Remove dependency on uuid (#5297)

* Update dependency vite to v8

* Update lockfile

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Michael Telatynski <7t3chguy@gmail.com>

.eslintrc.cjs

@@ -1,6 +1,6 @@
 module.exports = {
-    plugins: ["matrix-org", "import", "jsdoc", "n"],
-    extends: ["plugin:matrix-org/babel", "plugin:matrix-org/jest", "plugin:import/typescript"],
+    plugins: ["matrix-org", "import", "jsdoc", "n", "@vitest"],
+    extends: ["plugin:matrix-org/babel", "plugin:import/typescript"],
     parserOptions: {
         project: ["./tsconfig.json"],
     },
@@ -83,17 +83,6 @@ module.exports = {
                 ],
             },
         ],
-        // Disabled tests are a reality for now but as soon as all of the xits are
-        // eliminated, we should enforce this.
-        "jest/no-disabled-tests": "off",
-        // Also treat "oldBackendOnly" as a test function.
-        // Used in some crypto tests.
-        "jest/no-standalone-expect": [
-            "error",
-            {
-                additionalTestBlockFunctions: ["beforeAll", "beforeEach", "oldBackendOnly", "newBackendOnly"],
-            },
-        ],
     },
     overrides: [
         {
@@ -112,8 +101,13 @@ module.exports = {
                 "@typescript-eslint/ban-ts-comment": "off",
                 // We're okay with assertion errors when we ask for them
                 "@typescript-eslint/no-non-null-assertion": "off",
-                // We do this sometimes to brand interfaces
-                "@typescript-eslint/no-empty-object-type": "off",
+                "@typescript-eslint/no-empty-object-type": [
+                    "error",
+                    {
+                        // We do this sometimes to brand interfaces
+                        allowInterfaces: "with-single-extends",
+                    },
+                ],
 
                 "quotes": "off",
                 // We use a `logger` intermediary module
@@ -143,10 +137,48 @@ module.exports = {
         },
         {
             files: ["spec/**/*.ts"],
+            extends: ["plugin:@vitest/legacy-recommended"],
             rules: {
                 // We don't need super strict typing in test utilities
                 "@typescript-eslint/explicit-function-return-type": "off",
                 "@typescript-eslint/explicit-member-accessibility": "off",
+                "@typescript-eslint/no-empty-object-type": "off",
+
+                // Disabled tests are a reality for now but as soon as all of the xits are
+                // eliminated, we should enforce this.
+                "@vitest/no-disabled-tests": "off",
+                // Used in some crypto tests.
+                "@vitest/no-standalone-expect": [
+                    "error",
+                    {
+                        additionalTestBlockFunctions: ["beforeAll", "beforeEach"],
+                    },
+                ],
+                "@vitest/expect-expect": [
+                    "error",
+                    {
+                        assertFunctionNames: [
+                            "expect",
+                            "expectDevices",
+                            "assert.isTrue",
+                            "assert.isFalse",
+                            "passwordTest",
+                            "compareHeaders",
+                            "doTest",
+                        ],
+                    },
+                ],
+            },
+        },
+        {
+            // Enable stricter promise rules for the MatrixRTC codebase
+            files: ["src/matrixrtc/**/*.ts", "spec/unit/matrixrtc/*.ts"],
+            rules: {
+                // Encourage proper usage of Promises:
+                "@typescript-eslint/no-floating-promises": "error",
+                "@typescript-eslint/no-misused-promises": "error",
+                "@typescript-eslint/require-await": "error",
+                "@typescript-eslint/await-thenable": "error",
             },
         },
     ],

.github/CODEOWNERS

@@ -1,7 +1,7 @@
 *                         @matrix-org/element-web-reviewers
 /.github/workflows/**     @matrix-org/element-web-team
 /package.json             @matrix-org/element-web-team
-/yarn.lock                @matrix-org/element-web-team
+/pnpm-lock.yaml           @matrix-org/element-web-team
 /scripts/**               @matrix-org/element-web-team
 /src/webrtc               @matrix-org/element-call-reviewers
 /src/matrixrtc               @matrix-org/element-call-reviewers

.github/actions/sign-release-tarball/action.yml

@@ -22,7 +22,7 @@ runs:
 
         - name: Upload tarball signature
           if: ${{ inputs.upload-url }}
-          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
+          uses: shogo82148/actions-upload-release-asset@96bc1f0cb850b65efd58a6b5eaa0a69f88d38077 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ env.VERSION }}.tar.gz.asc

.github/actions/upload-release-assets/action.yml

@@ -29,13 +29,13 @@ runs:
 
         - name: Upload asset signatures
           if: inputs.gpg-fingerprint
-          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
+          uses: shogo82148/actions-upload-release-asset@96bc1f0cb850b65efd58a6b5eaa0a69f88d38077 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}.asc
 
         - name: Upload assets
-          uses: shogo82148/actions-upload-release-asset@8482bd769644976d847e96fb4b9354228885e7b4 # v1
+          uses: shogo82148/actions-upload-release-asset@96bc1f0cb850b65efd58a6b5eaa0a69f88d38077 # v1
           with:
               upload_url: ${{ inputs.upload-url }}
               asset_path: ${{ inputs.asset-path }}

.github/labels.yml

@@ -41,3 +41,6 @@
 - name: "Z-Flaky-Test"
   description: "A test is raising false alarms"
   color: "ededed"
+- name: "Z-Skip-Coverage"
+  description: "Skip SonarQube coverage for this PR"
+  color: "ededed"

.github/workflows/backport.yml

@@ -1,6 +1,8 @@
 name: Backport
 on:
-    pull_request_target:
+    # Privilege escalation necessary to enable backporting PRs from forks
+    # 🚨 We must not execute any checked out code here.
+    pull_request_target: # zizmor: ignore[dangerous-triggers]
         types:
             - closed
             - labeled

.github/workflows/docs-pr-netlify.yaml

@@ -1,7 +1,9 @@
 name: Deploy documentation PR preview
 
 on:
-    workflow_run:
+    # Privilege escalation necessary to publish to Netlify
+    # 🚨 We must not execute any checked out code here.
+    workflow_run: # zizmor: ignore[dangerous-triggers]
         workflows: ["Static Analysis"]
         types:
             - completed
@@ -15,7 +17,7 @@ jobs:
             deployments: write
         steps:
             - name: 📥 Download artifact
-              uses: actions/download-artifact@v4
+              uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
               with:
                   github-token: ${{ secrets.GITHUB_TOKEN }}
                   run-id: ${{ github.event.workflow_run.id }}
@@ -23,7 +25,7 @@ jobs:
                   path: docs
 
             - name: 📤 Deploy to Netlify
-              uses: matrix-org/netlify-pr-preview@v3
+              uses: matrix-org/netlify-pr-preview@9805cd123fc9a7e421e35340a05e1ebc5dee46b5 # v3
               with:
                   path: docs
                   owner: ${{ github.event.workflow_run.head_repository.owner.login }}

.github/workflows/downstream-end-to-end-tests.yml

@@ -1,7 +1,7 @@
 # Triggers after the "Downstream artifacts" build has finished, to run the
-# matrix-react-sdk playwright tests (with access to repo secrets)
+# element-web playwright tests (with access to repo secrets)
 
-name: matrix-react-sdk End to End Tests
+name: Element Web End to End Tests
 on:
     merge_group:
         types: [checks_requested]
@@ -21,11 +21,12 @@ concurrency:
 jobs:
     playwright:
         name: Playwright
-        uses: element-hq/element-web/.github/workflows/end-to-end-tests.yaml@develop
+        uses: element-hq/element-web/.github/workflows/build-and-test.yaml@develop # zizmor: ignore[unpinned-uses]
         permissions:
             actions: read
             issues: read
             pull-requests: read
+            contents: read
         with:
             matrix-js-sdk-sha: ${{ github.sha }}
             # We only want to run the playwright tests on merge queue to prevent regressions

.github/workflows/notify-downstream.yaml

@@ -18,8 +18,8 @@ jobs:
 
         runs-on: ubuntu-24.04
         steps:
-            - name: Notify matrix-react-sdk repo that a new SDK build is on develop so it can CI against it
-              uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
+            - name: Notify element-web repo that a new SDK build is on develop so it can CI against it
+              uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4
               with:
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                   repository: ${{ matrix.repo }}

.github/workflows/pull_request.yaml

@@ -1,6 +1,9 @@
 name: Pull Request
 on:
-    pull_request_target:
+    # Privilege escalation necessary access members of the review teams
+    # 🚨 We must not execute any checked out code here, and be careful around use of user-controlled inputs.
+    # FIXME: only `community-prs` job needs this privilege, so it should be in its own workflow file.
+    pull_request_target: # zizmor: ignore[dangerous-triggers]
         types: [opened, edited, labeled, unlabeled, synchronize]
     merge_group:
         types: [checks_requested]
@@ -15,7 +18,7 @@ jobs:
         name: Preview Changelog
         runs-on: ubuntu-24.04
         steps:
-            - uses: mheap/github-action-required-labels@d25134c992b943fb6ad00c25ea00eb5988c0a9dd # v5
+            - uses: mheap/github-action-required-labels@0ac283b4e65c1fb28ce6079dea5546ceca98ccbe # v5
               if: github.event_name != 'merge_group'
               with:
                   labels: |
@@ -35,7 +38,7 @@ jobs:
             pull-requests: read
         steps:
             - name: Add notice
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               if: contains(github.event.pull_request.labels.*.name, 'X-Blocked')
               with:
                   script: |
@@ -49,7 +52,7 @@ jobs:
             pull-requests: write
         steps:
             - name: Check membership
-              if: github.event.pull_request.user.login != 'renovate[bot]'
+              if: github.event.pull_request.user.login != 'renovate[bot]' && github.event.pull_request.user.login != 'dependabot[bot]'
               uses: tspascoal/get-user-teams-membership@57e9f42acd78f4d0f496b3be4368fc5f62696662 # v3
               id: teams
               with:
@@ -60,7 +63,7 @@ jobs:
 
             - name: Add label
               if: steps.teams.outputs.isTeamMember == 'false'
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               with:
                   script: |
                       github.rest.issues.addLabels({
@@ -73,13 +76,15 @@ jobs:
     close-if-fork-develop:
         name: Forbid develop branch fork contributions
         runs-on: ubuntu-24.04
+        permissions:
+            pull-requests: write
         if: >
             github.event.action == 'opened' &&
             github.event.pull_request.head.ref == 'develop' &&
             github.event.pull_request.head.repo.full_name != github.repository
         steps:
             - name: Close pull request
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               with:
                   script: |
                       github.rest.issues.createComment({

.github/workflows/release-checks.yml

@@ -18,7 +18,7 @@ jobs:
         runs-on: ubuntu-24.04
         steps:
             - name: Check for X-Release-Blocker label on any open issues or PRs
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               env:
                   REPO: ${{ inputs.repository }}
               with:

.github/workflows/release-drafter-workflow.yml

@@ -16,18 +16,20 @@ jobs:
             contents: write
         steps:
             - name: 🧮 Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   ref: staging
                   fetch-depth: 0
+                  persist-credentials: false
 
-            - uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
                   node-version-file: package.json
-                  cache: "yarn"
+                  cache: "pnpm"
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - uses: t3chguy/release-drafter@105e541c2c3d857f032bd522c0764694758fabad
               id: draft-release
@@ -37,7 +39,7 @@ jobs:
                   disable-autolabeler: true
 
             - name: Get actions scripts
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: matrix-org/matrix-js-sdk
                   persist-credentials: false
@@ -48,7 +50,7 @@ jobs:
 
             - name: Ingest upstream changes
               if: inputs.include-changes
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               env:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                   RELEASE_ID: ${{ steps.draft-release.outputs.id }}

.github/workflows/release-drafter.yml

@@ -13,4 +13,4 @@ jobs:
     draft:
         permissions:
             contents: write
-        uses: matrix-org/matrix-js-sdk/.github/workflows/release-drafter-workflow.yml@develop
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-drafter-workflow.yml@develop # zizmor: ignore[unpinned-uses]

.github/workflows/release-gitflow.yml

@@ -12,20 +12,25 @@ on:
                 description: List of dependencies to reset.
                 type: string
                 required: false
+            dir:
+                description: The directory to release
+                type: string
+                default: "."
 concurrency: ${{ github.workflow }}
 permissions: {} # Uses ELEMENT_BOT_TOKEN
 jobs:
     merge:
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   # We will be pushing to this branch and want the CI to run after we do so we cannot use the GITHUB_TOKEN
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                   fetch-depth: 0
+                  persist-credentials: true
 
             - name: Get actions scripts
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: matrix-org/matrix-js-sdk
                   persist-credentials: false
@@ -33,13 +38,14 @@ jobs:
                   sparse-checkout: |
                       scripts/release
 
-            - uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: Set up git
               run: |
@@ -53,6 +59,7 @@ jobs:
 
             - name: Reset dependencies
               if: inputs.dependencies
+              working-directory: ${{ inputs.dir }}
               run: |
                   while IFS= read -r PACKAGE; do
                       [ -z "$PACKAGE" ] && continue
@@ -73,7 +80,7 @@ jobs:
                       fi
 
                       echo "Resetting $PACKAGE to develop branch..."
-                      yarn add "github:matrix-org/$PACKAGE#develop"
+                      pnpm add "github:matrix-org/$PACKAGE#develop"
                       git add -u
                       git commit -m "Reset $PACKAGE back to develop branch"
                   done <<< "$DEPENDENCIES"

.github/workflows/release-make.yml

@@ -4,8 +4,6 @@ on:
         secrets:
             ELEMENT_BOT_TOKEN:
                 required: true
-            NPM_TOKEN:
-                required: false
             GPG_PASSPHRASE:
                 required: false
             GPG_PRIVATE_KEY:
@@ -28,12 +26,21 @@ on:
                 description: |
                     The path to the asset you want to upload, if any. You can use glob patterns here.
                     Will be GPG signed and an `.asc` file included in the release artifacts if `gpg-fingerprint` is set.
+                    Relative to `dir`.
                 type: string
                 required: false
             expected-asset-count:
                 description: The number of expected assets, including signatures, excluding generated zip & tarball.
                 type: number
                 required: false
+            dist-dir:
+                description: The directory to release
+                type: string
+                default: "."
+            version-dirs:
+                description: Directories in which to update package.json `version` field
+                type: string
+                required: false
         outputs:
             npm-id:
                 description: "The npm package@version string we published"
@@ -45,7 +52,7 @@ jobs:
         permissions:
             issues: read
             pull-requests: read
-        uses: matrix-org/matrix-js-sdk/.github/workflows/release-checks.yml@develop
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-checks.yml@develop # zizmor: ignore[unpinned-uses]
 
     release:
         name: Release
@@ -58,7 +65,7 @@ jobs:
             - name: Load GPG key
               id: gpg
               if: inputs.gpg-fingerprint
-              uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6
+              uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7
               with:
                   gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
                   passphrase: ${{ secrets.GPG_PASSPHRASE }}
@@ -66,22 +73,23 @@ jobs:
 
             - name: Get draft release
               id: draft-release
-              uses: cardinalby/git-get-release-action@5172c3a026600b1d459b117738c605fabc9e4e44 # v1
+              uses: cardinalby/git-get-release-action@5172c3a026600b1d459b117738c605fabc9e4e44 # 1.2.5
               env:
                   GITHUB_TOKEN: ${{ github.token }}
               with:
                   draft: true
                   latest: true
 
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   ref: staging
                   # We will be pushing to this branch and want the CI to run after we do so we cannot use the GITHUB_TOKEN
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
                   fetch-depth: 0
+                  persist-credentials: true
 
             - name: Get actions scripts
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: matrix-org/matrix-js-sdk
                   persist-credentials: false
@@ -92,6 +100,7 @@ jobs:
 
             - name: Prepare variables
               id: prepare
+              working-directory: ${{ inputs.dist-dir }}
               run: |
                   echo "VERSION=$VERSION" >> $GITHUB_ENV
 
@@ -106,7 +115,7 @@ jobs:
               run: echo "VERSION=$(echo $VERSION | cut -d- -f1)" >> $GITHUB_ENV
 
             - name: Check version number not in use
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               with:
                   script: |
                       const { VERSION } = process.env;
@@ -125,15 +134,17 @@ jobs:
                   git config --global user.email "releases@riot.im"
                   git config --global user.name "RiotRobot"
 
-            - uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
-                  node-version-file: package.json
+                  cache: "pnpm"
+                  node-version-file: ${{ inputs.dist-dir }}/package.json
 
             - name: Install dependencies
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: Handle develop dependencies
+              working-directory: ${{ inputs.dist-dir }}
               run: |
                   ret=0
                   cat package.json | jq -r '.dependencies | to_entries | .[] | "\(.key) \(.value)"' | grep '#develop$' | while read -r dep ; do
@@ -142,15 +153,19 @@ jobs:
                       VERSION=${dep[1]}
 
                       echo "::warning title=Develop dependency found::$DEPENDENCY will be kept at $VERSION"
-                      yarn upgrade "$PACKAGE@$VERSION" --exact
+                      pnpm add "$PACKAGE@$VERSION" --save-exact
                       git add -u
                       git commit -m "Keep $PACKAGE at $VERSION"
                   done
 
-            - name: Bump package.json version
+            - name: Bump package.json versions
               run: |
-                  yarn version --no-git-tag-version --new-version "${VERSION#v}"
-                  git add package.json
+                  for DIR in $DIRS; do
+                      pnpm version -C "$DIR" --no-git-tag-version "${VERSION#v}"
+                      git add "$DIR"/package.json
+                  done
+              env:
+                  DIRS: ${{ inputs.version-dirs || inputs.dist-dir }}
 
             - name: Add to CHANGELOG.md
               if: inputs.final
@@ -177,7 +192,8 @@ jobs:
 
             - name: Build assets
               if: steps.prepare.outputs.has-dist-script == '1'
-              run: DIST_VERSION="$VERSION" yarn dist
+              working-directory: ${{ inputs.dist-dir }}
+              run: DIST_VERSION="$VERSION" pnpm dist
 
             - name: Upload release assets & signatures
               if: inputs.asset-path
@@ -185,7 +201,7 @@ jobs:
               with:
                   gpg-fingerprint: ${{ inputs.gpg-fingerprint }}
                   upload-url: ${{ steps.draft-release.outputs.upload_url }}
-                  asset-path: ${{ inputs.asset-path }}
+                  asset-path: ${{ inputs.dist-dir }}/${{ inputs.asset-path }}
 
             - name: Create signed tag
               if: inputs.gpg-fingerprint
@@ -218,7 +234,7 @@ jobs:
 
             - name: Validate release has expected assets
               if: inputs.expected-asset-count
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               env:
                   RELEASE_ID: ${{ steps.draft-release.outputs.id }}
                   EXPECTED_ASSET_COUNT: ${{ inputs.expected-asset-count }}
@@ -246,7 +262,7 @@ jobs:
                   git push origin master
 
             - name: Publish release
-              uses: actions/github-script@v7
+              uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9
               env:
                   RELEASE_ID: ${{ steps.draft-release.outputs.id }}
                   FINAL: ${{ inputs.final }}
@@ -278,9 +294,12 @@ jobs:
         name: Publish to npm
         needs: release
         if: inputs.npm
-        uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop
-        secrets:
-            NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-npm.yml@develop # zizmor: ignore[unpinned-uses]
+        with:
+            dir: ${{ inputs.dist-dir }}
+        permissions:
+            contents: read
+            id-token: write
 
     post-release:
         name: Post release steps

.github/workflows/release-npm.yml

@@ -1,52 +1,53 @@
 name: Publish to npm
 on:
     workflow_call:
-        secrets:
-            NPM_TOKEN:
-                required: true
+        inputs:
+            dir:
+                description: The directory to release
+                type: string
+                default: "."
         outputs:
             id:
                 description: "The npm package@version string we published"
                 value: ${{ jobs.npm.outputs.id }}
-permissions: {} # No permissions required
+permissions: {}
 jobs:
     npm:
         name: Publish to npm
         runs-on: ubuntu-24.04
+        permissions:
+            contents: read
+            id-token: write
         outputs:
             id: ${{ steps.npm-publish.outputs.id }}
         steps:
             - name: 🧮 Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   ref: staging
+                  persist-credentials: false
 
-            - name: 🔧 Yarn cache
-              uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - name: 🔧 pnpm cache
+              uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
+                  cache: "pnpm"
                   registry-url: "https://registry.npmjs.org"
-                  node-version-file: package.json
+                  node-version-file: ${{ inputs.dir }}/package.json
+
+            # Ensure npm 11.5.1 or later is installed
+            - name: Update npm
+              run: npm install -g npm@latest
 
             - name: 🔨 Install dependencies
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: 🚀 Publish to npm
               id: npm-publish
-              uses: JS-DevTools/npm-publish@19c28f1ef146469e409470805ea4279d47c3d35c # v3.1.1
-              with:
-                  token: ${{ secrets.NPM_TOKEN }}
-                  access: public
-                  tag: next
-                  ignore-scripts: false
-
-            - name: Check npm package was published
-              if: steps.npm-publish.outputs.id == ''
-              run: exit 1
-
-            - name: 🎖️ Add `latest` dist-tag to final releases
-              if: steps.npm-publish.outputs.id && !contains(steps.npm-publish.outputs.id, '-rc.')
-              run: npm dist-tag add "$release" latest
+              working-directory: ${{ inputs.dir }}
+              run: |
+                  npm publish --provenance --access public --tag "$TAG"
+                  release=$(jq -r '"\(.name)@\(.version)"' package.json)
+                  echo "id=$release" >> $GITHUB_OUTPUT
               env:
-                  NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-                  release: ${{ steps.npm-publish.outputs.id }}
+                  TAG: ${{ contains(steps.npm-publish.outputs.id, '-rc.') && 'next' || 'latest' }}

.github/workflows/release.yml

@@ -24,11 +24,12 @@ concurrency: ${{ github.workflow }}
 permissions: {} # No permissions required
 jobs:
     release:
-        uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop
+        uses: matrix-org/matrix-js-sdk/.github/workflows/release-make.yml@develop # zizmor: ignore[unpinned-uses,secrets-inherit]
         permissions:
             contents: write
             issues: write
             pull-requests: read
+            id-token: write
         secrets: inherit
         with:
             final: ${{ inputs.mode == 'final' }}
@@ -40,28 +41,32 @@ jobs:
         runs-on: ubuntu-24.04
         strategy:
             matrix:
-                repo:
-                    - element-hq/element-web
+                include:
+                    - repo: element-hq/element-web
+                      path: apps/web
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: ${{ matrix.repo }}
                   ref: staging
                   token: ${{ secrets.ELEMENT_BOT_TOKEN }}
+                  persist-credentials: true
 
-            - uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
+                  cache: "pnpm"
                   node-version: "lts/*"
 
             - name: Bump dependency
               env:
                   DEPENDENCY: ${{ needs.release.outputs.npm-id }}
+                  DIR: ${{ matrix.path }}
               run: |
                   git config --global user.email "releases@riot.im"
                   git config --global user.name "RiotRobot"
-                  yarn upgrade "$DEPENDENCY" --exact
-                  git add package.json yarn.lock
+                  pnpm add -C "$DIR" "$DEPENDENCY" --save-exact
+                  git add "$DIR"/package.json pnpm-lock.yaml
                   git commit -am"Upgrade dependency to $DEPENDENCY"
                   git push origin staging
 
@@ -72,22 +77,25 @@ jobs:
         runs-on: ubuntu-24.04
         steps:
             - name: 🧮 Checkout code
-              uses: actions/checkout@v4
-
-            - name: 🔧 Yarn cache
-              uses: actions/setup-node@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - name: 🔧 pnpm cache
+              uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: 🔨 Install dependencies
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: 📖 Generate docs
-              run: yarn gendoc
+              run: pnpm gendoc
 
             - name: Upload artifact
-              uses: actions/upload-pages-artifact@v3
+              uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5
               with:
                   path: _docs
 
@@ -105,4 +113,4 @@ jobs:
         steps:
             - name: Deploy to GitHub Pages
               id: deployment
-              uses: actions/deploy-pages@v4
+              uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5

.github/workflows/sonarcloud.yml

@@ -12,7 +12,11 @@ on:
             sharded:
                 type: boolean
                 required: false
-                description: "Whether to combine multiple LCOV and jest-sonar-report files in coverage artifact"
+                description: "Whether to combine multiple LCOV and sonar-report files in coverage artifact"
+            version-pkg-json-dir:
+                type: string
+                default: "."
+                description: "Relative path of the directory containing package.json with the `version` to use."
 permissions: {}
 jobs:
     sonarqube:
@@ -27,7 +31,7 @@ jobs:
         steps:
             # We create the status here and then update it to success/failure in the `report` stage
             # This provides an easy link to this workflow_run from the PR before Sonarcloud is done.
-            - uses: guibranco/github-status-action-v2@66088c44e212a906c32a047529a213d81809ec1c
+            - uses: guibranco/github-status-action-v2@9bfa8773cdbdc6c185747fd43cd7faa9d7c32f09
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}
                   state: pending
@@ -36,14 +40,15 @@ jobs:
                   target_url: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
 
             - name: "🧮 Checkout code"
-              uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: ${{ github.event.workflow_run.head_repository.full_name }}
                   ref: ${{ github.event.workflow_run.head_branch }} # checkout commit that triggered this workflow
                   fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+                  persist-credentials: false
 
             - name: 📥 Download artifact
-              uses: actions/download-artifact@v4
+              uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
               if: ${{ !inputs.sharded }}
               with:
                   github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -51,14 +56,13 @@ jobs:
                   name: coverage
                   path: coverage
             - name: 📥 Download sharded artifacts
-              uses: actions/download-artifact@v4
+              uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
               if: inputs.sharded
               with:
                   github-token: ${{ secrets.GITHUB_TOKEN }}
                   run-id: ${{ github.event.workflow_run.id }}
                   pattern: coverage-*
                   path: coverage
-                  merge-multiple: true
             - name: Check coverage artifact
               run: |
                   if [ ! -d coverage ]; then
@@ -70,24 +74,25 @@ jobs:
               run: |
                   coverage=$(find coverage -type f -name '*lcov.info' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
                   echo "sonar.javascript.lcov.reportPaths=$coverage" >> sonar-project.properties
-                  reports=$(find coverage -type f -name 'jest-sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
+                  reports=$(find coverage -type f -name '*sonar-report*.xml' -printf '%h/%f,' | tr -d '\r\n' | sed 's/,$//g')
                   echo "sonar.testExecutionReportPaths=$reports" >> sonar-project.properties
 
             - name: "🩻 SonarCloud Scan"
               id: sonarcloud
-              uses: matrix-org/sonarcloud-workflow-action@v3.3
+              uses: matrix-org/sonarcloud-workflow-action@13968a27c924fa19b1dacbce6ca3ff217daa775b
               # workflow_run fails report against the develop commit always, we don't want that for PRs
               continue-on-error: ${{ github.event.workflow_run.head_branch != 'develop' }}
               with:
                   skip_checkout: true
                   repository: ${{ github.event.workflow_run.head_repository.full_name }}
                   is_pr: ${{ github.event.workflow_run.event == 'pull_request' }}
-                  version_cmd: "cat package.json | jq -r .version"
+                  skip_coverage_label: Z-Skip-Coverage
+                  version_cmd: "cat ${{ inputs.version-pkg-json-dir }}/package.json | jq -r .version"
                   branch: ${{ github.event.workflow_run.head_branch }}
                   revision: ${{ github.event.workflow_run.head_sha }}
                   token: ${{ secrets.SONAR_TOKEN }}
 
-            - uses: guibranco/github-status-action-v2@66088c44e212a906c32a047529a213d81809ec1c
+            - uses: guibranco/github-status-action-v2@9bfa8773cdbdc6c185747fd43cd7faa9d7c32f09
               if: always()
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/sonarqube.yml

@@ -1,6 +1,8 @@
 name: SonarQube
 on:
-    workflow_run:
+    # Privilege escalation necessary to call upon SonarCloud
+    # 🚨 We must not execute any checked out code here.
+    workflow_run: # zizmor: ignore[dangerous-triggers]
         workflows: ["Tests"]
         types:
             - completed
@@ -16,7 +18,7 @@ jobs:
             actions: read
             statuses: write
             id-token: write # sonar
-        uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop
+        uses: matrix-org/matrix-js-sdk/.github/workflows/sonarcloud.yml@develop # zizmor: ignore[unpinned-uses]
         secrets:
             SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
             ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/static_analysis.yml

@@ -14,72 +14,121 @@ jobs:
         name: "Typescript Syntax Check"
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-node@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install"
+              run: "pnpm install"
 
             - name: Typecheck
-              run: "yarn run lint:types"
+              run: "pnpm run lint:types"
 
     js_lint:
         name: "ESLint"
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-node@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install"
+              run: "pnpm install"
 
             - name: Run Linter
-              run: "yarn run lint:js"
+              run: "pnpm run lint:js"
+
+    node_example_lint:
+        name: "Node.js example"
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+              with:
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
+                  node-version-file: package.json
+
+            - name: Install Deps
+              run: "pnpm install"
+
+            - name: Build Types
+              run: "pnpm build:types"
+
+            - name: Install Example Deps
+              run: "npm install"
+              working-directory: "examples/node"
+
+            - name: Check Syntax
+              run: "node --check app.js"
+              working-directory: "examples/node"
+
+            - name: Typecheck
+              run: "npx tsc"
+              working-directory: "examples/node"
 
     workflow_lint:
         name: "Workflow Lint"
         runs-on: ubuntu-24.04
+        permissions:
+            security-events: write
         steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-node@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: Run Linter
-              run: "yarn lint:workflows"
+              run: "pnpm lint:workflows"
+
+            - name: Run zizmor
+              uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
 
     docs:
         name: "JSDoc Checker"
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-node@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install"
+              run: "pnpm install"
 
             - name: Generate Docs
-              run: "yarn run gendoc --treatWarningsAsErrors --suppressCommentWarningsInDeclarationFiles"
+              run: "pnpm run gendoc --treatWarningsAsErrors --suppressCommentWarningsInDeclarationFiles"
 
             - name: Upload Artifact
-              uses: actions/upload-artifact@v4
+              uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
               with:
                   name: docs
                   path: _docs
@@ -90,31 +139,36 @@ jobs:
         name: "Analyse Dead Code"
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
-
-            - uses: actions/setup-node@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
-                  cache: "yarn"
+                  persist-credentials: false
+
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+              with:
+                  cache: "pnpm"
                   node-version-file: package.json
 
             - name: Install Deps
-              run: "yarn install --frozen-lockfile"
+              run: "pnpm install --frozen-lockfile"
 
             - name: Run linter
-              run: "yarn run lint:knip"
+              run: "pnpm run lint:knip"
 
     element-web:
         name: Downstream tsc element-web
         if: github.event_name == 'merge_group'
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/checkout@v4
+            - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
               with:
                   repository: element-hq/element-web
+                  persist-credentials: false
 
-            - uses: actions/setup-node@v4
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
+            - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
+                  cache: "pnpm"
                   node-version: "lts/*"
 
             - name: Install Dependencies
@@ -124,15 +178,22 @@ jobs:
                   JS_SDK_GITHUB_BASE_REF: ${{ github.sha }}
 
             - name: Typecheck
-              run: "yarn run lint:types"
+              working-directory: apps/web
+              run: "pnpm run lint:types"
 
-    # Hook for branch protection to skip downstream typechecking outside of merge queues
-    downstream:
-        name: Downstream Typescript Syntax Check
+    # Workflow consolidation job
+    done:
+        needs:
+            - ts_lint
+            - js_lint
+            - node_example_lint
+            - workflow_lint
+            - docs
+            - analyse_dead_code
+            - element-web
+        name: Static Analysis
         runs-on: ubuntu-24.04
         if: always()
-        needs:
-            - element-web
         steps:
-            - if: needs.element-web.result != 'skipped' && needs.element-web.result != 'success'
+            - if: contains(needs.*.result , 'failure') || contains(needs.*.result, 'cancelled')
               run: exit 1

.github/workflows/sync-labels.yml

@@ -11,7 +11,7 @@ on:
 permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
     sync-labels:
-        uses: element-hq/element-meta/.github/workflows/sync-labels.yml@develop
+        uses: element-hq/element-meta/.github/workflows/sync-labels.yml@7f2f93fb9b52ece7a0998f60e64862aa203c1746
         with:
             LABELS: |
                 element-hq/element-meta

.github/workflows/tests.yml

@@ -12,8 +12,8 @@ env:
     ENABLE_COVERAGE: ${{ github.event_name != 'merge_group' }}
 permissions: {} # No permissions required
 jobs:
-    jest:
-        name: "Jest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})"
+    test:
+        name: "Vitest [${{ matrix.specs }}] (Node ${{ matrix.node == '*' && 'latest' || matrix.node }})"
         runs-on: ubuntu-24.04
         timeout-minutes: 10
         strategy:
@@ -22,17 +22,20 @@ jobs:
                 node: ["lts/*", 22]
         steps:
             - name: Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+              with:
+                  persist-credentials: false
 
+            - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5
             - name: Setup Node
               id: setupNode
-              uses: actions/setup-node@v4
+              uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
               with:
-                  cache: "yarn"
+                  cache: "pnpm"
                   node-version: ${{ matrix.node }}
 
             - name: Install dependencies
-              run: "yarn install"
+              run: "pnpm install"
 
             - name: Get number of CPU cores
               id: cpu-cores
@@ -40,24 +43,23 @@ jobs:
 
             - name: Run tests
               run: |
-                  yarn test \
-                      --coverage=${{ env.ENABLE_COVERAGE }} \
-                      --ci \
-                      --max-workers ${{ steps.cpu-cores.outputs.count }} \
+                  pnpm test \
+                      --coverage=${ENABLE_COVERAGE} \
+                      --maxWorkers ${NUM_WORKERS} \
                       ./spec/${{ matrix.specs }}
               env:
-                  JEST_SONAR_UNIQUE_OUTPUT_NAME: true
-
-                  # tell jest to use coloured output
-                  FORCE_COLOR: true
+                  SHARD: ${{ matrix.specs }}
+                  NUM_WORKERS: ${{ steps.cpu-cores.outputs.count }}
 
             - name: Move coverage files into place
               if: env.ENABLE_COVERAGE == 'true'
-              run: mv coverage/lcov.info coverage/${{ steps.setupNode.outputs.node-version }}-${{ matrix.specs }}.lcov.info
+              run: mv coverage/lcov.info coverage/${NODE_VERSION}-${{ matrix.specs }}.lcov.info
+              env:
+                  NODE_VERSION: ${{ steps.setupNode.outputs.node-version }}
 
             - name: Upload Artifact
               if: env.ENABLE_COVERAGE == 'true'
-              uses: actions/upload-artifact@v4
+              uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
               with:
                   name: coverage-${{ matrix.specs }}-${{ matrix.node == 'lts/*' && 'lts' || matrix.node }}
                   path: |
@@ -65,19 +67,19 @@ jobs:
                       !coverage/lcov-report
 
     # Dummy completion job to simplify branch protections
-    jest-complete:
-        name: Jest tests
-        needs: jest
+    complete:
+        name: Tests
+        needs: test
         if: always()
         runs-on: ubuntu-24.04
         steps:
-            - if: needs.jest.result != 'skipped' && needs.jest.result != 'success'
+            - if: needs.test.result != 'skipped' && needs.test.result != 'success'
               run: exit 1
 
     element-web:
         name: Downstream test element-web
         if: github.event_name == 'merge_group'
-        uses: element-hq/element-web/.github/workflows/tests.yml@develop
+        uses: element-hq/element-web/.github/workflows/tests.yml@develop # zizmor: ignore[unpinned-uses]
         permissions:
             statuses: write
         with:
@@ -87,8 +89,8 @@ jobs:
     complement-crypto:
         name: "Run Complement Crypto tests"
         if: github.event_name == 'merge_group'
-        permissions: read-all
-        uses: matrix-org/complement-crypto/.github/workflows/single_sdk_tests.yml@main
+        permissions: read-all # zizmor: ignore[excessive-permissions]
+        uses: matrix-org/complement-crypto/.github/workflows/single_sdk_tests.yml@main # zizmor: ignore[unpinned-uses]
         with:
             use_js_sdk: "."
 
@@ -116,7 +118,7 @@ jobs:
         steps:
             - name: Skip SonarCloud on merge queues
               if: env.ENABLE_COVERAGE == 'false'
-              uses: guibranco/github-status-action-v2@66088c44e212a906c32a047529a213d81809ec1c
+              uses: guibranco/github-status-action-v2@9bfa8773cdbdc6c185747fd43cd7faa9d7c32f09
               with:
                   authToken: ${{ secrets.GITHUB_TOKEN }}
                   state: success

.github/workflows/triage-incoming.yml

@@ -8,7 +8,7 @@ jobs:
     automate-project-columns-next:
         runs-on: ubuntu-24.04
         steps:
-            - uses: actions/add-to-project@main
+            - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
               with:
                   project-url: https://github.com/orgs/element-hq/projects/120
                   github-token: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/triage-labelled.yml

@@ -6,6 +6,6 @@ on:
 permissions: {} # We use ELEMENT_BOT_TOKEN instead
 jobs:
     call-triage-labelled:
-        uses: element-hq/element-web/.github/workflows/triage-labelled.yml@develop
+        uses: element-hq/element-web/.github/workflows/triage-labelled.yml@6339bcda15c71d209303b18a06a9b1c021220bf9
         secrets:
             ELEMENT_BOT_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/triage-stale.yml

@@ -0,0 +1,22 @@
+name: Close stale PRs
+on:
+    workflow_dispatch: {}
+    schedule:
+        - cron: "30 1 * * *"
+permissions: {}
+jobs:
+    close:
+        runs-on: ubuntu-24.04
+        permissions:
+            actions: write
+            issues: write
+            pull-requests: write
+        steps:
+            - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10
+              with:
+                  operations-per-run: 250
+                  days-before-issue-stale: -1
+                  days-before-issue-close: -1
+                  days-before-pr-stale: 180
+                  days-before-pr-close: 0
+                  close-pr-message: "This PR has been automatically closed because it has been stale for 180 days. If you wish to continue working on this PR, please ping a maintainer to reopen it."

.gitignore

@@ -13,8 +13,7 @@ out
 /dist
 /lib
 
-# version file and tarball created by `npm pack` / `yarn pack`
-/git-revision.txt
+# tarball created by `npm pack` / `yarn pack`
 /matrix-js-sdk-*.tgz
 
 .vscode

.prettierignore

@@ -3,6 +3,7 @@
 
 /.npmrc
 /*.log
+pnpm-lock.yaml
 package-lock.json
 .lock-wscript
 build/Release

CHANGELOG.md

@@ -1,3 +1,523 @@
+Changes in [41.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v41.3.0) (2026-04-07)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* Rotate the current room key when we see a member leave ([#5231](https://github.com/matrix-org/matrix-js-sdk/pull/5231)). Contributed by @kaylendog.
+
+
+Changes in [41.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v41.2.0) (2026-03-24)
+==================================================================================================
+## ✨ Features
+
+* Only share history if room history visibility is shared ([#5216](https://github.com/matrix-org/matrix-js-sdk/pull/5216)). Contributed by @kaylendog.
+* History sharing: resume key-bundle import on restart ([#5214](https://github.com/matrix-org/matrix-js-sdk/pull/5214)). Contributed by @richvdh.
+* Move `CryptoApi.shareRoomHistoryWithUser` to `CryptoBackend` ([#5218](https://github.com/matrix-org/matrix-js-sdk/pull/5218)). Contributed by @richvdh.
+
+
+Changes in [41.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v41.1.0) (2026-03-10)
+==================================================================================================
+## ✨ Features
+
+* Throw a specific error when the backup decryption key does not match the public backup ([#5202](https://github.com/matrix-org/matrix-js-sdk/pull/5202)). Contributed by @andybalaam.
+* Update getUrlPreview to use /\_matrix/client/v1/media/preview\_url ([#5191](https://github.com/matrix-org/matrix-js-sdk/pull/5191)). Contributed by @Half-Shot.
+
+
+Changes in [41.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v41.0.0) (2026-02-24)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Add support for Matrix Spec v1.13 ([#5160](https://github.com/matrix-org/matrix-js-sdk/pull/5160)). Contributed by @t3chguy.
+
+## ✨ Features
+
+* Download room keys from backup prior to buliding historic room key bundles ([#5171](https://github.com/matrix-org/matrix-js-sdk/pull/5171)). Contributed by @kaylendog.
+* Add support for Matrix Spec v1.13 ([#5160](https://github.com/matrix-org/matrix-js-sdk/pull/5160)). Contributed by @t3chguy.
+* Add logging on MSC4108 DELETE request ([#5140](https://github.com/matrix-org/matrix-js-sdk/pull/5140)). Contributed by @reivilibre.
+* Add `m.invite_permission_config` account data type ([#5183](https://github.com/matrix-org/matrix-js-sdk/pull/5183)). Contributed by @richvdh.
+
+## 🐛 Bug Fixes
+
+* fix(relations): prevent stale m.replace from overriding newer edits ([#5192](https://github.com/matrix-org/matrix-js-sdk/pull/5192)). Contributed by @basnijholt.
+* Fix reactive display name disambiguation ([#5135](https://github.com/matrix-org/matrix-js-sdk/pull/5135)). Contributed by @aditya-cherukuru.
+* Fix empty string to room compatibility trick to only apply to m.call ([#5172](https://github.com/matrix-org/matrix-js-sdk/pull/5172)). Contributed by @toger5.
+
+
+Changes in [40.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v40.2.0) (2026-02-10)
+==================================================================================================
+## 🦖 Deprecations
+
+* [MatrixRTC] Remove sending of deprecated `notify` event (we now use `m.rtc.notification`) ([#5167](https://github.com/matrix-org/matrix-js-sdk/pull/5167)). Contributed by @toger5.
+
+## ✨ Features
+
+* Use stable /auth\_metadata endpoint where homeserver supports v1.15 ([#5174](https://github.com/matrix-org/matrix-js-sdk/pull/5174)). Contributed by @hughns.
+* Support additional\_creators in upgradeRoom (MSC4289) ([#5173](https://github.com/matrix-org/matrix-js-sdk/pull/5173)). Contributed by @andybalaam.
+* [MatrixRTC] Minimal change to transition from "" to "ROOM" as the callId/slotId ([#5166](https://github.com/matrix-org/matrix-js-sdk/pull/5166)). Contributed by @toger5.
+* [MatrixRTC] Do not send the `livekit_alias` in sticky events ([#5165](https://github.com/matrix-org/matrix-js-sdk/pull/5165)). Contributed by @toger5.
+* Improve startup performance by using `promise.all` when processing rooms from sync ([#5095](https://github.com/matrix-org/matrix-js-sdk/pull/5095)). Contributed by @MidhunSureshR.
+* Add OAuthGrantType enum for OAuth 2.0 API grant types ([#5161](https://github.com/matrix-org/matrix-js-sdk/pull/5161)). Contributed by @hughns.
+* Add support for stable OAuth2.0 aware feature from MSC3824 ([#5159](https://github.com/matrix-org/matrix-js-sdk/pull/5159)). Contributed by @hughns.
+* Give RoomWidgetClient the ability to send and receive sticky events ([#5142](https://github.com/matrix-org/matrix-js-sdk/pull/5142)). Contributed by @robintown.
+
+## 🐛 Bug Fixes
+
+* [js sdk embedded/widget] Fix race where this.syncApi.injectRoomEvents was called before the syncApi is instantiated ([#5168](https://github.com/matrix-org/matrix-js-sdk/pull/5168)). Contributed by @toger5.
+* [MatrixRTC] Fix delayId not resetting on leave ([#5156](https://github.com/matrix-org/matrix-js-sdk/pull/5156)). Contributed by @toger5.
+
+
+Changes in [40.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v40.1.0) (2026-01-27)
+==================================================================================================
+## 🦖 Deprecations
+
+* Deprecate unused `EventShieldReason` reason codes ([#5127](https://github.com/matrix-org/matrix-js-sdk/pull/5127)). Contributed by @richvdh.
+
+## ✨ Features
+
+* Add stable m.oauth UIA stage enum ([#5138](https://github.com/matrix-org/matrix-js-sdk/pull/5138)). Contributed by @hughns.
+* Add `MatrixEvent.getKeyForwardingUser` ([#5128](https://github.com/matrix-org/matrix-js-sdk/pull/5128)). Contributed by @richvdh.
+* Add types for (unstable) policy servers ([#5116](https://github.com/matrix-org/matrix-js-sdk/pull/5116)). Contributed by @turt2live.
+
+## 🐛 Bug Fixes
+
+* [Backport staging] Recalculate room name on loading members ([#5164](https://github.com/matrix-org/matrix-js-sdk/pull/5164)). Contributed by @RiotRobot.
+* Avoid rapidly retrying failed requests ([#5146](https://github.com/matrix-org/matrix-js-sdk/pull/5146)). Contributed by @andybalaam.
+* [matrixRTC] MatrixRTCSessions, add missing event reemission. ([#5144](https://github.com/matrix-org/matrix-js-sdk/pull/5144)). Contributed by @toger5.
+* Use normal base64 encoding for RTC backend identities ([#5129](https://github.com/matrix-org/matrix-js-sdk/pull/5129)). Contributed by @robintown.
+* export parseCallNotificationContent and isMyMembership from RTC types ([#5132](https://github.com/matrix-org/matrix-js-sdk/pull/5132)). Contributed by @Half-Shot.
+
+
+Changes in [40.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v40.0.0) (2026-01-13)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* MatrixRTC Pseudonymous livekit identities ([#5110](https://github.com/matrix-org/matrix-js-sdk/pull/5110)). Contributed by @toger5.
+
+## 🦖 Deprecations
+
+* Mark `forwardingCurve25519KeyChain` as deprecated ([#5111](https://github.com/matrix-org/matrix-js-sdk/pull/5111)). Contributed by @richvdh.
+* Mark `IEventDecryptionResult` as deprecated ([#5112](https://github.com/matrix-org/matrix-js-sdk/pull/5112)). Contributed by @richvdh.
+
+## ✨ Features
+
+* Implement MSC4387: M\_SAFETY error ([#5107](https://github.com/matrix-org/matrix-js-sdk/pull/5107)). Contributed by @Half-Shot.
+* Implement \_unstable\_getRTCTransports for MSC4143 ([#5104](https://github.com/matrix-org/matrix-js-sdk/pull/5104)). Contributed by @Half-Shot.
+* Use `membershipID` for session events ([#5105](https://github.com/matrix-org/matrix-js-sdk/pull/5105)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Make MatrixRTC encryption key types narrower for TS 5.9 compatibility ([#5117](https://github.com/matrix-org/matrix-js-sdk/pull/5117)). Contributed by @robintown.
+* Re-check outgoing requests after processing them ([#5109](https://github.com/matrix-org/matrix-js-sdk/pull/5109)). Contributed by @andybalaam.
+* Make token refresher init itself lazily ([#5106](https://github.com/matrix-org/matrix-js-sdk/pull/5106)). Contributed by @dbkr.
+
+
+Changes in [39.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.4.0) (2025-12-16)
+==================================================================================================
+## ✨ Features
+
+* Import room key bundles received after invite. ([#5080](https://github.com/matrix-org/matrix-js-sdk/pull/5080)). Contributed by @kaylendog.
+
+## 🐛 Bug Fixes
+
+* Allow msc4354\_sticky\_key to be optional on sticky events. ([#5073](https://github.com/matrix-org/matrix-js-sdk/pull/5073)). Contributed by @Half-Shot.
+* Handle all response fields from /context API being optional ([#5089](https://github.com/matrix-org/matrix-js-sdk/pull/5089)). Contributed by @t3chguy.
+
+
+Changes in [39.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.3.0) (2025-12-02)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* Re-add truthy check on room name/avatar/alias events ([#5081](https://github.com/matrix-org/matrix-js-sdk/pull/5081)). Contributed by @t3chguy.
+* Fix invalid state events corrupting room objects ([#5078](https://github.com/matrix-org/matrix-js-sdk/pull/5078)). Contributed by @t3chguy.
+
+
+Changes in [39.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.2.0) (2025-11-18)
+==================================================================================================
+## ✨ Features
+
+* Delayed event management: split endpoints, no auth ([#5066](https://github.com/matrix-org/matrix-js-sdk/pull/5066)). Contributed by @AndrewFerr.
+* do not set cache in authenticated fetch ([#5020](https://github.com/matrix-org/matrix-js-sdk/pull/5020)). Contributed by @pkuzco.
+
+## 🐛 Bug Fixes
+
+* Fix media switching during legacy calls ([#5069](https://github.com/matrix-org/matrix-js-sdk/pull/5069)). Contributed by @langleyd.
+
+
+Changes in [39.1.2](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.1.2) (2025-11-04)
+==================================================================================================
+Re-release of v39.1.0 to fix npm publishing workflow
+
+
+
+Changes in [39.1.1](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.1.1) (2025-11-04)
+==================================================================================================
+Re-release of v39.1.0 to fix npm publishing workflow
+
+Changes in [39.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.1.0) (2025-11-04)
+==================================================================================================
+## ✨ Features
+
+* [MatrixRTC] Sticky Events support (MSC4354) ([#5017](https://github.com/matrix-org/matrix-js-sdk/pull/5017)). Contributed by @toger5.
+* Add `CryptoApi.getSecretStorageStatus` ([#5054](https://github.com/matrix-org/matrix-js-sdk/pull/5054)). Contributed by @richvdh.
+* Add parseCallNotificationContent ([#5015](https://github.com/matrix-org/matrix-js-sdk/pull/5015)). Contributed by @toger5.
+* MSC4140: support filters on delayed event lookup  ([#5038](https://github.com/matrix-org/matrix-js-sdk/pull/5038)). Contributed by @AndrewFerr.
+
+
+Changes in [39.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v39.0.0) (2025-10-21)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* [MatrixRTC] Multi SFU support + m.rtc.member event type support ([#5022](https://github.com/matrix-org/matrix-js-sdk/pull/5022)). Contributed by @toger5.
+
+## ✨ Features
+
+* [MatrixRTC] Multi SFU support + m.rtc.member event type support ([#5022](https://github.com/matrix-org/matrix-js-sdk/pull/5022)). Contributed by @toger5.
+* Implement Sticky Events MSC4354 ([#5028](https://github.com/matrix-org/matrix-js-sdk/pull/5028)). Contributed by @Half-Shot.
+* feat(client): allow disabling VoIP support ([#5021](https://github.com/matrix-org/matrix-js-sdk/pull/5021)). Contributed by @pkuzco.
+
+## 🐛 Bug Fixes
+
+* Only use the first 3 viaServers specified ([#5034](https://github.com/matrix-org/matrix-js-sdk/pull/5034)). Contributed by @t3chguy.
+* Fetch the user's device info before processing a verification request ([#5030](https://github.com/matrix-org/matrix-js-sdk/pull/5030)). Contributed by @andybalaam.
+
+
+Changes in [38.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.4.0) (2025-10-07)
+==================================================================================================
+## ✨ Features
+
+* Add call intent to RTC call notifications ([#5010](https://github.com/matrix-org/matrix-js-sdk/pull/5010)). Contributed by @Half-Shot.
+* Implement experimental encrypted state events. ([#4994](https://github.com/matrix-org/matrix-js-sdk/pull/4994)). Contributed by @kaylendog.
+
+## 🐛 Bug Fixes
+
+* Exclude cancelled requests from in-progress lists ([#5016](https://github.com/matrix-org/matrix-js-sdk/pull/5016)). Contributed by @andybalaam.
+
+
+Changes in [38.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.3.0) (2025-09-23)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* Remove knocked room when membership changes to join ([#4977](https://github.com/matrix-org/matrix-js-sdk/pull/4977)). Contributed by @svajunas-budrys.
+
+
+Changes in [38.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.2.0) (2025-09-16)
+==================================================================================================
+Fix [CVE-2025-59160](https://www.cve.org/CVERecord?id=CVE-2025-59160) / [GHSA-mp7c-m3rh-r56v](https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mp7c-m3rh-r56v)
+
+
+
+Changes in [38.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.1.0) (2025-09-09)
+==================================================================================================
+## ✨ Features
+
+* Remove custom `org.matrix.msc4075.rtc.notification.parent` relation type ([#4979](https://github.com/matrix-org/matrix-js-sdk/pull/4979)). Contributed by @toger5.
+* MatrixRTC: Add RTC decline event ([#4978](https://github.com/matrix-org/matrix-js-sdk/pull/4978)). Contributed by @toger5.
+* Make a MatrixRTCSession emit once the RTCNotification is sent ([#4976](https://github.com/matrix-org/matrix-js-sdk/pull/4976)). Contributed by @toger5.
+* Use hydra semantics for unknown room versions ([#4957](https://github.com/matrix-org/matrix-js-sdk/pull/4957)). Contributed by @dbkr.
+* Expose the StatusChanged event through the RTCSession ([#4974](https://github.com/matrix-org/matrix-js-sdk/pull/4974)). Contributed by @toger5.
+* Add `probablyLeft` event to the MatrixRTCSession ([#4962](https://github.com/matrix-org/matrix-js-sdk/pull/4962)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Fix `m.topic` format ([#4984](https://github.com/matrix-org/matrix-js-sdk/pull/4984)). Contributed by @tulir.
+* Fix stable-suffixed MSC4133 support ([#4983](https://github.com/matrix-org/matrix-js-sdk/pull/4983)). Contributed by @dbkr.
+* Fix thread edit aggregation race condition ([#4980](https://github.com/matrix-org/matrix-js-sdk/pull/4980)). Contributed by @basnijholt.
+
+
+Changes in [38.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v38.0.0) (2025-08-27)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Release tranche of breaking changes ([#4975](https://github.com/matrix-org/matrix-js-sdk/pull/4975)). 
+* Remove support for FetchHttpApi `onlyData = false`
+* Remove deprecated `IJoinRoomOpts.syncRoom`
+* Remove deprecated methods which are unsupported in rust crypto
+* Remove deprecated getAuthIssuer method
+* Remove deprecated beginKeyVerification method
+* Remove deprecated isEncryptedDisabledForUnverifiedDevices getter 
+* Remove deprecated UndecryptableToDeviceEvent MatrixClient emit
+* Remove deprecated defer utility method
+* Remove deprecated UIAResponse dummy type 
+* Remove deprecated MatrixRTCSession MembershipConfig fields 
+* Remove deprecated findVerificationRequestDMInProgress and storeSessionBackupPrivateKey methods in favour of overloads
+
+## ✨ Features
+
+* Allow multiple rtc sessions per room (with different sessionDescriptions) ([#4945](https://github.com/matrix-org/matrix-js-sdk/pull/4945)). Contributed by @toger5.
+* Add support for login\_hint in authorization url generation ([#4943](https://github.com/matrix-org/matrix-js-sdk/pull/4943)). Contributed by @odelcroi.
+* Only process MatrixRTC sessions associated with calls for `callMembershipsForRoom` ([#4960](https://github.com/matrix-org/matrix-js-sdk/pull/4960)). Contributed by @fkwp.
+
+
+Changes in [37.13.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.13.0) (2025-08-11)
+====================================================================================================
+This release supports new v12 Matrix rooms and consequently has a breaking change, removing powerLevelNorm from the RoomMember object as this can't be supported with infinite power levels. Apps should use the non-normalised `powerLevel` instead.
+
+## 🚨 BREAKING CHANGES
+
+* [Backport staging] Support for creator power level ([#4954](https://github.com/matrix-org/matrix-js-sdk/pull/4954)). Contributed by @RiotRobot.
+
+## ✨ Features
+
+* [Backport staging] Support v12 rooms in maySendEvent ([#4956](https://github.com/matrix-org/matrix-js-sdk/pull/4956)). Contributed by @RiotRobot.
+* [Backport staging] Support for creator power level ([#4954](https://github.com/matrix-org/matrix-js-sdk/pull/4954)). Contributed by @RiotRobot.
+* Experimental support for sharing encrypted history on invite ([#4920](https://github.com/matrix-org/matrix-js-sdk/pull/4920)). Contributed by @richvdh.
+* Use the logger associated with MatrixClient in rust sdk ([#4918](https://github.com/matrix-org/matrix-js-sdk/pull/4918)). Contributed by @richvdh.
+* Update to matrix-sdk-crypto-wasm 15.1.0, and add new `ShieldStateCode.MismatchedSender` ([#4916](https://github.com/matrix-org/matrix-js-sdk/pull/4916)). Contributed by @richvdh.
+
+## 🐛 Bug Fixes
+
+* Fix unknown/broken state in the RTC Membership Manager causing unnecassary error logging. ([#4944](https://github.com/matrix-org/matrix-js-sdk/pull/4944)). Contributed by @toger5.
+
+
+Changes in [37.12.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.12.0) (2025-07-29)
+====================================================================================================
+## 🦖 Deprecations
+
+* Deprecate non-functional `IJoinRoomOpts.syncRoom` ([#4913](https://github.com/matrix-org/matrix-js-sdk/pull/4913)). Contributed by @richvdh.
+
+## ✨ Features
+
+* Custom abort timeout logic for restarting delayed events that is compatible with the widget api ([#4927](https://github.com/matrix-org/matrix-js-sdk/pull/4927)). Contributed by @toger5.
+* Allow sending notification events when starting a call ([#4826](https://github.com/matrix-org/matrix-js-sdk/pull/4826)). Contributed by @robintown.
+
+## 🐛 Bug Fixes
+
+* Fix deep import incompatibility (#4924) ([#4925](https://github.com/matrix-org/matrix-js-sdk/pull/4925)). Contributed by @toriningen.
+* Fix more incorrect logger use ([#4904](https://github.com/matrix-org/matrix-js-sdk/pull/4904)). Contributed by @richvdh.
+
+
+Changes in [37.11.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.11.0) (2025-07-15)
+====================================================================================================
+## ✨ Features
+
+* Update README to make Element sponsorship explicit ([#4901](https://github.com/matrix-org/matrix-js-sdk/pull/4901)). Contributed by @neilisfragile.
+* Use client logger in more places (crypto code) ([#4900](https://github.com/matrix-org/matrix-js-sdk/pull/4900)). Contributed by @richvdh.
+* Use client logger in `MatrixRTCSessionManager` ([#4898](https://github.com/matrix-org/matrix-js-sdk/pull/4898)). Contributed by @richvdh.
+* Use client logger in more places (core code) ([#4899](https://github.com/matrix-org/matrix-js-sdk/pull/4899)). Contributed by @richvdh.
+* crypto: Add new `ClientEvent.ReceivedToDeviceMessage` with proper `OlmEncryptionInfo` support ([#4891](https://github.com/matrix-org/matrix-js-sdk/pull/4891)). Contributed by @BillCarsonFr.
+
+
+Changes in [37.10.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.10.0) (2025-07-01)
+====================================================================================================
+## ✨ Features
+
+* Update matrix-sdk-crypto-wasm to `15.0.0` ([#4882](https://github.com/matrix-org/matrix-js-sdk/pull/4882)). Contributed by @richvdh.
+* Allow customizing the IndexedDB database prefix used by Rust crypto. ([#4878](https://github.com/matrix-org/matrix-js-sdk/pull/4878)). Contributed by @clokep.
+* Remove `@matrix-org/olm` from dependency list ([#4876](https://github.com/matrix-org/matrix-js-sdk/pull/4876)). Contributed by @richvdh.
+* Redact on ban: Client implementation ([#4867](https://github.com/matrix-org/matrix-js-sdk/pull/4867)). Contributed by @turt2live.
+
+
+Changes in [37.9.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.9.0) (2025-06-17)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* Ensure we send spec-compliant filter strings by stripping out null values ([#4865](https://github.com/matrix-org/matrix-js-sdk/pull/4865)). Contributed by @t3chguy.
+* Fix MatrixRTC membership manager failing to rejoin in a race condition (sync vs not found response) ([#4861](https://github.com/matrix-org/matrix-js-sdk/pull/4861)). Contributed by @toger5.
+* Include extraParams in all HTTP requests ([#4860](https://github.com/matrix-org/matrix-js-sdk/pull/4860)). Contributed by @rsb-tbg.
+
+
+Changes in [37.8.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.8.0) (2025-06-10)
+==================================================================================================
+## 🐛 Bug Fixes
+
+* [Backport staging] Update dependency @matrix-org/matrix-sdk-crypto-wasm to v14.2.1 ([#4869](https://github.com/matrix-org/matrix-js-sdk/pull/4869)). Contributed by @RiotRobot.
+
+
+Changes in [37.7.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.7.0) (2025-06-03)
+==================================================================================================
+## 🦖 Deprecations
+
+* MatrixRTC: Rename `MembershipConfig` parameters ([#4714](https://github.com/matrix-org/matrix-js-sdk/pull/4714)). Contributed by @toger5.
+
+## ✨ Features
+
+* Allow the embedded client to work without update\_state support ([#4849](https://github.com/matrix-org/matrix-js-sdk/pull/4849)). Contributed by @robintown.
+* Check for `unknown variant` on to-device sending and fall back to room event encryption. ([#4847](https://github.com/matrix-org/matrix-js-sdk/pull/4847)). Contributed by @toger5.
+* Reapply "Distinguish room state and timeline events in embedded clients" ([#4790](https://github.com/matrix-org/matrix-js-sdk/pull/4790)). Contributed by @robintown.
+
+
+Changes in [37.6.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.6.0) (2025-05-20)
+==================================================================================================
+## 🦖 Deprecations
+
+* Deprecate utils function `defer` in favour of `Promise.withResolvers` ([#4829](https://github.com/matrix-org/matrix-js-sdk/pull/4829)). Contributed by @t3chguy.
+
+## ✨ Features
+
+* Update to Node 22 LTS ([#4832](https://github.com/matrix-org/matrix-js-sdk/pull/4832)). Contributed by @t3chguy.
+
+## 🐛 Bug Fixes
+
+* Fix autodiscovery handling of 2xx (non-200) codes ([#4833](https://github.com/matrix-org/matrix-js-sdk/pull/4833)). Contributed by @t3chguy.
+
+
+Changes in [37.5.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.5.0) (2025-05-06)
+==================================================================================================
+## ✨ Features
+
+* Stabilise MSC3765 ([#4767](https://github.com/matrix-org/matrix-js-sdk/pull/4767)). Contributed by @Johennes.
+* Inherit `methodFactory` extensions from the parent to the child loggers. ([#4809](https://github.com/matrix-org/matrix-js-sdk/pull/4809)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* [Backport staging] Fix token refresh behaviour for non-expired tokens ([#4827](https://github.com/matrix-org/matrix-js-sdk/pull/4827)). Contributed by @RiotRobot.
+* Refactor how token refreshing works to be more resilient ([#4819](https://github.com/matrix-org/matrix-js-sdk/pull/4819)). Contributed by @t3chguy.
+
+
+Changes in [37.4.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.4.0) (2025-04-22)
+==================================================================================================
+## ✨ Features
+
+* MatrixRTC: Add combined `toDeviceAndRoomKeyTransport` ([#4792](https://github.com/matrix-org/matrix-js-sdk/pull/4792)). Contributed by @toger5.
+* Make logging consistent for matrixRTC ([#4788](https://github.com/matrix-org/matrix-js-sdk/pull/4788)). Contributed by @toger5.
+* MatrixRTC: ToDevice distribution for media stream keys ([#4785](https://github.com/matrix-org/matrix-js-sdk/pull/4785)). Contributed by @BillCarsonFr.
+
+## 🐛 Bug Fixes
+
+* Fix token refresh racing with other requests and not using new token ([#4798](https://github.com/matrix-org/matrix-js-sdk/pull/4798)). Contributed by @t3chguy.
+* Fix fallback to MemoryCryptoStore when LocalStorage unavailable ([#4797](https://github.com/matrix-org/matrix-js-sdk/pull/4797)). Contributed by @t3chguy.
+* Remove duplicate `deleteSecretStorage` in `RustCrypto.resetEncryption` ([#4789](https://github.com/matrix-org/matrix-js-sdk/pull/4789)). Contributed by @florianduros.
+* Fix `RustCrypto.resetEncryption` failure ([#4772](https://github.com/matrix-org/matrix-js-sdk/pull/4772)). Contributed by @florianduros.
+
+
+Changes in [37.3.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.3.0) (2025-04-08)
+==================================================================================================
+## ✨ Features
+
+* MatrixRTC MembershipManger: remove redundant sendDelayedEventAction and expose status ([#4747](https://github.com/matrix-org/matrix-js-sdk/pull/4747)). Contributed by @toger5.
+* Abstract logout-causing error type from tokenRefreshFunction calls ([#4765](https://github.com/matrix-org/matrix-js-sdk/pull/4765)). Contributed by @t3chguy.
+* Improve PushProcessor::getPushRuleGlobRegex ([#4764](https://github.com/matrix-org/matrix-js-sdk/pull/4764)). Contributed by @t3chguy.
+* Export push processor \& method for converting matrix glob to regexp ([#4763](https://github.com/matrix-org/matrix-js-sdk/pull/4763)). Contributed by @t3chguy.
+* Add authenticated media parameter to getMediaConfig ([#4762](https://github.com/matrix-org/matrix-js-sdk/pull/4762)). Contributed by @m004.
+* Rust crypto: set a timeout on outgoing HTTP requests ([#4761](https://github.com/matrix-org/matrix-js-sdk/pull/4761)). Contributed by @richvdh.
+* Switch sliding sync support to simplified sliding sync ([#4400](https://github.com/matrix-org/matrix-js-sdk/pull/4400)). Contributed by @dbkr.
+
+
+Changes in [37.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.2.0) (2025-03-25)
+==================================================================================================
+## ✨ Features
+
+* Add reportRoom API ([#4753](https://github.com/matrix-org/matrix-js-sdk/pull/4753)). Contributed by @Half-Shot.
+* MatrixRTC: New membership manager ([#4726](https://github.com/matrix-org/matrix-js-sdk/pull/4726)). Contributed by @toger5.
+* Add disableKeyStorage() to crypto API ([#4742](https://github.com/matrix-org/matrix-js-sdk/pull/4742)). Contributed by @dbkr.
+
+## 🐛 Bug Fixes
+
+* Allow port differing in OIDC dynamic registration URIs ([#4749](https://github.com/matrix-org/matrix-js-sdk/pull/4749)). Contributed by @t3chguy.
+* OIDC: only pass logo\_uri, policy\_uri, tos\_uri if they conform to "common base" ([#4748](https://github.com/matrix-org/matrix-js-sdk/pull/4748)). Contributed by @t3chguy.
+
+
+Changes in [37.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.1.0) (2025-03-11)
+==================================================================================================
+## 🦖 Deprecations
+
+* MatrixRTC: MembershipManager test cases and deprecation of MatrixRTCSession.room ([#4713](https://github.com/matrix-org/matrix-js-sdk/pull/4713)). Contributed by @toger5.
+
+## ✨ Features
+
+* Add `EventType.SecretRequest` and `EventType.SecretSend` ([#4728](https://github.com/matrix-org/matrix-js-sdk/pull/4728)). Contributed by @richvdh.
+* Attest npm package provenance ([#4724](https://github.com/matrix-org/matrix-js-sdk/pull/4724)). Contributed by @t3chguy.
+* Report backup key import progress on start and improve types ([#4711](https://github.com/matrix-org/matrix-js-sdk/pull/4711)). Contributed by @ajbura.
+
+## 🐛 Bug Fixes
+
+* Handle unexpected token refresh failures gracefully ([#4731](https://github.com/matrix-org/matrix-js-sdk/pull/4731)). Contributed by @t3chguy.
+* Fix idempotency issue around token refresh ([#4730](https://github.com/matrix-org/matrix-js-sdk/pull/4730)). Contributed by @t3chguy.
+* Delete the dehydrated device when resetEncryption is called ([#4727](https://github.com/matrix-org/matrix-js-sdk/pull/4727)). Contributed by @uhoreg.
+
+
+Changes in [37.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v37.0.0) (2025-02-25)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove deprecated `PrefixedLogger` interface ([#4705](https://github.com/matrix-org/matrix-js-sdk/pull/4705)). Contributed by @richvdh.
+* Remove legacy crypto ([#4653](https://github.com/matrix-org/matrix-js-sdk/pull/4653)). Contributed by @florianduros.
+
+## 🦖 Deprecations
+
+* Improve types around User Interactive Auth ([#4709](https://github.com/matrix-org/matrix-js-sdk/pull/4709)). Contributed by @t3chguy.
+
+## ✨ Features
+
+* Fix typos in client.ts ([#4715](https://github.com/matrix-org/matrix-js-sdk/pull/4715)). Contributed by @toger5.
+* Enable key upload to backups where we have the decryption key ([#4677](https://github.com/matrix-org/matrix-js-sdk/pull/4677)). Contributed by @ajbura.
+* Remove deprecated `PrefixedLogger` interface ([#4705](https://github.com/matrix-org/matrix-js-sdk/pull/4705)). Contributed by @richvdh.
+* `MatrixClient.setAccountData`: await remote echo. ([#4695](https://github.com/matrix-org/matrix-js-sdk/pull/4695)). Contributed by @richvdh.
+
+## 🐛 Bug Fixes
+
+* Improve types around User Interactive Auth ([#4709](https://github.com/matrix-org/matrix-js-sdk/pull/4709)). Contributed by @t3chguy.
+* Fix `resetEncryption` to remove secrets in 4S ([#4683](https://github.com/matrix-org/matrix-js-sdk/pull/4683)). Contributed by @florianduros.
+
+
+Changes in [36.2.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.2.0) (2025-02-11)
+==================================================================================================
+## 🦖 Deprecations
+
+* [Backport staging] Deprecate parameter and functions using legacy crypto in `models/event.ts` ([#4700](https://github.com/matrix-org/matrix-js-sdk/pull/4700)). Contributed by @RiotRobot.
+
+## ✨ Features
+
+* Improve types around Terms ([#4674](https://github.com/matrix-org/matrix-js-sdk/pull/4674)). Contributed by @t3chguy.
+* Provide more options for starting dehydration ([#4664](https://github.com/matrix-org/matrix-js-sdk/pull/4664)). Contributed by @uhoreg.
+* Device Dehydration | js-sdk: store/load dehydration key ([#4599](https://github.com/matrix-org/matrix-js-sdk/pull/4599)). Contributed by @BillCarsonFr.
+* Add unspecced backup disable flag ([#4661](https://github.com/matrix-org/matrix-js-sdk/pull/4661)). Contributed by @dbkr.
+* Switch OIDC primarily to new `/auth_metadata` API ([#4626](https://github.com/matrix-org/matrix-js-sdk/pull/4626)). Contributed by @t3chguy.
+* Add `CryptoApi.resetEncryption` ([#4614](https://github.com/matrix-org/matrix-js-sdk/pull/4614)). Contributed by @florianduros.
+
+## 🐛 Bug Fixes
+
+* Fix topic types ([#4678](https://github.com/matrix-org/matrix-js-sdk/pull/4678)). Contributed by @Half-Shot.
+* Handle empty m.room.topic ([#4673](https://github.com/matrix-org/matrix-js-sdk/pull/4673)). Contributed by @Half-Shot.
+* `CryptoApi.resetEncryption` should always create a new key backup ([#4648](https://github.com/matrix-org/matrix-js-sdk/pull/4648)). Contributed by @florianduros.
+
+
+Changes in [36.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.1.0) (2025-01-28)
+==================================================================================================
+## ✨ Features
+
+* Deprecate `MatrixClient.login` and replace with `loginRequest` ([#4632](https://github.com/matrix-org/matrix-js-sdk/pull/4632)). Contributed by @richvdh.
+* Use `SyncCryptoCallback` api instead of legacy crypto in sliding sync ([#4624](https://github.com/matrix-org/matrix-js-sdk/pull/4624)). Contributed by @florianduros.
+* Distinguish room state and timeline events in embedded clients ([#4574](https://github.com/matrix-org/matrix-js-sdk/pull/4574)). Contributed by @robintown.
+* Allow setting default secret storage key id to null ([#4615](https://github.com/matrix-org/matrix-js-sdk/pull/4615)). Contributed by @florianduros.
+* Add authenticated media to getAvatarUrl in room and room-member models ([#4616](https://github.com/matrix-org/matrix-js-sdk/pull/4616)). Contributed by @m004.
+* Send MSC3981 'recurse' param on `/relations` endpoint on Matrix 1.10 servers ([#4023](https://github.com/matrix-org/matrix-js-sdk/pull/4023)). Contributed by @dbkr.
+
+## 🐛 Bug Fixes
+
+* [Backport staging] Revert "Distinguish room state and timeline events in embedded clients (#4574)" ([#4657](https://github.com/matrix-org/matrix-js-sdk/pull/4657)). Contributed by @RiotRobot.
+* Change randomString et al to be secure ([#4621](https://github.com/matrix-org/matrix-js-sdk/pull/4621)). Contributed by @dbkr.
+* Fix issue with sentinels being incorrect on m.room.member events ([#4609](https://github.com/matrix-org/matrix-js-sdk/pull/4609)). Contributed by @t3chguy.
+
+
+Changes in [36.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v36.0.0) (2025-01-14)
+==================================================================================================
+## 🚨 BREAKING CHANGES
+
+* Remove support for "legacy" MSC3898 group calling in MatrixRTCSession and CallMembership ([#4583](https://github.com/matrix-org/matrix-js-sdk/pull/4583)). Contributed by @toger5.
+
+## ✨ Features
+
+* MatrixRTC: Implement expiry logic for CallMembership and additional test coverage ([#4587](https://github.com/matrix-org/matrix-js-sdk/pull/4587)). Contributed by @toger5.
+
+## 🐛 Bug Fixes
+
+* Don't retry on 4xx responses ([#4601](https://github.com/matrix-org/matrix-js-sdk/pull/4601)). Contributed by @dbkr.
+* Upgrade matrix-sdk-crypto-wasm to 12.1.0 ([#4596](https://github.com/matrix-org/matrix-js-sdk/pull/4596)). Contributed by @andybalaam.
+* Avoid key prompts when resetting crypto ([#4586](https://github.com/matrix-org/matrix-js-sdk/pull/4586)). Contributed by @dbkr.
+* Handle when aud OIDC claim is an Array ([#4584](https://github.com/matrix-org/matrix-js-sdk/pull/4584)). Contributed by @liamdiprose.
+* Save the key backup key to 4S during `bootstrapSecretStorage ` ([#4542](https://github.com/matrix-org/matrix-js-sdk/pull/4542)). Contributed by @dbkr.
+* Only re-prepare MatrixrRTC delayed disconnection event on 404  ([#4575](https://github.com/matrix-org/matrix-js-sdk/pull/4575)). Contributed by @toger5.
+
+
+Changes in [35.1.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v35.1.0) (2024-12-18)
+==================================================================================================
+This release updates matrix-sdk-crypto-wasm to fix a bug which could prevent loading stored crypto state from storage.
+
+## 🐛 Bug Fixes
+
+* Upgrade matrix-sdk-crypto-wasm to 1.11.0 ([#4593](https://github.com/matrix-org/matrix-js-sdk/pull/4593)).
+
+
 Changes in [35.0.0](https://github.com/matrix-org/matrix-js-sdk/releases/tag/v35.0.0) (2024-12-17)
 ==================================================================================================
 ## 🚨 BREAKING CHANGES

