chore: Bump version to 0.5.0-rc.8.1

ci: Run image release workflow on tag
(cherry picked from commit e5e2db37d9)
2026-05-26 20:49:55 +00:00 · 2025-11-16 21:00:14 +00:00 · 2025-11-16 21:00:14 +00:00 · 2025-11-16 20:05:57 +00:00 · 2025-11-16 20:05:57 +00:00 · 2025-11-16 20:05:57 +00:00
83 changed files with 2349 additions and 886 deletions
@@ -23,6 +23,8 @@ on:
      - "renovate.json"
      - "pkg/**"
      - "docs/**"
+    tags:
+      - "v*.*.*"
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

@@ -43,7 +43,7 @@ jobs:
    name: Renovate
    runs-on: ubuntu-latest
    container:
-      image: ghcr.io/renovatebot/renovate:41.115.6@sha256:70c89592d424a54bedf7538c5bea2e43f4d66ce2c8b74d1356d4cf0ee9ed7ec0
+      image: ghcr.io/renovatebot/renovate:41.121.4@sha256:c3348a8cc65f3519ec3412d3b9787dc2ae151052220f87f533bfdded051227a9
      options: --tmpfs /tmp:exec
    steps:
      - name: Checkout
@@ -0,0 +1,107 @@
+name: Update flake hashes
+
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - "Cargo.lock"
+      - "Cargo.toml"
+      - "rust-toolchain.toml"
+
+jobs:
+  update-flake-hashes:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 1
+          fetch-tags: false
+          fetch-single-branch: true
+          submodules: false
+          persist-credentials: false
+
+      - uses: https://github.com/cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487 # v31.6.1
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
+        # We can skip getting a toolchain hash if this was ran as a dispatch with the intent
+        # to update just the rocksdb hash. If this was ran as a dispatch and the toolchain
+        # files are changed, we still update them, as well as the rocksdb import.
+      - name: Detect changed files
+        id: changes
+        run: |
+          git fetch origin ${{ github.base_ref }} --depth=1 || true
+          if [ -n "${{ github.event.pull_request.base.sha }}" ]; then
+            base=${{ github.event.pull_request.base.sha }}
+          else
+            base=$(git rev-parse HEAD~1)
+          fi
+          echo "Base: $base"
+          echo "HEAD: $(git rev-parse HEAD)"
+          git diff --name-only $base HEAD > changed_files.txt
+          echo "files=$(cat changed_files.txt)" >> $FORGEJO_OUTPUT
+
+      - name: Get new toolchain hash
+        if: contains(steps.changes.outputs.files, 'Cargo.toml') || contains(steps.changes.outputs.files, 'Cargo.lock') || contains(steps.changes.outputs.files, 'rust-toolchain.toml')
+        run: |
+          # Set the current sha256 to an empty hash to make `nix build` calculate a new one
+          awk '/fromToolchainFile *\{/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = pkgsHost.lib.fakeSha256;"); found=0} 1' flake.nix > temp.nix && mv temp.nix flake.nix
+
+          # Build continuwuity and filter for the new hash
+          # We do `|| true` because we want this to fail without stopping the workflow
+          nix build .#default 2>&1 | tee >(grep 'got:' | awk '{print $2}' > new_toolchain_hash.txt) || true
+
+          # Place the new hash in place of the empty hash
+          new_hash=$(cat new_toolchain_hash.txt)
+          sed -i "s|pkgsHost.lib.fakeSha256|\"$new_hash\"|" flake.nix
+
+          echo "New hash:"
+          awk -F'"' '/fromToolchainFile/{found=1; next} found && /sha256 =/{print $2; found=0}' flake.nix
+          echo "Expected new hash:"
+          cat new_toolchain_hash.txt
+
+          rm new_toolchain_hash.txt
+
+      - name: Get new rocksdb hash
+        run: |
+          # Set the current sha256 to an empty hash to make `nix build` calculate a new one
+          awk '/repo = "rocksdb";/{found=1; print; next} found && /sha256 =/{sub(/sha256 = .*/, "sha256 = pkgsHost.lib.fakeSha256;"); found=0} 1' flake.nix > temp.nix && mv temp.nix flake.nix
+
+          # Build continuwuity and filter for the new hash
+          # We do `|| true` because we want this to fail without stopping the workflow
+          nix build .#default 2>&1 | tee >(grep 'got:' | awk '{print $2}' > new_rocksdb_hash.txt) || true
+
+          # Place the new hash in place of the empty hash
+          new_hash=$(cat new_rocksdb_hash.txt)
+          sed -i "s|pkgsHost.lib.fakeSha256|\"$new_hash\"|" flake.nix
+
+          echo "New hash:"
+          awk -F'"' '/repo = "rocksdb";/{found=1; next} found && /sha256 =/{print $2; found=0}' flake.nix
+          echo "Expected new hash:"
+          cat new_rocksdb_hash.txt
+
+          rm new_rocksdb_hash.txt
+
+      - name: Show diff
+        run: git diff flake.nix
+
+      - name: Push changes
+        run: |
+          set -euo pipefail
+
+          if git diff --quiet --exit-code; then
+            echo "No changes to commit."
+            exit 0
+          fi
+
+          git config user.email "renovate@mail.ellis.link"
+          git config user.name "renovate"
+
+          REF="${{ github.head_ref }}"
+
+          git fetch origin "$REF"
+          git checkout "$REF"
+
+          git commit -a -m "chore(Nix): Updated flake hashes"
+
+          git push origin HEAD:refs/heads/"$REF"
@@ -668,9 +668,9 @@ checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a"

 [[package]]
 name = "bytesize"
-version = "2.0.1"
+version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3c8f83209414aacf0eeae3cf730b18d6981697fba62f200fcfb92b9f082acba"
+checksum = "f5c434ae3cf0089ca203e9019ebe529c47ff45cefe8af7c85ecb734ef541822f"

 [[package]]
 name = "bzip2-sys"
@@ -689,14 +689,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "374b7c592d9c00c1f4972ea58390ac6b18cbb6ab79011f3bdc90a0b82ca06b77"
 dependencies = [
 "serde",
- "toml 0.9.5",
+ "toml 0.9.6",
 ]

 [[package]]
 name = "cc"
-version = "1.2.36"
+version = "1.2.37"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5252b3d2648e5eedbc1a6f501e3c795e07025c1e93bbf8bbdd6eef7f447a6d54"
+checksum = "65193589c6404eb80b450d618eaf9a2cafaaafd57ecce47370519ef674a7bd44"
 dependencies = [
 "find-msvc-tools",
 "jobserver",
@@ -875,7 +875,7 @@ dependencies = [

 [[package]]
 name = "conduwuit"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "clap",
 "conduwuit_admin",
@@ -907,7 +907,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_admin"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "clap",
 "conduwuit_api",
@@ -929,7 +929,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_api"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "async-trait",
 "axum",
@@ -962,14 +962,14 @@ dependencies = [

