Fix: Load encryption store for token/OIDC authentication to enable E2E encryption

[Copilot]

Problem

The bot was unable to respond to commands in encrypted Matrix rooms when using token or OIDC authentication. Users would see the bot connect successfully and log room events, but commands like !cd help or !cd projects received no response.

The error logs revealed:

Unable to decrypt message in Room (...) from <user>. Requesting room key...
Failed to request room key: Matrix store and olm account is not loaded.

Root Cause

The matrix-nio library requires the encryption store to be loaded before the client can handle encrypted messages. When using password authentication, this happens automatically via client.login(). However, when using token or OIDC authentication, the authentication flow bypasses the login method and directly sets the access token, which means the store is never loaded.

Without the loaded store:

• The bot cannot decrypt incoming encrypted messages
• The bot cannot request encryption keys from other devices
• Commands sent in encrypted rooms are never processed

Solution

Added an explicit await self.client.load_store() call in the token/OIDC authentication path before setting the access token. This ensures the encryption store (including the Olm account and megolm sessions) is properly loaded from disk, enabling the bot to handle encrypted messages.

Changes:

• chatrixcd/bot.py: Load encryption store before setting access token for token/OIDC auth
• tests/test_bot.py: Add test case to verify store loading during token authentication
• ARCHITECTURE.md: Update authentication flow documentation

Testing

Added unit test test_login_token_loads_store that verifies:

• The store is loaded during token authentication
• The access token is properly set
• The sync operation completes successfully

Impact

This fix resolves the issue for users deploying the bot with:

• Pre-generated access tokens
• OIDC/OAuth2 authentication
• Any authentication method that doesn't use password-based login

Password authentication continues to work as before (store loading is automatic).

Fixes #[issue-number]

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Bug]: Bot doesn't respond to commands</issue_title>
<issue_description>### What happened?

I have configured the config.yaml

I can see the bot is connecting to the matrix server
I can see the bot logging room events

when I type a command !cd help or !cd projects the bot doesn't respond

Expected Behavior

The bot should respond

Steps to Reproduce

1. Connect to a Matrix server successfully
2. Join an encrypted room, which the bot is in
3. Type any of the bots commands prefixed by !cd
4. Receive no response from the bot

Relevant Log Output

2025-10-09 04:03:35,176 - nio.client.base_client - INFO - New joined room <redacted>
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type RoomHistoryVisibilityEvent
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type RoomGuestAccessEvent
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type RoomNameEvent
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type RoomCreateEvent
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type RoomJoinRulesEvent
2025-10-09 04:03:35,177 - nio.rooms - INFO - Room <redacted> handling event of type PowerLevelsEvent
2025-10-09 04:03:35,177 - chatrixcd.bot - INFO - Authenticated with token as <redacted>
2025-10-09 04:03:35,177 - chatrixcd.bot - INFO - Starting sync loop...
2025-10-09 04:04:15,036 - nio.rooms - INFO - Room <redacted> handling event of type MegolmEvent
2025-10-09 04:05:29,250 - nio.rooms - INFO - Room <redacted> handling event of type MegolmEvent

* Where <redacted> are room ID's or other identifiers which are sensitive

Deployment Method

Direct Python execution

Python Version

3.13.7

ChatrixCD Version

trunk

Authentication Type

Token

Operating System

Linux

Matrix Homeserver Type

Synapse

Additional Context

I think it isn't able to correctly decrypt the message, so it can't parse its content?

Pre-submission Checklist

• I have searched for similar issues and didn't find any duplicates
• I have removed any sensitive information (passwords, tokens, etc.) from logs and configuration examples
• I am using the latest version of ChatrixCD (or have specified my version above)</issue_description>

Comments on the Issue (you are @copilot in this section)

@CJFWeatherhead I'm getting a new error:

2025-10-09 04:35:25,447 - nio.rooms - INFO - Room <redacted> handling event of type MegolmEvent
2025-10-09 04:35:25,447 - chatrixcd.bot - WARNING - Unable to decrypt message in Room (<redacted>) from <user>. Requesting room key...
2025-10-09 04:35:25,447 - chatrixcd.bot - ERROR - Failed to request room key: Matrix store and olm account is not loaded.
2025-10-09 04:36:36,500 - nio.rooms - INFO - Room <redacted>handling event of type MegolmEvent
2025-10-09 04:36:36,500 - chatrixcd.bot - WARNING - Unable to decrypt message in Room (<redacted>) from <user>. Requesting room key...
2025-10-09 04:36:36,501 - chatrixcd.bot - ERROR - Failed to request room key: Matrix store and olm account is not loaded.
````</body></comment_new>
</comments>

Fixes #9

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.