CONTRIBUTING.md

@@ -1,3 +1,241 @@
 # Contributing code to matrix-js-sdk
 
-matrix-js-sdk follows the same pattern as https://github.com/vector-im/element-web/blob/develop/CONTRIBUTING.md
+Everyone is welcome to contribute code to matrix-js-sdk, provided that they are
+willing to license their contributions under the same license as the project
+itself. We follow a simple 'inbound=outbound' model for contributions: the act
+of submitting an 'inbound' contribution means that the contributor agrees to
+license the code under the same terms as the project's overall 'outbound'
+license - in this case, Apache Software License v2 (see
+[LICENSE](LICENSE)).
+
+## How to contribute
+
+The preferred and easiest way to contribute changes to the project is to fork
+it on github, and then create a pull request to ask us to pull your changes
+into our repo (https://help.github.com/articles/using-pull-requests/)
+
+We use GitHub's pull request workflow to review the contribution, and either
+ask you to make any refinements needed or merge it and make them ourselves.
+
+Your PR should have a title that describes what change is being made. This
+is used for the text in the Changelog entry by default (see below), so a good
+title will tell a user succinctly what change is being made. "Fix bug where
+cows had five legs" and, "Add support for miniature horses" are examples of good
+titles. Don't include an issue number here: that belongs in the description.
+Definitely don't use the GitHub default of "Update file.ts".
+
+As for your PR description, it should include these things:
+
+- References to any bugs fixed by the change (in GitHub's `Fixes` notation)
+- Describe the why and what is changing in the PR description so it's easy for
+  onlookers and reviewers to onboard and context switch. This information is
+  also helpful when we come back to look at this in 6 months and ask "why did
+  we do it like that?" we have a chance of finding out.
+    - Why didn't it work before? Why does it work now? What use cases does it
+      unlock?
+    - If you find yourself adding information on how the code works or why you
+      chose to do it the way you did, make sure this information is instead
+      written as comments in the code itself.
+    - Sometimes a PR can change considerably as it is developed. In this case,
+      the description should be updated to reflect the most recent state of
+      the PR. (It can be helpful to retain the old content under a suitable
+      heading, for additional context.)
+- Include a step-by-step testing strategy so that a reviewer can check out the
+  code locally and easily get to the point of testing your change.
+- Add comments to the diff for the reviewer that might help them to understand
+  why the change is necessary or how they might better understand and review it.
+
+### Changelogs
+
+There's no need to manually add Changelog entries: we use information in the
+pull request to populate the information that goes into the changelogs our
+users see, both for Element Web itself and other projects on which it is based.
+This is picked up from both labels on the pull request and the `Notes:`
+annotation in the description. By default, the PR title will be used for the
+changelog entry, but you can specify more options, as follows.
+
+To add a longer, more detailed description of the change for the changelog:
+
+_Fix llama herding bug_
+
+```
+Notes: Fix a bug (https://github.com/matrix-org/notaproject/issues/123) where the 'Herd' button would not herd more than 8 Llamas if the moon was in the waxing gibbous phase
+```
+
+For some PRs, it's not useful to have an entry in the user-facing changelog (this is
+the default for PRs labelled with `T-Task`):
+
+_Remove outdated comment from `Ungulates.ts`_
+
+```
+Notes: none
+```
+
+Sometimes, you're fixing a bug in a downstream project, in which case you want
+an entry in that project's changelog. You can do that too:
+
+_Fix another herding bug_
+
+```
+Notes: Fix a bug where the `herd()` function would only work on Tuesdays
+element-web notes: Fix a bug where the 'Herd' button only worked on Tuesdays
+```
+
+This example is for Element Web. You can specify:
+
+- element-web
+- element-desktop
+
+If your PR introduces a breaking change, use the `Notes` section in the same
+way, additionally adding the `X-Breaking-Change` label (see below). There's no need
+to specify in the notes that it's a breaking change - this will be added
+automatically based on the label - but remember to tell the developer how to
+migrate:
+
+_Remove legacy class_
+
+```
+Notes: Remove legacy `Camelopard` class. `Giraffe` should be used instead.
+```
+
+Other metadata can be added using labels.
+
+- `X-Breaking-Change`: A breaking change - adding this label will mean the change causes a _major_ version bump.
+- `T-Enhancement`: A new feature - adding this label will mean the change causes a _minor_ version bump.
+- `T-Defect`: A bug fix (in either code or docs).
+- `T-Task`: No user-facing changes, eg. code comments, CI fixes, refactors or tests. Won't have a changelog entry unless you specify one.
+
+If you don't have permission to add labels, your PR reviewer(s) can work with you
+to add them: ask in the PR description or comments.
+
+We use continuous integration, and all pull requests get automatically tested:
+if your change breaks the build, then the PR will show that there are failed
+checks, so please check back after a few minutes.
+
+## Tests
+
+Your PR should include tests.
+
+For new user facing features in `matrix-js-sdk`, you
+must include comprehensive unit tests written in Vitest.
+The existing tests can be found under `spec/unit`
+
+It's good practice to write tests alongside the code as it ensures the code is testable from
+the start, and gives you a fast feedback loop while you're developing the
+functionality. Unit tests are necessary even for bug fixes.
+
+When writing unit tests, please aim for a high level of test coverage
+for new code - 80% or greater. If you cannot achieve that, please document
+why it's not possible in your PR.
+
+Tests validate that your change works as intended and also document
+concisely what is being changed. Ideally, your new tests fail
+prior to your change, and succeed once it has been applied. You may
+find this simpler to achieve if you write the tests first.
+
+If you're spiking some code that's experimental and not being used to support
+production features, exceptions can be made to requirements for tests.
+Note that tests will still be required in order to ship the feature, and it's
+strongly encouraged to think about tests early in the process, as adding
+tests later will become progressively more difficult.
+
+If you're not sure how to approach writing tests for your change, ask for help
+in [#element-dev](https://matrix.to/#/#element-dev:matrix.org).
+
+## Code style
+
+Code style is documented in [code_style.md](./code_style.md).
+Contributors are encouraged to it and follow the principles set out there.
+
+Please ensure your changes match the cosmetic style of the existing project,
+and **_never_** mix cosmetic and functional changes in the same commit, as it
+makes it horribly hard to review otherwise.
+
+## Sign off
+
+In order to have a concrete record that your contribution is intentional
+and you agree to license it under the same terms as the project's license, we've
+adopted the same lightweight approach that the Linux Kernel
+(https://www.kernel.org/doc/html/latest/process/submitting-patches.html), Docker
+(https://github.com/docker/docker/blob/master/CONTRIBUTING.md), and many other
+projects use: the DCO (Developer Certificate of Origin:
+http://developercertificate.org/). This is a simple declaration that you wrote
+the contribution or otherwise have the right to contribute it to Matrix:
+
+```
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```
+
+If you agree to this for your contribution, then all that's needed is to
+include the line in your commit or pull request comment:
+
+```
+Signed-off-by: Your Name <your@email.example.org>
+```
+
+We accept contributions under a legally identifiable name, such as your name on
+government documentation or common-law names (names claimed by legitimate usage
+or repute). Unfortunately, we cannot accept anonymous contributions at this
+time.
+
+Git allows you to add this signoff automatically when using the `-s` flag to
+`git commit`, which uses the name and email set in your `user.name` and
+`user.email` git configs.
+
+If you forgot to sign off your commits before making your pull request and are
+on Git 2.17+ you can mass signoff using rebase:
+
+```
+git rebase --signoff origin/develop
+```
+
+# Review expectations
+
+See https://github.com/vector-im/element-meta/wiki/Review-process
+
+# Merge Strategy
+
+The preferred method for merging pull requests is squash merging to keep the
+commit history trim, but it is up to the discretion of the team member merging
+the change. We do not support rebase merges due to `allchange` being unable to
+handle them. When merging make sure to leave the default commit title, or
+at least leave the PR number at the end in brackets like by default.
+When stacking pull requests, you may wish to do the following:
+
+1. Branch from develop to your branch (branch1), push commits onto it and open a pull request
+2. Branch from your base branch (branch1) to your work branch (branch2), push commits and open a pull request configuring the base to be branch1, saying in the description that it is based on your other PR.
+3. Merge the first PR using a merge commit otherwise your stacked PR will need a rebase. Github will automatically adjust the base branch of your other PR to be develop.

README.md

@@ -11,6 +11,22 @@
 This is the [Matrix](https://matrix.org) Client-Server SDK for JavaScript and TypeScript. This SDK can be run in a
 browser or in Node.js.
 
+---
+
+<picture>
+  <source srcset="contrib/element-logo-light.png" media="(prefers-color-scheme: dark)">
+  <source srcset="contrib/element-logo-dark.png" media="(prefers-color-scheme: light)">
+  <img src="contrib/element-logo-fallback.png" alt="Element logo">
+</picture>
+
+<br>
+
+Development and maintenance is proudly sponsored by [Element](https://element.io). Element uses the SDK in their flagship [web](https://github.com/element-hq/element-web) and [desktop](https://github.com/element-hq/element-desktop) clients.
+
+The SDK is also the basis for multiple Matrix projects and we welcome contributions from all.
+
+---
+
 #### Minimum Matrix server version: v1.1
 
 The Matrix specification is constantly evolving - while this SDK aims for maximum backwards compatibility, it only
@@ -25,10 +41,10 @@ endpoints from before Matrix 1.1, for example.
 > Servers may require or use authenticated endpoints for media (images, files, avatars, etc). See the
 > [Authenticated Media](#authenticated-media) section for information on how to enable support for this.
 
-Using `yarn` instead of `npm` is recommended. Please see the Yarn [install guide](https://classic.yarnpkg.com/en/docs/install)
-if you do not have it already.
+Using `pnpm` instead of `npm` is recommended. Please see the pnpm [install
+guide](https://pnpm.io/installation#using-corepack) if you do not have it already.
 
-`yarn add matrix-js-sdk`
+`pnpm add matrix-js-sdk`
 
 ```javascript
 import * as sdk from "matrix-js-sdk";
@@ -154,7 +170,7 @@ events for incoming data and state changes. Aside from wrapping the HTTP API, it
 `matrix-js-sdk` can be used in either Node.js applications (ensure you have the latest LTS version of Node.js installed),
 or in browser applications, via a bundler such as Webpack or Vite.
 
-You can also use the sdk with [Deno](https://deno.land/) (`import npm:matrix-js-sdk`) but its not officialy supported.
+You can also use the sdk with [Deno](https://deno.land/) (`import npm:matrix-js-sdk`) but its not officially supported.
 
 ## Emitted events
 
@@ -294,7 +310,7 @@ This SDK uses [Typedoc](https://typedoc.org/guides/doccomments) doc comments. Yo
 host the API reference from the source files like this:
 
 ```
-  $ yarn gendoc
+  $ pnpm gendoc
   $ cd docs
   $ python -m http.server 8005
 ```
@@ -307,8 +323,6 @@ Then visit `http://localhost:8005` to see the API docs.
 
 ## Initialization
 
-**Do not use `matrixClient.initLegacyCrypto()`. This method is deprecated and no longer maintained.**
-
 To initialize the end-to-end encryption support in the matrix client:
 
 ```javascript
@@ -323,6 +337,8 @@ const matrixClient = sdk.createClient({
 await matrixClient.initRustCrypto();
 ```
 
+Note that by default it will attempt to use the Indexed DB provided by the browser as a crypto store. If running outside the browser, you will need to pass [an options object](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html#initrustcrypto) which includes `useIndexedDB: false`, to use an ephemeral in-memory store instead. Note that without a persistent store, you'll need to create a new device on the server side (with [`MatrixClient.loginRequest`](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html#loginrequest)) each time your application starts.
+
 After calling `initRustCrypto`, you can obtain a reference to the [`CryptoApi`](https://matrix-org.github.io/matrix-js-sdk/interfaces/crypto_api.CryptoApi.html) interface, which is the main entry point for end-to-end encryption, by calling [`MatrixClient.getCrypto`](https://matrix-org.github.io/matrix-js-sdk/classes/matrix.MatrixClient.html#getCrypto).
 
 **WARNING**: the cryptography stack is not thread-safe. Having multiple `MatrixClient` instances connected to the same Indexed DB will cause data corruption and decryption failures. The application layer is responsible for ensuring that only one `MatrixClient` issue is instantiated at a time.
@@ -437,7 +453,7 @@ want to use this SDK, skip this section._
 First, you need to pull in the right build tools:
 
 ```
- $ yarn install
+ $ pnpm install
 ```
 
 ## Building
@@ -445,17 +461,17 @@ First, you need to pull in the right build tools:
 To build a browser version from scratch when developing:
 
 ```
- $ yarn build
+ $ pnpm build
 ```
 
-To run tests (Jest):
+To run tests:
 
 ```
- $ yarn test
+ $ pnpm test
 ```
 
 To run linting:
 
