClient.crypto!.olmDevice;

@@ -873,7 +877,7 @@ describe("MegolmDecryption", function () {
    it("throws an error describing why it doesn't have a key", async function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient = new TestClient("@bob:example.com", "bobdevice").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient.initCrypto()]);
+        await Promise.all([aliceClient.initLegacyCrypto(), bobClient.initLegacyCrypto()]);
        const bobDevice = bobClient.crypto!.olmDevice;

        const aliceEventEmitter = new TypedEventEmitter<ClientEvent.ToDeviceEvent, any>();
@@ -955,7 +959,7 @@ describe("MegolmDecryption", function () {
    it("throws an error describing the lack of an olm session", async function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient = new TestClient("@bob:example.com", "bobdevice").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient.initCrypto()]);
+        await Promise.all([aliceClient.initLegacyCrypto(), bobClient.initLegacyCrypto()]);

        const aliceEventEmitter = new TypedEventEmitter<ClientEvent.ToDeviceEvent, any>();
        aliceClient.crypto!.registerEventHandlers(aliceEventEmitter);
@@ -1051,7 +1055,7 @@ describe("MegolmDecryption", function () {
    it("throws an error to indicate a wedged olm session", async function () {
        const aliceClient = new TestClient("@alice:example.com", "alicedevice").client;
        const bobClient = new TestClient("@bob:example.com", "bobdevice").client;
-        await Promise.all([aliceClient.initCrypto(), bobClient.initCrypto()]);
+        await Promise.all([aliceClient.initLegacyCrypto(), bobClient.initLegacyCrypto()]);
        const aliceEventEmitter = new TypedEventEmitter<ClientEvent.ToDeviceEvent, any>();
        aliceClient.crypto!.registerEventHandlers(aliceEventEmitter);

@@ -47,13 +47,13 @@ function alwaysSucceed<T>(promise: Promise<T>): Promise<T | void> {
 }

 describe("OlmDevice", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm unit tests: libolm not present");
        return;
    }

    beforeAll(function () {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    let aliceOlmDevice: OlmDevice;
@@ -33,7 +33,7 @@ import { CryptoStore } from "../../../src/crypto/store/base";
 import { MegolmDecryption as MegolmDecryptionClass } from "../../../src/crypto/algorithms/megolm";
 import { IKeyBackupInfo } from "../../../src/crypto/keybackup";

-const Olm = global.Olm;
+const Olm = globalThis.Olm;

 const MegolmDecryption = algorithms.DECRYPTION_CLASSES.get("m.megolm.v1.aes-sha2")!;

@@ -155,7 +155,7 @@ function makeTestClient(cryptoStore: CryptoStore) {
 }

 describe("MegolmBackup", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm backup unit tests: libolm not present");
        return;
    }
@@ -205,14 +205,14 @@ describe("MegolmBackup", function () {
            // clobber the setTimeout function to run 100x faster.
            // ideally we would use lolex, but we have no oportunity
            // to tick the clock between the first try and the retry.
-            const realSetTimeout = global.setTimeout;
-            jest.spyOn(global, "setTimeout").mockImplementation(function (f, n) {
+            const realSetTimeout = globalThis.setTimeout;
+            jest.spyOn(globalThis, "setTimeout").mockImplementation(function (f, n) {
                return realSetTimeout(f!, n! / 100);
            });
        });

        afterEach(function () {
-            jest.spyOn(global, "setTimeout").mockRestore();
+            jest.spyOn(globalThis, "setTimeout").mockRestore();
        });

        test("fail if crypto not enabled", async () => {
@@ -231,7 +231,7 @@ describe("MegolmBackup", function () {

        test("fail if given backup has no version", async () => {
            const client = makeTestClient(cryptoStore);
-            await client.initCrypto();
+            await client.initLegacyCrypto();
            const data = {
                algorithm: olmlib.MEGOLM_BACKUP_ALGORITHM,
                auth_data: {
@@ -314,7 +314,7 @@ describe("MegolmBackup", function () {
            megolmDecryption.olmlib = mockOlmLib;

