Ir al contenido

Matrix / Element Archiving: Requirements & Request Access

Esta página aún no está disponible en tu idioma.

Matrix is an open protocol for secure, decentralized communication. Organizations run their own homeserver (commonly Synapse) and own the infrastructure, the data, and the governance. That sovereignty is why EU governments and regulated enterprises are adopting it - and why those deployments need supervision and an immutable archive. Comma is building Matrix archiving to run inside the customer’s own homeserver infrastructure.

Because the customer controls their own homeserver, capture is a trusted participant on that homeserver, not an interception in transit. Four parts work together.

Comma registers as a Matrix Application Service in your Synapse config (app_service_config_files). Synapse pushes the appservice-interested room events for your local regulated users and configured user/room namespaces to Comma in retried, idempotent transactions.

  • AS interest is namespace-based and scoped to local users - it is not global capture.
  • The AS transaction stream journals Matrix events and ciphertext. Decryption of encrypted rooms is handled by the device path below, not by the AS stream.

Matrix encrypted rooms use Megolm, so the homeserver never holds plaintext for those rooms. Capture therefore uses a dedicated Matrix user (for example @compliance-archive:customer.example) with verified, cross-signed compliance device(s).

  • The compliance device receives Megolm room keys when it is admitted as a trusted room participant, and decrypts locally - the same way any verified device in the room does.
  • There is no server-side decryption. Comma does not pretend a server can read ciphertext.

3. Synapse enforcement module (to be open-sourced)

Section titled “3. Synapse enforcement module (to be open-sourced)”

A Synapse module enforces capture for locally created rooms and local-user actions:

  • Enforces that the compliance participant is admitted before encryption begins.
  • Blocks local attempts to remove the compliance user or device.
  • Can enforce room-creation policy.

Federated and remote-originated rooms have stricter limits: a Synapse module cannot reliably control state changes that originate on remote servers without risking federation divergence. Treat the module as making prospective capture enforceable for governed rooms under your homeserver’s control, not as guaranteeing completeness.

Comma uses the Synapse Admin API for room and user inventory, membership and state reconciliation, and backfill of unencrypted history.

For governed Matrix / Element rooms belonging to local regulated users on a homeserver you control, Comma is built to archive the following as immutable records:

  • Room events - messages and content events in rooms the compliance device participates in.
  • Edits - the original and the replacement are both preserved.
  • Redactions - the original and the redaction are both preserved (when the original was captured before the redaction).
  • Membership and state - joins, leaves, invites, power-level and room-state changes.
  • Media - when it is available and decryptable from the media repository.

All of it lands in the same archive as your other channels, with Comma’s standard WORM retention, legal hold, supervision / review, search, and reporting.

Encrypted-room capture is participant-based and prospective. State the limits plainly:

  • No pre-admission history. Comma cannot decrypt encrypted history from before the compliance device held room keys - no keys exist for it. This is a property of Matrix E2EE, not something we can engineer around.
  • Trust is required. If the compliance device is not verified and cross-signed per your policy, clients may withhold room keys and encrypted content will not be captured.
  • Redacted content. Comma cannot recover original redacted content that was not captured before the redaction.
  • Media availability. Media capture depends on fetching and decrypting media while it is still available from the media repository.
  • No forced third-party capture. Comma cannot force capture of arbitrary third-party or federated rooms. We archive rooms your homeserver participates in, and only to the extent the compliance user can be admitted and trusted.
  • No completeness guarantee across federation. Where remote servers or room admins can exclude the compliance participant, coverage cannot be guaranteed.
  • Calls. Matrix voice/video call signaling can be archived as events. Live call audio/video recording is not promised unless separately built.

The homeserver administrator completes these. Deployment requires admin cooperation - it is not a self-serve OAuth click.

  1. Register Comma’s Application Service in Synapse. Add Comma’s registration file to app_service_config_files in homeserver.yaml, and provide the AS token to Comma.
  2. Provision the @compliance-archive bot account on your homeserver, and verify / cross-sign its compliance device(s) under your device-verification policy.
  3. Install Comma’s enforcement module (planned to be open-sourced) into your Synapse deployment.
  4. Provide a network path from Comma to the homeserver (and to the Synapse Admin API) so transactions and reconciliation can run.
  • Design-partner access requested and confirmed with Comma.
  • Application Service registration file added to app_service_config_files; Synapse restarted.
  • AS token shared with Comma over a secure channel.
  • @compliance-archive bot account provisioned.
  • Compliance device verified and cross-signed per your device-verification policy.
  • Enforcement module installed and enabled in Synapse.
  • Network path to the homeserver and Synapse Admin API confirmed.
  • Namespaces scoped to the local regulated users and rooms in scope.
  • Test room created; compliance participant admitted before encryption; test events confirmed in the archive.
  • Unencrypted history backfill window agreed and run.

Matrix archiving is onboarded by our team as part of the design-partner program - there is no self-serve toggle yet.

  1. Go to Get in Touch and use the contact form (or book a call).
  2. In the Message field, include:
    • Your homeserver URL (for example https://matrix.customer.example).
    • The admin contact who can register the Application Service and provision the bot account.
    • Roughly how many regulated users and rooms are in scope, and whether rooms are encrypted.

We will scope Matrix archiving against your homeserver, your rooms, and your supervision obligations, and bring you into the program.