Newsfile

.ci/before_build_wheel.sh

@@ -7,4 +7,4 @@ if command -v yum &> /dev/null; then
 fi
 
 # Install a Rust toolchain
-curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y --profile minimal
+curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.82.0 -y --profile minimal

.gitattributes

@@ -1 +0,0 @@
-.github/workflows/* merge=ours

.github/workflows/docker.yml

@@ -0,0 +1,155 @@
+# GitHub actions workflow which builds and publishes the docker images.
+
+name: Build docker images
+
+on:
+  push:
+    tags: ["v*"]
+    branches: [master, main, develop]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write # needed for signing the images with GitHub OIDC Token
+jobs:
+  build:
+    name: Build and push image for ${{ matrix.platform }}
+    runs-on: ${{ matrix.runs_on }}
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runs_on: ubuntu-24.04
+            suffix: linux-amd64
+          - platform: linux/arm64
+            runs_on: ubuntu-24.04-arm
+            suffix: linux-arm64
+    steps:
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Extract version from pyproject.toml
+        # Note: explicitly requesting bash will mean bash is invoked with `-eo pipefail`, see
+        # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell
+        shell: bash
+        run: |
+          echo "SYNAPSE_VERSION=$(grep "^version" pyproject.toml | sed -E 's/version\s*=\s*["]([^"]*)["]/\1/')" >> $GITHUB_ENV
+
+      - name: Log in to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GHCR
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        with:
+          push: true
+          labels: |
+            gitsha1=${{ github.sha }}
+            org.opencontainers.image.version=${{ env.SYNAPSE_VERSION }}
+          tags: |
+            docker.io/matrixdotorg/synapse
+            ghcr.io/element-hq/synapse
+          file: "docker/Dockerfile"
+          platforms: ${{ matrix.platform }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v5
+        with:
+          name: digests-${{ matrix.suffix }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  merge:
+    name: Push merged images to ${{ matrix.repository }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        repository:
+          - docker.io/matrixdotorg/synapse
+          - ghcr.io/element-hq/synapse
+
+    needs:
+      - build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Log in to DockerHub
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        if: ${{ startsWith(matrix.repository, 'docker.io') }}
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Log in to GHCR
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        if: ${{ startsWith(matrix.repository, 'ghcr.io') }}
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
+
+      - name: Calculate docker image tag
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        with:
+          images: ${{ matrix.repository }}
+          flavor: |
+            latest=false
+          tags: |
+            type=raw,value=develop,enable=${{ github.ref == 'refs/heads/develop' }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=pep440,pattern={{raw}}
+            type=sha
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        env:
+          REPOSITORY: ${{ matrix.repository }}
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf "$REPOSITORY@sha256:%s " *)
+
+      - name: Sign each manifest
+        env:
+          REPOSITORY: ${{ matrix.repository }}
+        run: |
+          DIGESTS=""
+          for TAG in $(echo "$DOCKER_METADATA_OUTPUT_JSON" | jq -r '.tags[]'); do
+            DIGEST="$(docker buildx imagetools inspect $TAG --format '{{json .Manifest}}' | jq -r '.digest')"
+            DIGESTS="$DIGESTS $REPOSITORY@$DIGEST"
+          done
+          cosign sign --yes $DIGESTS

.github/workflows/docs-pr.yaml

@@ -0,0 +1,71 @@
+name: Prepare documentation PR preview
+
+on:
+  pull_request:
+    paths:
+      - docs/**
+      - book.toml
+      - .github/workflows/docs-pr.yaml
+      - scripts-dev/schema_versions.py
+
+jobs:
+  pages:
+    name: GitHub Pages
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # Fetch all history so that the schema_versions script works.
+          fetch-depth: 0
+
+      - name: Setup mdbook
+        uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
+        with:
+          mdbook-version: '0.4.17'
+
+      - name: Setup python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+
+      - run: "pip install 'packaging>=20.0' 'GitPython>=3.1.20'"
+
+      - name: Build the documentation
+        # mdbook will only create an index.html if we're including docs/README.md in SUMMARY.md.
+        # However, we're using docs/README.md for other purposes and need to pick a new page
+        # as the default. Let's opt for the welcome page instead.
+        run: |
+          mdbook build
+          cp book/welcome_and_overview.html book/index.html
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: book
+          path: book
+          # We'll only use this in a workflow_run, then we're done with it
+          retention-days: 1
+
+  link-check:
+    name: Check links in documentation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Setup mdbook
+        uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
+        with:
+          mdbook-version: '0.4.17'
+
+      - name: Setup htmltest
+        run: |
+          wget https://github.com/wjdp/htmltest/releases/download/v0.17.0/htmltest_0.17.0_linux_amd64.tar.gz
+          echo '775c597ee74899d6002cd2d93076f897f4ba68686bceabe2e5d72e84c57bc0fb  htmltest_0.17.0_linux_amd64.tar.gz' | sha256sum -c
+          tar zxf htmltest_0.17.0_linux_amd64.tar.gz
+
+      - name: Test links with htmltest
+        # Build the book with `./` as the site URL (to make checks on 404.html possible)
+        # Then run htmltest (without checking external links since that involves the network and is slow).
+        run: |
+          MDBOOK_OUTPUT__HTML__SITE_URL="./" mdbook build
+          ./htmltest book --skip-external

.github/workflows/docs.yaml

@@ -0,0 +1,99 @@
+name: Deploy the documentation
+
+on:
+  push:
+    branches:
+      # For bleeding-edge documentation
+      - develop
+      # For documentation specific to a release
+      - 'release-v*'
+      # stable docs
+      - master
+
+  workflow_dispatch:
+
+jobs:
+  pre:
+    name: Calculate variables for GitHub Pages deployment
+    runs-on: ubuntu-latest
+    steps:
+      # Figure out the target directory.
+      #
+      # The target directory depends on the name of the branch
+      #
+      - name: Get the target directory name
+        id: vars
+        run: |
+          # first strip the 'refs/heads/' prefix with some shell foo
+          branch="${GITHUB_REF#refs/heads/}"
+
+          case $branch in
+              release-*)
+                  # strip 'release-' from the name for release branches.
+                  branch="${branch#release-}"
+                  ;;
+              master)
+                  # deploy to "latest" for the master branch.
+                  branch="latest"
+                  ;;
+          esac
+
+          # finally, set the 'branch-version' var.
+          echo "branch-version=$branch" >> "$GITHUB_OUTPUT"
+    outputs:
+      branch-version: ${{ steps.vars.outputs.branch-version }}
+
+################################################################################
+  pages-docs:
+    name: GitHub Pages
+    runs-on: ubuntu-latest
+    needs:
+      - pre
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # Fetch all history so that the schema_versions script works.
+          fetch-depth: 0
+
+      - name: Setup mdbook
+        uses: peaceiris/actions-mdbook@ee69d230fe19748b7abf22df32acaa93833fad08 # v2.0.0
+        with:
+          mdbook-version: '0.4.17'
+
+      - name: Set version of docs
+        run: echo 'window.SYNAPSE_VERSION = "${{ needs.pre.outputs.branch-version }}";' > ./docs/website_files/version.js
+
+      - name: Setup python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+
+      - run: "pip install 'packaging>=20.0' 'GitPython>=3.1.20'"
+
+      - name: Build the documentation
+        # mdbook will only create an index.html if we're including docs/README.md in SUMMARY.md.
+        # However, we're using docs/README.md for other purposes and need to pick a new page
+        # as the default. Let's opt for the welcome page instead.
+        run: |
+          mdbook build
+          cp book/welcome_and_overview.html book/index.html
+
+      - name: Prepare and publish schema files
+        run: |
+          sudo apt-get update && sudo apt-get install -y yq
+          mkdir -p book/schema
+          # Remove developer notice before publishing.
+          rm schema/v*/Do\ not\ edit\ files\ in\ this\ folder
+          # Copy schema files that are independent from current Synapse version.
+          cp -r -t book/schema schema/v*/
+          # Convert config schema from YAML source file to JSON.
+          yq < schema/synapse-config.schema.yaml \
+            > book/schema/synapse-config.schema.json
+
+      # Deploy to the target directory.
+      - name: Deploy to gh pages
+        uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          publish_dir: ./book
+          destination_dir: ./${{ needs.pre.outputs.branch-version }}

.github/workflows/fix_lint.yaml

@@ -0,0 +1,52 @@
+# A helper workflow to automatically fixup any linting errors on a PR. Must be
+# triggered manually.
+
+name: Attempt to automatically fix linting errors
+
+on:
+  workflow_dispatch:
+
+env:
+  # We use nightly so that `fmt` correctly groups together imports, and
+  # clippy correctly fixes up the benchmarks.
+  RUST_VERSION: nightly-2025-06-24
+
+jobs:
+  fixup:
+    name: Fix up
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+          components: clippy, rustfmt
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Setup Poetry
+        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          install-project: "false"
+          poetry-version: "2.1.1"
+
+      - name: Run ruff check
+        continue-on-error: true
+        run: poetry run ruff check --fix .
+
+      - name: Run ruff format
+        continue-on-error: true
+        run: poetry run ruff format --quiet .
+
+      - run: cargo clippy --all-features --fix -- -D warnings
+        continue-on-error: true
+
+      - run: cargo fmt
+        continue-on-error: true
+
+      - uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
+        with:
+          commit_message: "Attempt to fix linting"

.github/workflows/latest_deps.yml

@@ -0,0 +1,243 @@
+# People who are freshly `pip install`ing from PyPI will pull in the latest versions of
+# dependencies which match the broad requirements. Since most CI runs are against
+# the locked poetry environment, run specifically against the latest dependencies to
+# know if there's an upcoming breaking change.
+#
+# As an overview this workflow:
+# - checks out develop,
+# - installs from source, pulling in the dependencies like a fresh `pip install` would, and
+# - runs mypy and test suites in that checkout.
+#
+# Based on the twisted trunk CI job.
+
+name: Latest dependencies
+
+on:
+  schedule:
+    - cron: 0 7 * * *
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  RUST_VERSION: 1.87.0
+
+jobs:
+  check_repo:
+    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
+    # only useful to the Synapse core team.
+    # All other workflow steps depend on this one, thus if 'should_run_workflow' is not 'true', the rest
+    # of the workflow will be skipped as well.
+    runs-on: ubuntu-latest
+    outputs:
+      should_run_workflow: ${{ steps.check_condition.outputs.should_run_workflow }}
+    steps:
+      - id: check_condition
+        run: echo "should_run_workflow=${{ github.repository == 'element-hq/synapse' }}" >> "$GITHUB_OUTPUT"
+
+  mypy:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      # The dev dependencies aren't exposed in the wheel metadata (at least with current
+      # poetry-core versions), so we install with poetry.
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: "3.x"
+          poetry-version: "2.1.1"
+          extras: "all"
+      # Dump installed versions for debugging.
+      - run: poetry run pip list > before.txt
+      # Upgrade all runtime dependencies only. This is intended to mimic a fresh
+      # `pip install matrix-synapse[all]` as closely as possible.
+      - run: poetry update --without dev
+      - run: poetry run pip list > after.txt && (diff -u before.txt after.txt || true)
+      - name: Remove unhelpful options from mypy config
+        run: sed -e '/warn_unused_ignores = True/d' -e '/warn_redundant_casts = True/d' -i mypy.ini
+      - run: poetry run mypy
+  trial:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - database: "sqlite"
+          - database: "postgres"
+            postgres-version: "14"
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: sudo apt-get -qq install xmlsec1
+      - name: Set up PostgreSQL ${{ matrix.postgres-version }}
+        if: ${{ matrix.postgres-version }}
+        run: |
+          docker run -d -p 5432:5432 \
+            -e POSTGRES_PASSWORD=postgres \
+            -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
+            postgres:${{ matrix.postgres-version }}
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - run: pip install .[all,test]
+      - name: Await PostgreSQL
+        if: ${{ matrix.postgres-version }}
+        timeout-minutes: 2
+        run: until pg_isready -h localhost; do sleep 1; done
+
+      # We nuke the local copy, as we've installed synapse into the virtualenv
+      # (rather than use an editable install, which we no longer support). If we
+      # don't do this then python can't find the native lib.
+      - run: rm -rf synapse/
+
+      - run: python -m twisted.trial --jobs=2 tests
+        env:
+          SYNAPSE_POSTGRES: ${{ matrix.database == 'postgres' || '' }}
+          SYNAPSE_POSTGRES_HOST: localhost
+          SYNAPSE_POSTGRES_USER: postgres
+          SYNAPSE_POSTGRES_PASSWORD: postgres
+      - name: Dump logs
+        # Logs are most useful when the command fails, always include them.
+        if: ${{ always() }}
+        # Note: Dumps to workflow logs instead of using actions/upload-artifact
+        #       This keeps logs colocated with failing jobs
+        #       It also ignores find's exit code; this is a best effort affair
+        run: >-
+          find _trial_temp -name '*.log'
+          -exec echo "::group::{}" \;
+          -exec cat {} \;
+          -exec echo "::endgroup::" \;
+          || true
+
+
+  sytest:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+    container:
+      image: matrixdotorg/sytest-synapse:testing
+      volumes:
+        - ${{ github.workspace }}:/src
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - sytest-tag: bookworm
+
+          - sytest-tag: bookworm
+            postgres: postgres
+            workers: workers
+            redis: redis
+    env:
+      POSTGRES: ${{ matrix.postgres && 1}}
+      WORKERS: ${{ matrix.workers && 1 }}
+      REDIS: ${{ matrix.redis && 1 }}
+      BLACKLIST: ${{ matrix.workers && 'synapse-blacklist-with-workers' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Ensure sytest runs `pip install`
+        # Delete the lockfile so sytest will `pip install` rather than `poetry install`
+        run: rm /src/poetry.lock
+        working-directory: /src
+      - name: Prepare test blacklist
+        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
+      - name: Run SyTest
+        run: /bootstrap.sh synapse
+        working-directory: /src
+      - name: Summarise results.tap
+        if: ${{ always() }}
+        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
+      - name: Upload SyTest logs
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        if: ${{ always() }}
+        with:
+          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.*, ', ') }})
+          path: |
+            /logs/results.tap
+            /logs/**/*.log*
+
+
+  complement:
+    needs: check_repo
+    if: "!failure() && !cancelled() && needs.check_repo.outputs.should_run_workflow == 'true'"
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arrangement: monolith
+            database: SQLite
+
+          - arrangement: monolith
+            database: Postgres
+
+          - arrangement: workers
+            database: Postgres
+
+    steps:
+      - name: Check out synapse codebase
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: synapse
+
+      - name: Prepare Complement's Prerequisites
+        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
+
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        with:
+          cache-dependency-path: complement/go.sum
+          go-version-file: complement/go.mod
+
+      - run: |
+          set -o pipefail
+          TEST_ONLY_IGNORE_POETRY_LOCKFILE=1 POSTGRES=${{ (matrix.database == 'Postgres') && 1 || '' }} WORKERS=${{ (matrix.arrangement == 'workers') && 1 || '' }} COMPLEMENT_DIR=`pwd`/complement synapse/scripts-dev/complement.sh -json 2>&1 | synapse/.ci/scripts/gotestfmt
+        shell: bash
+        name: Run Complement Tests
+
+  # Open an issue if the build fails, so we know about it.
+  # Only do this if we're not experimenting with this action in a PR.
+  open-issue:
+    if: "failure() && github.event_name != 'push' && github.event_name != 'pull_request' && needs.check_repo.outputs.should_run_workflow == 'true'"
+    needs:
+      # TODO: should mypy be included here? It feels more brittle than the others.
+      - mypy
+      - trial
+      - sytest
+      - complement
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          update_existing: true
+          filename: .ci/latest_deps_build_failed_issue_template.md

.github/workflows/poetry_lockfile.yaml

@@ -0,0 +1,24 @@
+on:
+  push:
+    branches: ["develop", "release-*"]
+    paths:
+      - poetry.lock
+  pull_request:
+    paths:
+      - poetry.lock
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-sdists:
+    name: "Check locked dependencies have sdists"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: '3.x'
+      - run: pip install tomli
+      - run: ./scripts-dev/check_locked_deps_have_sdists.py

.github/workflows/push_complement_image.yml

@@ -0,0 +1,74 @@
+# This task does not run complement tests, see tests.yaml instead.
+# This task does not build docker images for synapse for use on docker hub, see docker.yaml instead
+
+name: Store complement-synapse image in ghcr.io
+on:
+  push:
+    branches: [ "master" ]
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch:
+    inputs:
+      branch:
+        required: true
+        default: 'develop'
+        type: choice
+        options:
+          - develop
+          - master
+
+# Only run this action once per pull request/branch; restart if a new commit arrives.
+# C.f. https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency
+# and https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#github-context
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    name: Build and push complement image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout specific branch (debug build)
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        if: github.event_name == 'workflow_dispatch'
+        with:
+          ref: ${{ inputs.branch }}
+      - name: Checkout clean copy of develop (scheduled build)
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        if: github.event_name == 'schedule'
+        with:
+          ref: develop
+      - name: Checkout clean copy of master (on-push)
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        if: github.event_name == 'push'
+        with:
+          ref: master
+      - name: Login to registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Work out labels for complement image
+        id: meta
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
+        with:
+          images: ghcr.io/${{ github.repository }}/complement-synapse
+          tags: |
+            type=schedule,pattern=nightly,enable=${{ github.event_name == 'schedule'}}
+            type=raw,value=develop,enable=${{ github.event_name == 'schedule' || inputs.branch == 'develop' }}
+            type=raw,value=latest,enable=${{ github.event_name == 'push' || inputs.branch == 'master' }}
+            type=sha,format=long
+      - name: Run scripts-dev/complement.sh to generate complement-synapse:latest image.
+        run: scripts-dev/complement.sh --build-only
+      - name: Tag and push generated image
+        run: |
+          for TAG in ${{ join(fromJson(steps.meta.outputs.json).tags, ' ') }}; do 
+            echo "tag and push $TAG"
+            docker tag complement-synapse $TAG
+            docker push $TAG
+          done

.github/workflows/release-artifacts.yml

@@ -0,0 +1,208 @@
+# GitHub actions workflow which builds the release artifacts.
+
+name: Build release artifacts
+
+on:
+  # we build on PRs and develop to (hopefully) get early warning
+  # of things breaking (but only build one set of debs). PRs skip
+  # building wheels on macOS & ARM.
+  pull_request:
+  push:
+    branches: ["develop", "release-*"]
+
+    # we do the full build on tags.
+    tags: ["v*"]
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+
+jobs:
+  get-distros:
+    name: "Calculate list of debian distros"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - id: set-distros
+        run: |
+          # if we're running from a tag, get the full list of distros; otherwise just use debian:sid
+          # NOTE: inside the actual Dockerfile-dhvirtualenv, the image name is expanded into its full image path
+          dists='["debian:sid"]'
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+              dists=$(scripts-dev/build_debian_packages.py --show-dists-json)
+          fi
+          echo "distros=$dists" >> "$GITHUB_OUTPUT"
+    # map the step outputs to job outputs
+    outputs:
+      distros: ${{ steps.set-distros.outputs.distros }}
+
+  # now build the packages with a matrix build.
+  build-debs:
+    needs: get-distros
+    name: "Build .deb packages"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro: ${{ fromJson(needs.get-distros.outputs.distros) }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: src
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        with:
+          install: true
+
+      - name: Set up docker layer caching
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Set up python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+
+      - name: Build the packages
+        # see https://github.com/docker/build-push-action/issues/252
+        # for the cache magic here
+        run: |
+          ./src/scripts-dev/build_debian_packages.py \
+            --docker-build-arg=--cache-from=type=local,src=/tmp/.buildx-cache \
+            --docker-build-arg=--cache-to=type=local,mode=max,dest=/tmp/.buildx-cache-new \
+            --docker-build-arg=--progress=plain \
+            --docker-build-arg=--load \
+            "${{ matrix.distro }}"
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+      - name: Artifact name
+        id: artifact-name
+        # We can't have colons in the upload name of the artifact, so we convert
+        # e.g. `debian:sid` to `sid`.
+        env:
+          DISTRO: ${{ matrix.distro }}
+        run: |
+          echo "ARTIFACT_NAME=${DISTRO#*:}" >> "$GITHUB_OUTPUT"
+
+      - name: Upload debs as artifacts
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: debs-${{ steps.artifact-name.outputs.ARTIFACT_NAME }}
+          path: debs/*
+
+  build-wheels:
+    name: Build wheels on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os:
+          - ubuntu-24.04
+          - ubuntu-24.04-arm
+        # is_pr is a flag used to exclude certain jobs from the matrix on PRs.
+        # It is not read by the rest of the workflow.
+        is_pr:
+          - ${{ startsWith(github.ref, 'refs/pull/') }}
+
+        exclude:
+          # Don't build aarch64 wheels on PR CI.
+          - is_pr: true
+            os: "ubuntu-24.04-arm"
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          # setup-python@v4 doesn't impose a default python version. Need to use 3.x
+          # here, because `python` on osx points to Python 2.7.
+          python-version: "3.x"
+
+      - name: Install cibuildwheel
+        run: python -m pip install cibuildwheel==3.2.1
+
+      - name: Only build a single wheel on PR
+        if: startsWith(github.ref, 'refs/pull/')
+        run: echo "CIBW_BUILD="cp310-manylinux_*"" >> $GITHUB_ENV
+
+      - name: Build wheels
+        run: python -m cibuildwheel --output-dir wheelhouse
+        env:
+          # The platforms that we build for are determined by the
+          # `tool.cibuildwheel.skip` option in `pyproject.toml`.
+
+          # We skip testing wheels for the following platforms in CI:
+          #
+          # pp3*-* (PyPy wheels) broke in CI (TODO: investigate).
+          # musl: (TODO: investigate).
+          CIBW_TEST_SKIP: pp3*-* *musl*
+
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: Wheel-${{ matrix.os }}
+          path: ./wheelhouse/*.whl
+
+  build-sdist:
+    name: Build sdist
+    runs-on: ubuntu-latest
+    if: ${{ !startsWith(github.ref, 'refs/pull/') }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.10"
+
+      - run: pip install build
+
+      - name: Build sdist
+        run: python -m build --sdist
+
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        with:
+          name: Sdist
+          path: dist/*.tar.gz
+
+  # if it's a tag, create a release and attach the artifacts to it
+  attach-assets:
+    name: "Attach assets to release"
+    if: ${{ !failure() && !cancelled() && startsWith(github.ref, 'refs/tags/') }}
+    needs:
+      - build-debs
+      - build-wheels
+      - build-sdist
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all workflow run artifacts
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
+      - name: Build a tarball for the debs
+        # We need to merge all the debs uploads into one folder, then compress
+        # that.
+        run: |
+          mkdir debs
+          mv debs*/* debs/
+          tar -cvJf debs.tar.xz debs
+      - name: Attach to release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release upload "${{ github.ref_name }}" \
+            Sdist/* \
+            Wheel*/* \
+            debs.tar.xz \
+            --repo ${{ github.repository }}

.github/workflows/schema.yaml

@@ -0,0 +1,57 @@
+name: Schema
+
+on:
+  pull_request:
+    paths:
+      - schema/**
+      - docs/usage/configuration/config_documentation.md
+  push:
+    branches: ["develop", "release-*"]
+  workflow_dispatch:
+
+jobs:
+  validate-schema:
+    name: Ensure Synapse config schema is valid
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - name: Install check-jsonschema
+        run: pip install check-jsonschema==0.33.0
+
+      - name: Validate meta schema
+        run: check-jsonschema --check-metaschema schema/v*/meta.schema.json
+      - name: Validate schema
+        run: |-
+          # Please bump on introduction of a new meta schema.
+          LATEST_META_SCHEMA_VERSION=v1
+          check-jsonschema \
+            --schemafile="schema/$LATEST_META_SCHEMA_VERSION/meta.schema.json" \
+            schema/synapse-config.schema.yaml
+      - name: Validate default config
+      # Populates the empty instance with default values and checks against the schema.
+        run: |-
+          echo "{}" | check-jsonschema \
+            --fill-defaults --schemafile=schema/synapse-config.schema.yaml -
+
+  check-doc-generation:
+    name: Ensure generated documentation is up-to-date
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - name: Install PyYAML
+        run: pip install PyYAML==6.0.2
+
+      - name: Regenerate config documentation
+        run: |
+          scripts-dev/gen_config_documentation.py \
+            schema/synapse-config.schema.yaml \
+          > docs/usage/configuration/config_documentation.md
+      - name: Error in case of any differences
+      # Errors if there are now any modified files (untracked files are ignored).
+        run: 'git diff --exit-code'