 [[package]]
 name = "conduwuit_build_metadata"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "built 0.8.0",
 ]

 [[package]]
 name = "conduwuit_core"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "argon2",
 "arrayvec",
@@ -1021,7 +1021,7 @@ dependencies = [
 "tikv-jemallocator",
 "tokio",
 "tokio-metrics",
- "toml 0.9.5",
+ "toml 0.9.6",
 "tracing",
 "tracing-core",
 "tracing-subscriber",
@@ -1030,7 +1030,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_database"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "async-channel",
 "conduwuit_core",
@@ -1049,7 +1049,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_macros"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "itertools 0.14.0",
 "proc-macro2",
@@ -1059,7 +1059,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_router"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "axum",
 "axum-client-ip",
@@ -1094,7 +1094,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_service"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "async-trait",
 "base64 0.22.1",
@@ -1134,7 +1134,7 @@ dependencies = [

 [[package]]
 name = "conduwuit_web"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "askama",
 "axum",
@@ -1199,9 +1199,9 @@ checksum = "f4d34b8f066904ed7cfa4a6f9ee96c3214aa998cb44b69ca20bd2054f47402ed"

 [[package]]
 name = "const_panic"
-version = "0.2.14"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb8a602185c3c95b52f86dc78e55a6df9a287a7a93ddbcf012509930880cf879"
+checksum = "e262cdaac42494e3ae34c43969f9cdeb7da178bdb4b66fa6a1ea2edb4c8ae652"
 dependencies = [
 "typewit",
 ]
@@ -1814,9 +1814,9 @@ dependencies = [

 [[package]]
 name = "fs-err"
-version = "3.1.1"
+version = "3.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88d7be93788013f265201256d58f04936a8079ad5dc898743aa20525f503b683"
+checksum = "44f150ffc8782f35521cec2b23727707cb4045706ba3c854e86bef66b3a8cdbd"
 dependencies = [
 "autocfg",
 "tokio",
@@ -1974,7 +1974,7 @@ dependencies = [
 "js-sys",
 "libc",
 "r-efi",
- "wasi 0.14.5+wasi-0.2.4",
+ "wasi 0.14.7+wasi-0.2.4",
 "wasm-bindgen",
 ]

@@ -2012,7 +2012,7 @@ dependencies = [
 "futures-core",
 "futures-sink",
 "http",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "slab",
 "tokio",
 "tokio-util",
@@ -2286,9 +2286,9 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"

 [[package]]
 name = "humantime"
-version = "2.2.0"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b112acc8b3adf4b107a8ec20977da0273a8c386765a3ec0229bd500a1443f9f"
+checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424"

 [[package]]
 name = "hyper"
@@ -2522,13 +2522,14 @@ dependencies = [

 [[package]]
 name = "indexmap"
-version = "2.11.1"
+version = "2.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921"
+checksum = "92119844f513ffa41556430369ab02c295a3578af21cf945caa3e9e0c2481ac3"
 dependencies = [
 "equivalent",
 "hashbrown 0.15.5",
 "serde",
+ "serde_core",
 ]

 [[package]]
@@ -2642,9 +2643,9 @@ dependencies = [

 [[package]]
 name = "js-sys"
-version = "0.3.78"
+version = "0.3.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c0b063578492ceec17683ef2f8c5e89121fbd0b172cbc280635ab7567db2738"
+checksum = "6247da8b8658ad4e73a186e747fcc5fc2a29f979d6fe6269127fdb5fd08298d0"
 dependencies = [
 "once_cell",
 "wasm-bindgen",
@@ -3001,9 +3002,9 @@ dependencies = [

 [[package]]
 name = "minicbor-serde"
-version = "0.6.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bbf243b8cc68a7a76473b14328d3546fb002ae3d069227794520e9181003de9"
+checksum = "546cc904f35809921fa57016a84c97e68d9d27c012e87b9dadc28c233705f783"
 dependencies = [
 "minicbor",
 "serde",
@@ -3451,7 +3452,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
 dependencies = [
 "fixedbitset",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 ]

 [[package]]
@@ -3542,12 +3543,12 @@ checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"

 [[package]]
 name = "plist"
-version = "1.7.4"
+version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3af6b589e163c5a788fab00ce0c0366f6efbb9959c2f9874b224936af7fce7e1"
+checksum = "740ebea15c5d1428f910cd1a5f52cebf8d25006245ed8ade92702f4943d91e07"
 dependencies = [
 "base64 0.22.1",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "quick-xml",
 "serde",
 "time",
@@ -3614,11 +3615,11 @@ dependencies = [

 [[package]]
 name = "proc-macro-crate"
-version = "3.3.0"
+version = "3.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35"
+checksum = "219cb19e96be00ab2e37d6e299658a0cfa83e52429179969b0f0121b4ac46983"
 dependencies = [
- "toml_edit",
+ "toml_edit 0.23.5",
 ]

 [[package]]
@@ -4060,8 +4061,9 @@ dependencies = [

 [[package]]
 name = "resolv-conf"
-version = "0.7.4"
-source = "git+https://forgejo.ellis.link/continuwuation/resolv-conf?rev=ebbbec1cb965b487a0150f5d007e96c05e3d72af#ebbbec1cb965b487a0150f5d007e96c05e3d72af"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b3789b30bd25ba102de4beabd95d21ac45b69b1be7d14522bab988c526d6799"

 [[package]]
 name = "rgb"
@@ -4107,7 +4109,7 @@ checksum = "88f8660c1ff60292143c98d08fc6e2f654d722db50410e3f3797d40baaf9d8f3"
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "assign",
 "js_int",
@@ -4127,7 +4129,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4139,7 +4141,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "as_variant",
 "assign",
@@ -4162,7 +4164,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "as_variant",
 "base64 0.22.1",
@@ -4170,7 +4172,7 @@ dependencies = [
 "form_urlencoded",
 "getrandom 0.2.16",
 "http",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "js_int",
 "konst",
 "percent-encoding",
@@ -4194,10 +4196,10 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "as_variant",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "js_int",
 "js_option",
 "percent-encoding",
@@ -4219,7 +4221,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "bytes",
 "headers",
@@ -4241,7 +4243,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "js_int",
 "thiserror 2.0.16",
@@ -4250,7 +4252,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4260,7 +4262,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "cfg-if",
 "proc-macro-crate",
@@ -4275,7 +4277,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "js_int",
 "ruma-common",
@@ -4287,7 +4289,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=78135227dceb9ce5eb9515b4ae85d452cdcabac8#78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+source = "git+https://forgejo.ellis.link/continuwuation/ruwuma?rev=d18823471ab3c09e77ff03eea346d4c07e572654#d18823471ab3c09e77ff03eea346d4c07e572654"
 dependencies = [
 "base64 0.22.1",
 "ed25519-dalek",
@@ -4302,8 +4304,8 @@ dependencies = [