            return client
-                .initCrypto()
+                .initLegacyCrypto()
                .then(() => {
                    return cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_SESSIONS], (txn) => {
                        cryptoStore.addEndToEndInboundGroupSession(
@@ -391,7 +391,7 @@ describe("MegolmBackup", function () {
            megolmDecryption.olmlib = mockOlmLib;

            return client
-                .initCrypto()
+                .initLegacyCrypto()
                .then(() => {
                    return client.crypto!.storeSessionBackupPrivateKey(new Uint8Array(32));
                })
@@ -471,7 +471,7 @@ describe("MegolmBackup", function () {
            // @ts-ignore private field access
            megolmDecryption.olmlib = mockOlmLib;

-            await client.initCrypto();
+            await client.initLegacyCrypto();
            client.uploadDeviceSigningKeys = async function (e) {
                return {};
            };
@@ -560,7 +560,7 @@ describe("MegolmBackup", function () {
            // @ts-ignore private field access
            megolmDecryption.olmlib = mockOlmLib;

-            await client.initCrypto();
+            await client.initLegacyCrypto();
            await cryptoStore.doTxn("readwrite", [IndexedDBCryptoStore.STORE_SESSIONS], (txn) => {
                cryptoStore.addEndToEndInboundGroupSession(
                    "F0Q2NmyJNgUVj9DGsb4ZQt3aVxhVcUQhg7+gvW0oyKI",
@@ -636,7 +636,7 @@ describe("MegolmBackup", function () {
            // @ts-ignore private field access
            megolmDecryption.olmlib = mockOlmLib;

-            return client.initCrypto();
+            return client.initLegacyCrypto();
        });

        afterEach(function () {
@@ -773,11 +773,19 @@ describe("MegolmBackup", function () {
            // initialising the crypto library will trigger a key upload request, which we can stub out
            client.uploadKeysRequest = jest.fn();

-            await client.initCrypto();
+            await client.initLegacyCrypto();

            cryptoStore.countSessionsNeedingBackup = jest.fn().mockReturnValue(6);
            await expect(client.flagAllGroupSessionsForBackup()).resolves.toBe(6);
            client.stopClient();
        });
    });
+
+    describe("getKeyBackupInfo", () => {
+        it("should return throw an `Not implemented`", async () => {
+            const client = makeTestClient(cryptoStore);
+            await client.initLegacyCrypto();
+            await expect(client.getCrypto()?.getKeyBackupInfo()).rejects.toThrow("Not implemented");
+        });
+    });
 });
@@ -23,12 +23,12 @@ import HttpBackend from "matrix-mock-request";
 import * as olmlib from "../../../src/crypto/olmlib";
 import { MatrixError } from "../../../src/http-api";
 import { logger } from "../../../src/logger";
-import { ICrossSigningKey, ICreateClientOpts, ISignedKey, MatrixClient } from "../../../src/client";
+import { ICreateClientOpts, ISignedKey, MatrixClient } from "../../../src/client";
 import { CryptoEvent } from "../../../src/crypto";
 import { IDevice } from "../../../src/crypto/deviceinfo";
 import { TestClient } from "../../TestClient";
 import { resetCrossSigningKeys } from "./crypto-utils";
-import { BootstrapCrossSigningOpts } from "../../../src/crypto-api";
+import { BootstrapCrossSigningOpts, CrossSigningKeyInfo } from "../../../src/crypto-api";

 const PUSH_RULES_RESPONSE: Response = {
    method: "GET",
@@ -78,19 +78,19 @@ async function makeTestClient(
    const testClient = new TestClient(userInfo.userId, userInfo.deviceId, undefined, undefined, options);
    const client = testClient.client;

-    await client.initCrypto();
+    await client.initLegacyCrypto();

    return { client, httpBackend: testClient.httpBackend };
 }

 describe("Cross Signing", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm backup unit tests: libolm not present");
        return;
    }

    beforeAll(function () {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    it("should sign the master key with the device key", async function () {
@@ -140,9 +140,7 @@ describe("Cross Signing", function () {
                });
            }