 ```
- $ yarn lint
+ $ pnpm lint
 ```

babel.config.cjs

@@ -7,25 +7,18 @@ module.exports = {
                 targets: {
                     esmodules: true,
                 },
-                // We want to output ES modules for the final build (mostly to ensure that
-                // async imports work correctly). However, jest doesn't support ES modules very
-                // well yet (see https://github.com/jestjs/jest/issues/9430), so we use commonjs
-                // when testing.
-                modules: process.env.NODE_ENV === "test" ? "commonjs" : false,
+                modules: false,
             },
         ],
         [
             "@babel/preset-typescript",
             {
-                // When using the transpiled javascript in `lib`, Node.js requires `.js` extensions on any `import`
-                // specifiers. However, Jest uses the TS source (via babel) and fails to resolve the `.js` names.
-                // To resolve this,we use the `.ts` names in the source, and rewrite the `import` specifiers to use
-                // `.js` during transpilation, *except* when we are targetting Jest.
-                rewriteImportExtensions: process.env.NODE_ENV !== "test",
+                rewriteImportExtensions: true,
             },
         ],
     ],
     plugins: [
+        ["@babel/plugin-proposal-decorators", { version: "2023-11" }],
         "@babel/plugin-transform-numeric-separator",
         "@babel/plugin-transform-class-properties",
         "@babel/plugin-transform-object-rest-spread",

code_style.md

@@ -0,0 +1,284 @@
+## Guiding principles
+
+1. We want the lint rules to feel natural for most team members. No one should have to think too much
+   about the linter.
+2. We want to stay relatively close to [industry standards](https://google.github.io/styleguide/tsguide.html)
+   to make onboarding easier.
+3. We describe what good code looks like rather than point out bad examples. We do this to avoid
+   excessively punishing people for writing code which fails the linter.
+4. When something isn't covered by the style guide, we come up with a reasonable rule rather than
+   claim that it "passes the linter". We update the style guide and linter accordingly.
+5. While we aim to improve readability, understanding, and other aspects of the code, we deliberately
+   do not let solely our personal preferences drive decisions.
+6. We aim to have an understandable guide.
+
+## Coding practices
+
+1. Lint rules enforce decisions made by this guide. The lint rules and this guide are kept in
+   perfect sync.
+2. Commit messages are descriptive for the changes. When the project supports squash merging,
+   only the squashed commit needs to have a descriptive message.
+3. When there is disagreement with a code style approved by the linter, a PR is opened against
+   the lint rules rather than making exceptions on the responsible code PR.
+4. Rules which are intentionally broken (via eslint-ignore, @ts-ignore, etc) have a comment
+   included in the immediate vicinity for why. Determination of whether this is valid applies at
+   code review time.
+5. When editing a file, nearby code is updated to meet the modern standards. "Nearby" is subjective,
+   but should be whatever is reasonable at review time. Such an example might be to update the
+   class's code style, but not the file's.
+    1. These changes should be minor enough to include in the same commit without affecting a code
+       reviewer's job.
+
+## All code
+
+Unless otherwise specified, the following applies to all code:
+
+1. Files must be formatted with Prettier.
+2. 120 character limit per line. Match existing code in the file if it is using a lower guide.
+3. A tab/indentation is 4 spaces.
+4. Newlines are Unix.
+5. A file has a single empty line at the end.
+6. Lines are trimmed of all excess whitespace, including blank lines.
+7. Long lines are broken up for readability.
+
+## TypeScript / JavaScript
+
+1. Write TypeScript. Turn JavaScript into TypeScript when working in the area.
+2. Use [TSDoc](https://tsdoc.org/) to document your code. See [Comments](#comments) below.
+3. Use named exports.
+4. Use semicolons for block/line termination.
+    1. Except when defining interfaces, classes, and non-arrow functions specifically.
+5. When a statement's body is a single line, it must be written without curly braces, so long as the body is placed on
+   the same line as the statement.
+
+    ```typescript
+    if (x) doThing();
+    ```
+
+6. Blocks for `if`, `for`, `switch` and so on must have a space surrounding the condition, but not
+   within the condition.
+
+    ```typescript
+    if (x) {
+        doThing();
+    }
+    ```
+
+7. lowerCamelCase is used for function and variable naming.
+8. UpperCamelCase is used for general naming.
+9. Interface names should not be marked with an uppercase `I`.
+10. One variable declaration per line.
+11. If a variable is not receiving a value on declaration, its type must be defined.
+
+    ```typescript
+    let errorMessage: string;
+    ```
+
+12. Objects can use shorthand declarations, including mixing of types.
+
+    ```typescript
+    {
+        room,
+        prop: this.prop,
+    }
+    // ... or ...
+    { room, prop: this.prop }
+    ```
+
+13. Object keys should always be non-strings when possible.
+
+    ```typescript
+    {
+        property: "value",
+        "m.unavoidable": true,
+        [EventType.RoomMessage]: true,
+    }
+    ```
+
+14. If a variable's type should be boolean, make sure it really is one.
+
+    ```typescript
+    const isRealUser = !!userId && ...; // good
+    const isRealUser = Boolean(userId) && Boolean(userName); // also good
+    const isRealUser = Boolean(userId) && isReal; // also good (where isReal is another boolean variable)
+    const isRealUser = Boolean(userId && userName); // also fine
+    const isRealUser = Boolean(userId || userName); // good: same as &&
+    const isRealUser = userId && ...;   // bad: isRealUser is userId's type, not a boolean
+
+    if (userId) // fine: userId is evaluated for truthiness, not stored as a boolean
+    ```
+
+15. Use `switch` statements when checking against more than a few enum-like values.
+16. Use `const` for constants, `let` for mutability.
+17. Describe types exhaustively (ensure noImplictAny would pass).
+    1. Notable exceptions are arrow functions used as parameters, when a void return type is
+       obvious, and when declaring and assigning a variable in the same line.
+18. Declare member visibility (public/private/protected).
+19. Private members are private and not prefixed unless required for naming conflicts.
+    1. Convention is to use an underscore or the word "internal" to denote conflicted member names.
+    2. "Conflicted" typically refers to a getter which wants the same name as the underlying variable.
+20. Prefer readonly members over getters backed by a variable, unless an internal setter is required.
+21. Prefer Interfaces for object definitions, and types for parameter-value-only declarations.
+    1. Note that an explicit type is optional if not expected to be used outside of the function call,
+       unlike in this example:
+
+        ```typescript
+        interface MyObject {
+            hasString: boolean;
+        }
+
+        type Options = MyObject | string;
+
+        function doThing(arg: Options) {
+            // ...
+        }
+        ```
+
+22. Variables/properties which are `public static` should also be `readonly` when possible.
+23. Interface and type properties are terminated with semicolons, not commas.
+24. Prefer arrow formatting when declaring functions for interfaces/types:
+
+    ```typescript
+    interface Test {
+        myCallback: (arg: string) => Promise<void>;
+    }
+    ```
+
+25. Prefer a type definition over an inline type. For example, define an interface.
+26. Always prefer to add types or declare a type over the use of `any`. Prefer inferred types
+    when they are not `any`.
+    1. When using `any`, a comment explaining why must be present.
+27. `import` should be used instead of `require`, as `require` does not have types.
+28. Export only what can be reused.
+29. Prefer a type like `X | null` instead of truly optional parameters.
+    1. A notable exception is when the likelihood of a bug is minimal, such as when a function
+       takes an argument that is more often not required than required. An example where the
+       `?` operator is inappropriate is when taking a room ID: typically the caller should
+       supply the room ID if it knows it, otherwise deliberately acknowledge that it doesn't
+       have one with `null`.
+
+        ```typescript
+        function doThingWithRoom(
+            thing: string,
+            room: string | null, // require the caller to specify
+        ) {
+            // ...
+        }
+        ```
+
+30. There should be approximately one interface, class, or enum per file unless the file is named
+    "types.ts", "global.d.ts", or ends with "-types.ts".
+    1. The file name should match the interface, class, or enum name.
+31. Bulk functions can be declared in a single file, though named as "foo-utils.ts" or "utils/foo.ts".
+32. Imports are grouped by external module imports first, then by internal imports.
+33. File ordering is not strict, but should generally follow this sequence:
+    1. Licence header
+    2. Imports
+    3. Constants
+    4. Enums
+    5. Interfaces
+    6. Functions
+    7. Classes
+        1. Public/protected/private static properties
+        2. Public/protected/private properties
+        3. Constructors
+        4. Public/protected/private getters & setters
+        5. Protected and abstract functions
+        6. Public/private functions
+        7. Public/protected/private static functions
+34. Variable names should be noticeably unique from their types. For example, "str: string" instead
+    of "string: string".
+35. Use double quotes to enclose strings. You may use single quotes if the string contains double quotes.
+
+    ```typescript
+    const example1 = "simple string";
+    const example2 = 'string containing "double quotes"';
+    ```
+
+36. Prefer async-await to promise-chaining
+
+    ```typescript
+    async function () {
+        const result = await anotherAsyncFunction();
+        // ...
+    }
+    ```
+
+37. Avoid functions whose fundamental behaviour varies with different parameter types.
+    Multiple return types are fine, but if the function's behaviour is going to change significantly,
+    have two separate functions. For example, `SDKConfig.get()` with a string param which returns the
+    type according to the param given is ok, but `SDKConfig.get()` with no args returning the whole
+    config object would not be: this should just be a separate function.
+
+## Tests
+
+1. Tests must be written in TypeScript.
+2. Mocks are declared below imports, but above everything else.
+3. Use the following convention template:
+
+    ```typescript
+    // Describe the class, component, or file name.
+    describe("FooComponent", () => {
+        // all test inspecific variables go here
+
+        beforeEach(() => {
+            // exclude if not used.
+        });
+
+        afterEach(() => {
+            // exclude if not used.
+        });
+
+        // Use "it should..." terminology
+        it("should call the correct API", async () => {
+            // test-specific variables go here
+            // function calls/state changes go here
+            // expectations go here
+        });
+    });
+
+    // If the file being tested is a utility class:
+    describe("foo-utils", () => {
+        describe("firstUtilFunction", () => {
+            it("should...", async () => {
+                // ...
+            });
+        });
+
+        describe("secondUtilFunction", () => {
+            it("should...", async () => {
+                // ...
+            });
+        });
+    });
+    ```
+
+## Comments
+
+1. As a general principle: be liberal with comments. This applies to all files: stylesheets as well as
+   JavaScript/TypeScript.
+
+    Good comments not only help future readers understand and maintain the code; they can also encourage good design
+    by clearly setting out how different parts of the codebase interact where that would otherwise be implicit and
+    subject to interpretation.
+
+2. Aim to document all types, methods, class properties, functions, etc, with [TSDoc](https://tsdoc.org/) doc comments.
+   This is _especially_ important for public interfaces in `matrix-js-sdk`, but is good practice in general.
+
+    Even very simple interfaces can often benefit from a doc-comment, both as a matter of consistency, and because simple
+    interfaces have a habit of becoming more complex over time.
+
+3. Inside a function, there is no need to comment every line, but consider:
+    - before a particular multiline section of code within the function, give an overview of what it does,
+      to make it easier for a reader to follow the flow through the function as a whole.
+    - if it is anything less than obvious, explain _why_ we are doing a particular operation, with particular emphasis
+      on how this function interacts with other parts of the codebase.
+
+4. When making changes to existing code, authors are expected to read existing comments and make any necessary changes
+   to ensure they remain accurate.
+
+5. Reviewers are encouraged to consider whether more comments would be useful, and to ask the author to add them.
+
+    It is natural for an author to feel that the code they have just written is "obvious" and that comments would be
+    redundant, whereas in reality it would take some time for reader unfamiliar with the code to understand it. A
+    reviewer is well-placed to make a more objective judgement.

examples/node/app.js

@@ -94,20 +94,14 @@ rl.on("line", function (line) {
             );
         } else if (line.indexOf("/file ") === 0) {
             var filename = line.split(" ")[1].trim();
-            var stream = fs.createReadStream(filename);
-            matrixClient
-                .uploadContent({
-                    stream: stream,
-                    name: filename,
-                })
-                .then(function (url) {
-                    var content = {
-                        msgtype: MsgType.File,
-                        body: filename,
-                        url: JSON.parse(url).content_uri,
-                    };
-                    matrixClient.sendMessage(viewingRoom.roomId, content);
+            let buffer = fs.readFileSync("./your_file_name");
+            matrixClient.uploadContent(new Blob([buffer])).then(function (response) {
+                matrixClient.sendMessage(viewingRoom.roomId, {
+                    msgtype: MsgType.File,
+                    body: filename,
+                    url: response.content_uri,
                 });
+            });
         } else {
             matrixClient.sendTextMessage(viewingRoom.roomId, line).finally(function () {
                 printMessages();
@@ -167,7 +161,7 @@ matrixClient.on(RoomEvent.Timeline, function (event, room, toStartOfTimeline) {
     if (toStartOfTimeline) {
         return; // don't print paginated results
     }
-    if (!viewingRoom || viewingRoom.roomId !== room.roomId) {
+    if (!viewingRoom || viewingRoom.roomId !== room?.roomId) {
         return; // not viewing a room or viewing the wrong room.
     }
     printLine(event);
@@ -386,7 +380,7 @@ function print(str, formatter) {
         }
         console.log.apply(console.log, newArgs);
     } else {
-        console.log.apply(console.log, arguments);
+        console.log.apply(console.log, [...arguments]);
     }
 }
 

examples/node/package.json

@@ -9,5 +9,12 @@
     "dependencies": {
         "cli-color": "^1.0.0",
         "matrix-js-sdk": "^34.5.0"
+    },
+    "devDependencies": {
+        "@types/cli-color": "^2.0.6",
+        "typescript": "^5.6.2"
+    },
+    "engines": {
+        "node": ">=20.0.0"
     }
 }

examples/node/tsconfig.json

@@ -0,0 +1,14 @@
+{
+    "compilerOptions": {
+        "target": "es2022",
+        "module": "commonjs",
+        "esModuleInterop": true,
+        "noImplicitAny": false,
+        "noEmit": true,
+        "skipLibCheck": true,
+        "allowJs": true,
+        "checkJs": true,
+        "strict": true
+    },
+    "include": ["app.js"]
+}

git-hooks/pre-commit

@@ -21,4 +21,4 @@ export PATH="$rootdir/node_modules/.bin:$PATH"
 
 # now run our checks
 cd "$tmpdir"
-yarn lint
+pnpm lint

jest.config.ts

@@ -1,47 +0,0 @@
-/* Copyright 2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import type { Config } from "jest";
-import { env } from "process";
-
-const config: Config = {
-    testEnvironment: "node",
-    testMatch: ["<rootDir>/spec/**/*.spec.{js,ts}"],
-    setupFilesAfterEnv: ["<rootDir>/spec/setupTests.ts"],
-    collectCoverageFrom: ["<rootDir>/src/**/*.{js,ts}"],
-    coverageReporters: ["text-summary", "lcov"],
-    testResultsProcessor: "@casualbot/jest-sonar-reporter",
-
-    // Always print out a summary if there are any failing tests. Normally
-    // a summary is only printed if there are more than 20 test *suites*.
-    reporters: [["default", { summaryThreshold: 0 }]],
-};
-
-// if we're running under GHA, enable the GHA reporter
-if (env["GITHUB_ACTIONS"] !== undefined) {
-    const reporters: Config["reporters"] = [
-        ["github-actions", { silent: false }],
-        // as above: always show a summary if there were any failing tests.
-        ["summary", { summaryThreshold: 0 }],
-    ];
-
-    // if we're running against the develop branch, also enable the slow test reporter
-    if (env["GITHUB_REF"] == "refs/heads/develop") {
-        reporters.push("<rootDir>/spec/slowReporter.cjs");
-    }
-    config.reporters = reporters;
-}
-
-export default config;

knip.ts

@@ -1,16 +1,26 @@
 import { KnipConfig } from "knip";
 
+// Specify this as knip loads config files which may conditionally add reporters, e.g. `vitest-sonar-reporter'
+process.env.GITHUB_ACTIONS = "1";
+
 export default {
     entry: [
         "src/index.ts",
         "src/types.ts",
         "src/browser-index.ts",
         "src/indexeddb-worker.ts",
+        "src/crypto-api/index.ts",
+        "src/testing.ts",
+        "src/matrix.ts",
+        "src/utils.ts", // not really an entrypoint but we have deprecated `defer` there
         "scripts/**",
         "spec/**",
-        "release.sh",
-        // For now, we include all source files as entrypoints as we have been bad about gutwrenched imports
-        "src/**",
+        // XXX: these should be re-exported by one of the supported exports
+        "src/matrixrtc/index.ts",
+        "src/sliding-sync.ts",
+        "src/webrtc/groupCall.ts",
+        "src/webrtc/stats/media/mediaTrackStats.ts",
+        "src/rendezvous/RendezvousChannel.ts",
     ],
     project: ["**/*.{js,ts}"],
     ignore: ["examples/**"],
@@ -21,16 +31,12 @@ export default {
         "husky",
         // Used in script which only runs in environment with `@octokit/rest` installed
         "@octokit/rest",
-        // Used by jest
-        "jest-environment-jsdom",
-        "babel-jest",
-        "ts-node",
-        // Used by `@babel/plugin-transform-runtime`
-        "@babel/runtime",
     ],
     ignoreBinaries: [
         // Used when available by reusable workflow `.github/workflows/release-make.yml`
         "dist",
     ],
     ignoreExportsUsedInFile: true,
+    includeEntryExports: false,
+    exclude: ["enumMembers"],
 } satisfies KnipConfig;

package.json

@@ -1,32 +1,30 @@
 {
     "name": "matrix-js-sdk",
-    "version": "35.0.0",
+    "version": "41.3.0",
     "description": "Matrix Client-Server SDK for Javascript",
     "engines": {
-        "node": ">=20.0.0"
+        "node": ">=22.0.0"
     },
     "scripts": {
-        "prepack": "yarn build",
-        "start": "echo THIS IS FOR LEGACY PURPOSES ONLY. && babel src -w -s -d lib --verbose --extensions \".ts,.js\"",
-        "clean": "rimraf lib",
-        "build": "yarn build:dev",
-        "build:dev": "yarn clean && git rev-parse HEAD > git-revision.txt && yarn build:compile && yarn build:types",
+        "prepare": "pnpm build",
+        "start": "echo THIS IS FOR LEGACY PURPOSES ONLY. && babel --delete-dir-on-start src -w -s -d lib --verbose --extensions \".ts,.js\"",
+        "build": "pnpm build:compile && pnpm build:types",
         "build:types": "tsc -p tsconfig-build.json --emitDeclarationOnly",
-        "build:compile": "babel -d lib --verbose --extensions \".ts,.js\" src",
+        "build:compile": "babel --delete-dir-on-start -d lib --verbose --extensions \".ts,.js\" src",
         "gendoc": "typedoc",
-        "lint": "yarn lint:types && yarn lint:js && yarn lint:workflows",
+        "lint": "pnpm lint:types && pnpm lint:js && pnpm lint:workflows",
         "lint:js": "eslint --max-warnings 0 src spec && prettier --check .",
         "lint:js-fix": "prettier --log-level=warn --write . && eslint --fix src spec",
         "lint:types": "tsc --noEmit",
         "lint:workflows": "find .github/workflows -type f \\( -iname '*.yaml' -o -iname '*.yml' \\) | xargs -I {} sh -c 'echo \"Linting {}\"; action-validator \"{}\"'",
         "lint:knip": "knip",
-        "test": "jest",
-        "test:watch": "jest --watch",
-        "coverage": "yarn test --coverage"
+        "test": "vitest run",
+        "test:watch": "vitest watch",
+        "coverage": "pnpm test --coverage"
     },
     "repository": {
         "type": "git",
-        "url": "https://github.com/matrix-org/matrix-js-sdk"
+        "url": "git+https://github.com/matrix-org/matrix-js-sdk.git"
     },
     "keywords": [
         "matrix-org"
@@ -50,20 +48,18 @@
     ],
     "dependencies": {
         "@babel/runtime": "^7.12.5",
-        "@matrix-org/matrix-sdk-crypto-wasm": "^11.0.0",
-        "@matrix-org/olm": "3.2.15",
+        "@matrix-org/matrix-sdk-crypto-wasm": "^18.1.0",
         "another-json": "^0.2.0",
         "bs58": "^6.0.0",
         "content-type": "^1.0.4",
         "jwt-decode": "^4.0.0",
-        "loglevel": "^1.7.1",
+        "loglevel": "^1.9.2",
         "matrix-events-sdk": "0.0.1",
-        "matrix-widget-api": "^1.10.0",
+        "matrix-widget-api": "^1.16.1",
         "oidc-client-ts": "^3.0.1",
-        "p-retry": "4",
-        "sdp-transform": "^2.14.1",
-        "unhomoglyph": "^1.0.6",
-        "uuid": "11"
+        "p-retry": "8",
+        "sdp-transform": "^3.0.0",
+        "unhomoglyph": "^1.0.6"
     },
     "devDependencies": {
         "@action-validator/cli": "^0.6.0",
@@ -72,6 +68,7 @@
         "@babel/core": "^7.12.10",
         "@babel/eslint-parser": "^7.12.10",
         "@babel/eslint-plugin": "^7.12.10",
+        "@babel/plugin-proposal-decorators": "^7.25.9",
         "@babel/plugin-syntax-dynamic-import": "^7.8.3",
         "@babel/plugin-transform-class-properties": "^7.12.1",
         "@babel/plugin-transform-numeric-separator": "^7.12.7",
@@ -79,56 +76,63 @@
         "@babel/plugin-transform-runtime": "^7.12.10",
         "@babel/preset-env": "^7.12.11",
         "@babel/preset-typescript": "^7.12.7",
-        "@casualbot/jest-sonar-reporter": "2.2.7",
+        "@fetch-mock/vitest": "^0.2.18",
+        "@matrix-org/olm": "3.2.15",
         "@peculiar/webcrypto": "^1.4.5",
-        "@stylistic/eslint-plugin": "^2.9.0",
-        "@types/bs58": "^4.0.1",
+        "@stylistic/eslint-plugin": "^5.0.0",
         "@types/content-type": "^1.1.5",
         "@types/debug": "^4.1.7",
-        "@types/jest": "^29.0.0",
-        "@types/node": "18",
+        "@types/node": "22",
         "@types/sdp-transform": "^2.4.5",
-        "@types/uuid": "10",
         "@typescript-eslint/eslint-plugin": "^8.0.0",
         "@typescript-eslint/parser": "^8.0.0",
-        "babel-jest": "^29.0.0",
+        "@vitest/coverage-v8": "^4.0.17",
+        "@vitest/eslint-plugin": "^1.6.6",
+        "@vitest/ui": "^4.0.17",
         "babel-plugin-search-and-replace": "^1.1.1",
         "debug": "^4.3.4",
         "eslint": "8.57.1",
         "eslint-config-google": "^0.14.0",
-        "eslint-config-prettier": "^9.0.0",
-        "eslint-import-resolver-typescript": "^3.5.1",
+        "eslint-config-prettier": "^10.0.0",
+        "eslint-import-resolver-typescript": "^4.0.0",
         "eslint-plugin-import": "^2.26.0",
-        "eslint-plugin-jest": "^28.0.0",
-        "eslint-plugin-jsdoc": "^50.0.0",
-        "eslint-plugin-matrix-org": "^2.0.1",
+        "eslint-plugin-jsdoc": "^62.0.0",
+        "eslint-plugin-matrix-org": "^3.0.0",
         "eslint-plugin-n": "^14.0.0",
-        "eslint-plugin-tsdoc": "^0.4.0",
+        "eslint-plugin-tsdoc": "^0.5.0",
         "eslint-plugin-unicorn": "^56.0.0",
         "fake-indexeddb": "^5.0.2",
-        "fetch-mock": "11.1.5",
-        "fetch-mock-jest": "^1.5.1",
+        "fetch-mock": "^12.6.0",
+        "happy-dom": "^20.1.0",
         "husky": "^9.0.0",
-        "jest": "^29.0.0",
-        "jest-environment-jsdom": "^29.0.0",
-        "jest-localstorage-mock": "^2.4.6",
-        "jest-mock": "^29.0.0",
-        "knip": "^5.0.0",
-        "lint-staged": "^15.0.2",
+        "knip": "^6.0.0",
+        "lint-staged": "^16.0.0",
         "matrix-mock-request": "^2.5.0",
-        "node-fetch": "^2.7.0",
-        "prettier": "3.4.1",
-        "rimraf": "^6.0.0",
-        "ts-node": "^10.9.2",
-        "typedoc": "^0.27.0",
-        "typedoc-plugin-coverage": "^3.0.0",
-        "typedoc-plugin-mdn-links": "^4.0.0",
-        "typedoc-plugin-missing-exports": "^3.0.0",
-        "typescript": "^5.4.2"
+        "prettier": "3.8.3",
+        "typedoc": "^0.28.1",
+        "typedoc-plugin-coverage": "^4.0.0",
+        "typedoc-plugin-mdn-links": "^5.0.0",
+        "typedoc-plugin-missing-exports": "^4.0.0",
+        "typescript": "^6.0.0",
+        "vitest": "^4.0.17",
+        "vitest-sonar-reporter": "^3.0.0"
     },
-    "@casualbot/jest-sonar-reporter": {
-        "outputDirectory": "coverage",
-        "outputName": "jest-sonar-report.xml",
-        "relativePaths": true
-    }
+    "pnpm": {
+        "peerDependencyRules": {
+            "allowedVersions": {
+                "eslint": "8"
+            }
+        },
+        "allowedDeprecatedVersions": {
+            "eslint": "8"
+        },
+        "overrides": {
+            "expect": "30.3.0",
+            "flatted@<=3.4.1": "^3.4.2",
+            "picomatch@>=4.0.0 <4.0.4": "^4.0.4",
+            "yaml@>=2.0.0 <2.8.3": "^2.8.3",
+            "vite": "8.0.8"
+        }
+    },
+    "packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319"
 }

pnpm-workspace.yaml

@@ -0,0 +1 @@
+nodeLinker: hoisted

sonar-project.properties

@@ -11,6 +11,6 @@ sonar.exclusions=docs,examples,git-hooks
 sonar.typescript.tsconfigPath=./tsconfig.json
 sonar.javascript.lcov.reportPaths=coverage/lcov.info
 sonar.coverage.exclusions=spec/**/*
-sonar.testExecutionReportPaths=coverage/jest-sonar-report.xml
+sonar.testExecutionReportPaths=coverage/sonar-report.xml
 
 sonar.lang.patterns.ts=**/*.ts,**/*.tsx

spec/TestClient.ts

@@ -17,29 +17,29 @@ limitations under the License.
 */
 
 // `expect` is allowed in helper functions which are called within `test`/`it` blocks
-/* eslint-disable jest/no-standalone-expect */
-
-// load olm before the sdk if possible
-import "./olm-loader";
+/* eslint-disable @vitest/no-standalone-expect */
 
 import MockHttpBackend from "matrix-mock-request";
 
 import type { IDeviceKeys, IOneTimeKey } from "../src/@types/crypto";
 import type { IE2EKeyReceiver } from "./test-utils/E2EKeyReceiver";
-import { LocalStorageCryptoStore } from "../src/crypto/store/localStorage-crypto-store";
 import { logger } from "../src/logger";
 import { syncPromise } from "./test-utils/test-utils";
-import { createClient, IStartClientOpts } from "../src/matrix";
-import { ICreateClientOpts, IDownloadKeyResult, MatrixClient, PendingEventOrdering } from "../src/client";
-import { MockStorageApi } from "./MockStorageApi";
-import { IKeysUploadResponse, IUploadKeysRequest } from "../src/client";
-import { ISyncResponder } from "./test-utils/SyncResponder";
+import { createClient, type IStartClientOpts } from "../src/matrix";
+import {
+    type ICreateClientOpts,
+    type IDownloadKeyResult,
+    type MatrixClient,
+    PendingEventOrdering,
+} from "../src/client";
+import { type IKeysUploadResponse, type IUploadKeysRequest } from "../src/client";
+import { type ISyncResponder } from "./test-utils/SyncResponder";
 
 /**
  * Wrapper for a MockStorageApi, MockHttpBackend and MatrixClient
  *
  * @deprecated Avoid using this; it is tied too tightly to matrix-mock-request and is generally inconvenient to use.
- *    Instead, construct a MatrixClient manually, use fetch-mock-jest to intercept the HTTP requests, and
+ *    Instead, construct a MatrixClient manually, use fetch-mock to intercept the HTTP requests, and
  *    use things like {@link E2EKeyReceiver} and {@link SyncResponder} to manage the requests.
  */
 export class TestClient implements IE2EKeyReceiver, ISyncResponder {
@@ -55,10 +55,6 @@ export class TestClient implements IE2EKeyReceiver, ISyncResponder {
         sessionStoreBackend?: Storage,
         options?: Partial<ICreateClientOpts>,
     ) {
-        if (sessionStoreBackend === undefined) {
-            sessionStoreBackend = new MockStorageApi() as unknown as Storage;
-        }
-
         this.httpBackend = new MockHttpBackend();
 
         const fullOptions: ICreateClientOpts = {
@@ -69,10 +65,6 @@ export class TestClient implements IE2EKeyReceiver, ISyncResponder {
             fetchFn: this.httpBackend.fetchFn as typeof globalThis.fetch,
             ...options,
         };
-        if (!fullOptions.cryptoStore) {
-            // expose this so the tests can get to it
-            fullOptions.cryptoStore = new LocalStorageCryptoStore(sessionStoreBackend);
-        }
         this.client = createClient(fullOptions);
 
         this.deviceKeys = null;

spec/integ/crypto/cross-signing.spec.ts

@@ -14,17 +14,18 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
+import debug from "debug";
 
-import { CRYPTO_BACKENDS, InitCrypto, syncPromise } from "../../test-utils/test-utils";
-import { AuthDict, createClient, CryptoEvent, MatrixClient } from "../../../src";
+import { syncPromise } from "../../test-utils/test-utils";
+import { type AuthDict, createClient, DebugLogger, type MatrixClient } from "../../../src";
 import { mockInitialApiRequests, mockSetupCrossSigningRequests } from "../../test-utils/mockEndpoints";
 import encryptAESSecretStorageItem from "../../../src/utils/encryptAESSecretStorageItem.ts";
-import { CryptoCallbacks, CrossSigningKey } from "../../../src/crypto-api";
+import { type CryptoCallbacks, CrossSigningKey } from "../../../src/crypto-api";
 import { SECRET_STORAGE_ALGORITHM_V1_AES } from "../../../src/secret-storage";
-import { ISyncResponder, SyncResponder } from "../../test-utils/SyncResponder";
+import { type ISyncResponder, SyncResponder } from "../../test-utils/SyncResponder";
 import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
 import {
     MASTER_CROSS_SIGNING_PRIVATE_KEY_BASE64,
@@ -37,6 +38,7 @@ import {
 import * as testData from "../../test-utils/test-data";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
 import { AccountDataAccumulator } from "../../test-utils/AccountDataAccumulator";
+import { CryptoEvent } from "../../../src/crypto-api";
 
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -54,11 +56,7 @@ const TEST_DEVICE_ID = "xzcvb";
  * These tests work by intercepting HTTP requests via fetch-mock rather than mocking out bits of the client, so as
  * to provide the most effective integration tests possible.
  */
-describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: string, initCrypto: InitCrypto) => {
-    // newBackendOnly is the opposite to `oldBackendOnly`: it will skip the test if we are running against the legacy
-    // backend. Once we drop support for legacy crypto, it will go away.
-    const newBackendOnly = backend === "rust-sdk" ? test : test.skip;
-
+describe("cross-signing", () => {
     let aliceClient: MatrixClient;
 
     /** an object which intercepts `/sync` requests from {@link #aliceClient} */
@@ -76,7 +74,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
     function createCryptoCallbacks(): CryptoCallbacks {
         return {
             getSecretStorageKey: (keys, name) => {
-                return Promise.resolve<[string, Uint8Array]>(["key_id", encryptionKey]);
+                return Promise.resolve<[string, Uint8Array<ArrayBuffer>]>(["key_id", encryptionKey]);
             },
         };
     }
@@ -85,7 +83,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
         async () => {
             // anything that we don't have a specific matcher for silently returns a 404
             fetchMock.catch(404);
-            fetchMock.config.warnOnFallback = false;
 
             const homeserverUrl = "https://alice-server.com";
             aliceClient = createClient({
@@ -94,6 +91,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
                 accessToken: "akjgkrgjs",
                 deviceId: TEST_DEVICE_ID,
                 cryptoCallbacks: createCryptoCallbacks(),
+                logger: new DebugLogger(debug(`matrix-js-sdk:cross-signing`)),
             });
 
             syncResponder = new SyncResponder(homeserverUrl);
@@ -107,15 +105,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
                 body: { errcode: "M_NOT_FOUND" },
             });
 
-            await initCrypto(aliceClient);
+            await aliceClient.initRustCrypto();
         },
         /* it can take a while to initialise the crypto library on the first pass, so bump up the timeout. */
         10000,
     );
 
     afterEach(async () => {
-        await aliceClient.stopClient();
-        fetchMock.mockReset();
+        aliceClient.stopClient();
     });
 
     /**
@@ -138,31 +135,29 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             const authDict = { type: "test" };
             await bootstrapCrossSigning(authDict);
 
-            // check the cross-signing keys upload
-            expect(fetchMock.called("upload-keys")).toBeTruthy();
-            const [, keysOpts] = fetchMock.lastCall("upload-keys")!;
+            // check that the cross-signing keys have been uploaded
+            expect(fetchMock.callHistory.called("upload-cross-signing-keys")).toBeTruthy();
+            const keysOpts = fetchMock.callHistory.lastCall("upload-cross-signing-keys")!.options;
             const keysBody = JSON.parse(keysOpts!.body as string);
             expect(keysBody.auth).toEqual(authDict); // check uia dict was passed
             // there should be a key of each type
             // master key is signed by the device
-            expect(keysBody).toHaveProperty(`master_key.signatures.[${TEST_USER_ID}].[ed25519:${TEST_DEVICE_ID}]`);
+            expect(keysBody).toHaveProperty(["master_key", "signatures", TEST_USER_ID, `ed25519:${TEST_DEVICE_ID}`]);
             const masterKeyId = Object.keys(keysBody.master_key.keys)[0];
             // ssk and usk are signed by the master key
-            expect(keysBody).toHaveProperty(`self_signing_key.signatures.[${TEST_USER_ID}].[${masterKeyId}]`);
-            expect(keysBody).toHaveProperty(`user_signing_key.signatures.[${TEST_USER_ID}].[${masterKeyId}]`);
+            expect(keysBody).toHaveProperty(["self_signing_key", "signatures", TEST_USER_ID, masterKeyId]);
+            expect(keysBody).toHaveProperty(["user_signing_key", "signatures", TEST_USER_ID, masterKeyId]);
             const sskId = Object.keys(keysBody.self_signing_key.keys)[0];
 
             // check the publish call
-            expect(fetchMock.called("upload-sigs")).toBeTruthy();
-            const [, sigsOpts] = fetchMock.lastCall("upload-sigs")!;
+            expect(fetchMock.callHistory.called("upload-sigs")).toBeTruthy();
+            const sigsOpts = fetchMock.callHistory.lastCall("upload-sigs")!.options;
             const body = JSON.parse(sigsOpts!.body as string);
             // there should be a signature for our device, by our self-signing key.
-            expect(body).toHaveProperty(
-                `[${TEST_USER_ID}].[${TEST_DEVICE_ID}].signatures.[${TEST_USER_ID}].[${sskId}]`,
-            );
+            expect(body).toHaveProperty([TEST_USER_ID, TEST_DEVICE_ID, "signatures", TEST_USER_ID, sskId]);
         });
 
-        newBackendOnly("get cross signing keys from secret storage and import them", async () => {
+        it("get cross signing keys from secret storage and import them", async () => {
             // Return public cross signing keys
             e2eKeyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
 
@@ -226,9 +221,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             await aliceClient.startClient();
             await syncPromise(aliceClient);
 
-            // we expect a request to upload signatures for our device ...
-            fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
-
             // we expect the UserTrustStatusChanged event to be fired after the cross signing keys import
             const userTrustStatusChangedPromise = new Promise<string>((resolve) =>
                 aliceClient.on(CryptoEvent.UserTrustStatusChanged, resolve),
@@ -241,13 +233,17 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             expect(await userTrustStatusChangedPromise).toBe(aliceClient.getUserId());
 
             // Expect the signature to be uploaded
-            expect(fetchMock.called("upload-sigs")).toBeTruthy();
-            const [, sigsOpts] = fetchMock.lastCall("upload-sigs")!;
+            expect(fetchMock.callHistory.called("upload-sigs")).toBeTruthy();
+            const sigsOpts = fetchMock.callHistory.lastCall("upload-sigs")!.options;
             const body = JSON.parse(sigsOpts!.body as string);
             // the device should have a signature with the public self cross signing keys.
-            expect(body).toHaveProperty(
-                `[${TEST_USER_ID}].[${TEST_DEVICE_ID}].signatures.[${TEST_USER_ID}].[ed25519:${SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64}]`,
-            );
+            expect(body).toHaveProperty([
+                TEST_USER_ID,
+                TEST_DEVICE_ID,
+                "signatures",
+                TEST_USER_ID,
+                `ed25519:${SELF_CROSS_SIGNING_PUBLIC_KEY_BASE64}`,
+            ]);
         });
 
         it("can bootstrapCrossSigning twice", async () => {
@@ -259,11 +255,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             // a second call should do nothing except GET requests
             fetchMock.mockClear();
             await bootstrapCrossSigning(authDict);
-            const calls = fetchMock.calls((url, opts) => opts.method != "GET");
-            expect(calls.length).toEqual(0);
+            expect(fetchMock).toHaveFetchedTimes(0, "unmatched");
         });
 
-        newBackendOnly("will upload existing cross-signing keys to an established secret storage", async () => {
+        it("will upload existing cross-signing keys to an established secret storage", async () => {
             // This rather obscure codepath covers the case that:
             //   - 4S is set up and working
             //   - our device has private cross-signing keys, but has not published them to 4S
@@ -271,8 +266,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             // To arrange that, we call `bootstrapCrossSigning` on our main device, and then (pretend to) set up 4S from
             // a *different* device. Then, when we call `bootstrapCrossSigning` again, it should do the honours.
 
-            mockSetupCrossSigningRequests();
-            const accountDataAccumulator = new AccountDataAccumulator();
+            const accountDataAccumulator = new AccountDataAccumulator(syncResponder);
             accountDataAccumulator.interceptGetAccountData();
 
             const authDict = { type: "test" };
@@ -286,7 +280,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             });
 
             // Prepare for the cross-signing keys
-            const p = accountDataAccumulator.interceptSetAccountData(":type(m.cross_signing..*)");
+            const p = accountDataAccumulator.waitForAccountData("m.cross_signing.master");
 
             await bootstrapCrossSigning(authDict);
             await p;
@@ -407,7 +401,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             const isCrossSigningReady = await aliceClient.getCrypto()!.isCrossSigningReady();
 
             expect(isCrossSigningReady).toBeFalsy();
-        });
+        }, 10000);
     });
 
     describe("getCrossSigningKeyId", () => {
@@ -419,20 +413,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
          */
         function awaitCrossSigningKeysUpload() {
             return new Promise<any>((resolve) => {
-                fetchMock.post(
-                    // legacy crypto uses /unstable/; /v3/ is correct
-                    {
-                        url: new RegExp("/_matrix/client/(unstable|v3)/keys/device_signing/upload"),
-                        name: "upload-keys",
-                    },
-                    (url, options) => {
-                        const content = JSON.parse(options.body as string);
+                fetchMock.modifyRoute("upload-cross-signing-keys", {
+                    response: (callLog) => {
+                        const content = JSON.parse(callLog.options.body as string);
                         resolve(content);
                         return {};
                     },
-                    // Override the routes define in `mockSetupCrossSigningRequests`
-                    { overwriteRoutes: true },
-                );
+                });
             });
         }
 
@@ -463,9 +450,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
 
     describe("crossSignDevice", () => {
         beforeEach(async () => {
-            // We want to use fake timers, but the wasm bindings of matrix-sdk-crypto rely on a working `queueMicrotask`.
-            jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
             // make sure that there is another device which we can sign
             e2eKeyResponder.addDeviceKeys(SIGNED_TEST_DEVICE_DATA);
 
@@ -475,17 +459,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             await aliceClient.startClient();
             await syncPromise(aliceClient);
 
-            // Wait for legacy crypto to find the device
-            await jest.advanceTimersByTimeAsync(10);
-
             const devices = await aliceClient.getCrypto()!.getUserDeviceInfo([aliceClient.getSafeUserId()]);
             expect(devices.get(aliceClient.getSafeUserId())!.has(testData.TEST_DEVICE_ID)).toBeTruthy();
         });
 
-        afterEach(async () => {
-            jest.useRealTimers();
-        });
-
         it("fails for an unknown device", async () => {
             await expect(aliceClient.getCrypto()!.crossSignDevice("unknown")).rejects.toThrow("Unknown device");
         });
@@ -498,9 +475,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("cross-signing (%s)", (backend: s
             await aliceClient.getCrypto()!.crossSignDevice(testData.TEST_DEVICE_ID);
 
             // check that a sig for the device was uploaded
-            const calls = fetchMock.calls("upload-sigs");
+            const calls = fetchMock.callHistory.calls("upload-sigs");
             expect(calls.length).toEqual(1);
-            const body = JSON.parse(calls[0][1]!.body as string);
+            const body = JSON.parse(calls[0].options!.body as string);
             const deviceSig = body[aliceClient.getSafeUserId()][testData.TEST_DEVICE_ID];
             expect(deviceSig).toHaveProperty("signatures");
         });

spec/integ/crypto/device-dehydration.spec.ts

@@ -15,17 +15,21 @@ limitations under the License.
 */
 
 import "fake-indexeddb/auto";
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
+import { type CallLog } from "fetch-mock";
+import debug from "debug";
 
-import { createClient, ClientEvent, MatrixClient, MatrixEvent } from "../../../src";
-import { RustCrypto } from "../../../src/rust-crypto/rust-crypto";
-import { AddSecretStorageKeyOpts } from "../../../src/secret-storage";
+import { ClientEvent, createClient, DebugLogger, type MatrixClient, MatrixEvent } from "../../../src";
+import { CryptoEvent } from "../../../src/crypto-api/index";
+import { type RustCrypto } from "../../../src/rust-crypto/rust-crypto";
+import { type AddSecretStorageKeyOpts } from "../../../src/secret-storage";
 import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
+import { emitPromise, EventCounter } from "../../test-utils/test-utils";
 
 describe("Device dehydration", () => {
     it("should rehydrate and dehydrate a device", async () => {
-        jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
+        vi.useFakeTimers();
 
         const matrixClient = createClient({
             baseUrl: "http://test.server",
@@ -36,10 +40,17 @@ describe("Device dehydration", () => {
                     return [[...Object.keys(keys.keys)][0], new Uint8Array(32)];
                 },
             },
+            logger: new DebugLogger(debug(`matrix-js-sdk:dehydration`)),
         });
 
         await initializeSecretStorage(matrixClient, "@alice:localhost", "http://test.server");
 
+        const creationEventCounter = new EventCounter(matrixClient, CryptoEvent.DehydratedDeviceCreated);
+        const dehydrationKeyCachedEventCounter = new EventCounter(matrixClient, CryptoEvent.DehydrationKeyCached);
+        const rehydrationStartedCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationStarted);
+        const rehydrationCompletedCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationCompleted);
+        const rehydrationProgressCounter = new EventCounter(matrixClient, CryptoEvent.RehydrationProgress);
+
         // count the number of times the dehydration key gets set
         let setDehydrationCount = 0;
         matrixClient.on(ClientEvent.AccountData, (event: MatrixEvent) => {
@@ -49,53 +60,67 @@ describe("Device dehydration", () => {
         });
 
         const crypto = matrixClient.getCrypto()!;
-        fetchMock.config.overwriteRoutes = true;
 
         // start dehydration -- we start with no dehydrated device, and we
         // store the dehydrated device that we create
-        fetchMock.get("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", {
-            status: 404,
-            body: {
-                errcode: "M_NOT_FOUND",
-                error: "Not found",
+        fetchMock.get(
+            "path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device",
+            {
+                status: 404,
+                body: {
+                    errcode: "M_NOT_FOUND",
+                    error: "Not found",
+                },
             },
-        });
+            { name: "get-dehydrated-device" },
+        );
         let dehydratedDeviceBody: any;
         let dehydrationCount = 0;
         let resolveDehydrationPromise: () => void;
-        fetchMock.put("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", (_, opts) => {
-            dehydratedDeviceBody = JSON.parse(opts.body as string);
-            dehydrationCount++;
-            if (resolveDehydrationPromise) {
-                resolveDehydrationPromise();
-            }
-            return {};
-        });
+        fetchMock.put(
+            "path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device",
+            (callLog) => {
+                dehydratedDeviceBody = JSON.parse(callLog.options.body as string);
+                dehydrationCount++;
+                if (resolveDehydrationPromise) {
+                    resolveDehydrationPromise();
+                }
+                return {};
+            },
+            { name: "put-dehydrated-device" },
+        );
         await crypto.startDehydration();
 
         expect(dehydrationCount).toEqual(1);
+        expect(creationEventCounter.counter).toEqual(1);
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(1);
 
         // a week later, we should have created another dehydrated device
         const dehydrationPromise = new Promise<void>((resolve, reject) => {
             resolveDehydrationPromise = resolve;
         });
-        jest.advanceTimersByTime(7 * 24 * 60 * 60 * 1000);
+        vi.advanceTimersByTime(7 * 24 * 60 * 60 * 1000);
         await dehydrationPromise;
+
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(1);
         expect(dehydrationCount).toEqual(2);
+        expect(creationEventCounter.counter).toEqual(2);
 
         // restart dehydration -- rehydrate the device that we created above,
         // and create a new dehydrated device.  We also set `createNewKey`, so
         // a new dehydration key will be set
-        fetchMock.get("path:/_matrix/client/unstable/org.matrix.msc3814.v1/dehydrated_device", {
-            device_id: dehydratedDeviceBody.device_id,
-            device_data: dehydratedDeviceBody.device_data,
+        fetchMock.modifyRoute("get-dehydrated-device", {
+            response: {
+                device_id: dehydratedDeviceBody.device_id,
+                device_data: dehydratedDeviceBody.device_data,
+            },
         });
-        const eventsResponse = jest.fn((url, opts) => {
+        const eventsResponse = vi.fn((callLog: CallLog) => {
             // rehydrating should make two calls to the /events endpoint.
             // The first time will return a single event, and the second
             // time will return no events (which will signal to the
             // rehydration function that it can stop)
-            const body = JSON.parse(opts.body as string);
+            const body = JSON.parse(callLog.options.body as string);
             const nextBatch = body.next_batch ?? "0";
             const events = nextBatch === "0" ? [{ sender: "@alice:localhost", type: "m.dummy", content: {} }] : [];
             return {
@@ -113,6 +138,41 @@ describe("Device dehydration", () => {
         expect(setDehydrationCount).toEqual(2);
         expect(eventsResponse.mock.calls).toHaveLength(2);
 
+        expect(rehydrationStartedCounter.counter).toEqual(1);
+        expect(rehydrationCompletedCounter.counter).toEqual(1);
+        expect(creationEventCounter.counter).toEqual(3);
+        expect(rehydrationProgressCounter.counter).toEqual(1);
+        expect(dehydrationKeyCachedEventCounter.counter).toEqual(2);
+
+        // test that if we get an error when we try to rotate, it emits an event
+        fetchMock.modifyRoute("put-dehydrated-device", {
+            response: {
+                status: 500,
+                body: {
+                    errcode: "M_UNKNOWN",
+                    error: "Unknown error",
+                },
+            },
+        });
+        const rotationErrorEventPromise = emitPromise(matrixClient, CryptoEvent.DehydratedDeviceRotationError);
+        vi.advanceTimersByTime(7 * 24 * 60 * 60 * 1000);
+        await rotationErrorEventPromise;
+
+        // Restart dehydration, but return an error for GET /dehydrated_device so that rehydration fails.
+        fetchMock.modifyRoute("get-dehydrated-device", {
+            response: {
+                status: 500,
+                body: {
+                    errcode: "M_UNKNOWN",
+                    error: "Unknown error",
+                },
+            },
+        });
+        fetchMock.modifyRoute("put-dehydrated-device", { response: { body: {} } });
+        const rehydrationErrorEventPromise = emitPromise(matrixClient, CryptoEvent.RehydrationError);
+        await crypto.startDehydration(true);
+        await rehydrationErrorEventPromise;
+
         matrixClient.stopClient();
     });
 });
@@ -133,11 +193,9 @@ async function initializeSecretStorage(
     const e2eKeyReceiver = new E2EKeyReceiver(homeserverUrl);
     const e2eKeyResponder = new E2EKeyResponder(homeserverUrl);
     e2eKeyResponder.addKeyReceiver(userId, e2eKeyReceiver);
-    fetchMock.post("path:/_matrix/client/v3/keys/device_signing/upload", {});
-    fetchMock.post("path:/_matrix/client/v3/keys/signatures/upload", {});
     const accountData: Map<string, object> = new Map();
-    fetchMock.get("glob:http://*/_matrix/client/v3/user/*/account_data/*", (url, opts) => {
-        const name = url.split("/").pop()!;
+    fetchMock.get("glob:http://*/_matrix/client/v3/user/*/account_data/*", (callLog) => {
+        const name = callLog.url.split("/").pop()!;
         const value = accountData.get(name);
         if (value) {
             return value;
@@ -151,9 +209,9 @@ async function initializeSecretStorage(
             };
         }
     });
-    fetchMock.put("glob:http://*/_matrix/client/v3/user/*/account_data/*", (url, opts) => {
-        const name = url.split("/").pop()!;
-        const value = JSON.parse(opts.body as string);
+    fetchMock.put("glob:http://*/_matrix/client/v3/user/*/account_data/*", (callLog) => {
+        const name = callLog.url.split("/").pop()!;
+        const value = JSON.parse(callLog.options.body as string);
         accountData.set(name, value);
         matrixClient.emit(ClientEvent.AccountData, new MatrixEvent({ type: name, content: value }));
         return {};
@@ -172,8 +230,8 @@ async function initializeSecretStorage(
             privateKey: new Uint8Array(32),
         };
     }
-    await matrixClient.bootstrapCrossSigning({ setupNewCrossSigning: true });
-    await matrixClient.bootstrapSecretStorage({
+    await matrixClient.getCrypto()!.bootstrapCrossSigning({ setupNewCrossSigning: true });
+    await matrixClient.getCrypto()!.bootstrapSecretStorage({
         createSecretStorageKey,
         setupNewSecretStorage: true,
         setupNewKeyBackup: false,

spec/integ/crypto/megolm-backup.spec.ts

@@ -14,38 +14,37 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
-import { Mocked } from "jest-mock";
+import { type Mocked } from "vitest";
 
 import {
     createClient,
-    Crypto,
     encodeBase64,
-    ICreateClientOpts,
-    IEvent,
-    IMegolmSessionData,
-    MatrixClient,
+    type IContent,
+    type ICreateClientOpts,
+    type IEvent,
+    type IMegolmSessionData,
+    type MatrixClient,
     TypedEventEmitter,
 } from "../../../src";
 import { SyncResponder } from "../../test-utils/SyncResponder";
 import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
 import { mockInitialApiRequests } from "../../test-utils/mockEndpoints";
-import {
-    advanceTimersUntil,
-    awaitDecryption,
-    CRYPTO_BACKENDS,
-    InitCrypto,
-    syncPromise,
-} from "../../test-utils/test-utils";
+import { advanceTimersUntil, awaitDecryption, syncPromise } from "../../test-utils/test-utils";
 import * as testData from "../../test-utils/test-data";
-import { KeyBackupInfo, KeyBackupSession } from "../../../src/crypto-api/keybackup";
+import { type KeyBackupInfo, type KeyBackupSession } from "../../../src/crypto-api/keybackup";
 import { flushPromises } from "../../test-utils/flushPromises";
-import { defer, IDeferred } from "../../../src/utils";
-import { decodeRecoveryKey, DecryptionFailureCode, CryptoEvent } from "../../../src/crypto-api";
-import { KeyBackup } from "../../../src/rust-crypto/backup.ts";
+import {
+    decodeRecoveryKey,
+    DecryptionFailureCode,
+    CryptoEvent,
+    type CryptoApi,
+    DecryptionKeyDoesNotMatchError,
+} from "../../../src/crypto-api";
+import { type KeyBackup } from "../../../src/rust-crypto/backup.ts";
 
 const ROOM_ID = testData.TEST_ROOM_ID;
 
@@ -77,10 +76,11 @@ function mockUploadEmitter(
     expectedVersion: string,
 ): TypedEventEmitter<MockKeyUploadEvent, MockKeyUploadEventHandlerMap> {
     const emitter = new TypedEventEmitter();
+    fetchMock.removeRoute("mock-upload-emitter");
     fetchMock.put(
         "path:/_matrix/client/v3/room_keys/keys",
-        (url, request) => {
-            const version = new URLSearchParams(new URL(url).search).get("version");
+        (callLog) => {
+            const version = new URLSearchParams(new URL(callLog.url).search).get("version");
             if (version != expectedVersion) {
                 return {
                     status: 403,
@@ -91,7 +91,7 @@ function mockUploadEmitter(
                     },
                 };
             }
-            const uploadPayload: KeyBackup = JSON.parse(request.body?.toString() ?? "{}");
+            const uploadPayload: KeyBackup = JSON.parse((callLog.options.body as string) ?? "{}");
             let count = 0;
             for (const [roomId, value] of Object.entries(uploadPayload.rooms)) {
                 for (const sessionId of Object.keys(value.sessions)) {
@@ -107,21 +107,12 @@ function mockUploadEmitter(
                 },
             };
         },
-        {
-            overwriteRoutes: true,
-        },
+        { name: "mock-upload-emitter" },
     );
     return emitter;
 }
 
-describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backend: string, initCrypto: InitCrypto) => {
-    // oldBackendOnly is an alternative to `it` or `test` which will skip the test if we are running against the
-    // Rust backend. Once we have full support in the rust sdk, it will go away.
-    const oldBackendOnly = backend === "rust-sdk" ? test.skip : test;
-    const newBackendOnly = backend === "libolm" ? test.skip : test;
-
-    const isNewBackend = backend === "rust-sdk";
-
+describe("megolm-keys backup", () => {
     let aliceClient: MatrixClient;
     /** an object which intercepts `/sync` requests on the test homeserver */
     let syncResponder: SyncResponder;
@@ -132,12 +123,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
     let e2eKeyResponder: E2EKeyResponder;
 
     beforeEach(async () => {
-        // We want to use fake timers, but the wasm bindings of matrix-sdk-crypto rely on a working `queueMicrotask`.
-        jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
+        vi.useFakeTimers();
 
         // anything that we don't have a specific matcher for silently returns a 404
         fetchMock.catch(404);
-        fetchMock.config.warnOnFallback = false;
 
         mockInitialApiRequests(TEST_HOMESERVER_URL);
         syncResponder = new SyncResponder(TEST_HOMESERVER_URL);
@@ -148,15 +137,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
     });
 
     afterEach(async () => {
-        if (aliceClient !== undefined) {
-            await aliceClient.stopClient();
-        }
+        aliceClient?.stopClient();
 
         // Allow in-flight things to complete before we tear down the test
-        await jest.runAllTimersAsync();
+        await vi.runAllTimersAsync();
 
-        fetchMock.mockReset();
-        jest.restoreAllMocks();
+        vi.restoreAllMocks();
     });
 
     async function initTestClient(opts: Partial<ICreateClientOpts> = {}): Promise<MatrixClient> {
@@ -167,7 +153,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             deviceId: TEST_DEVICE_ID,
             ...opts,
         });
-        await initCrypto(client);
+        await client.initRustCrypto();
 
         return client;
     }
@@ -222,9 +208,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         );
 
         it("Alice checks key backups when receiving a message she can't decrypt", async () => {
-            fetchMock.get("express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id", (url, request) => {
+            fetchMock.get("express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id", (callLog) => {
                 // check that the version is correct
-                const version = new URLSearchParams(new URL(url).search).get("version");
+                const version = new URLSearchParams(new URL(callLog.url).search).get("version");
                 if (version == "1") {
                     return testData.CURVE25519_KEY_BACKUP_DATA;
                 } else {
@@ -248,19 +234,15 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
             // On the first decryption attempt, decryption fails.
             await awaitDecryption(event);
-            expect(event.decryptionFailureReason).toEqual(
-                isNewBackend
-                    ? DecryptionFailureCode.HISTORICAL_MESSAGE_WORKING_BACKUP
-                    : DecryptionFailureCode.MEGOLM_UNKNOWN_INBOUND_SESSION_ID,
-            );
+            expect(event.decryptionFailureReason).toEqual(DecryptionFailureCode.HISTORICAL_MESSAGE_WORKING_BACKUP);
 
             // Eventually, decryption succeeds.
             await awaitDecryption(event, { waitOnDecryptionFailure: true });
-            expect(event.getContent()).toEqual(testData.CLEAR_EVENT.content);
+            expect(event.getContent<IContent>()).toEqual(testData.CLEAR_EVENT.content);
         });
 
         it("handles error on backup query gracefully", async () => {
-            jest.spyOn(console, "error").mockImplementation(() => {});
+            vi.spyOn(console, "error").mockImplementation(() => {});
 
             fetchMock.get(
                 "express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id",
@@ -272,9 +254,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             syncResponder.sendOrQueueSyncResponse(SYNC_RESPONSE);
             await flushBackupRequest();
 
-            const calls = fetchMock.calls("getKey");
+            const calls = fetchMock.callHistory.calls("getKey");
             expect(calls.length).toEqual(1);
-            expect(calls[0][0]).toEqual(EXPECTED_URL);
+            expect(calls[0].url).toEqual(EXPECTED_URL);
 
             await flushBackupRequest();
 
@@ -293,11 +275,11 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             // Send Alice a message that she won't be able to decrypt
             syncResponder.sendOrQueueSyncResponse(SYNC_RESPONSE);
             await flushBackupRequest();
-            const calls = fetchMock.calls("getKey");
+            const calls = fetchMock.callHistory.calls("getKey");
             expect(calls.length).toEqual(1);
-            expect(calls[0][0]).toEqual(EXPECTED_URL);
+            expect(calls[0].url).toEqual(EXPECTED_URL);
 
-            fetchMock.resetHistory();
+            fetchMock.clearHistory();
 
             // another message
             const event2 = { ...testData.ENCRYPTED_EVENT, event_id: "$event2" };
@@ -307,12 +289,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             };
             syncResponder.sendOrQueueSyncResponse(syncResponse2);
             await flushBackupRequest();
-            expect(fetchMock.calls("getKey").length).toEqual(0);
+            expect(fetchMock.callHistory.calls("getKey").length).toEqual(0);
         });
     });
 
     describe("recover from backup", () => {
-        let aliceCrypto: Crypto.CryptoApi;
+        let aliceCrypto: CryptoApi;
 
         beforeEach(async () => {
             fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
@@ -344,43 +326,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
 
             const check = await aliceCrypto.checkKeyBackupAndEnable();
-
-            let onKeyCached: () => void;
-            const awaitKeyCached = new Promise<void>((resolve) => {
-                onKeyCached = resolve;
-            });
-
             await aliceCrypto.storeSessionBackupPrivateKey(
                 decodeRecoveryKey(testData.BACKUP_DECRYPTION_KEY_BASE58),
                 check!.backupInfo!.version!,
             );
 
-            const result = await advanceTimersUntil(
-                isNewBackend
-                    ? aliceCrypto.restoreKeyBackup()
-                    : aliceClient.restoreKeyBackupWithRecoveryKey(
-                          testData.BACKUP_DECRYPTION_KEY_BASE58,
-                          undefined,
-                          undefined,
-                          check!.backupInfo!,
-                          {
-                              cacheCompleteCallback: () => onKeyCached(),
-                          },
-                      ),
-            );
+            const result = await advanceTimersUntil(aliceCrypto.restoreKeyBackup());
 
             expect(result.imported).toStrictEqual(1);
-
-            if (isNewBackend) return;
-
-            await awaitKeyCached;
-
