Skip to content

MSC4383: Client-Server Discovery of Server Version#4383

Open
jevolk wants to merge 11 commits into
matrix-org:mainfrom
matrix-construct:jevolk/client-server-info
Open

MSC4383: Client-Server Discovery of Server Version#4383
jevolk wants to merge 11 commits into
matrix-org:mainfrom
matrix-construct:jevolk/client-server-info

Conversation

@jevolk

@jevolk jevolk commented Nov 21, 2025

Copy link
Copy Markdown
Contributor

rendered

Implementations

  • Server: Tuwunel (shipped in v1.6.2), populating the server object on GET /_matrix/client/versions and advertising net.zemos.msc4383 in unstable_features.
  • Protocol types: ruma/ruma#2495 adds the Server struct and the Response.server field behind the unstable-msc4383 Cargo feature.
  • Client SDK: matrix-org/matrix-rust-sdk#6622 rewrites Client::server_vendor_info to prefer the client-server source, falling back to GET /_matrix/federation/v1/version only when the object is absent. The feature is enabled by default in matrix-sdk-ffi, so applications consuming the FFI binding acquire the client-server path on rebuild without an app-side flag.

Pre-acceptance checklist

  • Are appropriate implementation(s) specified in the MSC's PR description? (See above.)
  • Are all MSCs that this MSC depends on already accepted? (No dependencies.)
  • For each endpoint that is introduced or modified:
    • Have authentication requirements been specified? (GET /_matrix/client/versions remains unauthenticated.)
    • Have rate-limiting requirements been specified? (Not rate-limited.)
    • Have guest access requirements been specified? (Guest-access restrictions are not applicable.)
    • Are error responses specified? (No new error responses; the field is purely additive on the existing response body.)
      • Does each error case have a specified errcode and HTTP status code? (N/A.)
        • If a new errcode is introduced, is it clear that it is new? (N/A.)
  • Will the MSC require a new room version, and if so, has that been made clear? (No new room version.)
    • Is the reason for a new room version clearly stated? (N/A.)
  • Are backwards-compatibility concerns appropriately addressed? (See §Backwards Compatibility: additive wire shape, unstable_features advertise gate, and SDK migration path preserving the existing Client::server_vendor_info contract.)
  • Are the endpoint conventions honoured?
    • Do HTTP endpoints use_underscores_like_this? (Existing endpoint; convention preserved.)
    • Will the endpoint return unbounded data? If so, has pagination been considered? (Fixed-shape object; pagination not applicable.)
    • If the endpoint utilises pagination, is it consistent with the appendices? (N/A.)
  • An introduction exists and clearly outlines the problem being solved. (§Introduction.)
  • All outstanding threads are resolved.
    • All feedback is incorporated into the proposal text itself, either as a fix or noted as an alternative.
  • While the exact sections do not need to be present, the details implied by the proposal template are covered:
    • Introduction
    • Proposal text
    • Potential issues
    • Alternatives
    • Dependencies (none; omitted)
  • Stable identifiers are used throughout the proposal, except for the unstable prefix section.
    • Unstable prefixes consider the awkward accepted-but-not-merged state (net.zemos.msc4383.stable companion flag listed in §Unstable prefix).
    • Chosen unstable prefixes do not pollute any global namespace (vendor prefix is the controlled reverse-DNS net.zemos.*).
  • Changes have applicable Sign Off from all authors/editors/contributors. Per-commit Signed-off-by on every new commit.
  • There is a dedicated "Security Considerations" section.

@jevolk jevolk force-pushed the jevolk/client-server-info branch from 2e7318e to e934a35 Compare November 21, 2025 23:20

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation requirements:

  • Client (ideally multiple)
  • Server

@turt2live turt2live added proposal A matrix spec change proposal. Process state. A-Client Server Client-Server API kind:maintenance MSC which clarifies/updates existing spec needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. labels Nov 24, 2025
@@ -0,0 +1,80 @@
# MSC4383: Client-Server Discovery of Server Version

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This proposal appears to be lacking a problem statement and/or introduction, making it difficult to review with an aim to include it in the spec.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is stated in the Alternatives section. I didn't feel the need to make a redundant introduction given the status quo alternative is prominent and it's a small proposal otherwise. Should the first paragraph be moved to the top?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Relevant information and background should always be first. I didn't feel the paragraph in the Alternatives was suited as an introduction because it lacks background and context.

@jevolk jevolk force-pushed the jevolk/client-server-info branch from e934a35 to 63cdb4b Compare November 24, 2025 04:40
@turt2live

Copy link
Copy Markdown
Member

(please avoid force pushing after review is given - it makes review more difficult. We do not require clean commit history)

Comment thread proposals/4383-client-server-info.md Outdated
Comment on lines +5 to +8
Client applications utilizing the Matrix SDK[^6], a Client-Server[^7] library, have been observed
making requests to `GET /_matrix/federation/v1/version`[^2]. It is the only known example of a
cross-interface request to have any possible[^5] use to any implementation[^3], motivating this
proposal to reestablish a properly clean partition between client and federation interfaces.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do these applications query the SS API in the first place? Also, do they query the SS API on their own home server or on remote servers?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the found case, the information is logged and not used to determine application-logic. The logs are then included in rageshakes.