-            const error = new MatrixError(errorResponse);
-            error.httpStatus == 401;
-            throw error;
+            throw new MatrixError(errorResponse, 401);
        };
        alice.uploadKeySignatures = async () => ({ failures: {} });
        alice.setAccountData = async () => ({});
@@ -371,13 +369,13 @@ describe("Cross Signing", function () {
        // set Alice's cross-signing key
        await resetCrossSigningKeys(alice);
        // Alice downloads Bob's ssk and device key
-        const bobMasterSigning = new global.Olm.PkSigning();
+        const bobMasterSigning = new globalThis.Olm.PkSigning();
        const bobMasterPrivkey = bobMasterSigning.generate_seed();
        const bobMasterPubkey = bobMasterSigning.init_with_seed(bobMasterPrivkey);
-        const bobSigning = new global.Olm.PkSigning();
+        const bobSigning = new globalThis.Olm.PkSigning();
        const bobPrivkey = bobSigning.generate_seed();
        const bobPubkey = bobSigning.init_with_seed(bobPrivkey);
-        const bobSSK: ICrossSigningKey = {
+        const bobSSK: CrossSigningKeyInfo = {
            user_id: "@bob:example.com",
            usage: ["self_signing"],
            keys: {
@@ -490,7 +488,7 @@ describe("Cross Signing", function () {
        };
        await alice.crypto!.signObject(aliceDevice);

-        const bobOlmAccount = new global.Olm.Account();
+        const bobOlmAccount = new globalThis.Olm.Account();
        bobOlmAccount.create();
        const bobKeys = JSON.parse(bobOlmAccount.identity_keys());
        const bobDeviceUnsigned = {
@@ -515,7 +513,7 @@ describe("Cross Signing", function () {
        };
        olmlib.pkSign(bobDevice, selfSigningKey as unknown as PkSigning, "@bob:example.com", "");

-        const bobMaster: ICrossSigningKey = {
+        const bobMaster: CrossSigningKeyInfo = {
            user_id: "@bob:example.com",
            usage: ["master"],
            keys: {
@@ -624,13 +622,13 @@ describe("Cross Signing", function () {
        await resetCrossSigningKeys(alice);
        // Alice downloads Bob's ssk and device key
        // (NOTE: device key is not signed by ssk)
-        const bobMasterSigning = new global.Olm.PkSigning();
+        const bobMasterSigning = new globalThis.Olm.PkSigning();
        const bobMasterPrivkey = bobMasterSigning.generate_seed();
        const bobMasterPubkey = bobMasterSigning.init_with_seed(bobMasterPrivkey);
-        const bobSigning = new global.Olm.PkSigning();
+        const bobSigning = new globalThis.Olm.PkSigning();
        const bobPrivkey = bobSigning.generate_seed();
        const bobPubkey = bobSigning.init_with_seed(bobPrivkey);
-        const bobSSK: ICrossSigningKey = {
+        const bobSSK: CrossSigningKeyInfo = {
            user_id: "@bob:example.com",
            usage: ["self_signing"],
            keys: {
@@ -690,13 +688,13 @@ describe("Cross Signing", function () {
        alice.uploadKeySignatures = async () => ({ failures: {} });
        await resetCrossSigningKeys(alice);
        // Alice downloads Bob's keys
-        const bobMasterSigning = new global.Olm.PkSigning();
+        const bobMasterSigning = new globalThis.Olm.PkSigning();
        const bobMasterPrivkey = bobMasterSigning.generate_seed();
        const bobMasterPubkey = bobMasterSigning.init_with_seed(bobMasterPrivkey);
-        const bobSigning = new global.Olm.PkSigning();
+        const bobSigning = new globalThis.Olm.PkSigning();
        const bobPrivkey = bobSigning.generate_seed();
        const bobPubkey = bobSigning.init_with_seed(bobPrivkey);
-        const bobSSK: ICrossSigningKey = {
+        const bobSSK: CrossSigningKeyInfo = {
            user_id: "@bob:example.com",
            usage: ["self_signing"],
            keys: {
@@ -757,13 +755,13 @@ describe("Cross Signing", function () {
        expect(bobDeviceTrust.isTofu()).toBeTruthy();