.github/workflows/tests.yml

@@ -0,0 +1,790 @@
+name: Tests
+
+on:
+  push:
+    branches: ["develop", "release-*"]
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  RUST_VERSION: 1.87.0
+
+jobs:
+  # Job to detect what has changed so we don't run e.g. Rust checks on PRs that
+  # don't modify Rust code.
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      rust: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.rust }}
+      trial: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.trial }}
+      integration: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.integration }}
+      linting: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.linting }}
+      linting_readme: ${{ !startsWith(github.ref, 'refs/pull/') || steps.filter.outputs.linting_readme }}
+    steps:
+    - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+      id: filter
+      # We only check on PRs
+      if: startsWith(github.ref, 'refs/pull/')
+      with:
+        filters: |
+          rust:
+            - 'rust/**'
+            - 'Cargo.toml'
+            - 'Cargo.lock'
+            - '.rustfmt.toml'
+            - '.github/workflows/tests.yml'
+
+          trial:
+            - 'synapse/**'
+            - 'tests/**'
+            - 'rust/**'
+            - '.ci/scripts/calculate_jobs.py'
+            - 'Cargo.toml'
+            - 'Cargo.lock'
+            - 'pyproject.toml'
+            - 'poetry.lock'
+            - '.github/workflows/tests.yml'
+
+          integration:
+            - 'synapse/**'
+            - 'rust/**'
+            - 'docker/**'
+            - 'Cargo.toml'
+            - 'Cargo.lock'
+            - 'pyproject.toml'
+            - 'poetry.lock'
+            - 'docker/**'
+            - '.ci/**'
+            - 'scripts-dev/complement.sh'
+            - '.github/workflows/tests.yml'
+
+          linting:
+            - 'synapse/**'
+            - 'docker/**'
+            - 'tests/**'
+            - 'scripts-dev/**'
+            - 'contrib/**'
+            - 'synmark/**'
+            - 'stubs/**'
+            - '.ci/**'
+            - 'mypy.ini'
+            - 'pyproject.toml'
+            - 'poetry.lock'
+            - '.github/workflows/tests.yml'
+
+          linting_readme:
+            - 'README.rst'
+
+  check-sampleconfig:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.linting == 'true' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: "3.x"
+          poetry-version: "2.1.1"
+          extras: "all"
+      - run: poetry run scripts-dev/generate_sample_config.sh --check
+      - run: poetry run scripts-dev/config-lint.sh
+
+  check-schema-delta:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.linting == 'true' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - run: "pip install 'click==8.1.1' 'GitPython>=3.1.20' 'sqlglot>=28.0.0'"
+      - run: scripts-dev/check_schema_delta.py --force-colors
+
+  check-lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - run: .ci/scripts/check_lockfile.py
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.linting == 'true' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Setup Poetry
+        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          poetry-version: "2.1.1"
+          install-project: "false"
+
+      - name: Run ruff check
+        run: poetry run ruff check --output-format=github .
+
+      - name: Run ruff format
+        run: poetry run ruff format --check .
+
+  lint-mypy:
+    runs-on: ubuntu-latest
+    name: Typechecking
+    needs: changes
+    if: ${{ needs.changes.outputs.linting == 'true' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Setup Poetry
+        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          # We want to make use of type hints in optional dependencies too.
+          extras: all
+          # We have seen odd mypy failures that were resolved when we started
+          # installing the project again:
+          # https://github.com/matrix-org/synapse/pull/15376#issuecomment-1498983775
+          # To make CI green, err towards caution and install the project.
+          install-project: "true"
+          poetry-version: "2.1.1"
+
+      # Cribbed from
+      # https://github.com/AustinScola/mypy-cache-github-action/blob/85ea4f2972abed39b33bd02c36e341b28ca59213/src/restore.ts#L10-L17
+      - name: Restore/persist mypy's cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            .mypy_cache
+          key: mypy-cache-${{ github.context.sha }}
+          restore-keys: mypy-cache-
+
+      - name: Run mypy
+        run: poetry run mypy
+
+  lint-crlf:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Check line endings
+        run: scripts-dev/check_line_terminators.sh
+
+  lint-newsfile:
+    # Only run on pull_request events, targeting develop/release branches, and skip when the PR author is dependabot[bot].
+    if: ${{ github.event_name == 'pull_request' && (github.base_ref == 'develop' || contains(github.base_ref, 'release-')) && github.event.pull_request.user.login != 'dependabot[bot]' }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - run: "pip install 'towncrier>=18.6.0rc1'"
+      - run: scripts-dev/check-newsfragment.sh
+        env:
+          PULL_REQUEST_NUMBER: ${{ github.event.number }}
+
+  lint-clippy:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+            components: clippy
+            toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: cargo clippy -- -D warnings
+
+  # We also lint against a nightly rustc so that we can lint the benchmark
+  # suite, which requires a nightly compiler.
+  lint-clippy-nightly:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+            toolchain: nightly-2025-04-23
+            components: clippy
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: cargo clippy --all-features -- -D warnings
+
+  lint-rust:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Setup Poetry
+        uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          # Install like a normal project from source with all optional dependencies
+          extras: all
+          install-project: "true"
+          poetry-version: "2.1.1"
+
+      - name: Ensure `Cargo.lock` is up to date (no stray changes after install)
+        # The `::error::` syntax is using GitHub Actions' error annotations, see
+        # https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions
+        run: |
+          if git diff --quiet Cargo.lock; then
+            echo "Cargo.lock is up to date"
+          else
+            echo "::error::Cargo.lock has uncommitted changes after install. Please run 'poetry install --extras all' and commit the Cargo.lock changes."
+            git diff --exit-code Cargo.lock
+            exit 1
+          fi
+
+  # This job is split from `lint-rust` because it requires a nightly Rust toolchain
+  # for some of the unstable options we use in `.rustfmt.toml`.
+  lint-rustfmt:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          # We use nightly so that we can use some unstable options that we use in
+          # `.rustfmt.toml`.
+          toolchain: nightly-2025-04-23
+          components: rustfmt
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: cargo fmt --check
+
+  # This is to detect issues with the rst file, which can otherwise cause issues
+  # when uploading packages to PyPi.
+  lint-readme:
+    runs-on: ubuntu-latest
+    needs: changes
+    if: ${{ needs.changes.outputs.linting_readme == 'true' }}
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - run: "pip install rstcheck"
+      - run: "rstcheck --report-level=WARNING README.rst"
+
+  # Dummy step to gate other tests on without repeating the whole list
+  linting-done:
+    if: ${{ !cancelled() }} # Run this even if prior jobs were skipped
+    needs:
+      - lint
+      - lint-mypy
+      - lint-crlf
+      - lint-newsfile
+      - check-sampleconfig
+      - check-schema-delta
+      - check-lockfile
+      - lint-clippy
+      - lint-clippy-nightly
+      - lint-rust
+      - lint-rustfmt
+      - lint-readme
+    runs-on: ubuntu-latest
+    steps:
+      - uses: matrix-org/done-action@3409aa904e8a2aaf2220f09bc954d3d0b0a2ee67 # v3
+        with:
+          needs: ${{ toJSON(needs) }}
+
+          # Various bits are skipped if there was no applicable changes.
+          skippable: |
+            check-sampleconfig
+            check-schema-delta
+            lint
+            lint-mypy
+            lint-newsfile
+            lint-clippy
+            lint-clippy-nightly
+            lint-rust
+            lint-rustfmt
+            lint-readme
+
+
+  calculate-test-jobs:
+    if: ${{ !cancelled() && !failure() }} # Allow previous steps to be skipped, but not fail
+    needs: linting-done
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.x"
+      - id: get-matrix
+        run: .ci/scripts/calculate_jobs.py
+    outputs:
+      trial_test_matrix: ${{ steps.get-matrix.outputs.trial_test_matrix }}
+      sytest_test_matrix: ${{ steps.get-matrix.outputs.sytest_test_matrix }}
+
+  trial:
+    if: ${{ !cancelled() && !failure() && needs.changes.outputs.trial == 'true' }} # Allow previous steps to be skipped, but not fail
+    needs:
+      - calculate-test-jobs
+      - changes
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        job:  ${{ fromJson(needs.calculate-test-jobs.outputs.trial_test_matrix) }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - run: sudo apt-get -qq install xmlsec1
+      - name: Set up PostgreSQL ${{ matrix.job.postgres-version }}
+        if: ${{ matrix.job.postgres-version }}
+        # 1. Mount postgres data files onto a tmpfs in-memory filesystem to reduce overhead of docker's overlayfs layer.
+        # 2. Expose the unix socket for postgres. This removes latency of using docker-proxy for connections.
+        run: |
+          docker run -d -p 5432:5432 \
+            --tmpfs /var/lib/postgres:rw,size=6144m \
+            --mount 'type=bind,src=/var/run/postgresql,dst=/var/run/postgresql' \
+            -e POSTGRES_PASSWORD=postgres \
+            -e POSTGRES_INITDB_ARGS="--lc-collate C --lc-ctype C --encoding UTF8" \
+            postgres:${{ matrix.job.postgres-version }}
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: ${{ matrix.job.python-version }}
+          poetry-version: "2.1.1"
+          extras: ${{ matrix.job.extras }}
+      - name: Await PostgreSQL
+        if: ${{ matrix.job.postgres-version }}
+        timeout-minutes: 2
+        run: until pg_isready -h localhost; do sleep 1; done
+      - run: poetry run trial --jobs=6 tests
+        env:
+          SYNAPSE_POSTGRES: ${{ matrix.job.database == 'postgres' || '' }}
+          SYNAPSE_POSTGRES_HOST: /var/run/postgresql
+          SYNAPSE_POSTGRES_USER: postgres
+          SYNAPSE_POSTGRES_PASSWORD: postgres
+      - name: Dump logs
+        # Logs are most useful when the command fails, always include them.
+        if: ${{ always() }}
+        # Note: Dumps to workflow logs instead of using actions/upload-artifact
+        #       This keeps logs colocated with failing jobs
+        #       It also ignores find's exit code; this is a best effort affair
+        run: >-
+          find _trial_temp -name '*.log'
+          -exec echo "::group::{}" \;
+          -exec cat {} \;
+          -exec echo "::endgroup::" \;
+          || true
+
+  trial-olddeps:
+    # Note: sqlite only; no postgres
+    if: ${{ !cancelled() && !failure() && needs.changes.outputs.trial == 'true' }} # Allow previous steps to be skipped, but not fail
+    needs:
+      - linting-done
+      - changes
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      # There aren't wheels for some of the older deps, so we need to install
+      # their build dependencies
+      - run: |
+          sudo apt-get -qq update
+          sudo apt-get -qq install build-essential libffi-dev python3-dev \
+            libxml2-dev libxslt-dev xmlsec1 zlib1g-dev libjpeg-dev libwebp-dev
+
+      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: '3.10'
+
+      - name: Prepare old deps
+        # Note: we install using `uv` here, not poetry or pip to allow us to test with the
+        # minimum version of all dependencies, both those explicitly specified and those
+        # implicitly brought in by the explicit dependencies. 
+        run: |
+          pip install uv
+          uv pip install --system --resolution=lowest .[all,test]
+
+      # We nuke the local copy, as we've installed synapse into the virtualenv
+      # (rather than use an editable install, which we no longer support). If we
+      # don't do this then python can't find the native lib.
+      - run: rm -rf synapse/
+
+      # Sanity check we can import/run Synapse
+      - run: python -m synapse.app.homeserver --help
+
+      - run: python -m twisted.trial -j6 tests
+      - name: Dump logs
+        # Logs are most useful when the command fails, always include them.
+        if: ${{ always() }}
+        # Note: Dumps to workflow logs instead of using actions/upload-artifact
+        #       This keeps logs colocated with failing jobs
+        #       It also ignores find's exit code; this is a best effort affair
+        run: >-
+          find _trial_temp -name '*.log'
+          -exec echo "::group::{}" \;
+          -exec cat {} \;
+          -exec echo "::endgroup::" \;
+          || true
+
+  trial-pypy:
+    # Very slow; only run if the branch name includes 'pypy'
+    # Note: sqlite only; no postgres. Completely untested since poetry move.
+    if: ${{ contains(github.ref, 'pypy') && !failure() && !cancelled() && needs.changes.outputs.trial == 'true' }}
+    needs:
+      - linting-done
+      - changes
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["pypy-3.10"]
+        extras: ["all"]
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      # Install libs necessary for PyPy to build binary wheels for dependencies
+      - run: sudo apt-get -qq install xmlsec1 libxml2-dev libxslt-dev
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          poetry-version: "2.1.1"
+          extras: ${{ matrix.extras }}
+      - run: poetry run trial --jobs=2 tests
+      - name: Dump logs
+        # Logs are most useful when the command fails, always include them.
+        if: ${{ always() }}
+        # Note: Dumps to workflow logs instead of using actions/upload-artifact
+        #       This keeps logs colocated with failing jobs
+        #       It also ignores find's exit code; this is a best effort affair
+        run: >-
+          find _trial_temp -name '*.log'
+          -exec echo "::group::{}" \;
+          -exec cat {} \;
+          -exec echo "::endgroup::" \;
+          || true
+
+  sytest:
+    if: ${{ !failure() && !cancelled() && needs.changes.outputs.integration == 'true' }}
+    needs:
+      - calculate-test-jobs
+      - changes
+    runs-on: ubuntu-latest
+    container:
+      image: matrixdotorg/sytest-synapse:${{ matrix.job.sytest-tag }}
+      volumes:
+        - ${{ github.workspace }}:/src
+      env:
+        # If this is a pull request to a release branch, use that branch as default branch for sytest, else use develop
+        # This works because the release script always create a branch on the sytest repo with the same name as the release branch
+        SYTEST_DEFAULT_BRANCH: ${{ startsWith(github.base_ref, 'release-') && github.base_ref || 'develop' }}
+        SYTEST_BRANCH: ${{ github.head_ref }}
+        POSTGRES: ${{ matrix.job.postgres && 1}}
+        MULTI_POSTGRES: ${{ (matrix.job.postgres == 'multi-postgres') || '' }}
+        ASYNCIO_REACTOR: ${{ (matrix.job.reactor == 'asyncio') || '' }}
+        WORKERS: ${{ matrix.job.workers && 1 }}
+        BLACKLIST: ${{ matrix.job.workers && 'synapse-blacklist-with-workers' }}
+        TOP: ${{ github.workspace }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        job: ${{ fromJson(needs.calculate-test-jobs.outputs.sytest_test_matrix) }}
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Prepare test blacklist
+        run: cat sytest-blacklist .ci/worker-blacklist > synapse-blacklist-with-workers
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Run SyTest
+        run: /bootstrap.sh synapse
+        working-directory: /src
+      - name: Summarise results.tap
+        if: ${{ always() }}
+        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
+      - name: Upload SyTest logs
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        if: ${{ always() }}
+        with:
+          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.job.*, ', ') }})
+          path: |
+            /logs/results.tap
+            /logs/**/*.log*
+
+  export-data:
+    if: ${{ !failure() && !cancelled() && needs.changes.outputs.integration == 'true'}} # Allow previous steps to be skipped, but not fail
+    needs: [linting-done, portdb, changes]
+    runs-on: ubuntu-latest
+    env:
+      TOP: ${{ github.workspace }}
+
+    services:
+      postgres:
+        image: postgres
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_PASSWORD: "postgres"
+          POSTGRES_INITDB_ARGS: "--lc-collate C --lc-ctype C --encoding UTF8"
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - run: sudo apt-get -qq install xmlsec1 postgresql-client
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          poetry-version: "2.1.1"
+          extras: "postgres"
+      - run: .ci/scripts/test_export_data_command.sh
+        env:
+          PGHOST: localhost
+          PGUSER: postgres
+          PGPASSWORD: postgres
+          PGDATABASE: postgres
+
+
+  portdb:
+    if: ${{ !failure() && !cancelled() && needs.changes.outputs.integration == 'true'}} # Allow previous steps to be skipped, but not fail
+    needs:
+      - linting-done
+      - changes
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - python-version: "3.10"
+            postgres-version: "14"
+
+          - python-version: "3.14"
+            postgres-version: "17"
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres-version }}
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_PASSWORD: "postgres"
+          POSTGRES_INITDB_ARGS: "--lc-collate C --lc-ctype C --encoding UTF8"
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - name: Add PostgreSQL apt repository
+        # We need a version of pg_dump that can handle the version of
+        # PostgreSQL being tested against. The Ubuntu package repository lags
+        # behind new releases, so we have to use the PostreSQL apt repository.
+        # Steps taken from https://www.postgresql.org/download/linux/ubuntu/
+        run: |
+          sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
+          wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+          sudo apt-get update
+      - run: sudo apt-get -qq install xmlsec1 postgresql-client
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          poetry-version: "2.1.1"
+          extras: "postgres"
+      - run: .ci/scripts/test_synapse_port_db.sh
+        id: run_tester_script
+        env:
+          PGHOST: localhost
+          PGUSER: postgres
+          PGPASSWORD: postgres
+          PGDATABASE: postgres
+      - name: "Upload schema differences"
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        if: ${{ failure() && !cancelled() && steps.run_tester_script.outcome == 'failure' }}
+        with:
+          name: Schema dumps
+          path: |
+            unported.sql
+            ported.sql
+            schema_diff
+
+  complement:
+    if: "${{ !failure() && !cancelled() && needs.changes.outputs.integration == 'true' }}"
+    needs:
+      - linting-done
+      - changes
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arrangement: monolith
+            database: SQLite
+
+          - arrangement: monolith
+            database: Postgres
+
+          - arrangement: workers
+            database: Postgres
+
+    steps:
+      - name: Checkout synapse codebase
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: synapse
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Prepare Complement's Prerequisites
+        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
+
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        with:
+          cache-dependency-path: complement/go.sum
+          go-version-file: complement/go.mod
+
+        # use p=1 concurrency as GHA boxes are underpowered and don't like running tons of synapses at once.
+      - run: |
+          set -o pipefail
+          COMPLEMENT_DIR=`pwd`/complement synapse/scripts-dev/complement.sh -p 1 -json 2>&1 | synapse/.ci/scripts/gotestfmt
+        shell: bash
+        env:
+          POSTGRES: ${{ (matrix.database == 'Postgres') && 1 || '' }}
+          WORKERS: ${{ (matrix.arrangement == 'workers') && 1 || '' }}
+        name: Run Complement Tests
+
+  cargo-test:
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+    runs-on: ubuntu-latest
+    needs:
+      - linting-done
+      - changes
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: cargo test
+
+  # We want to ensure that the cargo benchmarks still compile, which requires a
+  # nightly compiler.
+  cargo-bench:
+    if: ${{ needs.changes.outputs.rust == 'true' }}
+    runs-on: ubuntu-latest
+    needs:
+      - linting-done
+      - changes
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+            toolchain: nightly-2022-12-01
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - run: cargo bench --no-run
+
+  # a job which marks all the other jobs as complete, thus allowing PRs to be merged.
+  tests-done:
+    if: ${{ always() }}
+    needs:
+      - trial
+      - trial-olddeps
+      - sytest
+      - export-data
+      - portdb
+      - complement
+      - cargo-test
+      - cargo-bench
+      - linting-done
+    runs-on: ubuntu-latest
+    steps:
+      - uses: matrix-org/done-action@3409aa904e8a2aaf2220f09bc954d3d0b0a2ee67 # v3
+        with:
+          needs: ${{ toJSON(needs) }}
+
+          # Various bits are skipped if there was no applicable changes.
+          # The newsfile lint may be skipped on non PR builds.
+          skippable: |
+            trial
+            trial-olddeps
+            sytest
+            portdb
+            export-data
+            complement
+            lint-newsfile
+            cargo-test
+            cargo-bench

.github/workflows/triage-incoming.yml

@@ -0,0 +1,14 @@
+name: Move new issues into the issue triage board
+
+on:
+  issues:
+    types: [ opened ]
+
+jobs:
+  triage:
+    uses: matrix-org/backend-meta/.github/workflows/triage-incoming.yml@18beaf3c8e536108bd04d18e6c3dc40ba3931e28 # v2.0.3
+    with:
+      project_id: 'PVT_kwDOAIB0Bs4AFDdZ'
+      content_id: ${{ github.event.issue.node_id }}
+    secrets:
+      github_access_token: ${{ secrets.ELEMENT_BOT_TOKEN }}

.github/workflows/triage_labelled.yml

@@ -0,0 +1,31 @@
+name: Move labelled issues to correct projects
+
+on:
+  issues:
+    types: [ labeled ]
+
+jobs:
+  move_needs_info:
+    runs-on: ubuntu-latest
+    if: >
+      contains(github.event.issue.labels.*.name, 'X-Needs-Info')
+    permissions:
+      contents: read
+    env:
+      # This token must have the following scopes: ["repo:public_repo", "admin:org->read:org", "user->read:user", "project"]
+      GITHUB_TOKEN: ${{ secrets.ELEMENT_BOT_TOKEN }}
+      PROJECT_OWNER: matrix-org
+      # Backend issue triage board.
+      # https://github.com/orgs/matrix-org/projects/67/views/1
+      PROJECT_NUMBER: 67
+      ISSUE_URL: ${{ github.event.issue.html_url }}
+      # This field is case-sensitive.
+      TARGET_STATUS: Needs info
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          # Only clone the script file we care about, instead of the whole repo.
+          sparse-checkout: .ci/scripts/triage_labelled_issue.sh
+
+      - name: Ensure issue exists on the board, then set Status
+        run: .ci/scripts/triage_labelled_issue.sh

.github/workflows/twisted_trunk.yml

@@ -0,0 +1,226 @@
+name: Twisted Trunk
+
+on:
+  schedule:
+    - cron: 0 8 * * *
+
+  workflow_dispatch:
+    # NB: inputs are only present when this workflow is dispatched manually.
+    # (The default below is the default field value in the form to trigger
+    # a manual dispatch). Otherwise the inputs will evaluate to null.
+    inputs:
+      twisted_ref:
+        description: Commit, branch or tag to checkout from upstream Twisted.
+        required: false
+        default: 'trunk'
+        type: string
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  RUST_VERSION: 1.87.0
+
+jobs:
+  check_repo:
+    # Prevent this workflow from running on any fork of Synapse other than element-hq/synapse, as it is
+    # only useful to the Synapse core team.
+    # All other workflow steps depend on this one, thus if 'should_run_workflow' is not 'true', the rest
+    # of the workflow will be skipped as well.
+    if: github.repository == 'element-hq/synapse'
+    runs-on: ubuntu-latest
+    outputs:
+      should_run_workflow: ${{ steps.check_condition.outputs.should_run_workflow }}
+    steps:
+      - id: check_condition
+        run: echo "should_run_workflow=${{ github.repository == 'element-hq/synapse' }}" >> "$GITHUB_OUTPUT"
+
+  mypy:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: "3.x"
+          extras: "all"
+          poetry-version: "2.1.1"
+      - run: |
+          poetry remove twisted
+          poetry add --extras tls git+https://github.com/twisted/twisted.git#${{ inputs.twisted_ref || 'trunk' }}
+          poetry install --no-interaction --extras "all test"
+      - name: Remove unhelpful options from mypy config
+        run: sed -e '/warn_unused_ignores = True/d' -e '/warn_redundant_casts = True/d' -i mypy.ini
+      - run: poetry run mypy
+
+  trial:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - run: sudo apt-get -qq install xmlsec1
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - uses: matrix-org/setup-python-poetry@5bbf6603c5c930615ec8a29f1b5d7d258d905aa4 # v2.0.0
+        with:
+          python-version: "3.x"
+          extras: "all test"
+          poetry-version: "2.1.1"
+      - run: |
+          poetry remove twisted
+          poetry add --extras tls git+https://github.com/twisted/twisted.git#trunk
+          poetry install --no-interaction --extras "all test"
+      - run: poetry run trial --jobs 2 tests
+
+      - name: Dump logs
+        # Logs are most useful when the command fails, always include them.
+        if: ${{ always() }}
+        # Note: Dumps to workflow logs instead of using actions/upload-artifact
+        #       This keeps logs colocated with failing jobs
+        #       It also ignores find's exit code; this is a best effort affair
+        run: >-
+          find _trial_temp -name '*.log'
+          -exec echo "::group::{}" \;
+          -exec cat {} \;
+          -exec echo "::endgroup::" \;
+          || true
+
+  sytest:
+    needs: check_repo
+    if: needs.check_repo.outputs.should_run_workflow == 'true'
+    runs-on: ubuntu-latest
+    container:
+      # We're using bookworm because that's what Debian oldstable is at the time of writing.
+      # This job is a canary to warn us about unreleased twisted changes that would cause problems for us if
+      # they were to be released immediately. For simplicity's sake (and to save CI runners) we use the oldest
+      # version, assuming that any incompatibilities on newer versions would also be present on the oldest.
+      image: matrixdotorg/sytest-synapse:bookworm
+      volumes:
+        - ${{ github.workspace }}:/src
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2.8.2
+
+      - name: Patch dependencies
+        # Note: The poetry commands want to create a virtualenv in /src/.venv/,
+        #       but the sytest-synapse container expects it to be in /venv/.
+        #       We symlink it before running poetry so that poetry actually
+        #       ends up installing to `/venv`.
+        run: |
+          ln -s -T /venv /src/.venv
+          poetry remove twisted
+          poetry add --extras tls git+https://github.com/twisted/twisted.git#trunk
+          poetry install --no-interaction --extras "all test"
+        working-directory: /src
+      - name: Run SyTest
+        run: /bootstrap.sh synapse
+        working-directory: /src
+        env:
+          # Use offline mode to avoid reinstalling the pinned version of
+          # twisted.
+          OFFLINE: 1
+      - name: Summarise results.tap
+        if: ${{ always() }}
+        run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
+      - name: Upload SyTest logs
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        if: ${{ always() }}
+        with:
+          name: Sytest Logs - ${{ job.status }} - (${{ join(matrix.*, ', ') }})
+          path: |
+            /logs/results.tap
+            /logs/**/*.log*
+
+  complement:
+    needs: check_repo
+    if: "!failure() && !cancelled() && needs.check_repo.outputs.should_run_workflow == 'true'"
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - arrangement: monolith
+            database: SQLite
+
+          - arrangement: monolith
+            database: Postgres
+
+          - arrangement: workers
+            database: Postgres
+
+    steps:
+      - name: Run actions/checkout@v4 for synapse
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        with:
+          path: synapse
+
+      - name: Prepare Complement's Prerequisites
+        run: synapse/.ci/scripts/setup_complement_prerequisites.sh
+
+      - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
+        with:
+          cache-dependency-path: complement/go.sum
+          go-version-file: complement/go.mod
+
+      # This step is specific to the 'Twisted trunk' test run:
+      - name: Patch dependencies
+        run: |
+          set -x
+          DEBIAN_FRONTEND=noninteractive sudo apt-get install -yqq python3 pipx
+          pipx install poetry==2.1.1
+
+          poetry remove -n twisted
+          poetry add -n --extras tls git+https://github.com/twisted/twisted.git#trunk
+          poetry lock
+        working-directory: synapse
+
+      - run: |
+          set -o pipefail
+          TEST_ONLY_SKIP_DEP_HASH_VERIFICATION=1 POSTGRES=${{ (matrix.database == 'Postgres') && 1 || '' }} WORKERS=${{ (matrix.arrangement == 'workers') && 1 || '' }} COMPLEMENT_DIR=`pwd`/complement synapse/scripts-dev/complement.sh -json 2>&1 | synapse/.ci/scripts/gotestfmt
+        shell: bash
+        name: Run Complement Tests
+
+  # open an issue if the build fails, so we know about it.
+  open-issue:
+    if: failure() && needs.check_repo.outputs.should_run_workflow == 'true'
+    needs:
+      - mypy
+      - trial
+      - sytest
+      - complement
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: JasonEtco/create-an-issue@1b14a70e4d8dc185e5cc76d3bec9eab20257b2c5 # v2.9.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          update_existing: true
+          filename: .ci/twisted_trunk_build_failed_issue_template.md

CHANGES.md

@@ -1,244 +1,3 @@
-# Synapse 1.149.0rc1 (2026-03-03)
-
-## Features
-
-- Add experimental support for [MSC4388: Secure out-of-band channel for sign in with QR](https://github.com/matrix-org/matrix-spec-proposals/pull/4388). ([\#19127](https://github.com/element-hq/synapse/issues/19127))
-- Add stable support for [MSC4380](https://github.com/matrix-org/matrix-spec-proposals/pull/4380) invite blocking. ([\#19431](https://github.com/element-hq/synapse/issues/19431))
-
-## Bugfixes
-
-- Fix the 'Login as a user' Admin API not checking if the user exists before issuing an access token. ([\#18518](https://github.com/element-hq/synapse/issues/18518))
-- Fix `/sync` missing membership event in `state_after` (experimental [MSC4222](https://github.com/matrix-org/matrix-spec-proposals/pull/4222) implementation) in some scenarios. ([\#19460](https://github.com/element-hq/synapse/issues/19460))
-
-## Internal Changes
-
-- Add log to explain when and why we freeze objects in the garbage collector. ([\#19440](https://github.com/element-hq/synapse/issues/19440))
-- Better instrument `JoinRoomAliasServlet` with tracing. ([\#19461](https://github.com/element-hq/synapse/issues/19461))
-- Fix Complement CI not running against the code from our PRs. ([\#19475](https://github.com/element-hq/synapse/issues/19475))
-- Log `docker system info` in CI so we have a plain record of how GitHub runners evolve over time. ([\#19480](https://github.com/element-hq/synapse/issues/19480))
-- Rename the `test_disconnect` test helper so that pytest doesn't see it as a test. ([\#19486](https://github.com/element-hq/synapse/issues/19486))
-- Add a log line when we delete devices. Contributed by @bradtgmurray @ Beeper. ([\#19496](https://github.com/element-hq/synapse/issues/19496))
-- Pre-allocate the buffer based on the expected `Content-Length` with the Rust HTTP client. ([\#19498](https://github.com/element-hq/synapse/issues/19498))
-- Cancel long-running sync requests if the client has gone away. ([\#19499](https://github.com/element-hq/synapse/issues/19499))
-- Try and reduce reactor tick times when under heavy load. ([\#19507](https://github.com/element-hq/synapse/issues/19507))
-- Simplify Rust HTTP client response streaming and limiting. ([\#19510](https://github.com/element-hq/synapse/issues/19510))
-- Replace deprecated collection import locations with current locations. ([\#19515](https://github.com/element-hq/synapse/issues/19515))
-- Bump most locked Python dependencies to their latest versions. ([\#19519](https://github.com/element-hq/synapse/issues/19519))
-
-
-
-
-# Synapse 1.148.0 (2026-02-24)
-
-No significant changes since 1.148.0rc1.
-
-
-
-
-# Synapse 1.148.0rc1 (2026-02-17)
-
-## Features
-
-- Support sending and receiving [MSC4354 Sticky Event](https://github.com/matrix-org/matrix-spec-proposals/pull/4354) metadata. ([\#19365](https://github.com/element-hq/synapse/issues/19365))
-
-## Improved Documentation
-
-- Fix reference to the `experimental_features` section of the configuration manual documentation. ([\#19435](https://github.com/element-hq/synapse/issues/19435))
-
-## Deprecations and Removals
-
-- Remove support for [MSC3244: Room version capabilities](https://github.com/matrix-org/matrix-spec-proposals/pull/3244) as the MSC was rejected. ([\#19429](https://github.com/element-hq/synapse/issues/19429))
-
-## Internal Changes
-
-- Add in-repo Complement tests so we can test Synapse specific behavior at an end-to-end level. ([\#19406](https://github.com/element-hq/synapse/issues/19406))
-- Push Synapse docker images to Element OCI Registry. ([\#19420](https://github.com/element-hq/synapse/issues/19420))
-- Allow configuring the Rust HTTP client to use HTTP/2 only. ([\#19457](https://github.com/element-hq/synapse/issues/19457))
-- Correctly refuse to start if the Rust workspace config has changed and the Rust library has not been rebuilt. ([\#19470](https://github.com/element-hq/synapse/issues/19470))
-
-
-
-
-# Synapse 1.147.1 (2026-02-12)
-
-## Internal Changes
-
-- Block federation requests and events authenticated using a known insecure signing key. See [CVE-2026-24044](https://www.cve.org/CVERecord?id=CVE-2026-24044) / [ELEMENTSEC-2025-1670](https://github.com/element-hq/ess-helm/security/advisories/GHSA-qwcj-h6m8-vp6q). ([\#19459](https://github.com/element-hq/synapse/issues/19459))
-
-
-
-
-# Synapse 1.147.0 (2026-02-10)
-
-No significant changes since 1.147.0rc1.
-
-# Synapse 1.147.0rc1 (2026-02-03)
-
-## Bugfixes
-
-- Fix memory leak caused by not cleaning up stopped looping calls. Introduced in v1.140.0. ([\#19416](https://github.com/element-hq/synapse/issues/19416))
-- Fix a typo that incorrectly made `setuptools_rust` a runtime dependency. ([\#19417](https://github.com/element-hq/synapse/issues/19417))
-
-## Internal Changes
-
-- Prune stale entries from `sliding_sync_connection_required_state` table. ([\#19306](https://github.com/element-hq/synapse/issues/19306))
-- Update "Event Send Time Quantiles" graph to only use dots for the event persistence rate (Grafana dashboard). ([\#19399](https://github.com/element-hq/synapse/issues/19399))
-- Update and align Grafana dashboard to use regex matching for `job` selectors (`job=~"$job"`) so the "all" value works correctly across all panels. ([\#19400](https://github.com/element-hq/synapse/issues/19400))
-- Don't retry joining partial state rooms all at once on startup. ([\#19402](https://github.com/element-hq/synapse/issues/19402))
-- Disallow requests to the health endpoint from containing trailing path characters. ([\#19405](https://github.com/element-hq/synapse/issues/19405))
-- Add notes that new experimental features should have associated tracking issues. ([\#19410](https://github.com/element-hq/synapse/issues/19410))
-- Bump `pyo3` from 0.26.0 to 0.27.2 and `pythonize` from 0.26.0 to 0.27.0. Contributed by @razvp @ ERCOM. ([\#19412](https://github.com/element-hq/synapse/issues/19412))
-
-
-
-
-# Synapse 1.146.0 (2026-01-27)
-
-No significant changes since 1.146.0rc1.
-
-## Deprecations and Removals
-
-- [MSC2697](https://github.com/matrix-org/matrix-spec-proposals/pull/2697) (Dehydrated devices) has been removed, as the MSC is closed. Developers should migrate to [MSC3814](https://github.com/matrix-org/matrix-spec-proposals/pull/3814). ([\#19346](https://github.com/element-hq/synapse/issues/19346))
-- Support for Ubuntu 25.04 (Plucky Puffin) has been dropped. Synapse no longer builds debian packages for Ubuntu 25.04.
-
-
-
-# Synapse 1.146.0rc1 (2026-01-20)
-
-## Features
-
-- Add a new config option [`enable_local_media_storage`](https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#enable_local_media_storage) which controls whether media is additionally stored locally when using configured `media_storage_providers`. Setting this to `false` allows off-site media storage without a local cache. Contributed by Patrice Brend'amour @dr.allgood. ([\#19204](https://github.com/element-hq/synapse/issues/19204))
-- Stabilise support for [MSC4312](https://github.com/matrix-org/matrix-spec-proposals/pull/4312)'s `m.oauth` User-Interactive Auth stage for resetting cross-signing identity with the OAuth 2.0 API. The old, unstable name (`org.matrix.cross_signing_reset`) is now deprecated and will be removed in a future release. ([\#19273](https://github.com/element-hq/synapse/issues/19273))
-- Refactor Grafana dashboard to use `server_name` label (instead of `instance`). ([\#19337](https://github.com/element-hq/synapse/issues/19337))
-
-## Bugfixes
-
-- Fix joining a restricted v12 room locally when no local room creator is present but local users with sufficient power levels are. Contributed by @nexy7574. ([\#19321](https://github.com/element-hq/synapse/issues/19321))
-- Fixed parallel calls to `/_matrix/media/v1/create` being ratelimited for appservices even if `rate_limited: false` was set in the registration. Contributed by @tulir @ Beeper. ([\#19335](https://github.com/element-hq/synapse/issues/19335))
-- Fix a bug introduced in 1.61.0 where a user's membership in a room was accidentally ignored when considering access to historical state events in rooms with the "shared" history visibility. Contributed by Lukas Tautz. ([\#19353](https://github.com/element-hq/synapse/issues/19353))
-- [MSC4140](https://github.com/matrix-org/matrix-spec-proposals/pull/4140): Store the JSON content of scheduled delayed events as text instead of a byte array. This fixes the inability to schedule a delayed event with non-ASCII characters in its content. ([\#19360](https://github.com/element-hq/synapse/issues/19360))
-- Always rollback database transactions when retrying (avoid orphaned connections). ([\#19372](https://github.com/element-hq/synapse/issues/19372))
-- Fix `InFlightGauge` typing to allow upgrading to `prometheus_client` 0.24. ([\#19379](https://github.com/element-hq/synapse/issues/19379))
-
-## Updates to the Docker image
-
-- Add [Prometheus HTTP service discovery](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config) endpoint for easy discovery of all workers when using the `docker/Dockerfile-workers` image (see the [*Metrics* section of our Docker testing docs](docker/README-testing.md#metrics)). ([\#19336](https://github.com/element-hq/synapse/issues/19336))
-
-## Improved Documentation
-
-- Remove docs on legacy metric names (no longer in the codebase since 2022-12-06). ([\#19341](https://github.com/element-hq/synapse/issues/19341))
-- Clarify how the estimated value of room complexity is calculated internally. ([\#19384](https://github.com/element-hq/synapse/issues/19384))
-
-## Internal Changes
-
-- Add an internal `cancel_task` API to the task scheduler. ([\#19310](https://github.com/element-hq/synapse/issues/19310))
-- Tweak docstrings and signatures of `auth_types_for_event` and `get_catchup_room_event_ids`. ([\#19320](https://github.com/element-hq/synapse/issues/19320))
-- Replace usage of deprecated `assertEquals` with `assertEqual` in unit test code. ([\#19345](https://github.com/element-hq/synapse/issues/19345))
-- Drop support for Ubuntu 25.04 'Plucky Puffin', add support for Ubuntu 25.10 'Questing Quokka'. ([\#19348](https://github.com/element-hq/synapse/issues/19348))
-- Revert "Add an Admin API endpoint for listing quarantined media (#19268)". ([\#19351](https://github.com/element-hq/synapse/issues/19351))
-- Bump `mdbook` from 0.4.17 to 0.5.2 and remove our custom table-of-contents plugin in favour of the new default functionality. ([\#19356](https://github.com/element-hq/synapse/issues/19356))
-- Replace deprecated usage of PyGitHub's `GitRelease.title` with `.name` in release script. ([\#19358](https://github.com/element-hq/synapse/issues/19358))
-- Update the Element logo in Synapse's README to be an absolute URL, allowing it to render on other sites (such as PyPI). ([\#19368](https://github.com/element-hq/synapse/issues/19368))
-- Apply minor tweaks to v1.145.0 changelog. ([\#19376](https://github.com/element-hq/synapse/issues/19376))
-- Update Grafana dashboard syntax to use the latest from importing/exporting with Grafana 12.3.1. ([\#19381](https://github.com/element-hq/synapse/issues/19381))
-- Warn about skipping reactor metrics when using unknown reactor type. ([\#19383](https://github.com/element-hq/synapse/issues/19383))
-- Add support for reactor metrics with the `ProxiedReactor` used in worker Complement tests. ([\#19385](https://github.com/element-hq/synapse/issues/19385))
-
-
-
-
-# Synapse 1.145.0 (2026-01-13)
-
-No significant changes since 1.145.0rc4.
-
-## End of Life of Ubuntu 25.04 Plucky Puffin
-
-Ubuntu 25.04 (Plucky Puffin) will be end of life on Jan 17, 2026. Synapse will stop building packages for Ubuntu 25.04 shortly thereafter.
-
-## Updates to Locked Dependencies No Longer Included in Changelog
-
-The "Updates to locked dependencies" section has been removed from the changelog due to lack of use and the maintenance burden. ([\#19254](https://github.com/element-hq/synapse/issues/19254))
-
-
-
-
-# Synapse 1.145.0rc4 (2026-01-08)
-
-No significant changes since 1.145.0rc3.
-
-This RC contains a fix specifically for openSUSE packaging and no other changes. 
-
-
-
-# Synapse 1.145.0rc3 (2026-01-07)
-
-No significant changes since 1.145.0rc2.
-
-This RC strips out unnecessary files from the wheels that were added when fixing the source distribution packaging in the previous RC.
-
-
-
-# Synapse 1.145.0rc2 (2026-01-07)
-
-No significant changes since 1.145.0rc1.
-
-This RC fixes the source distribution packaging for uploading to PyPI.
-
-
-
-# Synapse 1.145.0rc1 (2026-01-06)
-
-## Features
-
-- Add `memberships` endpoint to the admin API. This is useful for forensics and T&S purposes. ([\#19260](https://github.com/element-hq/synapse/issues/19260))
-- Server admins can bypass the quarantine media check when downloading media by setting the `admin_unsafely_bypass_quarantine` query parameter to `true` on Client-Server API media download requests. ([\#19275](https://github.com/element-hq/synapse/issues/19275))
-- Implemented pagination for the [MSC2666](https://github.com/matrix-org/matrix-spec-proposals/pull/2666) mutual rooms endpoint. Contributed by @tulir @ Beeper. ([\#19279](https://github.com/element-hq/synapse/issues/19279))
-- Admin API: add worker support to `GET /_synapse/admin/v2/users/<user_id>`. ([\#19281](https://github.com/element-hq/synapse/issues/19281))
-- Improve proxy support for the `federation_client.py` dev script. Contributed by Denis Kasak (@dkasak). ([\#19300](https://github.com/element-hq/synapse/issues/19300))
-
-## Bugfixes
-
-- Fix sliding sync performance slow down for long lived connections. ([\#19206](https://github.com/element-hq/synapse/issues/19206))
-- Fix a bug where Mastodon posts (and possibly other embeds) have the wrong description for URL previews. ([\#19231](https://github.com/element-hq/synapse/issues/19231))
-- Fix bug where `Duration` was logged incorrectly. ([\#19267](https://github.com/element-hq/synapse/issues/19267))
-- Fix bug introduced in 1.143.0 that broke support for versions of `zope-interface` older than 6.2. ([\#19274](https://github.com/element-hq/synapse/issues/19274))
-- Transform events with client metadata before serialising in /event response. ([\#19340](https://github.com/element-hq/synapse/issues/19340))
-
-## Updates to the Docker image
-
-- Add a way to expose metrics from the Docker image (`SYNAPSE_ENABLE_METRICS`). ([\#19324](https://github.com/element-hq/synapse/issues/19324))
-
-## Improved Documentation
-
-- Document the importance of `public_baseurl` when configuring OpenID Connect authentication. ([\#19270](https://github.com/element-hq/synapse/issues/19270))
-
-## Deprecations and Removals
-
-- Ubuntu 25.04 (Plucky Puffin) will be end of life on Jan 17, 2026. Synapse will stop building packages for Ubuntu 25.04 shortly thereafter.
-- Remove the "Updates to locked dependencies" section from the changelog due to lack of use and the maintenance burden. ([\#19254](https://github.com/element-hq/synapse/issues/19254))
-
-## Internal Changes
-
-- Group together dependabot update PRs to reduce the review load. ([\#18402](https://github.com/element-hq/synapse/issues/18402))
-- Fix `HomeServer.shutdown()` failing if the homeserver hasn't been setup yet. ([\#19187](https://github.com/element-hq/synapse/issues/19187))
-- Respond with useful error codes with `Content-Length` header/s are invalid. ([\#19212](https://github.com/element-hq/synapse/issues/19212))
-- Fix `HomeServer.shutdown()` failing if the homeserver failed to `start`. ([\#19232](https://github.com/element-hq/synapse/issues/19232))
-- Switch the build backend from `poetry-core` to `maturin`. ([\#19234](https://github.com/element-hq/synapse/issues/19234))
-- Raise the limit for concurrently-open non-security @dependabot PRs from 5 to 10. ([\#19253](https://github.com/element-hq/synapse/issues/19253))
-- Require 14 days to pass before pulling in general dependency updates to help mitigate upstream supply chain attacks. ([\#19258](https://github.com/element-hq/synapse/issues/19258))
-- Drop the broken netlify documentation workflow until a new one is implemented. ([\#19262](https://github.com/element-hq/synapse/issues/19262))
-- Don't include debug logs in `Clock` unless explicitly enabled. ([\#19278](https://github.com/element-hq/synapse/issues/19278))
-- Use `uv` to test olddeps to ensure all transitive dependencies use minimum versions. ([\#19289](https://github.com/element-hq/synapse/issues/19289))
-- Add a config to be able to rate limit search in the user directory. ([\#19291](https://github.com/element-hq/synapse/issues/19291))
-- Log the original bind exception when encountering `Failed to listen on 0.0.0.0, continuing because listening on [::]`. ([\#19297](https://github.com/element-hq/synapse/issues/19297))
-- Unpin the version of Rust we use to build Synapse wheels (was 1.82.0) now that MacOS support has been dropped. ([\#19302](https://github.com/element-hq/synapse/issues/19302))
-- Make it more clear how `shared_extra_conf` is combined in our Docker configuration scripts. ([\#19323](https://github.com/element-hq/synapse/issues/19323))
-- Update CI to stream Complement progress and format logs in a separate step after all tests are done. ([\#19326](https://github.com/element-hq/synapse/issues/19326))
-- Format `.github/workflows/tests.yml`. ([\#19327](https://github.com/element-hq/synapse/issues/19327))
-
-
-
-
 # Synapse 1.144.0 (2025-12-09)
 
