# Code Review: Matrix Bot Runtime

## Scope
- `internal/matrixbot/`

## Findings
### ✅ Strengths
- Clear separation of responsibilities: sync loop, send queue, state store, and health endpoints.
- Allowlist + encryption guardrails protect against unintended room processing.
- Dedupe store + periodic cleanup reduce reprocessing on restarts.
- Rate limiting respected with retry/backoff.
- Health endpoint provides useful counters for operational insight.

### ⚠️ Issues / Opportunities
1. **Send queue drops are logged but not drained**
   - On shutdown, queue length is logged but pending items are dropped.
   - Acceptable for now; consider best-effort drain if high reliability is required.

2. **Encryption state prefetch is best-effort only**
   - If `StateEvent` fails for reasons other than M_NOT_FOUND, we log and continue.
   - Might want to continue per-room instead of aborting at first error.

3. **Health endpoint has no auth**
   - Exposes internal counters; should remain bound to localhost or protected at the edge.

## Notes
- `com.beeper.linkpreviews = []` matches the previous Matterbridge unfurl suppression behavior.