        // Alice downloads new SSK for Bob
-        const bobMasterSigning2 = new global.Olm.PkSigning();
+        const bobMasterSigning2 = new globalThis.Olm.PkSigning();
        const bobMasterPrivkey2 = bobMasterSigning2.generate_seed();
        const bobMasterPubkey2 = bobMasterSigning2.init_with_seed(bobMasterPrivkey2);
-        const bobSigning2 = new global.Olm.PkSigning();
+        const bobSigning2 = new globalThis.Olm.PkSigning();
        const bobPrivkey2 = bobSigning2.generate_seed();
        const bobPubkey2 = bobSigning2.init_with_seed(bobPrivkey2);
-        const bobSSK2: ICrossSigningKey = {
+        const bobSSK2: CrossSigningKeyInfo = {
            user_id: "@bob:example.com",
            usage: ["self_signing"],
            keys: {
@@ -827,7 +825,7 @@ describe("Cross Signing", function () {
    });

    it("should offer to upgrade device verifications to cross-signing", async function () {
-        let upgradeResolveFunc: Function;
+        let upgradeResolveFunc: () => void;

        const { client: alice } = await makeTestClient(
            { userId: "@alice:example.com", deviceId: "Osborne2" },
@@ -866,7 +864,7 @@ describe("Cross Signing", function () {
        // cross-signing key is signed by his Dynabook, which alice has
        // verified, and ask if the device verification should be upgraded to a
        // cross-signing verification
-        let upgradePromise = new Promise((resolve) => {
+        let upgradePromise = new Promise<void>((resolve) => {
            upgradeResolveFunc = resolve;
        });
        await resetCrossSigningKeys(alice);
@@ -885,7 +883,7 @@ describe("Cross Signing", function () {
        expect(bobTrust2.isCrossSigningVerified()).toBeFalsy();
        expect(bobTrust2.isTofu()).toBeTruthy();

-        upgradePromise = new Promise((resolve) => {
+        upgradePromise = new Promise<void>((resolve) => {
            upgradeResolveFunc = resolve;
        });
        alice.crypto!.deviceList.emit(CryptoEvent.UserCrossSigningUpdated, "@bob:example.com");
@@ -907,13 +905,13 @@ describe("Cross Signing", function () {
        alice.uploadKeySignatures = async () => ({ failures: {} });

        // Generate Alice's SSK etc
-        const aliceMasterSigning = new global.Olm.PkSigning();
+        const aliceMasterSigning = new globalThis.Olm.PkSigning();
        const aliceMasterPrivkey = aliceMasterSigning.generate_seed();
        const aliceMasterPubkey = aliceMasterSigning.init_with_seed(aliceMasterPrivkey);
-        const aliceSigning = new global.Olm.PkSigning();
+        const aliceSigning = new globalThis.Olm.PkSigning();
        const alicePrivkey = aliceSigning.generate_seed();
        const alicePubkey = aliceSigning.init_with_seed(alicePrivkey);
-        const aliceSSK: ICrossSigningKey = {
+        const aliceSSK: CrossSigningKeyInfo = {
            user_id: "@alice:example.com",
            usage: ["self_signing"],
            keys: {
@@ -982,13 +980,13 @@ describe("Cross Signing", function () {
        alice.uploadKeySignatures = async () => ({ failures: {} });

        // Generate Alice's SSK etc
-        const aliceMasterSigning = new global.Olm.PkSigning();
+        const aliceMasterSigning = new globalThis.Olm.PkSigning();
        const aliceMasterPrivkey = aliceMasterSigning.generate_seed();
        const aliceMasterPubkey = aliceMasterSigning.init_with_seed(aliceMasterPrivkey);
-        const aliceSigning = new global.Olm.PkSigning();
+        const aliceSigning = new globalThis.Olm.PkSigning();
        const alicePrivkey = aliceSigning.generate_seed();
        const alicePubkey = aliceSigning.init_with_seed(alicePrivkey);
-        const aliceSSK: ICrossSigningKey = {
+        const aliceSSK: CrossSigningKeyInfo = {
            user_id: "@alice:example.com",
            usage: ["self_signing"],
            keys: {
@@ -1042,13 +1040,13 @@ describe("Cross Signing", function () {
        alice.uploadKeySignatures = async () => ({ failures: {} });