-            // The key should be now cached
-            const afterCache = await advanceTimersUntil(
-                aliceClient.restoreKeyBackupWithCache(undefined, undefined, check!.backupInfo!),
-            );
-
-            expect(afterCache.imported).toStrictEqual(1);
         });
 
         /**
@@ -412,14 +365,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         }
 
         it("Should import full backup in chunks", async function () {
-            const importMockImpl = jest.fn();
-            if (isNewBackend) {
-                // @ts-ignore - mock a private method for testing purpose
-                jest.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
-            } else {
-                // @ts-ignore - mock a private method for testing purpose
-                jest.spyOn(aliceCrypto, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
-            }
+            const importMockImpl = vi.fn();
+            // @ts-ignore - mock a private method for testing purpose
+            vi.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
 
             // We need several rooms with several sessions to test chunking
             const { response, expectedTotal } = createBackupDownloadResponse([45, 300, 345, 12, 130]);
@@ -433,20 +381,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 check!.backupInfo!.version!,
             );
 
-            const progressCallback = jest.fn();
-            const result = await (isNewBackend
-                ? aliceCrypto.restoreKeyBackup({
-                      progressCallback,
-                  })
-                : aliceClient.restoreKeyBackupWithRecoveryKey(
-                      testData.BACKUP_DECRYPTION_KEY_BASE58,
-                      undefined,
-                      undefined,
-                      check!.backupInfo!,
-                      {
-                          progressCallback,
-                      },
-                  ));
+            const progressCallback = vi.fn();
+            const result = await aliceCrypto.restoreKeyBackup({
+                progressCallback,
+            });
 
             expect(result.imported).toStrictEqual(expectedTotal);
             // Should be called 5 times: 200*4 plus one chunk with the remaining 32
@@ -480,7 +418,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         });
 
         it("Should continue to process backup if a chunk import fails and report failures", async function () {
-            const importMockImpl = jest
+            const importMockImpl = vi
                 .fn()
                 .mockImplementationOnce(() => {
                     // Fail to import first chunk
@@ -489,13 +427,8 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 // Ok for other chunks
                 .mockResolvedValue(undefined);
 
-            if (isNewBackend) {
-                // @ts-ignore - mock a private method for testing purpose
-                jest.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
-            } else {
-                // @ts-ignore - mock a private method for testing purpose
-                jest.spyOn(aliceCrypto, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
-            }
+            // @ts-ignore - mock a private method for testing purpose
+            vi.spyOn(aliceCrypto.backupManager, "importBackedUpRoomKeys").mockImplementation(importMockImpl);
 
             const { response, expectedTotal } = createBackupDownloadResponse([100, 300]);
 
@@ -507,18 +440,8 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 check!.backupInfo!.version!,
             );
 
-            const progressCallback = jest.fn();
-            const result = await (isNewBackend
-                ? aliceCrypto.restoreKeyBackup({ progressCallback })
-                : aliceClient.restoreKeyBackupWithRecoveryKey(
-                      testData.BACKUP_DECRYPTION_KEY_BASE58,
-                      undefined,
-                      undefined,
-                      check!.backupInfo!,
-                      {
-                          progressCallback,
-                      },
-                  ));
+            const progressCallback = vi.fn();
+            const result = await aliceCrypto.restoreKeyBackup({ progressCallback });
 
             expect(result.total).toStrictEqual(expectedTotal);
             // A chunk failed to import
@@ -541,13 +464,13 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
         it("Should continue if some keys fails to decrypt", async function () {
             // @ts-ignore - mock a private method for testing purpose
-            aliceCrypto.importBackedUpRoomKeys = jest.fn();
+            aliceCrypto.importBackedUpRoomKeys = vi.fn();
 
             const decryptionFailureCount = 2;
 
             const mockDecryptor = {
                 // DecryptSessions does not reject on decryption failure, but just skip the key
-                decryptSessions: jest.fn().mockImplementation((sessions) => {
+                decryptSessions: vi.fn().mockImplementation((sessions) => {
                     // simulate fail to decrypt 2 keys out of all
                     const decrypted = [];
                     const keys = Object.keys(sessions);
@@ -558,11 +481,11 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                     }
                     return decrypted;
                 }),
-                free: jest.fn(),
+                free: vi.fn(),
             };
 
             // @ts-ignore - mock a private method for testing purpose
-            aliceCrypto.getBackupDecryptor = jest.fn().mockResolvedValue(mockDecryptor);
+            aliceCrypto.getBackupDecryptor = vi.fn().mockResolvedValue(mockDecryptor);
 
             const { response, expectedTotal } = createBackupDownloadResponse([100]);
 
@@ -574,100 +497,69 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 check!.backupInfo!.version!,
             );
 
-            const result = await (isNewBackend
-                ? aliceCrypto.restoreKeyBackup()
-                : aliceClient.restoreKeyBackupWithRecoveryKey(
-                      testData.BACKUP_DECRYPTION_KEY_BASE58,
-                      undefined,
-                      undefined,
-                      check!.backupInfo!,
-                  ));
+            const result = await aliceCrypto.restoreKeyBackup();
 
             expect(result.total).toStrictEqual(expectedTotal);
             // A chunk failed to import
             expect(result.imported).toStrictEqual(expectedTotal - decryptionFailureCount);
         });
 
-        oldBackendOnly("recover specific session from backup", async function () {
-            fetchMock.get(
-                "express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id",
+        it("Should get the decryption key from the secret storage and restore the key backup", async function () {
+            // @ts-ignore - mock a private method for testing purpose
+            vi.spyOn(aliceCrypto.secretStorage, "get").mockResolvedValue(testData.BACKUP_DECRYPTION_KEY_BASE64);
+
+            const fullBackup = createFullBackup(
+                testData.MEGOLM_SESSION_DATA.session_id,
                 testData.CURVE25519_KEY_BACKUP_DATA,
             );
+            fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
 
-            const check = await aliceCrypto.checkKeyBackupAndEnable();
-
-            const result = await advanceTimersUntil(
-                aliceClient.restoreKeyBackupWithRecoveryKey(
-                    testData.BACKUP_DECRYPTION_KEY_BASE58,
-                    ROOM_ID,
-                    testData.MEGOLM_SESSION_DATA.session_id,
-                    check!.backupInfo!,
-                ),
-            );
+            await aliceCrypto.loadSessionBackupPrivateKeyFromSecretStorage();
+            const decryptionKey = await aliceCrypto.getSessionBackupPrivateKey();
+            expect(encodeBase64(decryptionKey!)).toStrictEqual(testData.BACKUP_DECRYPTION_KEY_BASE64);
 
+            const result = await aliceCrypto.restoreKeyBackup();
             expect(result.imported).toStrictEqual(1);
         });
 
-        newBackendOnly(
-            "Should get the decryption key from the secret storage and restore the key backup",
-            async function () {
-                // @ts-ignore - mock a private method for testing purpose
-                jest.spyOn(aliceCrypto.secretStorage, "get").mockResolvedValue(testData.BACKUP_DECRYPTION_KEY_BASE64);
+        it("Should throw an error if the decryption key does not match the backup", async function () {
+            // Given the stored backup decryption key does not match the public backup info
+            // @ts-ignore - mock a private method for testing purpose
+            vi.spyOn(aliceCrypto.secretStorage, "get").mockResolvedValue(testData.BACKUP_DECRYPTION_KEY_BASE64_ALT);
 
-                const fullBackup = {
-                    rooms: {
-                        [ROOM_ID]: {
-                            sessions: {
-                                [testData.MEGOLM_SESSION_DATA.session_id]: testData.CURVE25519_KEY_BACKUP_DATA,
-                            },
-                        },
-                    },
-                };
-                fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
+            const fullBackup = createFullBackup(
+                testData.MEGOLM_SESSION_DATA.session_id,
+                testData.CURVE25519_KEY_BACKUP_DATA,
+            );
+            fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
 
-                await aliceCrypto.loadSessionBackupPrivateKeyFromSecretStorage();
-                const decryptionKey = await aliceCrypto.getSessionBackupPrivateKey();
-                expect(encodeBase64(decryptionKey!)).toStrictEqual(testData.BACKUP_DECRYPTION_KEY_BASE64);
+            // When we load that key, we throw because the keys don't match
+            await expect(aliceCrypto.loadSessionBackupPrivateKeyFromSecretStorage()).rejects.toThrow(
+                DecryptionKeyDoesNotMatchError,
+            );
+        });
 
-                const result = await aliceCrypto.restoreKeyBackup();
-                expect(result.imported).toStrictEqual(1);
-            },
-        );
+        it("Should throw an error if the decryption key is not found in cache", async () => {
+            await expect(aliceCrypto.restoreKeyBackup()).rejects.toThrow("No decryption key found in crypto store");
+        });
 
-        oldBackendOnly("Fails on bad recovery key", async function () {
-            const fullBackup = {
+        function createFullBackup(sessionId: string, data: KeyBackupSession) {
+            return {
                 rooms: {
                     [ROOM_ID]: {
                         sessions: {
-                            [testData.MEGOLM_SESSION_DATA.session_id]: testData.CURVE25519_KEY_BACKUP_DATA,
+                            [sessionId]: data,
                         },
                     },
                 },
             };
-
-            fetchMock.get("express:/_matrix/client/v3/room_keys/keys", fullBackup);
-
-            const check = await aliceCrypto.checkKeyBackupAndEnable();
-
-            await expect(
-                aliceClient.restoreKeyBackupWithRecoveryKey(
-                    "EsTx A7Xn aNFF k3jH zpV3 MQoN LJEg mscC HecF 982L wC77 mYQD",
-                    undefined,
-                    undefined,
-                    check!.backupInfo!,
-                ),
-            ).rejects.toThrow();
-        });
-
-        newBackendOnly("Should throw an error if the decryption key is not found in cache", async () => {
-            await expect(aliceCrypto.restoreKeyBackup()).rejects.toThrow("No decryption key found in crypto store");
-        });
+        }
     });
 
     describe("backupLoop", () => {
         it("Alice should upload known keys when backup is enabled", async function () {
             // 404 means that there is no active backup
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", 404);
+            fetchMock.get("path:/_matrix/client/v3/room_keys/version", 404, { name: "room-keys-version" });
 
             aliceClient = await initTestClient();
             const aliceCrypto = aliceClient.getCrypto()!;
@@ -704,8 +596,8 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 });
             });
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
-                overwriteRoutes: true,
+            fetchMock.modifyRoute("room-keys-version", {
+                response: { status: 200, body: testData.SIGNED_BACKUP_DATA },
             });
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
@@ -714,7 +606,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await aliceCrypto.importRoomKeys(someRoomKeys);
 
             // The backup loop is waiting a random amount of time to avoid different clients firing at the same time.
-            jest.runAllTimers();
+            vi.runAllTimers();
 
             await Promise.all(uploadPromises);
 
@@ -738,7 +630,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
             await aliceCrypto.importRoomKeys([newKey]);
 
-            jest.runAllTimers();
+            vi.runAllTimers();
             await newKeyUploadPromise;
         });
 
@@ -763,7 +655,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             const someRoomKeys = testData.MEGOLM_SESSION_DATA_ARRAY;
 
             fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
-                overwriteRoutes: true,
+                name: "room-keys-version",
             });
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
@@ -773,7 +665,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await aliceCrypto.importRoomKeys(someRoomKeys);
 
             // The backup loop is waiting a random amount of time to avoid different clients firing at the same time.
-            jest.runAllTimers();
+            vi.runAllTimers();
 
             // wait for all keys to be backed up
             await remainingZeroPromise;
@@ -784,10 +676,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             newBackup.version = newBackupVersion;
 
             // Let's simulate that a new backup is available by returning error code on key upload
-
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", newBackup, {
-                overwriteRoutes: true,
-            });
+            fetchMock.modifyRoute("room-keys-version", { response: newBackup });
 
             // If we import a new key the loop will try to upload to old version, it will
             // fail then check the current version and switch if trusted
@@ -830,12 +719,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
             await aliceCrypto.importRoomKeys([newKey]);
 
-            jest.runAllTimers();
+            vi.runAllTimers();
 
             await disableOldBackup;
             await enableNewBackup;
 
-            jest.runAllTimers();
+            vi.runAllTimers();
 
             await Promise.all(uploadPromises);
             await newKeyUploadPromise;
@@ -850,22 +739,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await waitForDeviceList();
             await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
-                overwriteRoutes: true,
-            });
+            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
             // on the first key upload attempt, simulate a network failure
             const failurePromise = new Promise((resolve) => {
-                fetchMock.put(
-                    "path:/_matrix/client/v3/room_keys/keys",
-                    () => {
-                        resolve(undefined);
-                        throw new TypeError(`Failed to fetch`);
-                    },
-                    {
-                        overwriteRoutes: true,
-                    },
-                );
+                fetchMock.putOnce("path:/_matrix/client/v3/room_keys/keys", () => {
+                    resolve(undefined);
+                    throw new TypeError(`Failed to fetch`);
+                });
             });
 
             // kick the import loop off and wait for the failed request
@@ -874,27 +755,21 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
             expect(result).toBeTruthy();
-            jest.advanceTimersByTime(10 * 60 * 1000);
+            vi.advanceTimersByTime(10 * 60 * 1000);
             await failurePromise;
 
             // Fix the endpoint to do successful uploads
             const successPromise = new Promise((resolve) => {
-                fetchMock.put(
-                    "path:/_matrix/client/v3/room_keys/keys",
-                    () => {
-                        resolve(undefined);
-                        return {
-                            status: 200,
-                            body: {
-                                count: 2,
-                                etag: "abcdefg",
-                            },
-                        };
-                    },
-                    {
-                        overwriteRoutes: true,
-                    },
-                );
+                fetchMock.putOnce("path:/_matrix/client/v3/room_keys/keys", () => {
+                    resolve(undefined);
+                    return {
+                        status: 200,
+                        body: {
+                            count: 2,
+                            etag: "abcdefg",
+                        },
+                    };
+                });
             });
 
             // check that a `KeyBackupSessionsRemaining` event is emitted with `remaining == 0`
@@ -907,7 +782,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             });
 
             // run the timers, which will make the backup loop redo the request
-            await jest.advanceTimersByTimeAsync(10 * 60 * 1000);
+            await vi.advanceTimersByTimeAsync(10 * 60 * 1000);
             await successPromise;
             await allKeysUploadedPromise;
         });
@@ -915,7 +790,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
     it("getActiveSessionBackupVersion() should give correct result", async function () {
         // 404 means that there is no active backup
-        fetchMock.get("express:/_matrix/client/v3/room_keys/version", 404);
+        fetchMock.getOnce("express:/_matrix/client/v3/room_keys/version", 404);
 
         aliceClient = await initTestClient();
         const aliceCrypto = aliceClient.getCrypto()!;
@@ -934,9 +809,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         // Serve a backup with no trusted signature
         const unsignedBackup = JSON.parse(JSON.stringify(testData.SIGNED_BACKUP_DATA));
         delete unsignedBackup.auth_data.signatures;
-        fetchMock.get("express:/_matrix/client/v3/room_keys/version", unsignedBackup, {
-            overwriteRoutes: true,
-        });
+        fetchMock.getOnce("express:/_matrix/client/v3/room_keys/version", unsignedBackup);
 
         const checked = await aliceCrypto.checkKeyBackupAndEnable();
         expect(checked?.backupInfo?.version).toStrictEqual(unsignedBackup.version);
@@ -946,9 +819,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         expect(backupStatus).toBeNull();
 
         // Add a valid signature to the backup
-        fetchMock.get("express:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
-            overwriteRoutes: true,
-        });
+        fetchMock.getOnce("express:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
         // check that signalling is working
         const backupPromise = new Promise<void>((resolve, reject) => {
@@ -968,9 +839,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         expect(backupStatus).toStrictEqual(testData.SIGNED_BACKUP_DATA.version);
     });
 
-    newBackendOnly("getKeyBackupInfo() should not return a backup if the active backup has been deleted", async () => {
+    it("getKeyBackupInfo() should not return a backup if the active backup has been deleted", async () => {
         // 404 means that there is no active backup
-        fetchMock.get("express:/_matrix/client/v3/room_keys/version", 404);
+        fetchMock.getOnce("express:/_matrix/client/v3/room_keys/version", 404);
         fetchMock.delete(`express:/_matrix/client/v3/room_keys/version/${testData.SIGNED_BACKUP_DATA.version}`, {});
 
         aliceClient = await initTestClient();
@@ -986,14 +857,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         expect(await aliceCrypto.getKeyBackupInfo()).toBeNull();
 
         // Return now the backup
-        fetchMock.get("express:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
-            overwriteRoutes: true,
-        });
+        fetchMock.getOnce("express:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
-        expect(await aliceCrypto.getKeyBackupInfo()).toStrictEqual(testData.SIGNED_BACKUP_DATA);
+        expect(await aliceCrypto.getKeyBackupInfo()).toMatchObject(testData.SIGNED_BACKUP_DATA);
 
         // Delete the backup and we are expecting the key backup to be disabled
-        const keyBackupStatus = defer<boolean>();
+        const keyBackupStatus = Promise.withResolvers<boolean>();
         aliceClient.once(CryptoEvent.KeyBackupStatus, (enabled) => keyBackupStatus.resolve(enabled));
         await aliceCrypto.deleteKeyBackupVersion(testData.SIGNED_BACKUP_DATA.version!);
         expect(await keyBackupStatus.promise).toBe(false);
@@ -1077,7 +946,29 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             expect(await aliceCrypto.getActiveSessionBackupVersion()).toEqual(testData.SIGNED_BACKUP_DATA.version);
         });
 
-        it("does not enable a backup signed by an untrusted device", async () => {
+        it("enables a backup not signed by a trusted device, when we have the decryption key", async () => {
+            aliceClient = await initTestClient();
+            const aliceCrypto = aliceClient.getCrypto()!;
+
+            // download the device list, to match the trusted-device case
+            await aliceClient.startClient();
+            await waitForDeviceList();
+
+            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+
+            // Alice does *not* trust the device that signed the backup, but *does* have the decryption key.
+            await aliceCrypto.storeSessionBackupPrivateKey(
+                Buffer.from(testData.BACKUP_DECRYPTION_KEY_BASE64, "base64"),
+                testData.SIGNED_BACKUP_DATA.version!,
+            );
+
+            const result = await aliceCrypto.checkKeyBackupAndEnable();
+            expect(result).toBeTruthy();
+            expect(result!.trustInfo).toEqual({ trusted: false, matchesDecryptionKey: true });
+            expect(await aliceCrypto.getActiveSessionBackupVersion()).toEqual(testData.SIGNED_BACKUP_DATA.version);
+        });
+
+        it("does not enable a backup signed by an untrusted device when we do not have the decryption key", async () => {
             aliceClient = await initTestClient();
             const aliceCrypto = aliceClient.getCrypto()!;
 
@@ -1102,7 +993,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await waitForDeviceList();
             await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
             expect(result).toBeTruthy();
@@ -1112,9 +1003,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             delete unsignedBackup.auth_data.signatures;
             unsignedBackup.version = "2";
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", unsignedBackup, {
-                overwriteRoutes: true,
-            });
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", unsignedBackup);
 
             await aliceCrypto.checkKeyBackupAndEnable();
             expect(await aliceCrypto.getActiveSessionBackupVersion()).toBeNull();
@@ -1129,7 +1018,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await waitForDeviceList();
             await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
             expect(result).toBeTruthy();
@@ -1139,9 +1028,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             const newBackup = JSON.parse(JSON.stringify(testData.SIGNED_BACKUP_DATA));
             newBackup.version = newBackupVersion;
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", newBackup, {
-                overwriteRoutes: true,
-            });
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", newBackup);
 
             await aliceCrypto.checkKeyBackupAndEnable();
             expect(await aliceCrypto.getActiveSessionBackupVersion()).toEqual(newBackupVersion);
@@ -1156,25 +1043,19 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             await waitForDeviceList();
             await aliceCrypto.setDeviceVerified(testData.TEST_USER_ID, testData.TEST_DEVICE_ID);
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
 
             const result = await aliceCrypto.checkKeyBackupAndEnable();
             expect(result).toBeTruthy();
             expect(await aliceCrypto.getActiveSessionBackupVersion()).toEqual(testData.SIGNED_BACKUP_DATA.version);
 
-            fetchMock.get(
-                "path:/_matrix/client/v3/room_keys/version",
-                {
-                    status: 404,
-                    body: {
-                        errcode: "M_NOT_FOUND",
-                        error: "No backup found",
-                    },
+            fetchMock.getOnce("path:/_matrix/client/v3/room_keys/version", {
+                status: 404,
+                body: {
+                    errcode: "M_NOT_FOUND",
+                    error: "No backup found",
                 },
-                {
-                    overwriteRoutes: true,
-                },
-            );
+            });
             const noResult = await aliceCrypto.checkKeyBackupAndEnable();
             expect(noResult).toBeNull();
             expect(await aliceCrypto.getActiveSessionBackupVersion()).toBeNull();
@@ -1183,10 +1064,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
     describe("Backup Changed from other sessions", () => {
         beforeEach(async () => {
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA);
+            fetchMock.get("path:/_matrix/client/v3/room_keys/version", testData.SIGNED_BACKUP_DATA, {
+                name: "room-keys-version",
+            });
 
             // ignore requests to send room key requests
-            fetchMock.put("express:/_matrix/client/v3/sendToDevice/m.room_key_request/:request_id", {});
+            fetchMock.getOnce("express:/_matrix/client/v3/sendToDevice/m.room_key_request/:request_id", {});
 
             aliceClient = await initTestClient();
             const aliceCrypto = aliceClient.getCrypto()!;
@@ -1219,9 +1102,9 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
 
             fetchMock.get(
                 "express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id",
-                (url, request) => {
+                (callLog) => {
                     // check that the version is correct
-                    const version = new URLSearchParams(new URL(url).search).get("version");
+                    const version = new URLSearchParams(new URL(callLog.url).search).get("version");
                     if (version == "1") {
                         return testData.CURVE25519_KEY_BACKUP_DATA;
                     } else {
@@ -1235,7 +1118,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                         };
                     }
                 },
-                { overwriteRoutes: true },
+                { name: "room-keys" },
             );
 
             // Send Alice a message that she won't be able to decrypt, and check that she fetches the key from the backup.
@@ -1246,7 +1129,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             const event = room.getLiveTimeline().getEvents()[0];
             await advanceTimersUntil(awaitDecryption(event, { waitOnDecryptionFailure: true }));
 
-            expect(event.getContent()).toEqual(testData.CLEAR_EVENT.content);
+            expect(event.getContent<IContent>()).toEqual(testData.CLEAR_EVENT.content);
 
             // =====
             // Second suppose now that the backup has changed to version 2
@@ -1257,7 +1140,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                 version: "2",
             };
 
-            fetchMock.get("path:/_matrix/client/v3/room_keys/version", newBackup, { overwriteRoutes: true });
+            fetchMock.modifyRoute("room-keys-version", { response: newBackup });
             // suppose the new key is now known
             const aliceCrypto = aliceClient.getCrypto()!;
             await aliceCrypto.storeSessionBackupPrivateKey(
@@ -1268,13 +1151,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
             // A check backup should happen at some point
             await aliceCrypto.checkKeyBackupAndEnable();
 
-            const awaitHasQueriedNewBackup: IDeferred<void> = defer<void>();
+            const awaitHasQueriedNewBackup: PromiseWithResolvers<void> = Promise.withResolvers<void>();
 
-            fetchMock.get(
-                "express:/_matrix/client/v3/room_keys/keys/:room_id/:session_id",
-                (url, request) => {
+            fetchMock.modifyRoute("room-keys", {
+                response: (callLog) => {
                     // check that the version is correct
-                    const version = new URLSearchParams(new URL(url).search).get("version");
+                    const version = new URLSearchParams(new URL(callLog.url).search).get("version");
                     if (version == newBackup.version) {
                         awaitHasQueriedNewBackup.resolve();
                         return testData.CURVE25519_KEY_BACKUP_DATA;
@@ -1290,8 +1172,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
                         };
                     }
                 },
-                { overwriteRoutes: true },
-            );
+            });
 
             // Send Alice a message that she won't be able to decrypt, and check that she fetches the key from the new backup.
             const newMessage: Partial<IEvent> = {
@@ -1327,7 +1208,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("megolm-keys backup (%s)", (backe
         // user will be one).
         syncResponder.sendOrQueueSyncResponse({});
         // DeviceList has a sleep(5) which we need to make happen
-        await jest.advanceTimersByTimeAsync(10);
+        await vi.advanceTimersByTimeAsync(10);
 
         // The client should now know about the dummy device
         const devices = await aliceClient.getCrypto()!.getUserDeviceInfo([TEST_USER_ID]);

spec/integ/crypto/olm-encryption-spec.ts

@@ -1,693 +0,0 @@
-/*
-Copyright 2016 OpenMarket Ltd
-Copyright 2017 Vector Creations Ltd
-Copyright 2018 New Vector Ltd
-Copyright 2019 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-/* This file consists of a set of integration tests which try to simulate
- * communication via an Olm-encrypted room between two users, Alice and Bob.
- *
- * Note that megolm (group) conversation is not tested here.
- *
- * See also `crypto.spec.js`.
- */
-
-// load olm before the sdk if possible
-import "../../olm-loader";
-
-import type { Session } from "@matrix-org/olm";
-import type { IDeviceKeys, IOneTimeKey } from "../../../src/@types/crypto";
-import { logger } from "../../../src/logger";
-import * as testUtils from "../../test-utils/test-utils";
-import { TestClient } from "../../TestClient";
-import { CRYPTO_ENABLED, IClaimKeysRequest, IQueryKeysRequest, IUploadKeysRequest } from "../../../src/client";
-import { ClientEvent, IContent, ISendEventResponse, MatrixClient, MatrixEvent, MsgType } from "../../../src/matrix";
-import { DeviceInfo } from "../../../src/crypto/deviceinfo";
-import { KnownMembership } from "../../../src/@types/membership";
-
-let aliTestClient: TestClient;
-const roomId = "!room:localhost";
-const aliUserId = "@ali:localhost";
-const aliDeviceId = "zxcvb";
-const aliAccessToken = "aseukfgwef";
-let bobTestClient: TestClient;
-const bobUserId = "@bob:localhost";
-const bobDeviceId = "bvcxz";
-const bobAccessToken = "fewgfkuesa";
-let aliMessages: IContent[];
-let bobMessages: IContent[];
-
-type OlmPayload = ReturnType<Session["encrypt"]>;
-
-async function bobUploadsDeviceKeys(): Promise<void> {
-    bobTestClient.expectDeviceKeyUpload();
-    await bobTestClient.httpBackend.flushAllExpected();
-    expect(Object.keys(bobTestClient.deviceKeys!).length).not.toEqual(0);
-}
-
-/**
- * Set an expectation that querier will query uploader's keys; then flush the http request.
- *
- * @returns resolves once the http request has completed.
- */
-function expectQueryKeys(querier: TestClient, uploader: TestClient): Promise<number> {
-    // can't query keys before bob has uploaded them
-    expect(uploader.deviceKeys).toBeTruthy();
-
-    const uploaderKeys: Record<string, IDeviceKeys> = {};
-    uploaderKeys[uploader.deviceId!] = uploader.deviceKeys!;
-    querier.httpBackend.when("POST", "/keys/query").respond(200, function (_path, content: IQueryKeysRequest) {
-        expect(content.device_keys![uploader.userId!]).toEqual([]);
-        const result: Record<string, Record<string, IDeviceKeys>> = {};
-        result[uploader.userId!] = uploaderKeys;
-        return { device_keys: result };
-    });
-    return querier.httpBackend.flush("/keys/query", 1);
-}
-const expectAliQueryKeys = () => expectQueryKeys(aliTestClient, bobTestClient);
-const expectBobQueryKeys = () => expectQueryKeys(bobTestClient, aliTestClient);
-
-/**
- * Set an expectation that ali will claim one of bob's keys; then flush the http request.
- *
- * @returns resolves once the http request has completed.
- */
-async function expectAliClaimKeys(): Promise<void> {
-    const keys = await bobTestClient.awaitOneTimeKeyUpload();
-    aliTestClient.httpBackend.when("POST", "/keys/claim").respond(200, function (_path, content: IClaimKeysRequest) {
-        const claimType = content.one_time_keys![bobUserId][bobDeviceId];
-        expect(claimType).toEqual("signed_curve25519");
-        let keyId = "";
-        for (keyId in keys) {
-            if (bobTestClient.oneTimeKeys!.hasOwnProperty(keyId)) {
-                if (keyId.indexOf(claimType + ":") === 0) {
-                    break;
-                }
-            }
-        }
-        const result: Record<string, Record<string, Record<string, IOneTimeKey>>> = {};
-        result[bobUserId] = {};
-        result[bobUserId][bobDeviceId] = {};
-        result[bobUserId][bobDeviceId][keyId] = keys[keyId];
-        return { one_time_keys: result };
-    });
-    // it can take a while to process the key query, so give it some extra
-    // time, and make sure the claim actually happens rather than ploughing on
-    // confusingly.
-    const r = await aliTestClient.httpBackend.flush("/keys/claim", 1, 500);
-    expect(r).toEqual(1);
-}
-
-async function aliDownloadsKeys(): Promise<void> {
-    // can't query keys before bob has uploaded them
-    expect(bobTestClient.getSigningKey()).toBeTruthy();
-
-    const p1 = async () => {
-        await aliTestClient.client.downloadKeys([bobUserId]);
-        const devices = aliTestClient.client.getStoredDevicesForUser(bobUserId);
-        expect(devices.length).toEqual(1);
-        expect(devices[0].deviceId).toEqual("bvcxz");
-    };
-    const p2 = expectAliQueryKeys;
-
-    // check that the localStorage is updated as we expect (not sure this is
-    // an integration test, but meh)
-    await Promise.all([p1(), p2()]);
-    await aliTestClient.client.crypto!.deviceList.saveIfDirty();
-    // @ts-ignore - protected
-    aliTestClient.client.cryptoStore.getEndToEndDeviceData(null, (data) => {
-        const devices = data!.devices[bobUserId]!;
-        expect(devices[bobDeviceId].keys).toEqual(bobTestClient.deviceKeys!.keys);
-        expect(devices[bobDeviceId].verified).toBe(DeviceInfo.DeviceVerification.UNVERIFIED);
-    });
-}
-
-async function clientEnablesEncryption(client: MatrixClient): Promise<void> {
-    await client.setRoomEncryption(roomId, {
-        algorithm: "m.olm.v1.curve25519-aes-sha2",
-    });
-    expect(client.isRoomEncrypted(roomId)).toBeTruthy();
-}
-const aliEnablesEncryption = () => clientEnablesEncryption(aliTestClient.client);
-const bobEnablesEncryption = () => clientEnablesEncryption(bobTestClient.client);
-
-/**
- * Ali sends a message, first claiming e2e keys. Set the expectations and
- * check the results.
- *
- * @returns which resolves to the ciphertext for Bob's device.
- */
-async function aliSendsFirstMessage(): Promise<OlmPayload> {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const [_, ciphertext] = await Promise.all([
-        sendMessage(aliTestClient.client),
-        expectAliQueryKeys().then(expectAliClaimKeys).then(expectAliSendMessageRequest),
-    ]);
-    return ciphertext;
-}
-
-/**
- * Ali sends a message without first claiming e2e keys. Set the expectations
- * and check the results.
- *
- * @returns which resolves to the ciphertext for Bob's device.
- */
-async function aliSendsMessage(): Promise<OlmPayload> {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const [_, ciphertext] = await Promise.all([sendMessage(aliTestClient.client), expectAliSendMessageRequest()]);
-    return ciphertext;
-}
-
-/**
- * Bob sends a message, first querying (but not claiming) e2e keys. Set the
- * expectations and check the results.
- *
- * @returns which resolves to the ciphertext for Ali's device.
- */
-async function bobSendsReplyMessage(): Promise<OlmPayload> {
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const [_, ciphertext] = await Promise.all([
-        sendMessage(bobTestClient.client),
-        expectBobQueryKeys().then(expectBobSendMessageRequest),
-    ]);
-    return ciphertext;
-}
-
-/**
- * Set an expectation that Ali will send a message, and flush the request
- *
- * @returns which resolves to the ciphertext for Bob's device.
- */
-async function expectAliSendMessageRequest(): Promise<OlmPayload> {
-    const content = await expectSendMessageRequest(aliTestClient.httpBackend);
-    aliMessages.push(content);
-    expect(Object.keys(content.ciphertext)).toEqual([bobTestClient.getDeviceKey()]);
-    const ciphertext = content.ciphertext[bobTestClient.getDeviceKey()];
-    expect(ciphertext).toBeTruthy();
-    return ciphertext;
-}
-
-/**
- * Set an expectation that Bob will send a message, and flush the request
- *
- * @returns which resolves to the ciphertext for Bob's device.
- */
-async function expectBobSendMessageRequest(): Promise<OlmPayload> {
-    const content = await expectSendMessageRequest(bobTestClient.httpBackend);
-    bobMessages.push(content);
-    const aliKeyId = "curve25519:" + aliDeviceId;
-    const aliDeviceCurve25519Key = aliTestClient.deviceKeys!.keys[aliKeyId];
-    expect(Object.keys(content.ciphertext)).toEqual([aliDeviceCurve25519Key]);
-    const ciphertext = content.ciphertext[aliDeviceCurve25519Key];
-    expect(ciphertext).toBeTruthy();
-    return ciphertext;
-}
-
-function sendMessage(client: MatrixClient): Promise<ISendEventResponse> {
-    return client.sendMessage(roomId, { msgtype: MsgType.Text, body: "Hello, World" });
-}
-
-async function expectSendMessageRequest(httpBackend: TestClient["httpBackend"]): Promise<IContent> {
-    const path = "/send/m.room.encrypted/";
-    const prom = new Promise<IContent>((resolve) => {
-        httpBackend.when("PUT", path).respond(200, function (_path, content) {
-            resolve(content);
-            return {
-                event_id: "asdfgh",
-            };
-        });
-    });
-
-    // it can take a while to process the key query
-    await httpBackend.flush(path, 1);
-    return prom;
-}
-
-function aliRecvMessage(): Promise<void> {
-    const message = bobMessages.shift()!;
-    return recvMessage(aliTestClient.httpBackend, aliTestClient.client, bobUserId, message);
-}
-
-function bobRecvMessage(): Promise<void> {
-    const message = aliMessages.shift()!;
-    return recvMessage(bobTestClient.httpBackend, bobTestClient.client, aliUserId, message);
-}
-
-async function recvMessage(
-    httpBackend: TestClient["httpBackend"],
-    client: MatrixClient,
-    sender: string,
-    message: IContent,
-): Promise<void> {
-    const syncData = {
-        next_batch: "x",
-        rooms: {
-            join: {
-                [roomId]: {
-                    timeline: {
-                        events: [
-                            testUtils.mkEvent({
-                                type: "m.room.encrypted",
-                                room: roomId,
-                                content: message,
-                                sender: sender,
-                            }),
-                        ],
-                    },
-                },
-            },
-        },
-    };
-    httpBackend.when("GET", "/sync").respond(200, syncData);
-
-    const eventPromise = new Promise<MatrixEvent>((resolve) => {
-        const onEvent = function (event: MatrixEvent) {
-            // ignore the m.room.member events
-            if (event.getType() == "m.room.member") {
-                return;
-            }
-            logger.log(client.credentials.userId + " received event", event);
-
-            client.removeListener(ClientEvent.Event, onEvent);
-            resolve(event);
-        };
-        client.on(ClientEvent.Event, onEvent);
-    });
-
-    await httpBackend.flushAllExpected();
-
-    const preDecryptionEvent = await eventPromise;
-    expect(preDecryptionEvent.isEncrypted()).toBeTruthy();
-    // it may still be being decrypted
-    const event = await testUtils.awaitDecryption(preDecryptionEvent);
-    expect(event.getType()).toEqual("m.room.message");
-    expect(event.getContent()).toMatchObject({
-        msgtype: "m.text",
-        body: "Hello, World",
-    });
-    expect(event.isEncrypted()).toBeTruthy();
-}
-
-/**
- * Send an initial sync response to the client (which just includes the member
- * list for our test room).
- *
- * @returns which resolves when the sync has been flushed.
- */
-function firstSync(testClient: TestClient): Promise<void> {
-    // send a sync response including our test room.
-    const syncData = {
-        next_batch: "x",
-        rooms: {
-            join: {
-                [roomId]: {
-                    state: {
-                        events: [
-                            testUtils.mkMembership({
-                                mship: KnownMembership.Join,
-                                user: aliUserId,
-                            }),
-                            testUtils.mkMembership({
-                                mship: KnownMembership.Join,
-                                user: bobUserId,
-                            }),
-                        ],
-                    },
-                    timeline: {
-                        events: [],
-                    },
-                },
-            },
-        },
-    };
-
-    testClient.httpBackend.when("GET", "/sync").respond(200, syncData);
-    return testClient.flushSync();
-}
-
-describe("MatrixClient crypto", () => {
-    if (!CRYPTO_ENABLED) {
-        return;
-    }
-
-    beforeEach(async () => {
-        aliTestClient = new TestClient(aliUserId, aliDeviceId, aliAccessToken);
-        await aliTestClient.client.initLegacyCrypto();
-
-        bobTestClient = new TestClient(bobUserId, bobDeviceId, bobAccessToken);
-        await bobTestClient.client.initLegacyCrypto();
-
-        aliMessages = [];
-        bobMessages = [];
-    });
-
-    afterEach(() => {
-        aliTestClient.httpBackend.verifyNoOutstandingExpectation();
-        bobTestClient.httpBackend.verifyNoOutstandingExpectation();
-
-        return Promise.all([aliTestClient.stop(), bobTestClient.stop()]);
-    });
-
-    it("Bob uploads device keys", bobUploadsDeviceKeys);
-
-    it("handles failures to upload device keys", async () => {
-        // since device keys are uploaded asynchronously, there's not really much to do here other than fail the
-        // upload.
-        bobTestClient.httpBackend.when("POST", "/keys/upload").fail(0, new Error("bleh"));
-        await bobTestClient.httpBackend.flushAllExpected();
-    });
-
-    it("Ali downloads Bobs device keys", async () => {
-        await bobUploadsDeviceKeys();
-        await aliDownloadsKeys();
-    });
-
-    it("Ali gets keys with an invalid signature", async () => {
-        await bobUploadsDeviceKeys();
-        // tamper bob's keys
-        const bobDeviceKeys = bobTestClient.deviceKeys!;
-        expect(bobDeviceKeys.keys["curve25519:" + bobDeviceId]).toBeTruthy();
-        bobDeviceKeys.keys["curve25519:" + bobDeviceId] += "abc";
-        await Promise.all([aliTestClient.client.downloadKeys([bobUserId]), expectAliQueryKeys()]);
-        const devices = aliTestClient.client.getStoredDevicesForUser(bobUserId);
-        // should get an empty list
-        expect(devices).toEqual([]);
-    });
-
-    it("Ali gets keys with an incorrect userId", async () => {
-        const eveUserId = "@eve:localhost";
-
-        const bobDeviceKeys = {
-            algorithms: ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
-            device_id: "bvcxz",
-            keys: {
-                "ed25519:bvcxz": "pYuWKMCVuaDLRTM/eWuB8OlXEb61gZhfLVJ+Y54tl0Q",
-                "curve25519:bvcxz": "7Gni0loo/nzF0nFp9847RbhElGewzwUXHPrljjBGPTQ",
-            },
-            user_id: "@eve:localhost",
-            signatures: {
-                "@eve:localhost": {
-                    "ed25519:bvcxz":
-                        "CliUPZ7dyVPBxvhSA1d+X+LYa5b2AYdjcTwG" + "0stXcIxjaJNemQqtdgwKDtBFl3pN2I13SEijRDCf1A8bYiQMDg",
-                },
-            },
-        };
-
-        const bobKeys: Record<string, typeof bobDeviceKeys> = {};
-        bobKeys[bobDeviceId] = bobDeviceKeys;
-        aliTestClient.httpBackend.when("POST", "/keys/query").respond(200, { device_keys: { [bobUserId]: bobKeys } });
-
-        await Promise.all([
-            aliTestClient.client.downloadKeys([bobUserId, eveUserId]),
-            aliTestClient.httpBackend.flush("/keys/query", 1),
-        ]);
-        const [bobDevices, eveDevices] = await Promise.all([
-            aliTestClient.client.getStoredDevicesForUser(bobUserId),
-            aliTestClient.client.getStoredDevicesForUser(eveUserId),
-        ]);
-        // should get an empty list
-        expect(bobDevices).toEqual([]);
-        expect(eveDevices).toEqual([]);
-    });
-
-    it("Ali gets keys with an incorrect deviceId", async () => {
-        const bobDeviceKeys = {
-            algorithms: ["m.olm.v1.curve25519-aes-sha2", "m.megolm.v1.aes-sha2"],
-            device_id: "bad_device",
-            keys: {
-                "ed25519:bad_device": "e8XlY5V8x2yJcwa5xpSzeC/QVOrU+D5qBgyTK0ko+f0",
-                "curve25519:bad_device": "YxuuLG/4L5xGeP8XPl5h0d7DzyYVcof7J7do+OXz0xc",
-            },
-            user_id: "@bob:localhost",
-            signatures: {
-                "@bob:localhost": {
-                    "ed25519:bad_device":
-                        "fEFTq67RaSoIEVBJ8DtmRovbwUBKJ0A" + "me9m9PDzM9azPUwZ38Xvf6vv1A7W1PSafH4z3Y2ORIyEnZgHaNby3CQ",
-                },
-            },
-        };
-
-        const bobKeys: Record<string, typeof bobDeviceKeys> = {};
-        bobKeys[bobDeviceId] = bobDeviceKeys;
-        aliTestClient.httpBackend.when("POST", "/keys/query").respond(200, { device_keys: { [bobUserId]: bobKeys } });
-
-        await Promise.all([
-            aliTestClient.client.downloadKeys([bobUserId]),
-            aliTestClient.httpBackend.flush("/keys/query", 1),
-        ]);
-        const devices = aliTestClient.client.getStoredDevicesForUser(bobUserId);
-        // should get an empty list
-        expect(devices).toEqual([]);
-    });
-
-    it("Bob starts his client and uploads device keys and one-time keys", async () => {
-        await bobTestClient.start();
-        const keys = await bobTestClient.awaitOneTimeKeyUpload();
-        expect(Object.keys(keys).length).toEqual(5);
-        expect(Object.keys(bobTestClient.deviceKeys!).length).not.toEqual(0);
-    });
-
-    it("Ali sends a message", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        await firstSync(aliTestClient);
-        await aliEnablesEncryption();
-        await aliSendsFirstMessage();
-    });
-
-    it("Bob receives a message", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
-        await firstSync(aliTestClient);
-        await aliEnablesEncryption();
-        await aliSendsFirstMessage();
-        await bobRecvMessage();
-    });
-
-    it("Bob receives a message with a bogus sender", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
-        await firstSync(aliTestClient);
-        await aliEnablesEncryption();
-        await aliSendsFirstMessage();
-        const message = aliMessages.shift()!;
-        const syncData = {
-            next_batch: "x",
-            rooms: {
-                join: {
-                    [roomId]: {
-                        timeline: {
-                            events: [
-                                testUtils.mkEvent({
-                                    type: "m.room.encrypted",
-                                    room: roomId,
-                                    content: message,
-                                    sender: "@bogus:sender",
-                                }),
-                            ],
-                        },
-                    },
-                },
-            },
-        };
-        bobTestClient.httpBackend.when("GET", "/sync").respond(200, syncData);
-
-        const eventPromise = new Promise<MatrixEvent>((resolve) => {
-            const onEvent = function (event: MatrixEvent) {
-                logger.log(bobUserId + " received event", event);
-                resolve(event);
-            };
-            bobTestClient.client.once(ClientEvent.Event, onEvent);
-        });
-        await bobTestClient.httpBackend.flushAllExpected();
-        const preDecryptionEvent = await eventPromise;
-        expect(preDecryptionEvent.isEncrypted()).toBeTruthy();
-        // it may still be being decrypted
-        const event = await testUtils.awaitDecryption(preDecryptionEvent);
-        expect(event.getType()).toEqual("m.room.message");
-        expect(event.getContent().msgtype).toEqual("m.bad.encrypted");
-    });
-
-    it("Ali blocks Bob's device", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        await firstSync(aliTestClient);
-        await aliEnablesEncryption();
-        await aliDownloadsKeys();
-        aliTestClient.client.setDeviceBlocked(bobUserId, bobDeviceId, true);
-        const p1 = sendMessage(aliTestClient.client);
-        const p2 = expectSendMessageRequest(aliTestClient.httpBackend).then(function (sentContent) {
-            // no unblocked devices, so the ciphertext should be empty
-            expect(sentContent.ciphertext).toEqual({});
-        });
-        await Promise.all([p1, p2]);
-    });
-
-    it("Bob receives two pre-key messages", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        bobTestClient.client.crypto!.deviceList.downloadKeys = () => Promise.resolve(new Map());
-        await firstSync(aliTestClient);
-        await aliEnablesEncryption();
-        await aliSendsFirstMessage();
-        await bobRecvMessage();
-        await aliSendsMessage();
-        await bobRecvMessage();
-    });
-
-    it("Bob replies to the message", async () => {
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        bobTestClient.expectKeyQuery({ device_keys: { [bobUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await bobTestClient.start();
-        await firstSync(aliTestClient);
-        await firstSync(bobTestClient);
-        await aliEnablesEncryption();
-        await aliSendsFirstMessage();
-        bobTestClient.httpBackend.when("POST", "/keys/query").respond(200, {});
-        await bobRecvMessage();
-        await bobEnablesEncryption();
-        const ciphertext = await bobSendsReplyMessage();
-        expect(ciphertext.type).toEqual(1);
-        await aliRecvMessage();
-    });
-
-    it("Ali does a key query when encryption is enabled", async () => {
-        // enabling encryption in the room should make alice download devices
-        // for both members.
-        aliTestClient.expectKeyQuery({ device_keys: { [aliUserId]: {} }, failures: {} });
-        await aliTestClient.start();
-        await firstSync(aliTestClient);
-        const syncData = {
-            next_batch: "2",
-            rooms: {
-                join: {
-                    [roomId]: {
-                        state: {
-                            events: [
-                                testUtils.mkEvent({
-                                    type: "m.room.encryption",
-                                    skey: "",
-                                    content: {
-                                        algorithm: "m.olm.v1.curve25519-aes-sha2",
-                                    },
-                                }),
-                            ],
-                        },
-                    },
-                },
-            },
-        };
-
-        aliTestClient.httpBackend.when("GET", "/sync").respond(200, syncData);
-        await aliTestClient.httpBackend.flush("/sync", 1);
-        aliTestClient.expectKeyQuery({
-            device_keys: {
-                [bobUserId]: {},
-            },
-            failures: {},
-        });
-        await aliTestClient.httpBackend.flushAllExpected();
-    });
-
-    it("Upload new oneTimeKeys based on a /sync request - no count-asking", async () => {
-        // Send a response which causes a key upload
-        const httpBackend = aliTestClient.httpBackend;
-        const syncDataEmpty = {
-            next_batch: "a",
-            device_one_time_keys_count: {
-                signed_curve25519: 0,
-            },
-        };
-
-        // enqueue expectations:
-        // * Sync with empty one_time_keys => upload keys
-
-        logger.log(aliTestClient + ": starting");
-        httpBackend.when("GET", "/versions").respond(200, {});
-        httpBackend.when("GET", "/pushrules").respond(200, {});
-        httpBackend.when("POST", "/filter").respond(200, { filter_id: "fid" });
-        aliTestClient.expectDeviceKeyUpload();
-
-        // we let the client do a very basic initial sync, which it needs before
-        // it will upload one-time keys.
-        httpBackend.when("GET", "/sync").respond(200, syncDataEmpty);
-
-        await Promise.all([aliTestClient.client.startClient({}), httpBackend.flushAllExpected()]);
-        logger.log(aliTestClient + ": started");
-        httpBackend.when("POST", "/keys/upload").respond(200, (_path, content: IUploadKeysRequest) => {
-            expect(content.one_time_keys).toBeTruthy();
-            expect(content.one_time_keys).not.toEqual({});
-            expect(Object.keys(content.one_time_keys!).length).toBeGreaterThanOrEqual(1);
-            // cancel futher calls by telling the client
-            // we have more than we need
-            return {
-                one_time_key_counts: {
-                    signed_curve25519: 70,
-                },
-            };
-        });
-        await httpBackend.flushAllExpected();
-    });
-
-    it("Checks for outgoing room key requests for a given event's session", async () => {
-        const eventA0 = new MatrixEvent({
-            sender: "@bob:example.com",
-            room_id: "!someroom",
-            content: {
-                algorithm: "m.megolm.v1.aes-sha2",
-                session_id: "sessionid",
-                sender_key: "senderkey",
-            },
-        });
-        const eventA1 = new MatrixEvent({
-            sender: "@bob:example.com",
-            room_id: "!someroom",
-            content: {
-                algorithm: "m.megolm.v1.aes-sha2",
-                session_id: "sessionid",
-                sender_key: "senderkey",
-            },
-        });
-        const eventB = new MatrixEvent({
-            sender: "@bob:example.com",
-            room_id: "!someroom",
-            content: {
-                algorithm: "m.megolm.v1.aes-sha2",
-                session_id: "othersessionid",
-                sender_key: "senderkey",
-            },
-        });
-        const nonEncryptedEvent = new MatrixEvent({
-            sender: "@bob:example.com",
-            room_id: "!someroom",
-            content: {},
-        });
-
-        aliTestClient.client.crypto?.onSyncCompleted({});
-        await aliTestClient.client.cancelAndResendEventRoomKeyRequest(eventA0);
-        expect(await aliTestClient.client.getOutgoingRoomKeyRequest(eventA1)).not.toBeNull();
-        expect(await aliTestClient.client.getOutgoingRoomKeyRequest(eventB)).toBeNull();
-        expect(await aliTestClient.client.getOutgoingRoomKeyRequest(nonEncryptedEvent)).toBeNull();
-    });
-});

spec/integ/crypto/olm-utils.ts

@@ -16,12 +16,23 @@ limitations under the License.
 
 import Olm from "@matrix-org/olm";
 import anotherjson from "another-json";
+import fetchMock from "@fetch-mock/vitest";
+import { type RouteResponse } from "fetch-mock";
 
-import { IContent, IDeviceKeys, IDownloadKeyResult, IEvent, Keys, MatrixClient, SigningKeys } from "../../../src";
-import { IE2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
-import { ISyncResponder } from "../../test-utils/SyncResponder";
+import {
+    type IContent,
+    type IDeviceKeys,
+    type IDownloadKeyResult,
+    type IEvent,
+    type Keys,
+    type MatrixClient,
+    type SigningKeys,
+} from "../../../src";
+import { type IE2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+import { type ISyncResponder } from "../../test-utils/SyncResponder";
 import { syncPromise } from "../../test-utils/test-utils";
-import { KeyBackupInfo } from "../../../src/crypto-api";
+import { type KeyBackupInfo } from "../../../src/crypto-api";
+import { logger } from "../../../src/logger";
 
 /**
  * @module
@@ -85,15 +96,15 @@ export function bootstrapCrossSigningTestOlmAccount(
     deviceId: string,
     keyBackupInfo: KeyBackupInfo[] = [],
 ): Partial<IDownloadKeyResult> {
-    const olmAliceMSK = new globalThis.Olm.PkSigning();
+    const olmAliceMSK = new Olm.PkSigning();
     const masterPrivkey = olmAliceMSK.generate_seed();
     const masterPubkey = olmAliceMSK.init_with_seed(masterPrivkey);
 
-    const olmAliceUSK = new globalThis.Olm.PkSigning();
+    const olmAliceUSK = new Olm.PkSigning();
     const userPrivkey = olmAliceUSK.generate_seed();
     const userPubkey = olmAliceUSK.init_with_seed(userPrivkey);
 
-    const olmAliceSSK = new globalThis.Olm.PkSigning();
+    const olmAliceSSK = new Olm.PkSigning();
     const sskPrivkey = olmAliceSSK.generate_seed();
     const sskPubkey = olmAliceSSK.init_with_seed(sskPrivkey);
 
@@ -181,7 +192,7 @@ export async function createOlmSession(
     const otkId = Object.keys(keys)[0];
     const otk = keys[otkId];
 
-    const session = new globalThis.Olm.Session();
+    const session = new Olm.Session();
     session.create_outbound(olmAccount, recipientTestClient.getDeviceKey(), otk.key);
     return session;
 }
@@ -294,6 +305,9 @@ export function encryptMegolmEventRawPlainText(opts: {
         },
         type: "m.room.encrypted",
         unsigned: {},
+        state_key: opts.plaintext.hasOwnProperty("state_key")
+            ? `${opts.plaintext.type}:${opts.plaintext.state_key}`
+            : undefined,
     };
 }
 
@@ -406,3 +420,128 @@ export async function establishOlmSession(
     await syncPromise(testClient);
     return p2pSession;
 }
+
+/**
+ * Expect that the client shares keys with the given recipient
+ *
+ * Waits for an HTTP request to send the encrypted m.room_key to-device message; decrypts it and uses it
+ * to establish an Olm InboundGroupSession.
+ *
+ * @param recipientUserID - the user id of the expected recipient
+ *
+ * @param recipientOlmAccount - Olm.Account for the recipient
+ *
+ * @param recipientOlmSession - an Olm.Session for the recipient, which must already have exchanged pre-key
+ *    messages with the sender. Alternatively, null, in which case we will expect a pre-key message.
+ *
+ * @returns the established inbound group session
+ */
+export async function expectSendRoomKey(
+    recipientUserID: string,
+    recipientOlmAccount: Olm.Account,
+    recipientOlmSession: Olm.Session | null = null,
+): Promise<Olm.InboundGroupSession> {
+    const testRecipientKey = JSON.parse(recipientOlmAccount.identity_keys())["curve25519"];
+
+    function onSendRoomKey(content: any): Olm.InboundGroupSession {
+        const m = content.messages[recipientUserID].DEVICE_ID;
+        const ct = m.ciphertext[testRecipientKey];
+
+        if (!recipientOlmSession) {
+            expect(ct.type).toEqual(0); // pre-key message
+            recipientOlmSession = new Olm.Session();
+            recipientOlmSession.create_inbound(recipientOlmAccount, ct.body);
+        } else {
+            expect(ct.type).toEqual(1); // regular message
+        }
+
+        const decrypted = JSON.parse(recipientOlmSession.decrypt(ct.type, ct.body));
+        expect(decrypted.type).toEqual("m.room_key");
+        const inboundGroupSession = new Olm.InboundGroupSession();
+        inboundGroupSession.create(decrypted.content.session_key);
+        return inboundGroupSession;
+    }
+    return await new Promise<Olm.InboundGroupSession>((resolve) => {
+        fetchMock.putOnce(new RegExp("/sendToDevice/m.room.encrypted/"), (callLog): RouteResponse => {
+            const content = JSON.parse(callLog.options.body as string);
+            resolve(onSendRoomKey(content));
+            return {};
+        });
+    });
+}
+
+/**
+ * Return the event received on rooms/{roomId}/send/m.room.encrypted endpoint.
+ * See https://spec.matrix.org/latest/client-server-api/#put_matrixclientv3roomsroomidsendeventtypetxnid
+ * @returns the content of the encrypted event
+ */
+export function expectEncryptedSendMessageEvent() {
+    return new Promise<IContent>((resolve) => {
+        fetchMock.putOnce(new RegExp("/send/m.room.encrypted/"), (callLog) => {
+            const content = JSON.parse(callLog.options.body as string);
+            resolve(content);
+            return { event_id: "$event_id" };
+        });
+    });
+}
+
+/**
+ * Return the event received on rooms/{roomId}/state/m.room.encrypted/{stateKey} endpoint.
+ * See https://spec.matrix.org/latest/client-server-api/#put_matrixclientv3roomsroomidstateeventtypestatekey
+ * @returns the content of the encrypted event
+ */
+function expectEncryptedSendStateEvent() {
+    return new Promise<IContent>((resolve) => {
+        fetchMock.putOnce(new RegExp("/state/m.room.encrypted/"), (callLog) => {
+            const content = JSON.parse(callLog.options.body as string);
+            resolve(content);
+            return { event_id: "$event_id" };
+        });
+    });
+}
+
+/**
+ * Expect that the client sends an encrypted message event
+ *
+ * Waits for an HTTP request to send an encrypted message in the test room.
+ *
+ * @param inboundGroupSessionPromise - a promise for an Olm InboundGroupSession, which will
+ *    be used to decrypt the event. We will wait for this to resolve once the HTTP request has been processed.
+ *
+ * @returns The content of the successfully-decrypted event
+ */
+export async function expectSendMegolmMessageEvent(
+    inboundGroupSessionPromise: Promise<Olm.InboundGroupSession>,
+): Promise<Partial<IEvent>> {
+    const encryptedMessageContent = await expectEncryptedSendMessageEvent();
+
+    // In some of the tests, the room key is sent *after* the actual event, so we may need to wait for it now.
+    const inboundGroupSession = await inboundGroupSessionPromise;
+
+    const r: any = inboundGroupSession.decrypt(encryptedMessageContent!.ciphertext);
+    logger.log("Decrypted received megolm message", r);
+    return JSON.parse(r.plaintext);
+}
+
+/**
+ * Expect that the client sends an encrypted state event
+ *
+ * Waits for an HTTP request to send an encrypted state event in the test room.
+ *
+ * @param inboundGroupSessionPromise - a promise for an Olm InboundGroupSession, which will
+ *    be used to decrypt the event. We will wait for this to resolve once the HTTP request has been processed.
+ *
