configure

/matrix:configure — Matrix Channel Setup

Writes bot credentials to ~/.claude/channels/matrix/.env and orients the user on access policy. The server reads both files at boot.

Arguments passed: $ARGUMENTS

---

Dispatch on arguments

No args — status and guidance

Read both state files and give the user a complete picture:

1. Credentials — check ~/.claude/channels/matrix/.env for MATRIX_HOMESERVER, MATRIX_USER_ID, MATRIX_ACCESS_TOKEN, MATRIX_DEVICE_ID. Show set/not-set for each. If token is set, show first 10 chars masked (syt_claud...).

2. Access — read ~/.claude/channels/matrix/access.json (missing file = defaults: dmPolicy: "allowlist", empty allowlist). Show:

   • DM policy and what it means in one line
   • Allowed senders: count, and list MXIDs
   • Pending pairings: count, with codes and MXIDs if any
   • Groups: count and room IDs

3. What next — end with a concrete next step based on state:

   • No credentials -> "Set up a bot account on your Synapse server, then run /matrix:configure with the details."
   • Credentials set, nobody allowed -> "Add yourself with /matrix:access allow @you:server.com."
   • Credentials set, someone allowed -> "Ready. DM your bot in Element to reach the assistant."

Push toward lockdown — always. The default policy is allowlist, which is correct. If the policy is set to pairing, drive toward locking it down once the needed users are added.

<homeserver> <user_id> <access_token> [device_id] — save credentials

1. Parse $ARGUMENTS as space-separated values.
2. mkdir -p ~/.claude/channels/matrix
3. Read existing .env if present; update/add the credential lines, preserve other keys. Write back, no quotes around values.
   • MATRIX_HOMESERVER=<homeserver>
   • MATRIX_USER_ID=<user_id>
   • MATRIX_ACCESS_TOKEN=<access_token>
   • MATRIX_DEVICE_ID=<device_id> (if provided)
4. chmod 600 ~/.claude/channels/matrix/.env — credentials are sensitive.
5. Confirm, then show the no-args status so the user sees where they stand.

clear — remove credentials

Delete the credential lines from .env (or the file if those are the only lines).

---

Implementation notes

• The channels dir might not exist if the server hasn't run yet. Missing file = not configured, not an error.
• The server reads .env once at boot. Credential changes need a session restart. Say so after saving.
• access.json is re-read on every inbound message — policy changes via /matrix:access take effect immediately, no restart.
• Matrix credentials consist of: homeserver URL, user ID (@bot:server), access token (from login API), and device ID (for E2E encryption).