feat(matrix-bridge-dagi): add matrix client wrapper and synapse setup (PR-M1.1)

- adds MatrixClient with send_text/sync_poll/join_room/whoami (idempotent via txn_id) - LRU dedupe for incoming event_ids (2048 capacity) - exponential backoff retry (max 3 attempts) for 429/5xx/network errors - extract_room_messages: filters own messages, non-text, duplicates - health endpoint now probes matrix_reachable + gateway_reachable at startup - adds docker-compose.synapse-node1.yml (Synapse + Postgres for NODA1) - adds ops/runbook-matrix-setup.md (10-step setup: DNS, config, bot, room, .env) - 19 tests passing, no real Synapse required Made-with: Cursor
2026-03-03 07:38:54 -08:00
parent 1d8482f4c1
commit d8506da179
5 changed files with 1013 additions and 5 deletions
--- a/ops/runbook-matrix-setup.md
+++ b/ops/runbook-matrix-setup.md
@@ -0,0 +1,235 @@
+# Runbook: Matrix/Synapse Setup — NODA1 (Phase M1)
+
+**Мета**: Підняти Synapse на NODA1, зареєструвати бот `@dagi_bridge:daarion.space`,  
+створити room для Sofiia, отримати 4 значення для `matrix-bridge-dagi`.
+
+---
+
+## Передумови
+
+- NODA1: `ssh root@144.76.224.179`
+- DNS: додати A-запис `matrix.daarion.space → 144.76.224.179` в панелі DNS
+- Certbot/Nginx вже є на NODA1
+
+---
+
+## Крок 1: DNS
+
+В панелі управління DNS додати:
+```
+Type: A
+Name: matrix
+Value: 144.76.224.179
+TTL: 300
+```
+
+Перевірка (зачекати 5–10 хв):
+```bash
+host matrix.daarion.space
+# очікується: matrix.daarion.space has address 144.76.224.179
+```
+
+---
+
+## Крок 2: Генерація Synapse конфіга (one-time, на NODA1)
+
+```bash
+cd /opt/microdao-daarion
+
+docker run --rm \
+  -v $(pwd)/synapse-data:/data \
+  -e SYNAPSE_SERVER_NAME=daarion.space \
+  -e SYNAPSE_REPORT_STATS=no \
+  matrixdotorg/synapse:latest generate
+
+# Результат: synapse-data/homeserver.yaml
+```
+
+---
+
+## Крок 3: Налаштування homeserver.yaml
+
+Відредагувати `synapse-data/homeserver.yaml`, додати/змінити:
+
+```yaml
+server_name: "daarion.space"
+
+database:
+  name: psycopg2
+  args:
+    user: synapse
+    password: "YOUR_SYNAPSE_POSTGRES_PASSWORD"
+    database: synapse
+    host: dagi-synapse-db-node1
+    port: 5432
+    cp_min: 5
+    cp_max: 10
+
+enable_registration: false
+enable_registration_without_verification: false
+
+password_config:
+  enabled: true
+
+report_stats: false
+
+listeners:
+  - port: 8008
+    tls: false
+    type: http
+    x_forwarded: true
+    bind_addresses: ['0.0.0.0']
+    resources:
+      - names: [client, federation]
+        compress: false
+```
+
+---
+
+## Крок 4: .env + запуск
+
+```bash
+# Додати пароль Postgres в .env
+echo "SYNAPSE_POSTGRES_PASSWORD=<пароль>" >> /opt/microdao-daarion/.env
+
+# Запуск
+docker compose -f docker-compose.synapse-node1.yml up -d
+
+# Перевірка через 30с
+sleep 30
+curl -s http://localhost:8008/_matrix/client/versions | python3 -c 'import sys,json; print("OK:", json.load(sys.stdin)["versions"][:2])'
+```
+
+---
+
+## Крок 5: Nginx — matrix.daarion.space
+
+```nginx
+server {
+    listen 80;
+    server_name matrix.daarion.space;
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    server_name matrix.daarion.space;
+