+ * @returns The content of the successfully-decrypted state event
+ */
+export async function expectSendMegolmStateEvent(
+    inboundGroupSessionPromise: Promise<Olm.InboundGroupSession>,
+): Promise<Partial<IEvent>> {
+    const encryptedStateContent = await expectEncryptedSendStateEvent();
+
+    // In some of the tests, the room key is sent *after* the actual event, so we may need to wait for it now.
+    const inboundGroupSession = await inboundGroupSessionPromise;
+
+    const r: any = inboundGroupSession.decrypt(encryptedStateContent!.ciphertext);
+    logger.log("Decrypted received megolm state event", r);
+    return JSON.parse(r.plaintext);
+}

spec/integ/crypto/rust-crypto.spec.ts

@@ -16,16 +16,17 @@ limitations under the License.
 
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 
-import { createClient, CryptoEvent, IndexedDBCryptoStore } from "../../../src";
+import { createClient, IndexedDBCryptoStore } from "../../../src";
 import { populateStore } from "../../test-utils/test_indexeddb_cryptostore_dump";
 import { MSK_NOT_CACHED_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/no_cached_msk_dump";
 import { IDENTITY_NOT_TRUSTED_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/unverified";
 import { FULL_ACCOUNT_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/full_account";
 import { EMPTY_ACCOUNT_DATASET } from "../../test-utils/test_indexeddb_cryptostore_dump/empty_account";
+import { CryptoEvent } from "../../../src/crypto-api";
 
-jest.setTimeout(15000);
+vi.setConfig({ testTimeout: 15000 });
 
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -66,6 +67,23 @@ describe("MatrixClient.initRustCrypto", () => {
         expect(databaseNames).toEqual(expect.arrayContaining(["matrix-js-sdk::matrix-sdk-crypto"]));
     });
 
+    it("should create the indexed db with a custom prefix", async () => {
+        const matrixClient = createClient({
+            baseUrl: "http://test.server",
+            userId: "@alice:localhost",
+            deviceId: "aliceDevice",
+        });
+
+        // No databases.
+        expect(await indexedDB.databases()).toHaveLength(0);
+
+        await matrixClient.initRustCrypto({ cryptoDatabasePrefix: "my-prefix" });
+
+        // should have an indexed db now
+        const databaseNames = (await indexedDB.databases()).map((db) => db.name);
+        expect(databaseNames).toEqual(expect.arrayContaining(["my-prefix::matrix-sdk-crypto"]));
+    });
+
     it("should create the meta db if given a storageKey", async () => {
         const matrixClient = createClient({
             baseUrl: "http://test.server",
@@ -104,6 +122,7 @@ describe("MatrixClient.initRustCrypto", () => {
         );
     });
 
+    // eslint-disable-next-line @vitest/expect-expect
     it("should ignore a second call", async () => {
         const matrixClient = createClient({
             baseUrl: "http://test.server",
@@ -116,10 +135,6 @@ describe("MatrixClient.initRustCrypto", () => {
     });
 
     describe("Libolm Migration", () => {
-        beforeEach(() => {
-            fetchMock.reset();
-        });
-
         it("should migrate from libolm", async () => {
             fetchMock.get("path:/_matrix/client/v3/room_keys/version", FULL_ACCOUNT_DATASET.backupResponse);
 
@@ -137,7 +152,7 @@ describe("MatrixClient.initRustCrypto", () => {
                 pickleKey: FULL_ACCOUNT_DATASET.pickleKey,
             });
 
-            const progressListener = jest.fn();
+            const progressListener = vi.fn();
             matrixClient.addListener(CryptoEvent.LegacyCryptoStoreMigrationProgress, progressListener);
 
             await matrixClient.initRustCrypto();
@@ -308,7 +323,7 @@ describe("MatrixClient.initRustCrypto", () => {
             });
 
             // When we start Rust crypto, potentially triggering an upgrade
-            const progressListener = jest.fn();
+            const progressListener = vi.fn();
             matrixClient.addListener(CryptoEvent.LegacyCryptoStoreMigrationProgress, progressListener);
 
             await matrixClient.initRustCrypto();
@@ -460,6 +475,7 @@ describe("MatrixClient.clearStores", () => {
         expect(await indexedDB.databases()).toHaveLength(0);
     });
 
+    // eslint-disable-next-line @vitest/expect-expect
     it("should not fail in environments without indexedDB", async () => {
         // eslint-disable-next-line no-global-assign
         indexedDB = undefined!;
@@ -474,4 +490,22 @@ describe("MatrixClient.clearStores", () => {
         await matrixClient.clearStores();
         // No error thrown in clearStores
     });
+
+    it("should clear the indexeddbs with a custom prefix", async () => {
+        const matrixClient = createClient({
+            baseUrl: "http://test.server",
+            userId: "@alice:localhost",
+            deviceId: "aliceDevice",
+        });
+
+        // No databases.
+        expect(await indexedDB.databases()).toHaveLength(0);
+
+        await matrixClient.initRustCrypto({ cryptoDatabasePrefix: "my-prefix" });
+        expect(await indexedDB.databases()).toHaveLength(1);
+        await matrixClient.stopClient();
+
+        await matrixClient.clearStores({ cryptoDatabasePrefix: "my-prefix" });
+        expect(await indexedDB.databases()).toHaveLength(0);
+    });
 });

spec/integ/crypto/state-events.spec.ts

@@ -0,0 +1,221 @@
+/*
+Copyright 2025 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import anotherjson from "another-json";
+import fetchMock from "@fetch-mock/vitest";
+import "fake-indexeddb/auto";
+import Olm from "@matrix-org/olm";
+
+import * as testUtils from "../../test-utils/test-utils";
+import { getSyncResponse, syncPromise } from "../../test-utils/test-utils";
+import { TEST_ROOM_ID as ROOM_ID } from "../../test-utils/test-data";
+import { logger } from "../../../src/logger";
+import {
+    createClient,
+    HistoryVisibility,
+    PendingEventOrdering,
+    type IStartClientOpts,
+    type MatrixClient,
+} from "../../../src/matrix";
+import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
+import { type ISyncResponder, SyncResponder } from "../../test-utils/SyncResponder";
+import {
+    createOlmAccount,
+    createOlmSession,
+    encryptGroupSessionKey,
+    encryptMegolmEvent,
+    getTestOlmAccountKeys,
+    expectSendRoomKey,
+    expectSendMegolmStateEvent,
+} from "./olm-utils";
+import { mockInitialApiRequests } from "../../test-utils/mockEndpoints";
+
+describe("Encrypted State Events", () => {
+    let testOlmAccount = {} as unknown as Olm.Account;
+    let testSenderKey = "";
+
+    /** the MatrixClient under test */
+    let aliceClient: MatrixClient;
+
+    /** an object which intercepts `/keys/upload` requests from {@link #aliceClient} to catch the uploaded keys */
+    let keyReceiver: E2EKeyReceiver;
+
+    /** an object which intercepts `/sync` requests from {@link #aliceClient} */
+    let syncResponder: ISyncResponder;
+
+    async function startClientAndAwaitFirstSync(opts: IStartClientOpts = {}): Promise<void> {
+        logger.log(aliceClient.getUserId() + ": starting");
+
+        mockInitialApiRequests(aliceClient.getHomeserverUrl());
+
+        // we let the client do a very basic initial sync, which it needs before
+        // it will upload one-time keys.
+        syncResponder.sendOrQueueSyncResponse({ next_batch: 1 });
+
+        aliceClient.startClient({
+            // set this so that we can get hold of failed events
+            pendingEventOrdering: PendingEventOrdering.Detached,
+            ...opts,
+        });
+
+        await syncPromise(aliceClient);
+        logger.log(aliceClient.getUserId() + ": started");
+    }
+
+    beforeEach(async () => {
+        fetchMock.catch(404);
+
+        const homeserverUrl = "https://alice-server.com";
+        aliceClient = createClient({
+            baseUrl: homeserverUrl,
+            userId: "@alice:localhost",
+            accessToken: "akjgkrgjs",
+            deviceId: "xzcvb",
+            logger: logger.getChild("aliceClient"),
+            enableEncryptedStateEvents: true,
+        });
+
+        keyReceiver = new E2EKeyReceiver(homeserverUrl);
+        syncResponder = new SyncResponder(homeserverUrl);
+
+        await aliceClient.initRustCrypto();
+
+        // create a test olm device which we will use to communicate with alice. We use libolm to implement this.
+        testOlmAccount = await createOlmAccount();
+        const testE2eKeys = JSON.parse(testOlmAccount.identity_keys());
+        testSenderKey = testE2eKeys.curve25519;
+    }, 10000);
+
+    afterEach(async () => {
+        aliceClient.stopClient();
+    });
+
+    function expectAliceKeyQuery(response: any) {
+        fetchMock.postOnce(new RegExp("/keys/query"), (callLog) => response);
+    }
+
+    function expectAliceKeyClaim(response: any) {
+        fetchMock.postOnce(new RegExp("/keys/claim"), response);
+    }
+
+    function getTestKeysClaimResponse(userId: string) {
+        testOlmAccount.generate_one_time_keys(1);
+        const testOneTimeKeys = JSON.parse(testOlmAccount.one_time_keys());
+        testOlmAccount.mark_keys_as_published();
+
+        const keyId = Object.keys(testOneTimeKeys.curve25519)[0];
+        const oneTimeKey: string = testOneTimeKeys.curve25519[keyId];
+        const unsignedKeyResult = { key: oneTimeKey };
+        const j = anotherjson.stringify(unsignedKeyResult);
+        const sig = testOlmAccount.sign(j);
+        const keyResult = {
+            ...unsignedKeyResult,
+            signatures: { [userId]: { "ed25519:DEVICE_ID": sig } },
+        };
+
+        return {
+            one_time_keys: { [userId]: { DEVICE_ID: { ["signed_curve25519:" + keyId]: keyResult } } },
+            failures: {},
+        };
+    }
+
+    it("Should receive an encrypted state event", async () => {
+        expectAliceKeyQuery({ device_keys: { "@alice:localhost": {} }, failures: {} });
+        await startClientAndAwaitFirstSync();
+
+        const p2pSession = await createOlmSession(testOlmAccount, keyReceiver);
+        const groupSession = new Olm.OutboundGroupSession();
+        groupSession.create();
+
+        // make the room_key event
+        const roomKeyEncrypted = encryptGroupSessionKey({
+            recipient: aliceClient.getUserId()!,
+            recipientCurve25519Key: keyReceiver.getDeviceKey(),
+            recipientEd25519Key: keyReceiver.getSigningKey(),
+            olmAccount: testOlmAccount,
+            p2pSession: p2pSession,
+            groupSession: groupSession,
+            room_id: ROOM_ID,
+        });
+
+        // encrypt a state event with the group session
+        const eventEncrypted = encryptMegolmEvent({
+            senderKey: testSenderKey,
+            groupSession: groupSession,
+            room_id: ROOM_ID,
+            plaintext: {
+                type: "m.room.topic",
+                state_key: "",
+                content: {
+                    topic: "Secret!",
+                },
+            },
+        });
+
+        // Alice gets both the events in a single sync
+        const syncResponse = {
+            next_batch: 1,
+            to_device: {
+                events: [roomKeyEncrypted],
+            },
+            rooms: {
+                join: {
+                    [ROOM_ID]: { timeline: { events: [eventEncrypted] } },
+                },
+            },
+        };
+
+        syncResponder.sendOrQueueSyncResponse(syncResponse);
+        await syncPromise(aliceClient);
+
+        const room = aliceClient.getRoom(ROOM_ID)!;
+        const event = room.getLiveTimeline().getEvents()[0];
+        expect(event.isEncrypted()).toBe(true);
+
+        // it probably won't be decrypted yet, because it takes a while to process the olm keys
+        const decryptedEvent = await testUtils.awaitDecryption(event, { waitOnDecryptionFailure: true });
+        expect(decryptedEvent.getContent().topic).toEqual("Secret!");
+    });
+
+    // eslint-disable-next-line @vitest/expect-expect
+    it("Should send an encrypted state event", async () => {
+        const homeserverUrl = aliceClient.getHomeserverUrl();
+        const keyResponder = new E2EKeyResponder(homeserverUrl);
+        keyResponder.addKeyReceiver("@alice:localhost", keyReceiver);
+
+        const testDeviceKeys = getTestOlmAccountKeys(testOlmAccount, "@bob:xyz", "DEVICE_ID");
+        keyResponder.addDeviceKeys(testDeviceKeys);
+
+        await startClientAndAwaitFirstSync();
+
+        // Alice shares a room with Bob
+        syncResponder.sendOrQueueSyncResponse(getSyncResponse(["@bob:xyz"], HistoryVisibility.Joined, ROOM_ID, true));
+        await syncPromise(aliceClient);
+
+        // ... and claim one of Bob's OTKs ...
+        expectAliceKeyClaim(getTestKeysClaimResponse("@bob:xyz"));
+
+        // ... and send an m.room.topic message
+        const inboundGroupSessionPromise = expectSendRoomKey("@bob:xyz", testOlmAccount);
+
+        // Finally, send the message, and expect to get an `m.room.encrypted` event that we can decrypt.
+        await Promise.all([
+            aliceClient.setRoomTopic(ROOM_ID, "Secret!"),
+            expectSendMegolmStateEvent(inboundGroupSessionPromise),
+        ]);
+    });
+});

spec/integ/crypto/to-device-messages.spec.ts

@@ -14,16 +14,25 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 import "fake-indexeddb/auto";
 import { IDBFactory } from "fake-indexeddb";
+import Olm from "@matrix-org/olm";
 
-import { CRYPTO_BACKENDS, getSyncResponse, InitCrypto, syncPromise } from "../../test-utils/test-utils";
-import { createClient, MatrixClient } from "../../../src";
+import { getSyncResponse, syncPromise } from "../../test-utils/test-utils";
+import {
+    ClientEvent,
+    createClient,
+    type IToDeviceEvent,
+    type MatrixClient,
+    type MatrixEvent,
+    type ReceivedToDeviceMessage,
+} from "../../../src";
 import * as testData from "../../test-utils/test-data";
 import { E2EKeyResponder } from "../../test-utils/E2EKeyResponder";
 import { SyncResponder } from "../../test-utils/SyncResponder";
 import { E2EKeyReceiver } from "../../test-utils/E2EKeyReceiver";
+import { encryptOlmEvent, establishOlmSession, getTestOlmAccountKeys } from "./olm-utils.ts";
 
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
@@ -38,17 +47,18 @@ afterEach(() => {
  * These tests work by intercepting HTTP requests via fetch-mock rather than mocking out bits of the client, so as
  * to provide the most effective integration tests possible.
  */
-describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backend: string, initCrypto: InitCrypto) => {
+describe("to-device-messages", () => {
     let aliceClient: MatrixClient;
 
     /** an object which intercepts `/keys/query` requests on the test homeserver */
     let e2eKeyResponder: E2EKeyResponder;
+    let e2eKeyReceiver: E2EKeyReceiver;
+    let syncResponder: SyncResponder;
 
     beforeEach(
         async () => {
             // anything that we don't have a specific matcher for silently returns a 404
             fetchMock.catch(404);
-            fetchMock.config.warnOnFallback = false;
 
             const homeserverUrl = "https://server.com";
             aliceClient = createClient({
@@ -59,8 +69,8 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backe
             });
 
             e2eKeyResponder = new E2EKeyResponder(homeserverUrl);
-            new E2EKeyReceiver(homeserverUrl);
-            const syncResponder = new SyncResponder(homeserverUrl);
+            e2eKeyReceiver = new E2EKeyReceiver(homeserverUrl);
+            syncResponder = new SyncResponder(homeserverUrl);
 
             // add bob as known user
             syncResponder.sendOrQueueSyncResponse(getSyncResponse([testData.BOB_TEST_USER_ID]));
@@ -81,7 +91,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backe
                 { filter_id: "fid" },
             );
 
-            await initCrypto(aliceClient);
+            await aliceClient.initRustCrypto();
         },
         /* it can take a while to initialise the crypto library on the first pass, so bump up the timeout. */
         10000,
@@ -89,7 +99,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backe
 
     afterEach(async () => {
         aliceClient.stopClient();
-        fetchMock.mockReset();
     });
 
     describe("encryptToDeviceMessages", () => {
@@ -149,4 +158,111 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("to-device-messages (%s)", (backe
             // for future: check that bob's device can decrypt the ciphertext?
         });
     });
+
+    describe("receive to-device-messages", () => {
+        it("Should receive decrypted to-device message via ClientEvent", async () => {
+            // create a test olm device which we will use to communicate with alice. We use libolm to implement this.
+            await Olm.init();
+            const testOlmAccount = new Olm.Account();
+            testOlmAccount.create();
+
+            const testDeviceKeys = getTestOlmAccountKeys(testOlmAccount, "@bob:xyz", "DEVICE_ID");
+            e2eKeyResponder.addDeviceKeys(testDeviceKeys);
+
+            await aliceClient.startClient();
+            await syncPromise(aliceClient);
+
+            syncResponder.sendOrQueueSyncResponse(getSyncResponse(["@bob:xyz"]));
+            await syncPromise(aliceClient);
+
+            const p2pSession = await establishOlmSession(aliceClient, e2eKeyReceiver, syncResponder, testOlmAccount);
+
+            const toDeviceEvent = encryptOlmEvent({
+                sender: "@bob:xyz",
+                senderKey: testDeviceKeys.keys[`curve25519:DEVICE_ID`],
+                senderSigningKey: testDeviceKeys.keys[`ed25519:DEVICE_ID`],
+                p2pSession: p2pSession,
+                recipient: aliceClient.getUserId()!,
+                recipientCurve25519Key: e2eKeyReceiver.getDeviceKey(),
+                recipientEd25519Key: e2eKeyReceiver.getSigningKey(),
+                plaincontent: {
+                    body: "foo",
+                },
+                plaintype: "m.test.type",
+            });
+
+            const processedToDeviceResolver: PromiseWithResolvers<ReceivedToDeviceMessage> = Promise.withResolvers();
+
+            aliceClient.on(ClientEvent.ReceivedToDeviceMessage, (payload) => {
+                processedToDeviceResolver.resolve(payload);
+            });
+
+            const oldToDeviceResolver: PromiseWithResolvers<MatrixEvent> = Promise.withResolvers();
+
+            aliceClient.on(ClientEvent.ToDeviceEvent, (event) => {
+                oldToDeviceResolver.resolve(event);
+            });
+
+            expect(toDeviceEvent.type).toBe("m.room.encrypted");
+
+            syncResponder.sendOrQueueSyncResponse({ to_device: { events: [toDeviceEvent] } });
+            await syncPromise(aliceClient);
+
+            const { message, encryptionInfo } = await processedToDeviceResolver.promise;
+
+            expect(message.type).toBe("m.test.type");
+            expect(message.content["body"]).toBe("foo");
+
+            expect(encryptionInfo).not.toBeNull();
+            expect(encryptionInfo!.senderVerified).toBe(false);
+            expect(encryptionInfo!.sender).toBe("@bob:xyz");
+            expect(encryptionInfo!.senderDevice).toBe("DEVICE_ID");
+
+            const oldFormat = await oldToDeviceResolver.promise;
+            expect(oldFormat.isEncrypted()).toBe(true);
+            expect(oldFormat.getType()).toBe("m.test.type");
+            expect(oldFormat.getContent()["body"]).toBe("foo");
+        });
+
+        it("Should receive clear to-device message via ClientEvent", async () => {
+            await aliceClient.startClient();
+            await syncPromise(aliceClient);
+
+            const toDeviceEvent: IToDeviceEvent = {
+                sender: "@bob:xyz",
+                type: "m.test.type",
+                content: {
+                    body: "foo",
+                },
+            };
+
+            const processedToDeviceResolver: PromiseWithResolvers<ReceivedToDeviceMessage> = Promise.withResolvers();
+
+            aliceClient.on(ClientEvent.ReceivedToDeviceMessage, (payload) => {
+                processedToDeviceResolver.resolve(payload);
+            });
+
+            const oldToDeviceResolver: PromiseWithResolvers<MatrixEvent> = Promise.withResolvers();
+
+            aliceClient.on(ClientEvent.ToDeviceEvent, (event) => {
+                oldToDeviceResolver.resolve(event);
+            });
+
+            syncResponder.sendOrQueueSyncResponse({ to_device: { events: [toDeviceEvent] } });
+            await syncPromise(aliceClient);
+
+            const { message, encryptionInfo } = await processedToDeviceResolver.promise;
+
+            expect(message.type).toBe("m.test.type");
+            expect(message.content["body"]).toBe("foo");
+
+            // When the message is not encrypted, we don't have the encryptionInfo.
+            expect(encryptionInfo).toBeNull();
+
+            const oldFormat = await oldToDeviceResolver.promise;
+            expect(oldFormat.isEncrypted()).toBe(false);
+            expect(oldFormat.getType()).toBe("m.test.type");
+            expect(oldFormat.getContent()["body"]).toBe("foo");
+        });
+    });
 });

spec/integ/crypto/verification.spec.ts

@@ -17,42 +17,37 @@ limitations under the License.
 import "fake-indexeddb/auto";
 
 import anotherjson from "another-json";
-import FetchMock from "fetch-mock";
-import fetchMock from "fetch-mock-jest";
+import debug from "debug";
+import fetchMock from "@fetch-mock/vitest";
+import { type RouteResponse } from "fetch-mock";
 import { IDBFactory } from "fake-indexeddb";
 import { createHash } from "crypto";
 import Olm from "@matrix-org/olm";
 
 import {
     createClient,
-    CryptoEvent,
+    DebugLogger,
     DeviceVerification,
-    IContent,
-    ICreateClientOpts,
-    IEvent,
-    MatrixClient,
+    type IContent,
+    type ICreateClientOpts,
+    type IEvent,
+    type MatrixClient,
+    MatrixError,
     MatrixEvent,
     MatrixEventEvent,
 } from "../../../src";
 import {
     canAcceptVerificationRequest,
-    ShowQrCodeCallbacks,
-    ShowSasCallbacks,
+    type ShowQrCodeCallbacks,
+    type ShowSasCallbacks,
     VerificationPhase,
-    VerificationRequest,
+    type VerificationRequest,
     VerificationRequestEvent,
-    Verifier,
+    type Verifier,
     VerifierEvent,
 } from "../../../src/crypto-api/verification";
-import { defer, escapeRegExp } from "../../../src/utils";
-import {
-    awaitDecryption,
-    CRYPTO_BACKENDS,
-    emitPromise,
-    getSyncResponse,
-    InitCrypto,
-    syncPromise,
-} from "../../test-utils/test-utils";
+import { escapeRegExp, sleep } from "../../../src/utils";
+import { awaitDecryption, emitPromise, getSyncResponse, syncPromise, waitFor } from "../../test-utils/test-utils";
 import { SyncResponder } from "../../test-utils/SyncResponder";
 import {
     BACKUP_DECRYPTION_KEY_BASE64,
@@ -79,19 +74,14 @@ import {
     encryptMegolmEvent,
     encryptSecretSend,
     getTestOlmAccountKeys,
-    ToDeviceEvent,
+    type ToDeviceEvent,
 } from "./olm-utils";
-import { KeyBackupInfo } from "../../../src/crypto-api";
+import { type KeyBackupInfo, CryptoEvent } from "../../../src/crypto-api";
 import { encodeBase64 } from "../../../src/base64";
 
-// The verification flows use javascript timers to set timeouts. We tell jest to use mock timer implementations
-// to ensure that we don't end up with dangling timeouts.
-// But the wasm bindings of matrix-sdk-crypto rely on a working `queueMicrotask`.
-jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
 beforeAll(async () => {
     // we use the libolm primitives in the test, so init the Olm library
-    await globalThis.Olm.init();
+    await Olm.init();
 });
 
 // load the rust library. This can take a few seconds on a slow GH worker.
@@ -101,6 +91,10 @@ beforeAll(async () => {
     await RustSdkCryptoJs.initAsync();
 }, 10000);
 
+beforeEach(() => {
+    vi.useFakeTimers();
+});
+
 afterEach(() => {
     // reset fake-indexeddb after each test, to make sure we don't leak connections
     // cf https://github.com/dumbmatter/fakeIndexedDB#wipingresetting-the-indexeddb-for-a-fresh-state
@@ -117,12 +111,7 @@ const TEST_HOMESERVER_URL = "https://alice-server.com";
  * These tests work by intercepting HTTP requests via fetch-mock rather than mocking out bits of the client, so as
  * to provide the most effective integration tests possible.
  */
-// we test with both crypto stacks...
-describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: string, initCrypto: InitCrypto) => {
-    // newBackendOnly is the opposite to `oldBackendOnly`: it will skip the test if we are running against the legacy
-    // backend. Once we drop support for legacy crypto, it will go away.
-    const newBackendOnly = backend === "rust-sdk" ? test : test.skip;
-
+describe("verification", () => {
     /** the client under test */
     let aliceClient: MatrixClient;
 
@@ -138,7 +127,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
     beforeEach(async () => {
         // anything that we don't have a specific matcher for silently returns a 404
         fetchMock.catch(404);
-        fetchMock.config.warnOnFallback = false;
 
         e2eKeyReceiver = new E2EKeyReceiver(TEST_HOMESERVER_URL);
         e2eKeyResponder = new E2EKeyResponder(TEST_HOMESERVER_URL);
@@ -149,14 +137,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
     });
 
     afterEach(async () => {
-        if (aliceClient !== undefined) {
-            await aliceClient.stopClient();
-        }
+        aliceClient?.stopClient();
 
         // Allow in-flight things to complete before we tear down the test
-        await jest.runAllTimersAsync();
-
-        fetchMock.mockReset();
+        if (vi.isFakeTimers()) {
+            await vi.runAllTimersAsync();
+        }
     });
 
     describe("Outgoing verification requests for another device", () => {
@@ -164,11 +150,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             // pretend that we have another device, which we will verify
             e2eKeyResponder.addDeviceKeys(SIGNED_TEST_DEVICE_DATA);
 
-            fetchMock.put(
-                new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/${escapeRegExp("m.secret.request")}`),
-                { ok: false, status: 404 },
-                { overwriteRoutes: true },
-            );
+            fetchMock.put(new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/${escapeRegExp("m.secret.request")}`), {
+                ok: false,
+                status: 404,
+            });
         });
 
         // test with (1) the default verification method list, (2) a custom verification method list.
@@ -220,7 +205,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(toDeviceMessage.from_device).toEqual(aliceClient.deviceId);
             expect(toDeviceMessage.transaction_id).toEqual(transactionId);
             if (methods !== undefined) {
-                // eslint-disable-next-line jest/no-conditional-expect
+                // eslint-disable-next-line @vitest/no-conditional-expect
                 expect(new Set(toDeviceMessage.methods)).toEqual(new Set(methods));
             }
 
@@ -253,7 +238,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             const sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.accept");
             const verificationPromise = verifier.verify();
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            jest.advanceTimersByTime(10);
+            vi.advanceTimersByTime(10);
 
             requestBody = await sendToDevicePromise;
             toDeviceMessage = requestBody.messages[TEST_USER_ID][TEST_DEVICE_ID];
@@ -265,7 +250,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
 
             // The dummy device makes up a curve25519 keypair and sends the public bit back in an `m.key.verification.key'
             // We use the Curve25519, HMAC and HKDF implementations in libolm, for now
-            const olmSAS = new globalThis.Olm.SAS();
+            const olmSAS = new Olm.SAS();
             returnToDeviceMessageFromSync(buildSasKeyMessage(transactionId, olmSAS.get_pubkey()));
 
             // alice responds with a 'key' ...
@@ -331,7 +316,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(request.otherPartySupportsMethod("m.sas.v1")).toBe(true);
 
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             // And now Alice starts a SAS verification
             let sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.start");
@@ -359,7 +344,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
 
             // The dummy device makes up a curve25519 keypair and uses the hash in an 'm.key.verification.accept'
             // We use the Curve25519, HMAC and HKDF implementations in libolm, for now
-            const olmSAS = new globalThis.Olm.SAS();
+            const olmSAS = new Olm.SAS();
             const commitmentStr = olmSAS.get_pubkey() + anotherjson.stringify(toDeviceMessage);
 
             sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.key");
@@ -432,9 +417,8 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
                 expect(requests[0].transactionId).toEqual(transactionId);
             }
 
-            // legacy crypto picks devices individually; rust crypto uses a broadcast message
-            const toDeviceMessage =
-                requestBody.messages[TEST_USER_ID]["*"] ?? requestBody.messages[TEST_USER_ID][TEST_DEVICE_ID];
+            // rust crypto uses a broadcast message
+            const toDeviceMessage = requestBody.messages[TEST_USER_ID]["*"];
             expect(toDeviceMessage.from_device).toEqual(aliceClient.deviceId);
             expect(toDeviceMessage.transaction_id).toEqual(transactionId);
         });
@@ -522,18 +506,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             reciprocateQRCodeCallbacks.confirm();
             await sendToDevicePromise;
 
-            // at this point, on legacy crypto, the master key is already marked as trusted, and the request is "Done".
-            // Rust crypto, on the other hand, waits for the 'done' to arrive from the other side.
+            // Rust crypto waits for the 'done' to arrive from the other side.
             if (request.phase === VerificationPhase.Done) {
-                // legacy crypto: we're all done
                 const userVerificationStatus = await aliceClient.getCrypto()!.getUserVerificationStatus(TEST_USER_ID);
-                // eslint-disable-next-line jest/no-conditional-expect
+                // eslint-disable-next-line @vitest/no-conditional-expect
                 expect(userVerificationStatus.isCrossSigningVerified()).toBeTruthy();
                 await verificationPromise;
-            } else {
-                // rust crypto: still in flight
-                // eslint-disable-next-line jest/no-conditional-expect
-                expect(request.phase).toEqual(VerificationPhase.Started);
             }
 
             // the dummy device replies with its own 'done'
@@ -569,7 +547,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(qrCodeBuffer).toBeUndefined();
         });
 
-        newBackendOnly("can verify another by scanning their QR code", async () => {
+        it("can verify another by scanning their QR code", async () => {
             aliceClient = await startTestClient();
             // we need cross-signing keys for a QR code verification
             e2eKeyResponder.addCrossSigningData(SIGNED_CROSS_SIGNING_KEYS_DATA);
@@ -654,7 +632,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(request.verifier).toBeUndefined();
 
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             // ... but Alice wants to do an SAS verification
             const sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.start");
@@ -699,7 +677,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(request.verifier).toBeUndefined();
 
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             // ... but the dummy device wants to do an SAS verification
             returnToDeviceMessageFromSync(buildSasStartMessage(transactionId));
@@ -752,6 +730,35 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(request.cancellingUserId).toEqual("@alice:localhost");
         });
 
+        it("does not include cancelled requests in the list of requests", async () => {
+            // Given Alice started a verification request
+            const [, request] = await Promise.all([
+                expectSendToDeviceMessage("m.key.verification.request"),
+                aliceClient.getCrypto()!.requestDeviceVerification(TEST_USER_ID, TEST_DEVICE_ID),
+            ]);
+            const transactionId = request.transactionId!;
+
+            returnToDeviceMessageFromSync(buildReadyMessage(transactionId, ["m.sas.v1"]));
+            await waitForVerificationRequestChanged(request);
+
+            // Sanity: the request is listed
+            const requestsBeforeCancel = aliceClient
+                .getCrypto()!
+                .getVerificationRequestsToDeviceInProgress(TEST_USER_ID);
+
+            expect(requestsBeforeCancel).toHaveLength(1);
+
+            // When Alice cancels it
+            await Promise.all([expectSendToDeviceMessage("m.key.verification.cancel"), request.cancel()]);
+
+            // Then it is no longer listed as in progress
+            const requestsAfterCancel = aliceClient
+                .getCrypto()!
+                .getVerificationRequestsToDeviceInProgress(TEST_USER_ID);
+
+            expect(requestsAfterCancel).toHaveLength(0);
+        });
+
         it("can cancel during the SAS phase", async () => {
             // have alice initiate a verification. She should send a m.key.verification.request
             const [, request] = await Promise.all([
@@ -778,7 +785,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             const sendToDevicePromise = expectSendToDeviceMessage("m.key.verification.accept");
             const verificationPromise = verifier.verify();
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            jest.advanceTimersByTime(10);
+            vi.advanceTimersByTime(10);
             await sendToDevicePromise;
 
             // now we unceremoniously cancel. We expect the verificatationPromise to reject.
@@ -907,7 +914,6 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
     describe("Send verification request in DM", () => {
         beforeEach(async () => {
             aliceClient = await startTestClient();
-            aliceClient.setGlobalErrorOnUnknownDevices(false);
 
             e2eKeyResponder.addCrossSigningData(BOB_SIGNED_CROSS_SIGNING_KEYS_DATA);
             e2eKeyResponder.addDeviceKeys(BOB_SIGNED_TEST_DEVICE_DATA);
@@ -924,19 +930,16 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
         function awaitRoomMessageRequest(): Promise<IContent> {
             return new Promise((resolve) => {
                 // Case of unencrypted message of the new crypto
-                fetchMock.put(
-                    "express:/_matrix/client/v3/rooms/:roomId/send/m.room.message/:txId",
-                    (url: string, options: RequestInit) => {
-                        resolve(JSON.parse(options.body as string));
-                        return { event_id: "$YUwRidLecu:example.com" };
-                    },
-                );
+                fetchMock.put("express:/_matrix/client/v3/rooms/:roomId/send/m.room.message/:txId", (callLog) => {
+                    resolve(JSON.parse(callLog.options.body as string));
+                    return { event_id: "$YUwRidLecu:example.com" };
+                });
 
                 // Case of encrypted message of the old crypto
                 fetchMock.put(
                     "express:/_matrix/client/v3/rooms/:roomId/send/m.room.encrypted/:txId",
-                    async (url: string, options: RequestInit) => {
-                        const encryptedMessage = JSON.parse(options.body as string);
+                    async (callLog) => {
+                        const encryptedMessage = JSON.parse(callLog.options.body as string);
                         const event = new MatrixEvent({
                             content: encryptedMessage,
                             type: "m.room.encrypted",
@@ -959,7 +962,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
 
             // In `DeviceList#doQueuedQueries`, the key download response is processed every 5ms
             // 5ms by users, ie Bob and Alice
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             const messageRequestPromise = awaitRoomMessageRequest();
             const verificationRequest = await aliceClient
@@ -990,21 +993,18 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             testOlmAccount.create();
 
             aliceClient = await startTestClient();
-            aliceClient.setGlobalErrorOnUnknownDevices(false);
             syncResponder.sendOrQueueSyncResponse(getSyncResponse([BOB_TEST_USER_ID]));
             await syncPromise(aliceClient);
 
             // Rust crypto requires the sender's device keys before it accepts a
             // verification request.
-            if (backend === "rust-sdk") {
-                const crypto = aliceClient.getCrypto()!;
+            const crypto = aliceClient.getCrypto()!;
 
-                const bobDeviceKeys = getTestOlmAccountKeys(testOlmAccount, BOB_TEST_USER_ID, "BobDevice");
-                e2eKeyResponder.addDeviceKeys(bobDeviceKeys);
-                syncResponder.sendOrQueueSyncResponse({ device_lists: { changed: [BOB_TEST_USER_ID] } });
-                await syncPromise(aliceClient);
-                await crypto.getUserDeviceInfo([BOB_TEST_USER_ID]);
-            }
+            const bobDeviceKeys = getTestOlmAccountKeys(testOlmAccount, BOB_TEST_USER_ID, "BobDevice");
+            e2eKeyResponder.addDeviceKeys(bobDeviceKeys);
+            syncResponder.sendOrQueueSyncResponse({ device_lists: { changed: [BOB_TEST_USER_ID] } });
+            await syncPromise(aliceClient);
+            await crypto.getUserDeviceInfo([BOB_TEST_USER_ID]);
         });
 
         /**
@@ -1072,7 +1072,14 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
         });
 
         it("ignores old verification requests", async () => {
-            const eventHandler = jest.fn();
+            const debug = vi.fn();
+            const info = vi.fn();
+            const warn = vi.fn();
+
+            // @ts-ignore overriding RustCrypto's logger
+            aliceClient.getCrypto()!.logger = { debug, info, warn };
+
+            const eventHandler = vi.fn();
             aliceClient.on(CryptoEvent.VerificationRequestReceived, eventHandler);
 
             const verificationRequestEvent = createVerificationRequestEvent();
@@ -1086,6 +1093,16 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             const matrixEvent = room.getLiveTimeline().getEvents()[0];
             expect(matrixEvent.getId()).toEqual(verificationRequestEvent.event_id);
 
+            // Wait until the request has been processed. We use a real sleep()
+            // here to make sure any background async tasks are completed.
+            vi.useRealTimers();
+            await waitFor(async () => {
+                expect(info).toHaveBeenCalledWith(
+                    expect.stringMatching(/^Ignoring just-received verification request/),
+                );
+                sleep(100);
+            });
+
             // check that an event has not been raised, and that the request is not found
             expect(eventHandler).not.toHaveBeenCalled();
             expect(
@@ -1093,6 +1110,29 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             ).not.toBeDefined();
         });
 
+        it("ignores cancelled verification requests", async () => {
+            // Given a verification request exists
+            const event = createVerificationRequestEvent();
+            returnRoomMessageFromSync(TEST_ROOM_ID, event);
+
+            // Wait for the request to be received
+            await emitPromise(aliceClient, CryptoEvent.VerificationRequestReceived);
+
+            const request = aliceClient.getCrypto()!.findVerificationRequestDMInProgress(TEST_ROOM_ID, "@bob:xyz");
+
+            // When I cancel it
+            fetchMock.put("express:/_matrix/client/v3/rooms/:roomId/send/m.key.verification.cancel/:id", {
+                event_id: event.event_id,
+            });
+            await request!.cancel();
+            expect(request!.phase).toEqual(VerificationPhase.Cancelled);
+
+            // Then it is no longer found
+            expect(
+                aliceClient.getCrypto()!.findVerificationRequestDMInProgress(TEST_ROOM_ID, "@bob:xyz"),
+            ).not.toBeDefined();
+        });
+
         it("Plaintext verification request from Bob to Alice", async () => {
             // Add verification request from Bob to Alice in the DM between them
             returnRoomMessageFromSync(TEST_ROOM_ID, createVerificationRequestEvent());
@@ -1137,7 +1177,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             returnToDeviceMessageFromSync(toDeviceEvent);
 
             // advance the clock, because the devicelist likes to sleep for 5ms during key downloads
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             // Wait for the request to be decrypted
             const request1 = await requestEventPromise;
@@ -1152,43 +1192,40 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(request?.otherUserId).toBe("@bob:xyz");
         });
 
-        newBackendOnly(
-            "If the verification request is not decrypted within 5 minutes, the request is ignored",
-            async () => {
-                const p2pSession = await createOlmSession(testOlmAccount, e2eKeyReceiver);
-                const groupSession = new Olm.OutboundGroupSession();
-                groupSession.create();
+        it("If the verification request is not decrypted within 5 minutes, the request is ignored", async () => {
+            const p2pSession = await createOlmSession(testOlmAccount, e2eKeyReceiver);
+            const groupSession = new Olm.OutboundGroupSession();
+            groupSession.create();
 
-                // make the room_key event, but don't send it yet
-                const toDeviceEvent = encryptGroupSessionKeyForAlice(groupSession, p2pSession);
+            // make the room_key event, but don't send it yet
+            const toDeviceEvent = encryptGroupSessionKeyForAlice(groupSession, p2pSession);
 
-                // Add verification request from Bob to Alice in the DM between them
-                returnRoomMessageFromSync(TEST_ROOM_ID, createEncryptedVerificationRequest(groupSession));
+            // Add verification request from Bob to Alice in the DM between them
+            returnRoomMessageFromSync(TEST_ROOM_ID, createEncryptedVerificationRequest(groupSession));
 
-                // Wait for the sync response to be processed
-                await syncPromise(aliceClient);
+            // Wait for the sync response to be processed
+            await syncPromise(aliceClient);
 
-                const room = aliceClient.getRoom(TEST_ROOM_ID)!;
-                const matrixEvent = room.getLiveTimeline().getEvents()[0];
+            const room = aliceClient.getRoom(TEST_ROOM_ID)!;
+            const matrixEvent = room.getLiveTimeline().getEvents()[0];
 
-                // wait for a first attempt at decryption: should fail
-                await awaitDecryption(matrixEvent);
-                expect(matrixEvent.getContent().msgtype).toEqual("m.bad.encrypted");
+            // wait for a first attempt at decryption: should fail
+            await awaitDecryption(matrixEvent);
+            expect(matrixEvent.getContent().msgtype).toEqual("m.bad.encrypted");
 
-                // Advance time by 5mins, the verification request should be ignored after that
-                jest.advanceTimersByTime(5 * 60 * 1000);
+            // Advance time by 5mins, the verification request should be ignored after that
+            vi.advanceTimersByTime(5 * 60 * 1000);
 
-                // Send Bob the room keys
-                returnToDeviceMessageFromSync(toDeviceEvent);
+            // Send Bob the room keys
+            returnToDeviceMessageFromSync(toDeviceEvent);
 
-                // Wait for the message to be decrypted
-                await awaitDecryption(matrixEvent, { waitOnDecryptionFailure: true });
+            // Wait for the message to be decrypted
+            await awaitDecryption(matrixEvent, { waitOnDecryptionFailure: true });
 
-                const request = aliceClient.getCrypto()!.findVerificationRequestDMInProgress(TEST_ROOM_ID, "@bob:xyz");
-                // the request should not be present
-                expect(request).not.toBeDefined();
-            },
-        );
+            const request = aliceClient.getCrypto()!.findVerificationRequestDMInProgress(TEST_ROOM_ID, "@bob:xyz");
+            // the request should not be present
+            expect(request).not.toBeDefined();
+        });
     });
 
     describe("Secrets are gossiped after verification", () => {
@@ -1243,7 +1280,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             syncResponder.sendOrQueueSyncResponse(getSyncResponse([TEST_USER_ID]));
             await syncPromise(aliceClient);
             // DeviceList has a sleep(5) which we need to make happen
-            await jest.advanceTimersByTimeAsync(10);
+            await vi.advanceTimersByTimeAsync(10);
 
             // The client should now know about the olm device
             const devices = await aliceClient.getCrypto()!.getUserDeviceInfo([TEST_USER_ID]);
@@ -1255,12 +1292,11 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             testOlmAccount?.free();
 
             // Allow in-flight things to complete before we tear down the test
-            await jest.runAllTimersAsync();
-
-            fetchMock.mockReset();
+            await vi.runAllTimersAsync();
         });
 
-        newBackendOnly("Should request cross signing keys after verification", async () => {
+        // eslint-disable-next-line @vitest/expect-expect
+        it("Should request cross signing keys after verification", async () => {
             const requestPromises = mockSecretRequestAndGetPromises();
 
             await doInteractiveVerification();
@@ -1271,7 +1307,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             await requestPromises.get("m.cross_signing.self_signing");
         });
 
-        newBackendOnly("Should accept the backup decryption key gossip if valid", async () => {
+        it("Should accept the backup decryption key gossip if valid", async () => {
             const requestPromises = mockSecretRequestAndGetPromises();
 
             await doInteractiveVerification();
@@ -1290,7 +1326,43 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             expect(encodeBase64(cachedKey!)).toEqual(BACKUP_DECRYPTION_KEY_BASE64);
         });
 
-        newBackendOnly("Should not accept the backup decryption key gossip if private key do not match", async () => {
+        it("Should not accept the backup decryption key gossip when there is no server-side key backup", async () => {
+            const requestPromises = mockSecretRequestAndGetPromises();
+
+            await doInteractiveVerification();
+
+            const requestId = await requestPromises.get("m.megolm_backup.v1");
+
+            await sendBackupGossipAndExpectVersion(
+                requestId!,
+                BACKUP_DECRYPTION_KEY_BASE64,
+                new MatrixError({ errcode: "M_NOT_FOUND", error: "No backup found" }, 404),
+            );
+
+            // the backup secret should not be cached
+            const cachedKey = await retrieveBackupPrivateKeyWithDelay();
+            expect(cachedKey).toBeNull();
+        });
+
+        it("Should not accept the backup decryption key gossip when server-side key backup request errors", async () => {
+            const requestPromises = mockSecretRequestAndGetPromises();
+
+            await doInteractiveVerification();
+
+            const requestId = await requestPromises.get("m.megolm_backup.v1");
+
+            await sendBackupGossipAndExpectVersion(
+                requestId!,
+                BACKUP_DECRYPTION_KEY_BASE64,
+                new Error("Network Error!"),
+            );
+
+            // the backup secret should not be cached
+            const cachedKey = await retrieveBackupPrivateKeyWithDelay();
+            expect(cachedKey).toBeNull();
+        });
+
+        it("Should not accept the backup decryption key gossip if private key do not match", async () => {
             const requestPromises = mockSecretRequestAndGetPromises();
 
             await doInteractiveVerification();
@@ -1299,43 +1371,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
 
             await sendBackupGossipAndExpectVersion(requestId!, BACKUP_DECRYPTION_KEY_BASE64, nonMatchingBackupInfo);
 
-            // We are lacking a way to signal that the secret has been received, so we wait a bit..
-            jest.useRealTimers();
-            await new Promise((resolve) => {
-                setTimeout(resolve, 500);
-            });
-            jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
             // the backup secret should not be cached
-            const cachedKey = await aliceClient.getCrypto()!.getSessionBackupPrivateKey();
+            const cachedKey = await retrieveBackupPrivateKeyWithDelay();
             expect(cachedKey).toBeNull();
         });
 
-        newBackendOnly("Should not accept the backup decryption key gossip if backup not trusted", async () => {
-            const requestPromises = mockSecretRequestAndGetPromises();
-
-            await doInteractiveVerification();
-
-            const requestId = await requestPromises.get("m.megolm_backup.v1");
-
-            const infoCopy = Object.assign({}, matchingBackupInfo);
-            delete infoCopy.auth_data.signatures;
-
-            await sendBackupGossipAndExpectVersion(requestId!, BACKUP_DECRYPTION_KEY_BASE64, infoCopy);
-
-            // We are lacking a way to signal that the secret has been received, so we wait a bit..
-            jest.useRealTimers();
-            await new Promise((resolve) => {
-                setTimeout(resolve, 500);
-            });
-            jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
-            // the backup secret should not be cached
-            const cachedKey = await aliceClient.getCrypto()!.getSessionBackupPrivateKey();
-            expect(cachedKey).toBeNull();
-        });
-
-        newBackendOnly("Should not accept the backup decryption key gossip if backup algorithm unknown", async () => {
+        it("Should not accept the backup decryption key gossip if backup algorithm unknown", async () => {
             const requestPromises = mockSecretRequestAndGetPromises();
 
             await doInteractiveVerification();
@@ -1348,19 +1389,12 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
                 unknownAlgorithmBackupInfo,
             );
 
-            // We are lacking a way to signal that the secret has been received, so we wait a bit..
-            jest.useRealTimers();
-            await new Promise((resolve) => {
-                setTimeout(resolve, 500);
-            });
-            jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
             // the backup secret should not be cached
-            const cachedKey = await aliceClient.getCrypto()!.getSessionBackupPrivateKey();
+            const cachedKey = await retrieveBackupPrivateKeyWithDelay();
             expect(cachedKey).toBeNull();
         });
 
-        newBackendOnly("Should not accept an invalid backup decryption key", async () => {
+        it("Should not accept an invalid backup decryption key", async () => {
             const requestPromises = mockSecretRequestAndGetPromises();
 
             await doInteractiveVerification();
@@ -1369,26 +1403,38 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
 
             await sendBackupGossipAndExpectVersion(requestId!, "InvalidSecret", matchingBackupInfo);
 
-            // We are lacking a way to signal that the secret has been received, so we wait a bit..
-            jest.useRealTimers();
-            await new Promise((resolve) => {
-                setTimeout(resolve, 500);
-            });
-            jest.useFakeTimers({ doNotFake: ["queueMicrotask"] });
-
             // the backup secret should not be cached
-            const cachedKey = await aliceClient.getCrypto()!.getSessionBackupPrivateKey();
+            const cachedKey = await retrieveBackupPrivateKeyWithDelay();
             expect(cachedKey).toBeNull();
         });
 
+        /**
+         * Waits briefly for secrets to be gossipped, then fetches the backup private key from the crypto stack.
+         */
+        async function retrieveBackupPrivateKeyWithDelay(): Promise<Uint8Array | null> {
+            // We are lacking a way to signal that the secret has been received, so we wait a bit..
+            vi.useRealTimers();
+            await new Promise((resolve) => {
+                setTimeout(resolve, 500);
+            });
+            vi.useFakeTimers();
+
+            return aliceClient.getCrypto()!.getSessionBackupPrivateKey();
+        }
+
         /**
          * Common test setup for gossiping secrets.
          * Creates a peer to peer session, sends the secret, mockup the version API, send the secret back from sync, then await for the backup check.
+         *
+         * @param expectBackup - The result to be returned from the `/room_keys/version` request.
+         * - **KeyBackupInfo**: Indicates a successful request, where the response contains the key backup information (HTTP 200).
+         * - **MatrixError**: Represents an error response from the server, indicating an unsuccessful request (non-200 HTTP status).
+         * - **Error**: Indicates an error during the request process itself (e.g., network issues or unexpected failures).
          */
         async function sendBackupGossipAndExpectVersion(
             requestId: string,
             secret: string,
-            expectBackup: KeyBackupInfo,
+            expectBackup: KeyBackupInfo | MatrixError | Error,
         ) {
             const p2pSession = await createOlmSession(testOlmAccount, e2eKeyReceiver);
 
@@ -1404,16 +1450,21 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             });
 
             const expectBackupCheck = new Promise((resolve) => {
-                fetchMock.get(
-                    "express:/_matrix/client/v3/room_keys/version",
-                    (url, request) => {
-                        resolve(undefined);
-                        return expectBackup;
-                    },
-                    {
-                        overwriteRoutes: true,
-                    },
-                );
+                fetchMock.get("express:/_matrix/client/v3/room_keys/version", (callLog) => {
+                    resolve(undefined);
+                    if (expectBackup instanceof MatrixError) {
+                        return {
+                            status: expectBackup.httpStatus,
+                            body: expectBackup.data,
+                        };
+                    }
+
+                    if (expectBackup instanceof Error) {
+                        return Promise.reject(expectBackup);
+                    }
+
+                    return expectBackup;
+                });
             });
 
             fetchMock.get("express:/_matrix/client/v3/room_keys/keys", CURVE25519_KEY_BACKUP_DATA);
@@ -1480,9 +1531,10 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
             userId: TEST_USER_ID,
             accessToken: "akjgkrgjs",
             deviceId: "device_under_test",
+            logger: new DebugLogger(debug(`matrix-js-sdk:verification`)),
             ...opts,
         });
-        await initCrypto(client);
+        await client.initRustCrypto();
         await client.startClient();
         return client;
     }
@@ -1493,7 +1545,7 @@ describe.each(Object.entries(CRYPTO_BACKENDS))("verification (%s)", (backend: st
         // user will be one).
         syncResponder.sendOrQueueSyncResponse({});
         // DeviceList has a sleep(5) which we need to make happen
-        await jest.advanceTimersByTimeAsync(10);
+        await vi.advanceTimersByTimeAsync(10);
 
         // The client should now know about the dummy device
         const devices = await aliceClient.getCrypto()!.getUserDeviceInfo([TEST_USER_ID]);
@@ -1527,8 +1579,8 @@ function expectSendToDeviceMessage(msgtype: string): Promise<{ messages: any }>
     return new Promise((resolve) => {
         fetchMock.putOnce(
             new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/${escapeRegExp(msgtype)}`),
-            (url: string, opts: RequestInit): FetchMock.MockResponse => {
-                resolve(JSON.parse(opts.body as string));
+            (callLog): RouteResponse => {
+                resolve(JSON.parse(callLog.options.body as string));
                 return {};
             },
         );
@@ -1544,40 +1596,36 @@ function expectSendToDeviceMessage(msgtype: string): Promise<{ messages: any }>
  *  @returns a map of secret name to promise that will resolve (with the id of the secret request) when the secret is requested.
  */
 function mockSecretRequestAndGetPromises(): Map<string, Promise<string>> {
-    const mskRequestDefer = defer<string>();
-    const sskRequestDefer = defer<string>();
-    const uskRequestDefer = defer<string>();
-    const backupKeyRequestDefer = defer<string>();
+    const mskRequestResolvers = Promise.withResolvers<string>();
+    const sskRequestResolvers = Promise.withResolvers<string>();
+    const uskRequestResolvers = Promise.withResolvers<string>();
+    const backupKeyRequestResolvers = Promise.withResolvers<string>();
 
-    fetchMock.put(
-        new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/m.secret.request`),
-        (url: string, opts: RequestInit): FetchMock.MockResponse => {
-            const messages = JSON.parse(opts.body as string).messages[TEST_USER_ID];
-            // rust crypto broadcasts to all devices, old crypto to a specific device, take the first one
-            const content = Object.values(messages)[0] as any;
-            if (content.action == "request") {
-                const name = content.name;
-                const requestId = content.request_id;
-                if (name == "m.cross_signing.user_signing") {
-                    uskRequestDefer.resolve(requestId);
-                } else if (name == "m.cross_signing.master") {
-                    mskRequestDefer.resolve(requestId);
-                } else if (name == "m.cross_signing.self_signing") {
-                    sskRequestDefer.resolve(requestId);
-                } else if (name == "m.megolm_backup.v1") {
-                    backupKeyRequestDefer.resolve(requestId);
-                }
+    fetchMock.put(new RegExp(`/_matrix/client/(r0|v3)/sendToDevice/m.secret.request`), (callLog): RouteResponse => {
+        const messages = JSON.parse(callLog.options.body as string).messages[TEST_USER_ID];
+        // rust crypto broadcasts to all devices, old crypto to a specific device, take the first one
+        const content = Object.values(messages)[0] as any;
+        if (content.action == "request") {
+            const name = content.name;
+            const requestId = content.request_id;
+            if (name == "m.cross_signing.user_signing") {
+                uskRequestResolvers.resolve(requestId);
+            } else if (name == "m.cross_signing.master") {
+                mskRequestResolvers.resolve(requestId);
+            } else if (name == "m.cross_signing.self_signing") {
+                sskRequestResolvers.resolve(requestId);
+            } else if (name == "m.megolm_backup.v1") {
+                backupKeyRequestResolvers.resolve(requestId);
             }
-            return {};
-        },
-        { overwriteRoutes: true },
-    );
+        }
+        return {};
+    });
 
     const promiseMap = new Map<string, Promise<string>>();
-    promiseMap.set("m.cross_signing.master", mskRequestDefer.promise);
-    promiseMap.set("m.cross_signing.self_signing", sskRequestDefer.promise);
-    promiseMap.set("m.cross_signing.user_signing", uskRequestDefer.promise);
-    promiseMap.set("m.megolm_backup.v1", backupKeyRequestDefer.promise);
+    promiseMap.set("m.cross_signing.master", mskRequestResolvers.promise);
+    promiseMap.set("m.cross_signing.self_signing", sskRequestResolvers.promise);
+    promiseMap.set("m.cross_signing.user_signing", uskRequestResolvers.promise);
+    promiseMap.set("m.megolm_backup.v1", backupKeyRequestResolvers.promise);
     return promiseMap;
 }
 
@@ -1608,7 +1656,7 @@ function sha256(commitmentStr: string): string {
     return encodeUnpaddedBase64(createHash("sha256").update(commitmentStr, "utf8").digest());
 }
 
-function encodeUnpaddedBase64(uint8Array: ArrayBuffer | Uint8Array): string {
+function encodeUnpaddedBase64(uint8Array: ArrayLike<number>): string {
     return Buffer.from(uint8Array).toString("base64").replace(/=+$/g, "");
 }
 
@@ -1642,7 +1690,7 @@ function buildReadyMessage(
 }
 
 /** build an m.key.verification.start to-device message suitable for the m.reciprocate.v1 flow, originating from the dummy device */
-function buildReciprocateStartMessage(transactionId: string, sharedSecret: ArrayBuffer) {
+function buildReciprocateStartMessage(transactionId: string, sharedSecret: ArrayLike<number>) {
     return {
         type: "m.key.verification.start",
         content: {

spec/integ/devicelist-integ.spec.ts

@@ -1,406 +0,0 @@
-/*
-Copyright 2017 Vector Creations Ltd
-Copyright 2018 New Vector Ltd
-Copyright 2019 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { TestClient } from "../TestClient";
-import * as testUtils from "../test-utils/test-utils";
-import { logger } from "../../src/logger";
-import { KnownMembership } from "../../src/@types/membership";
-
-const ROOM_ID = "!room:id";
-
-/**
- * get a /sync response which contains a single e2e room (ROOM_ID), with the
- * members given
- *
- * @returns sync response
- */
-function getSyncResponse(roomMembers: string[]) {
-    const stateEvents = [
-        testUtils.mkEvent({
-            type: "m.room.encryption",
-            skey: "",
-            content: {
-                algorithm: "m.megolm.v1.aes-sha2",
-            },
-        }),
-    ];
-
-    Array.prototype.push.apply(
-        stateEvents,
-        roomMembers.map((m) =>
-            testUtils.mkMembership({
-                mship: KnownMembership.Join,
-                sender: m,
-            }),
-        ),
-    );
-
-    const syncResponse = {
-        next_batch: 1,
-        rooms: {
-            join: {
-                [ROOM_ID]: {
-                    state: {
-                        events: stateEvents,
-                    },
-                },
-            },
-        },
-    };
-
-    return syncResponse;
-}
-
-describe("DeviceList management:", function () {
-    if (!globalThis.Olm) {
-        logger.warn("not running deviceList tests: Olm not present");
-        return;
-    }
-
-    let aliceTestClient: TestClient;
-    let sessionStoreBackend: Storage;
-
-    async function createTestClient() {
-        const testClient = new TestClient("@alice:localhost", "xzcvb", "akjgkrgjs", sessionStoreBackend);
-        await testClient.client.initLegacyCrypto();
-        return testClient;
-    }
-
-    beforeEach(async function () {
-        // we create our own sessionStoreBackend so that we can use it for
-        // another TestClient.
-        sessionStoreBackend = new testUtils.MockStorageApi();
-
-        aliceTestClient = await createTestClient();
-    });
-
-    afterEach(function () {
-        return aliceTestClient.stop();
-    });
-
-    it("Alice shouldn't do a second /query for non-e2e-capable devices", function () {
-        aliceTestClient.expectKeyQuery({
-            device_keys: { "@alice:localhost": {} },
-            failures: {},
-        });
-        return aliceTestClient
-            .start()
-            .then(function () {
-                const syncResponse = getSyncResponse(["@bob:xyz"]);
