# mautrix-signal Bridge Reference
# Deployed: 2026-04-09 (Phase 3)
# Updated: 2026-04-09 (Phase 5)

## Deployment

- **Image:** dock.mau.dev/mautrix/signal:v0.2603.0
- **Container:** mautrix-signal
- **Compose:** /opt/matrix/docker-compose.yml (same stack as Synapse)
- **Config dir:** /opt/matrix/mautrix-signal/
- **Network:** matrix-net (internal only, no host port mapping)
- **Appservice port:** 29328 (container-internal)

## Database

- **DB name:** mautrix_signal
- **DB role:** mautrix_signal (NOSUPERUSER, NOCREATEDB, NOCREATEROLE)
- **Host:** matrix-postgres:5432 (same container as Synapse/MAS)
- **Collation:** C/C (matches Synapse)

## Signal Account

- **Phone:** +12083080811
- **Login ID:** 58f99d83-f3a8-487f-a2b7-3d118e236d23
- **Matrix user:** @matt:echo6.co

## Bot

- **MXID:** @signalbot:echo6.co
- **Device ID:** UPX4KKLZVY
- **Management room:** !fDjIRTMjxILVQoAcEN:echo6.co

## Encryption

- **E2BE:** enabled (allow: true, default: true, require: true)
- **MSC4190:** enabled (required for MAS compatibility)
- **Pickle key:** auto-generated, stored in config
- **Self-sign:** true

## Synapse Integration

- **Registration files:** /opt/matrix/synapse/registration.yaml, /opt/matrix/synapse/doublepuppet.yaml
- **homeserver.yaml additions:**
  - `app_service_config_files: [/data/registration.yaml, /data/doublepuppet.yaml]`
  - `experimental_features.msc3202_transaction_extensions: true`
  - `experimental_features.msc2409_to_device_messages_enabled: true`
- **Registration file permissions:** 644 (world-readable, Synapse UID 991)

## Double Puppeting

- **Method:** appservice-based (doublepuppet.yaml)
- **as_token:** configured in bridge config `double_puppet.secrets`
- **Effect:** Messages matt sends from Signal appear as @matt:echo6.co in Matrix

## MAS Compatibility

- **Confirmed working:** as_token auth bypasses MAS entirely
- **MSC4190:** Parsed from registration.yaml `io.element.msc4190: true`, NOT a homeserver experimental_features flag
- **Synapse handles appservice auth independently of MAS token introspection**

## Autocreate Behavior

- **No autocreate toggle exists** in bridgev2 signal connector
- `portal_create_filter` config key is silently stripped on restart
- Old keys (`autocreate_group_portal`, `autocreate_contact_portal`) don't exist
- Portals auto-create when incoming Signal messages arrive for untracked groups/DMs
- This is the default and only behavior — cannot be disabled

## Permissions

```yaml
bridge:
  permissions:
    "*": relay
    "echo6.co": user
    "@matt:echo6.co": admin
```

## Backup

- DB dumped by /opt/matrix/scripts/pg_backup.sh (added alongside synapse + mas dumps)
- 14-day retention, daily at 3 AM

## Management Commands

Available in management room (!fDjIRTMjxILVQoAcEN:echo6.co):
- `!signal help` — list commands
- `!signal ping-matrix` — verify Matrix connectivity
- `!signal list-logins` — show linked Signal accounts
- `!signal sync-portal` — force-sync current portal
- `!signal id` — show bridge IDs for current room
- `!signal create-group` — create a new Signal group
- `!signal start-chat` — start a DM with a Signal user
- `!signal resolve-identifier` — look up a Signal user

NOT available (bridgev2 signal connector doesn't expose):
- `list-chats`, `bridge`, `create-portal`, `filter`

## Provisioning API

- **Shared secret:** in config.yaml (do NOT log or put in ref files)
- **Allow Matrix auth:** true
- **Debug endpoints:** false