 ## Deprecation of MacOS Python wheels

Cargo.lock

@@ -13,9 +13,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.101"
+version = "1.0.100"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e0fee31ef5ed1ba1316088939cea399010ed7731dba877ed44aeb407a75ea"
+checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
 
 [[package]]
 name = "arc-swap"
@@ -73,9 +73,9 @@ checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43"
 
 [[package]]
 name = "bytes"
-version = "1.11.1"
+version = "1.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
+checksum = "b35204fbdc0b3f4446b89fc1ac2cf84a8a68971995d0bf2e925ec7cd960f9cb3"
 
 [[package]]
 name = "cc"
@@ -187,9 +187,9 @@ dependencies = [
 
 [[package]]
 name = "futures"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d"
+checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -202,9 +202,9 @@ dependencies = [
 
 [[package]]
 name = "futures-channel"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
+checksum = "2dff15bf788c671c1934e366d07e30c1814a8ef514e1af724a602e8a2fbe1b10"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -212,15 +212,15 @@ dependencies = [
 
 [[package]]
 name = "futures-core"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
+checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e"
 
 [[package]]
 name = "futures-executor"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d"
+checksum = "1e28d1d997f585e54aebc3f97d39e72338912123a67330d723fdbb564d646c9f"
 dependencies = [
  "futures-core",
  "futures-task",
@@ -229,15 +229,15 @@ dependencies = [
 
 [[package]]
 name = "futures-io"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
+checksum = "9e5c1b78ca4aae1ac06c48a526a655760685149f0d465d21f37abfe57ce075c6"
 
 [[package]]
 name = "futures-macro"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
+checksum = "162ee34ebcb7c64a8abebc059ce0fee27c2262618d7b60ed8faf72fef13c3650"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -246,21 +246,21 @@ dependencies = [
 
 [[package]]
 name = "futures-sink"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
+checksum = "e575fab7d1e0dcb8d0c7bcf9a63ee213816ab51902e6d244a95819acacf1d4f7"
 
 [[package]]
 name = "futures-task"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
+checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988"
 
 [[package]]
 name = "futures-util"
-version = "0.3.32"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
+checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81"
 dependencies = [
  "futures-channel",
  "futures-core",
@@ -270,6 +270,7 @@ dependencies = [
  "futures-task",
  "memchr",
  "pin-project-lite",
+ "pin-utils",
  "slab",
 ]
 
@@ -704,9 +705,9 @@ checksum = "241eaef5fd12c88705a01fc1066c48c4b36e0dd4377dcdc7ec3942cea7a69956"
 
 [[package]]
 name = "log"
-version = "0.4.29"
+version = "0.4.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
+checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
 
 [[package]]
 name = "lru-slab"
@@ -770,6 +771,12 @@ version = "0.2.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3b3cff922bd51709b605d9ead9aa71031d81447142d828eb4a6eba76fe619f9b"
 
+[[package]]
+name = "pin-utils"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+
 [[package]]
 name = "portable-atomic"
 version = "1.11.1"
@@ -806,12 +813,11 @@ dependencies = [
 
 [[package]]
 name = "pyo3"
-version = "0.27.2"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab53c047fcd1a1d2a8820fe84f05d6be69e9526be40cb03b73f86b6b03e6d87d"
+checksum = "7ba0117f4212101ee6544044dae45abe1083d30ce7b29c4b5cbdfa2354e07383"
 dependencies = [
  "anyhow",
- "bytes",
  "indoc",
  "libc",
  "memoffset",
@@ -825,18 +831,18 @@ dependencies = [
 
 [[package]]
 name = "pyo3-build-config"
-version = "0.27.2"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b455933107de8642b4487ed26d912c2d899dec6114884214a0b3bb3be9261ea6"
+checksum = "4fc6ddaf24947d12a9aa31ac65431fb1b851b8f4365426e182901eabfb87df5f"
 dependencies = [
  "target-lexicon",
 ]
 
 [[package]]
 name = "pyo3-ffi"
-version = "0.27.2"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c85c9cbfaddf651b1221594209aed57e9e5cff63c4d11d1feead529b872a089"
+checksum = "025474d3928738efb38ac36d4744a74a400c901c7596199e20e45d98eb194105"
 dependencies = [
  "libc",
  "pyo3-build-config",
@@ -855,9 +861,9 @@ dependencies = [
 
 [[package]]
 name = "pyo3-macros"
-version = "0.27.2"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a5b10c9bf9888125d917fb4d2ca2d25c8df94c7ab5a52e13313a07e050a3b02"
+checksum = "2e64eb489f22fe1c95911b77c44cc41e7c19f3082fc81cce90f657cdc42ffded"
 dependencies = [
  "proc-macro2",
  "pyo3-macros-backend",
@@ -867,9 +873,9 @@ dependencies = [
 
 [[package]]
 name = "pyo3-macros-backend"
-version = "0.27.2"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "03b51720d314836e53327f5871d4c0cfb4fb37cc2c4a11cc71907a86342c40f9"
+checksum = "100246c0ecf400b475341b8455a9213344569af29a3c841d29270e53102e0fcf"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -880,9 +886,9 @@ dependencies = [
 
 [[package]]
 name = "pythonize"
-version = "0.27.0"
+version = "0.26.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3a8f29db331e28c332c63496cfcbb822aca3d7320bc08b655d7fd0c29c50ede"
+checksum = "11e06e4cff9be2bbf2bddf28a486ae619172ea57e79787f856572878c62dcfe2"
 dependencies = [
  "pyo3",
  "serde",
@@ -989,9 +995,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.12.3"
+version = "1.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
+checksum = "843bc0191f75f3e22651ae5f1e72939ab2f72a4bc30fa80a066bd66edefc24d4"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -1018,9 +1024,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.28"
+version = "0.12.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
+checksum = "9d0946410b9f7b082a427e4ef5c8ff541a88b357bc6c637c40db3a68ac70a36f"
 dependencies = [
  "base64",
  "bytes",
@@ -1201,15 +1207,15 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.149"
+version = "1.0.145"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
+checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
 dependencies = [
  "itoa",
  "memchr",
+ "ryu",
  "serde",
  "serde_core",
- "zmij",
 ]
 
 [[package]]
@@ -1410,9 +1416,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.49.0"
+version = "1.48.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72a2903cd7736441aac9df9d7688bd0ce48edccaadf181c3b90be801e81d3d86"
+checksum = "ff360e02eab121e0bc37a2d3b4d4dc622e6eda3a8e5253d5435ecf5bd4c68408"
 dependencies = [
  "bytes",
  "libc",
@@ -1462,9 +1468,9 @@ dependencies = [
 
 [[package]]
 name = "tower-http"
-version = "0.6.8"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
+checksum = "adc82fd73de2a9722ac5da747f12383d2bfdb93591ee6c58486e0097890f05f2"
 dependencies = [
  "bitflags",
  "bytes",
@@ -1915,9 +1921,3 @@ dependencies = [
  "quote",
  "syn",
 ]
-
-[[package]]
-name = "zmij"
-version = "1.0.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3ff05f8caa9038894637571ae6b9e29466c1f4f829d26c9b28f869a29cbe3445"

README.rst

@@ -1,4 +1,4 @@
-.. image:: https://github.com/element-hq/synapse/raw/develop/docs/element_logo_white_bg.svg
+.. image:: ./docs/element_logo_white_bg.svg
    :height: 60px
 
 **Element Synapse - Matrix homeserver implementation**

book.toml

@@ -4,6 +4,7 @@
 title = "Synapse"
 authors = ["The Matrix.org Foundation C.I.C."]
 language = "en"
+multilingual = false
 
 # The directory that documentation files are stored in
 src = "docs"
@@ -30,10 +31,13 @@ site-url = "/synapse/"
 # Additional HTML, JS, CSS that's injected into each page of the book.
 # More information available in docs/website_files/README.md
 additional-css = [
+    "docs/website_files/table-of-contents.css",
+    "docs/website_files/remove-nav-buttons.css",
     "docs/website_files/indent-section-headers.css",
     "docs/website_files/version-picker.css",
 ]
 additional-js = [
+    "docs/website_files/table-of-contents.js",
     "docs/website_files/version-picker.js",
     "docs/website_files/version.js",
 ]

changelog.d/18402.misc

@@ -0,0 +1 @@
+Group together dependabot update PRs to reduce the review load.

changelog.d/19187.misc

@@ -0,0 +1 @@
+Fix `HomeServer.shutdown()` failing if the homeserver hasn't been setup yet.

changelog.d/19206.bugfix

@@ -0,0 +1 @@
+Fix sliding sync performance slow down for long lived connections.

changelog.d/19212.misc

@@ -0,0 +1 @@
+Respond with useful error codes with `Content-Length` header/s are invalid.

changelog.d/19232.misc

@@ -0,0 +1 @@
+Fix `HomeServer.shutdown()` failing if the homeserver failed to `start`.

changelog.d/19234.misc

@@ -0,0 +1 @@
+Switch the build backend from `poetry-core` to `maturin`.

changelog.d/19253.misc

@@ -0,0 +1 @@
+Raise the limit for concurrently-open non-security @dependabot PRs from 5 to 10.

changelog.d/19254.removal

@@ -0,0 +1 @@
+Remove the "Updates to locked dependencies" section from the changelog due to lack of use and the maintenance burden.

changelog.d/19258.misc

@@ -0,0 +1 @@
+Require 14 days to pass before pulling in general dependency updates to help mitigate upstream supply chain attacks.

changelog.d/19262.misc

@@ -0,0 +1 @@
+Drop the broken netlify documentation workflow until a new one is implemented.

changelog.d/19267.bugfix

@@ -0,0 +1 @@
+Fix bug where `Duration` was logged incorrectly.

changelog.d/19278.misc

@@ -0,0 +1 @@
+Don't include debug logs in `Clock` unless explicitly enabled.

changelog.d/19289.misc

@@ -0,0 +1 @@
+Use `uv` to test olddeps to ensure all transitive dependencies use minimum versions.

changelog.d/19306.misc

@@ -0,0 +1 @@
+Prune stale entries from `sliding_sync_connection_required_state` table.

changelog.d/19517.doc

@@ -1 +0,0 @@
-Update docs to clarify `outbound_federation_restricted_to` can also be used with the [Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways).

changelog.d/19518.doc

@@ -1 +0,0 @@
-Unify Complement developer docs.

complement/.golangci.yml

@@ -1,38 +0,0 @@
-# Docs: https://golangci-lint.run/docs/configuration/file/
-#
-# Go formatting/linting rules
-#
-# This is run as part of the normal linting utility script,
-# `poetry run ./scripts-dev/lint.sh`
-
-version: "2"
-
-linters:
-  # Default set of linters.
-  # The value can be:
-  # - `standard`: https://golangci-lint.run/docs/linters/#enabled-by-default
-  # - `all`: enables all linters by default.
-  # - `none`: disables all linters by default.
-  # - `fast`: enables only linters considered as "fast" (`golangci-lint help linters --json | jq '[ .[] | select(.fast==true) ] | map(.name)'`).
-  # Default: standard
-  default: standard
-
-  # Enable specific linter.
-  # enable:
-  #   - example
-
-  # Disable specific linters.
-  disable:
-    # FIXME: Ideally, we'd enable the `bodyclose` lint but there are many
-    # false-positives (like https://github.com/timakin/bodyclose/issues/39) and just is
-    # not well-suited for our use case (https://github.com/timakin/bodyclose/issues/11 and
-    # https://github.com/timakin/bodyclose/issues/76).
-    - bodyclose
-
-formatters:
-  # Enable specific formatter.
-  # Default: [] (uses standard Go formatting)
-  enable:
-    - gofmt
-    - goimports
-    - golines

complement/README.md

@@ -1,95 +0,0 @@
-# Complement testing
-
-Complement is a black box integration testing framework for Matrix homeservers. It
-allows us to write end-to-end tests that interact with real Synapse homeservers to
-ensure everything works at a holistic level.
-
-
-## Setup
-
-Nothing beyond a [normal Complement
-setup](https://github.com/matrix-org/complement#running) (just Go and Docker).
-
-
-## Running tests
-
-Run tests from the [Complement](https://github.com/matrix-org/complement) repo:
-
-```shell
-# Run the tests
-./scripts-dev/complement.sh
-
-# To run a whole group of tests, you can specify part of the test path:
-scripts-dev/complement.sh ./tests/csapi/... -run TestRoomCreate
-# To run a specific test, you can specify the whole name structure:
-scripts-dev/complement.sh ./tests/csapi/... -run TestRoomCreate/Parallel/POST_/createRoom_makes_a_public_room
-# Generally though, the `-run` parameter accepts regex patterns, so you can match however you like:
-scripts-dev/complement.sh ./tests/... -run 'TestRoomCreate/Parallel/POST_/createRoom_makes_a_(.*)'
-```
-
-It's often nice to develop on Synapse and write Complement tests at the same time.
-Here is how to run your local Synapse checkout against your local Complement checkout.
-
-```shell
-# To run a specific test
-COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh ./tests/csapi/... -run TestRoomCreate
-```
-
-The above will run a monolithic (single-process) Synapse with SQLite as the database.
-For other configurations, try:
-
-- Passing `POSTGRES=1` as an environment variable to use the Postgres database instead.
-- Passing `WORKERS=1` as an environment variable to use a workerised setup instead. This
-  option implies the use of Postgres.
-  - If setting `WORKERS=1`, optionally set `WORKER_TYPES=` to declare which worker types
-    you wish to test. A simple comma-delimited string containing the worker types
-    defined from the `WORKERS_CONFIG` template in
-    [here](https://github.com/element-hq/synapse/blob/develop/docker/configure_workers_and_start.py#L54).
-    A safe example would be `WORKER_TYPES="federation_inbound, federation_sender,
-    synchrotron"`. See the [worker documentation](../workers.md) for additional
-    information on workers.
-- Passing `ASYNCIO_REACTOR=1` as an environment variable to use the asyncio-backed
-  reactor with Twisted instead of the default one.
-- Passing `PODMAN=1` will use the [podman](https://podman.io/) container runtime,
-  instead of docker.
-- Passing `UNIX_SOCKETS=1` will utilise Unix socket functionality for Synapse, Redis,
-  and Postgres(when applicable).
-
-To increase the log level for the tests, set `SYNAPSE_TEST_LOG_LEVEL`, e.g:
-```sh
-SYNAPSE_TEST_LOG_LEVEL=DEBUG COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestRoomCreate
-```
-
-
-### Running in-repo tests
-
-In-repo Complement tests are tests that are vendored into this project. We use the
-in-repo test suite to test Synapse specific behaviors like the admin API.
-
-To run the in-repo Complement tests, use the `--in-repo` command line argument.
-
-```shell
-# Run only a specific test package.
-# Note: test packages are relative to the `./complement` directory in this project
-./scripts-dev/complement.sh --in-repo ./tests/...
-
-# Similarly, you can also use `-run` to specify all or part of a specific test path to run
-scripts-dev/complement.sh --in-repo ./tests/... -run TestIntraShardFederation
-```
-
-### Access database for homeserver after Complement test runs.
-
-If you're curious what the database looks like after you run some tests, here are some
-steps to get you going in Synapse:
-
-1. In your Complement test comment out `defer deployment.Destroy(t)` and replace with
-   `defer time.Sleep(2 * time.Hour)` to keep the homeserver running after the tests
-   complete
-1. Start the Complement tests
-1. Find the name of the container, `docker ps -f name=complement_` (this will filter for
-   just the Complement related Docker containers)
-1. Access the container replacing the name with what you found in the previous step:
-   `docker exec -it complement_1_hs_with_application_service.hs1_2 /bin/bash`
-1. Install sqlite (database driver), `apt-get update && apt-get install -y sqlite3`
-1. Then run `sqlite3` and open the database `.open /conf/homeserver.db` (this db path
-   comes from the Synapse homeserver.yaml)

complement/go.mod

@@ -1,57 +0,0 @@
-module github.com/element-hq/synapse
-
-go 1.24.1
-
-toolchain go1.24.4
-
-require (
-	github.com/matrix-org/complement v0.0.0-20251120181401-44111a2a8a9d
-	github.com/matrix-org/gomatrixserverlib v0.0.0-20250813150445-9f5070a65744
-)
-
-require (
-	github.com/docker/docker v28.3.3+incompatible // indirect
-	github.com/docker/go-connections v0.5.0 // indirect
-	github.com/hashicorp/go-set/v3 v3.0.0 // indirect
-	github.com/moby/sys/atomicwriter v0.1.0 // indirect
-	github.com/oleiade/lane/v2 v2.0.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	gotest.tools/v3 v3.4.0 // indirect
-)
-
-require (
-	github.com/Microsoft/go-winio v0.6.2 // indirect
-	github.com/containerd/errdefs v1.0.0 // indirect
-	github.com/containerd/errdefs/pkg v0.3.0 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/go-units v0.5.0 // indirect
-	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.4.3 // indirect
-	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 // indirect
-	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/term v0.5.2 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.1 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/tidwall/gjson v1.18.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.1 // indirect
-	github.com/tidwall/sjson v1.2.5 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
-	go.opentelemetry.io/otel v1.36.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 // indirect
-	go.opentelemetry.io/otel/metric v1.36.0 // indirect
-	go.opentelemetry.io/otel/trace v1.36.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.7.0 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/time v0.11.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
-)

complement/go.sum

@@ -1,169 +0,0 @@
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
-github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
-github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
-github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
-github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
-github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
-github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
-github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
-github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
-github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
-github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
-github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
-github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
-github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
-github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
-github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 h1:5ZPtiqj0JL5oKWmcsq4VMaAW5ukBEgSGXEN89zeH1Jo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3/go.mod h1:ndYquD05frm2vACXE1nsccT4oJzjhw2arTS2cpUD1PI=
-github.com/hashicorp/go-set/v3 v3.0.0 h1:CaJBQvQCOWoftrBcDt7Nwgo0kdpmrKxar/x2o6pV9JA=
-github.com/hashicorp/go-set/v3 v3.0.0/go.mod h1:IEghM2MpE5IaNvL+D7X480dfNtxjRXZ6VMpK3C8s2ok=
-github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/matrix-org/complement v0.0.0-20251120181401-44111a2a8a9d h1:s2Xc9GB2E/pXdElP18h8+04Y3SmhaII7xh2YmCM7oZc=
-github.com/matrix-org/complement v0.0.0-20251120181401-44111a2a8a9d/go.mod h1:HioTV089DHLBfljH9QLGifJRE4Avnyk08BXXhCwd4gs=
-github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
-github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250813150445-9f5070a65744 h1:5GvC2FD9O/PhuyY95iJQdNYHbDioEhMWdeMP9maDUL8=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250813150445-9f5070a65744/go.mod h1:b6KVfDjXjA5Q7vhpOaMqIhFYvu5BuFVZixlNeTV/CLc=
-github.com/matrix-org/util v0.0.0-20221111132719-399730281e66 h1:6z4KxomXSIGWqhHcfzExgkH3Z3UkIXry4ibJS4Aqz2Y=
-github.com/matrix-org/util v0.0.0-20221111132719-399730281e66/go.mod h1:iBI1foelCqA09JJgPV0FYz4qA5dUXYOxMi57FxKBdd4=
-github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
-github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
-github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
-github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
-github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
-github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
-github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
-github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/oleiade/lane/v2 v2.0.0 h1:XW/ex/Inr+bPkLd3O240xrFOhUkTd4Wy176+Gv0E3Qw=
-github.com/oleiade/lane/v2 v2.0.0/go.mod h1:i5FBPFAYSWCgLh58UkUGCChjcCzef/MI7PlQm2TKCeg=
-github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
-github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
-github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/shoenig/test v1.11.0 h1:NoPa5GIoBwuqzIviCrnUJa+t5Xb4xi5Z+zODJnIDsEQ=
-github.com/shoenig/test v1.11.0/go.mod h1:UxJ6u/x2v/TNs/LoLxBNJRV9DiwBBKYxXSyczsBHFoI=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
-github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
-github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
-github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
-github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
-github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q=
-go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg=
-go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0 h1:dNzwXjZKpMpE2JhmO+9HsPl42NIXFIFSUSSs0fiqra0=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.36.0/go.mod h1:90PoxvaEB5n6AOdZvi+yWJQoE95U8Dhhw2bSyRqnTD0=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0 h1:BEj3SPM81McUZHYjRS5pEgNgnmzGJ5tRpU5krWnV8Bs=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.34.0/go.mod h1:9cKLGBDzI/F3NoHLQGm4ZrYdIHsvGt6ej6hUowxY0J4=
-go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE=
-go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs=
-go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs=
-go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY=
-go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis=
-go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4=
-go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w=
-go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA=
-go.opentelemetry.io/proto/otlp v1.7.0 h1:jX1VolD6nHuFzOYso2E73H85i92Mv8JQYk0K9vz09os=
-go.opentelemetry.io/proto/otlp v1.7.0/go.mod h1:fSKjH6YJ7HDlwzltzyMj036AJ3ejJLCgCSHGj4efDDo=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
-golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
-golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
-golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a h1:SGktgSolFCo75dnHJF2yMvnns6jCmHFJ0vE4Vn2JKvQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1:v2PbRU4K3llS09c7zodFpNePeamkAwG3mPrAery9VeE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
-google.golang.org/grpc v1.72.2 h1:TdbGzwb82ty4OusHWepvFWGLgIbNo1/SUynEN0ssqv8=
-google.golang.org/grpc v1.72.2/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
-gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=

complement/tests/federation_test.go

@@ -1,65 +0,0 @@
-// This file is licensed under the Affero General Public License (AGPL) version 3.
-//
-// Copyright (C) 2026 Element Creations Ltd
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as
-// published by the Free Software Foundation, either version 3 of the
-// License, or (at your option) any later version.
-//
-// See the GNU Affero General Public License for more details:
-// <https://www.gnu.org/licenses/agpl-3.0.html>.
-
-package synapse_tests
-
-import (
-	"testing"
-
-	"github.com/matrix-org/complement"
-	"github.com/matrix-org/complement/client"
-	"github.com/matrix-org/complement/helpers"
-	"github.com/matrix-org/gomatrixserverlib/spec"
-)
-
-// Stub test to ensure that homeservers can communicate with each other (federation works correctly).
-//
-// TODO: This test will disappear once we have other real Synapse specific tests in
-// place. This is simply here as an example without bloating the PR with some specific
-// new tests.
-func TestFederation(t *testing.T) {
-	// Create two homeservers
-	deployment := complement.Deploy(t, 2)
-	defer deployment.Destroy(t)
-
-	alice := deployment.Register(t, "hs1", helpers.RegistrationOpts{})
-	bob := deployment.Register(t, "hs2", helpers.RegistrationOpts{})
-
-	aliceRoomID := alice.MustCreateRoom(t, map[string]any{
-		"preset": "public_chat",
-	})
-	bobRoomID := bob.MustCreateRoom(t, map[string]any{
-		"preset": "public_chat",
-	})
-
-	t.Run("parallel", func(t *testing.T) {
-		t.Run("HS1 -> HS2", func(t *testing.T) {
-			t.Parallel()
-
-			alice.MustJoinRoom(t, bobRoomID, []spec.ServerName{
-				deployment.GetFullyQualifiedHomeserverName(t, "hs2"),
-			})
-
-			bob.MustSyncUntil(t, client.SyncReq{}, client.SyncJoinedTo(alice.UserID, bobRoomID))
-		})
-
-		t.Run("HS2 -> HS1", func(t *testing.T) {
-			t.Parallel()
-
-			bob.MustJoinRoom(t, aliceRoomID, []spec.ServerName{
-				deployment.GetFullyQualifiedHomeserverName(t, "hs1"),
-			})
-
-			alice.MustSyncUntil(t, client.SyncReq{}, client.SyncJoinedTo(bob.UserID, aliceRoomID))
-		})
-	})
-}

complement/tests/main_test.go

@@ -1,23 +0,0 @@
-// This file is licensed under the Affero General Public License (AGPL) version 3.
-//
-// Copyright (C) 2026 Element Creations Ltd
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as
-// published by the Free Software Foundation, either version 3 of the
-// License, or (at your option) any later version.
-//
-// See the GNU Affero General Public License for more details:
-// <https://www.gnu.org/licenses/agpl-3.0.html>.
-
-package synapse_tests
-
-import (
-	"testing"
-
-	"github.com/matrix-org/complement"
-)
-
-func TestMain(m *testing.M) {
-	complement.TestMain(m, "synapse")
-}

debian/changelog

@@ -1,81 +1,3 @@
-matrix-synapse-py3 (1.149.0~rc1) stable; urgency=medium
-
-  * New synapse release 1.149.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Mar 2026 14:37:57 +0000
-
-matrix-synapse-py3 (1.148.0) stable; urgency=medium
-
-  * New synapse release 1.148.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 24 Feb 2026 11:17:49 +0000
-
-matrix-synapse-py3 (1.148.0~rc1) stable; urgency=medium
-
-  * New synapse release 1.148.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 17 Feb 2026 16:44:08 +0000
-
-matrix-synapse-py3 (1.147.1) stable; urgency=medium
-
-  * New synapse release 1.147.1.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 12 Feb 2026 15:45:15 +0000
-
-matrix-synapse-py3 (1.147.0) stable; urgency=medium
-
-  * New synapse release 1.147.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 10 Feb 2026 12:39:58 +0000
-
-matrix-synapse-py3 (1.147.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.147.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 03 Feb 2026 08:53:17 -0700
-
-matrix-synapse-py3 (1.146.0) stable; urgency=medium
-
-  * New Synapse release 1.146.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 27 Jan 2026 08:43:59 -0700
-
-matrix-synapse-py3 (1.146.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.146.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 20 Jan 2026 08:42:10 -0700
-
-matrix-synapse-py3 (1.145.0) stable; urgency=medium
-
-  * New Synapse release 1.145.0.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 13 Jan 2026 08:37:42 -0700
-
-matrix-synapse-py3 (1.145.0~rc4) stable; urgency=medium
-
-  * New Synapse release 1.145.0rc4.
-
- -- Synapse Packaging team <packages@matrix.org>  Thu, 08 Jan 2026 12:06:35 -0700
-
-matrix-synapse-py3 (1.145.0~rc3) stable; urgency=medium
-
-  * New Synapse release 1.145.0rc3.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 07 Jan 2026 15:32:07 -0700
-
-matrix-synapse-py3 (1.145.0~rc2) stable; urgency=medium
-
-  * New Synapse release 1.145.0rc2.
-
- -- Synapse Packaging team <packages@matrix.org>  Wed, 07 Jan 2026 10:10:07 -0700
-
-matrix-synapse-py3 (1.145.0~rc1) stable; urgency=medium
-
-  * New Synapse release 1.145.0rc1.
-
- -- Synapse Packaging team <packages@matrix.org>  Tue, 06 Jan 2026 09:29:39 -0700
-
 matrix-synapse-py3 (1.144.0) stable; urgency=medium
 
