dan/ops-jrz1
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
ops-jrz1/docs/musiclink-room-routing-stakeholder-summary.md
Dan ae16db4898 Refresh musiclink integration docs and tooling 
Use local musiclink flake input with Go 1.24.

Add matterbridge patch, routing docs, and deploy check script.
2026-01-21 22:52:39 -08:00

51 lines
3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# MusicLink Room Routing: Stakeholder Summary
## Executive Summary
We identified unintended cross-posting of Slack/Matrix messages caused by Matterbridges gateway fan-out behavior. Messages posted in one monitored Slack room can appear in other Matrix portal rooms (including DMs), creating a privacy and trust risk. This is expected Matterbridge behavior when multiple rooms share a single gateway. We must route everything through **one Slack login/token**, which limits per-room identity options.
**Immediate recommendation:** isolate rooms by using **one gateway per room** to prevent cross-posting. This can be done in a single Matterbridge process with multiple gateway blocks.
## Current Situation (Whats Happening)
- Slack messages in a monitored room are bridged into the Matrix portal room by mautrix-slack.
- Matterbridge treats all `inout` rooms in one gateway as a **fan-out bus** and broadcasts messages to every other room in that gateway.
- Result: messages from public rooms can appear in private DMs (and vice versa).
## Impact
- **Privacy risk:** DM or private room content can leak into other rooms.
- **Trust risk:** users see unexpected reposts attributed to MusicLink.
- **Operational risk:** unclear routing makes debugging and auditing harder.
## Constraints
- Only **one Slack login/token** is available for all rooms. No per-room Slack identities.
## Options Overview
### Option A — Keep Current Fan-Out
- **Pros:** Lowest effort.
- **Cons:** Cross-posting continues; privacy risk remains. Not acceptable for production.
### Option B — One Gateway per Room (Recommended)
- **What it means:** Split rooms into separate gateways so messages only stay within their originating room.
- **Pros:** Stops cross-posting; isolates failures; preserves current MusicLink deployment model.
- **Cons:** More configuration; needs templating/automation; may require multiple MusicLink instances or distinct API targets (ports/tokens) per gateway.
- **Note:** Can still run in a single Matterbridge process; does not require multiple systemd units unless desired.
### Option C — Native Matrix Support (Longer-Term)
- **What it means:** MusicLink becomes a native Matrix bot, posting replies only in the originating room.
- **Pros:** Simplifies architecture; eliminates Matterbridge fan-out issues; clearer routing.
- **Cons:** Requires code changes and Matrix client management; higher effort.
### Option D — Matterbridge Routing Extensions (Longer-Term)
- **What it means:** Patch or extend Matterbridge to support per-room routing rules.
- **Pros:** Could preserve single gateway.
- **Cons:** Uncertain feasibility; upstream changes required.
## Recommendation
- **Immediate:** Implement **Option B** to eliminate privacy leakage and restore predictable routing.
- **Long-term:** Evaluate **Option C** for a simpler, more reliable architecture.
## Open Questions
- How many Slack rooms require MusicLink coverage in the near term?
- Should we run multiple MusicLink instances or add per-gateway API targets?
- What level of monitoring and alerting is required per room/gateway?
Reference in a new issue View git blame Copy permalink