The query is only to the local server, as remote servers would require server name resolution which the client is not capable of—arguably the local server also requires the resolution for the federation interface which is itself another concern for why the status quo is untenable.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I think both of these would be good to include in the main text as they help understand the proposed solution. For instance, if querying /versions on a remote server was a use case, you would need a different API shape that allows to pass in the server name.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you suggesting morphing this proposal into a client API where the homeserver can run version queries on any other server on behalf of the client?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, no. I just meant to use that as an example to illustrate that without describing the use case it's not clear why the proposed solution is the best one.

@jevolk

jevolk commented May 26, 2026

Copy link
Copy Markdown
Contributor Author

Implemented in Tuwunel (shipped in v1.6.2). GET /_matrix/client/versions includes the unstable net.zemos.msc4383.server object populated with the homeserver name and version string, alongside the net.zemos.msc4383 flag in unstable_features.

Source: src/api/client/versions.rs#L32-L38.

jevolk added 9 commits May 27, 2026 04:59
Folds several housekeeping items into a single chore:

- Retroactively adds Signed-off-by trailers for prior commits
  63cdb4b and 7904077, rather than amending and force-pushing
  the original commits.
- Renames the section heading "Security Concerns" to
  "Security Considerations" to match the upstream MSC template.
- Switches the two fenced example blocks in the Proposal section
  from bare ``` to ```json so renderers highlight the JSON shapes.
- Splits the long matrix-rust-sdk source footnote ([^3]) URL onto
  its own line under the footnote marker. The URL itself is 137
  characters and cannot be wrapped without breaking the link;
  the split keeps prose lines clear and lets the URL sit as a
  delimited footnote block.

Signed-off-by: Jason Volk <jason@zemos.net>
Pre-trailer-sha: 63cdb4b
Pre-trailer-sha: 7904077
Adds an Implementations section listing the shipped Tuwunel server
support, the open Ruma protocol-types pull request, and the open
matrix-rust-sdk client pull request. Footnote anchors carry the
linking URLs.

Signed-off-by: Jason Volk <jason@zemos.net>
States that GET /_matrix/client/versions remains unauthenticated, is
not rate-limited, that guest-access restrictions are not applicable,
and that no new error responses are introduced. Closes the
endpoint-conventions clauses of the SCT checklist for this MSC.

Signed-off-by: Jason Volk <jason@zemos.net>
Adds a Backwards Compatibility section covering the additive wire
shape, the net.zemos.msc4383 detection flag, and the SDK fallback
pattern that lets application consumers acquire the partition
correction with no code change. Closes the backwards-compatibility
clause of the SCT checklist for this MSC.

Signed-off-by: Jason Volk <jason@zemos.net>
Adds a non-technical lead paragraph addressing turt2live's review
request that background and context appear first. Folds Johennes's
review clarifications into a dedicated paragraph: the use case is
logging only (the identification is included in rageshakes and
similar diagnostic submissions, not consulted to determine
application behaviour) and the query targets the user's own
homeserver only. Renames the section heading from "Motivation" to
"Introduction" per upstream template convention.

Incidental fixes carried by the rewrite: corrects the "reestablises"
typo to "reestablishes", drops the incorrect "as" from "rendering
the status quo as unreliable", removes the hyphen from
"site-administrators", and switches "utilizing" to "utilising" so
the document is consistently British spelling.

Signed-off-by: Jason Volk <jason@zemos.net>
Adds a parallel citation to element-web's rageshake collector,
which calls the Synapse-specific administrative endpoint
GET /_synapse/admin/v1/server_version with a federation-side
/version fallback. The pair illustrates the two workaround
shapes in production client code: cross-interface (matrix-rust-sdk)
and vendor lock-in (element-web), neither of which functions when
its corresponding interface is restricted at the deployment edge.

Signed-off-by: Jason Volk <jason@zemos.net>
Adds explicit MUST/SHOULD/MAY/MUST NOT obligations covering server
population of the new server object, parity with the federation
/version response (with an escape valve for federation-disabled
deployments), and the prohibition on clients gating application
logic on the object's contents.

Signed-off-by: Jason Volk <jason@zemos.net>
Extends the unstable-prefix table with rows for the
net.zemos.msc4383 support advertisement and the
net.zemos.msc4383.stable companion advertisement that signals the
accepted-but-not-merged interval, so clients can detect support and
migrate reads to the unprefixed server key without coordination.

Signed-off-by: Jason Volk <jason@zemos.net>
Folds minor textual corrections identified during a pre-submission review.

Signed-off-by: Jason Volk <jason@zemos.net>
@jevolk jevolk requested a review from turt2live May 27, 2026 05:49
@github-project-automation github-project-automation Bot moved this to Tracking for review in Spec Core Team Workflow May 27, 2026
@turt2live turt2live moved this from Tracking for review to Proposed for FCP readiness in Spec Core Team Workflow May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

A-Client Server Client-Server API kind:maintenance MSC which clarifies/updates existing spec needs-implementation This MSC does not have a qualifying implementation for the SCT to review. The MSC cannot enter FCP. proposal A matrix spec change proposal. Process state.

Projects

Status: Proposed for FCP readiness

Development

Successfully merging this pull request may close these issues.

3 participants