 [[package]]
 name = "rust-librocksdb-sys"
-version = "0.38.0+10.4.2"
-source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=99b0319416b64830dd6f8943e1f65e15aeef18bc#99b0319416b64830dd6f8943e1f65e15aeef18bc"
+version = "0.39.0+10.5.1"
+source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=61d9d23872197e9ace4a477f2617d5c9f50ecb23#61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 dependencies = [
 "bindgen",
 "bzip2-sys",
@@ -4319,10 +4321,11 @@ dependencies = [

 [[package]]
 name = "rust-rocksdb"
-version = "0.42.1"
-source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=99b0319416b64830dd6f8943e1f65e15aeef18bc#99b0319416b64830dd6f8943e1f65e15aeef18bc"
+version = "0.43.0"
+source = "git+https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1?rev=61d9d23872197e9ace4a477f2617d5c9f50ecb23#61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 dependencies = [
 "libc",
+ "parking_lot",
 "rust-librocksdb-sys",
 ]

@@ -4392,7 +4395,7 @@ dependencies = [
 "once_cell",
 "ring 0.17.14",
 "rustls-pki-types",
- "rustls-webpki 0.103.4",
+ "rustls-webpki 0.103.6",
 "subtle",
 "zeroize",
 ]
@@ -4461,9 +4464,9 @@ dependencies = [

 [[package]]
 name = "rustls-webpki"
-version = "0.103.4"
+version = "0.103.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc"
+checksum = "8572f3c2cb9934231157b45499fc41e1f58c589fdfb81a844ba873265e80f8eb"
 dependencies = [
 "aws-lc-rs",
 "ring 0.17.14",
@@ -4584,9 +4587,9 @@ dependencies = [

 [[package]]
 name = "semver"
-version = "1.0.26"
+version = "1.0.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
+checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2"

 [[package]]
 name = "sentry"
@@ -4723,18 +4726,28 @@ dependencies = [

 [[package]]
 name = "serde"
-version = "1.0.219"
+version = "1.0.225"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
+checksum = "fd6c24dee235d0da097043389623fb913daddf92c76e9f5a1db88607a0bcbd1d"
+dependencies = [
+ "serde_core",
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_core"
+version = "1.0.225"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "659356f9a0cb1e529b24c01e43ad2bdf520ec4ceaf83047b83ddcc2251f96383"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.219"
+version = "1.0.225"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
+checksum = "0ea936adf78b1f766949a4977b91d2f5595825bd6ec079aa9543ad2685fc4516"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -4743,37 +4756,39 @@ dependencies = [

 [[package]]
 name = "serde_html_form"
-version = "0.2.7"
+version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d2de91cf02bbc07cde38891769ccd5d4f073d22a40683aa4bc7a95781aaa2c4"
+checksum = "b2f2d7ff8a2140333718bb329f5c40fc5f0865b84c426183ce14c97d2ab8154f"
 dependencies = [
 "form_urlencoded",
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "itoa",
 "ryu",
- "serde",
+ "serde_core",
 ]

 [[package]]
 name = "serde_json"
-version = "1.0.143"
+version = "1.0.145"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a"
+checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
 dependencies = [
 "itoa",
 "memchr",
 "ryu",
 "serde",
+ "serde_core",
 ]

 [[package]]
 name = "serde_path_to_error"
-version = "0.1.17"
+version = "0.1.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "59fab13f937fa393d08645bf3a84bdfe86e296747b506ada67bb15f10f218b2a"
+checksum = "10a9ff822e371bb5403e391ecd83e182e0e77ba7f6fe0160b795797109d1b457"
 dependencies = [
 "itoa",
 "serde",
+ "serde_core",
 ]

 [[package]]
@@ -4797,11 +4812,11 @@ dependencies = [

 [[package]]
 name = "serde_spanned"
-version = "1.0.0"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83"
+checksum = "2789234a13a53fc4be1b51ea1bab45a3c338bdb884862a257d10e5a74ae009e6"
 dependencies = [
- "serde",
+ "serde_core",
 ]

 [[package]]
@@ -4822,7 +4837,7 @@ version = "0.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "59e2dd588bf1597a252c3b920e0143eb99b0f76e4e082f4c92ce34fbc9e71ddd"
 dependencies = [
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "itoa",
 "libyml",
 "memchr",
@@ -5427,19 +5442,19 @@ dependencies = [
 "serde",
 "serde_spanned 0.6.9",
 "toml_datetime 0.6.11",
- "toml_edit",
+ "toml_edit 0.22.27",
 ]

 [[package]]
 name = "toml"
-version = "0.9.5"
+version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8"
+checksum = "ae2a4cf385da23d1d53bc15cdfa5c2109e93d8d362393c801e87da2f72f0e201"
 dependencies = [
- "indexmap 2.11.1",
- "serde",
- "serde_spanned 1.0.0",
- "toml_datetime 0.7.0",
+ "indexmap 2.11.3",
+ "serde_core",
+ "serde_spanned 1.0.1",
+ "toml_datetime 0.7.1",
 "toml_parser",
 "toml_writer",
 "winnow",
@@ -5456,11 +5471,11 @@ dependencies = [

 [[package]]
 name = "toml_datetime"
-version = "0.7.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3"
+checksum = "a197c0ec7d131bfc6f7e82c8442ba1595aeab35da7adbf05b6b73cd06a16b6be"
 dependencies = [
- "serde",
+ "serde_core",
 ]

 [[package]]
@@ -5469,7 +5484,7 @@ version = "0.22.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
 dependencies = [
- "indexmap 2.11.1",
+ "indexmap 2.11.3",
 "serde",
 "serde_spanned 0.6.9",
 "toml_datetime 0.6.11",
@@ -5477,6 +5492,18 @@ dependencies = [
 "winnow",
 ]

+[[package]]
+name = "toml_edit"
+version = "0.23.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2ad0b7ae9cfeef5605163839cb9221f453399f15cfb5c10be9885fcf56611f9"
+dependencies = [
+ "indexmap 2.11.3",
+ "toml_datetime 0.7.1",
+ "toml_parser",
+ "winnow",
+]
+
 [[package]]
 name = "toml_parser"
 version = "1.0.2"
@@ -5729,9 +5756,9 @@ checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"

 [[package]]
 name = "typewit"
-version = "1.14.1"
+version = "1.14.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c98488b93df24b7c794d6a58c4198d7a2abde676324beaca84f7fb5b39c0811"
+checksum = "f8c1ae7cc0fdb8b842d65d127cb981574b0d2b249b74d1c7a2986863dc134f71"
 dependencies = [
 "typewit_proc_macros",
 ]
@@ -5931,27 +5958,27 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"

 [[package]]
 name = "wasi"
-version = "0.14.5+wasi-0.2.4"
+version = "0.14.7+wasi-0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4494f6290a82f5fe584817a676a34b9d6763e8d9d18204009fb31dceca98fd4"
+checksum = "883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c"
 dependencies = [
 "wasip2",
 ]