        // Generate Alice's SSK etc
-        const aliceMasterSigning = new global.Olm.PkSigning();
+        const aliceMasterSigning = new globalThis.Olm.PkSigning();
        const aliceMasterPrivkey = aliceMasterSigning.generate_seed();
        const aliceMasterPubkey = aliceMasterSigning.init_with_seed(aliceMasterPrivkey);
-        const aliceSigning = new global.Olm.PkSigning();
+        const aliceSigning = new globalThis.Olm.PkSigning();
        const alicePrivkey = aliceSigning.generate_seed();
        const alicePubkey = aliceSigning.init_with_seed(alicePrivkey);
-        const aliceSSK: ICrossSigningKey = {
+        const aliceSSK: CrossSigningKeyInfo = {
            user_id: "@alice:example.com",
            usage: ["self_signing"],
            keys: {
@@ -1090,12 +1088,12 @@ describe("Cross Signing", function () {
 });

 describe("userHasCrossSigningKeys", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        return;
    }

    beforeAll(() => {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    let aliceClient: MatrixClient;
@@ -32,7 +32,7 @@ export async function resetCrossSigningKeys(
 }

 export async function createSecretStorageKey(): Promise<IRecoveryKey> {
-    const decryption = new global.Olm.PkDecryption();
+    const decryption = new globalThis.Olm.PkDecryption();
    decryption.generate_key();
    const storagePrivateKey = decryption.get_private_key();
    decryption.free();
@@ -19,16 +19,16 @@ import { TestClient } from "../../TestClient";
 import { logger } from "../../../src/logger";
 import { DEHYDRATION_ALGORITHM } from "../../../src/crypto/dehydration";

-const Olm = global.Olm;
+const Olm = globalThis.Olm;

 describe("Dehydration", () => {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running dehydration unit tests: libolm not present");
        return;
    }

    beforeAll(function () {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    it("should rehydrate a dehydrated device", async () => {
@@ -68,7 +68,7 @@ describe("Dehydration", () => {
            },
        });

-        await alice.client.initCrypto();
+        await alice.client.initLegacyCrypto();

        alice.httpBackend.when("GET", "/room_keys/version").respond(404, {
            errcode: "M_NOT_FOUND",
@@ -51,7 +51,7 @@ const requests = [
 ];

 describe.each([
-    ["IndexedDBCryptoStore", () => new IndexedDBCryptoStore(global.indexedDB, "tests")],
+    ["IndexedDBCryptoStore", () => new IndexedDBCryptoStore(globalThis.indexedDB, "tests")],
    ["LocalStorageCryptoStore", () => new LocalStorageCryptoStore(localStorage)],
    ["MemoryCryptoStore", () => new MemoryCryptoStore()],
 ])("Outgoing room key requests [%s]", function (name, dbFactory) {
@@ -20,15 +20,17 @@ import { IObject } from "../../../src/crypto/olmlib";
 import { MatrixEvent } from "../../../src/models/event";
 import { TestClient } from "../../TestClient";
 import { makeTestClients } from "./verification/util";
-import { encryptAES } from "../../../src/crypto/aes";
+import encryptAESSecretStorageItem from "../../../src/utils/encryptAESSecretStorageItem.ts";
 import { createSecretStorageKey, resetCrossSigningKeys } from "./crypto-utils";
 import { logger } from "../../../src/logger";
-import { ClientEvent, ICreateClientOpts, ICrossSigningKey, MatrixClient } from "../../../src/client";
+import { ClientEvent, ICreateClientOpts, MatrixClient } from "../../../src/client";
 import { DeviceInfo } from "../../../src/crypto/deviceinfo";
 import { ISignatures } from "../../../src/@types/signed";
 import { ICurve25519AuthData } from "../../../src/crypto/keybackup";
 import { SecretStorageKeyDescription, SECRET_STORAGE_ALGORITHM_V1_AES } from "../../../src/secret-storage";
 import { decodeBase64 } from "../../../src/base64";
+import { CrossSigningKeyInfo } from "../../../src/crypto-api";
+import { SecretInfo } from "../../../src/secret-storage.ts";