   * New Synapse release 1.144.0.

demo/start.sh

@@ -145,12 +145,6 @@ for port in 8080 8081 8082; do
 			rc_delayed_event_mgmt:
 			  per_second: 1000
 			  burst_count: 1000
-			rc_room_creation:
-			  per_second: 1000
-			  burst_count: 1000
-			rc_user_directory:
-			  per_second: 1000
-			  burst_count: 1000
 			RC
 			)
             echo "${ratelimiting}" >> "$port.config"

docker/Dockerfile

@@ -188,12 +188,7 @@ COPY --from=builder  --exclude=.lock /install /usr/local
 COPY ./docker/start.py /start.py
 COPY ./docker/conf /conf
 
-# 8008: CS Matrix API port from Synapse
-# 8448: SS Matrix API port from Synapse
-EXPOSE 8008/tcp 8448/tcp
-# 19090: Metrics listener port for the main process (metrics must be enabled with
-# SYNAPSE_ENABLE_METRICS=1).
-EXPOSE 19090/tcp
+EXPOSE 8008/tcp 8009/tcp 8448/tcp
 
 ENTRYPOINT ["/start.py"]
 

docker/Dockerfile-workers

@@ -71,15 +71,6 @@ FROM $FROM
 
     # Expose nginx listener port
     EXPOSE 8080/tcp
-    # Metrics for workers are on ports starting from 19091 but since these are dynamic
-    # we don't expose them by default (metrics must be enabled with
-    # SYNAPSE_ENABLE_METRICS=1)
-    #
-    # Instead, we expose a single port used for Prometheus HTTP service discovery
-    # (`http://<synapse_container>:9469/metrics/service_discovery`) and proxy all of the
-    # workers' metrics endpoints through that
-    # (`http://<synapse_container>:9469/metrics/worker/<worker_name>`).
-    EXPOSE 9469/tcp
 
     # A script to read environment variables and create the necessary
     # files to run the desired worker configuration. Will start supervisord.

docker/README-testing.md

@@ -12,9 +12,11 @@ Note that running Synapse's unit tests from within the docker image is not suppo
 
 `scripts-dev/complement.sh` is a script that will automatically build
 and run Synapse against Complement.
-Consult our [Complement docs][https://github.com/element-hq/synapse/tree/develop/complement] for instructions on how to use it.
+Consult the [contributing guide][guideComplementSh] for instructions on how to use it.
 
 
+[guideComplementSh]: https://element-hq.github.io/synapse/latest/development/contributing_guide.html#run-the-integration-tests-complement
+
 ## Building and running the images manually
 
 Under some circumstances, you may wish to build the images manually.
@@ -29,23 +31,23 @@ release of Synapse, instead of your current checkout, you can skip this step. Fr
 root of the repository:
 
 ```sh
-docker build -t localhost/synapse -f docker/Dockerfile .
+docker build -t matrixdotorg/synapse -f docker/Dockerfile .
 ```
 
 Next, build the workerised Synapse docker image, which is a layer over the base
 image.
 
 ```sh
-docker build -t localhost/synapse-workers --build-arg FROM=localhost/synapse -f docker/Dockerfile-workers .
+docker build -t matrixdotorg/synapse-workers -f docker/Dockerfile-workers .
 ```
 
 Finally, build the multi-purpose image for Complement, which is a layer over the workers image.
 
 ```sh
-docker build -t localhost/complement-synapse -f docker/complement/Dockerfile --build-arg FROM=localhost/synapse-workers docker/complement
+docker build -t complement-synapse -f docker/complement/Dockerfile docker/complement
 ```
 
-This will build an image with the tag `localhost/complement-synapse`, which can be handed to
+This will build an image with the tag `complement-synapse`, which can be handed to
 Complement for testing via the `COMPLEMENT_BASE_IMAGE` environment variable. Refer to
 [Complement's documentation](https://github.com/matrix-org/complement/#running) for
 how to run the tests, as well as the various available command line flags.
@@ -133,49 +135,3 @@ but it does not serve TLS by default.
 You can configure `SYNAPSE_TLS_CERT` and `SYNAPSE_TLS_KEY` to point to a
 TLS certificate and key (respectively), both in PEM (textual) format.
 In this case, Nginx will additionally serve using HTTPS on port 8448.
-
-
-### Metrics
-
-Set `SYNAPSE_ENABLE_METRICS=1` to configure `enable_metrics: true` and setup the
-`metrics` listener on the main and worker processes. Defaults to `0` (disabled). The
-main process will listen on port `19090` and workers on port `19091 + <worker index>`.
-
-When using `docker/Dockerfile-workers`, to ease the complexity with the metrics setup,
-we also have a [Prometheus HTTP service
-discovery](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config)
-endpoint available at `http://<synapse_container>:9469/metrics/service_discovery`.
-
-The metrics from each worker can also be accessed via
-`http://<synapse_container>:9469/metrics/worker/<worker_name>` which is what the service
-discovery response points to behind the scenes. This way, you only need to expose a
-single port (9469) to access all metrics.
-
-```yaml
-global:
-  scrape_interval: 15s
-  scrape_timeout: 15s
-  evaluation_interval: 15s
-
-scrape_configs:
-  - job_name: synapse
-    scrape_interval: 15s
-    metrics_path: /_synapse/metrics
-    scheme: http
-    # We set `honor_labels` so that each service can set their own `job`/`instance` label
-    #
-    # > honor_labels controls how Prometheus handles conflicts between labels that are
-    # > already present in scraped data and labels that Prometheus would attach
-    # > server-side ("job" and "instance" labels, manually configured target
-    # > labels, and labels generated by service discovery implementations).
-    # >
-    # > *-- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config*
-    honor_labels: true
-    # Use HTTP service discovery
-    #
-    # Reference:
-    #  - https://prometheus.io/docs/prometheus/latest/http_sd/
-    #  - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config
-    http_sd_configs:
-      - url: 'http://localhost:9469/metrics/service_discovery'
-```

docker/README.md

@@ -75,9 +75,6 @@ The following environment variables are supported in `generate` mode:
   particularly tricky.
 * `SYNAPSE_LOG_TESTING`: if set, Synapse will log additional information useful
   for testing.
-* `SYNAPSE_ENABLE_METRICS`: if set to `1`, the metrics listener will be enabled on the
-  main and worker processes. Defaults to `0` (disabled). The main process will listen on
-  port `19090` and workers on port `19091 + <worker index>`.
 
 ## Postgres
 

docker/complement/conf/workers-shared-extra.yaml.j2

@@ -102,10 +102,6 @@ rc_room_creation:
   per_second: 9999
   burst_count: 9999
 
-rc_user_directory:
-  per_second: 9999
-  burst_count: 9999
-
 federation_rr_transactions_per_room_per_second: 9999
 
 allow_device_name_lookup_over_federation: true
@@ -139,10 +135,6 @@ experimental_features:
   msc4155_enabled: true
   # Thread Subscriptions
   msc4306_enabled: true
-  # Sticky Events
-  msc4354_enabled: true
-  # `/sync` `state_after`
-  msc4222_enabled: true
 
 server_notices:
   system_mxid_localpart: _server

docker/conf-workers/nginx.conf.j2

@@ -48,5 +48,3 @@ server {
         proxy_set_header Host $host:$server_port;
     }
 }
-
-{{ nginx_prometheus_metrics_service_discovery }}

docker/conf-workers/shared.yaml.j2

@@ -20,9 +20,4 @@ app_service_config_files:
 {%- endfor %}
 {%- endif %}
 
-{# Controlled by SYNAPSE_ENABLE_METRICS #}
-{% if enable_metrics %}
-enable_metrics: true
-{% endif %}
-
 {{ shared_worker_config }}

docker/conf-workers/worker.yaml.j2

@@ -21,14 +21,6 @@ worker_listeners:
 {%- endfor %}
 {% endif %}
 
-{# Controlled by SYNAPSE_ENABLE_METRICS #}
-{% if metrics_port %}
-  - type: metrics
-    # Prometheus does not support Unix sockets so we don't bother with
-    # `SYNAPSE_USE_UNIX_SOCKET`, https://github.com/prometheus/prometheus/issues/12024
-    port: {{ metrics_port }}
-{% endif %}
-
 worker_log_config: {{ worker_log_config_filepath }}
 
 {{ worker_extra_conf }}

docker/conf/homeserver.yaml

@@ -53,15 +53,6 @@ listeners:
       - names: [federation]
         compress: false
 
-{% if SYNAPSE_ENABLE_METRICS %}
-  - type: metrics
-    # The main process always uses the same port 19090
-    #
-    # Prometheus does not support Unix sockets so we don't bother with
-    # `SYNAPSE_USE_UNIX_SOCKET`, https://github.com/prometheus/prometheus/issues/12024
-    port: 19090
-{% endif %}
-
 ## Database ##
 
 {% if POSTGRES_PASSWORD %}

docker/configure_workers_and_start.py

@@ -49,16 +49,11 @@
 #         regardless of the SYNAPSE_LOG_LEVEL setting.
 #   * SYNAPSE_LOG_TESTING: if set, Synapse will log additional information useful
 #     for testing.
-#   * SYNAPSE_USE_UNIX_SOCKET: TODO
-#   * `SYNAPSE_ENABLE_METRICS`: if set to `1`, the metrics listener will be enabled on the
-#      main and worker processes. Defaults to `0` (disabled). The main process will listen on
-#      port `19090` and workers on port `19091 + <worker index>`.
 #
 # NOTE: According to Complement's ENTRYPOINT expectations for a homeserver image (as defined
 # in the project's README), this script may be run multiple times, and functionality should
 # continue to work if so.
 
-import json
 import os
 import platform
 import re
@@ -76,7 +71,6 @@ from typing import (
     SupportsIndex,
 )
 
-import attr
 import yaml
 from jinja2 import Environment, FileSystemLoader
 
@@ -343,7 +337,7 @@ WORKERS_CONFIG: dict[str, dict[str, Any]] = {
 }
 
 # Templates for sections that may be inserted multiple times in config files
-NGINX_LOCATION_REGEX_CONFIG_BLOCK = """
+NGINX_LOCATION_CONFIG_BLOCK = """
     location ~* {endpoint} {{
         proxy_pass {upstream};
         proxy_set_header X-Forwarded-For $remote_addr;
@@ -352,25 +346,6 @@ NGINX_LOCATION_REGEX_CONFIG_BLOCK = """
     }}
 """
 
-# Having both **regex** (`NGINX_LOCATION_REGEX_CONFIG_BLOCK`) match vs **exact**
-# (`NGINX_LOCATION_EXACT_CONFIG_BLOCK`) match is necessary because we can't use a URI
-# path in `proxy_pass http://localhost:19090/_synapse/metrics` with the regex version.
-#
-# Example of what happens if you try to use `proxy_pass http://localhost:19090/_synapse/metrics`
-# with `NGINX_LOCATION_REGEX_CONFIG_BLOCK`:
-# ```
-# nginx | 2025/12/31 22:58:34 [emerg] 21#21: "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/matrix-synapse.conf:732
-# ```
-NGINX_LOCATION_EXACT_CONFIG_BLOCK = """
-    location = {endpoint} {{
-        proxy_pass {upstream};
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header Host $host;
-    }}
-"""
-
-
 NGINX_UPSTREAM_CONFIG_BLOCK = """
 upstream {upstream_worker_base_name} {{
 {body}
@@ -378,63 +353,6 @@ upstream {upstream_worker_base_name} {{
 """
 
 
-PROMETHEUS_METRICS_SERVICE_DISCOVERY_FILE_PATH = (
-    "/data/prometheus_service_discovery.json"
-)
-"""
-We serve this file with nginx so people can use it with `http_sd_config` in their
-Prometheus config.
-"""
-
-NGINX_HOST_PLACEHOLDER = "<HOST_PLACEHOLDER>"
-"""Will be replaced with the whatever hostname:port used to access the nginx metrics endpoint."""
-
-NGINX_PROMETHEUS_METRICS_SERVICE_DISCOVERY = """
-server {{
-    listen 9469;
-    location = /metrics/service_discovery {{
-        alias {service_discovery_file_path};
-        default_type application/json;
-
-        # Find/replace the host placeholder in the response body with the actual
-        # host used to access this endpoint.
-        #
-        # We want to reflect back whatever host the client used to access this file.
-        # For example, if they accessed it via `localhost:9469`, then they
-        # can also reach all of the proxied metrics endpoints at the same address.
-        # Or if it's Prometheus in another container, it will access this via
-        # `host.docker.internal:9469`, etc. Or perhaps it's even some randomly assigned
-        # port mapping.
-        sub_filter '{host_placeholder}' '$http_host';
-        # By default, `ngx_http_sub_module` only works on `text/html` responses. We want
-        # to find/replace in `application/JSON`.
-        sub_filter_types application/json;
-        # Replace all occurences
-        sub_filter_once off;
-    }}
-
-    # Make the service discovery endpoint easy to find; redirect to the correct spot.
-    location = / {{
-        return 302 /metrics/service_discovery;
-    }}
-
-    {metrics_proxy_locations}
-}}
-"""
-"""
-Setup the nginx config necessary to serve the JSON file for Prometheus HTTP service discovery
-(`http_sd_config`). Served at `/metrics/service_discovery`.
-
-Reference:
- - https://prometheus.io/docs/prometheus/latest/http_sd/
- - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config
-
-We also proxy all of the Synapse metrics endpoints through a central place so that
-people only need to expose the single 9469 port and service discovery can take care of
-the rest: `/metrics/worker/<worker_name>` -> http://localhost:19090/_synapse/metrics
-"""
-
-
 # Utility functions
 def log(txt: str) -> None:
     print(txt)
@@ -694,42 +612,9 @@ def generate_base_homeserver_config() -> None:
     subprocess.run([sys.executable, "/start.py", "migrate_config"], check=True)
 
 
-@attr.s(auto_attribs=True)
-class Worker:
-    worker_name: str
-    """
-    ex.
-    `event_persister:2` -> `event_persister1` and `event_persister2`
-    `stream_writers=account_data+presence+receipts+to_device+typing"` -> `stream_writers`
-    """
-
-    worker_base_name: str
-    """
-    ex.
-    `event_persister:2` -> `event_persister`
-    `stream_writers=account_data+presence+receipts+to_device+typing"` -> `stream_writers`
-    """
-
-    worker_index: int
-    """
-    The index of the worker starting from 1 for each worker type requested.
-
-    ex.
-    `event_persister:2` -> `1` and `2`
-    `stream_writers=account_data+presence+receipts+to_device+typing"` -> `1`
-    """
-
-    worker_types: set[str]
-    """
-    ex.
-    `event_persister:2` -> `{"event_persister"}`
-    `stream_writers=account_data+presence+receipts+to_device+typing"` -> `{"account_data", "presence", "receipts","to_device", "typing"}
-    """
-
-
 def parse_worker_types(
     requested_worker_types: list[str],
-) -> list[Worker]:
+) -> dict[str, set[str]]:
     """Read the desired list of requested workers and prepare the data for use in
         generating worker config files while also checking for potential gotchas.
 
@@ -737,7 +622,10 @@ def parse_worker_types(
         requested_worker_types: The list formed from the split environment variable
             containing the unprocessed requests for workers.
 
-    Returns: A list of requested workers
+    Returns: A dict of worker names to set of worker types. Format:
+        {'worker_name':
+            {'worker_type', 'worker_type2'}
+        }
     """
     # A counter of worker_base_name -> int. Used for determining the name for a given
     # worker when generating its config file, as each worker's name is just
@@ -748,8 +636,8 @@ def parse_worker_types(
     # more than a single worker for cases where multiples would be bad(e.g. presence).
     worker_type_shard_counter: dict[str, int] = defaultdict(int)
 
-    # Map from worker name to `Worker`
-    worker_dict: dict[str, Worker] = {}
+    # The final result of all this processing
+    dict_to_return: dict[str, set[str]] = {}
 
     # Handle any multipliers requested for given workers.
     multiple_processed_worker_types = apply_requested_multiplier_for_worker(
@@ -835,29 +723,24 @@ def parse_worker_types(
         if worker_number > 1:
             # If this isn't the first worker, check that we don't have a confusing
             # mixture of worker types with the same base name.
-            first_worker_with_base_name = worker_dict[f"{worker_base_name}1"]
-            if first_worker_with_base_name.worker_types != worker_types_set:
+            first_worker_with_base_name = dict_to_return[f"{worker_base_name}1"]
+            if first_worker_with_base_name != worker_types_set:
                 error(
                     f"Can not use worker_name: '{worker_name}' for worker_type(s): "
                     f"{worker_types_set!r}. It is already in use by "
-                    f"worker_type(s): {first_worker_with_base_name.worker_types!r}"
+                    f"worker_type(s): {first_worker_with_base_name!r}"
                 )
 
-        worker_dict[worker_name] = Worker(
-            worker_name=worker_name,
-            worker_base_name=worker_base_name,
-            worker_index=worker_number,
-            worker_types=worker_types_set,
-        )
+        dict_to_return[worker_name] = worker_types_set
 
-    return list(worker_dict.values())
+    return dict_to_return
 
 
 def generate_worker_files(
     environ: Mapping[str, str],
     config_path: str,
     data_dir: str,
-    requested_workers: list[Worker],
+    requested_worker_types: dict[str, set[str]],
 ) -> None:
     """Read the desired workers(if any) that is passed in and generate shared
         homeserver, nginx and supervisord configs.
@@ -867,16 +750,14 @@ def generate_worker_files(
         config_path: The location of the generated Synapse main worker config file.
         data_dir: The location of the synapse data directory. Where log and
             user-facing config files live.
-        requested_workers: A list of requested workers
+        requested_worker_types: A Dict containing requested workers in the format of
+            {'worker_name1': {'worker_type', ...}}
     """
     # Note that yaml cares about indentation, so care should be taken to insert lines
     # into files at the correct indentation below.
 
     # Convenience helper for if using unix sockets instead of host:port
     using_unix_sockets = environ.get("SYNAPSE_USE_UNIX_SOCKET", False)
-
-    enable_metrics = environ.get("SYNAPSE_ENABLE_METRICS", "0") == "1"
-
     # First read the original config file and extract the listeners block. Then we'll
     # add another listener for replication. Later we'll write out the result to the
     # shared config file.
@@ -908,11 +789,7 @@ def generate_worker_files(
     # base shared worker jinja2 template. This config file will be passed to all
     # workers, included Synapse's main process. It is intended mainly for disabling
     # functionality when certain workers are spun up, and adding a replication listener.
-    shared_config: dict[str, Any] = {
-        "listeners": listeners,
-        # Controls `enable_metrics: true`
-        "enable_metrics": enable_metrics,
-    }
+    shared_config: dict[str, Any] = {"listeners": listeners}
 
     # List of dicts that describe workers.
     # We pass this to the Supervisor template later to generate the appropriate
@@ -939,8 +816,6 @@ def generate_worker_files(
 
     # Start worker ports from this arbitrary port
     worker_port = 18009
-    # The main process metrics port is 19090, so start workers from 19091
-    worker_metrics_port = 19091
 
     # A list of internal endpoints to healthcheck, starting with the main process
     # which exists even if no workers do.
@@ -957,9 +832,7 @@ def generate_worker_files(
         healthcheck_urls = ["http://localhost:8080/health"]
 
     # Get the set of all worker types that we have configured
-    all_worker_types_in_use = set(
-        chain(*[worker.worker_types for worker in requested_workers])
-    )
+    all_worker_types_in_use = set(chain(*requested_worker_types.values()))
     # Map locations to upstreams (corresponding to worker types) in Nginx
     # but only if we use the appropriate worker type
     for worker_type in all_worker_types_in_use:
@@ -968,13 +841,12 @@ def generate_worker_files(
 
     # For each worker type specified by the user, create config values and write it's
     # yaml config file
-    worker_name_to_metrics_port_map: dict[str, int] = {}
-    for worker in requested_workers:
+    for worker_name, worker_types_set in requested_worker_types.items():
         # The collected and processed data will live here.
         worker_config: dict[str, Any] = {}
 
         # Merge all worker config templates for this worker into a single config
-        for worker_type in worker.worker_types:
+        for worker_type in worker_types_set:
             copy_of_template_config = WORKERS_CONFIG[worker_type].copy()
 
             # Merge worker type template configuration data. It's a combination of lists
@@ -984,27 +856,16 @@ def generate_worker_files(
             )
 
         # Replace placeholder names in the config template with the actual worker name.
-        worker_config = insert_worker_name_for_worker_config(
-            worker_config, worker.worker_name
-        )
+        worker_config = insert_worker_name_for_worker_config(worker_config, worker_name)
 
         worker_config.update(
-            {
-                "name": worker.worker_name,
-                "port": str(worker_port),
-                "config_path": config_path,
-            }
+            {"name": worker_name, "port": str(worker_port), "config_path": config_path}
         )
 
-        # Keep the `shared_config` up to date with the `shared_extra_conf` from each
-        # worker.
-        shared_config = {
-            **worker_config["shared_extra_conf"],
-            # We combine `shared_config` second to avoid overwriting existing keys just
-            # for sanity sake (always use the first worker).
-            **shared_config,
-        }
-
+        # Update the shared config with any worker_type specific options. The first of a
+        # given worker_type needs to stay assigned and not be replaced.
+        worker_config["shared_extra_conf"].update(shared_config)
+        shared_config = worker_config["shared_extra_conf"]
         if using_unix_sockets:
             healthcheck_urls.append(
                 f"--unix-socket /run/worker.{worker_port} http://localhost/health"
@@ -1016,51 +877,39 @@ def generate_worker_files(
         # the `events` stream. For other workers, the worker name is the same
         # name of the stream they write to, but for some reason it is not the
         # case for event_persister.
-        if "event_persister" in worker.worker_types:
-            worker.worker_types.add("events")
+        if "event_persister" in worker_types_set:
+            worker_types_set.add("events")
 
         # Update the shared config with sharding-related options if necessary
         add_worker_roles_to_shared_config(
-            shared_config, worker.worker_types, worker.worker_name, worker_port
+            shared_config, worker_types_set, worker_name, worker_port
         )
 
         # Enable the worker in supervisord
         worker_descriptors.append(worker_config)
 
         # Write out the worker's logging config file
-        log_config_filepath = generate_worker_log_config(
-            environ, worker.worker_name, data_dir
-        )
-
-        worker_name_to_metrics_port_map[worker.worker_name] = worker_metrics_port
-        if enable_metrics:
-            # Enable prometheus metrics endpoint on this worker
-            worker_config["metrics_port"] = worker_metrics_port
-
-        if enable_metrics:
-            # Enable prometheus metrics endpoint on this worker
-            worker_config["metrics_port"] = worker_metrics_port
+        log_config_filepath = generate_worker_log_config(environ, worker_name, data_dir)
 
         # Then a worker config file
         convert(
             "/conf/worker.yaml.j2",
-            f"/conf/workers/{worker.worker_name}.yaml",
+            f"/conf/workers/{worker_name}.yaml",
             **worker_config,
             worker_log_config_filepath=log_config_filepath,
             using_unix_sockets=using_unix_sockets,
         )
 
         # Save this worker's port number to the correct nginx upstreams
-        for worker_type in worker.worker_types:
+        for worker_type in worker_types_set:
             nginx_upstreams.setdefault(worker_type, set()).add(worker_port)
 
         worker_port += 1
-        worker_metrics_port += 1
 
     # Build the nginx location config blocks
     nginx_location_config = ""
     for endpoint, upstream in nginx_locations.items():
-        nginx_location_config += NGINX_LOCATION_REGEX_CONFIG_BLOCK.format(
+        nginx_location_config += NGINX_LOCATION_CONFIG_BLOCK.format(
             endpoint=endpoint,
             upstream=upstream,
         )
@@ -1083,111 +932,6 @@ def generate_worker_files(
             body=body,
         )
 
-    # Provide a Prometheus metrics service discovery endpoint to easily be able to pick
-    # up all of the workers
-    nginx_prometheus_metrics_service_discovery = ""
-    if enable_metrics:
-        # Write JSON file for Prometheus service discovery pointing to all of the
-        # workers. We serve this file with nginx so people can use it with
-        # `http_sd_config` in their Prometheus config.
-        #
-        # > It fetches targets from an HTTP endpoint containing a list of zero or more
-        # > `<static_config>`s. The target must reply with an HTTP 200 response. The HTTP
-        # > header `Content-Type` must be `application/json`, and the body must be valid
-        # > JSON.
-        # >
-        # > *-- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#http_sd_config*
-        #
-        # Another reference: https://prometheus.io/docs/prometheus/latest/http_sd/
-        prometheus_http_service_discovery_content = [
-            {
-                "targets": [NGINX_HOST_PLACEHOLDER],
-                "labels": {
-                    # The downstream user should also configure `honor_labels: true` in
-                    # their Prometheus config to prevent Prometheus from overwriting the
-                    # `job` labels.
-                    #
-                    # > honor_labels controls how Prometheus handles conflicts between labels that are
-                    # > already present in scraped data and labels that Prometheus would attach
-                    # > server-side ("job" and "instance" labels, manually configured target
-                    # > labels, and labels generated by service discovery implementations).
-                    # >
-                    # > *-- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config*
-                    #
-                    # Reference:
-                    # - https://prometheus.io/docs/concepts/jobs_instances/
-                    # - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
-                    "job": worker.worker_base_name,
-                    "index": f"{worker.worker_index}",
-                    # This allows us to change the `metrics_path` on a per-target basis.
-                    # We want to grab the metrics from our nginx proxied location (setup
-                    # below).
-                    #
-                    # While there doesn't seem to be official docs on these special
-                    # labels (`__metrics_path__`, `__scheme__`, `__scrape_interval__`,
-                    # `__scrape_timeout__`), this discussion best summarizes how this
-                    # works: https://github.com/prometheus/prometheus/discussions/13217
-                    "__metrics_path__": f"/metrics/worker/{worker.worker_name}",
-                },
-            }
-            for worker in requested_workers
-        ]
-        # Add the main Synapse process as well
-        prometheus_http_service_discovery_content.append(
-            {
-                "targets": [NGINX_HOST_PLACEHOLDER],
-                "labels": {
-                    # We use `"synapse"` as the job name for the main process because it
-                    # matches what we expect people to use from a monolith setup with
-                    # their static scrape config. It's `job` name used in our Grafana
-                    # dashboard for the main process.
-                    "job": "synapse",
-                    "index": "1",
-                    "__metrics_path__": "/metrics/worker/main",
-                },
-            }
-        )
-
-        # Check to make sure the file doesn't already exist
-        if os.path.isfile(PROMETHEUS_METRICS_SERVICE_DISCOVERY_FILE_PATH):
-            error(
-                f"Prometheus service discovery file "
-                f"'{PROMETHEUS_METRICS_SERVICE_DISCOVERY_FILE_PATH}' already exists (unexpected)! "
-                f"This is a problem because the existing file probably doesn't match the "
-                "Synapse workers we're setting up now."
-            )
-
-        # Write the file
-        with open(PROMETHEUS_METRICS_SERVICE_DISCOVERY_FILE_PATH, "w") as outfile:
-            outfile.write(
-                json.dumps(prometheus_http_service_discovery_content, indent=4)
-            )
-
-        # Proxy all of the Synapse metrics endpoints through a central place so that
-        # people only need to expose the single 9469 port and service discovery can take
-        # care of the rest: `/metrics/worker/<worker_name>` ->
-        # http://localhost:19090/_synapse/metrics
-        #
-        # Build the nginx location config blocks
-        metrics_proxy_locations = ""
-        for worker in requested_workers:
-            metrics_proxy_locations += NGINX_LOCATION_EXACT_CONFIG_BLOCK.format(
-                endpoint=f"/metrics/worker/{worker.worker_name}",
-                upstream=f"http://localhost:{worker_name_to_metrics_port_map[worker.worker_name]}/_synapse/metrics",
-            )
-        # Add the main Synapse process as well
-        metrics_proxy_locations += NGINX_LOCATION_EXACT_CONFIG_BLOCK.format(
-            endpoint="/metrics/worker/main",
-            upstream="http://localhost:19090/_synapse/metrics",
-        )
-
-        # Add a nginx server/location to serve the JSON file
-        nginx_prometheus_metrics_service_discovery = NGINX_PROMETHEUS_METRICS_SERVICE_DISCOVERY.format(
-            service_discovery_file_path=PROMETHEUS_METRICS_SERVICE_DISCOVERY_FILE_PATH,
-            host_placeholder=NGINX_HOST_PLACEHOLDER,
-            metrics_proxy_locations=metrics_proxy_locations,
-        )
-
     # Finally, we'll write out the config files.
 