 [[package]]
 name = "wasip2"
-version = "1.0.0+wasi-0.2.4"
+version = "1.0.1+wasi-0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "03fa2761397e5bd52002cd7e73110c71af2109aca4e521a9f40473fe685b0a24"
+checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7"
 dependencies = [
 "wit-bindgen",
 ]

 [[package]]
 name = "wasm-bindgen"
-version = "0.2.101"
+version = "0.2.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e14915cadd45b529bb8d1f343c4ed0ac1de926144b746e2710f9cd05df6603b"
+checksum = "4ad224d2776649cfb4f4471124f8176e54c1cca67a88108e30a0cd98b90e7ad3"
 dependencies = [
 "cfg-if",
 "once_cell",
@@ -5962,9 +5989,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-backend"
-version = "0.2.101"
+version = "0.2.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e28d1ba982ca7923fd01448d5c30c6864d0a14109560296a162f80f305fb93bb"
+checksum = "3a1364104bdcd3c03f22b16a3b1c9620891469f5e9f09bc38b2db121e593e732"
 dependencies = [
 "bumpalo",
 "log",
@@ -5976,9 +6003,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.51"
+version = "0.4.52"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ca85039a9b469b38336411d6d6ced91f3fc87109a2a27b0c197663f5144dffe"
+checksum = "9c0a08ecf5d99d5604a6666a70b3cde6ab7cc6142f5e641a8ef48fc744ce8854"
 dependencies = [
 "cfg-if",
 "js-sys",
@@ -5989,9 +6016,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.101"
+version = "0.2.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c3d463ae3eff775b0c45df9da45d68837702ac35af998361e2c84e7c5ec1b0d"
+checksum = "0d7ab4ca3e367bb1ed84ddbd83cc6e41e115f8337ed047239578210214e36c76"
 dependencies = [
 "quote",
 "wasm-bindgen-macro-support",
@@ -5999,9 +6026,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.101"
+version = "0.2.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7bb4ce89b08211f923caf51d527662b75bdc9c9c7aab40f86dcb9fb85ac552aa"
+checksum = "4a518014843a19e2dbbd0ed5dfb6b99b23fb886b14e6192a00803a3e14c552b0"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -6012,18 +6039,18 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.101"
+version = "0.2.102"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f143854a3b13752c6950862c906306adb27c7e839f7414cec8fea35beab624c1"
+checksum = "255eb0aa4cc2eea3662a00c2bbd66e93911b7361d5e0fcd62385acfd7e15dcee"
 dependencies = [
 "unicode-ident",
 ]

 [[package]]
 name = "web-sys"
-version = "0.3.78"
+version = "0.3.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77e4b637749ff0d92b8fad63aa1f7cff3cbe125fd49c175cd6345e7272638b12"
+checksum = "50462a022f46851b81d5441d1a6f5bac0b21a1d72d64bd4906fbdd4bf7230ec7"
 dependencies = [
 "js-sys",
 "wasm-bindgen",
@@ -6083,9 +6110,9 @@ checksum = "dd7cf3379ca1aac9eea11fba24fd7e315d621f8dfe35c8d7d2be8b793726e07d"

 [[package]]
 name = "wildmatch"
-version = "2.4.0"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68ce1ab1f8c62655ebe1350f589c61e505cf94d385bc6a12899442d9081e71fd"
+checksum = "39b7d07a236abaef6607536ccfaf19b396dbe3f5110ddb73d39f4562902ed382"

 [[package]]
 name = "winapi"
@@ -6498,9 +6525,9 @@ dependencies = [

 [[package]]
 name = "wit-bindgen"
-version = "0.45.1"
+version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c573471f125075647d03df72e026074b7203790d41351cd6edc96f46bcccd36"
+checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"

 [[package]]
 name = "writeable"
@@ -6538,7 +6565,7 @@ dependencies = [

 [[package]]
 name = "xtask"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "clap",
 "serde",
@@ -6547,7 +6574,7 @@ dependencies = [

 [[package]]
 name = "xtask-generate-commands"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"
 dependencies = [
 "clap-markdown",
 "clap_builder",
@@ -21,7 +21,7 @@ license = "Apache-2.0"
 readme = "README.md"
 repository = "https://forgejo.ellis.link/continuwuation/continuwuity"
 rust-version = "1.86.0"
-version = "0.5.0-rc.7"
+version = "0.5.0-rc.8.1"

 [workspace.metadata.crane]
 name = "conduwuit"
@@ -351,8 +351,7 @@ version = "0.1.2"
 # Used for matrix spec type definitions and helpers
 [workspace.dependencies.ruma]
 git = "https://forgejo.ellis.link/continuwuation/ruwuma"
-#branch = "conduwuit-changes"
-rev = "78135227dceb9ce5eb9515b4ae85d452cdcabac8"
+rev = "d18823471ab3c09e77ff03eea346d4c07e572654"
 features = [
    "compat",
    "rand",
@@ -382,6 +381,7 @@ features = [
    "unstable-msc4095",
    "unstable-msc4121",
    "unstable-msc4125",
+	"unstable-msc4155",
    "unstable-msc4186",
    "unstable-msc4203", # sending to-device events to appservices
    "unstable-msc4210", # remove legacy mentions
@@ -392,7 +392,7 @@ features = [

 [workspace.dependencies.rust-rocksdb]
 git = "https://forgejo.ellis.link/continuwuation/rust-rocksdb-zaidoon1"
-rev = "99b0319416b64830dd6f8943e1f65e15aeef18bc"
+rev = "61d9d23872197e9ace4a477f2617d5c9f50ecb23"
 default-features = false
 features = [
 	"multi-threaded-cf",
@@ -555,6 +555,9 @@ version = "0.11.5"
 default-features = false
 features = ["sync", "tls-rustls"]

+[workspace.dependencies.resolv-conf]
+version = "0.7.5"
+
 #
 # Patches
 #
@@ -599,12 +602,6 @@ rev = "9c8e51510c35077df888ee72a36b4b05637147da"
 git = "https://forgejo.ellis.link/continuwuation/hyper-util"
 rev = "e4ae7628fe4fcdacef9788c4c8415317a4489941"

-# Allows no-aaaa option in resolv.conf
-# Use 1-indexed line numbers when displaying parse error messages
-[patch.crates-io.resolv-conf]
-git = "https://forgejo.ellis.link/continuwuation/resolv-conf"
-rev = "ebbbec1cb965b487a0150f5d007e96c05e3d72af"
-
 #
 # Our crates
 #
@@ -48,7 +48,7 @@ EOF

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.15.4
+ENV BINSTALL_VERSION=1.15.5
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
@@ -18,7 +18,7 @@ RUN --mount=type=cache,target=/etc/apk/cache apk add \