+    ssl_certificate     /etc/letsencrypt/live/matrix.daarion.space/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/matrix.daarion.space/privkey.pem;
+
+    location /_matrix/ {
+        proxy_pass http://127.0.0.1:8008;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        client_max_body_size 50M;
+    }
+
+    location /.well-known/matrix/ {
+        proxy_pass http://127.0.0.1:8008;
+        proxy_set_header Host $host;
+    }
+}
+```
+
+```bash
+certbot certonly --nginx -d matrix.daarion.space
+nginx -t && systemctl reload nginx
+
+# Перевірка:
+curl -s https://matrix.daarion.space/_matrix/client/versions | python3 -c 'import sys,json; print(json.load(sys.stdin)["versions"][:2])'
+```
+
+---
+
+## Крок 6: Створення бота dagi_bridge
+
+```bash
+# Тимчасово enable_registration: true у homeserver.yaml, потім:
+docker restart dagi-synapse-node1 && sleep 15
+
+# Реєстрація (в контейнері):
+docker exec -it dagi-synapse-node1 \
+  register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
+# → user: dagi_bridge  |  password: <пароль>  |  admin: no
+```
+
+---
+
+## Крок 7: Отримати access token
+
+```bash
+HS="http://localhost:8008"
+BOT_PASS="<пароль_бота>"
+
+MATRIX_ACCESS_TOKEN=$(curl -s -X POST "$HS/_matrix/client/v3/login" \
+  -H "Content-Type: application/json" \
+  -d "{
+    \"type\":\"m.login.password\",
+    \"identifier\":{\"type\":\"m.id.user\",\"user\":\"dagi_bridge\"},
+    \"password\":\"$BOT_PASS\"
+  }" | python3 -c 'import sys,json; print(json.load(sys.stdin)["access_token"])')
+
+echo "MATRIX_ACCESS_TOKEN=$MATRIX_ACCESS_TOKEN"
+```
+
+---
+
+## Крок 8: Створити room
+
+```bash
+SOFIIA_ROOM_ID=$(curl -s -X POST "$HS/_matrix/client/v3/createRoom" \
+  -H "Authorization: Bearer $MATRIX_ACCESS_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "name": "DAGI — Sofiia",
+    "topic": "DAGI Agent: Sofiia (Chief AI Architect)",
+    "preset": "private_chat",
+    "is_direct": false
+  }' | python3 -c 'import sys,json; print(json.load(sys.stdin)["room_id"])')
+
+echo "SOFIIA_ROOM_ID=$SOFIIA_ROOM_ID"
+```
+
+---
+
+## Крок 9: Вимкнути реєстрацію + зберегти змінні
+
+```bash
+# enable_registration: false у homeserver.yaml
+docker restart dagi-synapse-node1
+
+# Додати в .env:
+cat >> /opt/microdao-daarion/.env <<EOF
+
+MATRIX_HOMESERVER_URL=https://matrix.daarion.space
+MATRIX_USER_ID=@dagi_bridge:daarion.space
+MATRIX_ACCESS_TOKEN=$MATRIX_ACCESS_TOKEN
+SOFIIA_ROOM_ID=$SOFIIA_ROOM_ID
+SOFIIA_INTERNAL_TOKEN=$(python3 -c "import secrets; print(secrets.token_urlsafe(32))")
+EOF
+```
+
+---
+
+## Крок 10: Запуск matrix-bridge-dagi + smoke
+
+```bash
+cd /opt/microdao-daarion
+docker compose -f docker-compose.matrix-bridge-node1.yml up -d
+sleep 10
+curl -s http://localhost:7030/health | python3 -m json.tool
+# очікується: matrix_reachable=true, gateway_reachable=true, config_ok=true
+```
+
+---
+
+## Результат — 4 значення для PR-M1.1
+
+| Змінна | Значення |
+|---|---|
+| `MATRIX_HOMESERVER_URL` | `https://matrix.daarion.space` |
+| `MATRIX_USER_ID` | `@dagi_bridge:daarion.space` |
+| `MATRIX_ACCESS_TOKEN` | *(з кроку 7)* |
+| `SOFIIA_ROOM_ID` | *(з кроку 8, вигляд `!xxx:daarion.space`)* |