docs/channels/matrix-migration.md
Upgrade from the previous public matrix plugin to the current implementation.
For most users, the upgrade is in place:
@openclaw/matrixmatrixchannels.matrix~/.openclaw/credentials/matrix/~/.openclaw/matrix/You do not need to rename config keys or reinstall the plugin under a new name.
The root openclaw package no longer bundles Matrix runtime code or Matrix SDK
dependencies. If openclaw channels status shows Matrix is configured but the
plugin is not installed, run openclaw doctor --fix or
openclaw plugins install @openclaw/matrix; do not install Matrix SDK packages
into the root OpenClaw package.
Matrix migration runs when the gateway starts (through the loaded Matrix plugin), when you run openclaw doctor --fix, and as a fallback when the Matrix client starts and still finds old on-disk state. Before any actionable migration step mutates on-disk state, OpenClaw creates or reuses a focused recovery snapshot.
When you use openclaw update, the exact trigger depends on how OpenClaw is installed:
openclaw doctor --fix pass during the update flow, then restart the gateway by defaultopenclaw doctor --non-interactive --fix, then rely on the default gateway restart so startup can finish Matrix migrationopenclaw update --no-restart, startup-backed Matrix migration is deferred until you later run openclaw doctor --fix and restart the gatewayAutomatic migration covers:
~/Backups/openclaw-migrations/channels.matrix configbot-storage.json sync cache, recovery-key.json, legacy-crypto-migration.json, IndexedDB snapshots) into Matrix SQLite state; migrated files are archived with a .migrated suffixSnapshot details:
~/.openclaw/matrix/migration-snapshot.json after a successful snapshot so later startup and repair passes can reuse the same archive.includeWorkspace: false).userId or accessToken is still missing, OpenClaw does not create the snapshot yet because no Matrix mutation is actionable.About multi-account upgrades:
~/.openclaw/matrix/bot-storage.json and ~/.openclaw/matrix/crypto/) came from a single-store layout, so OpenClaw can only migrate it into one resolved Matrix account targetThe previous public Matrix plugin did not automatically create Matrix room-key backups. It persisted local crypto state and requested device verification, but it did not guarantee that your room keys were backed up to the homeserver.
That means some encrypted installs can only be migrated partially.
OpenClaw cannot automatically recover:
homeserver, userId, or accessToken are still unavailablechannels.matrix.defaultAccount is not setopenclaw doctor)If your old installation had local-only encrypted history that was never backed up, some older encrypted messages may remain unreadable after the upgrade.
Update OpenClaw and the Matrix plugin normally.
Prefer plain openclaw update without --no-restart so startup can finish the Matrix migration immediately.
Run:
openclaw doctor --fix
If Matrix has actionable migration work, doctor will create or reuse the pre-migration snapshot first and print the archive path.
Start or restart the gateway.
Check current verification and backup state:
openclaw matrix verify status
openclaw matrix verify backup status
Put the recovery key for the Matrix account you are repairing in an account-specific environment variable. For a single default account, MATRIX_RECOVERY_KEY is fine. For multiple accounts, use one variable per account, for example MATRIX_RECOVERY_KEY_ASSISTANT, and add --account assistant to the command.
If OpenClaw tells you a recovery key is needed, run the command for the matching account:
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin
printf '%s\n' "$MATRIX_RECOVERY_KEY_ASSISTANT" | openclaw matrix verify backup restore --recovery-key-stdin --account assistant
If this device is still unverified, run the command for the matching account:
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify device --recovery-key-stdin
printf '%s\n' "$MATRIX_RECOVERY_KEY_ASSISTANT" | openclaw matrix verify device --recovery-key-stdin --account assistant
If the recovery key is accepted and backup is usable, but Cross-signing verified
is still no, complete self-verification from another Matrix client:
openclaw matrix verify self
Accept the request in another Matrix client, compare the emoji or decimals,
and type yes only when they match. The command waits for full Matrix
identity trust before reporting success.
If you are intentionally abandoning unrecoverable old history and want a fresh backup baseline for future messages, run:
openclaw matrix verify backup reset --yes
Add --rotate-recovery-key only when the old recovery key should stop unlocking the fresh backup.
If no server-side key backup exists yet, create one for future recoveries:
openclaw matrix verify bootstrap
Encrypted migration is a two-stage process:
openclaw doctor --fix creates or reuses the pre-migration snapshot if encrypted migration is actionable, then inspects the old Matrix rust crypto store through the crypto inspector bundled with the Matrix plugin.If the old store reports room keys that were never backed up, OpenClaw warns instead of pretending recovery succeeded.
Matrix plugin upgraded in place. (doctor) or matrix: plugin upgraded in place for account "..." (startup)
Matrix migration snapshot created before applying Matrix upgrades. / Matrix migration snapshot reused before applying Matrix upgrades.
matrix: created pre-migration backup snapshot: ... / matrix: reusing existing pre-migration backup snapshot: ....Legacy Matrix state detected at ... but channels.matrix is not configured yet.
channels.matrix, then rerun openclaw doctor --fix or restart the gateway.Legacy Matrix state detected at ... but the new account-scoped target could not be resolved yet (need homeserver, userId, and access token for channels.matrix...).
openclaw doctor --fix after cached credentials exist.Legacy Matrix state detected at ... but multiple Matrix accounts are configured and channels.matrix.defaultAccount is not set.
channels.matrix.defaultAccount to the intended account, then rerun openclaw doctor --fix or restart the gateway.The same three warnings also appear with the prefix Legacy Matrix encrypted state detected at ... when the blocked store is the old encrypted crypto store.