 # Developer tool versions
 # renovate: datasource=github-releases depName=cargo-bins/cargo-binstall
-ENV BINSTALL_VERSION=1.15.4
+ENV BINSTALL_VERSION=1.15.5
 # renovate: datasource=github-releases depName=psastras/sbom-rs
 ENV CARGO_SBOM_VERSION=0.9.1
 # renovate: datasource=crate depName=lddtree
@@ -8,6 +8,10 @@
        {
            "id": 3,
            "message": "_taps microphone_ The Continuwuity 0.5.0-rc.7 release is now available, and it's better than ever! **177 commits**, **35 pull requests**, **11 contributors,** and a lot of new stuff!\n\nFor highlights, we've got:\n\n* 🕵️ Full Policy Server support to fight spam!\n* 🚀 Smarter room & space upgrades.\n* 🚫 User suspension tools for better moderation.\n* 🤖 reCaptcha support for safer open registration.\n* 🔍 Ability to disable read receipts & typing indicators.\n* ⚡ Sweeping performance improvements!\n\nGet the [full changelog and downloads on our Forgejo](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.7) - and make sure you're in the [Announcements room](https://matrix.to/#/!releases:continuwuity.org/$hN9z6L2_dTAlPxFLAoXVfo_g8DyYXu4cpvWsSrWhmB0) to get stuff like this sooner."
+        },
+        {
+            "id": 5,
+            "message": "It's a bird! It's a plane! No, it's 0.5.0-rc.8.1!\n\nThis is a minor bugfix update to the rc8 which backports some important fixes from the latest main branch. If you still haven't updated to rc8, you should skip to main. Otherwise, you should upgrade to this bugfix release as soon as possible.\n\nBugfixes backported to this version:\n\n- Resolved several issues with state resolution v2.1 (room version 12)\n- Fixed issues with the `restricted` and `knock_restricted` join rules that would sometimes incorrectly disallow a valid join\n- Fixed the automatic support contact listing being a no-op\n- Fixed upgrading pre-v12 rooms to v12 rooms\n- Fixed policy servers sending the incorrect JSON objects (resulted in false positives)\n- Fixed debug build panic during MSC4133 migration\n\nIt is recommended, if you can and are comfortable with doing so, following updates to the main branch - we're in the run up to the full 0.5.0 release, and more and more bugfixes and new features are being pushed constantly. Please don't forget to join [#announcements:continuwuity.org](https://matrix.to/#/#announcements:continuwuity.org) to receive this news faster and be alerted to other important updates!"
        }
    ]
 }
@@ -10,11 +10,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1756403898,
-        "narHash": "sha256-S4SJDmVTtbcXaJkYrMFkcA5SDrpfRHlBbzwp6IRRPAw=",
+        "lastModified": 1757683818,
+        "narHash": "sha256-q7q0pWT+wu5AUU1Qlbwq8Mqb+AzHKhaMCVUq/HNZfo8=",
        "owner": "zhaofengli",
        "repo": "attic",
-        "rev": "2524dd1c007bc7a0a9e9c863a1b02de8d54b319b",
+        "rev": "7c5d79ad62cda340cb8c80c99b921b7b7ffacf69",
        "type": "github"
      },
      "original": {
@@ -152,11 +152,11 @@
        "rust-analyzer-src": "rust-analyzer-src"
      },
      "locked": {
-        "lastModified": 1757400094,
-        "narHash": "sha256-5Rcs6juMoMTaMJSR1glravl4QB9yLAFBD8s7KLi4kdQ=",
+        "lastModified": 1758004879,
+        "narHash": "sha256-kV7tQzcNbmo58wg2uE2MQ/etaTx+PxBMHeNrLP8vOgk=",
        "owner": "nix-community",
        "repo": "fenix",
-        "rev": "0682b9b518792c9428865c511a4c40c9ad85c243",
+        "rev": "07e5ce53dd020e6b337fdddc934561bee0698fa2",
        "type": "github"
      },
      "original": {
@@ -370,11 +370,11 @@
    },
    "nix-filter": {
      "locked": {
-        "lastModified": 1731533336,
-        "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
+        "lastModified": 1757882181,
+        "narHash": "sha256-+cCxYIh2UNalTz364p+QYmWHs0P+6wDhiWR4jDIKQIU=",
        "owner": "numtide",
        "repo": "nix-filter",
-        "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
+        "rev": "59c44d1909c72441144b93cf0f054be7fe764de5",
        "type": "github"
      },
      "original": {
@@ -455,11 +455,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1757034884,
-        "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=",
+        "lastModified": 1758029226,
+        "narHash": "sha256-TjqVmbpoCqWywY9xIZLTf6ANFvDCXdctCjoYuYPYdMI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ca77296380960cd497a765102eeb1356eb80fed0",
+        "rev": "08b8f92ac6354983f5382124fef6006cade4a1c1",
        "type": "github"
      },
      "original": {
@@ -632,6 +632,7 @@ pub(super) async fn force_set_room_state_from_server(
 			.add_pdu_outlier(&event_id, &value);
 	}

+	info!("Resolving new room state");
 	let new_room_state = self
 		.services
 		.rooms
@@ -639,7 +640,7 @@ pub(super) async fn force_set_room_state_from_server(
 		.resolve_state(&room_id, &room_version, state)
 		.await?;

-	info!("Forcing new room state");
+	info!("Compressing new room state");
 	let HashSetCompressStateEvent {
 		shortstatehash: short_state_hash,
 		added,
@@ -653,6 +654,7 @@ pub(super) async fn force_set_room_state_from_server(

 	let state_lock = self.services.rooms.state.mutex.lock(&*room_id).await;

+	info!("Forcing new room state");
 	self.services
 		.rooms
 		.state
@@ -179,7 +179,11 @@ pub(super) async fn create_user(&self, username: String, password: Option<String
 			.await
 			.is_ok_and(is_equal_to!(1))
 		{
-			self.services.admin.make_user_admin(&user_id).await?;
+			self.services
+				.admin
+				.make_user_admin(&user_id)
+				.boxed()
+				.await?;
 			warn!("Granting {user_id} admin privileges as the first user");
 		}
 	} else {
@@ -217,7 +221,9 @@ pub(super) async fn deactivate(&self, no_leave_rooms: bool, user_id: String) ->
 			.collect()
 			.await;

-		full_user_deactivate(self.services, &user_id, &all_joined_rooms).await?;
+		full_user_deactivate(self.services, &user_id, &all_joined_rooms)
+			.boxed()
+			.await?;
 		update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
 		update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms).await;
 		leave_all_rooms(self.services, &user_id).await;
@@ -376,7 +382,9 @@ pub(super) async fn deactivate_all(&self, no_leave_rooms: bool, force: bool) ->
 						.collect()
 						.await;