-                aliceTestClient.httpBackend.when("GET", "/sync").respond(200, syncResponse);
-
-                return aliceTestClient.flushSync();
-            })
-            .then(function () {
-                logger.log("Forcing alice to download our device keys");
-
-                aliceTestClient.httpBackend.when("POST", "/keys/query").respond(200, {
-                    device_keys: {
-                        "@bob:xyz": {},
-                    },
-                });
-
-                return Promise.all([
-                    aliceTestClient.client.downloadKeys(["@bob:xyz"]),
-                    aliceTestClient.httpBackend.flush("/keys/query", 1),
-                ]);
-            })
-            .then(function () {
-                logger.log("Telling alice to send a megolm message");
-
-                aliceTestClient.httpBackend.when("PUT", "/send/").respond(200, {
-                    event_id: "$event_id",
-                });
-
-                return Promise.all([
-                    aliceTestClient.client.sendTextMessage(ROOM_ID, "test"),
-
-                    // the crypto stuff can take a while, so give the requests a whole second.
-                    aliceTestClient.httpBackend.flushAllExpected({
-                        timeout: 1000,
-                    }),
-                ]);
-            });
-    });
-
-    it.skip("We should not get confused by out-of-order device query responses", () => {
-        // https://github.com/vector-im/element-web/issues/3126
-        aliceTestClient.expectKeyQuery({
-            device_keys: { "@alice:localhost": {} },
-            failures: {},
-        });
-        return aliceTestClient
-            .start()
-            .then(() => {
-                aliceTestClient.httpBackend
-                    .when("GET", "/sync")
-                    .respond(200, getSyncResponse(["@bob:xyz", "@chris:abc"]));
-                return aliceTestClient.flushSync();
-            })
-            .then(() => {
-                // to make sure the initial device queries are flushed out, we
-                // attempt to send a message.
-
-                aliceTestClient.httpBackend.when("POST", "/keys/query").respond(200, {
-                    device_keys: {
-                        "@bob:xyz": {},
-                        "@chris:abc": {},
-                    },
-                });
-
-                aliceTestClient.httpBackend.when("PUT", "/send/").respond(200, { event_id: "$event1" });
-
-                return Promise.all([
-                    aliceTestClient.client.sendTextMessage(ROOM_ID, "test"),
-                    aliceTestClient.httpBackend
-                        .flush("/keys/query", 1)
-                        .then(() => aliceTestClient.httpBackend.flush("/send/", 1)),
-                    aliceTestClient.client.crypto!.deviceList.saveIfDirty(),
-                ]);
-            })
-            .then(() => {
-                // @ts-ignore accessing a protected field
-                aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                    expect(data!.syncToken).toEqual(1);
-                });
-
-                // invalidate bob's and chris's device lists in separate syncs
-                aliceTestClient.httpBackend.when("GET", "/sync").respond(200, {
-                    next_batch: "2",
-                    device_lists: {
-                        changed: ["@bob:xyz"],
-                    },
-                });
-                aliceTestClient.httpBackend.when("GET", "/sync").respond(200, {
-                    next_batch: "3",
-                    device_lists: {
-                        changed: ["@chris:abc"],
-                    },
-                });
-                // flush both syncs
-                return aliceTestClient.flushSync().then(() => {
-                    return aliceTestClient.flushSync();
-                });
-            })
-            .then(() => {
-                // check that we don't yet have a request for chris's devices.
-                aliceTestClient.httpBackend
-                    .when("POST", "/keys/query", {
-                        device_keys: {
-                            "@chris:abc": {},
-                        },
-                        token: "3",
-                    })
-                    .respond(200, {
-                        device_keys: { "@chris:abc": {} },
-                    });
-                return aliceTestClient.httpBackend.flush("/keys/query", 1);
-            })
-            .then((flushed) => {
-                expect(flushed).toEqual(0);
-                return aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-            })
-            .then(() => {
-                // @ts-ignore accessing a protected field
-                aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                    const bobStat = data!.trackingStatus["@bob:xyz"];
-                    if (bobStat != 1 && bobStat != 2) {
-                        throw new Error("Unexpected status for bob: wanted 1 or 2, got " + bobStat);
-                    }
-                    const chrisStat = data!.trackingStatus["@chris:abc"];
-                    if (chrisStat != 1 && chrisStat != 2) {
-                        throw new Error("Unexpected status for chris: wanted 1 or 2, got " + chrisStat);
-                    }
-                });
-
-                // now add an expectation for a query for bob's devices, and let
-                // it complete.
-                aliceTestClient.httpBackend
-                    .when("POST", "/keys/query", {
-                        device_keys: {
-                            "@bob:xyz": {},
-                        },
-                        token: "2",
-                    })
-                    .respond(200, {
-                        device_keys: { "@bob:xyz": {} },
-                    });
-                return aliceTestClient.httpBackend.flush("/keys/query", 1);
-            })
-            .then((flushed) => {
-                expect(flushed).toEqual(1);
-
-                // wait for the client to stop processing the response
-                return aliceTestClient.client.downloadKeys(["@bob:xyz"]);
-            })
-            .then(() => {
-                return aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-            })
-            .then(() => {
-                // @ts-ignore accessing a protected field
-                aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                    const bobStat = data!.trackingStatus["@bob:xyz"];
-                    expect(bobStat).toEqual(3);
-                    const chrisStat = data!.trackingStatus["@chris:abc"];
-                    if (chrisStat != 1 && chrisStat != 2) {
-                        throw new Error("Unexpected status for chris: wanted 1 or 2, got " + bobStat);
-                    }
-                });
-
-                // now let the query for chris's devices complete.
-                return aliceTestClient.httpBackend.flush("/keys/query", 1);
-            })
-            .then((flushed) => {
-                expect(flushed).toEqual(1);
-
-                // wait for the client to stop processing the response
-                return aliceTestClient.client.downloadKeys(["@chris:abc"]);
-            })
-            .then(() => {
-                return aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-            })
-            .then(() => {
-                // @ts-ignore accessing a protected field
-                aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                    const bobStat = data!.trackingStatus["@bob:xyz"];
-                    const chrisStat = data!.trackingStatus["@bob:xyz"];
-
-                    expect(bobStat).toEqual(3);
-                    expect(chrisStat).toEqual(3);
-                    expect(data!.syncToken).toEqual(3);
-                });
-            });
-    });
-
-    // https://github.com/vector-im/element-web/issues/4983
-    describe("Alice should know she has stale device lists", () => {
-        beforeEach(async function () {
-            await aliceTestClient.start();
-
-            aliceTestClient.httpBackend.when("GET", "/sync").respond(200, getSyncResponse(["@bob:xyz"]));
-            await aliceTestClient.flushSync();
-
-            aliceTestClient.httpBackend.when("POST", "/keys/query").respond(200, {
-                device_keys: {
-                    "@bob:xyz": {},
-                },
-            });
-            await aliceTestClient.httpBackend.flush("/keys/query", 1);
-            await aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-
-            // @ts-ignore accessing a protected field
-            aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                const bobStat = data!.trackingStatus["@bob:xyz"];
-
-                // Alice should be tracking bob's device list
-                expect(bobStat).toBeGreaterThan(0);
-            });
-        });
-
-        it("when Bob leaves", async function () {
-            aliceTestClient.httpBackend.when("GET", "/sync").respond(200, {
-                next_batch: 2,
-                device_lists: {
-                    left: ["@bob:xyz"],
-                },
-                rooms: {
-                    join: {
-                        [ROOM_ID]: {
-                            timeline: {
-                                events: [
-                                    testUtils.mkMembership({
-                                        mship: KnownMembership.Leave,
-                                        sender: "@bob:xyz",
-                                    }),
-                                ],
-                            },
-                        },
-                    },
-                },
-            });
-
-            await aliceTestClient.flushSync();
-            await aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-
-            // @ts-ignore accessing a protected field
-            aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                const bobStat = data!.trackingStatus["@bob:xyz"];
-
-                // Alice should have marked bob's device list as untracked
-                expect(bobStat).toEqual(0);
-            });
-        });
-
-        it("when Alice leaves", async function () {
-            aliceTestClient.httpBackend.when("GET", "/sync").respond(200, {
-                next_batch: 2,
-                device_lists: {
-                    left: ["@bob:xyz"],
-                },
-                rooms: {
-                    leave: {
-                        [ROOM_ID]: {
-                            timeline: {
-                                events: [
-                                    testUtils.mkMembership({
-                                        mship: KnownMembership.Leave,
-                                        sender: "@bob:xyz",
-                                    }),
-                                ],
-                            },
-                        },
-                    },
-                },
-            });
-
-            await aliceTestClient.flushSync();
-            await aliceTestClient.client.crypto!.deviceList.saveIfDirty();
-
-            // @ts-ignore accessing a protected field
-            aliceTestClient.client.cryptoStore!.getEndToEndDeviceData(null, (data) => {
-                const bobStat = data!.trackingStatus["@bob:xyz"];
-
-                // Alice should have marked bob's device list as untracked
-                expect(bobStat).toEqual(0);
-            });
-        });
-
-        it("when Bob leaves whilst Alice is offline", async function () {
-            aliceTestClient.stop();
-
-            const anotherTestClient = await createTestClient();
-
-            try {
-                await anotherTestClient.start();
-                anotherTestClient.httpBackend.when("GET", "/sync").respond(200, getSyncResponse([]));
-                await anotherTestClient.flushSync();
-                await anotherTestClient.client?.crypto?.deviceList?.saveIfDirty();
-
-                // @ts-ignore accessing private property
-                anotherTestClient.client.cryptoStore.getEndToEndDeviceData(null, (data) => {
-                    const bobStat = data!.trackingStatus["@bob:xyz"];
-
-                    // Alice should have marked bob's device list as untracked
-                    expect(bobStat).toEqual(0);
-                });
-            } finally {
-                anotherTestClient.stop();
-            }
-        });
-    });
-});

spec/integ/matrix-client-event-emitter.spec.ts

@@ -14,13 +14,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import HttpBackend from "matrix-mock-request";
-
+import type HttpBackend from "matrix-mock-request";
 import {
     ClientEvent,
     HttpApiEvent,
-    IEvent,
-    MatrixClient,
+    type IEvent,
+    type MatrixClient,
     RoomEvent,
     RoomMemberEvent,
     RoomStateEvent,

spec/integ/matrix-client-event-timeline.spec.ts

@@ -23,15 +23,15 @@ import {
     EventTimelineSet,
     EventType,
     Filter,
-    IEvent,
-    MatrixClient,
+    type IEvent,
+    type MatrixClient,
     MatrixEvent,
     PendingEventOrdering,
     RelationType,
     Room,
 } from "../../src/matrix";
 import { logger } from "../../src/logger";
-import { encodeParams, encodeUri, QueryDict, replaceParam } from "../../src/utils";
+import { encodeParams, encodeUri, type QueryDict, replaceParam } from "../../src/utils";
 import { TestClient } from "../TestClient";
 import { FeatureSupport, Thread, ThreadEvent } from "../../src/models/thread";
 import { emitPromise } from "../test-utils/test-utils";
@@ -672,7 +672,7 @@ describe("MatrixClient event timelines", function () {
             expect(timeline!.getEvents().find((e) => e.getId() === THREAD_ROOT.event_id!)).toBeTruthy();
         });
 
-        it("should return undefined when event is not in the thread that the given timelineSet is representing", () => {
+        it("should return null when event is not in the thread that the given timelineSet is representing", () => {
             // @ts-ignore
             client.clientOpts.threadSupport = true;
             Thread.setServerSideSupport(FeatureSupport.Experimental);
@@ -696,12 +696,12 @@ describe("MatrixClient event timelines", function () {
                 });
 
             return Promise.all([
-                expect(client.getEventTimeline(timelineSet, EVENTS[0].event_id!)).resolves.toBeUndefined(),
+                expect(client.getEventTimeline(timelineSet, EVENTS[0].event_id!)).resolves.toBeNull(),
                 httpBackend.flushAllExpected(),
             ]);
         });
 
-        it("should return undefined when event is within a thread but timelineSet is not", () => {
+        it("should return null when event is within a thread but timelineSet is not", () => {
             // @ts-ignore
             client.clientOpts.threadSupport = true;
             Thread.setServerSideSupport(FeatureSupport.Experimental);
@@ -723,7 +723,7 @@ describe("MatrixClient event timelines", function () {
                 });
 
             return Promise.all([
-                expect(client.getEventTimeline(timelineSet, THREAD_REPLY.event_id!)).resolves.toBeUndefined(),
+                expect(client.getEventTimeline(timelineSet, THREAD_REPLY.event_id!)).resolves.toBeNull(),
                 httpBackend.flushAllExpected(),
             ]);
         });
@@ -2044,6 +2044,7 @@ describe("MatrixClient event timelines", function () {
             expect(timeline!.getEvents()[1]!.event).toEqual(THREAD_REPLY);
         }
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("in stable mode", async () => {
             // @ts-ignore
             client.clientOpts.threadSupport = true;

spec/integ/matrix-client-methods.spec.ts

@@ -13,28 +13,26 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-import HttpBackend from "matrix-mock-request";
-import { Mocked } from "jest-mock";
 
+import type HttpBackend from "matrix-mock-request";
 import * as utils from "../test-utils/test-utils";
-import { CRYPTO_ENABLED, IStoredClientOpts, MatrixClient } from "../../src/client";
+import { type IStoredClientOpts, MatrixClient } from "../../src/client";
 import { MatrixEvent } from "../../src/models/event";
 import {
     Filter,
     JoinRule,
-    KnockRoomOpts,
+    type KnockRoomOpts,
     MemoryStore,
     Method,
     Room,
-    RoomSummary,
+    type RoomSummary,
     SERVICE_TYPES,
 } from "../../src/matrix";
 import { TestClient } from "../TestClient";
 import { THREAD_RELATION_TYPE } from "../../src/models/thread";
-import { IFilterDefinition } from "../../src/filter";
-import { ISearchResults } from "../../src/@types/search";
-import { IStore } from "../../src/store";
-import { CryptoBackend } from "../../src/common-crypto/CryptoBackend";
+import { type IFilterDefinition } from "../../src/filter";
+import { type ISearchResults } from "../../src/@types/search";
+import { type IStore } from "../../src/store";
 import { SetPresence } from "../../src/sync";
 import { KnownMembership } from "../../src/@types/membership";
 
@@ -159,6 +157,30 @@ describe("MatrixClient", function () {
         });
     });
 
+    describe("mediaConfig", function () {
+        it("should get media config on unauthenticated media call", async () => {
+            httpBackend.when("GET", "/_matrix/media/v3/config").respond(200, '{"m.upload.size": 50000000}', true);
+
+            const prom = client.getMediaConfig();
+
+            httpBackend.flushAllExpected();
+
+            expect((await prom)["m.upload.size"]).toEqual(50000000);
+        });
+
+        it("should get media config on authenticated media call", async () => {
+            httpBackend
+                .when("GET", "/_matrix/client/v1/media/config")
+                .respond(200, '{"m.upload.size": 50000000}', true);
+
+            const prom = client.getMediaConfig(true);
+
+            httpBackend.flushAllExpected();
+
+            expect((await prom)["m.upload.size"]).toEqual(50000000);
+        });
+    });
+
     describe("joinRoom", function () {
         it("should no-op given the ID of a room you've already joined", async () => {
             const roomId = "!foo:bar";
@@ -245,6 +267,59 @@ describe("MatrixClient", function () {
         });
     });
 
+    describe("invite", function () {
+        it("should send request to /invite", async () => {
+            const roomId = "!roomId:server";
+            const userId = "@user:server";
+
+            httpBackend
+                .when("POST", `/rooms/${encodeURIComponent(roomId)}/invite`)
+                .check((request) => {
+                    expect(request.data).toEqual({ user_id: userId });
+                })
+                .respond(200, {});
+
+            const prom = client.invite(roomId, userId);
+            await httpBackend.flushAllExpected();
+            await prom;
+            httpBackend.verifyNoOutstandingExpectation();
+        });
+
+        it("accepts a stringy reason argument", async () => {
+            const roomId = "!roomId:server";
+            const userId = "@user:server";
+
+            httpBackend
+                .when("POST", `/rooms/${encodeURIComponent(roomId)}/invite`)
+                .check((request) => {
+                    expect(request.data).toEqual({ user_id: userId, reason: "testreason" });
+                })
+                .respond(200, {});
+
+            const prom = client.invite(roomId, userId, "testreason");
+            await httpBackend.flushAllExpected();
+            await prom;
+            httpBackend.verifyNoOutstandingExpectation();
+        });
+
+        it("accepts an options object with a reason", async () => {
+            const roomId = "!roomId:server";
+            const userId = "@user:server";
+
+            httpBackend
+                .when("POST", `/rooms/${encodeURIComponent(roomId)}/invite`)
+                .check((request) => {
+                    expect(request.data).toEqual({ user_id: userId, reason: "testreason" });
+                })
+                .respond(200, {});
+
+            const prom = client.invite(roomId, userId, { reason: "testreason" });
+            await httpBackend.flushAllExpected();
+            await prom;
+            httpBackend.verifyNoOutstandingExpectation();
+        });
+    });
+
     describe("knockRoom", function () {
         const roomId = "!some-room-id:example.org";
         const reason = "some reason";
@@ -272,6 +347,7 @@ describe("MatrixClient", function () {
             expect((await prom).room_id).toBe(roomId);
         });
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("should no-op if you've already knocked a room", function () {
             const room = new Room(roomId, client, userId);
 
@@ -305,23 +381,16 @@ describe("MatrixClient", function () {
                 [
                     403,
                     { errcode: "M_FORBIDDEN", error: "You don't have permission to knock" },
-                    "[M_FORBIDDEN: MatrixError: [403] You don't have permission to knock]",
-                ],
-                [
-                    500,
-                    { errcode: "INTERNAL_SERVER_ERROR" },
-                    "[INTERNAL_SERVER_ERROR: MatrixError: [500] Unknown message]",
+                    "MatrixError: [403] You don't have permission to knock",
                 ],
+                [500, { errcode: "INTERNAL_SERVER_ERROR" }, "MatrixError: [500] Unknown message"],
             ];
 
             it.each(testCases)("should handle %s error", async (code, { errcode, error }, snapshot) => {
                 httpBackend.when("POST", "/knock/" + encodeURIComponent(roomId)).respond(code, { errcode, error });
 
                 const prom = client.knockRoom(roomId);
-                await Promise.all([
-                    httpBackend.flushAllExpected(),
-                    expect(prom).rejects.toMatchInlineSnapshot(snapshot),
-                ]);
+                await Promise.all([httpBackend.flushAllExpected(), expect(prom).rejects.toThrow(snapshot)]);
             });
         });
     });
@@ -644,126 +713,6 @@ describe("MatrixClient", function () {
         });
     });
 
-    describe("downloadKeys", function () {
-        if (!CRYPTO_ENABLED) {
-            return;
-        }
-
-        beforeEach(function () {
-            // running initLegacyCrypto should trigger a key upload
-            httpBackend.when("POST", "/keys/upload").respond(200, {});
-            return Promise.all([client.initLegacyCrypto(), httpBackend.flush("/keys/upload", 1)]);
-        });
-
-        afterEach(() => {
-            client.stopClient();
-        });
-
-        it("should do an HTTP request and then store the keys", function () {
-            const ed25519key = "7wG2lzAqbjcyEkOP7O4gU7ItYcn+chKzh5sT/5r2l78";
-            // ed25519key = client.getDeviceEd25519Key();
-            const borisKeys = {
-                dev1: {
-                    algorithms: ["1"],
-                    device_id: "dev1",
-                    keys: { "ed25519:dev1": ed25519key },
-                    signatures: {
-                        boris: {
-                            "ed25519:dev1":
-                                "RAhmbNDq1efK3hCpBzZDsKoGSsrHUxb25NW5/WbEV9R" +
-                                "JVwLdP032mg5QsKt/pBDUGtggBcnk43n3nBWlA88WAw",
-                        },
-                    },
-                    unsigned: { abc: "def" },
-                    user_id: "boris",
-                },
-            };
-            const chazKeys = {
-                dev2: {
-                    algorithms: ["2"],
-                    device_id: "dev2",
-                    keys: { "ed25519:dev2": ed25519key },
-                    signatures: {
-                        chaz: {
-                            "ed25519:dev2":
-                                "FwslH/Q7EYSb7swDJbNB5PSzcbEO1xRRBF1riuijqvL" +
-                                "EkrK9/XVN8jl4h7thGuRITQ01siBQnNmMK9t45QfcCQ",
-                        },
-                    },
-                    unsigned: { ghi: "def" },
-                    user_id: "chaz",
-                },
-            };
-
-            /*
-            function sign(o) {
-                var anotherjson = require('another-json');
-                var b = JSON.parse(JSON.stringify(o));
-                delete(b.signatures);
-                delete(b.unsigned);
-                return client.crypto.olmDevice.sign(anotherjson.stringify(b));
-            };
-
-            logger.log("Ed25519: " + ed25519key);
-            logger.log("boris:", sign(borisKeys.dev1));
-            logger.log("chaz:", sign(chazKeys.dev2));
-            */
-
-            httpBackend
-                .when("POST", "/keys/query")
-                .check(function (req) {
-                    expect(req.data).toEqual({
-                        device_keys: {
-                            boris: [],
-                            chaz: [],
-                        },
-                    });
-                })
-                .respond(200, {
-                    device_keys: {
-                        boris: borisKeys,
-                        chaz: chazKeys,
-                    },
-                });
-
-            const prom = client.downloadKeys(["boris", "chaz"]).then(function (res) {
-                assertObjectContains(res.get("boris")!.get("dev1")!, {
-                    verified: 0, // DeviceVerification.UNVERIFIED
-                    keys: { "ed25519:dev1": ed25519key },
-                    algorithms: ["1"],
-                    unsigned: { abc: "def" },
-                });
-
-                assertObjectContains(res.get("chaz")!.get("dev2")!, {
-                    verified: 0, // DeviceVerification.UNVERIFIED
-                    keys: { "ed25519:dev2": ed25519key },
-                    algorithms: ["2"],
-                    unsigned: { ghi: "def" },
-                });
-            });
-
-            httpBackend.flush("");
-            return prom;
-        });
-    });
-
-    describe("deleteDevice", function () {
-        const auth = { identifier: 1 };
-        it("should pass through an auth dict", function () {
-            httpBackend
-                .when("DELETE", "/_matrix/client/v3/devices/my_device")
-                .check(function (req) {
-                    expect(req.data).toEqual({ auth: auth });
-                })
-                .respond(200);
-
-            const prom = client.deleteDevice("my_device", auth);
-
-            httpBackend.flush("");
-            return prom;
-        });
-    });
-
     describe("partitionThreadedEvents", function () {
         let room: Room;
         beforeEach(() => {
@@ -1243,7 +1192,7 @@ describe("MatrixClient", function () {
     describe("logout", () => {
         it("should abort pending requests when called with stopClient=true", async () => {
             httpBackend.when("POST", "/logout").respond(200, {});
-            const fn = jest.fn();
+            const fn = vi.fn();
             client.http.request(Method.Get, "/test").catch(fn);
             client.logout(true);
             await httpBackend.flush(undefined);
@@ -1371,7 +1320,7 @@ describe("MatrixClient", function () {
         });
 
         afterEach(() => {
-            jest.useRealTimers();
+            vi.useRealTimers();
         });
 
         it("should always fetch capabilities and then cache", async () => {
@@ -1442,6 +1391,7 @@ describe("MatrixClient", function () {
     });
 
     describe("publicRooms", () => {
+        // eslint-disable-next-line @vitest/expect-expect
         it("should use GET request if no server or filter is specified", () => {
             httpBackend.when("GET", "/publicRooms").respond(200, {});
             client.publicRooms({});
@@ -1628,52 +1578,9 @@ describe("MatrixClient", function () {
         });
     });
 
-    describe("uploadKeys", () => {
-        // uploadKeys() is a no-op nowadays, so there's not much to test here.
-        it("should complete successfully", async () => {
-            await client.uploadKeys();
-        });
-    });
-
-    describe("getCryptoTrustCrossSignedDevices", () => {
-        it("should throw if e2e is disabled", () => {
-            expect(() => client.getCryptoTrustCrossSignedDevices()).toThrow("End-to-end encryption disabled");
-        });
-
-        it("should proxy to the crypto backend", async () => {
-            const mockBackend = {
-                getTrustCrossSignedDevices: jest.fn().mockReturnValue(true),
-            } as unknown as Mocked<CryptoBackend>;
-            client["cryptoBackend"] = mockBackend;
-
-            expect(client.getCryptoTrustCrossSignedDevices()).toBe(true);
-            mockBackend.getTrustCrossSignedDevices.mockReturnValue(false);
-            expect(client.getCryptoTrustCrossSignedDevices()).toBe(false);
-        });
-    });
-
-    describe("setCryptoTrustCrossSignedDevices", () => {
-        it("should throw if e2e is disabled", () => {
-            expect(() => client.setCryptoTrustCrossSignedDevices(false)).toThrow("End-to-end encryption disabled");
-        });
-
-        it("should proxy to the crypto backend", async () => {
-            const mockBackend = {
-                setTrustCrossSignedDevices: jest.fn(),
-            } as unknown as Mocked<CryptoBackend>;
-            client["cryptoBackend"] = mockBackend;
-
-            client.setCryptoTrustCrossSignedDevices(true);
-            expect(mockBackend.setTrustCrossSignedDevices).toHaveBeenLastCalledWith(true);
-
-            client.setCryptoTrustCrossSignedDevices(false);
-            expect(mockBackend.setTrustCrossSignedDevices).toHaveBeenLastCalledWith(false);
-        });
-    });
-
     describe("setSyncPresence", () => {
         it("should pass calls through to the underlying sync api", () => {
-            const setPresence = jest.fn();
+            const setPresence = vi.fn();
             // @ts-ignore
             client.syncApi = { setPresence };
             client.setSyncPresence(SetPresence.Unavailable);
@@ -1682,6 +1589,7 @@ describe("MatrixClient", function () {
     });
 
     describe("sendTyping", () => {
+        // eslint-disable-next-line @vitest/expect-expect
         it("should bail early for guests", async () => {
             client.setGuest(true);
             await client.sendTyping("!room:server", true, 100);
@@ -1937,6 +1845,28 @@ describe("MatrixClient", function () {
             expect(client.getUserIdLocalpart()).toBe("alice");
         });
     });
+
+    describe("setRoomMutePushRule", () => {
+        // eslint-disable-next-line @vitest/expect-expect
+        it("should set room push rule to muted", async () => {
+            const roomId = "!roomId:server";
+            const client = new MatrixClient({
+                baseUrl: "http://localhost",
+                fetchFn: httpBackend.fetchFn as typeof globalThis.fetch,
+            });
+            client.pushRules = {
+                global: {
+                    room: [{ rule_id: roomId, actions: [], default: false, enabled: false }],
+                },
+            };
+
+            const path = `/pushrules/global/room/${encodeURIComponent(roomId)}`;
+            httpBackend.when("DELETE", path).respond(200, {});
+            httpBackend.when("PUT", path).respond(200, {});
+            client.setRoomMutePushRule("global", roomId, true);
+            await httpBackend.flush("");
+        });
+    });
 });
 
 function withThreadId(event: MatrixEvent, newThreadId: string): MatrixEvent {
@@ -2197,11 +2127,3 @@ const buildEventCreate = () =>
         type: "m.room.create",
         unsigned: { age: 80126105 },
     });
-
-function assertObjectContains(obj: Record<string, any>, expected: any): void {
-    for (const k in expected) {
-        if (expected.hasOwnProperty(k)) {
-            expect(obj[k]).toEqual(expected[k]);
-        }
-    }
-}

spec/integ/matrix-client-opts.spec.ts

@@ -5,7 +5,7 @@ import { ClientEvent, MatrixClient } from "../../src/matrix";
 import { MatrixScheduler } from "../../src/scheduler";
 import { MemoryStore } from "../../src/store/memory";
 import { MatrixError } from "../../src/http-api";
-import { IStore } from "../../src/store";
+import { type IStore } from "../../src/store";
 import { KnownMembership } from "../../src/@types/membership";
 
 describe("MatrixClient opts", function () {
@@ -159,7 +159,7 @@ describe("MatrixClient opts", function () {
 
             await expect(
                 Promise.all([client.sendTextMessage("!foo:bar", "a body", "txn1"), httpBackend.flush("/txn1", 1)]),
-            ).rejects.toThrow("MatrixError: [500] Unknown message");
+            ).rejects.toThrow("MatrixError: [500] Ruh roh");
         });
 
         it("shouldn't queue events", async () => {
@@ -205,4 +205,109 @@ describe("MatrixClient opts", function () {
             expect(res.event_id).toEqual("foo");
         });
     });
+
+    describe("with opts.queryParams", function () {
+        let client: MatrixClient;
+        let httpBackend: HttpBackend;
+        const userId = "@rsb-tbg:localhost";
+
+        beforeEach(function () {
+            httpBackend = new HttpBackend();
+            client = new MatrixClient({
+                fetchFn: httpBackend.fetchFn as typeof globalThis.fetch,
+                store: new MemoryStore() as IStore,
+                baseUrl: baseUrl,
+                userId: userId,
+                accessToken: accessToken,
+                queryParams: { user_id: userId },
+            });
+        });
+
+        afterEach(function () {
+            client.stopClient();
+            httpBackend.verifyNoOutstandingExpectation();
+            return httpBackend.stop();
+        });
+
+        it("should include queryParams in matrix server requests", async () => {
+            const eventId = "$test:event";
+            httpBackend
+                .when("PUT", "/txn1")
+                .check((req) => {
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, {
+                    event_id: eventId,
+                });
+
+            const [res] = await Promise.all([
+                client.sendTextMessage("!foo:bar", "test message", "txn1"),
+                httpBackend.flush("/txn1", 1),
+            ]);
+
+            expect(res.event_id).toEqual(eventId);
+        });
+
+        it("should include queryParams in sync requests", async () => {
+            httpBackend
+                .when("GET", "/versions")
+                .check((req) => {
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, {});
+
+            httpBackend
+                .when("GET", "/pushrules")
+                .check((req) => {
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, {});
+
+            httpBackend
+                .when("POST", "/filter")
+                .check((req) => {
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, { filter_id: "foo" });
+
+            httpBackend
+                .when("GET", "/sync")
+                .check((req) => {
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, syncData);
+
+            client.startClient();
+            await httpBackend.flush("/versions", 1);
+            await httpBackend.flush("/pushrules", 1);
+            await httpBackend.flush("/filter", 1);
+            await Promise.all([httpBackend.flush("/sync", 1), utils.syncPromise(client)]);
+        });
+
+        it("should merge queryParams with request-specific params", async () => {
+            const eventId = "$test:event";
+            httpBackend
+                .when("PUT", "/txn1")
+                .check((req) => {
+                    // Should contain both global queryParams and request-specific params
+                    expect(req.path).toContain(`user_id=${encodeURIComponent(userId)}`);
+                    return true;
+                })
+                .respond(200, {
+                    event_id: eventId,
+                });
+
+            const [res] = await Promise.all([
+                client.sendTextMessage("!foo:bar", "test message", "txn1"),
+                httpBackend.flush("/txn1", 1),
+            ]);
+
+            expect(res.event_id).toEqual(eventId);
+        });
+    });
 });

spec/integ/matrix-client-relations.spec.ts

@@ -15,9 +15,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import HttpBackend from "matrix-mock-request";
-
-import { Direction, MatrixClient, MatrixScheduler } from "../../src/matrix";
+import type HttpBackend from "matrix-mock-request";
+import { Direction, type MatrixClient, MatrixScheduler } from "../../src/matrix";
 import { TestClient } from "../TestClient";
 
 describe("MatrixClient relations", () => {

spec/integ/matrix-client-retrying.spec.ts

@@ -14,9 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import HttpBackend from "matrix-mock-request";
-
-import { EventStatus, MatrixClient, MatrixScheduler, MsgType, RoomEvent } from "../../src/matrix";
+import type HttpBackend from "matrix-mock-request";
+import { EventStatus, type MatrixClient, MatrixScheduler, MsgType, RoomEvent } from "../../src/matrix";
 import { Room } from "../../src/models/room";
 import { TestClient } from "../TestClient";
 

spec/integ/matrix-client-room-timeline.spec.ts

@@ -14,20 +14,19 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import HttpBackend from "matrix-mock-request";
-
+import type HttpBackend from "matrix-mock-request";
 import * as utils from "../test-utils/test-utils";
 import { EventStatus } from "../../src/models/event";
 import {
     MatrixError,
     ClientEvent,
-    IEvent,
-    MatrixClient,
+    type IEvent,
+    type MatrixClient,
     RoomEvent,
-    ISyncResponse,
-    IMinimalEvent,
-    IRoomEvent,
-    Room,
+    type ISyncResponse,
+    type IMinimalEvent,
+    type IRoomEvent,
+    type Room,
 } from "../../src";
 import { TestClient } from "../TestClient";
 import { KnownMembership } from "../../src/@types/membership";
@@ -721,7 +720,7 @@ describe("MatrixClient room timelines", function () {
                     } else {
                         reject(new Error("TestError: Timed out while waiting for `RoomEvent.TimelineReset` to fire."));
                     }
-                }, 4000 /* FIXME: Is there a way to reference the current timeout of this test in Jest? */);
+                }, 4000 /* FIXME: Is there a way to reference the current timeout of this test in Vitest? */);
 
                 room.on(RoomEvent.TimelineReset, async () => {
                     try {

spec/integ/matrix-client-syncing-errors.spec.ts

@@ -15,9 +15,9 @@ limitations under the License.
 */
 
 import "fake-indexeddb/auto";
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 
-import { MatrixClient, ClientEvent, createClient, SyncState } from "../../src";
+import { type MatrixClient, ClientEvent, createClient, SyncState } from "../../src";
 
 const makeQueryablePromise = <T = void>(promise: Promise<T>) => {
     let resolved = false;
@@ -83,8 +83,7 @@ describe("MatrixClient syncing errors", () => {
     });
 
     it("should retry, until errors are solved.", async () => {
-        jest.useFakeTimers();
-        fetchMock.config.overwriteRoutes = false;
+        vi.useFakeTimers();
         fetchMock
             .getOnce("end:versions", {}) // first version check without credentials needs to succeed
             .getOnce("end:versions", 429) // second version check fails with 429 triggering another retry
@@ -105,19 +104,18 @@ describe("MatrixClient syncing errors", () => {
 
         await client!.startClient();
         expect(await syncEvents[0].promise).toBe(SyncState.Error);
-        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
+        vi.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
         expect(await syncEvents[1].promise).toBe(SyncState.Error);
-        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
+        vi.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
         expect(await syncEvents[2].promise).toBe(SyncState.Prepared);
-        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
+        vi.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
         expect(await syncEvents[3].promise).toBe(SyncState.Syncing);
-        jest.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
+        vi.advanceTimersByTime(60 * 1000); // this will skip forward to trigger the keepAlive/sync
         expect(await syncEvents[4].promise).toBe(SyncState.Syncing);
     });
 
     it("should stop sync keep alive when client is stopped.", async () => {
-        jest.useFakeTimers();
-        fetchMock.config.overwriteRoutes = false;
+        vi.useFakeTimers();
         fetchMock
             .get("end:capabilities", {})
             .getOnce("end:versions", {}) // first version check without credentials needs to succeed
@@ -146,9 +144,9 @@ describe("MatrixClient syncing errors", () => {
 
         const syntState = await firstSyncEvent.promise;
         expect(syntState).toBe(SyncState.Error);
-        jest.runAllTimers(); // this will skip forward to trigger the keepAlive
+        vi.runAllTimers(); // this will skip forward to trigger the keepAlive
 
-        jest.useRealTimers(); // we need real timer for the setTimout below to work
+        vi.useRealTimers(); // we need real timer for the setTimout below to work
 
         const timeoutPromise = makeQueryablePromise(new Promise<void>((res) => setTimeout(res, 1)));
 

spec/integ/matrix-client-syncing.spec.ts

@@ -16,8 +16,7 @@ limitations under the License.
 
 import "fake-indexeddb/auto";
 
-import HttpBackend from "matrix-mock-request";
-
+import type HttpBackend from "matrix-mock-request";
 import {
     EventTimeline,
     MatrixEvent,
@@ -25,16 +24,15 @@ import {
     RoomStateEvent,
     RoomMemberEvent,
     UNSTABLE_MSC2716_MARKER,
-    MatrixClient,
+    type MatrixClient,
     ClientEvent,
-    IndexedDBCryptoStore,
-    ISyncResponse,
-    IRoomEvent,
-    IJoinedRoom,
-    IStateEvent,
-    IMinimalEvent,
+    type ISyncResponse,
+    type IRoomEvent,
+    type IJoinedRoom,
+    type IStateEvent,
+    type IMinimalEvent,
     NotificationCountType,
-    IEphemeral,
+    type IEphemeral,
     Room,
     IndexedDBStore,
     RelationType,
@@ -47,9 +45,16 @@ import * as utils from "../test-utils/test-utils";
 import { TestClient } from "../TestClient";
 import { emitPromise, mkEvent, mkMessage } from "../test-utils/test-utils";
 import { THREAD_RELATION_TYPE } from "../../src/models/thread";
-import { IActionsObject } from "../../src/pushprocessor";
+import { type IActionsObject } from "../../src/pushprocessor";
 import { KnownMembership } from "../../src/@types/membership";
 
+declare module "../../src/@types/event" {
+    interface AccountDataEvents {
+        a: {};
+        b: {};
+    }
+}
+
 describe("MatrixClient syncing", () => {
     const selfUserId = "@alice:localhost";
     const selfAccessToken = "aseukfgwef";
@@ -89,6 +94,7 @@ describe("MatrixClient syncing", () => {
             presence: {},
         };
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("should /sync after /pushrules and /filter.", async () => {
             httpBackend!.when("GET", "/sync").respond(200, syncData);
 
@@ -112,7 +118,7 @@ describe("MatrixClient syncing", () => {
         });
 
         it("should emit RoomEvent.MyMembership for invite->leave->invite cycles", async () => {
-            await client!.initLegacyCrypto();
+            await client!.initRustCrypto();
 
             const roomId = "!cycles:example.org";
 
@@ -227,7 +233,7 @@ describe("MatrixClient syncing", () => {
         });
 
         it("should emit RoomEvent.MyMembership for knock->leave->knock cycles", async () => {
-            await client!.initLegacyCrypto();
+            await client!.initRustCrypto();
 
             const roomId = "!cycles:example.org";
 
@@ -496,7 +502,7 @@ describe("MatrixClient syncing", () => {
                 })
                 .respond(200, syncData);
 
-            client!.store.getSavedSyncToken = jest.fn().mockResolvedValue("this-is-a-token");
+            client!.store.getSavedSyncToken = vi.fn().mockResolvedValue("this-is-a-token");
             client!.startClient({ initialSyncLimit: 1 });
 
             return httpBackend!.flushAllExpected();
@@ -989,7 +995,7 @@ describe("MatrixClient syncing", () => {
                     roomVersion: "org.matrix.msc2716v3",
                 },
             ].forEach((testMeta) => {
-                // eslint-disable-next-line jest/valid-title
+                // eslint-disable-next-line @vitest/valid-title
                 describe(testMeta.label, () => {
                     const roomCreateEvent = utils.mkEvent({
                         type: "m.room.create",
@@ -1830,7 +1836,7 @@ describe("MatrixClient syncing", () => {
             await Promise.all([httpBackend!.flushAllExpected(), awaitSyncEvent()]);
 
             const room = client!.getRoom(roomOne);
-            room!.hasEncryptionStateEvent = jest.fn().mockReturnValue(true);
+            room!.hasEncryptionStateEvent = vi.fn().mockReturnValue(true);
 
             expect(room!.getThreadUnreadNotificationCount(THREAD_ID, NotificationCountType.Total)).toBe(5);
 
@@ -2514,7 +2520,7 @@ describe("MatrixClient syncing", () => {
             const eventB2 = new MatrixEvent({ type: "b", content: { body: "2" } });
 
             client!.store.storeAccountDataEvents([eventA1, eventB1]);
-            const fn = jest.fn();
+            const fn = vi.fn();
             client!.on(ClientEvent.AccountData, fn);
 
             httpBackend!.when("GET", "/sync").respond(200, {
@@ -2564,16 +2570,15 @@ describe("MatrixClient syncing (IndexedDB version)", () => {
     };
 
     it("should emit ClientEvent.Room when invited while using indexeddb crypto store", async () => {
-        const idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken, undefined, {
-            cryptoStore: new IndexedDBCryptoStore(globalThis.indexedDB, "tests"),
-        });
+        // rust crypto uses by default indexeddb
+        const idbTestClient = new TestClient(selfUserId, "DEVICE", selfAccessToken);
         const idbHttpBackend = idbTestClient.httpBackend;
         const idbClient = idbTestClient.client;
         idbHttpBackend.when("GET", "/versions").respond(200, {});
         idbHttpBackend.when("GET", "/pushrules/").respond(200, {});
         idbHttpBackend.when("POST", "/filter").respond(200, { filter_id: "a filter id" });
 
-        await idbClient.initLegacyCrypto();
+        await idbClient.initRustCrypto();
 
         const roomId = "!invite:example.org";
 

spec/integ/matrix-client-unread-notifications.spec.ts

@@ -16,14 +16,13 @@ limitations under the License.
 
 import "fake-indexeddb/auto";
 
-import HttpBackend from "matrix-mock-request";
-
+import type HttpBackend from "matrix-mock-request";
 import {
     Category,
     ClientEvent,
     EventType,
-    ISyncResponse,
-    MatrixClient,
+    type ISyncResponse,
+    type MatrixClient,
     MatrixEvent,
     NotificationCountType,
     RelationType,
@@ -63,7 +62,7 @@ describe("Notification count fixing", () => {
 
         client!.startClient({ threadSupport: true });
         const room = new Room(roomId, client!, selfUserId);
-        jest.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
+        vi.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
 
         const event = new MatrixEvent({
             room_id: roomId,
@@ -78,7 +77,7 @@ describe("Notification count fixing", () => {
             },
         });
 
-        jest.spyOn(event, "getPushActions").mockReturnValue({
+        vi.spyOn(event, "getPushActions").mockReturnValue({
             notify: true,
             tweaks: {},
         });
@@ -124,7 +123,7 @@ describe("MatrixClient syncing", () => {
         ]);
 
         const room = new Room(roomId, client!, selfUserId);
-        jest.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
+        vi.spyOn(client!, "getRoom").mockImplementation((id) => (id === roomId ? room : null));
 
         const thread = mkThread({ room, client: client!, authorId: selfUserId, participantUserIds: [selfUserId] });
         const threadReply = thread.events.at(-1)!;
@@ -144,7 +143,7 @@ describe("MatrixClient syncing", () => {
 
         const reactionEventId = `$9-${Math.random()}-${Math.random()}`;
         let lastEvent: MatrixEvent | null = null;
-        jest.spyOn(client! as any, "sendEventHttpRequest").mockImplementation((event) => {
+        vi.spyOn(client! as any, "sendEventHttpRequest").mockImplementation((event) => {
             lastEvent = event as MatrixEvent;
             return { event_id: reactionEventId };
         });
@@ -196,7 +195,7 @@ describe("MatrixClient syncing", () => {
                 })
                 .respond(200, syncData);
 
-            client!.store.getSavedSyncToken = jest.fn().mockResolvedValue("this-is-a-token");
+            client!.store.getSavedSyncToken = vi.fn().mockResolvedValue("this-is-a-token");
             client!.startClient({ initialSyncLimit: 1 });
 
             await httpBackend!.flushAllExpected();

spec/integ/rendezvous/MSC4108SignInWithQR.spec.ts

@@ -14,9 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { QrCodeData, QrCodeMode } from "@matrix-org/matrix-sdk-crypto-wasm";
-import { mocked } from "jest-mock";
-import fetchMock from "fetch-mock-jest";
+import { QrCodeData, QrCodeIntent } from "@matrix-org/matrix-sdk-crypto-wasm";
+import fetchMock from "@fetch-mock/vitest";
 
 import {
     MSC4108FailureReason,
@@ -26,22 +25,21 @@ import {
     PayloadType,
     RendezvousError,
 } from "../../../src/rendezvous";
-import { defer } from "../../../src/utils";
 import {
     ClientPrefix,
     DEVICE_CODE_SCOPE,
-    IHttpOpts,
-    IMyDevice,
-    MatrixClient,
+    type IHttpOpts,
+    type IMyDevice,
+    type MatrixClient,
     MatrixError,
     MatrixHttpApi,
 } from "../../../src";
-import { mockOpenIdConfiguration } from "../../test-utils/oidc";
+import { makeDelegatedAuthConfig } from "../../test-utils/oidc";
 
 function makeMockClient(opts: { userId: string; deviceId: string; msc4108Enabled: boolean }): MatrixClient {
     const baseUrl = "https://example.com";
     const crypto = {
-        exportSecretsForQrLogin: jest.fn(),
+        exportSecretsForQrLogin: vi.fn(),
     };
     const client = {
         doesServerSupportUnstableFeature(feature: string) {
@@ -55,9 +53,9 @@ function makeMockClient(opts: { userId: string; deviceId: string; msc4108Enabled
         },
         baseUrl,
         getDomain: () => "example.com",
-        getDevice: jest.fn(),
-        getCrypto: jest.fn(() => crypto),
-        getAuthIssuer: jest.fn().mockResolvedValue({ issuer: "https://issuer/" }),
+        getDevice: vi.fn(),
+        getCrypto: vi.fn(() => crypto),
+        getAuthMetadata: vi.fn().mockResolvedValue(makeDelegatedAuthConfig("https://issuer/", [DEVICE_CODE_SCOPE])),
     } as unknown as MatrixClient;
     client.http = new MatrixHttpApi<IHttpOpts & { onlyData: true }>(client, {
         baseUrl: client.baseUrl,
@@ -69,10 +67,6 @@ function makeMockClient(opts: { userId: string; deviceId: string; msc4108Enabled
 
 describe("MSC4108SignInWithQR", () => {
     beforeEach(() => {
-        fetchMock.get(
-            "https://issuer/.well-known/openid-configuration",
-            mockOpenIdConfiguration("https://issuer/", [DEVICE_CODE_SCOPE]),
-        );
         fetchMock.get("https://issuer/jwks", {
             status: 200,
             headers: {
@@ -82,10 +76,6 @@ describe("MSC4108SignInWithQR", () => {
         });
     });
 
-    afterEach(() => {
-        fetchMock.reset();
-    });
-
     const url = "https://fallbackserver/rz/123";
     const deviceId = "DEADB33F";
     const verificationUri = "https://example.com/verify";
@@ -116,17 +106,17 @@ describe("MSC4108SignInWithQR", () => {
         let opponentLogin: MSC4108SignInWithQR;
 
         beforeEach(async () => {
-            let ourData = defer<string>();
-            let opponentData = defer<string>();
+            let ourData = Promise.withResolvers<string>();
+            let opponentData = Promise.withResolvers<string>();
 
             const ourMockSession = {
-                send: jest.fn(async (newData) => {
+                send: vi.fn(async (newData) => {
                     ourData.resolve(newData);
                 }),
-                receive: jest.fn(() => {
+                receive: vi.fn(() => {
                     const prom = opponentData.promise;
                     prom.then(() => {
-                        opponentData = defer();
+                        opponentData = Promise.withResolvers();
                     });
                     return prom;
                 }),
@@ -139,13 +129,13 @@ describe("MSC4108SignInWithQR", () => {
                 },
             } as unknown as MSC4108RendezvousSession;
             const opponentMockSession = {
-                send: jest.fn(async (newData) => {
+                send: vi.fn(async (newData) => {
                     opponentData.resolve(newData);
                 }),
-                receive: jest.fn(() => {
+                receive: vi.fn(() => {
                     const prom = ourData.promise;
                     prom.then(() => {
-                        ourData = defer();
+                        ourData = Promise.withResolvers();
                     });
                     return prom;
                 }),
@@ -156,7 +146,7 @@ describe("MSC4108SignInWithQR", () => {
 
             const ourChannel = new MSC4108SecureChannel(ourMockSession);
             const qrCodeData = QrCodeData.fromBytes(
-                await ourChannel.generateCode(QrCodeMode.Reciprocate, client.getDomain()!),
+                await ourChannel.generateCode(QrCodeIntent.Reciprocate, client.getDomain()!),
             );
             const opponentChannel = new MSC4108SecureChannel(opponentMockSession, qrCodeData.publicKey);
 
@@ -176,7 +166,7 @@ describe("MSC4108SignInWithQR", () => {
         it("should be able to connect with opponent and share verificationUri", async () => {
             await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
 
-            mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
+            vi.mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
 
             await Promise.all([
                 expect(ourLogin.deviceAuthorizationGrant()).resolves.toEqual({
@@ -199,7 +189,7 @@ describe("MSC4108SignInWithQR", () => {
         it("should abort if device already exists", async () => {
             await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
 
-            mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
+            vi.mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
 
             await Promise.all([
                 expect(ourLogin.deviceAuthorizationGrant()).rejects.toThrow("Specified device ID already exists"),
@@ -249,12 +239,12 @@ describe("MSC4108SignInWithQR", () => {
             // @ts-ignore
             await opponentLogin.receive();
 
-            mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
+            vi.mocked(client.getDevice).mockResolvedValue({} as IMyDevice);
 
             const secrets = {
                 cross_signing: { master_key: "mk", user_signing_key: "usk", self_signing_key: "ssk" },
             };
-            client.getCrypto()!.exportSecretsBundle = jest.fn().mockResolvedValue(secrets);
+            client.getCrypto()!.exportSecretsBundle = vi.fn().mockResolvedValue(secrets);
 
             const payload = {
                 secrets: expect.objectContaining(secrets),
@@ -266,13 +256,13 @@ describe("MSC4108SignInWithQR", () => {
         });
 
         it("should abort if device doesn't come up by timeout", async () => {
-            jest.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
+            vi.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
                 fn();
                 // TODO: mock timers properly
                 return -1 as any;
             });
-            jest.spyOn(Date, "now").mockImplementation(() => {
-                return 12345678 + mocked(setTimeout).mock.calls.length * 1000;
+            vi.spyOn(Date, "now").mockImplementation(() => {
+                return 12345678 + vi.mocked(setTimeout).mock.calls.length * 1000;
             });
 
             await Promise.all([ourLogin.negotiateProtocols(), opponentLogin.negotiateProtocols()]);
@@ -285,7 +275,7 @@ describe("MSC4108SignInWithQR", () => {
             await opponentLogin.send({
                 type: PayloadType.Success,
             });
-            mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
+            vi.mocked(client.getDevice).mockRejectedValue(new MatrixError({ errcode: "M_NOT_FOUND" }, 404));
 
             const ourProm = ourLogin.shareSecrets();
             await expect(ourProm).rejects.toThrow("New device not found");
@@ -302,7 +292,7 @@ describe("MSC4108SignInWithQR", () => {
             await opponentLogin.send({
                 type: PayloadType.Success,
             });
-            mocked(client.getDevice).mockRejectedValue(
+            vi.mocked(client.getDevice).mockRejectedValue(
                 new MatrixError({ errcode: "M_UNKNOWN", error: "The message" }, 500),
             );
 
@@ -319,7 +309,7 @@ describe("MSC4108SignInWithQR", () => {
         });
 
         it("should not send secrets if user cancels", async () => {
-            jest.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
+            vi.spyOn(globalThis, "setTimeout").mockImplementation((fn) => {
                 fn();
                 // TODO: mock timers properly
                 return -1 as any;
@@ -338,16 +328,16 @@ describe("MSC4108SignInWithQR", () => {
             // @ts-ignore
             await opponentLogin.receive();
 
-            const deferred = defer<IMyDevice>();
-            mocked(client.getDevice).mockReturnValue(deferred.promise);
+            const deviceResolvers = Promise.withResolvers<IMyDevice>();
+            vi.mocked(client.getDevice).mockReturnValue(deviceResolvers.promise);
 
             ourLogin.cancel(MSC4108FailureReason.UserCancelled).catch(() => {});
-            deferred.resolve({} as IMyDevice);
+            deviceResolvers.resolve({} as IMyDevice);
 
             const secrets = {
                 cross_signing: { master_key: "mk", user_signing_key: "usk", self_signing_key: "ssk" },
             };
-            client.getCrypto()!.exportSecretsBundle = jest.fn().mockResolvedValue(secrets);
+            client.getCrypto()!.exportSecretsBundle = vi.fn().mockResolvedValue(secrets);
 
             await Promise.all([
                 expect(ourProm).rejects.toThrow("User cancelled"),

spec/integ/sliding-sync-sdk.spec.ts

@@ -15,56 +15,70 @@ limitations under the License.
 */
 
 // eslint-disable-next-line no-restricted-imports
-import MockHttpBackend from "matrix-mock-request";
 import { fail } from "assert";
 
-import { SlidingSync, SlidingSyncEvent, MSC3575RoomData, SlidingSyncState, Extension } from "../../src/sliding-sync";
-import { TestClient } from "../TestClient";
-import { IRoomEvent, IStateEvent } from "../../src";
+import type MockHttpBackend from "matrix-mock-request";
 import {
-    MatrixClient,
-    MatrixEvent,
+    SlidingSync,
+    SlidingSyncEvent,
+    type MSC3575RoomData,
+    SlidingSyncState,
+    type Extension,
+} from "../../src/sliding-sync";
+import { TestClient } from "../TestClient";
+import { type IContent, type IRoomEvent, type IStateEvent } from "../../src";
+import {
+    type MatrixClient,
+    type MatrixEvent,
     NotificationCountType,
     JoinRule,
     MatrixError,
     EventType,
-    IPushRules,
+    type IPushRules,
     PushRuleKind,
     TweakName,
     ClientEvent,
     RoomMemberEvent,
     RoomEvent,
-    Room,
-    IRoomTimelineData,
+    type Room,
+    type IRoomTimelineData,
 } from "../../src";
 import { SlidingSyncSdk } from "../../src/sliding-sync-sdk";
-import { SyncApiOptions, SyncState } from "../../src/sync";
-import { IStoredClientOpts } from "../../src";
+import { type SyncApiOptions, SyncState } from "../../src/sync";
+import { type IStoredClientOpts } from "../../src";
 import { logger } from "../../src/logger";
 import { emitPromise } from "../test-utils/test-utils";
-import { defer } from "../../src/utils";
 import { KnownMembership } from "../../src/@types/membership";
+import { type SyncCryptoCallbacks } from "../../src/common-crypto/CryptoBackend";
+
+declare module "../../src/@types/event" {
+    interface AccountDataEvents {
+        global_test: {};
+        tester: {};
+    }
+}
 
 describe("SlidingSyncSdk", () => {
     let client: MatrixClient | undefined;
     let httpBackend: MockHttpBackend | undefined;
     let sdk: SlidingSyncSdk | undefined;
     let mockSlidingSync: SlidingSync | undefined;
+    let syncCryptoCallback: SyncCryptoCallbacks | undefined;
     const selfUserId = "@alice:localhost";
     const selfAccessToken = "aseukfgwef";
 
     const mockifySlidingSync = (s: SlidingSync): SlidingSync => {
-        s.getListParams = jest.fn();
-        s.getListData = jest.fn();
-        s.getRoomSubscriptions = jest.fn();
-        s.modifyRoomSubscriptionInfo = jest.fn();
-        s.modifyRoomSubscriptions = jest.fn();
-        s.registerExtension = jest.fn();
-        s.setList = jest.fn();
-        s.setListRanges = jest.fn();
-        s.start = jest.fn();
-        s.stop = jest.fn();
-        s.resend = jest.fn();
+        s.getListParams = vi.fn();
+        s.getListData = vi.fn();
+        s.getRoomSubscriptions = vi.fn();
+        s.modifyRoomSubscriptionInfo = vi.fn();
+        s.modifyRoomSubscriptions = vi.fn();
+        s.registerExtension = vi.fn();
+        s.setList = vi.fn();
+        s.setListRanges = vi.fn();
+        s.start = vi.fn();
+        s.stop = vi.fn();
+        s.resend = vi.fn();
         return s;
     };
 
@@ -97,7 +111,7 @@ describe("SlidingSyncSdk", () => {
             expect(m.getType()).toEqual(want[i].type);
             expect(m.getSender()).toEqual(want[i].sender);
             expect(m.getId()).toEqual(want[i].event_id);
-            expect(m.getContent()).toEqual(want[i].content);
+            expect(m.getContent<IContent>()).toEqual(want[i].content);
             expect(m.getTs()).toEqual(want[i].origin_server_ts);
             if (want[i].unsigned) {
                 expect(m.getUnsigned()).toEqual(want[i].unsigned);
@@ -112,15 +126,16 @@ describe("SlidingSyncSdk", () => {
     // assign client/httpBackend globals
     const setupClient = async (testOpts?: Partial<IStoredClientOpts & { withCrypto: boolean }>) => {
         testOpts = testOpts || {};
-        const syncOpts: SyncApiOptions = {};
+        const syncOpts: SyncApiOptions = { logger };
         const testClient = new TestClient(selfUserId, "DEVICE", selfAccessToken);
         httpBackend = testClient.httpBackend;
         client = testClient.client;
         mockSlidingSync = mockifySlidingSync(new SlidingSync("", new Map(), {}, client, 0));
         if (testOpts.withCrypto) {
             httpBackend!.when("GET", "/room_keys/version").respond(404, {});
-            await client!.initLegacyCrypto();
-            syncOpts.cryptoCallbacks = syncOpts.crypto = client!.crypto;
+            await client!.initRustCrypto({ useIndexedDB: false });
+            syncCryptoCallback = client!.getCrypto() as unknown as SyncCryptoCallbacks;
+            syncOpts.cryptoCallbacks = syncCryptoCallback;
         }
         httpBackend!.when("GET", "/_matrix/client/v3/pushrules").respond(200, {});
         sdk = new SlidingSyncSdk(mockSlidingSync, client, testOpts, syncOpts);
@@ -135,7 +150,7 @@ describe("SlidingSyncSdk", () => {
     // find an extension on a SlidingSyncSdk instance
     const findExtension = (name: string): Extension<any, any> => {
         expect(mockSlidingSync!.registerExtension).toHaveBeenCalled();
-        const mockFn = mockSlidingSync!.registerExtension as jest.Mock;
+        const mockFn = vi.mocked(mockSlidingSync!.registerExtension);
         // find the extension
         for (let i = 0; i < mockFn.mock.calls.length; i++) {
             const calledExtension = mockFn.mock.calls[i][0] as Extension<any, any>;
@@ -353,7 +368,7 @@ describe("SlidingSyncSdk", () => {
             });
 
             it("can be created with live events", async () => {