     # log config for the master process
@@ -1205,7 +949,7 @@ def generate_worker_files(
             if reg_path.suffix.lower() in (".yaml", ".yml")
         ]
 
-    workers_in_use = len(requested_workers) > 0
+    workers_in_use = len(requested_worker_types) > 0
 
     # If there are workers, add the main process to the instance_map too.
     if workers_in_use:
@@ -1240,7 +984,6 @@ def generate_worker_files(
         tls_cert_path=os.environ.get("SYNAPSE_TLS_CERT"),
         tls_key_path=os.environ.get("SYNAPSE_TLS_KEY"),
         using_unix_sockets=using_unix_sockets,
-        nginx_prometheus_metrics_service_discovery=nginx_prometheus_metrics_service_discovery,
     )
 
     # Supervisord config
@@ -1341,20 +1084,15 @@ def main(args: list[str], environ: MutableMapping[str, str]) -> None:
         if not worker_types_env:
             # No workers, just the main process
             worker_types = []
-            requested_workers: list[Worker] = []
+            requested_worker_types: dict[str, Any] = {}
         else:
             # Split type names by comma, ignoring whitespace.
             worker_types = split_and_strip_string(worker_types_env, ",")
-            requested_workers = parse_worker_types(worker_types)
+            requested_worker_types = parse_worker_types(worker_types)
 
         # Always regenerate all other config files
         log("Generating worker config files")
-        generate_worker_files(
-            environ=environ,
-            config_path=config_path,
-            data_dir=data_dir,
-            requested_workers=requested_workers,
-        )
+        generate_worker_files(environ, config_path, data_dir, requested_worker_types)
 
         # Mark workers as being configured
         with open(mark_filepath, "w") as f:

docker/start.py

@@ -31,25 +31,6 @@ def flush_buffers() -> None:
     sys.stderr.flush()
 
 
-def strtobool(val: str) -> bool:
-    """Convert a string representation of truth to True or False
-
-    True values are 'y', 'yes', 't', 'true', 'on', and '1'; false values
-    are 'n', 'no', 'f', 'false', 'off', and '0'.  Raises ValueError if
-    'val' is anything else.
-
-    This is lifted from distutils.util.strtobool, with the exception that it actually
-    returns a bool, rather than an int.
-    """
-    val = val.lower()
-    if val in ("y", "yes", "t", "true", "on", "1"):
-        return True
-    elif val in ("n", "no", "f", "false", "off", "0"):
-        return False
-    else:
-        raise ValueError("invalid truth value %r" % (val,))
-
-
 def convert(src: str, dst: str, environ: Mapping[str, object]) -> None:
     """Generate a file from a template
 
@@ -117,16 +98,19 @@ def generate_config_from_template(
         os.mkdir(config_dir)
 
     # Convert SYNAPSE_NO_TLS to boolean if exists
-    tlsanswerstring = environ.get("SYNAPSE_NO_TLS")
-    if tlsanswerstring is not None:
-        try:
-            environ["SYNAPSE_NO_TLS"] = strtobool(tlsanswerstring)
-        except ValueError:
-            error(
-                'Environment variable "SYNAPSE_NO_TLS" found but value "'
-                + tlsanswerstring
-                + '" unrecognized; exiting.'
-            )
+    if "SYNAPSE_NO_TLS" in environ:
+        tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
+        if tlsanswerstring in ("true", "on", "1", "yes"):
+            environ["SYNAPSE_NO_TLS"] = True
+        else:
+            if tlsanswerstring in ("false", "off", "0", "no"):
+                environ["SYNAPSE_NO_TLS"] = False
+            else:
+                error(
+                    'Environment variable "SYNAPSE_NO_TLS" found but value "'
+                    + tlsanswerstring
+                    + '" unrecognized; exiting.'
+                )
 
     if "SYNAPSE_LOG_CONFIG" not in environ:
         environ["SYNAPSE_LOG_CONFIG"] = config_dir + "/log.config"
@@ -180,18 +164,6 @@ def run_generate_config(environ: Mapping[str, str], ownership: str | None) -> No
     config_dir = environ.get("SYNAPSE_CONFIG_DIR", "/data")
     config_path = environ.get("SYNAPSE_CONFIG_PATH", config_dir + "/homeserver.yaml")
     data_dir = environ.get("SYNAPSE_DATA_DIR", "/data")
-    enable_metrics_raw = environ.get("SYNAPSE_ENABLE_METRICS", "0")
-
-    enable_metrics = False
-    if enable_metrics_raw is not None:
-        try:
-            enable_metrics = strtobool(enable_metrics_raw)
-        except ValueError:
-            error(
-                'Environment variable "SYNAPSE_ENABLE_METRICS" found but value "'
-                + enable_metrics_raw
-                + '" unrecognized; exiting.'
-            )
 
     # create a suitable log config from our template
     log_config_file = "%s/%s.log.config" % (config_dir, server_name)
@@ -218,9 +190,6 @@ def run_generate_config(environ: Mapping[str, str], ownership: str | None) -> No
         "--open-private-ports",
     ]
 
-    if enable_metrics:
-        args.append("--enable-metrics")
-
     if ownership is not None:
         # make sure that synapse has perms to write to the data dir.
         log(f"Setting ownership on {data_dir} to {ownership}")

docs/.htmltest.yml

@@ -1,5 +0,0 @@
-# Configuration for htmltest, which we run in CI to check that links aren't broken in the built documentation.
-# See all config options: https://github.com/wjdp/htmltest#wrench-configuration
-
-# Don't check external links, as that requires network access and is slow.
-CheckExternal: false

docs/admin_api/media_admin_api.md

@@ -88,20 +88,6 @@ is quarantined, Synapse will:
  - Quarantine any existing cached remote media.
  - Quarantine any future remote media.
 
-## Downloading quarantined media
-
-Normally, when media is quarantined, it will return a 404 error when downloaded.
-Admins can bypass this by adding `?admin_unsafely_bypass_quarantine=true`
-to the [normal download URL](https://spec.matrix.org/v1.16/client-server-api/#get_matrixclientv1mediadownloadservernamemediaid).
-
-Bypassing the quarantine check is not recommended. Media is typically quarantined
-to prevent harmful content from being served to users, which includes admins. Only
-set the bypass parameter if you intentionally want to access potentially harmful
-content.
-
-Non-admin users cannot bypass quarantine checks, even when specifying the above
-query parameter.
-
 ## Quarantining media by ID
 
 This API quarantines a single piece of local or remote media.

docs/admin_api/scheduled_tasks.md

@@ -36,10 +36,9 @@ It returns a JSON body like the following:
     - "scheduled" - Task is scheduled but not active
     - "active" - Task is active and probably running, and if not will be run on next scheduler loop run
     - "complete" - Task has completed successfully
-    - "cancelled" - Task has been cancelled
     - "failed" - Task is over and either returned a failed status, or had an exception
 
-* `max_timestamp`: int - Is optional. Returns only the scheduled tasks with a timestamp (in milliseconds since the unix epoch) inferior to the specified one.
+* `max_timestamp`: int - Is optional. Returns only the scheduled tasks with a timestamp inferior to the specified one.
 
 **Response**
 

docs/admin_api/user_admin_api.md

@@ -505,55 +505,6 @@ with a body of:
 }
 ```
 
-## List room memberships of a user
-
-Gets a list of room memberships for a specific `user_id`. This
-endpoint differs from
-[`GET /_synapse/admin/v1/users/<user_id>/joined_rooms`](#list-joined-rooms-of-a-user)
-in that it returns rooms with memberships other than "join".
-
-The API is:
-
-```
-GET /_synapse/admin/v1/users/<user_id>/memberships
-```
-
-A response body like the following is returned:
-
-```json
-    {
-        "memberships": {
-            "!DuGcnbhHGaSZQoNQR:matrix.org": "join",
-            "!ZtSaPCawyWtxfWiIy:matrix.org": "leave",
-        }
-    }
-```
-
-which is a list of room membership states for the given user. This endpoint can
-be used with both local and remote users, with the caveat that the homeserver will
-only be aware of the memberships for rooms that one of its local users has joined.
-
-Remote user memberships may also be out of date if all local users have since left
-a room. The homeserver will thus no longer receive membership updates about it.
-
-The list includes rooms that the user has since left; other membership states (knock,
-invite, etc.) are also possible.
-
-Note that rooms will only disappear from this list if they are
-[purged](./rooms.md#delete-room-api) from the homeserver.
-
-**Parameters**
-
-The following parameters should be set in the URL:
-
-- `user_id` - fully qualified: for example, `@user:server.com`.
-
-**Response**
-
-The following fields are returned in the JSON response body:
-
-- `memberships` - A map of `room_id` (string) to `membership` state (string).
-
 ## List joined rooms of a user
 
 Gets a list of all `room_id` that a specific `user_id` is joined to and is a member of (participating in).

docs/development/contributing_guide.md

@@ -334,9 +334,46 @@ For more details about other configurations, see the [Docker-specific documentat
 
 ## Run the integration tests ([Complement](https://github.com/matrix-org/complement)).
 
-See our [Complement docs](https://github.com/element-hq/synapse/tree/develop/complement)
-for how to use the `./scripts-dev/complement.sh` test runner script.
+[Complement](https://github.com/matrix-org/complement) is a suite of black box tests that can be run on any homeserver implementation. It can also be thought of as end-to-end (e2e) tests.
 
+It's often nice to develop on Synapse and write Complement tests at the same time.
+Here is how to run your local Synapse checkout against your local Complement checkout.
+
+(checkout [`complement`](https://github.com/matrix-org/complement) alongside your `synapse` checkout)
+```sh
+COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh
+```
+
+To run a specific test file, you can pass the test name at the end of the command. The name passed comes from the naming structure in your Complement tests. If you're unsure of the name, you can do a full run and copy it from the test output:
+
+```sh
+COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages
+```
+
+To run a specific test, you can specify the whole name structure:
+
+```sh
+COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages/parallel/Historical_events_resolve_in_the_correct_order
+```
+
+The above will run a monolithic (single-process) Synapse with SQLite as the database. For other configurations, try:
+
+- Passing `POSTGRES=1` as an environment variable to use the Postgres database instead.
+- Passing `WORKERS=1` as an environment variable to use a workerised setup instead. This option implies the use of Postgres.
+  - If setting `WORKERS=1`, optionally set `WORKER_TYPES=` to declare which worker
+    types you wish to test. A simple comma-delimited string containing the worker types
+    defined from the `WORKERS_CONFIG` template in
+    [here](https://github.com/element-hq/synapse/blob/develop/docker/configure_workers_and_start.py#L54).
+    A safe example would be `WORKER_TYPES="federation_inbound, federation_sender, synchrotron"`.
+    See the [worker documentation](../workers.md) for additional information on workers.
+- Passing `ASYNCIO_REACTOR=1` as an environment variable to use the Twisted asyncio reactor instead of the default one.
+- Passing `PODMAN=1` will use the [podman](https://podman.io/) container runtime, instead of docker.
+- Passing `UNIX_SOCKETS=1` will utilise Unix socket functionality for Synapse, Redis, and Postgres(when applicable).
+
+To increase the log level for the tests, set `SYNAPSE_TEST_LOG_LEVEL`, e.g:
+```sh
+SYNAPSE_TEST_LOG_LEVEL=DEBUG COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -run TestImportHistoricalMessages
+```
 
 ### Prettier formatting with `gotestfmt`
 
@@ -352,6 +389,18 @@ COMPLEMENT_DIR=../complement ./scripts-dev/complement.sh -json | gotestfmt -hide
 (Remove `-hide successful-tests` if you don't want to hide successful tests.)
 
 
+### Access database for homeserver after Complement test runs.
+
+If you're curious what the database looks like after you run some tests, here are some steps to get you going in Synapse:
+
+1. In your Complement test comment out `defer deployment.Destroy(t)` and replace with `defer time.Sleep(2 * time.Hour)` to keep the homeserver running after the tests complete
+1. Start the Complement tests
+1. Find the name of the container, `docker ps -f name=complement_` (this will filter for just the Compelement related Docker containers)
+1. Access the container replacing the name with what you found in the previous step: `docker exec -it complement_1_hs_with_application_service.hs1_2 /bin/bash`
+1. Install sqlite (database driver), `apt-get update && apt-get install -y sqlite3`
+1. Then run `sqlite3` and open the database `.open /conf/homeserver.db` (this db path comes from the Synapse homeserver.yaml)
+
+
 # 9. Submit your patch.
 
 Once you're happy with your patch, it's time to prepare a Pull Request.

docs/development/experimental_features.md

@@ -32,33 +32,6 @@ expected and not an issue.
 It is not a requirement for experimental features to be behind a configuration flag,
 but one should be used if unsure.
 
-New experimental configuration flags should be added under the `experimental_features`
+New experimental configuration flags should be added under the `experimental`
 configuration key (see the `synapse.config.experimental` file) and either explain
 (briefly) what is being enabled, or include the MSC number.
-The configuration flag should link to the tracking issue for the experimental feature (see below).
-
-
-## Tracking issues for experimental features
-
-In the interest of having some documentation around experimental features, without
-polluting the stable documentation, all new experimental features should have a tracking issue with
-[the `T-ExperimentalFeature` label](https://github.com/element-hq/synapse/issues?q=sort%3Aupdated-desc+state%3Aopen+label%3A%22T-ExperimentalFeature%22),
-kept open as long as the experimental feature is present in Synapse.
-
-The configuration option for the feature should have a comment linking to the tracking issue,
-for ease of discoverability.
-
-As a guideline, the issue should contain:
-
-- Context for why this experimental feature is in Synapse
-  - This could well be a link to somewhere else, where this context is already available.
-- If applicable, why the feature is enabled by default. (Why do we need to enable it by default and why is it safe?)
-- If applicable, setup instructions for any non-standard components or configuration needed by the feature.
-  (Ideally this will be moved to the configuration manual after stabilisation.)
-- Design decisions behind the Synapse implementation.
-  (Ideally this will be moved to the developers' documentation after stabilisation.)
-- Any caveats around the current implementation of the feature, such as:
-  - missing aspects
-  - breakage or incompatibility that is expected if/when the feature is stabilised,
-    or when the feature is turned on/off
-- Criteria for how we know whether we can remove the feature in the future.

docs/metrics-howto.md

@@ -123,21 +123,193 @@ Example Prometheus target for Synapse with workers:
     static_configs:
       - targets: ["my.server.here:port"]
         labels:
+          instance: "my.server"
           job: "master"
           index: 1
       - targets: ["my.workerserver.here:port"]
         labels:
+          instance: "my.server"
           job: "generic_worker"
           index: 1
       - targets: ["my.workerserver.here:port"]
         labels:
+          instance: "my.server"
           job: "generic_worker"
           index: 2
       - targets: ["my.workerserver.here:port"]
         labels:
+          instance: "my.server"
           job: "media_repository"
           index: 1
 ```
 
-Labels (`job`, `index`) can be defined as anything.
+Labels (`instance`, `job`, `index`) can be defined as anything.
 The labels are used to group graphs in grafana.
+
+## Renaming of metrics & deprecation of old names in 1.2
+
+Synapse 1.2 updates the Prometheus metrics to match the naming
+convention of the upstream `prometheus_client`. The old names are
+considered deprecated and will be removed in a future version of
+Synapse.
+**The old names will be disabled by default in Synapse v1.71.0 and removed
+altogether in Synapse v1.73.0.**
+
+| New Name                                                                     | Old Name                                                               |
+| ---------------------------------------------------------------------------- | ---------------------------------------------------------------------- |
+| python_gc_objects_collected_total                                            | python_gc_objects_collected                                            |
+| python_gc_objects_uncollectable_total                                        | python_gc_objects_uncollectable                                        |
+| python_gc_collections_total                                                  | python_gc_collections                                                  |
+| process_cpu_seconds_total                                                    | process_cpu_seconds                                                    |
+| synapse_federation_client_sent_transactions_total                            | synapse_federation_client_sent_transactions                            |
+| synapse_federation_client_events_processed_total                             | synapse_federation_client_events_processed                             |
+| synapse_event_processing_loop_count_total                                    | synapse_event_processing_loop_count                                    |
+| synapse_event_processing_loop_room_count_total                               | synapse_event_processing_loop_room_count                               |
+| synapse_util_caches_cache_hits                                               | synapse_util_caches_cache:hits                                         |
+| synapse_util_caches_cache_size                                               | synapse_util_caches_cache:size                                         |
+| synapse_util_caches_cache_evicted_size                                       | synapse_util_caches_cache:evicted_size                                 |
+| synapse_util_caches_cache                                                    | synapse_util_caches_cache:total                                        |
+| synapse_util_caches_response_cache_size                                      | synapse_util_caches_response_cache:size                                |
+| synapse_util_caches_response_cache_hits                                      | synapse_util_caches_response_cache:hits                                |
+| synapse_util_caches_response_cache_evicted_size                              | synapse_util_caches_response_cache:evicted_size                        |
+| synapse_util_metrics_block_count_total                                       | synapse_util_metrics_block_count                                       |
+| synapse_util_metrics_block_time_seconds_total                                | synapse_util_metrics_block_time_seconds                                |
+| synapse_util_metrics_block_ru_utime_seconds_total                            | synapse_util_metrics_block_ru_utime_seconds                            |
+| synapse_util_metrics_block_ru_stime_seconds_total                            | synapse_util_metrics_block_ru_stime_seconds                            |
+| synapse_util_metrics_block_db_txn_count_total                                | synapse_util_metrics_block_db_txn_count                                |
+| synapse_util_metrics_block_db_txn_duration_seconds_total                     | synapse_util_metrics_block_db_txn_duration_seconds                     |
+| synapse_util_metrics_block_db_sched_duration_seconds_total                   | synapse_util_metrics_block_db_sched_duration_seconds                   |
+| synapse_background_process_start_count_total                                 | synapse_background_process_start_count                                 |
+| synapse_background_process_ru_utime_seconds_total                            | synapse_background_process_ru_utime_seconds                            |
+| synapse_background_process_ru_stime_seconds_total                            | synapse_background_process_ru_stime_seconds                            |
+| synapse_background_process_db_txn_count_total                                | synapse_background_process_db_txn_count                                |
+| synapse_background_process_db_txn_duration_seconds_total                     | synapse_background_process_db_txn_duration_seconds                     |
+| synapse_background_process_db_sched_duration_seconds_total                   | synapse_background_process_db_sched_duration_seconds                   |
+| synapse_storage_events_persisted_events_total                                | synapse_storage_events_persisted_events                                |
+| synapse_storage_events_persisted_events_sep_total                            | synapse_storage_events_persisted_events_sep                            |
+| synapse_storage_events_state_delta_total                                     | synapse_storage_events_state_delta                                     |
+| synapse_storage_events_state_delta_single_event_total                        | synapse_storage_events_state_delta_single_event                        |
+| synapse_storage_events_state_delta_reuse_delta_total                         | synapse_storage_events_state_delta_reuse_delta                         |
+| synapse_federation_server_received_pdus_total                                | synapse_federation_server_received_pdus                                |
+| synapse_federation_server_received_edus_total                                | synapse_federation_server_received_edus                                |
+| synapse_handler_presence_notified_presence_total                             | synapse_handler_presence_notified_presence                             |
+| synapse_handler_presence_federation_presence_out_total                       | synapse_handler_presence_federation_presence_out                       |
+| synapse_handler_presence_presence_updates_total                              | synapse_handler_presence_presence_updates                              |
+| synapse_handler_presence_timers_fired_total                                  | synapse_handler_presence_timers_fired                                  |
+| synapse_handler_presence_federation_presence_total                           | synapse_handler_presence_federation_presence                           |
+| synapse_handler_presence_bump_active_time_total                              | synapse_handler_presence_bump_active_time                              |
+| synapse_federation_client_sent_edus_total                                    | synapse_federation_client_sent_edus                                    |
+| synapse_federation_client_sent_pdu_destinations_count_total                  | synapse_federation_client_sent_pdu_destinations:count                  |
+| synapse_federation_client_sent_pdu_destinations_total                        | synapse_federation_client_sent_pdu_destinations:total                  |
+| synapse_handlers_appservice_events_processed_total                           | synapse_handlers_appservice_events_processed                           |
+| synapse_notifier_notified_events_total                                       | synapse_notifier_notified_events                                       |
+| synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter_total  | synapse_push_bulk_push_rule_evaluator_push_rules_invalidation_counter  |
+| synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter_total    | synapse_push_bulk_push_rule_evaluator_push_rules_state_size_counter    |
+| synapse_http_httppusher_http_pushes_processed_total                          | synapse_http_httppusher_http_pushes_processed                          |
+| synapse_http_httppusher_http_pushes_failed_total                             | synapse_http_httppusher_http_pushes_failed                             |
+| synapse_http_httppusher_badge_updates_processed_total                        | synapse_http_httppusher_badge_updates_processed                        |
+| synapse_http_httppusher_badge_updates_failed_total                           | synapse_http_httppusher_badge_updates_failed                           |
+| synapse_admin_mau_current                                                    | synapse_admin_mau:current                                              |
+| synapse_admin_mau_max                                                        | synapse_admin_mau:max                                                  |
+| synapse_admin_mau_registered_reserved_users                                  | synapse_admin_mau:registered_reserved_users                            |
+
+Removal of deprecated metrics & time based counters becoming histograms in 0.31.0
+---------------------------------------------------------------------------------
+
+The duplicated metrics deprecated in Synapse 0.27.0 have been removed.
+
+All time duration-based metrics have been changed to be seconds. This
+affects:
+
+| msec -> sec metrics                    |
+| -------------------------------------- |
+| python_gc_time                         |
+| python_twisted_reactor_tick_time       |
+| synapse_storage_query_time             |
+| synapse_storage_schedule_time          |
+| synapse_storage_transaction_time       |
+
+Several metrics have been changed to be histograms, which sort entries
+into buckets and allow better analysis. The following metrics are now
+histograms:
+
+| Altered metrics                                  |
+| ------------------------------------------------ |
+| python_gc_time                                   |
+| python_twisted_reactor_pending_calls             |
+| python_twisted_reactor_tick_time                 |
+| synapse_http_server_response_time_seconds        |
+| synapse_storage_query_time                       |
+| synapse_storage_schedule_time                    |
+| synapse_storage_transaction_time                 |
+
+Block and response metrics renamed for 0.27.0
+---------------------------------------------
+
+Synapse 0.27.0 begins the process of rationalising the duplicate
+`*:count` metrics reported for the resource tracking for code blocks and
+HTTP requests.
+
+At the same time, the corresponding `*:total` metrics are being renamed,
+as the `:total` suffix no longer makes sense in the absence of a
+corresponding `:count` metric.
+
+To enable a graceful migration path, this release just adds new names
+for the metrics being renamed. A future release will remove the old
+ones.
+
+The following table shows the new metrics, and the old metrics which
+they are replacing.
+
+| New name                                                      | Old name                                                   |
+| ------------------------------------------------------------- | ---------------------------------------------------------- |
+| synapse_util_metrics_block_count                              | synapse_util_metrics_block_timer:count                     |
+| synapse_util_metrics_block_count                              | synapse_util_metrics_block_ru_utime:count                  |
+| synapse_util_metrics_block_count                              | synapse_util_metrics_block_ru_stime:count                  |
+| synapse_util_metrics_block_count                              | synapse_util_metrics_block_db_txn_count:count              |
+| synapse_util_metrics_block_count                              | synapse_util_metrics_block_db_txn_duration:count           |
+| synapse_util_metrics_block_time_seconds                       | synapse_util_metrics_block_timer:total                     |
+| synapse_util_metrics_block_ru_utime_seconds                   | synapse_util_metrics_block_ru_utime:total                  |
+| synapse_util_metrics_block_ru_stime_seconds                   | synapse_util_metrics_block_ru_stime:total                  |
+| synapse_util_metrics_block_db_txn_count                       | synapse_util_metrics_block_db_txn_count:total              |
+| synapse_util_metrics_block_db_txn_duration_seconds            | synapse_util_metrics_block_db_txn_duration:total           |
+| synapse_http_server_response_count                            | synapse_http_server_requests                               |
+| synapse_http_server_response_count                            | synapse_http_server_response_time:count                    |
+| synapse_http_server_response_count                            | synapse_http_server_response_ru_utime:count                |
+| synapse_http_server_response_count                            | synapse_http_server_response_ru_stime:count                |
+| synapse_http_server_response_count                            | synapse_http_server_response_db_txn_count:count            |
+| synapse_http_server_response_count                            | synapse_http_server_response_db_txn_duration:count         |
+| synapse_http_server_response_time_seconds                     | synapse_http_server_response_time:total                    |
+| synapse_http_server_response_ru_utime_seconds                 | synapse_http_server_response_ru_utime:total                |
+| synapse_http_server_response_ru_stime_seconds                 | synapse_http_server_response_ru_stime:total                |
+| synapse_http_server_response_db_txn_count                     | synapse_http_server_response_db_txn_count:total            |
+| synapse_http_server_response_db_txn_duration_seconds          | synapse_http_server_response_db_txn_duration:total         |
+
+Standard Metric Names
+---------------------
+
+As of synapse version 0.18.2, the format of the process-wide metrics has
+been changed to fit prometheus standard naming conventions. Additionally
+the units have been changed to seconds, from milliseconds.
+
+| New name                                 | Old name                          |
+| ---------------------------------------- | --------------------------------- |
+| process_cpu_user_seconds_total           | process_resource_utime / 1000     |
+| process_cpu_system_seconds_total         | process_resource_stime / 1000     |
+| process_open_fds (no \'type\' label)     | process_fds                       |
+
+The python-specific counts of garbage collector performance have been
+renamed.
+
+| New name                         | Old name                   |
+| -------------------------------- | -------------------------- |
+| python_gc_time                   | reactor_gc_time            |
+| python_gc_unreachable_total      | reactor_gc_unreachable     |
+| python_gc_counts                 | reactor_gc_counts          |
+
+The twisted-specific reactor metrics have been renamed.
+
+| New name                               | Old name                |
+| -------------------------------------- | ----------------------- |
+| python_twisted_reactor_pending_calls   | reactor_pending_calls   |
+| python_twisted_reactor_tick_time       | reactor_tick_time       |

docs/openid.md

@@ -50,11 +50,6 @@ setting in your configuration file.
 See the [configuration manual](usage/configuration/config_documentation.md#oidc_providers) for some sample settings, as well as
 the text below for example configurations for specific providers.
 
-For setups using [`.well-known` delegation](delegate.md), make sure
-[`public_baseurl`](usage/configuration/config_documentation.md#public_baseurl) is set
-appropriately. If unset, Synapse defaults to `https://<server_name>/` which is used in
-the OIDC callback URL.
-
 ## OIDC Back-Channel Logout
 
 Synapse supports receiving [OpenID Connect Back-Channel Logout](https://openid.net/specs/openid-connect-backchannel-1_0.html) notifications.

docs/sample_config.yaml

@@ -24,18 +24,14 @@
 server_name: "SERVERNAME"
 pid_file: DATADIR/homeserver.pid
 listeners:
-  - bind_addresses:
-    - ::1
-    - 127.0.0.1
-    port: 8008
-    resources:
-    - compress: false
-      names:
-      - client
-      - federation
+  - port: 8008
     tls: false
     type: http
     x_forwarded: true
+    bind_addresses: ['::1', '127.0.0.1']
+    resources:
+      - names: [client, federation]
+        compress: false
 database:
   name: sqlite3
   args:

docs/upgrade.md

@@ -117,22 +117,6 @@ each upgrade are complete before moving on to the next upgrade, to avoid
 stacking them up. You can monitor the currently running background updates with
 [the Admin API](usage/administration/admin_api/background_updates.html#status).
 
-# Upgrading to v1.146.0
-
-## Drop support for Ubuntu 25.04 Plucky Puffin, and add support for 25.10 Questing Quokka
-
-Ubuntu 25.04 Plucky Puffin [is end-of-life as of 17 Jan
-2026](https://endoflife.date/ubuntu). This release drops support for Ubuntu
-25.04, and in its place adds support for Ubuntu 25.10 Questing Quokka.
-
-## Removal of MSC2697 (Legacy) Dehydrated devices
-
-The endpoints for
-[MSC2697](https://github.com/matrix-org/matrix-spec-proposals/pull/2697) have now
-been removed, since the MSC is closed. Developers who rely on this feature should
-migrate to [MSC3814](https://github.com/matrix-org/matrix-spec-proposals/pull/3814)
-which introduces support for a newer version of dehydrated devices.
-
 # Upgrading to v1.144.0
 
 ## Worker support for unstable MSC4140 `/restart` endpoint
@@ -844,7 +828,7 @@ the names of Prometheus metrics.
 If you want to test your changes before legacy names are disabled by default,
 you may specify `enable_legacy_metrics: false` in your homeserver configuration.
 
-A list of affected metrics is available on the [Metrics How-to page](https://element-hq.github.io/synapse/v1.69/metrics-howto.html#renaming-of-metrics--deprecation-of-old-names-in-12).
+A list of affected metrics is available on the [Metrics How-to page](https://element-hq.github.io/synapse/v1.69/metrics-howto.html?highlight=metrics%20deprecated#renaming-of-metrics--deprecation-of-old-names-in-12).
 