Matrix legacy sync store not migrated because the target already exists (...) / Matrix legacy crypto store not migrated because the target already exists (...)
Failed migrating Matrix legacy sync store (...) or Failed migrating Matrix legacy crypto store (...)
openclaw doctor --fix.Matrix migration warnings are present, but no on-disk Matrix mutation is actionable yet. No pre-migration snapshot was needed.
matrix: migration remains in a warning-only state; no pre-migration snapshot was needed yet.openclaw doctor --fix or restart the gateway.Legacy Matrix encrypted state was detected, but the Matrix crypto inspector is unavailable.
openclaw plugins install @openclaw/matrix, or openclaw plugins install ./path/to/local/matrix-plugin for a repo checkout), then rerun openclaw doctor --fix or restart the gateway.- Failed creating a Matrix migration snapshot before repair: ...
- Skipping Matrix migration changes for now. Resolve the snapshot failure, then rerun "openclaw doctor --fix".
openclaw doctor --fix or restart the gateway.Failed migrating legacy Matrix client storage: ...
Matrix is installed from a custom path: ...
openclaw plugins install @openclaw/matrix when you want to return to the default Matrix plugin.matrix: restored X/Y room key(s) from legacy encrypted-state backup
matrix: N legacy local-only room key(s) were never backed up and could not be restored automatically
Legacy Matrix encrypted state for account "..." contains N room key(s) that were never backed up.Legacy Matrix encrypted state detected at ... but no device ID was found for account "..."
Legacy Matrix encrypted state for account "..." has backed-up room keys, but no local backup decryption key was found. Ask the operator to run "openclaw matrix verify backup restore --recovery-key <key>" after upgrade if they have the recovery key.
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin (preferred over passing the key as an argument).Failed inspecting legacy Matrix encrypted state for account "..." (...): ...
openclaw doctor --fix. If it repeats, keep the old state directory intact and recover using another verified Matrix client plus printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin.Legacy Matrix backup key was found for account "...", but Matrix SQLite state already contains a different recovery key. Leaving the existing state unchanged.
Legacy Matrix encrypted state for account "..." cannot be fully converted automatically because the old rust crypto store does not expose all local room keys for export.
matrix: failed restoring room keys from legacy encrypted-state backup: ...
openclaw matrix verify backup status, then retry with printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin if needed.openclaw matrix verify status and openclaw matrix verify backup status print a Backup issue: line plus Next steps: guidance when the room-key backup is not healthy on this device:
| Backup issue | Meaning | Fix |
|---|---|---|
no room-key backup exists on the homeserver | nothing to restore from | openclaw matrix verify bootstrap to create a room key backup |
backup decryption key is not loaded on this device | key exists but is not active here | openclaw matrix verify backup restore; if it still cannot load the key, pipe the recovery key via --recovery-key-stdin |
backup decryption key could not be loaded from secret storage (...) | secret storage load failed or is unsupported | pipe the recovery key: printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin |
backup key mismatch (...) | stored key does not match the active server backup | rerun verify backup restore --recovery-key-stdin with the active server backup key, or verify backup reset --yes for a fresh baseline |
backup signature chain is not trusted by this device | device does not trust the cross-signing chain yet | verify device --recovery-key-stdin, then verify self from another verified client if trust is still incomplete |
backup exists but is not active on this device | server backup present, local session inactive | verify the device first, then recheck with openclaw matrix verify backup status |
backup trust state could not be fully determined | diagnostics were inconclusive | openclaw matrix verify status --verbose |
Other recovery errors:
Matrix recovery key is required
--recovery-key-stdin, for example printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify device --recovery-key-stdin.Invalid Matrix recovery key: ...
Matrix recovery key was applied, but this device still lacks full Matrix identity trust.
Recovery key accepted, Backup usable, Cross-signing verified, and Device verified by owner.openclaw matrix verify self, accept the request in another Matrix client, compare the SAS, and type yes only when it matches. Use printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify bootstrap --recovery-key-stdin --force-reset-cross-signing only when you intentionally want to replace the current cross-signing identity.If you accept losing unrecoverable old encrypted history, you can instead reset the
current backup baseline with openclaw matrix verify backup reset --yes. When the
stored backup secret is broken, that reset also repairs secret storage so the
new backup key can load correctly after restart.
Matrix is installed from a custom path that no longer exists: ...
openclaw plugins install @openclaw/matrix, or if you are running from a repo checkout, openclaw plugins install ./path/to/local/matrix-plugin. openclaw doctor --fix can also remove the stale Matrix plugin references for you.Run these checks in order:
openclaw matrix verify status --verbose
openclaw matrix verify backup status --verbose
printf '%s\n' "$MATRIX_RECOVERY_KEY" | openclaw matrix verify backup restore --recovery-key-stdin --verbose
If the backup restores successfully but some old rooms are still missing history, those missing keys were probably never backed up by the previous plugin.
If you accept losing unrecoverable old encrypted history and only want a clean backup baseline going forward, run these commands in order:
openclaw matrix verify backup reset --yes
openclaw matrix verify backup status --verbose
openclaw matrix verify status
If the device is still unverified after that, finish verification from your Matrix client by comparing the SAS emoji or decimal codes and confirming that they match.