-					full_user_deactivate(self.services, &user_id, &all_joined_rooms).await?;
+					full_user_deactivate(self.services, &user_id, &all_joined_rooms)
+						.boxed()
+						.await?;
 					update_displayname(self.services, &user_id, None, &all_joined_rooms).await;
 					update_avatar_url(self.services, &user_id, None, None, &all_joined_rooms)
 						.await;
@@ -756,7 +764,7 @@ pub(super) async fn force_demote(&self, user_id: String, room_id: OwnedRoomOrAli
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &power_levels_content),
 			&user_id,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.await?;
@@ -776,7 +784,11 @@ pub(super) async fn make_user_admin(&self, user_id: String) -> Result {
 		"Parsed user_id must be a local user"
 	);

-	self.services.admin.make_user_admin(&user_id).await?;
+	self.services
+		.admin
+		.make_user_admin(&user_id)
+		.boxed()
+		.await?;

 	self.write_str(&format!("{user_id} has been granted admin privileges.",))
 		.await
@@ -901,7 +913,13 @@ pub(super) async fn redact_event(&self, event_id: OwnedEventId) -> Result {
 	);

 	let redaction_event_id = {
-		let state_lock = self.services.rooms.state.mutex.lock(event.room_id()).await;
+		let state_lock = self
+			.services
+			.rooms
+			.state
+			.mutex
+			.lock(&event.room_id_or_hash())
+			.await;

 		self.services
 			.rooms
@@ -915,7 +933,7 @@ pub(super) async fn redact_event(&self, event_id: OwnedEventId) -> Result {
 					})
 				},
 				event.sender(),
-				event.room_id(),
+				Some(&event.room_id_or_hash()),
 				&state_lock,
 			)
 			.await?
@@ -500,7 +500,7 @@ pub(crate) async fn register_route(
 				.await
 				.is_ok_and(is_equal_to!(1))
 			{
-				services.admin.make_user_admin(&user_id).await?;
+				services.admin.make_user_admin(&user_id).boxed().await?;
 				warn!("Granting {user_id} admin privileges as the first user");
 			} else if services.config.suspend_on_register {
 				// This is not an admin, suspend them.
@@ -924,7 +924,7 @@ pub async fn full_user_deactivate(
 				.build_and_append_pdu(
 					PduBuilder::state(String::new(), &power_levels_content),
 					user_id,
-					room_id,
+					Some(room_id),
 					&state_lock,
 				)
 				.await
@@ -69,7 +69,7 @@ pub(crate) async fn get_context_route(

 	let (base_id, base_pdu, visible) = try_join3(base_id, base_pdu, visible).await?;

-	if base_pdu.room_id != *room_id || base_pdu.event_id != *event_id {
+	if base_pdu.room_id_or_hash() != *room_id || base_pdu.event_id != *event_id {
 		return Err!(Request(NotFound("Base event not found.")));
 	}

@@ -49,7 +49,7 @@ pub(crate) async fn ban_user_route(
 				..current_member_content
 			}),
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -4,11 +4,14 @@ use conduwuit::{
 	Err, Result, debug_error, err, info,
 	matrix::{event::gen_event_id_canonical_json, pdu::PduBuilder},
 };
-use futures::{FutureExt, join};
+use futures::FutureExt;
 use ruma::{
 	OwnedServerName, RoomId, UserId,
 	api::{client::membership::invite_user, federation::membership::create_invite},
-	events::room::member::{MembershipState, RoomMemberEventContent},
+	events::{
+		invite_permission_config::FilterLevel,
+		room::member::{MembershipState, RoomMemberEventContent},
+	},
 };
 use service::Services;

@@ -47,22 +50,21 @@ pub(crate) async fn invite_user_route(
 	.await?;

 	match &body.recipient {
-		| invite_user::v3::InvitationRecipient::UserId { user_id } => {
-			let sender_ignored_recipient = services.users.user_is_ignored(sender_user, user_id);
-			let recipient_ignored_by_sender =
-				services.users.user_is_ignored(user_id, sender_user);
+		| invite_user::v3::InvitationRecipient::UserId { user_id: recipient_user } => {
+			let sender_filter_level = services
+				.users
+				.invite_filter_level(recipient_user, sender_user)
+				.await;

-			let (sender_ignored_recipient, recipient_ignored_by_sender) =
-				join!(sender_ignored_recipient, recipient_ignored_by_sender);
-
-			if sender_ignored_recipient {
+			if !matches!(sender_filter_level, FilterLevel::Allow) {
+				// drop invites if the sender has the recipient filtered
 				return Ok(invite_user::v3::Response {});
 			}

 			if let Ok(target_user_membership) = services
 				.rooms
 				.state_accessor
-				.get_member(&body.room_id, user_id)
+				.get_member(&body.room_id, recipient_user)
 				.await
 			{
 				if target_user_membership.membership == MembershipState::Ban {
@@ -70,16 +72,27 @@ pub(crate) async fn invite_user_route(
 				}
 			}

-			if recipient_ignored_by_sender {
-				// silently drop the invite to the recipient if they've been ignored by the
-				// sender, pretend it worked
-				return Ok(invite_user::v3::Response {});
+			// check for blocked invites if the recipient is a local user.
+			if services.globals.user_is_local(recipient_user) {
+				let recipient_filter_level = services
+					.users
+					.invite_filter_level(sender_user, recipient_user)
+					.await;
+
+				// ignored invites aren't handled here
+				// since the recipient's membership should still be changed to `invite`.
+				// they're filtered out in the individual /sync handlers.
+				if matches!(recipient_filter_level, FilterLevel::Block) {
+					return Err!(Request(InviteBlocked(
+						"{recipient_user} has blocked invites from you."
+					)));
+				}
 			}

 			invite_helper(
 				&services,
 				sender_user,
-				user_id,
+				recipient_user,
 				&body.room_id,
 				body.reason.clone(),
 				false,
@@ -98,7 +111,7 @@ pub(crate) async fn invite_user_route(
 pub(crate) async fn invite_helper(
 	services: &Services,
 	sender_user: &UserId,
-	user_id: &UserId,
+	recipient_user: &UserId,
 	room_id: &RoomId,
 	reason: Option<String>,
 	is_direct: bool,
@@ -111,12 +124,12 @@ pub(crate) async fn invite_helper(
 		return Err!(Request(Forbidden("Invites are not allowed on this server.")));
 	}

-	if !services.globals.user_is_local(user_id) {
+	if !services.globals.user_is_local(recipient_user) {
 		let (pdu, pdu_json, invite_room_state) = {
 			let state_lock = services.rooms.state.mutex.lock(room_id).await;

 			let content = RoomMemberEventContent {
-				avatar_url: services.users.avatar_url(user_id).await.ok(),
+				avatar_url: services.users.avatar_url(recipient_user).await.ok(),
 				is_direct: Some(is_direct),
 				reason,
 				..RoomMemberEventContent::new(MembershipState::Invite)
@@ -126,14 +139,14 @@ pub(crate) async fn invite_helper(
 				.rooms
 				.timeline
 				.create_hash_and_sign_event(
-					PduBuilder::state(user_id.to_string(), &content),
+					PduBuilder::state(recipient_user.to_string(), &content),
 					sender_user,
-					room_id,
+					Some(room_id),
 					&state_lock,
 				)
 				.await?;