-                const seenLiveEventDeferred = defer<boolean>();
+                const seenLiveEventDeferred = Promise.withResolvers<boolean>();
                 const listener = (
                     ev: MatrixEvent,
                     room?: Room,
@@ -633,43 +648,38 @@ describe("SlidingSyncSdk", () => {
             ext = findExtension("e2ee");
         });
 
-        afterAll(async () => {
-            // needed else we do some async operations in the background which can cause Jest to whine:
-            // "Cannot log after tests are done. Did you forget to wait for something async in your test?"
-            // Attempted to log "Saving device tracking data null"."
-            client!.crypto!.stop();
-        });
-
-        it("gets enabled on the initial request only", () => {
-            expect(ext.onRequest(true)).toEqual({
+        it("gets enabled all the time", async () => {
+            expect(await ext.onRequest(true)).toEqual({
+                enabled: true,
+            });
+            expect(await ext.onRequest(false)).toEqual({
                 enabled: true,
             });
-            expect(ext.onRequest(false)).toEqual(undefined);
         });
 
         it("can update device lists", () => {
-            client!.crypto!.processDeviceLists = jest.fn();
+            syncCryptoCallback!.processDeviceLists = vi.fn();
             ext.onResponse({
                 device_lists: {
                     changed: ["@alice:localhost"],
                     left: ["@bob:localhost"],
                 },
             });
-            expect(client!.crypto!.processDeviceLists).toHaveBeenCalledWith({
+            expect(syncCryptoCallback!.processDeviceLists).toHaveBeenCalledWith({
                 changed: ["@alice:localhost"],
                 left: ["@bob:localhost"],
             });
         });
 
         it("can update OTK counts and unused fallback keys", () => {
-            client!.crypto!.processKeyCounts = jest.fn();
+            syncCryptoCallback!.processKeyCounts = vi.fn();
             ext.onResponse({
                 device_one_time_keys_count: {
                     signed_curve25519: 42,
                 },
                 device_unused_fallback_key_types: ["signed_curve25519"],
             });
-            expect(client!.crypto!.processKeyCounts).toHaveBeenCalledWith({ signed_curve25519: 42 }, [
+            expect(syncCryptoCallback!.processKeyCounts).toHaveBeenCalledWith({ signed_curve25519: 42 }, [
                 "signed_curve25519",
             ]);
         });
@@ -686,11 +696,13 @@ describe("SlidingSyncSdk", () => {
             ext = findExtension("account_data");
         });
 
-        it("gets enabled on the initial request only", () => {
-            expect(ext.onRequest(true)).toEqual({
+        it("gets enabled all the time", async () => {
+            expect(await ext.onRequest(true)).toEqual({
+                enabled: true,
+            });
+            expect(await ext.onRequest(false)).toEqual({
                 enabled: true,
             });
-            expect(ext.onRequest(false)).toEqual(undefined);
         });
 
         it("processes global account data", async () => {
@@ -710,7 +722,7 @@ describe("SlidingSyncSdk", () => {
             });
             globalData = client!.getAccountData(globalType)!;
             expect(globalData).toBeTruthy();
-            expect(globalData.getContent()).toEqual(globalContent);
+            expect(globalData.getContent<IContent>()).toEqual(globalContent);
         });
 
         it("processes rooms account data", async () => {
@@ -745,7 +757,7 @@ describe("SlidingSyncSdk", () => {
             expect(room).toBeTruthy();
             const event = room.getAccountData(roomType)!;
             expect(event).toBeTruthy();
-            expect(event.getContent()).toEqual(roomContent);
+            expect(event.getContent<IContent>()).toEqual(roomContent);
         });
 
         it("doesn't crash for unknown room account data", async () => {
@@ -814,8 +826,12 @@ describe("SlidingSyncSdk", () => {
             ext = findExtension("to_device");
         });
 
-        it("gets enabled with a limit on the initial request only", () => {
-            const reqJson: any = ext.onRequest(true);
+        it("gets enabled all the time", async () => {
+            let reqJson: any = await ext.onRequest(true);
+            expect(reqJson.enabled).toEqual(true);
+            expect(reqJson.limit).toBeGreaterThan(0);
+            expect(reqJson.since).toBeUndefined();
+            reqJson = await ext.onRequest(false);
             expect(reqJson.enabled).toEqual(true);
             expect(reqJson.limit).toBeGreaterThan(0);
             expect(reqJson.since).toBeUndefined();
@@ -826,11 +842,12 @@ describe("SlidingSyncSdk", () => {
                 next_batch: "12345",
                 events: [],
             });
-            expect(ext.onRequest(false)).toEqual({
+            expect(await ext.onRequest(false)).toMatchObject({
                 since: "12345",
             });
         });
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("can handle missing fields", async () => {
             ext.onResponse({
                 next_batch: "23456",
@@ -845,7 +862,7 @@ describe("SlidingSyncSdk", () => {
             };
             let called = false;
             client!.once(ClientEvent.ToDeviceEvent, (ev) => {
-                expect(ev.getContent()).toEqual(toDeviceContent);
+                expect(ev.getContent<IContent>()).toEqual(toDeviceContent);
                 expect(ev.getType()).toEqual(toDeviceType);
                 called = true;
             });
@@ -910,11 +927,13 @@ describe("SlidingSyncSdk", () => {
             ext = findExtension("typing");
         });
 
-        it("gets enabled on the initial request only", () => {
-            expect(ext.onRequest(true)).toEqual({
+        it("gets enabled all the time", async () => {
+            expect(await ext.onRequest(true)).toEqual({
+                enabled: true,
+            });
+            expect(await ext.onRequest(false)).toEqual({
                 enabled: true,
             });
-            expect(ext.onRequest(false)).toEqual(undefined);
         });
 
         it("processes typing notifications", async () => {
@@ -1033,11 +1052,13 @@ describe("SlidingSyncSdk", () => {
             ext = findExtension("receipts");
         });
 
-        it("gets enabled on the initial request only", () => {
-            expect(ext.onRequest(true)).toEqual({
+        it("gets enabled all the time", async () => {
+            expect(await ext.onRequest(true)).toEqual({
+                enabled: true,
+            });
+            expect(await ext.onRequest(false)).toEqual({
                 enabled: true,
             });
-            expect(ext.onRequest(false)).toEqual(undefined);
         });
 
         it("processes receipts", async () => {
@@ -1075,6 +1096,7 @@ describe("SlidingSyncSdk", () => {
             expect(receipt?.data.thread_id).toBeFalsy();
         });
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("gracefully handles missing rooms when receiving receipts", async () => {
             const roomId = "!room:id";
             const alice = "@alice:alice";

spec/integ/sliding-sync.spec.ts

@@ -15,21 +15,20 @@ limitations under the License.
 */
 
 // eslint-disable-next-line no-restricted-imports
-import EventEmitter from "events";
-import MockHttpBackend from "matrix-mock-request";
-
+import type EventEmitter from "events";
+import type MockHttpBackend from "matrix-mock-request";
 import {
     SlidingSync,
     SlidingSyncState,
     ExtensionState,
     SlidingSyncEvent,
-    Extension,
-    SlidingSyncEventHandlerMap,
-    MSC3575RoomData,
+    type Extension,
+    type SlidingSyncEventHandlerMap,
+    type MSC3575RoomData,
 } from "../../src/sliding-sync";
 import { TestClient } from "../TestClient";
 import { logger } from "../../src/logger";
-import { MatrixClient } from "../../src";
+import { type MatrixClient } from "../../src";
 
 /**
  * Tests for sliding sync. These tests are broken down into sub-tests which are reliant upon one another.
@@ -42,7 +41,7 @@ describe("SlidingSync", () => {
     const selfUserId = "@alice:localhost";
     const selfAccessToken = "aseukfgwef";
     const proxyBaseUrl = "http://localhost:8008";
-    const syncUrl = proxyBaseUrl + "/_matrix/client/unstable/org.matrix.msc3575/sync";
+    const syncUrl = proxyBaseUrl + "/_matrix/client/unstable/org.matrix.simplified_msc3575/sync";
 
     // assign client/httpBackend globals
     const setupClient = () => {
@@ -83,6 +82,7 @@ describe("SlidingSync", () => {
             await p;
         });
 
+        // eslint-disable-next-line @vitest/expect-expect
         it("should stop the sync loop upon calling stop()", () => {
             slidingSync.stop();
             httpBackend!.verifyNoOutstandingExpectation();
@@ -104,8 +104,8 @@ describe("SlidingSync", () => {
             };
             const ext: Extension<any, any> = {
                 name: () => "custom_extension",
-                onRequest: (initial) => {
-                    return { initial: initial };
+                onRequest: async (_) => {
+                    return { initial: true };
                 },
                 onResponse: async (res) => {
                     return;
@@ -144,18 +144,16 @@ describe("SlidingSync", () => {
                 });
             await httpBackend!.flushAllExpected();
 
-            // expect nothing but ranges and non-initial extensions to be sent
+            // expect all params to be sent TODO: check MSC4186
             httpBackend!
                 .when("POST", syncUrl)
                 .check(function (req) {
                     const body = req.data;
                     logger.debug("got ", body);
                     expect(body.room_subscriptions).toBeFalsy();
-                    expect(body.lists["a"]).toEqual({
-                        ranges: [[0, 10]],
-                    });
+                    expect(body.lists["a"]).toEqual(listInfo);
                     expect(body.extensions).toBeTruthy();
-                    expect(body.extensions["custom_extension"]).toEqual({ initial: false });
+                    expect(body.extensions["custom_extension"]).toEqual({ initial: true });
                     expect(req.queryParams!["pos"]).toEqual("11");
                 })
                 .respond(200, function () {
@@ -333,6 +331,7 @@ describe("SlidingSync", () => {
             await p;
         });
 
+        // TODO: this does not exist in MSC4186
         it("should be able to unsubscribe from a room", async () => {
             httpBackend!
                 .when("POST", syncUrl)
@@ -390,18 +389,19 @@ describe("SlidingSync", () => {
             [3, 5],
         ];
 
+        // request first 3 rooms
+        const listReq = {
+            ranges: [[0, 2]],
+            sort: ["by_name"],
+            timeline_limit: 1,
+            required_state: [["m.room.topic", ""]],
+            filters: {
+                is_dm: true,
+            },
+        };
+
         let slidingSync: SlidingSync;
         it("should be possible to subscribe to a list", async () => {
-            // request first 3 rooms
-            const listReq = {
-                ranges: [[0, 2]],
-                sort: ["by_name"],
-                timeline_limit: 1,
-                required_state: [["m.room.topic", ""]],
-                filters: {
-                    is_dm: true,
-                },
-            };
             slidingSync = new SlidingSync(proxyBaseUrl, new Map([["a", listReq]]), {}, client!, 1);
             httpBackend!
                 .when("POST", syncUrl)
@@ -453,11 +453,6 @@ describe("SlidingSync", () => {
             expect(slidingSync.getListData("b")).toBeNull();
             const syncData = slidingSync.getListData("a")!;
             expect(syncData.joinedCount).toEqual(500); // from previous test
-            expect(syncData.roomIndexToRoomId).toEqual({
-                0: roomA,
-                1: roomB,
-                2: roomC,
-            });
         });
 
         it("should be possible to adjust list ranges", async () => {
@@ -468,10 +463,9 @@ describe("SlidingSync", () => {
                     const body = req.data;
                     logger.log("next ranges", body.lists["a"].ranges);
                     expect(body.lists).toBeTruthy();
-                    expect(body.lists["a"]).toEqual({
-                        // only the ranges should be sent as the rest are unchanged and sticky
-                        ranges: newRanges,
-                    });
+                    // list range should be changed
+                    listReq.ranges = newRanges;
+                    expect(body.lists["a"]).toEqual(listReq); // resend all values TODO: check MSC4186
                 })
                 .respond(200, {
                     pos: "b",
@@ -496,7 +490,9 @@ describe("SlidingSync", () => {
             await httpBackend!.flushAllExpected();
             await responseProcessed;
             // setListRanges for an invalid list key returns an error
-            await expect(slidingSync.setListRanges("idontexist", newRanges)).rejects.toBeTruthy();
+            expect(() => {
+                slidingSync.setListRanges("idontexist", newRanges);
+            }).toThrow();
         });
 
         it("should be possible to add an extra list", async () => {
@@ -514,10 +510,7 @@ describe("SlidingSync", () => {
                     const body = req.data;
                     logger.log("extra list", body);
                     expect(body.lists).toBeTruthy();
-                    expect(body.lists["a"]).toEqual({
-                        // only the ranges should be sent as the rest are unchanged and sticky
-                        ranges: newRanges,
-                    });
+                    expect(body.lists["a"]).toEqual(listReq); // resend all values TODO: check MSC4186
                     expect(body.lists["b"]).toEqual(extraListReq);
                 })
                 .respond(200, {
@@ -538,16 +531,6 @@ describe("SlidingSync", () => {
                         },
                     },
                 });
-            listenUntil(slidingSync, "SlidingSync.List", (listKey, joinedCount, roomIndexToRoomId) => {
-                expect(listKey).toEqual("b");
-                expect(joinedCount).toEqual(50);
-                expect(roomIndexToRoomId).toEqual({
-                    0: roomA,
-                    1: roomB,
-                    2: roomC,
-                });
-                return true;
-            });
             const responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
                 return state === SlidingSyncState.Complete;
             });
@@ -555,706 +538,6 @@ describe("SlidingSync", () => {
             await httpBackend!.flushAllExpected();
             await responseProcessed;
         });
-
-        it("should be possible to get list DELETE/INSERTs", async () => {
-            // move C (2) to A (0)
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "e",
-                lists: {
-                    a: {
-                        count: 500,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 2,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 0,
-                                room_id: roomC,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            let listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(500);
-                    expect(roomIndexToRoomId).toEqual({
-                        0: roomC,
-                        1: roomA,
-                        2: roomB,
-                    });
-                    return true;
-                },
-            );
-            let responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-
-            // move C (0) back to A (2)
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "f",
-                lists: {
-                    a: {
-                        count: 500,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 0,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 2,
-                                room_id: roomC,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            listPromise = listenUntil(slidingSync, "SlidingSync.List", (listKey, joinedCount, roomIndexToRoomId) => {
-                expect(listKey).toEqual("a");
-                expect(joinedCount).toEqual(500);
-                expect(roomIndexToRoomId).toEqual({
-                    0: roomA,
-                    1: roomB,
-                    2: roomC,
-                });
-                return true;
-            });
-            responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-        });
-
-        it("should ignore invalid list indexes", async () => {
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "e",
-                lists: {
-                    a: {
-                        count: 500,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 2324324,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            const listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(500);
-                    expect(roomIndexToRoomId).toEqual({
-                        0: roomA,
-                        1: roomB,
-                        2: roomC,
-                    });
-                    return true;
-                },
-            );
-            const responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-        });
-
-        it("should be possible to update a list", async () => {
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "g",
-                lists: {
-                    a: {
-                        count: 42,
-                        ops: [
-                            {
-                                op: "INVALIDATE",
-                                range: [0, 2],
-                            },
-                            {
-                                op: "SYNC",
-                                range: [0, 1],
-                                room_ids: [roomB, roomC],
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            // update the list with a new filter
-            slidingSync.setList("a", {
-                filters: {
-                    is_encrypted: true,
-                },
-                ranges: [[0, 100]],
-            });
-            const listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(42);
-                    expect(roomIndexToRoomId).toEqual({
-                        0: roomB,
-                        1: roomC,
-                    });
-                    return true;
-                },
-            );
-            const responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-        });
-
-        // this refers to a set of operations where the end result is no change.
-        it("should handle net zero operations correctly", async () => {
-            const indexToRoomId = {
-                0: roomB,
-                1: roomC,
-            };
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual(indexToRoomId);
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "f",
-                // currently the list is [B,C] so we will insert D then immediately delete it
-                lists: {
-                    a: {
-                        count: 500,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 2,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 0,
-                                room_id: roomA,
-                            },
-                            {
-                                op: "DELETE",
-                                index: 0,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            const listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(500);
-                    expect(roomIndexToRoomId).toEqual(indexToRoomId);
-                    return true;
-                },
-            );
-            const responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-        });
-
-        it("should handle deletions correctly", async () => {
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({
-                0: roomB,
-                1: roomC,
-            });
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "g",
-                lists: {
-                    a: {
-                        count: 499,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 0,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            const listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(499);
-                    expect(roomIndexToRoomId).toEqual({
-                        0: roomC,
-                    });
-                    return true;
-                },
-            );
-            const responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-        });
-
-        it("should handle insertions correctly", async () => {
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({
-                0: roomC,
-            });
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "h",
-                lists: {
-                    a: {
-                        count: 500,
-                        ops: [
-                            {
-                                op: "INSERT",
-                                index: 1,
-                                room_id: roomA,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            let listPromise = listenUntil(
-                slidingSync,
-                "SlidingSync.List",
-                (listKey, joinedCount, roomIndexToRoomId) => {
-                    expect(listKey).toEqual("a");
-                    expect(joinedCount).toEqual(500);
-                    expect(roomIndexToRoomId).toEqual({
-                        0: roomC,
-                        1: roomA,
-                    });
-                    return true;
-                },
-            );
-            let responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "h",
-                lists: {
-                    a: {
-                        count: 501,
-                        ops: [
-                            {
-                                op: "INSERT",
-                                index: 1,
-                                room_id: roomB,
-                            },
-                        ],
-                    },
-                    b: {
-                        count: 50,
-                    },
-                },
-            });
-            listPromise = listenUntil(slidingSync, "SlidingSync.List", (listKey, joinedCount, roomIndexToRoomId) => {
-                expect(listKey).toEqual("a");
-                expect(joinedCount).toEqual(501);
-                expect(roomIndexToRoomId).toEqual({
-                    0: roomC,
-                    1: roomB,
-                    2: roomA,
-                });
-                return true;
-            });
-            responseProcessed = listenUntil(slidingSync, "SlidingSync.Lifecycle", (state) => {
-                return state === SlidingSyncState.Complete;
-            });
-            await httpBackend!.flushAllExpected();
-            await responseProcessed;
-            await listPromise;
-            slidingSync.stop();
-        });
-
-        // Regression test to make sure things like DELETE 0 INSERT 0 work correctly and we don't
-        // end up losing room IDs.
-        it("should handle insertions with a spurious DELETE correctly", async () => {
-            slidingSync = new SlidingSync(
-                proxyBaseUrl,
-                new Map([
-                    [
-                        "a",
-                        {
-                            ranges: [[0, 20]],
-                        },
-                    ],
-                ]),
-                {},
-                client!,
-                1,
-            );
-            // initially start with nothing
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "a",
-                lists: {
-                    a: {
-                        count: 0,
-                        ops: [],
-                    },
-                },
-            });
-            slidingSync.start();
-            await httpBackend!.flushAllExpected();
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({});
-
-            // insert a room
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "b",
-                lists: {
-                    a: {
-                        count: 1,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 0,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 0,
-                                room_id: roomA,
-                            },
-                        ],
-                    },
-                },
-            });
-            await httpBackend!.flushAllExpected();
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({
-                0: roomA,
-            });
-
-            // insert another room
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "c",
-                lists: {
-                    a: {
-                        count: 1,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 1,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 0,
-                                room_id: roomB,
-                            },
-                        ],
-                    },
-                },
-            });
-            await httpBackend!.flushAllExpected();
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({
-                0: roomB,
-                1: roomA,
-            });
-
-            // insert a final room
-            httpBackend!.when("POST", syncUrl).respond(200, {
-                pos: "c",
-                lists: {
-                    a: {
-                        count: 1,
-                        ops: [
-                            {
-                                op: "DELETE",
-                                index: 2,
-                            },
-                            {
-                                op: "INSERT",
-                                index: 0,
-                                room_id: roomC,
-                            },
-                        ],
-                    },
-                },
-            });
-            await httpBackend!.flushAllExpected();
-            expect(slidingSync.getListData("a")!.roomIndexToRoomId).toEqual({
-                0: roomC,
-                1: roomB,
-                2: roomA,
-            });
-            slidingSync.stop();
-        });
-    });
-
-    describe("transaction IDs", () => {
-        beforeAll(setupClient);
-        afterAll(teardownClient);
-        const roomId = "!foo:bar";
-
-        let slidingSync: SlidingSync;
-
-        // really this applies to them all but it's easier to just test one
-        it("should resolve modifyRoomSubscriptions after SlidingSync.start() is called", async () => {
-            const roomSubInfo = {
-                timeline_limit: 1,
-                required_state: [["m.room.name", ""]],
-            };
-            // add the subscription
-            slidingSync = new SlidingSync(proxyBaseUrl, new Map(), roomSubInfo, client!, 1);
-            // modification before SlidingSync.start()
-            const subscribePromise = slidingSync.modifyRoomSubscriptions(new Set([roomId]));
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(function (req) {
-                    const body = req.data;
-                    logger.debug("got ", body);
-                    expect(body.room_subscriptions).toBeTruthy();
-                    expect(body.room_subscriptions[roomId]).toEqual(roomSubInfo);
-                    expect(body.txn_id).toBeTruthy();
-                    txnId = body.txn_id;
-                })
-                .respond(200, function () {
-                    return {
-                        pos: "aaa",
-                        txn_id: txnId,
-                        lists: {},
-                        extensions: {},
-                        rooms: {
-                            [roomId]: {
-                                name: "foo bar",
-                                required_state: [],
-                                timeline: [],
-                            },
-                        },
-                    };
-                });
-            slidingSync.start();
-            await httpBackend!.flushAllExpected();
-            await subscribePromise;
-        });
-        it("should resolve setList during a connection", async () => {
-            const newList = {
-                ranges: [[0, 20]],
-            };
-            const promise = slidingSync.setList("a", newList);
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(function (req) {
-                    const body = req.data;
-                    logger.debug("got ", body);
-                    expect(body.room_subscriptions).toBeFalsy();
-                    expect(body.lists["a"]).toEqual(newList);
-                    expect(body.txn_id).toBeTruthy();
-                    txnId = body.txn_id;
-                })
-                .respond(200, function () {
-                    return {
-                        pos: "bbb",
-                        txn_id: txnId,
-                        lists: { a: { count: 5 } },
-                        extensions: {},
-                    };
-                });
-            await httpBackend!.flushAllExpected();
-            await promise;
-            expect(txnId).toBeDefined();
-        });
-        it("should resolve setListRanges during a connection", async () => {
-            const promise = slidingSync.setListRanges("a", [[20, 40]]);
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(function (req) {
-                    const body = req.data;
-                    logger.debug("got ", body);
-                    expect(body.room_subscriptions).toBeFalsy();
-                    expect(body.lists["a"]).toEqual({
-                        ranges: [[20, 40]],
-                    });
-                    expect(body.txn_id).toBeTruthy();
-                    txnId = body.txn_id;
-                })
-                .respond(200, function () {
-                    return {
-                        pos: "ccc",
-                        txn_id: txnId,
-                        lists: { a: { count: 5 } },
-                        extensions: {},
-                    };
-                });
-            await httpBackend!.flushAllExpected();
-            await promise;
-            expect(txnId).toBeDefined();
-        });
-        it("should resolve modifyRoomSubscriptionInfo during a connection", async () => {
-            const promise = slidingSync.modifyRoomSubscriptionInfo({
-                timeline_limit: 99,
-            });
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(function (req) {
-                    const body = req.data;
-                    logger.debug("got ", body);
-                    expect(body.room_subscriptions).toBeTruthy();
-                    expect(body.room_subscriptions[roomId]).toEqual({
-                        timeline_limit: 99,
-                    });
-                    expect(body.txn_id).toBeTruthy();
-                    txnId = body.txn_id;
-                })
-                .respond(200, function () {
-                    return {
-                        pos: "ddd",
-                        txn_id: txnId,
-                        extensions: {},
-                    };
-                });
-            await httpBackend!.flushAllExpected();
-            await promise;
-            expect(txnId).toBeDefined();
-        });
-        it("should reject earlier pending promises if a later transaction is acknowledged", async () => {
-            // i.e if we have [A,B,C] and see txn_id=C then A,B should be rejected.
-            const gotTxnIds: any[] = [];
-            const pushTxn = function (req: MockHttpBackend["requests"][0]) {
-                gotTxnIds.push(req.data.txn_id);
-            };
-            const failPromise = slidingSync.setListRanges("a", [[20, 40]]);
-            httpBackend!.when("POST", syncUrl).check(pushTxn).respond(200, { pos: "e" }); // missing txn_id
-            await httpBackend!.flushAllExpected();
-            const failPromise2 = slidingSync.setListRanges("a", [[60, 70]]);
-            httpBackend!.when("POST", syncUrl).check(pushTxn).respond(200, { pos: "f" }); // missing txn_id
-            await httpBackend!.flushAllExpected();
-
-            const okPromise = slidingSync.setListRanges("a", [[0, 20]]);
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check((req) => {
-                    txnId = req.data.txn_id;
-                })
-                .respond(200, () => {
-                    // include the txn_id, earlier requests should now be reject()ed.
-                    return {
-                        pos: "g",
-                        txn_id: txnId,
-                    };
-                });
-            await Promise.all([
-                expect(failPromise).rejects.toEqual(gotTxnIds[0]),
-                expect(failPromise2).rejects.toEqual(gotTxnIds[1]),
-                httpBackend!.flushAllExpected(),
-                okPromise,
-            ]);
-
-            expect(txnId).toBeDefined();
-        });
-        it("should not reject later pending promises if an earlier transaction is acknowledged", async () => {
-            // i.e if we have [A,B,C] and see txn_id=B then C should not be rejected but A should.
-            const gotTxnIds: any[] = [];
-            const pushTxn = function (req: MockHttpBackend["requests"][0]) {
-                gotTxnIds.push(req.data?.txn_id);
-            };
-            const A = slidingSync.setListRanges("a", [[20, 40]]);
-            httpBackend!.when("POST", syncUrl).check(pushTxn).respond(200, { pos: "A" });
-            await httpBackend!.flushAllExpected();
-            const B = slidingSync.setListRanges("a", [[60, 70]]);
-            httpBackend!.when("POST", syncUrl).check(pushTxn).respond(200, { pos: "B" }); // missing txn_id
-            await httpBackend!.flushAllExpected();
-
-            // attach rejection handlers now else if we do it later Jest treats that as an unhandled rejection
-            // which is a fail.
-
-            const C = slidingSync.setListRanges("a", [[0, 20]]);
-            let pendingC = true;
-            C.finally(() => {
-                pendingC = false;
-            });
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(pushTxn)
-                .respond(200, () => {
-                    // include the txn_id for B, so C's promise is outstanding
-                    return {
-                        pos: "C",
-                        txn_id: gotTxnIds[1],
-                    };
-                });
-            await Promise.all([
-                expect(A).rejects.toEqual(gotTxnIds[0]),
-                httpBackend!.flushAllExpected(),
-                // A is rejected, see above
-                expect(B).resolves.toEqual(gotTxnIds[1]), // B is resolved
-            ]);
-            expect(pendingC).toBe(true); // C is pending still
-        });
-        it("should do nothing for unknown txn_ids", async () => {
-            const promise = slidingSync.setListRanges("a", [[20, 40]]);
-            let pending = true;
-            promise.finally(() => {
-                pending = false;
-            });
-            let txnId: string | undefined;
-            httpBackend!
-                .when("POST", syncUrl)
-                .check(function (req) {
-                    const body = req.data;
-                    logger.debug("got ", body);
-                    expect(body.room_subscriptions).toBeFalsy();
-                    expect(body.lists["a"]).toEqual({
-                        ranges: [[20, 40]],
-                    });
-                    expect(body.txn_id).toBeTruthy();
-                    txnId = body.txn_id;
-                })
-                .respond(200, function () {
-                    return {
-                        pos: "ccc",
-                        txn_id: "bogus transaction id",
-                        lists: { a: { count: 5 } },
-                        extensions: {},
-                    };
-                });
-            await httpBackend!.flushAllExpected();
-            expect(txnId).toBeDefined();
-            expect(pending).toBe(true);
-            slidingSync.stop();
-        });
     });
 
     describe("custom room subscriptions", () => {
@@ -1544,7 +827,7 @@ describe("SlidingSync", () => {
 
         const extPre: Extension<any, any> = {
             name: () => preExtName,
-            onRequest: (initial) => {
+            onRequest: async (initial) => {
                 return onPreExtensionRequest(initial);
             },
             onResponse: (res) => {
@@ -1554,7 +837,7 @@ describe("SlidingSync", () => {
         };
         const extPost: Extension<any, any> = {
             name: () => postExtName,
-            onRequest: (initial) => {
+            onRequest: async (initial) => {
                 return onPostExtensionRequest(initial);
             },
             onResponse: (res) => {
@@ -1569,7 +852,7 @@ describe("SlidingSync", () => {
 
             const callbackOrder: string[] = [];
             let extensionOnResponseCalled = false;
-            onPreExtensionRequest = () => {
+            onPreExtensionRequest = async () => {
                 return extReq;
             };
             onPreExtensionResponse = async (resp) => {
@@ -1609,7 +892,7 @@ describe("SlidingSync", () => {
         });
 
         it("should be able to send nothing in an extension request/response", async () => {
-            onPreExtensionRequest = () => {
+            onPreExtensionRequest = async () => {
                 return undefined;
             };
             let responseCalled = false;
@@ -1644,7 +927,7 @@ describe("SlidingSync", () => {
 
         it("is possible to register extensions after start() has been called", async () => {
             slidingSync.registerExtension(extPost);
-            onPostExtensionRequest = () => {
+            onPostExtensionRequest = async () => {
                 return extReq;
             };
             let responseCalled = false;

spec/olm-loader.ts

@@ -1,27 +0,0 @@
-/*
-Copyright 2017 Vector creations Ltd
-Copyright 2019 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import { logger } from "../src/logger";
-
-// try to load the olm library.
-try {
-    // eslint-disable-next-line @typescript-eslint/no-require-imports
-    globalThis.Olm = require("@matrix-org/olm");
-    logger.log("loaded libolm");
-} catch (e) {
-    logger.warn("unable to run crypto tests: libolm not available", e);
-}

spec/setupTests.ts

@@ -14,8 +14,22 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-jest.mock("../src/http-api/utils", () => ({
-    ...jest.requireActual("../src/http-api/utils"),
+import fetchMock, { manageFetchMockGlobally } from "@fetch-mock/vitest";
+
+vi.mock("../src/http-api/utils", async () => ({
+    ...(await vi.importActual("../src/http-api/utils")),
     // We mock timeoutSignal otherwise it causes tests to leave timers running
     timeoutSignal: () => new AbortController().signal,
 }));
+
+manageFetchMockGlobally();
+
+beforeEach(() => {
+    fetchMock.hardReset();
+    fetchMock.mockGlobal();
+});
+
+// Don't make test fail too soon due to timeouts while debugging.
+if (process.env.VSCODE_INSPECTOR_OPTIONS) {
+    vi.setConfig({ testTimeout: 60 * 1000 * 5 }); // 5 minutes
+}

spec/test-utils/AccountDataAccumulator.ts

@@ -14,85 +14,110 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 
-import { ISyncResponder } from "./SyncResponder";
+import { type ISyncResponder } from "./SyncResponder";
 
 /**
- *  An object which intercepts `account_data` get and set requests via fetch-mock.
+ * An object which intercepts `account_data` get and set requests via fetch-mock.
+ *
+ * To use this, call {@link interceptSetAccountData} for each type of account date that should be handled. The updated
+ * account data will be stored in {@link accountDataEvents}; it will also trigger a sync response echoing the updated
+ * data.
+ *
+ * Optionally, you can also call {@link interceptGetAccountData}.
  */
 export class AccountDataAccumulator {
     /**
      * The account data events to be returned by the sync.
      * Will be updated when fetchMock intercepts calls to PUT `/_matrix/client/v3/user/:userId/account_data/`.
-     * Will be used by `sendSyncResponseWithUpdatedAccountData`
      */
     public accountDataEvents: Map<string, any> = new Map();
 
+    public constructor(private syncResponder: ISyncResponder) {}
+
+    private accountDataResolvers = new Map<string, PromiseWithResolvers<any>>();
+    private setInterceptRunning = false;
+
     /**
-     * Intercept requests to set a particular type of account data.
+     * Intercept setting of account data.
      *
      * Once it is set, its data is stored (for future return by `interceptGetAccountData` etc) and the resolved promise is
      * resolved.
      *
-     * @param accountDataType - type of account data to be intercepted
-     * @param opts - options to pass to fetchMock
      * @returns a Promise which will resolve (with the content of the account data) once it is set.
      */
-    public interceptSetAccountData(
-        accountDataType: string,
-        opts?: Parameters<(typeof fetchMock)["put"]>[2],
-    ): Promise<any> {
-        return new Promise((resolve) => {
-            // Called when the cross signing key is uploaded
-            fetchMock.put(
-                `express:/_matrix/client/v3/user/:userId/account_data/${accountDataType}`,
-                (url: string, options: RequestInit) => {
-                    const content = JSON.parse(options.body as string);
-                    const type = url.split("/").pop();
-                    // update account data for sync response
-                    this.accountDataEvents.set(type!, content);
-                    resolve(content);
-                    return {};
-                },
-                opts,
-            );
+    public interceptSetAccountData(): void {
+        if (this.setInterceptRunning) return;
+        this.setInterceptRunning = true;
+
+        fetchMock.put(`express:/_matrix/client/v3/user/:userId/account_data/:type`, (callLog) => {
+            const content = JSON.parse(callLog.options.body as string);
+            const type = callLog.url.split("/").pop();
+            // update account data for sync response
+            this.accountDataEvents.set(type!, content);
+
+            this.accountDataResolvers.get(type!)?.resolve(content);
+            if (!this.accountDataResolvers.delete(type!)) {
+                // Check for a wildcard matcher
+                for (const [key, resolver] of this.accountDataResolvers) {
+                    if (key.endsWith("*") && type?.startsWith(key.slice(0, -1))) {
+                        resolver.resolve(content);
+                        this.accountDataResolvers.delete(key);
+                    }
+                }
+            }
+
+            // return a sync response
+            this.sendSyncResponseWithUpdatedAccountData();
+            return {};
         });
     }
 
+    /**
+     * Wait for a particular type of account data.
+     *
+     * Once it is set, its data is stored (for future return by `interceptGetAccountData` etc) and the resolved promise is
+     * resolved.
+     *
+     * @returns a Promise which will resolve (with the content of the account data) once it is set.
+     */
+    public waitForAccountData(type: string): Promise<any> {
+        const resolvers = Promise.withResolvers<any>();
+        this.accountDataResolvers.set(type, resolvers);
+        this.interceptSetAccountData();
+        return resolvers.promise;
+    }
+
     /**
      * Intercept all requests to get account data
      */
     public interceptGetAccountData(): void {
-        fetchMock.get(
-            `express:/_matrix/client/v3/user/:userId/account_data/:type`,
-            (url) => {
-                const type = url.split("/").pop();
-                const existing = this.accountDataEvents.get(type!);
-                if (existing) {
-                    // return it
-                    return {
-                        status: 200,
-                        body: existing,
-                    };
-                } else {
-                    // 404
-                    return {
-                        status: 404,
-                        body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
-                    };
-                }
-            },
-            { overwriteRoutes: true },
-        );
+        fetchMock.get(`express:/_matrix/client/v3/user/:userId/account_data/:type`, (callLog) => {
+            const type = callLog.url.split("/").pop();
+            const existing = this.accountDataEvents.get(type!);
+            if (existing) {
+                // return it
+                return {
+                    status: 200,
+                    body: existing,
+                };
+            } else {
+                // 404
+                return {
+                    status: 404,
+                    body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
+                };
+            }
+        });
     }
 
     /**
      * Send a sync response the current account data events.
      */
-    public sendSyncResponseWithUpdatedAccountData(syncResponder: ISyncResponder): void {
+    private sendSyncResponseWithUpdatedAccountData(): void {
         try {
-            syncResponder.sendOrQueueSyncResponse({
+            this.syncResponder.sendOrQueueSyncResponse({
                 next_batch: 1,
                 account_data: {
                     events: Array.from(this.accountDataEvents, ([type, content]) => ({

spec/test-utils/E2EKeyReceiver.ts

@@ -14,11 +14,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import debugFunc from "debug";
-import { Debugger } from "debug";
-import fetchMock from "fetch-mock-jest";
+import debugFunc, { type Debugger } from "debug";
+import fetchMock from "@fetch-mock/vitest";
 
 import type { IDeviceKeys, IOneTimeKey } from "../../src/@types/crypto";
+import type { CrossSigningKeys, ISignedKey, KeySignatures } from "../../src";
+import type { CrossSigningKeyInfo } from "../../src/crypto-api";
 
 /** Interface implemented by classes that intercept `/keys/upload` requests from test clients to catch the uploaded keys
  *
@@ -55,28 +56,53 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
     private readonly debug: Debugger;
 
     private deviceKeys: IDeviceKeys | null = null;
+    private crossSigningKeys: CrossSigningKeys | null = null;
     private oneTimeKeys: Record<string, IOneTimeKey> = {};
     private readonly oneTimeKeysPromise: Promise<void>;
 
     /**
      * Construct a new E2EKeyReceiver.
      *
-     * It will immediately register an intercept of `/keys/uploads` requests for the given homeserverUrl.
-     * Only /upload requests made to this server will be intercepted: this allows a single test to use more than one
+     * It will immediately register an intercept of [`/keys/upload`][1], [`/keys/signatures/upload`][2] and
+     * [`/keys/device_signing/upload`][3] requests for the given homeserverUrl.
+     * Only requests made to this server will be intercepted: this allows a single test to use more than one
      * client and have the keys collected separately.
      *
-     * @param homeserverUrl - the Homeserver Url of the client under test.
+     * [1]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keysupload
+     * [2]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keyssignaturesupload
+     * [3]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keysdevice_signingupload
+     *
+     * @param homeserverUrl - The Homeserver Url of the client under test.
+     * @param routeNamePrefix - An optional prefix to add to the fetchmock route names. Required if there is more than
+     *    one E2EKeyReceiver instance active.
      */
-    public constructor(homeserverUrl: string) {
+    public constructor(homeserverUrl: string, routeNamePrefix: string = "") {
         this.debug = debugFunc(`e2e-key-receiver:[${homeserverUrl}]`);
 
         // set up a listener for /keys/upload.
         this.oneTimeKeysPromise = new Promise((resolveOneTimeKeys) => {
-            const listener = (url: string, options: RequestInit) =>
-                this.onKeyUploadRequest(resolveOneTimeKeys, options);
-
-            fetchMock.post(new URL("/_matrix/client/v3/keys/upload", homeserverUrl).toString(), listener);
+            fetchMock.post(
+                new URL("/_matrix/client/v3/keys/upload", homeserverUrl).toString(),
+                (callLog) => this.onKeyUploadRequest(resolveOneTimeKeys, callLog.options),
+                { name: routeNamePrefix + "keys-upload" },
+            );
         });
+
+        fetchMock.post(
+            new URL("/_matrix/client/v3/keys/signatures/upload", homeserverUrl).toString(),
+            (callLog) => this.onSignaturesUploadRequest(callLog.options),
+            {
+                name: routeNamePrefix + "upload-sigs",
+            },
+        );
+
+        fetchMock.post(
+            new URL("/_matrix/client/v3/keys/device_signing/upload", homeserverUrl).toString(),
+            (callLog) => this.onSigningKeyUploadRequest(callLog.options),
+            {
+                name: routeNamePrefix + "upload-cross-signing-keys",
+            },
+        );
     }
 
     private async onKeyUploadRequest(onOnTimeKeysUploaded: () => void, options: RequestInit): Promise<object> {
@@ -87,8 +113,10 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
             if (this.deviceKeys) {
                 throw new Error("Application attempted to upload E2E device keys multiple times");
             }
-            this.debug(`received device keys`);
             this.deviceKeys = content.device_keys;
+            this.debug(
+                `received device keys for user ID ${this.deviceKeys!.user_id}, device ID ${this.deviceKeys!.device_id}`,
+            );
         }
 
         if (content.one_time_keys && Object.keys(content.one_time_keys).length > 0) {
@@ -113,6 +141,47 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
         };
     }
 
+    private async onSignaturesUploadRequest(request: RequestInit): Promise<object> {
+        const content = JSON.parse(request.body as string) as KeySignatures;
+        for (const [userId, userKeys] of Object.entries(content)) {
+            for (const [deviceId, signedKey] of Object.entries(userKeys)) {
+                this.onDeviceSignatureUpload(userId, deviceId, signedKey);
+            }
+        }
+
+        return {};
+    }
+
+    private onDeviceSignatureUpload(userId: string, deviceId: string, signedKey: CrossSigningKeyInfo | ISignedKey) {
+        if (!this.deviceKeys || userId != this.deviceKeys.user_id || deviceId != this.deviceKeys.device_id) {
+            this.debug(
+                `Ignoring device key signature upload for unknown device user ID ${userId}, device ID ${deviceId}`,
+            );
+            return;
+        }
+
+        this.debug(`received device key signature for user ID ${userId}, device ID ${deviceId}`);
+        this.deviceKeys.signatures ??= {};
+        for (const [signingUser, signatures] of Object.entries(signedKey.signatures!)) {
+            this.deviceKeys.signatures[signingUser] = Object.assign(
+                this.deviceKeys.signatures[signingUser] ?? {},
+                signatures,
+            );
+        }
+    }
+
+    private async onSigningKeyUploadRequest(request: RequestInit): Promise<object> {
+        const content = JSON.parse(request.body as string);
+        if (this.crossSigningKeys) {
+            throw new Error("Application attempted to upload E2E cross-signing keys multiple times");
+        }
+        this.debug(`received cross-signing keys`);
+        // Remove UIA data
+        delete content["auth"];
+        this.crossSigningKeys = content;
+        return {};
+    }
+
     /** Get the uploaded Ed25519 key
      *
      * If device keys have not yet been uploaded, throws an error
@@ -150,6 +219,13 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
         return this.deviceKeys;
     }
 
+    /**
+     * If cross-signing keys have been uploaded, return them. Else return null.
+     */
+    public getUploadedCrossSigningKeys(): CrossSigningKeys | null {
+        return this.crossSigningKeys;
+    }
+
     /**
      * If one-time keys have already been uploaded, return them. Otherwise,
      * set up an expectation that the keys will be uploaded, and wait for
@@ -161,4 +237,18 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
         await this.oneTimeKeysPromise;
         return this.oneTimeKeys;
     }
+
+    /**
+     * If no one-time keys have yet been uploaded, return `null`.
+     * Otherwise, pop a key from the uploaded list.
+     */
+    public getOneTimeKey(): [string, IOneTimeKey] | null {
+        const keys = Object.entries(this.oneTimeKeys);
+        if (keys.length == 0) {
+            return null;
+        }
+        const [otkId, otk] = keys[0];
+        delete this.oneTimeKeys[otkId];
+        return [otkId, otk];
+    }
 }

spec/test-utils/E2EKeyResponder.ts

@@ -14,12 +14,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 
 import { MapWithDefault } from "../../src/utils";
-import { IDownloadKeyResult } from "../../src";
-import { IDeviceKeys } from "../../src/@types/crypto";
-import { E2EKeyReceiver } from "./E2EKeyReceiver";
+import { type IDownloadKeyResult, type SigningKeys } from "../../src";
+import { type IDeviceKeys } from "../../src/@types/crypto";
+import { type E2EKeyReceiver } from "./E2EKeyReceiver";
 
 /**
  * An object which intercepts `/keys/query` fetches via fetch-mock.
@@ -42,26 +42,23 @@ export class E2EKeyResponder {
      */
     public constructor(homeserverUrl: string) {
         // set up a listener for /keys/query.
-        const listener = (url: string, options: RequestInit) => this.onKeyQueryRequest(options);
-        fetchMock.post(new URL("/_matrix/client/v3/keys/query", homeserverUrl).toString(), listener);
+        fetchMock.post(new URL("/_matrix/client/v3/keys/query", homeserverUrl).toString(), (callLog) =>
+            this.onKeyQueryRequest(callLog.options),
+        );
     }
 
     private onKeyQueryRequest(options: RequestInit) {
         const content = JSON.parse(options.body as string);
         const usersToReturn = Object.keys(content["device_keys"]);
         const response = {
-            device_keys: {} as { [userId: string]: any },
-            master_keys: {} as { [userId: string]: any },
-            self_signing_keys: {} as { [userId: string]: any },
-            user_signing_keys: {} as { [userId: string]: any },
-            failures: {} as { [serverName: string]: any },
-        };
+            device_keys: {},
+            master_keys: {},
+            self_signing_keys: {},
+            user_signing_keys: {},
+            failures: {},
+        } as IDownloadKeyResult;
         for (const user of usersToReturn) {
-            const userKeys = this.deviceKeysByUserByDevice.get(user);
-            if (userKeys !== undefined) {
-                response.device_keys[user] = Object.fromEntries(userKeys.entries());
-            }
-
+            // First see if we have an E2EKeyReceiver for this user, and if so, return any keys that have been uploaded
             const e2eKeyReceiver = this.e2eKeyReceiversByUser.get(user);
             if (e2eKeyReceiver !== undefined) {
                 const deviceKeys = e2eKeyReceiver.getUploadedDeviceKeys();
@@ -69,16 +66,27 @@ export class E2EKeyResponder {
                     response.device_keys[user] ??= {};
                     response.device_keys[user][deviceKeys.device_id] = deviceKeys;
                 }
+                const crossSigningKeys = e2eKeyReceiver.getUploadedCrossSigningKeys();
+                if (crossSigningKeys !== null) {
+                    response.master_keys![user] = crossSigningKeys["master_key"];
+                    response.self_signing_keys![user] = crossSigningKeys["self_signing_key"] as SigningKeys;
+                }
             }
 
+            // Mix in any keys that have been added explicitly to this E2EKeyResponder.
+            const userKeys = this.deviceKeysByUserByDevice.get(user);
+            if (userKeys !== undefined) {
+                response.device_keys[user] ??= {};
+                Object.assign(response.device_keys[user], Object.fromEntries(userKeys.entries()));
+            }
             if (this.masterKeysByUser.hasOwnProperty(user)) {
-                response.master_keys[user] = this.masterKeysByUser[user];
+                response.master_keys![user] = this.masterKeysByUser[user];
             }
             if (this.selfSigningKeysByUser.hasOwnProperty(user)) {
-                response.self_signing_keys[user] = this.selfSigningKeysByUser[user];
+                response.self_signing_keys![user] = this.selfSigningKeysByUser[user];
             }
             if (this.userSigningKeysByUser.hasOwnProperty(user)) {
-                response.user_signing_keys[user] = this.userSigningKeysByUser[user];
+                response.user_signing_keys![user] = this.userSigningKeysByUser[user];
             }
         }
         return response;

spec/test-utils/E2EOTKClaimResponder.ts

@@ -0,0 +1,74 @@
+/*
+Copyright 2025 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import fetchMock from "@fetch-mock/vitest";
+
+import { MapWithDefault } from "../../src/utils";
+import { type E2EKeyReceiver } from "./E2EKeyReceiver";
+import { type IClaimKeysRequest } from "../../src";
+
+/**
+ * An object which intercepts `/keys/claim` fetches via fetch-mock.
+ */
+export class E2EOTKClaimResponder {
+    private e2eKeyReceiversByUserByDevice = new MapWithDefault<string, Map<string, E2EKeyReceiver>>(() => new Map());
+
+    /**
+     * Construct a new E2EOTKClaimResponder.
+     *
+     * It will immediately register an intercept of `/keys/claim` requests for the given homeserverUrl.
+     * Only /claim requests made to this server will be intercepted: this allows a single test to use more than one
+     * client and have the keys collected separately.
+     *
+     * @param homeserverUrl - the Homeserver Url of the client under test.
+     */
+    public constructor(homeserverUrl: string) {
+        fetchMock.post(new URL("/_matrix/client/v3/keys/claim", homeserverUrl).toString(), (callLog) =>
+            this.onKeyClaimRequest(callLog.options),
+        );
+    }
+
+    private onKeyClaimRequest(options: RequestInit) {
+        const content = JSON.parse(options.body as string) as IClaimKeysRequest;
+        const response = {
+            one_time_keys: {} as { [userId: string]: any },
+        };
+        for (const [userId, devices] of Object.entries(content["one_time_keys"])) {
+            for (const deviceId of Object.keys(devices)) {
+                const e2eKeyReceiver = this.e2eKeyReceiversByUserByDevice.get(userId)?.get(deviceId);
+                const otk = e2eKeyReceiver?.getOneTimeKey();
+                if (otk) {
+                    const [keyId, key] = otk;
+                    response.one_time_keys[userId] ??= {};
+                    response.one_time_keys[userId][deviceId] = {
+                        [keyId]: key,
+                    };
+                }
+            }
+        }
+        return response;
+    }
+
+    /**
+     * Add an E2EKeyReceiver to poll for uploaded keys
+     *
+     * When the `/keys/claim` request is received, a OTK will be removed from the `E2EKeyReceiver` and
+     * added to the response.
+     */
+    public addKeyReceiver(userId: string, deviceId: string, e2eKeyReceiver: E2EKeyReceiver) {
+        this.e2eKeyReceiversByUserByDevice.getOrCreate(userId).set(deviceId, e2eKeyReceiver);
+    }
+}

spec/test-utils/SyncResponder.ts

@@ -15,9 +15,9 @@ limitations under the License.
 */
 
 import debugFunc from "debug";
-import { Debugger } from "debug";
-import fetchMock from "fetch-mock-jest";
-import FetchMock from "fetch-mock";
+import { type Debugger } from "debug";
+import fetchMock from "@fetch-mock/vitest";
+import { type RouteResponse } from "fetch-mock";
 
 /** Interface implemented by classes that intercept `/sync` requests from test clients
  *
@@ -75,12 +75,12 @@ export class SyncResponder implements ISyncResponder {
      */
     public constructor(homeserverUrl: string) {
         this.debug = debugFunc(`sync-responder:[${homeserverUrl}]`);
-        fetchMock.get("begin:" + new URL("/_matrix/client/v3/sync?", homeserverUrl).toString(), (_url, _options) =>
+        fetchMock.get("begin:" + new URL("/_matrix/client/v3/sync?", homeserverUrl).toString(), (callLog) =>
             this.onSyncRequest(),
         );
     }
 
-    private async onSyncRequest(): Promise<FetchMock.MockResponse> {
+    private async onSyncRequest(): Promise<RouteResponse> {
         switch (this.state) {
             case SyncResponderState.IDLE: {
                 this.debug("Got /sync request: waiting for response to be ready");

spec/test-utils/beacon.ts

@@ -16,7 +16,7 @@ limitations under the License.
 
 import { MatrixEvent } from "../../src";
 import { M_BEACON, M_BEACON_INFO } from "../../src/@types/beacon";
-import { LocationAssetType } from "../../src/@types/location";
+import { type LocationAssetType } from "../../src/@types/location";
 import { makeBeaconContent, makeBeaconInfoContent } from "../../src/content-helpers";
 
 type InfoContentProps = {

spec/test-utils/client.ts

@@ -14,12 +14,18 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { MethodLikeKeys, mocked, MockedObject } from "jest-mock";
+import { type MockedObject } from "vitest";
 
-import { ClientEventHandlerMap, EmittedEvents, MatrixClient } from "../../src/client";
+import { type ClientEventHandlerMap, type EmittedEvents, type MatrixClient } from "../../src/client";
 import { TypedEventEmitter } from "../../src/models/typed-event-emitter";
 import { User } from "../../src/models/user";
 
+// Cribbed from https://github.com/jestjs/jest/blob/94830794dc5dfca1b49bc435b7b031b27838a798/packages/jest-mock/src/index.ts
+type FunctionLike = (...args: any) => any;
+type MethodLikeKeys<T> = keyof {
+    [K in keyof T as Required<T>[K] extends FunctionLike ? K : never]: T[K];
+};
+
 /**
  * Mock client with real event emitter
  * useful for testing code that listens
@@ -34,19 +40,19 @@ export class MockClientWithEventEmitter extends TypedEventEmitter<EmittedEvents,
 
 /**
  * - make a mock client
- * - cast the type to mocked(MatrixClient)
+ * - cast the type to vi.mocked(MatrixClient)
  * - spy on MatrixClientPeg.get to return the mock
  * eg
  * ```
  * const mockClient = getMockClientWithEventEmitter({
-        getUserId: jest.fn().mockReturnValue(aliceId),
+        getUserId: vi.fn().mockReturnValue(aliceId),
     });
  * ```
  */
 export const getMockClientWithEventEmitter = (
     mockProperties: Partial<Record<MethodLikeKeys<MatrixClient>, unknown>>,
 ): MockedObject<MatrixClient> => {
-    const mock = mocked(new MockClientWithEventEmitter(mockProperties) as unknown as MatrixClient);
+    const mock = vi.mocked(new MockClientWithEventEmitter(mockProperties) as unknown as MatrixClient);
     return mock;
 };
 
@@ -59,14 +65,14 @@ export const getMockClientWithEventEmitter = (
  * ```
  */
 export const mockClientMethodsUser = (userId = "@alice:domain") => ({
-    getUserId: jest.fn().mockReturnValue(userId),
-    getSafeUserId: jest.fn().mockReturnValue(userId),
-    getUser: jest.fn().mockReturnValue(new User(userId)),
-    isGuest: jest.fn().mockReturnValue(false),
-    mxcUrlToHttp: jest.fn().mockReturnValue("mock-mxcUrlToHttp"),
+    getUserId: vi.fn().mockReturnValue(userId),
+    getSafeUserId: vi.fn().mockReturnValue(userId),
+    getUser: vi.fn().mockReturnValue(new User(userId)),
+    isGuest: vi.fn().mockReturnValue(false),
+    mxcUrlToHttp: vi.fn().mockReturnValue("mock-mxcUrlToHttp"),
     credentials: { userId },
-    getThreePids: jest.fn().mockResolvedValue({ threepids: [] }),
-    getAccessToken: jest.fn(),
+    getThreePids: vi.fn().mockResolvedValue({ threepids: [] }),
+    getAccessToken: vi.fn(),
 });
 