 
 ## Deprecation of the `generate_short_term_login_token` module API method
@@ -2439,7 +2423,7 @@ back to v1.3.1, subject to the following:
 
 Some counter metrics have been renamed, with the old names deprecated.
 See [the metrics
-documentation](https://element-hq.github.io/synapse/v1.69/metrics-howto.html#renaming-of-metrics--deprecation-of-old-names-in-12)
+documentation](metrics-howto.md#renaming-of-metrics--deprecation-of-old-names-in-12)
 for details.
 
 # Upgrading to v1.1.0

docs/usage/configuration/config_documentation.md

@@ -956,7 +956,7 @@ server_context: context
 ---
 ### `limit_remote_rooms`
 
-*(object)* When this option is enabled, the room "complexity" will be checked before a user joins a new remote room. If it is above the complexity limit, the server will disallow joining, or will instantly leave. This is useful for homeservers that are resource-constrained. In Synapse, the complexity of a room is measured by the number of current state events in a room, divided by 500. "Current" here means the latest state, i.e. if a user joins, then leaves, then joins, that will count as 1 current `m.room.member` state event.
+*(object)* When this option is enabled, the room "complexity" will be checked before a user joins a new remote room. If it is above the complexity limit, the server will disallow joining, or will instantly leave. This is useful for homeservers that are resource-constrained. Room complexity is an arbitrary measure based on factors such as the number of users in the room.
 
 This setting has the following sub-options:
 
@@ -2041,25 +2041,6 @@ rc_room_creation:
   burst_count: 5.0
 ```
 ---
-### `rc_user_directory`
-
-*(object)* This option allows admins to ratelimit searches in the user directory.
-
-_Added in Synapse 1.145.0._
-
-This setting has the following sub-options:
-
-* `per_second` (number): Maximum number of requests a client can send per second.
-
-* `burst_count` (number): Maximum number of requests a client can send before being throttled.
-
-Default configuration:
-```yaml
-rc_user_directory:
-  per_second: 0.016
-  burst_count: 200.0
-```
----
 ### `federation_rr_transactions_per_room_per_second`
 
 *(integer)* Sets outgoing federation transaction frequency for sending read-receipts, per-room.
@@ -2111,16 +2092,6 @@ Example configuration:
 enable_media_repo: false
 ```
 ---
-### `enable_local_media_storage`
-
-*(boolean)* Enable the local on-disk media storage provider. When disabled, media is stored only in configured `media_storage_providers` and temporary files are used for processing.
-**Warning:** If this option is set to `false` and no `media_storage_providers` are configured, all media requests will return 404 errors as there will be no storage backend available. Defaults to `true`.
-
-Example configuration:
-```yaml
-enable_local_media_storage: false
-```
----
 ### `media_store_path`
 
 *(string)* Directory where uploaded images and attachments are stored. Defaults to `"media_store"`.
@@ -4484,7 +4455,7 @@ stream_writers:
 ---
 ### `outbound_federation_restricted_to`
 
-*(array)* You can restrict outbound federation traffic to only go through a specific subset of workers including the [Secure Border Gateway (SBG)](https://element.io/en/server-suite/secure-border-gateways). Any worker specified here (including the SBG) must also be in the [`instance_map`](#instance_map). [`worker_replication_secret`](#worker_replication_secret) must also be configured to authorize inter-worker communication.
+*(array)* When using workers, you can restrict outbound federation traffic to only go through a specific subset of workers. Any worker specified here must also be in the [`instance_map`](#instance_map). [`worker_replication_secret`](#worker_replication_secret) must also be configured to authorize inter-worker communication.
 
 Also see the [worker documentation](../../workers.md#restrict-outbound-federation-traffic-to-a-specific-set-of-workers) for more info.
 

docs/website_files/README.md

@@ -9,18 +9,27 @@ point to additional JS/CSS in this directory that are added on each page load. I
 addition, the `theme` directory contains files that overwrite their counterparts in
 each of the default themes included with mdbook.
 
-Currently we use these files to make a few modifications:
+Currently we use these files to generate a floating Table of Contents panel. The code for
+which was partially taken from
+[JorelAli/mdBook-pagetoc](https://github.com/JorelAli/mdBook-pagetoc/)
+before being modified such that it scrolls with the content of the page. This is handled
+by the `table-of-contents.js/css` files. The table of contents panel only appears on pages
+that have more than one header, as well as only appearing on desktop-sized monitors.
 
-* We stylise the chapter titles in the left sidebar by indenting them
-  slightly so that they are more visually distinguishable from the section headers
-  (the bold titles). This is done through the `indent-section-headers.css` file.
+We remove the navigation arrows which typically appear on the left and right side of the
+screen on desktop as they interfere with the table of contents. This is handled by
+the `remove-nav-buttons.css` file.
 
-* We add a version picker pertaining to the different documentation versions
-  shipped with each version of Synapse. This functionality was implemented through
-  the `version-picker.js` and `version-picker.css` files, and is currently the only
-  requirement for the custom `theme/`.
+Finally, we also stylise the chapter titles in the left sidebar by indenting them
+slightly so that they are more visually distinguishable from the section headers
+(the bold titles). This is done through the `indent-section-headers.css` file.
+
+In addition to these modifications, we have added a version picker to the documentation.
+Users can switch between documentations for different versions of Synapse.
+This functionality was implemented through the `version-picker.js` and
+`version-picker.css` files.
 
 More information can be found in mdbook's official documentation for
 [injecting page JS/CSS](https://rust-lang.github.io/mdBook/format/config.html)
 and
-[customising the default themes](https://rust-lang.github.io/mdBook/format/theme/index.html).
+[customising the default themes](https://rust-lang.github.io/mdBook/format/theme/index.html).

docs/website_files/remove-nav-buttons.css

@@ -0,0 +1,8 @@
+/* Remove the prev, next chapter buttons as they interfere with the
+ * table of contents.
+ * Note that the table of contents only appears on desktop, thus we
+ * only remove the desktop (wide) chapter buttons.
+ */
+.nav-wide-wrapper {
+    display: none
+}

docs/website_files/table-of-contents.css

@@ -0,0 +1,47 @@
+:root {
+    --pagetoc-width: 250px;
+}
+
+@media only screen and (max-width:1439px) {
+    .sidetoc {
+        display: none;
+    }
+}
+
+@media only screen and (min-width:1440px) {
+    main {
+        position: relative;
+        margin-left: 100px !important;
+        margin-right: var(--pagetoc-width) !important;
+    }
+    .sidetoc {
+        margin-left: auto;
+        margin-right: auto;
+        left: calc(100% + (var(--content-max-width))/4 - 140px);
+        position: absolute;
+        text-align: right;
+    }
+    .pagetoc {
+        position: fixed;
+        width: var(--pagetoc-width);
+        overflow: auto;
+        right: 20px;
+        height: calc(100% - var(--menu-bar-height));
+    }
+    .pagetoc a {
+        color: var(--fg) !important;
+        display: block;
+        padding: 5px 15px 5px 10px;
+        text-align: left;
+        text-decoration: none;
+    }
+    .pagetoc a:hover,
+    .pagetoc a.active {
+        background: var(--sidebar-bg) !important;
+        color: var(--sidebar-fg) !important;
+    }
+    .pagetoc .active {
+        background: var(--sidebar-bg);
+        color: var(--sidebar-fg);
+    }
+}

docs/website_files/table-of-contents.js

@@ -0,0 +1,148 @@
+const getPageToc = () => document.getElementsByClassName('pagetoc')[0];
+
+const pageToc = getPageToc();
+const pageTocChildren = [...pageToc.children];
+const headers = [...document.getElementsByClassName('header')];
+
+
+// Select highlighted item in ToC when clicking an item
+pageTocChildren.forEach(child => {
+    child.addEventHandler('click', () => {
+        pageTocChildren.forEach(child => {
+            child.classList.remove('active');
+        });
+        child.classList.add('active');
+    });
+});
+
+
+/**
+ * Test whether a node is in the viewport
+ */
+function isInViewport(node) {
+    const rect = node.getBoundingClientRect();
+    return rect.top >= 0 && rect.left >= 0 && rect.bottom <= (window.innerHeight || document.documentElement.clientHeight) && rect.right <= (window.innerWidth || document.documentElement.clientWidth);
+}
+
+
+/**
+ * Set a new ToC entry.
+ * Clear any previously highlighted ToC items, set the new one,
+ * and adjust the ToC scroll position.
+ */
+function setTocEntry() {
+    let activeEntry;
+    const pageTocChildren = [...getPageToc().children];
+
+    // Calculate which header is the current one at the top of screen
+    headers.forEach(header => {
+        if (window.pageYOffset >= header.offsetTop) {
+            activeEntry = header;
+        }
+    });
+
+    // Update selected item in ToC when scrolling
+    pageTocChildren.forEach(child => {
+        if (activeEntry.href.localeCompare(child.href) === 0) {
+            child.classList.add('active');
+        } else {
+            child.classList.remove('active');
+        }
+    });
+
+    let tocEntryForLocation = document.querySelector(`nav a[href="${activeEntry.href}"]`);
+    if (tocEntryForLocation) {
+        const headingForLocation = document.querySelector(activeEntry.hash);
+        if (headingForLocation && isInViewport(headingForLocation)) {
+            // Update ToC scroll
+            const nav = getPageToc();
+            const content = document.querySelector('html');
+            if (content.scrollTop !== 0) {
+                nav.scrollTo({
+                    top: tocEntryForLocation.offsetTop - 100,
+                    left: 0,
+                    behavior: 'smooth',
+                });
+            } else {
+                nav.scrollTop = 0;
+            }
+        }
+    }
+}
+
+
+/**
+ * Populate sidebar on load
+ */
+window.addEventListener('load', () => {
+    // Prevent rendering the table of contents of the "print book" page, as it
+    // will end up being rendered into the output (in a broken-looking way)
+
+    // Get the name of the current page (i.e. 'print.html')
+    const pageNameExtension = window.location.pathname.split('/').pop();
+
+    // Split off the extension (as '.../print' is also a valid page name), which
+    // should result in 'print'
+    const pageName = pageNameExtension.split('.')[0];
+    if (pageName === "print") {
+        // Don't render the table of contents on this page
+        return;
+    }
+
+    // Only create table of contents if there is more than one header on the page
+    if (headers.length <= 1) {
+        return;
+    }
+
+    // Create an entry in the page table of contents for each header in the document
+    headers.forEach((header, index) => {
+        const link = document.createElement('a');
+
+        // Indent shows hierarchy
+        let indent = '0px';
+        switch (header.parentElement.tagName) {
+            case 'H1':
+                indent = '5px';
+                break;
+            case 'H2':
+                indent = '20px';
+                break;
+            case 'H3':
+                indent = '30px';
+                break;
+            case 'H4':
+                indent = '40px';
+                break;
+            case 'H5':
+                indent = '50px';
+                break;
+            case 'H6':
+                indent = '60px';
+                break;
+            default:
+                break;
+        }
+
+        let tocEntry;
+        if (index == 0) {
+            // Create a bolded title for the first element
+            tocEntry = document.createElement("strong");
+            tocEntry.innerHTML = header.text;
+        } else {
+            // All other elements are non-bold
+            tocEntry = document.createTextNode(header.text);
+        }
+        link.appendChild(tocEntry);
+
+        link.style.paddingLeft = indent;
+        link.href = header.href;
+        pageToc.appendChild(link);
+    });
+    setTocEntry.call();
+});
+
+
+// Handle active headers on scroll, if there is more than one header on the page
+if (headers.length > 1) {
+    window.addEventListener('scroll', setTocEntry);
+}

docs/website_files/theme/index.hbs

@@ -1,11 +1,11 @@
 <!DOCTYPE HTML>
-<html lang="{{ language }}" class="{{ default_theme }} sidebar-visible" dir="{{ text_direction }}">
+<html lang="{{ language }}" class="sidebar-visible no-js {{ default_theme }}">
     <head>
         <!-- Book generated using mdBook -->
         <meta charset="UTF-8">
         <title>{{ title }}</title>
         {{#if is_print }}
-        <meta name="robots" content="noindex">
+        <meta name="robots" content="noindex" />
         {{/if}}
         {{#if base_url}}
         <base href="{{ base_url }}">
@@ -15,78 +15,60 @@
         <!-- Custom HTML head -->
         {{> head}}
 
+        <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
         <meta name="description" content="{{ description }}">
         <meta name="viewport" content="width=device-width, initial-scale=1">
-        <meta name="theme-color" content="#ffffff">
+        <meta name="theme-color" content="#ffffff" />
 
         {{#if favicon_svg}}
-        <link rel="icon" href="{{ resource "favicon.svg" }}">
+        <link rel="icon" href="{{ path_to_root }}favicon.svg">
         {{/if}}
         {{#if favicon_png}}
-        <link rel="shortcut icon" href="{{ resource "favicon.png" }}">
+        <link rel="shortcut icon" href="{{ path_to_root }}favicon.png">
         {{/if}}
-        <link rel="stylesheet" href="{{ resource "css/variables.css" }}">
-        <link rel="stylesheet" href="{{ resource "css/general.css" }}">
-        <link rel="stylesheet" href="{{ resource "css/chrome.css" }}">
+        <link rel="stylesheet" href="{{ path_to_root }}css/variables.css">
+        <link rel="stylesheet" href="{{ path_to_root }}css/general.css">
+        <link rel="stylesheet" href="{{ path_to_root }}css/chrome.css">
         {{#if print_enable}}
-        <link rel="stylesheet" href="{{ resource "css/print.css" }}" media="print">
+        <link rel="stylesheet" href="{{ path_to_root }}css/print.css" media="print">
         {{/if}}
 
         <!-- Fonts -->
-        <link rel="stylesheet" href="{{ resource "fonts/fonts.css" }}">
+        <link rel="stylesheet" href="{{ path_to_root }}FontAwesome/css/font-awesome.css">
+        {{#if copy_fonts}}
+        <link rel="stylesheet" href="{{ path_to_root }}fonts/fonts.css">
+        {{/if}}
 
         <!-- Highlight.js Stylesheets -->
-        <link rel="stylesheet" id="mdbook-highlight-css" href="{{ resource "highlight.css" }}">
-        <link rel="stylesheet" id="mdbook-tomorrow-night-css" href="{{ resource "tomorrow-night.css" }}">
-        <link rel="stylesheet" id="mdbook-ayu-highlight-css" href="{{ resource "ayu-highlight.css" }}">
+        <link rel="stylesheet" href="{{ path_to_root }}highlight.css">
+        <link rel="stylesheet" href="{{ path_to_root }}tomorrow-night.css">
+        <link rel="stylesheet" href="{{ path_to_root }}ayu-highlight.css">
 
         <!-- Custom theme stylesheets -->
         {{#each additional_css}}
-        <link rel="stylesheet" href="{{ resource this }}">
+        <link rel="stylesheet" href="{{ ../path_to_root }}{{ this }}">
         {{/each}}
 
         {{#if mathjax_support}}
         <!-- MathJax -->
-        <script async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
+        <script async type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
         {{/if}}
-
-        <!-- Provide site root and default themes to javascript -->
-        <script>
-            const path_to_root = "{{ path_to_root }}";
-            const default_light_theme = "{{ default_theme }}";
-            const default_dark_theme = "{{ preferred_dark_theme }}";
-        {{#if search_js}}
-            window.path_to_searchindex_js = "{{ resource "searchindex.js" }}";
-        {{/if}}
-        </script>
-        <!-- Start loading toc.js asap -->
-        <script src="{{ resource "toc.js" }}"></script>
     </head>
     <body>
-    <div id="mdbook-help-container">
-        <div id="mdbook-help-popup">
-            <h2 class="mdbook-help-title">Keyboard shortcuts</h2>
-            <div>
-                <p>Press <kbd>←</kbd> or <kbd>→</kbd> to navigate between chapters</p>
-                {{#if search_enabled}}
-                <p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
-                {{/if}}
-                <p>Press <kbd>?</kbd> to show this help</p>
-                <p>Press <kbd>Esc</kbd> to hide this help</p>
-            </div>
-        </div>
-    </div>
-    <div id="mdbook-body-container">
-        <!-- Work around some values being stored in localStorage wrapped in quotes -->
-        <script>
-            try {
-                let theme = localStorage.getItem('mdbook-theme');
-                let sidebar = localStorage.getItem('mdbook-sidebar');
+        <!-- Provide site root to javascript -->
+        <script type="text/javascript">
+            var path_to_root = "{{ path_to_root }}";
+            var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "{{ preferred_dark_theme }}" : "{{ default_theme }}";
+        </script>
 
+        <!-- Work around some values being stored in localStorage wrapped in quotes -->
+        <script type="text/javascript">
+            try {
+                var theme = localStorage.getItem('mdbook-theme');
+                var sidebar = localStorage.getItem('mdbook-sidebar');
                 if (theme.startsWith('"') && theme.endsWith('"')) {
                     localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
                 }
-
                 if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
                     localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
                 }
@@ -94,107 +76,91 @@
         </script>
 
         <!-- Set the theme before any content is loaded, prevents flash -->
-        <script>
-            const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
-            let theme;
+        <script type="text/javascript">
+            var theme;
             try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
             if (theme === null || theme === undefined) { theme = default_theme; }
-            const html = document.documentElement;
+            var html = document.querySelector('html');
+            html.classList.remove('no-js')
             html.classList.remove('{{ default_theme }}')
             html.classList.add(theme);
-            html.classList.add("js");
+            html.classList.add('js');
         </script>
 
-        <input type="checkbox" id="mdbook-sidebar-toggle-anchor" class="hidden">
-
         <!-- Hide / unhide sidebar before it is displayed -->
-        <script>
-            let sidebar = null;
-            const sidebar_toggle = document.getElementById("mdbook-sidebar-toggle-anchor");
+        <script type="text/javascript">
+            var html = document.querySelector('html');
+            var sidebar = 'hidden';
             if (document.body.clientWidth >= 1080) {
                 try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
                 sidebar = sidebar || 'visible';
-            } else {
-                sidebar = 'hidden';
-                sidebar_toggle.checked = false;
-            }
-            if (sidebar === 'visible') {
-                sidebar_toggle.checked = true;
-            } else {
-                html.classList.remove('sidebar-visible');
             }
+            html.classList.remove('sidebar-visible');
+            html.classList.add("sidebar-" + sidebar);
         </script>
 
-        <nav id="mdbook-sidebar" class="sidebar" aria-label="Table of contents">
-            <!-- populated by js -->
-            <mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
-            <noscript>
-                <iframe class="sidebar-iframe-outer" src="{{ path_to_root }}toc.html"></iframe>
-            </noscript>
-            <div id="mdbook-sidebar-resize-handle" class="sidebar-resize-handle">
-                <div class="sidebar-resize-indicator"></div>
+        <nav id="sidebar" class="sidebar" aria-label="Table of contents">
+            <div class="sidebar-scrollbox">
+                {{#toc}}{{/toc}}
             </div>
+            <div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
         </nav>
 
-        <div id="mdbook-page-wrapper" class="page-wrapper">
+        <div id="page-wrapper" class="page-wrapper">
 
             <div class="page">
                 {{> header}}
-                <div id="mdbook-menu-bar-hover-placeholder"></div>
-                <div id="mdbook-menu-bar" class="menu-bar sticky">
+                <div id="menu-bar-hover-placeholder"></div>
+                <div id="menu-bar" class="menu-bar sticky bordered">
                     <div class="left-buttons">
-                        <label id="mdbook-sidebar-toggle" class="icon-button" for="mdbook-sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="mdbook-sidebar">
-                            {{fa "solid" "bars"}}
-                        </label>
-                        <button id="mdbook-theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="mdbook-theme-list">
-                            {{fa "solid" "paintbrush"}}
+                        <button id="sidebar-toggle" class="icon-button" type="button" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
+                            <i class="fa fa-bars"></i>
                         </button>
-                        <ul id="mdbook-theme-list" class="theme-popup" aria-label="Themes" role="menu">
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-default_theme">Auto</button></li>
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-light">Light</button></li>
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-rust">Rust</button></li>
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-coal">Coal</button></li>
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-navy">Navy</button></li>
-                            <li role="none"><button role="menuitem" class="theme" id="mdbook-theme-ayu">Ayu</button></li>
+                        <button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
+                            <i class="fa fa-paint-brush"></i>
+                        </button>
+                        <ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
+                            <li role="none"><button role="menuitem" class="theme" id="light">{{ theme_option "Light" }}</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="rust">{{ theme_option "Rust" }}</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="coal">{{ theme_option "Coal" }}</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="navy">{{ theme_option "Navy" }}</button></li>
+                            <li role="none"><button role="menuitem" class="theme" id="ayu">{{ theme_option "Ayu" }}</button></li>
                         </ul>
                         {{#if search_enabled}}
-                        <button id="mdbook-search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="mdbook-searchbar">
-                            {{fa "solid" "magnifying-glass"}}
+                        <button id="search-toggle" class="icon-button" type="button" title="Search. (Shortkey: s)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="S" aria-controls="searchbar">
+                            <i class="fa fa-search"></i>
                         </button>
                         {{/if}}
-                    </div>
-
-                    <!-- BEGIN CUSTOM SYNAPSE MODIFICATIONS -->
-                    <div class="version-picker">
-                        <div class="dropdown">
-                            <div class="select">
-                                <span></span>
-                                <i class="fa fa-chevron-down"></i>
+                        <div class="version-picker">
+                            <div class="dropdown">
+                                <div class="select">
+                                    <span></span>
+                                    <i class="fa fa-chevron-down"></i>
+                                </div>
+                                <input type="hidden" name="version">
+                                <ul class="dropdown-menu">
+                                    <!-- Versions will be added dynamically in version-picker.js -->
+                                </ul>
                             </div>
-                            <input type="hidden" name="version">
-                            <ul class="dropdown-menu">
-                                <!-- Versions will be added dynamically in version-picker.js -->
-                            </ul>
                         </div>
                     </div>
-                    <!-- END CUSTOM SYNAPSE MODIFICATIONS -->
 
                     <h1 class="menu-title">{{ book_title }}</h1>
 
                     <div class="right-buttons">
                         {{#if print_enable}}
                         <a href="{{ path_to_root }}print.html" title="Print this book" aria-label="Print this book">
-                            {{fa "solid" "print" "print-button"}}
+                            <i id="print-button" class="fa fa-print"></i>
                         </a>
                         {{/if}}
                         {{#if git_repository_url}}
                         <a href="{{git_repository_url}}" title="Git repository" aria-label="Git repository">
-                            {{fa git_repository_icon_class git_repository_icon}}
+                            <i id="git-repository-button" class="fa {{git_repository_icon}}"></i>
                         </a>
                         {{/if}}
                         {{#if git_repository_edit_url}}
-                        <a href="{{git_repository_edit_url}}" title="Suggest an edit" aria-label="Suggest an edit" rel="edit">
-                            {{fa "solid" "pencil" "git-edit-button"}}
+                        <a href="{{git_repository_edit_url}}" title="Suggest an edit" aria-label="Suggest an edit">
+                            <i id="git-edit-button" class="fa fa-edit"></i>
                         </a>
                         {{/if}}
 
@@ -202,58 +168,50 @@
                 </div>
 
                 {{#if search_enabled}}
-                <div id="mdbook-search-wrapper" class="hidden">
-                    <form id="mdbook-searchbar-outer" class="searchbar-outer">
-                        <div class="search-wrapper">
-                            <input type="search" id="mdbook-searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="mdbook-searchresults-outer" aria-describedby="searchresults-header">
-                            <div class="spinner-wrapper">
-                                {{fa "solid" "spinner" "fa-spin"}}
-                            </div>
-                        </div>
+                <div id="search-wrapper" class="hidden">
+                    <form id="searchbar-outer" class="searchbar-outer">
+                        <input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
                     </form>
-                    <div id="mdbook-searchresults-outer" class="searchresults-outer hidden">
-                        <div id="mdbook-searchresults-header" class="searchresults-header"></div>
-                        <ul id="mdbook-searchresults">
+                    <div id="searchresults-outer" class="searchresults-outer hidden">
+                        <div id="searchresults-header" class="searchresults-header"></div>
+                        <ul id="searchresults">
                         </ul>
                     </div>
                 </div>
                 {{/if}}
 
                 <!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
-                <script>
-                    document.getElementById('mdbook-sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
-                    document.getElementById('mdbook-sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
-                    Array.from(document.querySelectorAll('#mdbook-sidebar a')).forEach(function(link) {
+                <script type="text/javascript">
+                    document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
+                    document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
+                    Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
                         link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
                     });
                 </script>
 
-                <div id="mdbook-content" class="content">
+                <div id="content" class="content">
                     <main>
+                        <!-- Page table of contents -->
+                        <div class="sidetoc">
+                            <nav class="pagetoc"></nav>
+                        </div>
+
                         {{{ content }}}
                     </main>
 
                     <nav class="nav-wrapper" aria-label="Page navigation">
                         <!-- Mobile navigation buttons -->
-                        {{#if previous}}
-                            <a rel="prev" href="{{ path_to_root }}{{previous.link}}" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
-                                {{#if (eq ../text_direction "rtl")}}
-                                {{fa "solid" "angle-right"}}
-                                {{else}}
-                                {{fa "solid" "angle-left"}}
-                                {{/if}}
+                        {{#previous}}
+                            <a rel="prev" href="{{ path_to_root }}{{link}}" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
+                                <i class="fa fa-angle-left"></i>
                             </a>
-                        {{/if}}
+                        {{/previous}}
 
-                        {{#if next}}
-                            <a rel="next prefetch" href="{{ path_to_root }}{{next.link}}" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
-                                {{#if (eq ../text_direction "rtl")}}
-                                {{fa "solid" "angle-left"}}
-                                {{else}}
-                                {{fa "solid" "angle-right"}}
-                                {{/if}}
+                        {{#next}}
+                            <a rel="next" href="{{ path_to_root }}{{link}}" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
+                                <i class="fa fa-angle-right"></i>
                             </a>
-                        {{/if}}
+                        {{/next}}
 
                         <div style="clear: both"></div>
                     </nav>
@@ -261,92 +219,92 @@
             </div>
 
             <nav class="nav-wide-wrapper" aria-label="Page navigation">
-                {{#if previous}}
-                    <a rel="prev" href="{{ path_to_root }}{{previous.link}}" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
-                        {{#if (eq ../text_direction "rtl")}}
-                        {{fa "solid" "angle-right"}}
-                        {{else}}
-                        {{fa "solid" "angle-left"}}
-                        {{/if}}
+                {{#previous}}
+                    <a rel="prev" href="{{ path_to_root }}{{link}}" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
+                        <i class="fa fa-angle-left"></i>
                     </a>
-                {{/if}}
+                {{/previous}}
 
-                {{#if next}}
-                    <a rel="next prefetch" href="{{ path_to_root }}{{next.link}}" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
-                        {{#if (eq text_direction "rtl")}}
-                        {{fa "solid" "angle-left"}}
-                        {{else}}
-                        {{fa "solid" "angle-right"}}
-                        {{/if}}
+                {{#next}}
+                    <a rel="next" href="{{ path_to_root }}{{link}}" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
+                        <i class="fa fa-angle-right"></i>
                     </a>
-                {{/if}}
+                {{/next}}
             </nav>
 
         </div>
 
-        <template id=fa-eye>{{fa "solid" "eye"}}</template>
-        <template id=fa-eye-slash>{{fa "solid" "eye-slash"}}</template>
-        <template id=fa-copy>{{fa "regular" "copy"}}</template>
-        <template id=fa-play>{{fa "solid" "play"}}</template>
-        <template id=fa-clock-rotate-left>{{fa "solid" "clock-rotate-left"}}</template>
-
-        {{#if live_reload_endpoint}}
+        {{#if livereload}}
         <!-- Livereload script (if served using the cli tool) -->
-        <script>
-            const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
-            const wsAddress = wsProtocol + "//" + location.host + "/" + "{{{live_reload_endpoint}}}";
-            const socket = new WebSocket(wsAddress);
+        <script type="text/javascript">
+            var socket = new WebSocket("{{{livereload}}}");
             socket.onmessage = function (event) {
                 if (event.data === "reload") {
                     socket.close();
                     location.reload();
                 }
             };
-
             window.onbeforeunload = function() {
                 socket.close();
             }
         </script>
         {{/if}}
 
+        {{#if google_analytics}}
+        <!-- Google Analytics Tag -->
+        <script type="text/javascript">
+            var localAddrs = ["localhost", "127.0.0.1", ""];
+            // make sure we don't activate google analytics if the developer is
+            // inspecting the book locally...
+            if (localAddrs.indexOf(document.location.hostname) === -1) {
+                (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+                (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+                m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+                })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
+                ga('create', '{{google_analytics}}', 'auto');
+                ga('send', 'pageview');
+            }
+        </script>
+        {{/if}}
+
         {{#if playground_line_numbers}}
-        <script>
+        <script type="text/javascript">
             window.playground_line_numbers = true;
         </script>
         {{/if}}
 
         {{#if playground_copyable}}
-        <script>
+        <script type="text/javascript">
             window.playground_copyable = true;
         </script>
         {{/if}}
 
         {{#if playground_js}}
-        <script src="{{ resource "ace.js" }}"></script>
-        <script src="{{ resource "mode-rust.js" }}"></script>
-        <script src="{{ resource "editor.js" }}"></script>
-        <script src="{{ resource "theme-dawn.js" }}"></script>
-        <script src="{{ resource "theme-tomorrow_night.js" }}"></script>
+        <script src="{{ path_to_root }}ace.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}editor.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}mode-rust.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}theme-dawn.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}theme-tomorrow_night.js" type="text/javascript" charset="utf-8"></script>
         {{/if}}
 
         {{#if search_js}}
-        <script src="{{ resource "elasticlunr.min.js" }}"></script>
-        <script src="{{ resource "mark.min.js" }}"></script>
-        <script src="{{ resource "searcher.js" }}"></script>
+        <script src="{{ path_to_root }}elasticlunr.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}mark.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}searcher.js" type="text/javascript" charset="utf-8"></script>
         {{/if}}
 
-        <script src="{{ resource "clipboard.min.js" }}"></script>
-        <script src="{{ resource "highlight.js" }}"></script>
-        <script src="{{ resource "book.js" }}"></script>
+        <script src="{{ path_to_root }}clipboard.min.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}highlight.js" type="text/javascript" charset="utf-8"></script>
+        <script src="{{ path_to_root }}book.js" type="text/javascript" charset="utf-8"></script>
 
         <!-- Custom JS scripts -->
         {{#each additional_js}}
-        <script src="{{ resource this}}"></script>
+        <script type="text/javascript" src="{{ ../path_to_root }}{{this}}"></script>
         {{/each}}
 
         {{#if is_print}}
         {{#if mathjax_support}}
-        <script>
+        <script type="text/javascript">
         window.addEventListener('load', function() {
             MathJax.Hub.Register.StartupHook('End', function() {
                 window.setTimeout(window.print, 100);
@@ -354,7 +312,7 @@
         });
         </script>
         {{else}}
-        <script>
+        <script type="text/javascript">
         window.addEventListener('load', function() {
             window.setTimeout(window.print, 100);
         });
@@ -362,21 +320,5 @@
         {{/if}}
         {{/if}}
 