-			let invite_room_state = services.rooms.state.summary_stripped(&pdu).await;
+			let invite_room_state = services.rooms.state.summary_stripped(&pdu, room_id).await;

 			drop(state_lock);

@@ -144,7 +157,7 @@ pub(crate) async fn invite_helper(

 		let response = services
 			.sending
-			.send_federation_request(user_id.server_name(), create_invite::v2::Request {
+			.send_federation_request(recipient_user.server_name(), create_invite::v2::Request {
 				room_id: room_id.to_owned(),
 				event_id: (*pdu.event_id).to_owned(),
 				room_version: room_version_id.clone(),
@@ -173,7 +186,7 @@ pub(crate) async fn invite_helper(
 			return Err!(Request(BadJson(warn!(
 				%pdu.event_id, %event_id,
 				"Server {} sent event with wrong event ID",
-				user_id.server_name()
+				recipient_user.server_name()
 			))));
 		}

@@ -213,9 +226,9 @@ pub(crate) async fn invite_helper(
 	let state_lock = services.rooms.state.mutex.lock(room_id).await;

 	let content = RoomMemberEventContent {
-		displayname: services.users.displayname(user_id).await.ok(),
-		avatar_url: services.users.avatar_url(user_id).await.ok(),
-		blurhash: services.users.blurhash(user_id).await.ok(),
+		displayname: services.users.displayname(recipient_user).await.ok(),
+		avatar_url: services.users.avatar_url(recipient_user).await.ok(),
+		blurhash: services.users.blurhash(recipient_user).await.ok(),
 		is_direct: Some(is_direct),
 		reason,
 		..RoomMemberEventContent::new(MembershipState::Invite)
@@ -225,9 +238,9 @@ pub(crate) async fn invite_helper(
 		.rooms
 		.timeline
 		.build_and_append_pdu(
-			PduBuilder::state(user_id.to_string(), &content),
+			PduBuilder::state(recipient_user.to_string(), &content),
 			sender_user,
-			room_id,
+			Some(room_id),
 			&state_lock,
 		)
 		.await?;
@@ -18,7 +18,7 @@ use conduwuit::{
 	},
 	warn,
 };
-use futures::{FutureExt, StreamExt};
+use futures::{FutureExt, StreamExt, TryFutureExt};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedRoomId, OwnedServerName, OwnedUserId, RoomId,
 	RoomVersionId, UserId,
@@ -313,11 +313,14 @@ pub async fn join_room_by_id_helper(
 		}
 	}

-	let local_join = server_in_room
-		|| servers.is_empty()
-		|| (servers.len() == 1 && services.globals.server_is_ours(&servers[0]));
+	if !server_in_room && servers.is_empty() {
+		return Err!(Request(NotFound(
+			"No servers were provided to assist in joining the room remotely, and we are not \
+			 already participating in the room."
+		)));
+	}

-	if local_join {
+	if server_in_room {
 		join_room_by_id_helper_local(
 			services,
 			sender_user,
@@ -556,6 +559,10 @@ async fn join_room_by_id_helper_remote(
 			services
 				.server_keys
 				.validate_and_add_event_id_no_fetch(pdu, &room_version_id)
+				.inspect_err(|e| {
+					debug_warn!("Could not validate send_join response room_state event: {e:?}");
+				})
+				.inspect(|_| debug!("Completed validating send_join response room_state event"))
 		})
 		.ready_filter_map(Result::ok)
 		.fold(HashMap::new(), |mut state, (event_id, value)| async move {
@@ -566,7 +573,6 @@ async fn join_room_by_id_helper_remote(
 					return state;
 				},
 			};
-
 			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
 			if let Some(state_key) = &pdu.state_key {
 				let shortstatekey = services
@@ -577,7 +583,6 @@ async fn join_room_by_id_helper_remote(

 				state.insert(shortstatekey, pdu.event_id.clone());
 			}
-
 			state
 		})
 		.await;
@@ -598,6 +603,7 @@ async fn join_room_by_id_helper_remote(
 		})
 		.ready_filter_map(Result::ok)
 		.ready_for_each(|(event_id, value)| {
+			trace!(%event_id, "Adding PDU as an outlier from send_join auth_chain");
 			services.rooms.outlier.add_pdu_outlier(&event_id, &value);
 		})
 		.await;
@@ -618,6 +624,9 @@ async fn join_room_by_id_helper_remote(
 		&parsed_join_pdu,
 		None, // TODO: third party invite
 		|k, s| state_fetch(k.clone(), s.into()),
+		&state_fetch(StateEventType::RoomCreate, "".into())
+			.await
+			.expect("create event is missing from send_join auth"),
 	)
 	.await
 	.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;
@@ -652,7 +661,7 @@ async fn join_room_by_id_helper_remote(
 		.force_state(room_id, statehash_before_join, added, removed, &state_lock)
 		.await?;

-	info!("Updating joined counts for new room");
+	debug!("Updating joined counts for new room");
 	services
 		.rooms
 		.state_cache
@@ -665,7 +674,7 @@ async fn join_room_by_id_helper_remote(
 	let statehash_after_join = services
 		.rooms
 		.state
-		.append_to_state(&parsed_join_pdu)
+		.append_to_state(&parsed_join_pdu, room_id)
 		.await?;

 	info!("Appending new room join event");
@@ -677,6 +686,7 @@ async fn join_room_by_id_helper_remote(
 			join_event,
 			once(parsed_join_pdu.event_id.borrow()),
 			&state_lock,
+			room_id,
 		)
 		.await?;

@@ -732,6 +742,7 @@ async fn join_room_by_id_helper_local(
 			.iter()
 			.stream()
 			.any(|restriction_room_id| {
+				trace!("Checking if {sender_user} is joined to {restriction_room_id}");
 				services
 					.rooms
 					.state_cache
@@ -744,6 +755,7 @@ async fn join_room_by_id_helper_local(
 				.state_cache
 				.local_users_in_room(room_id)
 				.filter(|user| {
+					trace!("Checking if {user} can invite {sender_user} to {room_id}");
 					services.rooms.state_accessor.user_can_invite(
 						room_id,
 						user,
@@ -756,6 +768,7 @@ async fn join_room_by_id_helper_local(
 				.await
 				.map(ToOwned::to_owned)
 		} else {
+			trace!("No restriction rooms are joined by {sender_user}");
 			None
 		}
 	};
@@ -776,7 +789,7 @@ async fn join_room_by_id_helper_local(
 		.build_and_append_pdu(
 			PduBuilder::state(sender_user.to_string(), &content),
 			sender_user,
-			room_id,
+			Some(room_id),
 			&state_lock,
 		)
 		.await
@@ -54,7 +54,7 @@ pub(crate) async fn kick_user_route(
 				..event
 			}),
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -373,7 +373,7 @@ async fn knock_room_helper_local(
 		.build_and_append_pdu(
 			PduBuilder::state(sender_user.to_string(), &content),
 			sender_user,
-			room_id,
+			Some(room_id),
 			&state_lock,
 		)
 		.await
@@ -502,6 +502,7 @@ async fn knock_room_helper_local(
 			knock_event,
 			once(parsed_knock_pdu.event_id.borrow()),
 			&state_lock,
+			room_id,
 		)
 		.await?;