 /**
@@ -78,16 +84,16 @@ export const mockClientMethodsUser = (userId = "@alice:domain") => ({
  * ```
  */
 export const mockClientMethodsEvents = () => ({
-    decryptEventIfNeeded: jest.fn(),
-    getPushActionsForEvent: jest.fn(),
+    decryptEventIfNeeded: vi.fn(),
+    getPushActionsForEvent: vi.fn(),
 });
 
 /**
  * Returns basic mocked client methods related to server support
  */
 export const mockClientMethodsServer = (): Partial<Record<MethodLikeKeys<MatrixClient>, unknown>> => ({
-    getIdentityServerUrl: jest.fn(),
-    getHomeserverUrl: jest.fn(),
-    getCachedCapabilities: jest.fn().mockReturnValue({}),
-    doesServerSupportUnstableFeature: jest.fn().mockResolvedValue(false),
+    getIdentityServerUrl: vi.fn(),
+    getHomeserverUrl: vi.fn(),
+    getCachedCapabilities: vi.fn().mockReturnValue({}),
+    doesServerSupportUnstableFeature: vi.fn().mockResolvedValue(false),
 });

spec/test-utils/emitter.ts

@@ -14,15 +14,17 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+import { type MockInstance } from "vitest";
+
 /**
  * Filter emitter.emit mock calls to find relevant events
  * eg:
  * ```
- * const emitSpy = jest.spyOn(state, 'emit');
+ * const emitSpy = vi.spyOn(state, 'emit');
  * << actions >>
  * const beaconLivenessEmits = emitCallsByEventType(BeaconEvent.New, emitSpy);
  * expect(beaconLivenessEmits.length).toBe(1);
  * ```
  */
-export const filterEmitCallsByEventType = (eventType: string, spy: jest.SpyInstance<any, any[]>) =>
+export const filterEmitCallsByEventType = (eventType: string, spy: MockInstance<(...args: any[]) => any>) =>
     spy.mock.calls.filter((args) => args[0] === eventType);

spec/test-utils/flushPromises.ts

@@ -14,12 +14,10 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-// Jest now uses @sinonjs/fake-timers which exposes tickAsync() and a number of
-// other async methods which break the event loop, letting scheduled promise
-// callbacks run. Unfortunately, Jest doesn't expose these, so we have to do
-// it manually (this is what sinon does under the hood). We do both in a loop
-// until the thing we expect happens: hopefully this is the least flakey way
-// and avoids assuming anything about the app's behaviour.
+// Vitest lacks tickAsync() and a number of other async methods which break the event loop,
+// letting scheduled promise callbacks run. So we have to do it manually
+// (this is what sinon does under the hood). We do both in a loop until the thing we expect happens:
+// hopefully this is the least flakey way and avoids assuming anything about the app's behaviour.
 const realSetTimeout = setTimeout;
 export function flushPromises() {
     return new Promise((r) => {

spec/test-utils/mockEndpoints.ts

@@ -14,39 +14,33 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import fetchMock from "fetch-mock-jest";
+import fetchMock from "@fetch-mock/vitest";
 
-import { KeyBackupInfo } from "../../src/crypto-api";
+import { type KeyBackupInfo } from "../../src/crypto-api";
 
 /**
  * Mock out the endpoints that the js-sdk calls when we call `MatrixClient.start()`.
  *
  * @param homeserverUrl - the homeserver url for the client under test
+ * @param userId - the local user's ID. Defaults to `@alice:localhost`.
  */
-export function mockInitialApiRequests(homeserverUrl: string) {
-    fetchMock.getOnce(
-        new URL("/_matrix/client/versions", homeserverUrl).toString(),
-        { versions: ["v1.1"] },
-        { overwriteRoutes: true },
-    );
-    fetchMock.getOnce(
-        new URL("/_matrix/client/v3/pushrules/", homeserverUrl).toString(),
-        {},
-        { overwriteRoutes: true },
-    );
+export function mockInitialApiRequests(homeserverUrl: string, userId: string = "@alice:localhost") {
+    fetchMock.getOnce(new URL("/_matrix/client/versions", homeserverUrl).toString(), { versions: ["v1.1"] });
+    fetchMock.getOnce(new URL("/_matrix/client/v3/pushrules/", homeserverUrl).toString(), {});
     fetchMock.postOnce(
-        new URL("/_matrix/client/v3/user/%40alice%3Alocalhost/filter", homeserverUrl).toString(),
+        new URL(`/_matrix/client/v3/user/${encodeURIComponent(userId)}/filter`, homeserverUrl).toString(),
+        { filter_id: "fid" },
+    );
+    fetchMock.getOnce(
+        new URL(`/_matrix/client/v3/user/${encodeURIComponent(userId)}/filter/fid`, homeserverUrl).toString(),
         { filter_id: "fid" },
-        { overwriteRoutes: true },
     );
 }
 
 /**
- * Mock the requests needed to set up cross signing
+ * Mock the requests needed to set up cross signing, besides those provided by {@link E2EKeyReceiver}.
  *
  * Return 404 error for `GET _matrix/client/v3/user/:userId/account_data/:type` request
- * Return `{}` for `POST _matrix/client/v3/keys/signatures/upload` request (named `upload-sigs` for fetchMock check)
- * Return `{}` for `POST /_matrix/client/(unstable|v3)/keys/device_signing/upload` request (named `upload-keys` for fetchMock check)
  */
 export function mockSetupCrossSigningRequests(): void {
     // have account_data requests return an empty object
@@ -54,19 +48,6 @@ export function mockSetupCrossSigningRequests(): void {
         status: 404,
         body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
     });
-
-    // we expect a request to upload signatures for our device ...
-    fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
-
-    // ... and one to upload the cross-signing keys (with UIA)
-    fetchMock.post(
-        // legacy crypto uses /unstable/; /v3/ is correct
-        {
-            url: new RegExp("/_matrix/client/(unstable|v3)/keys/device_signing/upload"),
-            name: "upload-keys",
-        },
-        {},
-    );
 }
 
 /**
@@ -79,24 +60,30 @@ export function mockSetupCrossSigningRequests(): void {
  * @param backupVersion - The backup version that will be returned by `POST room_keys/version`.
  */
 export function mockSetupMegolmBackupRequests(backupVersion: string): void {
-    fetchMock.get("path:/_matrix/client/v3/room_keys/version", {
-        status: 404,
-        body: {
-            errcode: "M_NOT_FOUND",
-            error: "No current backup version",
+    fetchMock.get(
+        "path:/_matrix/client/v3/room_keys/version",
+        {
+            status: 404,
+            body: {
+                errcode: "M_NOT_FOUND",
+                error: "No current backup version",
+            },
         },
-    });
+        { name: "room-keys-version" },
+    );
 
-    fetchMock.post("path:/_matrix/client/v3/room_keys/version", (url, request) => {
-        const backupData: KeyBackupInfo = JSON.parse(request.body?.toString() ?? "{}");
-        backupData.version = backupVersion;
-        backupData.count = 0;
-        backupData.etag = "zer";
-        fetchMock.get("path:/_matrix/client/v3/room_keys/version", backupData, {
-            overwriteRoutes: true,
-        });
-        return {
-            version: backupVersion,
-        };
-    });
+    fetchMock.post(
+        "path:/_matrix/client/v3/room_keys/version",
+        (callLog) => {
+            const backupData: KeyBackupInfo = JSON.parse((callLog.options.body as string) ?? "{}");
+            backupData.version = backupVersion;
+            backupData.count = 0;
+            backupData.etag = "zer";
+            fetchMock.modifyRoute("room-keys-version", { response: backupData });
+            return {
+                version: backupVersion,
+            };
+        },
+        { name: "post-room-keys-version" },
+    );
 }

spec/test-utils/oidc.ts

@@ -14,42 +14,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { OidcClientConfig, ValidatedIssuerMetadata } from "../../src";
-
-/**
- * Makes a valid OidcClientConfig with minimum valid values
- * @param issuer used as the base for all other urls
- * @returns OidcClientConfig
- */
-export const makeDelegatedAuthConfig = (issuer = "https://auth.org/"): OidcClientConfig => {
-    const metadata = mockOpenIdConfiguration(issuer);
-
-    return {
-        accountManagementEndpoint: issuer + "account",
-        registrationEndpoint: metadata.registration_endpoint,
-        authorizationEndpoint: metadata.authorization_endpoint,
-        tokenEndpoint: metadata.token_endpoint,
-        metadata,
-    };
-};
-
-/**
- * Useful for mocking <issuer>/.well-known/openid-configuration
- * @param issuer used as the base for all other urls
- * @returns ValidatedIssuerMetadata
- */
-export const mockOpenIdConfiguration = (
-    issuer = "https://auth.org/",
-    additionalGrantTypes: string[] = [],
-): ValidatedIssuerMetadata => ({
-    issuer,
-    revocation_endpoint: issuer + "revoke",
-    token_endpoint: issuer + "token",
-    authorization_endpoint: issuer + "auth",
-    registration_endpoint: issuer + "registration",
-    device_authorization_endpoint: issuer + "device",
-    jwks_uri: issuer + "jwks",
-    response_types_supported: ["code"],
-    grant_types_supported: ["authorization_code", "refresh_token", ...additionalGrantTypes],
-    code_challenge_methods_supported: ["S256"],
-});
+export { makeDelegatedAuthConfig, mockOpenIdConfiguration } from "../../src/testing.ts";

spec/test-utils/test-data/generate-test-data.py

@@ -84,9 +84,9 @@ def main() -> None:
  * Do not edit by hand! This file is generated by `./generate-test-data.py`
  */
 
-import {{ IDeviceKeys, IMegolmSessionData }} from "../../../src/@types/crypto";
-import {{ IDownloadKeyResult, IEvent }} from "../../../src";
-import {{ KeyBackupSession, KeyBackupInfo }} from "../../../src/crypto-api/keybackup";
+import type {{ IDeviceKeys, IMegolmSessionData }} from "../../../src/@types/crypto";
+import type {{ IDownloadKeyResult, IEvent }} from "../../../src";
+import type {{ KeyBackupSession, KeyBackupInfo, KeyBackupRoomSessions }} from "../../../src/crypto-api/keybackup";
 
 /* eslint-disable comma-dangle */
 
@@ -246,15 +246,6 @@ export const {prefix}SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult>
 /** Signed OTKs, returned by `POST /keys/claim` */
 export const {prefix}ONE_TIME_KEYS = { json.dumps(otks, indent=4) };
 
-/** base64-encoded backup decryption (private) key */
-export const {prefix}BACKUP_DECRYPTION_KEY_BASE64 = "{ user_data['B64_BACKUP_DECRYPTION_KEY'] }";
-
-/** Backup decryption key in export format */
-export const {prefix}BACKUP_DECRYPTION_KEY_BASE58 = "{ backup_recovery_key }";
-
-/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{{roomId}}/{{sessionId}}` */
-export const {prefix}SIGNED_BACKUP_DATA: KeyBackupInfo = { json.dumps(backup_data, indent=4) };
-
 /** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
 export const {prefix}MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = {
     json.dumps(set_of_exported_room_keys, indent=4)
@@ -278,6 +269,23 @@ export const {prefix}CLEAR_EVENT: Partial<IEvent> = {json.dumps(clear_event, ind
 
 /** The encrypted CLEAR_EVENT by MEGOLM_SESSION_DATA */
 export const {prefix}ENCRYPTED_EVENT: Partial<IEvent> = {json.dumps(encrypted_event, indent=4)};
+
+/** base64-encoded backup decryption (private) key */
+export const {prefix}BACKUP_DECRYPTION_KEY_BASE64 = "{ user_data['B64_BACKUP_DECRYPTION_KEY'] }";
+
+/** Backup decryption key in export format */
+export const {prefix}BACKUP_DECRYPTION_KEY_BASE58 = "{ backup_recovery_key }";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{{roomId}}/{{sessionId}}` */
+export const {prefix}SIGNED_BACKUP_DATA: KeyBackupInfo = { json.dumps(backup_data, indent=4) };
+
+/**
+ * Per-room backup data, (supposedly) suitable for return from `GET /_matrix/client/v3/room_keys/keys/{{roomId}}`.
+ * Contains the key from {prefix}MEGOLM_SESSION_DATA.
+ */
+export const {prefix}PER_ROOM_CURVE25519_KEY_BACKUP_DATA: KeyBackupRoomSessions = {{
+     [{prefix}MEGOLM_SESSION_DATA.session_id]: {prefix}CURVE25519_KEY_BACKUP_DATA
+}};
 """
 
     alt_master_key = user_data.get("ALT_MASTER_CROSS_SIGNING_PRIVATE_KEY_BYTES")
@@ -385,7 +393,7 @@ def sign_json(json_object: dict, private_key: ed25519.Ed25519PrivateKey) -> str:
 def build_exported_megolm_key(device_curve_key: x25519.X25519PrivateKey) -> tuple[dict, ed25519.Ed25519PrivateKey]:
     """
     Creates an exported megolm room key, as per https://gitlab.matrix.org/matrix-org/olm/blob/master/docs/megolm.md#session-export-format
-    that can be imported via importRoomKeys API.
+    that can be imported via importRoomKeys API, or shared via MSC4268 room history sharing.
     Returns the exported key, the matching privat edKey (needed to encrypt)
     """
     index = 0
@@ -409,11 +417,12 @@ def build_exported_megolm_key(device_curve_key: x25519.X25519PrivateKey) -> tupl
         "session_id": encode_base64(
             private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)
         ),
-        "session_key": encode_base64(exported_key),
+        "session_key": encode_base64(bytes(exported_key)),
         "sender_claimed_keys": {
             "ed25519": encode_base64(ed25519.Ed25519PrivateKey.from_private_bytes(randbytes(32)).public_key().public_bytes(Encoding.Raw, PublicFormat.Raw)),
         },
         "forwarding_curve25519_key_chain": [],
+        "m.shared_history": True,
     }
 
     return megolm_export, private_key
@@ -458,7 +467,7 @@ def symetric_ratchet_step_of_megolm_key(previous: dict , megolm_private_key: ed2
         "room_id": "!room:id",
         "sender_key": previous["sender_key"],
         "session_id": previous["session_id"],
-        "session_key": encode_base64(exported_key),
+        "session_key": encode_base64(bytes(exported_key)),
         "sender_claimed_keys": previous["sender_claimed_keys"],
         "forwarding_curve25519_key_chain": [],
     }
@@ -609,7 +618,7 @@ def generate_encrypted_event_content(exported_key: dict, ed_key: ed25519.Ed25519
 
     message += signature
 
-    cipher_text = encode_base64(message)
+    cipher_text = encode_base64(bytes(message))
 
     encrypted_payload = {
         "algorithm" : "m.megolm.v1.aes-sha2",
@@ -653,7 +662,7 @@ def export_recovery_key(key_b64: str) -> str:
     export_bytes += parity_byte.to_bytes(1, 'big')
 
     # The byte string is encoded using base58
-    recovery_key = base58.b58encode(export_bytes).decode('utf-8')
+    recovery_key = base58.b58encode(bytes(export_bytes)).decode('utf-8')
 
     split = [recovery_key[i:i + 4] for i in range(0, len(recovery_key), 4)]
     return ' '.join(split)

spec/test-utils/test-data/index.ts

@@ -3,9 +3,9 @@
  * Do not edit by hand! This file is generated by `./generate-test-data.py`
  */
 
-import { IDeviceKeys, IMegolmSessionData } from "../../../src/@types/crypto";
-import { IDownloadKeyResult, IEvent } from "../../../src";
-import { KeyBackupSession, KeyBackupInfo } from "../../../src/crypto-api/keybackup";
+import type { IDeviceKeys, IMegolmSessionData } from "../../../src/@types/crypto";
+import type { IDownloadKeyResult, IEvent } from "../../../src";
+import type { KeyBackupSession, KeyBackupInfo, KeyBackupRoomSessions } from "../../../src/crypto-api/keybackup";
 
 /* eslint-disable comma-dangle */
 
@@ -118,26 +118,6 @@ export const ONE_TIME_KEYS = {
     }
 };
 
-/** base64-encoded backup decryption (private) key */
-export const BACKUP_DECRYPTION_KEY_BASE64 = "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
-
-/** Backup decryption key in export format */
-export const BACKUP_DECRYPTION_KEY_BASE58 = "EsTc LW2K PGiF wKEA 3As5 g5c4 BXwk qeeJ ZJV8 Q9fu gUMN UE4d";
-
-/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
-export const SIGNED_BACKUP_DATA: KeyBackupInfo = {
-    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
-    "version": "1",
-    "auth_data": {
-        "public_key": "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
-        "signatures": {
-            "@alice:localhost": {
-                "ed25519:test_device": "KDSNeumirTsd8piI0oVfv/wzg4J4HlEc7rs5XhODFcJ/YAcUdg65ajsZG+rLI0TQOSSGjorJqcrSiSB1HRSCAA"
-            }
-        }
-    }
-};
-
 /** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
 export const MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
     {
@@ -149,7 +129,8 @@ export const MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
         "sender_claimed_keys": {
             "ed25519": "QdgHgdpDgihgovpPzUiThXur1fbErTFh7paFvNKSgN0"
         },
-        "forwarding_curve25519_key_chain": []
+        "forwarding_curve25519_key_chain": [],
+        "org.matrix.msc3061.shared_history": true
     },
     {
         "algorithm": "m.megolm.v1.aes-sha2",
@@ -160,7 +141,8 @@ export const MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
         "sender_claimed_keys": {
             "ed25519": "IrkbT6H+0urDf6wKDSyVC1fh1t84Vz6T62snni86Cog"
         },
-        "forwarding_curve25519_key_chain": []
+        "forwarding_curve25519_key_chain": [],
+        "org.matrix.msc3061.shared_history": true
     }
 ];
 
@@ -174,7 +156,8 @@ export const MEGOLM_SESSION_DATA: IMegolmSessionData = {
     "sender_claimed_keys": {
         "ed25519": "Bhbpt6hqMZlSH4sJV7xiEEEiPVeTWz4Vkujl1EMdIPI"
     },
-    "forwarding_curve25519_key_chain": []
+    "forwarding_curve25519_key_chain": [],
+    "org.matrix.msc3061.shared_history": true
 };
 
 /** A ratcheted version of MEGOLM_SESSION_DATA */
@@ -196,7 +179,7 @@ export const CURVE25519_KEY_BACKUP_DATA: KeyBackupSession = {
     "forwarded_count": 0,
     "is_verified": false,
     "session_data": {
-        "ciphertext": "r6HRk2/Im2yJe5cLP8R81aVjFWjYWPHpw7TVxphiSK1cdIDZTTK57r6MfU+0i/mTPn+/PosT74OvYwCnehy2d1BPGxhDl8AhPcBu3//Kzlq2o5CssPsw+88gRehkAsPg9Zp5G9sL9to6giltvTWTbsaQpmvv3HLmBOYSFIxvyZrOT/Ffqu325f0IEsKcyV2BdIkw8Ob9Xt+VWoe4MYEGG6y1T8W125zeFgKWI4Ow76uput64H9zZjIo+Cc+hCTO9Ea4EnosSjizCotevkNck7C/zGgfhBikiohROb6SbaZgxicSsEDZ+f7brnri9yP3iXS3PMDHHpa1+XzG2VOG/Y9OQZpkPq+pbLrCC+NWJeJPslDAK5i+RURwzjnPmaHKCRHTq86CwhFyiCDf61MGwCY3xjrmBJg44BCdxWqCx0YJvwsvVqqnl4vTieUfrwThNPsQ81aVkDHvlmrgrTt8icDa8jTJhu34jem+pbRSEM5aJikV4B+zYiLz+dH/v6UpYA2eG8ReOvwpPXp6CAcIlplRPpWbMBeLFVcPkT4KAXTp9exFpB4on4pf8OsaDomlt4qAA0rhAZmhPWPKcU/A0Tz4gyMu54OivVtw1SPj+5Iq+YDQ8jB6Po3ApzMf6fwF9x/FjevbboFB05X2Jr0NrbFqXMOUwXHMgDAGiIWX8+gkmmbaiNWqg2etjN94pobQSGZelb18XGN7kuwMk+Zwk7A",
+        "ciphertext": "r6HRk2/Im2yJe5cLP8R81aVjFWjYWPHpw7TVxphiSK1cdIDZTTK57r6MfU+0i/mTPn+/PosT74OvYwCnehy2d/r0NTff1SQt+1GopZkT0nq6jF5Wh/oX+8iwtYjHvTxMpN1UQoXAvRF40O+EVg+Q3efJXh1t45cMco8EWU64VerOir+k7cQ3C9FtcgQw3kmz3s3HeVY10o13X/w6+rc8n6vXqxuIxYHnFxanxX8B6TgTMZNajNfVsmJV0aC1aezim7E2gsftc+6+zW5G+rCFaEsWV/IuSOUz0+Hh0U+7hzSrz9/4qXPEVmPy1f6Ll4hhquPAlXPVDwddqlJDYj7kmvzr1g3bKVpk+TtKDbWlVQDPaJx2DEI2jGkPYjhYb7okpTFKpUny94dZmFIQqCeSGPIniaq8Y+/CanugQ1ZRVQcThuXrTewqWhXcpVvkVHT9i4ImcpBl95HzCBXuiwSUv6FKvO25fp++w555rbn2piFtilrUwnkrZPW32jFuaQcKZF4mZwcLeH7POL5UCuS4TWyaKyArp7bRzXwWuIq1wPET2nAMUmUVL7ge2+tAevk1WOIsjLgSaz/g55wO3Yma7yhXRFKcnzTjS0hUQOZ3GfTNwCM4pjzAtIPzvVd4Fp0b1emWZS5WyOYdXsceEDi3c6WtkoHWOKhPU0zBzn8hA9TdlFFqKzf2QFbN5Zgg0gprDLnLWgpc3/ieI4C7ndEQ7ZeTNMXbT/Y10APFk3qO+IGkLXJ97/qTF41EXFDhlsL0",
         "ephemeral": "q+P1WdRtEiPIEtNuuGrRcueZxUbLnSKdsuTAkxewXgU",
         "mac": "OibmACbORhI"
     }
@@ -229,6 +212,37 @@ export const ENCRYPTED_EVENT: Partial<IEvent> = {
     "origin_server_ts": 1507753886000
 };
 
+/** base64-encoded backup decryption (private) key that matches the public key in CURVE25519_KEY_BACKUP_DATA */
+export const BACKUP_DECRYPTION_KEY_BASE64 = "dwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
+
+/** base64-encoded backup decryption (private) key that does not match the public key in CURVE25519_KEY_BACKUP_DATA */
+export const BACKUP_DECRYPTION_KEY_BASE64_ALT = "dh4fP2LITyJusgnb0dEq/SQK253WGObvLxXF5FEX6qc";
+
+/** Backup decryption key in export format */
+export const BACKUP_DECRYPTION_KEY_BASE58 = "EsTc LW2K PGiF wKEA 3As5 g5c4 BXwk qeeJ ZJV8 Q9fu gUMN UE4d";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
+export const SIGNED_BACKUP_DATA: KeyBackupInfo = {
+    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+    "version": "1",
+    "auth_data": {
+        "public_key": "hSDwCYkwp1R0i33ctD73Wg2/Og0mOBr066SpjqqbTmo",
+        "signatures": {
+            "@alice:localhost": {
+                "ed25519:test_device": "KDSNeumirTsd8piI0oVfv/wzg4J4HlEc7rs5XhODFcJ/YAcUdg65ajsZG+rLI0TQOSSGjorJqcrSiSB1HRSCAA"
+            }
+        }
+    }
+};
+
+/**
+ * Per-room backup data, (supposedly) suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}`.
+ * Contains the key from MEGOLM_SESSION_DATA.
+ */
+export const PER_ROOM_CURVE25519_KEY_BACKUP_DATA: KeyBackupRoomSessions = {
+     [MEGOLM_SESSION_DATA.session_id]: CURVE25519_KEY_BACKUP_DATA
+};
+
 // Bob data
 
 export const BOB_TEST_USER_ID = "@bob:xyz";
@@ -338,26 +352,6 @@ export const BOB_ONE_TIME_KEYS = {
     }
 };
 
-/** base64-encoded backup decryption (private) key */
-export const BOB_BACKUP_DECRYPTION_KEY_BASE64 = "DwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
-
-/** Backup decryption key in export format */
-export const BOB_BACKUP_DECRYPTION_KEY_BASE58 = "EsT5 Sd5m mEXs NQYE ibRe 3q9E 4aXW rHih 5f9J 6rU6 AfwY mASR";
-
-/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
-export const BOB_SIGNED_BACKUP_DATA: KeyBackupInfo = {
-    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
-    "version": "1",
-    "auth_data": {
-        "public_key": "ZRuVWcWlDuvOwZRygccUCD4Avtnt130800I+WQNwwRY",
-        "signatures": {
-            "@bob:xyz": {
-                "ed25519:bob_device": "lDIMj3VC0WazE2FamGHpmbiqKf9Z4pO4qapZ5TL5BnD3c+dvb+2waOEd6pgay/pmrQ6MW4Eu2KDEpe1fnHc3BA"
-            }
-        }
-    }
-};
-
 /** A set of megolm keys that can be imported via CryptoAPI#importRoomKeys */
 export const BOB_MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
     {
@@ -369,7 +363,8 @@ export const BOB_MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
         "sender_claimed_keys": {
             "ed25519": "F4P7f1Z0RjbiZMgHk1xBCG3KC4/Ng9PmxLJ4hQ13sHA"
         },
-        "forwarding_curve25519_key_chain": []
+        "forwarding_curve25519_key_chain": [],
+        "org.matrix.msc3061.shared_history": true
     },
     {
         "algorithm": "m.megolm.v1.aes-sha2",
@@ -380,7 +375,8 @@ export const BOB_MEGOLM_SESSION_DATA_ARRAY: IMegolmSessionData[] = [
         "sender_claimed_keys": {
             "ed25519": "OsZMdC1gQ5nPr+L9tuT6xXsaFJkVPkgxP2FexHF1/QM"
         },
-        "forwarding_curve25519_key_chain": []
+        "forwarding_curve25519_key_chain": [],
+        "org.matrix.msc3061.shared_history": true
     }
 ];
 
@@ -394,7 +390,8 @@ export const BOB_MEGOLM_SESSION_DATA: IMegolmSessionData = {
     "sender_claimed_keys": {
         "ed25519": "zBdpQwWYyz1MkZuEUhXqcdMfUNN/B9psLFDDDTJOg64"
     },
-    "forwarding_curve25519_key_chain": []
+    "forwarding_curve25519_key_chain": [],
+    "org.matrix.msc3061.shared_history": true
 };
 
 /** A ratcheted version of BOB_MEGOLM_SESSION_DATA */
@@ -416,7 +413,7 @@ export const BOB_CURVE25519_KEY_BACKUP_DATA: KeyBackupSession = {
     "forwarded_count": 0,
     "is_verified": false,
     "session_data": {
-        "ciphertext": "d7UVOK17WEVky/8hK0h3HsTQrFMEbKbfqMcl2KtyTWcI9S5gGFWK9Git5BzVRxRggvxQ0c8PDfqL+dr3zHytAMW+71BJqIPQW910vV7SX3IcGylnoUcS3doVkJZiprXytXMP89AKcgv5Dj7mS2ZdvNGE+Atro74bzZ5yot5BrE0ZE5SjoUBPLaLMMu9HopLIV+qx01Rc3F0wmkocSPo51N0nv6wvO5Cst0FiOGHDK6r1pFlgDEJLmBkOyC4e8oMVbKTJzsSQVbJ8tJ37xuhI+T5P0ZlmiqKDqYRp8uh50w+txLEixYhEUunFgCTt1DAmiS9pLNYhLyl1ggwuQjzZe+AV6timbRxNJy18/AEcPomJw7z/pxYIiNLHRKOC13Wp8kGWx9cOgfMQ5KmBuLS8psGiLTBkfWPLOfNYqjbeqAR+OGZQoS6hUjbBYU7QuFa4FOYBHkNB2UqNsdsMb9qB/qs7QGTSb8Lok5YjW1c81BUpmIyKvuqnKma0MZskrpTYGQD2eJDABFCZwLFm+LgDyUTeSiV5xguYztLrHOk8LHKo9M8dIZgoBjeFVJxyjbcXKsVS3aQkMXKCrRlKLqhZTws/ZJwVfW9DbktZ9dT+tRZQvI7tjJofojcLX61AGJDnqUf5+2Gv1tEnmUI953gIzc8NlcFabPOsDsZEODt7MdOCTPT3w29umyhKbCsslpb64LoS/AB2QRPRCgkJS7snRA",
+        "ciphertext": "d7UVOK17WEVky/8hK0h3HsTQrFMEbKbfqMcl2KtyTWcI9S5gGFWK9Git5BzVRxRggvxQ0c8PDfqL+dr3zHytAA7TEpHlx8Ks23hCqXmVW710VjqK2K9xnWCyJvkHfE8x0w6AYvffDj+tRVP8C8M7t4849rD2itn0uma+YMkvjG/nANUTxG1dBf3oUOZ673vflCPoaz7s7x9ZNhYDVSVH5JTdMgNwwN42R5dqqxnGTu516tJzJh/9BWvyD9oIPWJ8X0rt1sbzEJ3PZeBXcSy8GTlZ1SgSFjeiXlwYxOZCaX2sxprk4N1oI1db6g+wCDBhbCGGucJIlTDJna/h9/C5J4drGd/fkisG3SidUmJXXCyInhs/BhwjGAtTGeQS8j7R8UnJxhMulYBHSckzj0Kas71LElPp8W8M4Jq81APA03n5UfYB+U6jbxjDgf8OJnxGQyrteq9F2+SEvS/TwHe1pE3t6EM2mDYRoYDTpU5pTNYSJkGIQMfWJKRxxuWUGs29o1twewJ6dhHgm+SlCII0M7ESoVdV54vxZCvHZnPcR0NXDzal7ils7zBKJmamHfPQBuaqNPU3KmSo+5R8ngFPaWU5LbWqYp/WxSBfNCoLZ7Jf8Io5uitjXTATR2qy2r6l/RJmk3RlfP51kliQqI2TWqRF96oaB96IGgUGSFCX/2pv0psOBGc1SjfmMB3d7gYis+2iBYVbG3xmnpeXbqvlD0Lw9TiTIPkjhJkTW1+lXyhy1xVH9ZmcFamcL7bX15Jx",
         "ephemeral": "oO0VX84OUIzm2i/12zAhTWOZT5IFRH5mXaKZ8fXkCgU",
         "mac": "lEfHlqfJQwU"
     }
@@ -449,6 +446,34 @@ export const BOB_ENCRYPTED_EVENT: Partial<IEvent> = {
     "origin_server_ts": 1507753886000
 };
 
+/** base64-encoded backup decryption (private) key */
+export const BOB_BACKUP_DECRYPTION_KEY_BASE64 = "DwdtCnMYpX08FsFyUbJmRd9ML4frwJkqsXf7pR25LCo=";
+
+/** Backup decryption key in export format */
+export const BOB_BACKUP_DECRYPTION_KEY_BASE58 = "EsT5 Sd5m mEXs NQYE ibRe 3q9E 4aXW rHih 5f9J 6rU6 AfwY mASR";
+
+/** Signed backup data, suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}/{sessionId}` */
+export const BOB_SIGNED_BACKUP_DATA: KeyBackupInfo = {
+    "algorithm": "m.megolm_backup.v1.curve25519-aes-sha2",
+    "version": "1",
+    "auth_data": {
+        "public_key": "ZRuVWcWlDuvOwZRygccUCD4Avtnt130800I+WQNwwRY",
+        "signatures": {
+            "@bob:xyz": {
+                "ed25519:bob_device": "lDIMj3VC0WazE2FamGHpmbiqKf9Z4pO4qapZ5TL5BnD3c+dvb+2waOEd6pgay/pmrQ6MW4Eu2KDEpe1fnHc3BA"
+            }
+        }
+    }
+};
+
+/**
+ * Per-room backup data, (supposedly) suitable for return from `GET /_matrix/client/v3/room_keys/keys/{roomId}`.
+ * Contains the key from BOB_MEGOLM_SESSION_DATA.
+ */
+export const BOB_PER_ROOM_CURVE25519_KEY_BACKUP_DATA: KeyBackupRoomSessions = {
+     [BOB_MEGOLM_SESSION_DATA.session_id]: BOB_CURVE25519_KEY_BACKUP_DATA
+};
+
 /** A second set of signed cross-signing keys data, also suitable for returning from a `/keys/query` call */
 export const BOB_ALT_SIGNED_CROSS_SIGNING_KEYS_DATA: Partial<IDownloadKeyResult> = {
     "master_keys": {

spec/test-utils/test-utils.ts

@@ -1,25 +1,32 @@
+import mkdebug from "debug";
+
 // eslint-disable-next-line no-restricted-imports
-import EventEmitter from "events";
-
-// load olm before the sdk if possible
-import "../olm-loader";
-
-import { logger } from "../../src/logger";
-import { IContent, IEvent, IEventRelation, IUnsigned, MatrixEvent, MatrixEventEvent } from "../../src/models/event";
+import type EventEmitter from "events";
+import {
+    type IContent,
+    type IEvent,
+    type IEventRelation,
+    type IUnsigned,
+    MatrixEvent,
+    MatrixEventEvent,
+} from "../../src/models/event";
 import {
     ClientEvent,
     EventType,
-    IJoinedRoom,
-    IPusher,
-    ISyncResponse,
-    MatrixClient,
+    HistoryVisibility,
+    type IJoinedRoom,
+    type IPusher,
+    type ISyncResponse,
+    type MatrixClient,
     MsgType,
     RelationType,
 } from "../../src";
 import { SyncState } from "../../src/sync";
 import { eventMapperFor } from "../../src/event-mapper";
 import { TEST_ROOM_ID } from "./test-data";
-import { KnownMembership, Membership } from "../../src/@types/membership";
+import { KnownMembership, type Membership } from "../../src/@types/membership";
+
+const debug = mkdebug("test-utils");
 
 /**
  * Return a promise that is resolved when the client next emits a
@@ -35,7 +42,7 @@ export function syncPromise(client: MatrixClient, count = 1): Promise<void> {
 
     const p = new Promise<void>((resolve) => {
         const cb = (state: SyncState) => {
-            logger.log(`${Date.now()} syncPromise(${count}): ${state}`);
+            debug(`syncPromise(${count}): ${state}`);
             if (state === SyncState.Syncing) {
                 resolve();
             } else {
@@ -51,13 +58,22 @@ export function syncPromise(client: MatrixClient, count = 1): Promise<void> {
 }
 
 /**
- * Return a sync response which contains a single room (by default TEST_ROOM_ID), with the members given
- * @param roomMembers
- * @param roomId
+ * Return a sync response which contains a single room (by default `TEST_ROOM_ID`), with the members given
+ * and history visibility set to `shared`.
  *
- * @returns the sync response
+ * @param roomMembers - An array of user IDs representing the members of the room.
+ * @param roomHistoryVisibility - The history visibility setting for the room. Defaults to `shared`.
+ * @param roomId - The ID of the room. Defaults to `TEST_ROOM_ID`.
+ * @param encryptStateEvents - A boolean indicating whether state events should be encrypted. Defaults to `false`.
+ *
+ * @returns The sync response object containing the room data.
  */
-export function getSyncResponse(roomMembers: string[], roomId = TEST_ROOM_ID): ISyncResponse {
+export function getSyncResponse(
+    roomMembers: string[],
+    roomHistoryVisibility: HistoryVisibility = HistoryVisibility.Shared,
+    roomId = TEST_ROOM_ID,
+    encryptStateEvents = false,
+): ISyncResponse {
     const roomResponse: IJoinedRoom = {
         summary: {
             "m.heroes": [],
@@ -71,7 +87,16 @@ export function getSyncResponse(roomMembers: string[], roomId = TEST_ROOM_ID): I
                     type: "m.room.encryption",
                     state_key: "",
                     content: {
-                        algorithm: "m.megolm.v1.aes-sha2",
+                        "algorithm": "m.megolm.v1.aes-sha2",
+                        "io.element.msc4362.encrypt_state_events": encryptStateEvents,
+                    },
+                }),
+                mkEventCustom({
+                    sender: roomMembers[0],
+                    type: "m.room.history_visibility",
+                    state_key: "",
+                    content: {
+                        history_visibility: roomHistoryVisibility,
                     },
                 }),
             ],
@@ -125,7 +150,7 @@ export function mock<T>(constr: { new (...args: any[]): T }, name: string): T {
         // eslint-disable-line guard-for-in
         try {
             if (constr.prototype[key] instanceof Function) {
-                result[key] = jest.fn();
+                result[key] = vi.fn();
             }
         } catch {
             // Direct access to some non-function fields of DOM prototypes may
@@ -516,25 +541,25 @@ export async function awaitDecryption(
     // already
     if (event.getClearContent() !== null) {
         if (waitOnDecryptionFailure && event.isDecryptionFailure()) {
-            logger.log(`${Date.now()}: event ${event.getId()} got decryption error; waiting`);
+            debug(`event ${event.getId()} got decryption error; waiting`);
         } else {
             return event;
         }
     } else {
-        logger.log(`${Date.now()}: event ${event.getId()} is not yet decrypted; waiting`);
+        debug(`event ${event.getId()} is not yet decrypted; waiting`);
     }
 
     return new Promise((resolve) => {
         if (waitOnDecryptionFailure) {
             event.on(MatrixEventEvent.Decrypted, (ev, err) => {
-                logger.log(`${Date.now()}: MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
+                debug(`MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
                 if (!err) {
                     resolve(ev);
                 }
             });
         } else {
             event.once(MatrixEventEvent.Decrypted, (ev, err) => {
-                logger.log(`${Date.now()}: MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
+                debug(`MatrixEventEvent.Decrypted for event ${event.getId()}: ${err ?? "success"}`);
                 resolve(ev);
             });
         }
@@ -552,20 +577,21 @@ export const mkPusher = (extra: Partial<IPusher> = {}): IPusher => ({
     ...extra,
 });
 
-/**
- * a list of the supported crypto implementations, each with a callback to initialise that implementation
- * for the given client
- */
-export const CRYPTO_BACKENDS: Record<string, InitCrypto> = {};
-export type InitCrypto = (_: MatrixClient) => Promise<void>;
-
-CRYPTO_BACKENDS["rust-sdk"] = (client: MatrixClient) => client.initRustCrypto();
-if (globalThis.Olm) {
-    CRYPTO_BACKENDS["libolm"] = (client: MatrixClient) => client.initLegacyCrypto();
-}
-
 export const emitPromise = (e: EventEmitter, k: string): Promise<any> => new Promise((r) => e.once(k, r));
 
+/**
+ * Counts the number of times that an event was emitted.
+ */
+export class EventCounter {
+    public counter;
+    constructor(emitter: EventEmitter, event: string) {
+        this.counter = 0;
+        emitter.on(event, () => {
+            this.counter++;
+        });
+    }
+}
+
 /**
  * Advance the fake timers in a loop until the given promise resolves or rejects.
  *
@@ -580,8 +606,103 @@ export async function advanceTimersUntil<T>(promise: Promise<T>): Promise<T> {
     });
 
     while (!resolved) {
-        await jest.advanceTimersByTimeAsync(1);
+        await vi.advanceTimersByTimeAsync(1);
     }
 
     return await promise;
 }
+
+export function jestFakeTimersAreEnabled(): boolean {
+    return Object.prototype.hasOwnProperty.call(setTimeout, "clock");
+}
+
+/**
+ * Run `callback` in a loop, until it returns a successful result (i.e. it does not throw), or we reach a timeout
+ *
+ * Based on the function of the same name in the {@link https://testing-library.com/docs/dom-testing-library/api-async/#waitfor DOM testing library}.
+ *
+ * @param callback - The function to call to check if we can proceed. If it returns a result (including a falsey one),
+ *   `waitFor` returns that result. If it throws, `waitFor` continues to wait.
+ *
+ *   May return a promise, in which case no further checks are done until the promise resolves.
+ *
+ * @param timeout - The time to wait for, overall, in ms. If `callback` still hasn't returned a successful result after
+ *    this time, `waitFor` will throw an error.
+ *
+ *    Defaults to 1000.
+ *
+ * @param interval - How often to call `callback`. Defaults to 50.
+ */
+export function waitFor<T>(
+    callback: () => Promise<T> | T,
+    {
+        timeout = 1000,
+        interval = 50,
+    }: {
+        timeout?: number;
+        interval?: number;
+    } = {},
+): Promise<T> {
+    return new Promise((resolve, reject) => {
+        let lastError: any;
+        let finished = false;
+        let intervalId: ReturnType<typeof setTimeout> | undefined;
+        let promisePending = false;
+
+        const overallTimeoutTimer = setTimeout(handleTimeout, timeout);
+        const usingJestFakeTimers = jestFakeTimersAreEnabled();
+        if (usingJestFakeTimers) {
+            checkCallback();
+
+            while (!finished) {
+                vi.advanceTimersByTime(interval);
+
+                // Could have timed-out
+                if (finished) break;
+
+                checkCallback();
+            }
+        } else {
+            intervalId = setInterval(checkCallback, interval);
+            checkCallback();
+        }
+
+        function checkCallback() {
+            if (promisePending) {
+                // still waiting for the previous check
+                return;
+            }
+
+            async function doCheck() {
+                try {
+                    const result = await callback();
+                    onDone();
+                    resolve(result);
+                } catch (error) {
+                    // Save the most recent callback error to reject the promise with it in the event of a timeout
+                    lastError = error;
+                }
+            }
+
+            promisePending = true;
+            doCheck().finally(() => {
+                promisePending = false;
+            });
+        }
+
+        function onDone(): void {
+            finished = true;
+            clearTimeout(overallTimeoutTimer);
+            if (intervalId !== undefined) clearInterval(intervalId);
+        }
+
+        function handleTimeout() {
+            onDone();
+            if (lastError) {
+                reject(lastError);
+            } else {
+                reject(new Error("Timed out in waitFor."));
+            }
+        }
+    });
+}

spec/test-utils/test_indexeddb_cryptostore_dump/empty_account/index.ts

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { DumpDataSetInfo } from "../index";
+import { type DumpDataSetInfo } from "../index";
 
 /**
  * A key query response containing the current keys of the tested user.

spec/test-utils/test_indexeddb_cryptostore_dump/full_account/index.ts

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { DumpDataSetInfo } from "../index";
+import { type DumpDataSetInfo } from "../index";
 
 /**
  * A key query response containing the current keys of the tested user.

spec/test-utils/test_indexeddb_cryptostore_dump/no_cached_msk_dump/index.ts

@@ -14,8 +14,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { KeyBackupInfo } from "../../../../src/crypto-api/keybackup";
-import { DumpDataSetInfo } from "../index";
+import { type KeyBackupInfo } from "../../../../src/crypto-api/keybackup";
+import { type DumpDataSetInfo } from "../index";
 
 /**
  * A key query response containing the current keys of the tested user.

spec/test-utils/test_indexeddb_cryptostore_dump/unverified/index.ts

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { DumpDataSetInfo } from "../index";
+import { type DumpDataSetInfo } from "../index";
 
 /**
  * A key query response containing the current keys of the tested user.

spec/test-utils/thread.ts

@@ -15,10 +15,10 @@ limitations under the License.
 */
 
 import { RelationType } from "../../src/@types/event";
-import { MatrixClient } from "../../src/client";
-import { MatrixEvent, MatrixEventEvent } from "../../src/models/event";
-import { Room } from "../../src/models/room";
-import { Thread, THREAD_RELATION_TYPE } from "../../src/models/thread";
+import { type MatrixClient } from "../../src/client";
+import { type MatrixEvent, MatrixEventEvent } from "../../src/models/event";
+import { type Room } from "../../src/models/room";
+import { type Thread, THREAD_RELATION_TYPE } from "../../src/models/thread";
 import { mkMessage } from "./test-utils";
 
 export const makeThreadEvent = ({

spec/test-utils/webrtc.ts

@@ -15,32 +15,29 @@ limitations under the License.
 */
 
 import {
-    ClientEvent,
-    ClientEventHandlerMap,
+    type ClientEvent,
+    type ClientEventHandlerMap,
     EventType,
-    GroupCall,
+    type GroupCall,
     GroupCallIntent,
     GroupCallType,
-    IContent,
-    ISendEventResponse,
-    MatrixClient,
-    MatrixEvent,
-    Room,
+    type IContent,
+    type MatrixClient,
+    type MatrixEvent,
     RoomMember,
-    RoomState,
+    type RoomState,
     RoomStateEvent,
-    RoomStateEventHandlerMap,
-    SendToDeviceContentMap,
+    type RoomStateEventHandlerMap,
 } from "../../src";
 import { TypedEventEmitter } from "../../src/models/typed-event-emitter";
 import { ReEmitter } from "../../src/ReEmitter";
 import { SyncState } from "../../src/sync";
-import { CallEvent, CallEventHandlerMap, CallState, MatrixCall } from "../../src/webrtc/call";
-import { CallEventHandlerEvent, CallEventHandlerEventHandlerMap } from "../../src/webrtc/callEventHandler";
-import { CallFeed } from "../../src/webrtc/callFeed";
-import { GroupCallEventHandlerMap } from "../../src/webrtc/groupCall";
-import { GroupCallEventHandlerEvent } from "../../src/webrtc/groupCallEventHandler";
-import { IScreensharingOpts, MediaHandler } from "../../src/webrtc/mediaHandler";
+import { type CallEvent, type CallEventHandlerMap, CallState, type MatrixCall } from "../../src/webrtc/call";
+import { type CallEventHandlerEvent, type CallEventHandlerEventHandlerMap } from "../../src/webrtc/callEventHandler";
+import { type CallFeed } from "../../src/webrtc/callFeed";
+import { type GroupCallEventHandlerMap } from "../../src/webrtc/groupCall";
+import { type GroupCallEventHandlerEvent } from "../../src/webrtc/groupCallEventHandler";
+import { type IScreensharingOpts, type MediaHandler } from "../../src/webrtc/mediaHandler";
 
 export const DUMMY_SDP =
     "v=0\r\n" +
@@ -268,19 +265,20 @@ export class MockRTCRtpTransceiver {
         this.peerConn.needsNegotiation = true;
     }
 
-    public setCodecPreferences = jest.fn<void, RTCRtpCodec[]>();
+    public setCodecPreferences = vi.fn<RTCRtpTransceiver["setCodecPreferences"]>();
 }
 
-export class MockMediaStreamTrack {
+export class MockMediaStreamTrack extends EventTarget {
     constructor(
         public readonly id: string,
         public readonly kind: "audio" | "video",
         public enabled = true,
-    ) {}
+    ) {
+        super();
+    }
 
-    public stop = jest.fn<void, []>();
+    public stop = vi.fn<() => void>();
 
-    public listeners: [string, (...args: any[]) => any][] = [];
     public isStopped = false;
     public settings?: MediaTrackSettings;
 
@@ -288,45 +286,21 @@ export class MockMediaStreamTrack {
         return this.settings!;
     }
 
-    // XXX: Using EventTarget in jest doesn't seem to work, so we write our own
-    // implementation
-    public dispatchEvent(eventType: string) {
-        this.listeners.forEach(([t, c]) => {
-            if (t !== eventType) return;
-            c();
-        });
-    }
-    public addEventListener(eventType: string, callback: (...args: any[]) => any) {
-        this.listeners.push([eventType, callback]);
-    }
-    public removeEventListener(eventType: string, callback: (...args: any[]) => any) {
-        this.listeners.filter(([t, c]) => {
-            return t !== eventType || c !== callback;
-        });
-    }
-
     public typed(): MediaStreamTrack {
         return this as unknown as MediaStreamTrack;
     }
 }
 
-// XXX: Using EventTarget in jest doesn't seem to work, so we write our own
-// implementation
-export class MockMediaStream {
+export class MockMediaStream extends EventTarget {
     constructor(
         public id: string,
         private tracks: MockMediaStreamTrack[] = [],
-    ) {}
+    ) {
+        super();
+    }
 
-    public listeners: [string, (...args: any[]) => any][] = [];
     public isStopped = false;
 
-    public dispatchEvent(eventType: string) {
-        this.listeners.forEach(([t, c]) => {
-            if (t !== eventType) return;
-            c();
-        });
-    }
     public getTracks() {
         return this.tracks;
     }
@@ -336,17 +310,9 @@ export class MockMediaStream {
     public getVideoTracks() {
         return this.tracks.filter((track) => track.kind === "video");
     }
-    public addEventListener(eventType: string, callback: (...args: any[]) => any) {
-        this.listeners.push([eventType, callback]);
-    }
-    public removeEventListener(eventType: string, callback: (...args: any[]) => any) {
-        this.listeners.filter(([t, c]) => {
-            return t !== eventType || c !== callback;
-        });
-    }
     public addTrack(track: MockMediaStreamTrack) {
         this.tracks.push(track);
-        this.dispatchEvent("addtrack");
+        this.dispatchEvent(new Event("addtrack"));
     }
     public removeTrack(track: MockMediaStreamTrack) {
         this.tracks.splice(this.tracks.indexOf(track), 1);
@@ -390,7 +356,7 @@ export class MockMediaHandler {
     public stopUserMediaStream(stream: MockMediaStream) {
         stream.isStopped = true;
     }
-    public getScreensharingStream = jest.fn((opts?: IScreensharingOpts) => {
+    public getScreensharingStream = vi.fn((opts?: IScreensharingOpts) => {
         const tracks = [new MockMediaStreamTrack("screenshare_video_track", "video")];
         if (opts?.audio) tracks.push(new MockMediaStreamTrack("screenshare_audio_track", "audio"));
 
@@ -415,19 +381,19 @@ export class MockMediaHandler {
 }
 
 export class MockMediaDevices {
-    public enumerateDevices = jest
-        .fn<Promise<MediaDeviceInfo[]>, []>()
+    public enumerateDevices = vi
+        .fn<MediaDevices["enumerateDevices"]>()
         .mockResolvedValue([
             new MockMediaDeviceInfo("audioinput").typed(),
             new MockMediaDeviceInfo("videoinput").typed(),
         ]);
 
-    public getUserMedia = jest
-        .fn<Promise<MediaStream>, [MediaStreamConstraints]>()
+    public getUserMedia = vi
+        .fn<MediaDevices["getUserMedia"]>()
         .mockReturnValue(Promise.resolve(new MockMediaStream("local_stream").typed()));
 
-    public getDisplayMedia = jest
-        .fn<Promise<MediaStream>, [MediaStreamConstraints]>()
+    public getDisplayMedia = vi
+        .fn<MediaDevices["getDisplayMedia"]>()
         .mockReturnValue(Promise.resolve(new MockMediaStream("local_display_stream").typed()));
 
     public typed(): MediaDevices {
@@ -461,14 +427,8 @@ export class MockCallMatrixClient extends TypedEventEmitter<EmittedEvents, Emitt
         calls: new Map<string, MatrixCall>(),
     };
 
-    public sendStateEvent = jest.fn<
-        Promise<ISendEventResponse>,
-        [roomId: string, eventType: EventType, content: any, statekey: string]
-    >();
-    public sendToDevice = jest.fn<
-        Promise<{}>,
-        [eventType: string, contentMap: SendToDeviceContentMap, txnId?: string]
-    >();
+    public sendStateEvent = vi.fn<MatrixClient["sendStateEvent"]>();
+    public sendToDevice = vi.fn<MatrixClient["sendToDevice"]>();
 
     public isInitialSyncComplete(): boolean {
         return false;
@@ -498,11 +458,11 @@ export class MockCallMatrixClient extends TypedEventEmitter<EmittedEvents, Emitt
     public getUseE2eForGroupCall = () => false;
     public checkTurnServers = () => null;
 
-    public getSyncState = jest.fn<SyncState | null, []>().mockReturnValue(SyncState.Syncing);
+    public getSyncState = vi.fn<MatrixClient["getSyncState"]>().mockReturnValue(SyncState.Syncing);
 
-    public getRooms = jest.fn<Room[], []>().mockReturnValue([]);
-    public getRoom = jest.fn();
-    public getFoci = jest.fn();
+    public getRooms = vi.fn<MatrixClient["getRooms"]>().mockReturnValue([]);
+    public getRoom = vi.fn();
+    public getFoci = vi.fn();
 
     public supportsThreads(): boolean {
         return true;
@@ -533,20 +493,20 @@ export class MockMatrixCall extends TypedEventEmitter<CallEvent, CallEventHandle
     public opponentMember = { userId: this.opponentUserId };
     public callId = "1";
     public localUsermediaFeed = {
-        setAudioVideoMuted: jest.fn<void, [boolean, boolean]>(),
-        isAudioMuted: jest.fn().mockReturnValue(false),
-        isVideoMuted: jest.fn().mockReturnValue(false),
+        setAudioVideoMuted: vi.fn<CallFeed["setAudioVideoMuted"]>(),
+        isAudioMuted: vi.fn().mockReturnValue(false),
+        isVideoMuted: vi.fn().mockReturnValue(false),
         stream: new MockMediaStream("stream"),
     } as unknown as CallFeed;
     public remoteUsermediaFeed?: CallFeed;
     public remoteScreensharingFeed?: CallFeed;
 
-    public reject = jest.fn<void, []>();
-    public answerWithCallFeeds = jest.fn<void, [CallFeed[]]>();
-    public hangup = jest.fn<void, []>();
-    public initStats = jest.fn<void, []>();
+    public reject = vi.fn<() => void>();
+    public answerWithCallFeeds = vi.fn<MatrixCall["answerWithCallFeeds"]>();
+    public hangup = vi.fn<() => void>();
+    public initStats = vi.fn<() => void>();
 
-    public sendMetadataUpdate = jest.fn<void, []>();
+    public sendMetadataUpdate = vi.fn<() => void>();
 
     public getOpponentMember(): Partial<RoomMember> {
         return this.opponentMember;
@@ -585,11 +545,11 @@ export class MockCallFeed {
 }
 
 export function installWebRTCMocks() {
-    globalThis.navigator = {
+    vi.stubGlobal("navigator", {
         mediaDevices: new MockMediaDevices().typed(),
-    } as unknown as Navigator;
+    });
 
-    globalThis.window = {
+    vi.stubGlobal("window", {
         // @ts-ignore Mock
         RTCPeerConnection: MockRTCPeerConnection,
         // @ts-ignore Mock
@@ -597,16 +557,16 @@ export function installWebRTCMocks() {
         // @ts-ignore Mock
         RTCIceCandidate: {},
         getUserMedia: () => new MockMediaStream("local_stream"),
-    };
-    // @ts-ignore Mock
-    globalThis.document = {};
+    });
+
+    vi.stubGlobal("document", {});
 
     // @ts-ignore Mock
     globalThis.AudioContext = MockAudioContext;
 
     // @ts-ignore Mock
     globalThis.RTCRtpReceiver = {
-        getCapabilities: jest.fn<RTCRtpCapabilities, [string]>().mockReturnValue({
+        getCapabilities: vi.fn().mockReturnValue({
             codecs: [],
             headerExtensions: [],
         }),
@@ -614,7 +574,7 @@ export function installWebRTCMocks() {
 
     // @ts-ignore Mock
     globalThis.RTCRtpSender = {
-        getCapabilities: jest.fn<RTCRtpCapabilities, [string]>().mockReturnValue({
+        getCapabilities: vi.fn().mockReturnValue({
             codecs: [],
             headerExtensions: [],
         }),
@@ -631,22 +591,22 @@ export function makeMockGroupCallStateEvent(
     redacted?: boolean,
 ): MatrixEvent {
     return {
-        getType: jest.fn().mockReturnValue(EventType.GroupCallPrefix),
-        getRoomId: jest.fn().mockReturnValue(roomId),
-        getTs: jest.fn().mockReturnValue(0),
-        getContent: jest.fn().mockReturnValue(content),
-        getStateKey: jest.fn().mockReturnValue(groupCallId),
-        isRedacted: jest.fn().mockReturnValue(redacted ?? false),
+        getType: vi.fn().mockReturnValue(EventType.GroupCallPrefix),
+        getRoomId: vi.fn().mockReturnValue(roomId),
+        getTs: vi.fn().mockReturnValue(0),
+        getContent: vi.fn().mockReturnValue(content),
+        getStateKey: vi.fn().mockReturnValue(groupCallId),
+        isRedacted: vi.fn().mockReturnValue(redacted ?? false),
     } as unknown as MatrixEvent;
 }
 
 export function makeMockGroupCallMemberStateEvent(roomId: string, groupCallId: string): MatrixEvent {
     return {
-        getType: jest.fn().mockReturnValue(EventType.GroupCallMemberPrefix),
-        getRoomId: jest.fn().mockReturnValue(roomId),
-        getTs: jest.fn().mockReturnValue(0),
-        getContent: jest.fn().mockReturnValue({}),
-        getStateKey: jest.fn().mockReturnValue(groupCallId),
+        getType: vi.fn().mockReturnValue(EventType.GroupCallMemberPrefix),
+        getRoomId: vi.fn().mockReturnValue(roomId),
+        getTs: vi.fn().mockReturnValue(0),
+        getContent: vi.fn().mockReturnValue({}),
+        getStateKey: vi.fn().mockReturnValue(groupCallId),
     } as unknown as MatrixEvent;
 }
 

spec/unit/NamespacedValue.spec.ts

@@ -32,7 +32,7 @@ describe("NamespacedValue", () => {
     });
 
     it("should have a falsey unstable if needed", () => {
-        const ns = new NamespacedValue("stable");
+        const ns = new NamespacedValue("stable", null);
         expect(ns.name).toBe(ns.stable);
         expect(ns.altName).toBeFalsy();
         expect(ns.names).toEqual([ns.stable]);
@@ -61,7 +61,7 @@ describe("UnstableValue", () => {
     it("should return unstable if there is no stable", () => {
         const ns = new UnstableValue(null!, "unstable");
         expect(ns.name).toBe(ns.unstable);
-        expect(ns.altName).toBeFalsy();
+        expect(<any>ns.altName).toBeFalsy();
         expect(ns.names).toEqual([ns.unstable]);
     });
 

spec/unit/ReEmitter.spec.ts

@@ -38,7 +38,7 @@ describe("ReEmitter", function () {
         const src = new EventSource();
         const tgt = new EventTarget();
 
-        const handler = jest.fn();
+        const handler = vi.fn();
         tgt.on(EVENTNAME, handler);
 
         const reEmitter = new ReEmitter(tgt);
@@ -61,7 +61,7 @@ describe("ReEmitter", function () {
         // without the workaround in ReEmitter, this would throw
         src.doAnError();
 
-        const handler = jest.fn();
+        const handler = vi.fn();
         tgt.on("error", handler);
 
         src.doAnError();

spec/unit/ToDeviceMessageQueue.spec.ts

@@ -1,11 +1,11 @@
 import { ConnectionError } from "../../src/http-api/errors";
-import { ClientEvent, MatrixClient, Store } from "../../src/client";
+import { ClientEvent, type MatrixClient, type Store } from "../../src/client";
 import { ToDeviceMessageQueue } from "../../src/ToDeviceMessageQueue";
 import { getMockClientWithEventEmitter } from "../test-utils/client";
 import { StubStore } from "../../src/store/stub";
-import { IndexedToDeviceBatch } from "../../src/models/ToDeviceMessage";
+import { type IndexedToDeviceBatch } from "../../src/models/ToDeviceMessage";
 import { SyncState } from "../../src/sync";
-import { defer } from "../../src/utils";
+import { logger } from "../../src/logger.ts";
 
 describe("onResumedSync", () => {
     let batch: IndexedToDeviceBatch | null;
@@ -35,16 +35,16 @@ describe("onResumedSync", () => {
         };
 
         store = new StubStore();
-        store.getOldestToDeviceBatch = jest.fn().mockImplementation(() => {
+        store.getOldestToDeviceBatch = vi.fn().mockImplementation(() => {
             return batch;
         });
-        store.removeToDeviceBatch = jest.fn().mockImplementation(() => {
+        store.removeToDeviceBatch = vi.fn().mockImplementation(() => {
             batch = null;
         });
 
         mockClient = getMockClientWithEventEmitter({});
         mockClient.store = store;
-        mockClient.sendToDevice = jest.fn().mockImplementation(async () => {
+        mockClient.sendToDevice = vi.fn().mockImplementation(async () => {
             if (shouldFailSendToDevice) {
                 await Promise.reject(new ConnectionError("")).finally(() => {
                     setTimeout(onSendToDeviceFailure, 0);
@@ -56,11 +56,11 @@ describe("onResumedSync", () => {
             }
         });
 
-        queue = new ToDeviceMessageQueue(mockClient);
+        queue = new ToDeviceMessageQueue(mockClient, logger);
     });
 
     it("resends queue after connectivity restored", async () => {
-        const deferred = defer();
+        const successResolvers = Promise.withResolvers<void>();
 
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
@@ -73,15 +73,15 @@ describe("onResumedSync", () => {
         onSendToDeviceSuccess = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(3);
             expect(store.removeToDeviceBatch).toHaveBeenCalled();
-            deferred.resolve();
+            successResolvers.resolve();
         };
 
         queue.start();
-        return deferred.promise;
+        return successResolvers.promise;
     });
 
     it("does not resend queue if client sync still catching up", async () => {
-        const deferred = defer();
+        const successResolvers = Promise.withResolvers<void>();
 
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
@@ -89,15 +89,15 @@ describe("onResumedSync", () => {
 
             resumeSync(SyncState.Catchup, SyncState.Catchup);
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
-            deferred.resolve();
+            successResolvers.resolve();
         };
 
         queue.start();
-        return deferred.promise;
+        return successResolvers.promise;
     });
 
     it("does not resend queue if connectivity restored after queue stopped", async () => {
-        const deferred = defer();
+        const successResolvers = Promise.withResolvers<void>();
 
         onSendToDeviceFailure = () => {
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
@@ -107,10 +107,10 @@ describe("onResumedSync", () => {
 
             resumeSync(SyncState.Syncing, SyncState.Catchup);
             expect(store.getOldestToDeviceBatch).toHaveBeenCalledTimes(1);
-            deferred.resolve();
+            successResolvers.resolve();
         };
 
         queue.start();
-        return deferred.promise;
+        return successResolvers.promise;
     });
 });

spec/unit/autodiscovery.spec.ts

@@ -35,6 +35,7 @@ describe("AutoDiscovery", function () {
         AutoDiscovery.setFetchFn(realAutoDiscoveryFetch);
     });
 
+    // eslint-disable-next-line @vitest/expect-expect
     it("should throw an error when no domain is specified", function () {
         getHttpBackend();
         return Promise.all([
@@ -190,7 +191,7 @@ describe("AutoDiscovery", function () {
         };
         return Promise.all([
             httpBackend.flushAllExpected(),
-            AutoDiscovery.findClientConfig("example.org").then(expect(expected).toEqual),
+            AutoDiscovery.findClientConfig("example.org").then((config) => expect(config).toEqual(expected)),
         ]);
     });
 

spec/unit/content-helpers.spec.ts

@@ -29,10 +29,10 @@ describe("Beacon content helpers", () => {
     describe("makeBeaconInfoContent()", () => {
         const mockDateNow = 123456789;
         beforeEach(() => {
-            jest.spyOn(globalThis.Date, "now").mockReturnValue(mockDateNow);
+            vi.spyOn(globalThis.Date, "now").mockReturnValue(mockDateNow);
         });
         afterAll(() => {
-            jest.spyOn(globalThis.Date, "now").mockRestore();
+            vi.spyOn(globalThis.Date, "now").mockRestore();
         });
         it("create fully defined event content", () => {
             expect(makeBeaconInfoContent(1234, true, "nice beacon_info", LocationAssetType.Pin)).toEqual({
@@ -183,28 +183,43 @@ describe("Topic content helpers", () => {
         it("creates fully defined event content without html", () => {
             expect(makeTopicContent("pizza")).toEqual({
                 topic: "pizza",
-                [M_TOPIC.name]: [
-                    {
-                        body: "pizza",
-                        mimetype: "text/plain",
-                    },
-                ],
+                [M_TOPIC.name]: {
+                    "m.text": [
+                        {
+                            body: "pizza",
+                            mimetype: "text/plain",
+                        },
+                    ],
+                },
             });
         });
 
         it("creates fully defined event content with html", () => {
             expect(makeTopicContent("pizza", "<b>pizza</b>")).toEqual({
                 topic: "pizza",
-                [M_TOPIC.name]: [
-                    {
-                        body: "pizza",
-                        mimetype: "text/plain",
-                    },
-                    {
-                        body: "<b>pizza</b>",
-                        mimetype: "text/html",
-                    },
-                ],
+                [M_TOPIC.name]: {
+                    "m.text": [
+                        {
+                            body: "<b>pizza</b>",
+                            mimetype: "text/html",
+                        },
+                        {
+                            body: "pizza",
+                            mimetype: "text/plain",
+                        },
+                    ],
+                },
+            });
+        });
+
+        it("creates an empty event when the topic is falsey", () => {
+            expect(makeTopicContent(undefined)).toEqual({
+                topic: undefined,
+                [M_TOPIC.name]: { "m.text": [] },
+            });
+            expect(makeTopicContent(null)).toEqual({
+                topic: null,
+                [M_TOPIC.name]: { "m.text": [] },
             });
         });
     });
@@ -214,11 +229,13 @@ describe("Topic content helpers", () => {
             expect(
                 parseTopicContent({
                     topic: "pizza",
-                    [M_TOPIC.name]: [
-                        {
-                            body: "pizza",
-                        },
-                    ],
+                    [M_TOPIC.name]: {
+                        "m.text": [
+                            {
+                                body: "pizza",
+                            },
+                        ],
+                    },
                 }),
             ).toEqual({
                 text: "pizza",
@@ -229,12 +246,14 @@ describe("Topic content helpers", () => {
             expect(
                 parseTopicContent({
                     topic: "pizza",
-                    [M_TOPIC.name]: [
-                        {
-                            body: "pizza",
-                            mimetype: "text/plain",
-                        },
-                    ],
+                    [M_TOPIC.name]: {
+                        "m.text": [
+                            {
+                                body: "pizza",
+                                mimetype: "text/plain",
+                            },
+                        ],
+                    },
                 }),
             ).toEqual({
                 text: "pizza",
@@ -245,17 +264,63 @@ describe("Topic content helpers", () => {
             expect(
                 parseTopicContent({
                     topic: "pizza",
-                    [M_TOPIC.name]: [
-                        {
-                            body: "<b>pizza</b>",
-                            mimetype: "text/html",
-                        },
-                    ],
+                    [M_TOPIC.name]: {
+                        "m.text": [
+                            {
+                                body: "<b>pizza</b>",
+                                mimetype: "text/html",
+                            },
+                        ],
+                    },
                 }),
             ).toEqual({
                 text: "pizza",
                 html: "<b>pizza</b>",
             });
         });
+
+        it("parses legacy event content", () => {
+            expect(
+                parseTopicContent({
+                    topic: "pizza",
+                }),
+            ).toEqual({
+                text: "pizza",
+            });
+        });
+
+        // TODO delete this test and re-enable the next one after support for the invalid form is removed
+        //      https://github.com/matrix-org/matrix-js-sdk/pull/4984#pullrequestreview-3174251065
+        it("parses malformed event content with html topic", () => {
+            expect(
+                parseTopicContent({
+                    "topic": "pizza",
+                    "m.topic": [
+                        {
+                            body: "<b>pizza</b>",
+                            mimetype: "text/html",
+                        },
+                    ] as any,
+                }),
+            ).toEqual({
+                text: "pizza",
+                html: "<b>pizza</b>",
+            });
+        });
+        it.skip("uses legacy event content when new topic key is invalid", () => {
+            expect(
+                parseTopicContent({
+                    "topic": "pizza",
+                    "m.topic": [
+                        {
+                            body: "<b>pizza</b>",
+                            mimetype: "text/html",
+                        },
+                    ] as any,
+                }),
+            ).toEqual({
+                text: "pizza",
+            });
+        });
     });
 });

spec/unit/crypto/CrossSigningInfo.spec.ts

@@ -1,243 +0,0 @@
-/*
-Copyright 2020 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import "../../olm-loader";
-import { CrossSigningInfo, createCryptoStoreCacheCallbacks } from "../../../src/crypto/CrossSigning";
-import { IndexedDBCryptoStore } from "../../../src/crypto/store/indexeddb-crypto-store";
-import { MemoryCryptoStore } from "../../../src/crypto/store/memory-crypto-store";
-import "fake-indexeddb/auto";
-import "jest-localstorage-mock";
-import { OlmDevice } from "../../../src/crypto/OlmDevice";
-import { logger } from "../../../src/logger";
-
-const userId = "@alice:example.com";
-
-// Private key for tests only
-const testKey = new Uint8Array([
-    0xda, 0x5a, 0x27, 0x60, 0xe3, 0x3a, 0xc5, 0x82, 0x9d, 0x12, 0xc3, 0xbe, 0xe8, 0xaa, 0xc2, 0xef, 0xae, 0xb1, 0x05,
-    0xc1, 0xe7, 0x62, 0x78, 0xa6, 0xd7, 0x1f, 0xf8, 0x2c, 0x51, 0x85, 0xf0, 0x1d,
-]);
-
-const types = [
-    { type: "master", shouldCache: true },
-    { type: "self_signing", shouldCache: true },
-    { type: "user_signing", shouldCache: true },
-    { type: "invalid", shouldCache: false },
-];
-
-const badKey = Uint8Array.from(testKey);
-badKey[0] ^= 1;
-
-const masterKeyPub = "nqOvzeuGWT/sRx3h7+MHoInYj3Uk2LD/unI9kDYcHwk";
-
-describe("CrossSigningInfo.getCrossSigningKey", function () {
-    if (!globalThis.Olm) {
-        logger.warn("Not running megolm backup unit tests: libolm not present");
-        return;
-    }
-
-    beforeAll(function () {
-        return globalThis.Olm.init();
-    });
-
-    it("should throw if no callback is provided", async () => {
-        const info = new CrossSigningInfo(userId);
-        await expect(info.getCrossSigningKey("master")).rejects.toThrow();
-    });
-
-    it.each(types)("should throw if the callback returns falsey", async ({ type, shouldCache }) => {
-        const info = new CrossSigningInfo(userId, {
-            getCrossSigningKey: async () => false as unknown as Uint8Array,
-        });
-        await expect(info.getCrossSigningKey(type)).rejects.toThrow("falsey");
-    });
-
-    it("should throw if the expected key doesn't come back", async () => {
-        const info = new CrossSigningInfo(userId, {
-            getCrossSigningKey: async () => masterKeyPub as unknown as Uint8Array,
-        });
-        await expect(info.getCrossSigningKey("master", "")).rejects.toThrow();
-    });
-
-    it("should return a key from its callback", async () => {
-        const info = new CrossSigningInfo(userId, {
-            getCrossSigningKey: async () => testKey,
-        });
-        const [pubKey, pkSigning] = await info.getCrossSigningKey("master", masterKeyPub);
-        expect(pubKey).toEqual(masterKeyPub);
-        // check that the pkSigning object corresponds to the pubKey
-        const signature = pkSigning.sign("message");
-        const util = new globalThis.Olm.Utility();
-        try {
-            util.ed25519_verify(pubKey, "message", signature);
-        } finally {
-            util.free();
-        }
-    });
-
-    it.each(types)(
-        "should request a key from the cache callback (if set)" + " and does not call app if one is found" + " %o",
-        async ({ type, shouldCache }) => {
-            const getCrossSigningKey = jest.fn().mockImplementation(() => {
-                if (shouldCache) {
-                    return Promise.reject(new Error("Regular callback called"));
-                } else {
-                    return Promise.resolve(testKey);
-                }
-            });
-            const getCrossSigningKeyCache = jest.fn().mockResolvedValue(testKey);
-            const info = new CrossSigningInfo(userId, { getCrossSigningKey }, { getCrossSigningKeyCache });
-            const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
-            expect(pubKey).toEqual(masterKeyPub);
-            expect(getCrossSigningKeyCache).toHaveBeenCalledTimes(shouldCache ? 1 : 0);
-            if (shouldCache) {
-                // eslint-disable-next-line jest/no-conditional-expect
-                expect(getCrossSigningKeyCache).toHaveBeenLastCalledWith(type, expect.any(String));
-            }
-        },
-    );
-
-    it.each(types)("should store a key with the cache callback (if set)", async ({ type, shouldCache }) => {
-        const getCrossSigningKey = jest.fn().mockResolvedValue(testKey);
-        const storeCrossSigningKeyCache = jest.fn().mockResolvedValue(undefined);
-        const info = new CrossSigningInfo(userId, { getCrossSigningKey }, { storeCrossSigningKeyCache });
-        const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
-        expect(pubKey).toEqual(masterKeyPub);
-        expect(storeCrossSigningKeyCache).toHaveBeenCalledTimes(shouldCache ? 1 : 0);
-        if (shouldCache) {
-            // eslint-disable-next-line jest/no-conditional-expect
-            expect(storeCrossSigningKeyCache).toHaveBeenLastCalledWith(type, testKey);
-        }
-    });
-
-    it.each(types)("does not store a bad key to the cache", async ({ type, shouldCache }) => {
-        const getCrossSigningKey = jest.fn().mockResolvedValue(badKey);
-        const storeCrossSigningKeyCache = jest.fn().mockResolvedValue(undefined);
-        const info = new CrossSigningInfo(userId, { getCrossSigningKey }, { storeCrossSigningKeyCache });
-        await expect(info.getCrossSigningKey(type, masterKeyPub)).rejects.toThrow();
-        expect(storeCrossSigningKeyCache.mock.calls.length).toEqual(0);
-    });
-
-    it.each(types)("does not store a value to the cache if it came from the cache", async ({ type, shouldCache }) => {
-        const getCrossSigningKey = jest.fn().mockImplementation(() => {
-            if (shouldCache) {
-                return Promise.reject(new Error("Regular callback called"));
-            } else {
-                return Promise.resolve(testKey);
-            }
-        });
-        const getCrossSigningKeyCache = jest.fn().mockResolvedValue(testKey);
-        const storeCrossSigningKeyCache = jest.fn().mockRejectedValue(new Error("Tried to store a value from cache"));
-        const info = new CrossSigningInfo(
-            userId,
-            { getCrossSigningKey },
-            { getCrossSigningKeyCache, storeCrossSigningKeyCache },
-        );
-        expect(storeCrossSigningKeyCache.mock.calls.length).toBe(0);
-        const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
-        expect(pubKey).toEqual(masterKeyPub);
-    });
-
-    it.each(types)(
-        "requests a key from the cache callback (if set) and then calls app" + " if one is not found",
-        async ({ type, shouldCache }) => {
-            const getCrossSigningKey = jest.fn().mockResolvedValue(testKey);
-            const getCrossSigningKeyCache = jest.fn().mockResolvedValue(undefined);
-            const storeCrossSigningKeyCache = jest.fn();
-            const info = new CrossSigningInfo(
-                userId,
-                { getCrossSigningKey },
-                { getCrossSigningKeyCache, storeCrossSigningKeyCache },
-            );
-            const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
-            expect(pubKey).toEqual(masterKeyPub);
-            expect(getCrossSigningKey.mock.calls.length).toBe(1);
-            expect(getCrossSigningKeyCache.mock.calls.length).toBe(shouldCache ? 1 : 0);
-
-            /* Also expect that the cache gets updated */
-            expect(storeCrossSigningKeyCache.mock.calls.length).toBe(shouldCache ? 1 : 0);
-        },
-    );
-
-    it.each(types)(
-        "requests a key from the cache callback (if set) and then" + " calls app if that key doesn't match",
-        async ({ type, shouldCache }) => {
-            const getCrossSigningKey = jest.fn().mockResolvedValue(testKey);
-            const getCrossSigningKeyCache = jest.fn().mockResolvedValue(badKey);
-            const storeCrossSigningKeyCache = jest.fn();
-            const info = new CrossSigningInfo(
-                userId,
-                { getCrossSigningKey },
-                { getCrossSigningKeyCache, storeCrossSigningKeyCache },
-            );
-            const [pubKey] = await info.getCrossSigningKey(type, masterKeyPub);
-            expect(pubKey).toEqual(masterKeyPub);
-            expect(getCrossSigningKey.mock.calls.length).toBe(1);
-            expect(getCrossSigningKeyCache.mock.calls.length).toBe(shouldCache ? 1 : 0);
-
-            /* Also expect that the cache gets updated */
-            expect(storeCrossSigningKeyCache.mock.calls.length).toBe(shouldCache ? 1 : 0);
-        },
-    );
-});
-
-/*
- * Note that MemoryStore is weird.  It's only used for testing - as far as I can tell,
- * it's not possible to get one in normal execution unless you hack as we do here.
- */
-describe.each([
-    ["IndexedDBCryptoStore", () => new IndexedDBCryptoStore(globalThis.indexedDB, "tests")],
-    ["LocalStorageCryptoStore", () => new IndexedDBCryptoStore(undefined!, "tests")],
-    [
-        "MemoryCryptoStore",
-        () => {
-            const store = new IndexedDBCryptoStore(undefined!, "tests");
-            // @ts-ignore set private properties
-            store._backend = new MemoryCryptoStore();
-            // @ts-ignore
-            store._backendPromise = Promise.resolve(store._backend);
-            return store;
-        },
-    ],
-])("CrossSigning > createCryptoStoreCacheCallbacks [%s]", function (name, dbFactory) {
-    let store: IndexedDBCryptoStore;
-
-    beforeAll(() => {
-        store = dbFactory();
-    });
-
-    beforeEach(async () => {
-        await store.deleteAllData();
-    });
-
-    it("should cache data to the store and retrieve it", async () => {
-        await store.startup();
-        const olmDevice = new OlmDevice(store);
-        const { getCrossSigningKeyCache, storeCrossSigningKeyCache } = createCryptoStoreCacheCallbacks(
-            store,
-            olmDevice,
-        );
-        await storeCrossSigningKeyCache!("self_signing", testKey);
-
-        // If we've not saved anything, don't expect anything
-        // Definitely don't accidentally return the wrong key for the type
-        const nokey = await getCrossSigningKeyCache!("self", "");
-        expect(nokey).toBeNull();
-
-        const key = await getCrossSigningKeyCache!("self_signing", "");
-        expect(new Uint8Array(key!)).toEqual(testKey);
-    });
-});