-        {{#if fragment_map}}
-        <script>
-            document.addEventListener('DOMContentLoaded', function() {
-                const fragmentMap =
-                    {{{fragment_map}}}
-                ;
-                const target = fragmentMap[window.location.hash];
-                if (target) {
-                    let url = new URL(target, window.location.href);
-                    window.location.replace(url.href);
-                }
-            });
-        </script>
-        {{/if}}
-
-    </div>
     </body>
 </html>

docs/workers.md

@@ -255,8 +255,6 @@ information.
     ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$
     ^/_matrix/client/(r0|v3|unstable)/capabilities$
     ^/_matrix/client/(r0|v3|unstable)/notifications$
-
-    # Admin API requests
     ^/_synapse/admin/v1/rooms/[^/]+$
 
     # Encryption requests
@@ -302,9 +300,6 @@ Additionally, the following REST endpoints can be handled for GET requests:
     # Presence requests
     ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/
 
-    # Admin API requests
-    ^/_synapse/admin/v2/users/[^/]+$
-
 Pagination requests can also be handled, but all requests for a given
 room must be routed to the same instance. Additionally, care must be taken to
 ensure that the purge history admin API is not used while pagination requests

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "matrix-synapse"
-version = "1.149.0rc1"
+version = "1.144.0"
 description = "Homeserver for the Matrix decentralised comms protocol"
 readme = "README.rst"
 authors = [
@@ -109,12 +109,7 @@ dependencies = [
     "pyrsistent>=0.18.0",  # via jsonschema
     "requests>=2.16.0", # 2.16.0+ no longer vendors urllib3, avoiding Python 3.10+ incompatibility
     "urllib3>=1.26.5", # via treq; 1.26.5 fixes Python 3.10+ collections.abc compatibility
-    # 5.2 is the current version in Debian oldstable. If we don't care to support that, then 5.4 is
-    # the minimum version from Ubuntu 22.04 and RHEL 9. (as of 2025-12)
-    # When bumping this version to 6.2 or above, refer to https://github.com/element-hq/synapse/pull/19274
-    # for details of Synapse improvements that may be unlocked. Particularly around the use of `|`
-    # syntax with zope interface types.
-    "zope-interface>=5.2", # via twisted
+    "zope-interface>=6.2", # via twisted
 ]
 
 [project.optional-dependencies]
@@ -388,10 +383,15 @@ select = [
     "G",
     # pyupgrade
     "UP006",
+    "UP007",
+    "UP045",
 ]
 extend-safe-fixes = [
     # pyupgrade rules compatible with Python >= 3.9
     "UP006",
+    "UP007",
+    # pyupgrade rules compatible with Python >= 3.10
+    "UP045",
     # Allow ruff to automatically fix trailing spaces within a multi-line string/comment.
     "W293"
 ]
@@ -411,42 +411,32 @@ indent-style = "space"
 skip-magic-trailing-comma = false
 line-ending = "auto"
 
-[tool.ruff.lint.flake8-bugbear]
-extend-immutable-calls = [
-    # Durations are immutable
-    "synapse.util.duration.Duration",
-]
-
 [tool.maturin]
 manifest-path = "rust/Cargo.toml"
 module-name = "synapse.synapse_rust"
 python-source = "."
-include = [
-    { path = "AUTHORS.rst", format = "sdist" },
-    { path = "book.toml", format = "sdist" },
-    { path = "changelog.d/**/*", format = "sdist" },
-    { path = "CHANGES.md", format = "sdist" },
-    { path = "CONTRIBUTING.md", format = "sdist" },
-    { path = "demo/**/*", format = "sdist" },
-    { path = "docs/**/*", format = "sdist" },
-    { path = "INSTALL.md", format = "sdist" },
-    { path = "LICENSE-AGPL-3.0", format = "sdist" },
-    { path = "LICENSE-COMMERCIAL", format = "sdist" },
-    { path = "mypy.ini", format = "sdist" },
-    { path = "scripts-dev/**/*", format = "sdist" },
-    { path = "synmark/**/*", format = "sdist" },
-    { path = "sytest-blacklist", format = "sdist" },
-    { path = "tests/**/*", format = "sdist" },
-    { path = "UPGRADE.rst", format = "sdist" },
-    { path = "Cargo.toml", format = "sdist" },
-    { path = "Cargo.lock", format = "sdist" },
-    { path = "rust/Cargo.toml", format = "sdist" },
-    { path = "rust/build.rs", format = "sdist" },
-    { path = "rust/src/**", format = "sdist" },
-]
-exclude = [
-    { path = "synapse/*.so", format = "sdist" },
+sdist-include = [
+    "AUTHORS.rst",
+    "book.toml",
+    "changelog.d",
+    "CHANGES.md",
+    "CONTRIBUTING.md",
+    "demo",
+    "docs",
+    "INSTALL.md",
+    "mypy.ini",
+    "scripts-dev",
+    "synmark",
+    "sytest-blacklist",
+    "tests",
+    "UPGRADE.rst",
+    "Cargo.toml",
+    "Cargo.lock",
+    "rust/Cargo.toml",
+    "rust/build.rs",
+    "rust/src/**",
 ]
+sdist-exclude = ["synapse/*.so"]
 
 [build-system]
 # The upper bounds here are defensive, intended to prevent situations like
@@ -481,6 +471,9 @@ skip = "cp3??t-* *i686* *macosx*"
 enable = "pypy"
 
 # We need a rust compiler.
+#
+# We temporarily pin Rust to 1.82.0 to work around
+# https://github.com/element-hq/synapse/issues/17988
 before-all =  "sh .ci/before_build_wheel.sh"
 environment= { PATH = "$PATH:$HOME/.cargo/bin" }
 

rust/Cargo.toml

@@ -30,17 +30,14 @@ http = "1.1.0"
 lazy_static = "1.4.0"
 log = "0.4.17"
 mime = "0.3.17"
-pyo3 = { version = "0.27.2", features = [
+pyo3 = { version = "0.26.0", features = [
     "macros",
     "anyhow",
     "abi3",
     "abi3-py310",
-    # So we can pass `bytes::Bytes` directly back to Python efficiently,
-    # https://docs.rs/pyo3/latest/pyo3/bytes/index.html
-    "bytes",
 ] }
 pyo3-log = "0.13.1"
-pythonize = "0.27.0"
+pythonize = "0.26.0"
 regex = "1.6.0"
 sha2 = "0.10.8"
 serde = { version = "1.0.144", features = ["derive"] }

rust/build.rs

@@ -29,13 +29,6 @@ fn main() -> Result<(), std::io::Error> {
         }
     }
 
-    // Manually add Cargo.toml's, Cargo.lock and build.rs to the hash, since changes to
-    // these files should also invalidate the built module.
-    paths.push("Cargo.toml".to_string());
-    paths.push("../Cargo.lock".to_string());
-    paths.push("../Cargo.toml".to_string());
-    paths.push("build.rs".to_string());
-
     paths.sort();
 
     let mut hasher = Blake2b512::new();
@@ -48,12 +41,5 @@ fn main() -> Result<(), std::io::Error> {
     let hex_digest = hex::encode(hasher.finalize());
     println!("cargo:rustc-env=SYNAPSE_RUST_DIGEST={hex_digest}");
 
-    // The default rules don't pick up trivial changes to the workspace config
-    // files, but we need to rebuild if those change to pick up the changed
-    // hashes.
-    println!("cargo::rerun-if-changed=.");
-    println!("cargo::rerun-if-changed=../Cargo.lock");
-    println!("cargo::rerun-if-changed=../Cargo.toml");
-
     Ok(())
 }

rust/src/errors.rs

@@ -62,7 +62,7 @@ impl NotFoundError {
 import_exception!(synapse.api.errors, HttpResponseException);
 
 impl HttpResponseException {
-    pub fn new(status: StatusCode, bytes: bytes::Bytes) -> pyo3::PyErr {
+    pub fn new(status: StatusCode, bytes: Vec<u8>) -> pyo3::PyErr {
         HttpResponseException::new_err((
             status.as_u16(),
             status.canonical_reason().unwrap_or_default(),

rust/src/http.rs

@@ -32,7 +32,7 @@ fn read_io_body(body: &Bound<'_, PyAny>, chunk_size: usize) -> PyResult<Bytes> {
     let mut buf = BytesMut::new();
     loop {
         let bound = &body.call_method1("read", (chunk_size,))?;
-        let bytes: &Bound<'_, PyBytes> = bound.cast()?;
+        let bytes: &Bound<'_, PyBytes> = bound.downcast()?;
         if bytes.as_bytes().is_empty() {
             return Ok(buf.into());
         }
@@ -58,12 +58,12 @@ pub fn http_request_from_twisted(request: &Bound<'_, PyAny>) -> PyResult<Request
     let mut req = Request::new(body);
 
     let bound = &request.getattr("uri")?;
-    let uri: &Bound<'_, PyBytes> = bound.cast()?;
+    let uri: &Bound<'_, PyBytes> = bound.downcast()?;
     *req.uri_mut() =
         Uri::try_from(uri.as_bytes()).map_err(|_| PyValueError::new_err("invalid uri"))?;
 
     let bound = &request.getattr("method")?;
-    let method: &Bound<'_, PyBytes> = bound.cast()?;
+    let method: &Bound<'_, PyBytes> = bound.downcast()?;
     *req.method_mut() = Method::from_bytes(method.as_bytes())
         .map_err(|_| PyValueError::new_err("invalid method"))?;
 
@@ -74,17 +74,17 @@ pub fn http_request_from_twisted(request: &Bound<'_, PyAny>) -> PyResult<Request
 
     for header in headers_iter {
         let header = header?;
-        let header: &Bound<'_, PyTuple> = header.cast()?;
+        let header: &Bound<'_, PyTuple> = header.downcast()?;
         let bound = &header.get_item(0)?;
-        let name: &Bound<'_, PyBytes> = bound.cast()?;
+        let name: &Bound<'_, PyBytes> = bound.downcast()?;
         let name = HeaderName::from_bytes(name.as_bytes())
             .map_err(|_| PyValueError::new_err("invalid header name"))?;
 
         let bound = &header.get_item(1)?;
-        let values: &Bound<'_, PySequence> = bound.cast()?;
+        let values: &Bound<'_, PySequence> = bound.downcast()?;
         for index in 0..values.len()? {
             let bound = &values.get_item(index)?;
-            let value: &Bound<'_, PyBytes> = bound.cast()?;
+            let value: &Bound<'_, PyBytes> = bound.downcast()?;
             let value = HeaderValue::from_bytes(value.as_bytes())
                 .map_err(|_| PyValueError::new_err("invalid header value"))?;
             req.headers_mut().append(name.clone(), value);

rust/src/http_client.rs

@@ -15,7 +15,7 @@
 use std::{collections::HashMap, future::Future, sync::OnceLock};
 
 use anyhow::Context;
-use http_body_util::BodyExt;
+use futures::TryStreamExt;
 use once_cell::sync::OnceCell;
 use pyo3::{create_exception, exceptions::PyException, prelude::*};
 use reqwest::RequestBuilder;
@@ -171,27 +171,15 @@ struct HttpClient {
 #[pymethods]
 impl HttpClient {
     #[new]
-    #[pyo3(signature = (reactor, user_agent, http2_only = false))]
-    pub fn py_new(
-        reactor: Bound<PyAny>,
-        user_agent: &str,
-        http2_only: bool,
-    ) -> PyResult<HttpClient> {
+    pub fn py_new(reactor: Bound<PyAny>, user_agent: &str) -> PyResult<HttpClient> {
         // Make sure the runtime gets installed
         let _ = runtime(&reactor)?;
 
-        let mut builder = reqwest::Client::builder().user_agent(user_agent);
-
-        if http2_only {
-            // Create the client with 'HTTP/2 prior knowledge' enabled, which
-            // means it will always use HTTP/2 for unencrypted connections
-            builder = builder.http2_prior_knowledge();
-        }
-
-        let client = builder.build().context("building reqwest client")?;
-
         Ok(HttpClient {
-            client,
+            client: reqwest::Client::builder()
+                .user_agent(user_agent)
+                .build()
+                .context("building reqwest client")?,
             reactor: reactor.unbind(),
         })
     }
@@ -235,30 +223,23 @@ impl HttpClient {
 
             let status = response.status();
 
-            // A light-weight way to read the response up until the `response_limit`. We
-            // want to avoid allocating a giant response object on the server above our
-            // expected `response_limit` to avoid out-of-memory DOS problems.
-            let body = reqwest::Body::from(response);
-            let limited_body = http_body_util::Limited::new(body, response_limit);
-            let collected = limited_body
-                .collect()
-                .await
-                .map_err(anyhow::Error::from_boxed)
-                .with_context(|| {
-                    format!(
-                        "Response body exceeded response limit ({} bytes)",
-                        response_limit
-                    )
-                })?;
-            let bytes: bytes::Bytes = collected.to_bytes();
+            let mut stream = response.bytes_stream();
+            let mut buffer = Vec::new();
+            while let Some(chunk) = stream.try_next().await.context("reading body")? {
+                if buffer.len() + chunk.len() > response_limit {
+                    Err(anyhow::anyhow!("Response size too large"))?;
+                }
 
-            if !status.is_success() {
-                return Err(HttpResponseException::new(status, bytes));
+                buffer.extend_from_slice(&chunk);
             }
 
-            // Because of the `pyo3` `bytes` feature, we can pass this back to Python
-            // land efficiently
-            Ok(bytes)
+            if !status.is_success() {
+                return Err(HttpResponseException::new(status, buffer));
+            }
+
+            let r = Python::attach(|py| buffer.into_pyobject(py).map(|o| o.unbind()))?;
+
+            Ok(r)
         })
     }
 }
@@ -335,8 +316,5 @@ fn make_deferred_yieldable<'py>(
         func
     });
 
-    make_deferred_yieldable
-        .call1(py, (deferred,))?
-        .extract(py)
-        .map_err(Into::into)
+    make_deferred_yieldable.call1(py, (deferred,))?.extract(py)
 }

rust/src/lib.rs

@@ -12,7 +12,6 @@ pub mod http;
 pub mod http_client;
 pub mod identifier;
 pub mod matrix_const;
-pub mod msc4388_rendezvous;
 pub mod push;
 pub mod rendezvous;
 pub mod segmenter;
@@ -56,7 +55,6 @@ fn synapse_rust(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
     events::register_module(py, m)?;
     http_client::register_module(py, m)?;
     rendezvous::register_module(py, m)?;
-    msc4388_rendezvous::register_module(py, m)?;
     segmenter::register_module(py, m)?;
 
     Ok(())

rust/src/msc4388_rendezvous/mod.rs

@@ -1,370 +0,0 @@
-/*
- * This file is licensed under the Affero General Public License (AGPL) version 3.
- *
- * Copyright (C) 2026 Element Creations Ltd
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * See the GNU Affero General Public License for more details:
- * <https://www.gnu.org/licenses/agpl-3.0.html>.
- */
-
-use std::{
-    collections::BTreeMap,
-    time::{Duration, SystemTime},
-};
-
-use http::StatusCode;
-use pyo3::{
-    pyclass, pymethods,
-    types::{PyAnyMethods, PyModule, PyModuleMethods},
-    Bound, IntoPyObject, Py, PyAny, PyResult, Python,
-};
-use serde::Deserialize;
-use ulid::Ulid;
-
-use self::session::Session;
-use crate::{
-    duration::SynapseDuration,
-    errors::{NotFoundError, SynapseError},
-    http::http_request_from_twisted,
-    msc4388_rendezvous::session::{GetResponse, PostResponse, PutResponse},
-    UnwrapInfallible,
-};
-
-mod session;
-
-#[pyclass]
-struct MSC4388RendezvousHandler {
-    clock: Py<PyAny>,
-    sessions: BTreeMap<Ulid, Session>,
-    soft_limit: usize,
-    hard_limit: usize,
-    max_content_length: u64,
-    ttl: Duration,
-}
-
-impl MSC4388RendezvousHandler {
-    /// Check the length of the data parameter and throw error if invalid.
-    fn check_data_length(&self, data: &str) -> PyResult<()> {
-        let data_length = data.len() as u64;
-        if data_length > self.max_content_length {
-            return Err(SynapseError::new(
-                StatusCode::PAYLOAD_TOO_LARGE,
-                "Payload too large".to_owned(),
-                "M_TOO_LARGE",
-                None,
-                None,
-            ));
-        }
-        Ok(())
-    }
-
-    /// Evict expired sessions and remove the oldest sessions until we're under the capacity.
-    fn evict(&mut self, now: SystemTime) {
-        // First remove all the entries which expired
-        self.sessions.retain(|_, session| !session.expired(now));
-
-        // Then we remove the oldest entries until we're under the soft limit
-        while self.sessions.len() > self.soft_limit {
-            self.sessions.pop_first();
-        }
-    }
-}
-
-#[derive(Deserialize)]
-pub struct PostRequest {
-    data: String,
-}
-
-#[derive(Deserialize)]
-pub struct PutRequest {
-    sequence_token: String,
-    data: String,
-}
-
-#[pymethods]
-impl MSC4388RendezvousHandler {
-    #[new]
-    #[pyo3(signature = (homeserver, /, soft_limit=100, hard_limit=200,max_content_length=4*1024, eviction_interval=60*1000, ttl=2*60*1000))]
-    fn new(
-        py: Python<'_>,
-        homeserver: &Bound<'_, PyAny>,
-        soft_limit: usize,
-        hard_limit: usize,
-        max_content_length: u64,
-        eviction_interval: u64,
-        ttl: u64,
-    ) -> PyResult<Py<Self>> {
-        let clock = homeserver
-            .call_method0("get_clock")?
-            .into_pyobject(py)
-            .unwrap_infallible()
-            .unbind();
-
-        // Construct a Python object so that we can get a reference to the
-        // evict method and schedule it to run.
-        let self_ = Py::new(
-            py,
-            Self {
-                clock,
-                sessions: BTreeMap::new(),
-                soft_limit,
-                hard_limit,
-                max_content_length,
-                ttl: Duration::from_millis(ttl),
-            },
-        )?;
-
-        let eviction_duration = SynapseDuration::from_milliseconds(eviction_interval);
-
-        let evict = self_.getattr(py, "_evict")?;
-        homeserver.call_method0("get_clock")?.call_method(
-            "looping_call",
-            (evict, &eviction_duration),
-            None,
-        )?;
-
-        Ok(self_)
-    }
-
-    fn _evict(&mut self, py: Python<'_>) -> PyResult<()> {
-        let clock = self.clock.bind(py);
-        let now: u64 = clock.call_method0("time_msec")?.extract()?;
-        let now = SystemTime::UNIX_EPOCH + Duration::from_millis(now);
-        self.evict(now);
-
-        Ok(())
-    }
-
-    fn handle_post(
-        &mut self,
-        py: Python<'_>,
-        twisted_request: &Bound<'_, PyAny>,
-    ) -> PyResult<(u8, PostResponse)> {
-        let clock = self.clock.bind(py);
-        let now: u64 = clock.call_method0("time_msec")?.extract()?;
-        let now = SystemTime::UNIX_EPOCH + Duration::from_millis(now);
-
-        // We trigger an immediate eviction if we're at the hard limit
-        if self.sessions.len() >= self.hard_limit {
-            self.evict(now);
-        }
-
-        // Generate a new ULID for the session from the current time.
-        let id = Ulid::from_datetime(now);
-
-        let request = http_request_from_twisted(twisted_request)?;
-        // parse JSON body
-        let post_request: PostRequest =
-            serde_json::from_slice(&request.into_body()).map_err(|_| {
-                SynapseError::new(
-                    StatusCode::BAD_REQUEST,
-                    "Invalid JSON in request body".to_owned(),
-                    "M_INVALID_PARAM",
-                    None,
-                    None,
-                )
-            })?;
-
-        let data: String = post_request.data;
-        self.check_data_length(&data)?;
-
-        let session = Session::new(id, data, now, self.ttl);
-        let response = session.post_response(now);
-        self.sessions.insert(id, session);
-
-        Ok((200, response))
-    }
-
-    fn handle_get(
-        &mut self,
-        py: Python<'_>,
-        id: &str,
-        twisted_request: &Bound<'_, PyAny>,
-    ) -> PyResult<(u8, GetResponse)> {
-        let request = http_request_from_twisted(twisted_request)?;
-
-        // As per the MSC, we check the Sec-Fetch-* headers to ensure this request did not come from somewhere that will
-        // be rendered directly to the user, as the response may contain sensitive data. These headers are added by
-        // well behaved browsers so are helpful for protecting regular users.
-
-        // Sec-Fetch-Dest: https://www.w3.org/TR/fetch-metadata/#sec-fetch-dest-header
-        //
-        // If the header is present then this must be "empty". All other values such as document, image etc.
-        // are considered potentially dangerous as they might be rendered to the user.
-        //
-        // Note that because we only ever return JSON, so it is unlikely that it could somehow be rendered as an image,
-        // video or other media.
-        let sec_fetch_dest: Option<String> = request
-            .headers()
-            .get("sec-fetch-dest")
-            .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_owned());
-        if sec_fetch_dest.is_some() && sec_fetch_dest.as_deref() != Some("empty") {
-            return Err(SynapseError::new(
-                StatusCode::FORBIDDEN,
-                "Rendezvous content is not accessible from the request destination".to_owned(),
-                "M_FORBIDDEN",
-                None,
-                None,
-            ));
-        }
-
-        // Sec-Fetch-Mode: https://www.w3.org/TR/fetch-metadata/#sec-fetch-mode-header
-        //
-        // A request mode of "navigate" is not allowed as this indicates the request is being made by the
-        // browser to navigate to a URL, which could lead to the response being rendered directly to the user.
-        //
-        // Note that usually Sec-Fetch-Dest would be "document" in this case and so the request would be rejected earlier,
-        // but we check the mode just in case the destination is not set correctly.
-        let sec_fetch_mode: Option<String> = request
-            .headers()
-            .get("sec-fetch-mode")
-            .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_owned());
-        if sec_fetch_mode.as_deref() == Some("navigate") {
-            return Err(SynapseError::new(
-                StatusCode::FORBIDDEN,
-                "Rendezvous content is not accessible via top-level navigation".to_owned(),
-                "M_FORBIDDEN",
-                None,
-                None,
-            ));
-        }
-
-        // Sec-Fetch-User: https://www.w3.org/TR/fetch-metadata/#sec-fetch-user-header
-        //
-        // If the request has a Sec-Fetch-User header with a value of "?1", this indicates that the
-        // request was triggered by user activation, such as a click.
-        //
-        // Note that usually Sec-Fetch-Mode would be "navigate" or the Sec-Fetch-Dest would be "document" in this case
-        // and so the request would be rejected earlier, but we check the user activation just in case those headers are
-        // not set correctly.
-        let sec_fetch_user: Option<String> = request
-            .headers()
-            .get("sec-fetch-user")
-            .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_owned());
-        if sec_fetch_user.as_deref() == Some("?1") {
-            return Err(SynapseError::new(
-                StatusCode::FORBIDDEN,
-                "Rendezvous content is not accessible from requests with user activation"
-                    .to_owned(),
-                "M_FORBIDDEN",
-                None,
-                None,
-            ));
-        }
-
-        // Sec-Fetch-Site: https://www.w3.org/TR/fetch-metadata/#sec-fetch-site-header
-        //
-        // "none" indicates the request did not originate from a web page
-        // (e.g. typed URL, bookmark, or browser extension), so we disallow it.
-        let sec_fetch_site: Option<String> = request
-            .headers()
-            .get("sec-fetch-site")
-            .and_then(|v| v.to_str().ok())
-            .map(|s| s.to_owned());
-        if sec_fetch_site.as_deref() == Some("none") {
-            return Err(SynapseError::new(
-                StatusCode::FORBIDDEN,
-                "Rendezvous content is not accessible from requests from user interaction"
-                    .to_owned(),
-                "M_FORBIDDEN",
-                None,
-                None,
-            ));
-        }
-
-        let clock = self.clock.bind(py);
-        let now: u64 = clock.call_method0("time_msec")?.extract()?;
-        let now = SystemTime::UNIX_EPOCH + Duration::from_millis(now);
-
-        let id: Ulid = id.parse().map_err(|_| NotFoundError::new())?;
-        let session = self
-            .sessions
-            .get(&id)
-            .filter(|s| !s.expired(now))
-            .ok_or_else(NotFoundError::new)?;
-
-        Ok((200, session.get_response(now)))
-    }
-
-    fn handle_put(
-        &mut self,
-        py: Python<'_>,
-        id: &str,
-        twisted_request: &Bound<'_, PyAny>,
-    ) -> PyResult<(u8, PutResponse)> {
-        let request = http_request_from_twisted(twisted_request)?;
-        // parse JSON body
-        let put_request: PutRequest =
-            serde_json::from_slice(&request.into_body()).map_err(|_| {
-                SynapseError::new(
-                    StatusCode::BAD_REQUEST,
-                    "Invalid JSON in request body".to_owned(),
-                    "M_INVALID_PARAM",
-                    None,
-                    None,
-                )
-            })?;
-
-        let sequence_token: String = put_request.sequence_token;
-
-        let data: String = put_request.data;
-
-        self.check_data_length(&data)?;
-
-        let clock = self.clock.bind(py);
-        let now: u64 = clock.call_method0("time_msec")?.extract()?;
-        let now = SystemTime::UNIX_EPOCH + Duration::from_millis(now);
-
-        let id: Ulid = id.parse().map_err(|_| NotFoundError::new())?;
-        let session = self
-            .sessions
-            .get_mut(&id)
-            .filter(|s| !s.expired(now))
-            .ok_or_else(NotFoundError::new)?;
-
-        if !session.sequence_token().eq(&sequence_token) {
-            return Err(SynapseError::new(
-                StatusCode::CONFLICT,
-                "sequence_token does not match".to_owned(),
-                "IO_ELEMENT_MSC4388_CONCURRENT_WRITE",
-                None,
-                None,
-            ));
-        }
-
-        session.update(data, now);
-
-        Ok((200, session.put_response()))
-    }
-
-    fn handle_delete(&mut self, id: &str) -> PyResult<(u8, ())> {
-        let id: Ulid = id.parse().map_err(|_| NotFoundError::new())?;
-        let _session = self.sessions.remove(&id).ok_or_else(NotFoundError::new)?;
-
-        Ok((200, ()))
-    }
-}
-
-pub fn register_module(py: Python<'_>, m: &Bound<'_, PyModule>) -> PyResult<()> {
-    let child_module = PyModule::new(py, "msc4388_rendezvous")?;
-
-    child_module.add_class::<MSC4388RendezvousHandler>()?;
-
-    m.add_submodule(&child_module)?;
-
-    // We need to manually add the module to sys.modules to make `from
-    // synapse.synapse_rust import rendezvous` work.
-    py.import("sys")?
-        .getattr("modules")?
-        .set_item("synapse.synapse_rust.msc4388_rendezvous", child_module)?;
-
-    Ok(())
-}

rust/src/msc4388_rendezvous/session.rs

@@ -1,153 +0,0 @@
-/*
- * This file is licensed under the Affero General Public License (AGPL) version 3.
- *
- * Copyright (C) 2026 Element Creations Ltd
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * See the GNU Affero General Public License for more details:
- * <https://www.gnu.org/licenses/agpl-3.0.html>.
- */
-
-use std::time::{Duration, SystemTime};
-
-use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
-use pyo3::{Bound, IntoPyObject, PyAny, Python};
-use pythonize::{pythonize, PythonizeError};
-use serde::Serialize;
-use sha2::{Digest, Sha256};
-use ulid::Ulid;
-
-/// A single session, containing data, metadata, and expiry information.
-pub struct Session {
-    id: Ulid,
-    hash: [u8; 32],
-    data: String,
-    last_modified: SystemTime,
-    expires: SystemTime,
-}
-
-#[derive(Serialize)]
-pub struct PostResponse {
-    id: String,
-    sequence_token: String,
-    expires_in_ms: u64,
-}
-
-impl<'source> IntoPyObject<'source> for PostResponse {
-    type Target = PyAny;
-    type Output = Bound<'source, Self::Target>;
-    type Error = PythonizeError;
-
-    fn into_pyobject(self, py: Python<'source>) -> Result<Self::Output, Self::Error> {
-        pythonize(py, &self)
-    }
-}
-
-#[derive(Serialize)]
-pub struct GetResponse {
-    data: String,
-    sequence_token: String,
-    expires_in_ms: u64,
-}
-
-impl<'source> IntoPyObject<'source> for GetResponse {
-    type Target = PyAny;
-    type Output = Bound<'source, Self::Target>;
-    type Error = PythonizeError;
-
-    fn into_pyobject(self, py: Python<'source>) -> Result<Self::Output, Self::Error> {
-        pythonize(py, &self)
-    }
-}
-
-#[derive(Serialize)]
-pub struct PutResponse {
-    sequence_token: String,
-}
-
-impl<'source> IntoPyObject<'source> for PutResponse {
-    type Target = PyAny;
-    type Output = Bound<'source, Self::Target>;
-    type Error = PythonizeError;
-
-    fn into_pyobject(self, py: Python<'source>) -> Result<Self::Output, Self::Error> {
-        pythonize(py, &self)
-    }
-}
-
-impl Session {
-    /// Create a new session with the given data and time-to-live.
-    pub fn new(id: Ulid, data: String, now: SystemTime, ttl: Duration) -> Self {
-        let hash = Self::compute_hash(&data, now);
-        Self {
-            id,
-            hash,
-            data,
-            expires: now + ttl,
-            last_modified: now,
-        }
-    }
-
-    /// Returns true if the session has expired at the given time.
-    pub fn expired(&self, now: SystemTime) -> bool {
-        self.expires <= now
-    }
-
-    /// Update the session with new data and last modified time.
-    pub fn update(&mut self, data: String, now: SystemTime) {
-        self.hash = Self::compute_hash(&data, now);
-        self.data = data;
-        self.last_modified = now;
-    }
-
-    /// Compute the hash of the data and timestamp.
-    fn compute_hash(data: &str, now: SystemTime) -> [u8; 32] {
-        let mut hasher = Sha256::new();
-        hasher.update(data);
-        let now_millis = now
-            .duration_since(SystemTime::UNIX_EPOCH)
-            .unwrap_or_default()
-            .as_millis();
-        hasher.update(now_millis.to_be_bytes());
-        hasher.finalize().into()
-    }
-
-    /// The sequence token for the session.
-    pub fn sequence_token(&self) -> String {
-        URL_SAFE_NO_PAD.encode(self.hash)
-    }
-
-    pub fn get_response(&self, now: SystemTime) -> GetResponse {
-        GetResponse {
-            data: self.data.clone(),
-            sequence_token: self.sequence_token(),
-            expires_in_ms: self
-                .expires
-                .duration_since(now)
-                .unwrap_or_default()
-                .as_millis() as u64,
-        }
-    }
-
-    pub fn post_response(&self, now: SystemTime) -> PostResponse {
-        PostResponse {
-            id: self.id.to_string(),
-            sequence_token: self.sequence_token(),
-            expires_in_ms: self
-                .expires
-                .duration_since(now)
-                .unwrap_or_default()
-                .as_millis() as u64,
-        }
-    }
-
-    pub fn put_response(&self) -> PutResponse {
-        PutResponse {
-            sequence_token: self.sequence_token(),
-        }
-    }
-}

rust/src/push/mod.rs

@@ -273,16 +273,14 @@ pub enum SimpleJsonValue {
     Null,
 }
 
-impl<'source> FromPyObject<'_, 'source> for SimpleJsonValue {
-    type Error = PyErr;
-
-    fn extract(ob: Borrowed<'_, 'source, PyAny>) -> Result<Self, Self::Error> {
-        if let Ok(s) = ob.cast::<PyString>() {
+impl<'source> FromPyObject<'source> for SimpleJsonValue {
+    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
+        if let Ok(s) = ob.downcast::<PyString>() {
             Ok(SimpleJsonValue::Str(Cow::Owned(s.to_string())))
         // A bool *is* an int, ensure we try bool first.
-        } else if let Ok(b) = ob.cast::<PyBool>() {
+        } else if let Ok(b) = ob.downcast::<PyBool>() {
             Ok(SimpleJsonValue::Bool(b.extract()?))
-        } else if let Ok(i) = ob.cast::<PyInt>() {
+        } else if let Ok(i) = ob.downcast::<PyInt>() {
             Ok(SimpleJsonValue::Int(i.extract()?))
         } else if ob.is_none() {
             Ok(SimpleJsonValue::Null)
@@ -303,14 +301,12 @@ pub enum JsonValue {
     Value(SimpleJsonValue),
 }
 