 async function makeTestClient(
    userInfo: { userId: string; deviceId: string },
@@ -42,7 +44,7 @@ async function makeTestClient(
        return true;
    };

-    await client.initCrypto();
+    await client.initLegacyCrypto();

    // No need to download keys for these tests
    jest.spyOn(client.crypto!, "downloadKeys").mockResolvedValue(new Map());
@@ -67,21 +69,27 @@ function sign<T extends IObject | ICurve25519AuthData>(
    };
 }

+declare module "../../../src/@types/event" {
+    interface SecretStorageAccountDataEvents {
+        foo: SecretInfo;
+    }
+}
+
 describe("Secrets", function () {
-    if (!global.Olm) {
+    if (!globalThis.Olm) {
        logger.warn("Not running megolm backup unit tests: libolm not present");
        return;
    }

    beforeAll(function () {
-        return global.Olm.init();
+        return globalThis.Olm.init();
    });

    it("should store and retrieve a secret", async function () {
        const key = new Uint8Array(16);
        for (let i = 0; i < 16; i++) key[i] = i;

-        const signing = new global.Olm.PkSigning();
+        const signing = new globalThis.Olm.PkSigning();
        const signingKey = signing.generate_seed();
        const signingPubKey = signing.init_with_seed(signingKey);

@@ -331,7 +339,7 @@ describe("Secrets", function () {
        });

        it("bootstraps when cross-signing keys in secret storage", async function () {
-            const decryption = new global.Olm.PkDecryption();
+            const decryption = new globalThis.Olm.PkDecryption();
            const storagePrivateKey = decryption.get_private_key();

            const bob: MatrixClient = await makeTestClient(
@@ -475,7 +483,7 @@ describe("Secrets", function () {
                            [`ed25519:${XSPubKey}`]: XSPubKey,
                        },
                    },
-                    self_signing: sign<ICrossSigningKey>(
+                    self_signing: sign<CrossSigningKeyInfo>(
                        {
                            user_id: "@alice:example.com",
                            usage: ["self_signing"],
@@ -486,7 +494,7 @@ describe("Secrets", function () {
                        XSK,
                        "@alice:example.com",
                    ),
-                    user_signing: sign<ICrossSigningKey>(
+                    user_signing: sign<CrossSigningKeyInfo>(
                        {
                            user_id: "@alice:example.com",
                            usage: ["user_signing"],
@@ -611,7 +619,7 @@ describe("Secrets", function () {
                    type: "m.megolm_backup.v1",
                    content: {
                        encrypted: {
-                            key_id: await encryptAES(
+                            key_id: await encryptAESSecretStorageItem(
                                "123,45,6,7,89,1,234,56,78,90,12,34,5,67,8,90",
                                secretStorageKeys.key_id,
                                "m.megolm_backup.v1",
@@ -631,7 +639,7 @@ describe("Secrets", function () {
                            [`ed25519:${XSPubKey}`]: XSPubKey,
                        },
                    },
-                    self_signing: sign<ICrossSigningKey>(
+                    self_signing: sign<CrossSigningKeyInfo>(
                        {
                            user_id: "@alice:example.com",
                            usage: ["self_signing"],
@@ -642,7 +650,7 @@ describe("Secrets", function () {
                        XSK,
                        "@alice:example.com",
                    ),
-                    user_signing: sign<ICrossSigningKey>(
+                    user_signing: sign<CrossSigningKeyInfo>(
                        {
                            user_id: "@alice:example.com",
                            usage: ["user_signing"],
--- a/Show More
+++ b/Show More