-impl<'source> FromPyObject<'_, 'source> for JsonValue {
-    type Error = PyErr;
-
-    fn extract(ob: Borrowed<'_, 'source, PyAny>) -> Result<Self, Self::Error> {
-        if let Ok(l) = ob.cast::<PyList>() {
+impl<'source> FromPyObject<'source> for JsonValue {
+    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
+        if let Ok(l) = ob.downcast::<PyList>() {
             match l
                 .iter()
-                .map(|it| SimpleJsonValue::extract(it.as_borrowed()))
+                .map(|it| SimpleJsonValue::extract_bound(&it))
                 .collect()
             {
                 Ok(a) => Ok(JsonValue::Array(a)),
@@ -318,7 +314,7 @@ impl<'source> FromPyObject<'_, 'source> for JsonValue {
                     "Can't convert to JsonValue::Array: {e}"
                 ))),
             }
-        } else if let Ok(v) = SimpleJsonValue::extract(ob) {
+        } else if let Ok(v) = SimpleJsonValue::extract_bound(ob) {
             Ok(JsonValue::Value(v))
         } else {
             Err(PyTypeError::new_err(format!(
@@ -389,11 +385,9 @@ impl<'source> IntoPyObject<'source> for Condition {
     }
 }
 
-impl<'source> FromPyObject<'_, 'source> for Condition {
-    type Error = PyErr;
-
-    fn extract(ob: Borrowed<'_, 'source, PyAny>) -> Result<Self, Self::Error> {
-        Ok(depythonize(&ob)?)
+impl<'source> FromPyObject<'source> for Condition {
+    fn extract_bound(ob: &Bound<'source, PyAny>) -> PyResult<Self> {
+        Ok(depythonize(ob)?)
     }
 }
 

schema/synapse-config.schema.yaml

@@ -1,5 +1,5 @@
 $schema: https://element-hq.github.io/synapse/latest/schema/v1/meta.schema.json
-$id: https://element-hq.github.io/synapse/schema/synapse/v1.149/synapse-config.schema.json
+$id: https://element-hq.github.io/synapse/schema/synapse/v1.144/synapse-config.schema.json
 type: object
 properties:
   modules:
@@ -1113,11 +1113,8 @@ properties:
       When this option is enabled, the room "complexity" will be checked before
       a user joins a new remote room. If it is above the complexity limit, the
       server will disallow joining, or will instantly leave. This is useful for
-      homeservers that are resource-constrained. In Synapse, the complexity of a
-      room is measured by the number of current state events in a room, divided
-      by 500. "Current" here means the latest state, i.e. if a user joins, then
-      leaves, then joins, that will count as 1 current `m.room.member` state
-      event.
+      homeservers that are resource-constrained. Room complexity is an arbitrary
+      measure based on factors such as the number of users in the room.
     properties:
       enabled:
         type: boolean
@@ -2277,16 +2274,6 @@ properties:
     examples:
       - per_second: 1.0
         burst_count: 5.0
-  rc_user_directory:
-    $ref: "#/$defs/rc"
-    description: >-
-      This option allows admins to ratelimit searches in the user directory.
-
-
-      _Added in Synapse 1.145.0._
-    default:
-      per_second: 0.016
-      burst_count: 200.0
   federation_rr_transactions_per_room_per_second:
     type: integer
     description: >-
@@ -2351,19 +2338,6 @@ properties:
     default: true
     examples:
       - false
-  enable_local_media_storage:
-    type: boolean
-    description: >-
-      Enable the local on-disk media storage provider. When disabled, media is
-      stored only in configured `media_storage_providers` and temporary files are
-      used for processing.
-      
-      **Warning:** If this option is set to `false` and no `media_storage_providers`
-      are configured, all media requests will return 404 errors as there will be
-      no storage backend available.
-    default: true
-    examples:
-      - false
   media_store_path:
     type: string
     description: Directory where uploaded images and attachments are stored.
@@ -5529,13 +5503,11 @@ properties:
   outbound_federation_restricted_to:
     type: array
     description: >-
-      You can restrict outbound federation traffic to only go through a specific subset
-      of workers including the [Secure Border Gateway
-      (SBG)](https://element.io/en/server-suite/secure-border-gateways). Any worker
-      specified here (including the SBG) must also be in the
-      [`instance_map`](#instance_map).
-      [`worker_replication_secret`](#worker_replication_secret) must also be configured
-      to authorize inter-worker communication.
+      When using workers, you can restrict outbound federation traffic to only
+      go through a specific subset of workers. Any worker specified here must
+      also be in the [`instance_map`](#instance_map).
+      [`worker_replication_secret`](#worker_replication_secret) must also be
+      configured to authorize inter-worker communication.
 
 
       Also see the [worker

scripts-dev/build_debian_packages.py

@@ -31,7 +31,7 @@ DISTS = (
     "debian:sid",  # (rolling distro, no EOL)
     "ubuntu:jammy",  # 22.04 LTS (EOL 2027-04) (our EOL forced by Python 3.10 is 2026-10-04)
     "ubuntu:noble",  # 24.04 LTS (EOL 2029-06)
-    "ubuntu:questing",  # 25.10 (EOL 2026-07)
+    "ubuntu:plucky",  # 25.04 (EOL 2026-01)
     "debian:trixie",  # (EOL not specified yet)
 )
 
@@ -94,7 +94,6 @@ class Builder:
         build_args = (
             (
                 "docker",
-                "buildx",
                 "build",
                 "--tag",
                 "dh-venv-builder:" + tag,

scripts-dev/check_schema_delta.py

@@ -187,14 +187,6 @@ def check_schema_delta(delta_files: list[str], force_colors: bool) -> bool:
         sql_lang = "postgres"
         if delta_file.endswith(".sqlite"):
             sql_lang = "sqlite"
-        elif delta_file.endswith(".py"):
-            click.secho(
-                f"Skipping Python delta file: '{delta_file}'",
-                fg="yellow",
-                bold=True,
-                color=force_colors,
-            )
-            return True
 
         statements = sqlglot.parse(delta_contents, read=sql_lang)
 

scripts-dev/complement.sh

@@ -35,26 +35,6 @@
 # Exit if a line returns a non-zero exit code
 set -e
 
-# Tag local builds with a dummy registry namespace so that later builds may reference
-# them exactly instead of accidentally pulling from a remote registry.
-#
-# This is important as some storage drivers/types prefer remote images over local
-# (`containerd`) which causes problems as we're testing against some remote image that
-# doesn't include all of the changes that we're trying to test (be it locally or in a PR
-# in CI). This is spawning from a real-world problem where the GitHub runners were
-# updated to use Docker Engine 29.0.0+ which uses `containerd` by default for new
-# installations.
-LOCAL_IMAGE_NAMESPACE=localhost
-
-# The image tags for how these images will be stored in the registry
-SYNAPSE_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/synapse"
-SYNAPSE_WORKERS_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/synapse-workers"
-COMPLEMENT_SYNAPSE_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/complement-synapse"
-
-SYNAPSE_EDITABLE_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/synapse-editable"
-SYNAPSE_WORKERS_EDITABLE_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/synapse-workers-editable"
-COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH="$LOCAL_IMAGE_NAMESPACE/complement-synapse-editable"
-
 # Helper to emit annotations that collapse portions of the log in GitHub Actions
 echo_if_github() {
   if [[ -n "$GITHUB_WORKFLOW" ]]; then
@@ -67,13 +47,10 @@ usage() {
     cat >&2 <<EOF
 Usage: $0 [-f] <go test arguments>...
 Run the complement test suite on Synapse.
-  --in-repo
-        Whether to run the in-repo suite of Complement tests (see `./complement` in this project)
-        vs the Complement tests from the Complement repo.
 
   -f, --fast
         Skip rebuilding the docker images, and just use the most recent
-        'localhost/complement-synapse:latest' image.
+        'complement-synapse:latest' image.
         Conflicts with --build-only.
 
   --build-only
@@ -105,7 +82,6 @@ main() {
   # parse our arguments
   skip_docker_build=""
   skip_complement_run=""
-  use_in_repo_tests=""
   while [ $# -ge 1 ]; do
     arg=$1
     case "$arg" in
@@ -113,9 +89,6 @@ main() {
         usage
         return 1
         ;;
-      "--in-repo")
-        use_in_repo_tests=1
-        ;;
       "-f"|"--fast")
         skip_docker_build=1
         ;;
@@ -174,16 +147,16 @@ main() {
     editable_mount="$(realpath .):/editable-src:z"
     if [ -n "$rebuild_editable_synapse" ]; then
       unset skip_docker_build
-    elif $CONTAINER_RUNTIME inspect "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" &>/dev/null; then
+    elif $CONTAINER_RUNTIME inspect complement-synapse-editable &>/dev/null; then
       # complement-synapse-editable already exists: see if we can still use it:
       # - The Rust module must still be importable; it will fail to import if the Rust source has changed.
       # - The Poetry lock file must be the same (otherwise we assume dependencies have changed)
 
       # First set up the module in the right place for an editable installation.
-      $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'cp' "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" -- /synapse_rust.abi3.so.bak /editable-src/synapse/synapse_rust.abi3.so
+      $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'cp' complement-synapse-editable -- /synapse_rust.abi3.so.bak /editable-src/synapse/synapse_rust.abi3.so
 
-      if ($CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'python' "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" -c 'import synapse.synapse_rust' \
-        && $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'diff' "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" --brief /editable-src/poetry.lock /poetry.lock.bak); then
+      if ($CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'python' complement-synapse-editable -c 'import synapse.synapse_rust' \
+        && $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'diff' complement-synapse-editable --brief /editable-src/poetry.lock /poetry.lock.bak); then
         skip_docker_build=1
       else
         echo "Editable Synapse image is stale. Will rebuild."
@@ -197,47 +170,42 @@ main() {
 
       # Build a special image designed for use in development with editable
       # installs.
-      $CONTAINER_RUNTIME build \
-        -t "$SYNAPSE_EDITABLE_IMAGE_PATH" \
+      $CONTAINER_RUNTIME build -t synapse-editable \
         -f "docker/editable.Dockerfile" .
 
-      $CONTAINER_RUNTIME build \
-        -t "$SYNAPSE_WORKERS_EDITABLE_IMAGE_PATH" \
-        --build-arg FROM="$SYNAPSE_EDITABLE_IMAGE_PATH" \
+      $CONTAINER_RUNTIME build -t synapse-workers-editable \
+        --build-arg FROM=synapse-editable \
         -f "docker/Dockerfile-workers" .
 
-      $CONTAINER_RUNTIME build \
-        -t "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" \
-        --build-arg FROM="$SYNAPSE_WORKERS_EDITABLE_IMAGE_PATH" \
+      $CONTAINER_RUNTIME build -t complement-synapse-editable \
+        --build-arg FROM=synapse-workers-editable \
         -f "docker/complement/Dockerfile" "docker/complement"
 
       # Prepare the Rust module
-      $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'cp' "$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH" -- /synapse_rust.abi3.so.bak /editable-src/synapse/synapse_rust.abi3.so
+      $CONTAINER_RUNTIME run --rm -v $editable_mount --entrypoint 'cp' complement-synapse-editable -- /synapse_rust.abi3.so.bak /editable-src/synapse/synapse_rust.abi3.so
 
     else
 
       # Build the base Synapse image from the local checkout
       echo_if_github "::group::Build Docker image: matrixdotorg/synapse"
-      $CONTAINER_RUNTIME build \
-        -t "$SYNAPSE_IMAGE_PATH" \
-        --build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
-        --build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
-        -f "docker/Dockerfile" .
+      $CONTAINER_RUNTIME build -t matrixdotorg/synapse \
+      --build-arg TEST_ONLY_SKIP_DEP_HASH_VERIFICATION \
+      --build-arg TEST_ONLY_IGNORE_POETRY_LOCKFILE \
+      -f "docker/Dockerfile" .
       echo_if_github "::endgroup::"
 
       # Build the workers docker image (from the base Synapse image we just built).
       echo_if_github "::group::Build Docker image: matrixdotorg/synapse-workers"
-      $CONTAINER_RUNTIME build \
-        -t "$SYNAPSE_WORKERS_IMAGE_PATH" \
-        --build-arg FROM="$SYNAPSE_IMAGE_PATH" \
-        -f "docker/Dockerfile-workers" .
+      $CONTAINER_RUNTIME build -t matrixdotorg/synapse-workers -f "docker/Dockerfile-workers" .
       echo_if_github "::endgroup::"
 
       # Build the unified Complement image (from the worker Synapse image we just built).
       echo_if_github "::group::Build Docker image: complement/Dockerfile"
-      $CONTAINER_RUNTIME build \
-        -t "$COMPLEMENT_SYNAPSE_IMAGE_PATH" \
-        --build-arg FROM="$SYNAPSE_WORKERS_IMAGE_PATH" \
+      $CONTAINER_RUNTIME build -t complement-synapse \
+        `# This is the tag we end up pushing to the registry (see` \
+        `# .github/workflows/push_complement_image.yml) so let's just label it now` \
+        `# so people can reference it by the same name locally.` \
+        -t ghcr.io/element-hq/synapse/complement-synapse \
         -f "docker/complement/Dockerfile" "docker/complement"
       echo_if_github "::endgroup::"
 
@@ -248,10 +216,7 @@ main() {
     echo "Skipping Docker image build as requested."
   fi
 
-  # Default set of Complement tests to run from the Complement repo
-  #
-  # We pick and choose the specific MSC's that Synapse supports.
-  default_complement_test_packages=(
+  test_packages=(
     ./tests/csapi
     ./tests
     ./tests/msc3874
@@ -264,24 +229,15 @@ main() {
     ./tests/msc4140
     ./tests/msc4155
     ./tests/msc4306
-    ./tests/msc4222
   )
 
   # Export the list of test packages as a space-separated environment variable, so other
   # scripts can use it.
-  export SYNAPSE_SUPPORTED_COMPLEMENT_TEST_PACKAGES="${default_complement_test_packages[@]}"
+  export SYNAPSE_SUPPORTED_COMPLEMENT_TEST_PACKAGES="${test_packages[@]}"
 
-  # Default set of Complement tests to run when using the in-repo test suite. Most
-  # likely, this should be all tests.
-  #
-  # Relative to the `./complement` repo in this project
-  default_in_repo_complement_test_packages=(
-    ./tests/...
-  )
-
-  export COMPLEMENT_BASE_IMAGE="$COMPLEMENT_SYNAPSE_IMAGE_PATH"
+  export COMPLEMENT_BASE_IMAGE=complement-synapse
   if [ -n "$use_editable_synapse" ]; then
-    export COMPLEMENT_BASE_IMAGE="$COMPLEMENT_SYNAPSE_EDITABLE_IMAGE_PATH"
+    export COMPLEMENT_BASE_IMAGE=complement-synapse-editable
     export COMPLEMENT_HOST_MOUNTS="$editable_mount"
   fi
 
@@ -360,26 +316,11 @@ main() {
     echo "Skipping Complement run as requested."
     return 0
   fi
-
-  # Print out the executed commands so it's more obvious what's happening at the end here.
-  # Things are slightly ambiguous with the in-repo vs Complement tests.
-  set -x
   
-  if [ -n "$use_in_repo_tests" ]; then
-    # Run the suite of Complement tests in the `./complement` directory in this repo
-    cd "./complement"
-    go test "${test_args[@]}" "$@" "${default_in_repo_complement_test_packages[@]}"
-  else
-    # Run the tests (from the Complement repo)!
-    cd "$COMPLEMENT_DIR"
-    go test "${test_args[@]}" "$@" "${default_complement_test_packages[@]}"
-  fi
-
-  # We don't need to print out executed commands anymore
-  #
-  # This is just `set +x` without printing `+ set +x` to the console (via
-  # https://stackoverflow.com/questions/13195655/bash-set-x-without-it-being-printed/19226038#19226038)
-  { set +x; } 2>/dev/null
+  # Run the tests!
+  echo "Running Complement with ${test_args[@]} $@ ${test_packages[@]}"
+  cd "$COMPLEMENT_DIR"
+  go test "${test_args[@]}" "$@" "${test_packages[@]}"
 }
 
 main "$@"

scripts-dev/federation_client.py

@@ -145,7 +145,7 @@ def request(
     print("Requesting %s" % dest, file=sys.stderr)
 
     s = requests.Session()
-    s.mount("matrix-federation://", MatrixConnectionAdapter(verify_tls=verify_tls))
+    s.mount("matrix-federation://", MatrixConnectionAdapter())
 
     headers: dict[str, str] = {
         "Authorization": authorization_headers[0],
@@ -267,17 +267,6 @@ def read_args_from_config(args: argparse.Namespace) -> None:
 
 
 class MatrixConnectionAdapter(HTTPAdapter):
-    """
-    A Matrix federation-aware HTTP Adapter.
-    """
-
-    verify_tls: bool
-    """whether to verify the remote server's TLS certificate."""
-
-    def __init__(self, verify_tls: bool = True) -> None:
-        self.verify_tls = verify_tls
-        super().__init__()
-
     def send(
         self,
         request: PreparedRequest,
@@ -291,7 +280,7 @@ class MatrixConnectionAdapter(HTTPAdapter):
         assert isinstance(request.url, str)
         parsed = urlparse.urlsplit(request.url)
         server_name = parsed.netloc
-        well_known = self._get_well_known(parsed.netloc, verify_tls=self.verify_tls)
+        well_known = self._get_well_known(parsed.netloc)
 
         if well_known:
             server_name = well_known
@@ -329,21 +318,6 @@ class MatrixConnectionAdapter(HTTPAdapter):
         print(
             f"Connecting to {host}:{port} with SNI {ssl_server_name}", file=sys.stderr
         )
-
-        if proxies:
-            scheme = parsed.scheme
-            if isinstance(scheme, bytes):
-                scheme = scheme.decode("utf-8")
-
-            proxy_for_scheme = proxies.get(scheme)
-            if proxy_for_scheme:
-                return self.proxy_manager_for(proxy_for_scheme).connection_from_host(
-                    host,
-                    port=port,
-                    scheme="https",
-                    pool_kwargs={"server_hostname": ssl_server_name},
-                )
-
         return self.poolmanager.connection_from_host(
             host,
             port=port,
@@ -394,7 +368,7 @@ class MatrixConnectionAdapter(HTTPAdapter):
             return server_name, 8448, server_name
 
     @staticmethod
-    def _get_well_known(server_name: str, verify_tls: bool = True) -> str | None:
+    def _get_well_known(server_name: str) -> str | None:
         if ":" in server_name:
             # explicit port, or ipv6 literal. Either way, no .well-known
             return None
@@ -405,7 +379,7 @@ class MatrixConnectionAdapter(HTTPAdapter):
         print(f"fetching {uri}", file=sys.stderr)
 
         try:
-            resp = requests.get(uri, verify=verify_tls)
+            resp = requests.get(uri)
             if resp.status_code != 200:
                 print("%s gave %i" % (uri, resp.status_code), file=sys.stderr)
                 return None

scripts-dev/lint.sh

@@ -139,14 +139,3 @@ mypy
 
 # Generate configuration documentation from the JSON Schema
 ./scripts-dev/gen_config_documentation.py schema/synapse-config.schema.yaml > docs/usage/configuration/config_documentation.md
-
-# Lint/format the in-repo Complement test code (Go)
-pushd ./complement
-# Run golangci-lint with:
-#  - The `run` command will lint the code
-#  - `--fix`: Will apply any suggested fixes like autofixes from `linters` *and*
-#    `formatters` which always produce suggested fixes that are equivalent to running
-#    `golangci-lint fmt`.
-#  - `--max-issues-per-linter=0`: Show all issues, don't limit the number reported
-go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.1 run ./... --fix --max-issues-per-linter=0
-popd

scripts-dev/mypy_synapse_plugin.py

@@ -133,7 +133,6 @@ prometheus_metric_fullname_to_label_arg_map: Mapping[str, ArgLocation | None] =
     "prometheus_client.metrics.Info": ArgLocation("labelnames", 2),
     "prometheus_client.metrics.Enum": ArgLocation("labelnames", 2),
     "synapse.metrics.LaterGauge": ArgLocation("labelnames", 2),
-    "synapse.metrics._InFlightGaugeRuntime": ArgLocation("labels", 2),
     "synapse.metrics.InFlightGauge": ArgLocation("labels", 2),
     "synapse.metrics.GaugeBucketCollector": ArgLocation("labelnames", 2),
     "prometheus_client.registry.Collector": None,

scripts-dev/release.py

@@ -455,19 +455,19 @@ def _publish(gh_token: str) -> None:
     gh = Github(auth=github.Auth.Token(token=gh_token))
     gh_repo = gh.get_repo("element-hq/synapse")
     for release in gh_repo.get_releases():
-        if release.name == tag_name:
+        if release.title == tag_name:
             break
     else:
         raise ClickException(f"Failed to find GitHub release for {tag_name}")
 
-    assert release.name == tag_name
+    assert release.title == tag_name
 
     if not release.draft:
         click.echo("Release already published.")
         return
 
     release = release.update_release(
-        name=release.name,
+        name=release.title,
         message=release.body,
         tag_name=release.tag_name,
         prerelease=release.prerelease,

scripts-dev/schema_versions.py

@@ -172,7 +172,7 @@ if __name__ == "__main__":
         # Expect JSON data on stdin.
         context, book = json.load(sys.stdin)
 
-        for section in book["items"]:
+        for section in book["sections"]:
             if "Chapter" in section and section["Chapter"]["path"] == "upgrade.md":
                 section["Chapter"]["content"] = section["Chapter"]["content"].replace(
                     "<!-- REPLACE_WITH_SCHEMA_VERSIONS -->", calculate_version_chart()

synapse/api/auth/mas.py

@@ -45,7 +45,6 @@ from synapse.synapse_rust.http_client import HttpClient
 from synapse.types import JsonDict, Requester, UserID, create_requester
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
 from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
-from synapse.util.duration import Duration
 from synapse.util.json import json_decoder
 
 from . import introspection_response_timer
@@ -140,7 +139,7 @@ class MasDelegatedAuth(BaseAuth):
             clock=self._clock,
             name="mas_token_introspection",
             server_name=self.server_name,
-            timeout=Duration(minutes=2),
+            timeout_ms=120_000,
             # don't log because the keys are access tokens
             enable_logging=False,
         )

synapse/api/auth/msc3861_delegated.py

@@ -49,7 +49,6 @@ from synapse.synapse_rust.http_client import HttpClient
 from synapse.types import Requester, UserID, create_requester
 from synapse.util.caches.cached_call import RetryOnExceptionCachedCall
 from synapse.util.caches.response_cache import ResponseCache, ResponseCacheContext
-from synapse.util.duration import Duration
 from synapse.util.json import json_decoder
 
 from . import introspection_response_timer
@@ -206,7 +205,7 @@ class MSC3861DelegatedAuth(BaseAuth):
             clock=self._clock,
             name="token_introspection",
             server_name=self.server_name,
-            timeout=Duration(minutes=2),
+            timeout_ms=120_000,
             # don't log because the keys are access tokens
             enable_logging=False,
         )

synapse/api/constants.py

@@ -24,9 +24,7 @@
 """Contains constants from the specification."""
 
 import enum
-from typing import Final, TypedDict
-
-from synapse.util.duration import Duration
+from typing import Final
 
 # the max size of a (canonical-json-encoded) event
 MAX_PDU_SIZE = 65536
@@ -294,8 +292,6 @@ class EventUnsignedContentFields:
     # Requesting user's membership, per MSC4115
     MEMBERSHIP: Final = "membership"
 
-    STICKY_TTL: Final = "msc4354_sticky_duration_ttl_ms"
-
 
 class MTextFields:
     """Fields found inside m.text content blocks."""
@@ -325,7 +321,9 @@ class AccountDataTypes:
         "org.matrix.msc4155.invite_permission_config"
     )
     # MSC4380: Invite blocking
-    INVITE_PERMISSION_CONFIG: Final = "m.invite_permission_config"
+    MSC4380_INVITE_PERMISSION_CONFIG: Final = (
+        "org.matrix.msc4380.invite_permission_config"
+    )
     # Synapse-specific behaviour. See "Client-Server API Extensions" documentation
     # in Admin API for more information.
     SYNAPSE_ADMIN_CLIENT_CONFIG: Final = "io.element.synapse.admin_client_config"
@@ -379,40 +377,3 @@ class Direction(enum.Enum):
 class ProfileFields:
     DISPLAYNAME: Final = "displayname"
     AVATAR_URL: Final = "avatar_url"
-
-
-class StickyEventField(TypedDict):
-    """
-    Dict content of the `sticky` part of an event.
-    """
-
-    duration_ms: int
-
-
-class StickyEvent:
-    QUERY_PARAM_NAME: Final = "org.matrix.msc4354.sticky_duration_ms"
-    """
-    Query parameter used by clients for setting the sticky duration of an event they are sending.
-
-    Applies to:
-        - /rooms/.../send/...
-        - /rooms/.../state/...
-    """
-
-    EVENT_FIELD_NAME: Final = "msc4354_sticky"
-    """
-    Name of the field in the top-level event dict that contains the sticky event dict.
-    """
-
-    MAX_DURATION: Duration = Duration(hours=1)
-    """
-    Maximum stickiness duration as specified in MSC4354.
-    Ensures that data in the /sync response can go down and not grow unbounded.
-    """
-
-    MAX_EVENTS_IN_SYNC: Final = 100
-    """
-    Maximum number of sticky events to include in /sync.
-
-    This is the default specified in the MSC. Chosen arbitrarily.
-    """

synapse/api/errors.py

@@ -138,7 +138,7 @@ class Codes(str, Enum):
     KEY_TOO_LARGE = "M_KEY_TOO_LARGE"
 
     # Part of MSC4155/MSC4380
-    INVITE_BLOCKED = "M_INVITE_BLOCKED"
+    INVITE_BLOCKED = "ORG.MATRIX.MSC4155.M_INVITE_BLOCKED"
 
     # Part of MSC4190
     APPSERVICE_LOGIN_UNSUPPORTED = "IO.ELEMENT.MSC4190.M_APPSERVICE_LOGIN_UNSUPPORTED"

synapse/api/room_versions.py

@@ -18,6 +18,7 @@
 #
 #
 
+from typing import Callable
 
 import attr
 
@@ -495,3 +496,40 @@ KNOWN_ROOM_VERSIONS: dict[str, RoomVersion] = {
         RoomVersions.HydraV11,
     )
 }
+
+
+@attr.s(slots=True, frozen=True, auto_attribs=True)
+class RoomVersionCapability:
+    """An object which describes the unique attributes of a room version."""
+
+    identifier: str  # the identifier for this capability
+    preferred_version: RoomVersion | None
+    support_check_lambda: Callable[[RoomVersion], bool]
+
+
+MSC3244_CAPABILITIES = {
+    cap.identifier: {
+        "preferred": (
+            cap.preferred_version.identifier
+            if cap.preferred_version is not None
+            else None
+        ),
+        "support": [
+            v.identifier
+            for v in KNOWN_ROOM_VERSIONS.values()
+            if cap.support_check_lambda(v)
+        ],
+    }
+    for cap in (
+        RoomVersionCapability(
+            "knock",
+            RoomVersions.V7,
+            lambda room_version: room_version.knock_join_rule,
+        ),
+        RoomVersionCapability(
+            "restricted",
+            RoomVersions.V9,
+            lambda room_version: room_version.restricted_join_rule,
+        ),
+    )
+}

synapse/app/__init__.py

@@ -54,9 +54,7 @@ def check_bind_error(
     """
     if address == "0.0.0.0" and "::" in bind_addresses:
         logger.warning(
-            "Failed to listen on 0.0.0.0, continuing because listening on [::]. Original exception: %s: %s",
-            type(e).__name__,
-            str(e),
+            "Failed to listen on 0.0.0.0, continuing because listening on [::]"
         )
     else:
         raise e

synapse/app/_base.py

@@ -36,7 +36,6 @@ from typing import (
     Awaitable,
     Callable,
     NoReturn,
-    Optional,
     cast,
 )
 from wsgiref.simple_server import WSGIServer
@@ -456,7 +455,7 @@ def listen_http(
     root_resource: Resource,
     version_string: str,
     max_request_body_size: int,
-    context_factory: Optional[IOpenSSLContextFactory],
+    context_factory: IOpenSSLContextFactory | None,
     reactor: ISynapseReactor = reactor,
 ) -> list[Port]:
     """
@@ -776,11 +775,6 @@ async def start(hs: "HomeServer", *, freeze: bool = True) -> None:
         #
         # PyPy does not (yet?) implement gc.freeze()
         if hasattr(gc, "freeze"):
-            logger.info(
-                "garbage collector: Freezing all allocated objects in the hopes that (almost) "
-                "everything currently allocated are things that will be used by the homeserver "
-                "for the rest of time. Doing so means less work each GC (hopefully)."
-            )
             gc.collect()
             gc.freeze()
 

synapse/app/admin_cmd.py

@@ -24,7 +24,7 @@ import logging
 import os
 import sys
 import tempfile
-from typing import Mapping, Optional, Sequence
+from typing import Mapping, Sequence
 
 from twisted.internet import defer, task
 
@@ -291,7 +291,7 @@ def load_config(argv_options: list[str]) -> tuple[HomeServerConfig, argparse.Nam
 
 def create_homeserver(
     config: HomeServerConfig,
-    reactor: Optional[ISynapseReactor] = None,
+    reactor: ISynapseReactor | None = None,
 ) -> AdminCmdServer:
     """
     Create a homeserver instance for the Synapse admin command process.