@@ -672,7 +673,7 @@ async fn knock_room_helper_remote(
 	let statehash_after_knock = services
 		.rooms
 		.state
-		.append_to_state(&parsed_knock_pdu)
+		.append_to_state(&parsed_knock_pdu, room_id)
 		.await?;

 	info!("Updating membership locally to knock state with provided stripped state events");
@@ -701,6 +702,7 @@ async fn knock_room_helper_remote(
 			knock_event,
 			once(parsed_knock_pdu.event_id.borrow()),
 			&state_lock,
+			room_id,
 		)
 		.await?;

@@ -206,7 +206,7 @@ pub async fn leave_room(
 					..event
 				}),
 				user_id,
-				room_id,
+				Some(room_id),
 				&state_lock,
 			)
 			.await?;
@@ -69,11 +69,11 @@ pub(crate) async fn banned_room_check(
 	}

 	if let Some(room_id) = room_id {
-		if services.rooms.metadata.is_banned(room_id).await
-			|| services
-				.moderation
-				.is_remote_server_forbidden(room_id.server_name().expect("legacy room mxid"))
-		{
+		let room_banned = services.rooms.metadata.is_banned(room_id).await;
+		let server_banned = room_id.server_name().is_some_and(|server_name| {
+			services.moderation.is_remote_server_forbidden(server_name)
+		});
+		if room_banned || server_banned {
 			warn!(
 				"User {user_id} who is not an admin attempted to send an invite for or \
 				 attempted to join a banned room or banned room server name: {room_id}"
@@ -106,7 +106,6 @@ pub(crate) async fn banned_room_check(
 					.boxed()
 					.await?;
 			}
-
 			return Err!(Request(Forbidden("This room is banned on this homeserver.")));
 		}
 	} else if let Some(server_name) = server_name {
@@ -47,7 +47,7 @@ pub(crate) async fn unban_user_route(
 				..current_member_content
 			}),
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -30,6 +30,7 @@ use ruma::{
 	events::{
 		AnyStateEvent, StateEventType,
 		TimelineEventType::{self, *},
+		invite_permission_config::FilterLevel,
 	},
 	serde::Raw,
 };
@@ -267,7 +268,7 @@ pub(crate) async fn ignored_filter(
 pub(crate) async fn is_ignored_pdu<Pdu>(
 	services: &Services,
 	event: &Pdu,
-	user_id: &UserId,
+	recipient_user: &UserId,
 ) -> bool
 where
 	Pdu: Event + Send + Sync,
@@ -278,20 +279,29 @@ where
 		return true;
 	}

-	let ignored_type = IGNORED_MESSAGE_TYPES.binary_search(event.kind()).is_ok();
-
-	let ignored_server = services
+	let sender_user = event.sender();
+	let type_ignored = IGNORED_MESSAGE_TYPES.binary_search(event.kind()).is_ok();
+	let server_ignored = services
 		.moderation
-		.is_remote_server_ignored(event.sender().server_name());
+		.is_remote_server_ignored(sender_user.server_name());
+	let user_ignored = services
+		.users
+		.user_is_ignored(sender_user, recipient_user)
+		.await;

-	if ignored_type
-		&& (ignored_server
-			|| (!services.config.send_messages_from_ignored_users_to_client
-				&& services
-					.users
-					.user_is_ignored(event.sender(), user_id)
-					.await))
-	{
+	if !type_ignored {
+		// We cannot safely ignore this type
+		return false;
+	}
+
+	if server_ignored {
+		// the sender's server is ignored, so ignore this event
+		return true;
+	}
+
+	if user_ignored && !services.config.send_messages_from_ignored_users_to_client {
+		// the recipient of this PDU has the sender ignored, and we're not
+		// configured to send ignored messages to clients
 		return true;
 	}

@@ -309,7 +319,7 @@ pub(crate) async fn visibility_filter(
 	services
 		.rooms
 		.state_accessor
-		.user_can_see_event(user_id, pdu.room_id(), pdu.event_id())
+		.user_can_see_event(user_id, &pdu.room_id_or_hash(), pdu.event_id())
 		.await
 		.then_some(item)
 }
@@ -320,6 +330,29 @@ pub(crate) fn event_filter(item: PdusIterItem, filter: &RoomEventFilter) -> Opti
 	filter.matches(pdu).then_some(item)
 }

+#[inline]
+pub(crate) async fn is_ignored_invite(
+	services: &Services,
+	recipient_user: &UserId,
+	room_id: &RoomId,
+) -> bool {
+	let Ok(sender_user) = services
+		.rooms
+		.state_cache
+		.invite_sender(recipient_user, room_id)
+		.await
+	else {
+		// the invite may have been sent before the invite_sender table existed.
+		// assume it's not ignored
+		return false;
+	};
+
+	services
+		.users
+		.invite_filter_level(&sender_user, recipient_user)
+		.await == FilterLevel::Ignore
+}
+
 #[cfg_attr(debug_assertions, ctor::ctor)]
 fn _is_sorted() {
 	debug_assert!(
@@ -407,7 +407,7 @@ pub async fn update_all_rooms(
 		if let Err(e) = services
 			.rooms
 			.timeline
-			.build_and_append_pdu(pdu_builder, user_id, room_id, &state_lock)
+			.build_and_append_pdu(pdu_builder, user_id, Some(room_id), &state_lock)
 			.await
 		{
 			warn!(%user_id, %room_id, "Failed to update/send new profile join membership update in room: {e}");
@@ -36,7 +36,7 @@ pub(crate) async fn redact_event_route(
 				})
 			},
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -222,7 +222,7 @@ async fn visibility_filter<Pdu: Event + Send + Sync>(
 	services
 		.rooms
 		.state_accessor
-		.user_can_see_event(sender_user, pdu.room_id(), pdu.event_id())
+		.user_can_see_event(sender_user, &pdu.room_id_or_hash(), pdu.event_id())
 		.await
 		.then_some(item)
 }
@@ -2,7 +2,7 @@ use std::{fmt::Write as _, time::Duration};

 use axum::extract::State;
 use axum_client_ip::InsecureClientIp;
-use conduwuit::{Err, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
+use conduwuit::{Err, Event, Result, debug_info, info, matrix::pdu::PduEvent, utils::ReadyExt};
 use conduwuit_service::Services;
 use rand::Rng;
 use ruma::{
@@ -197,7 +197,7 @@ async fn is_event_report_valid(
 		 valid"
 	);

-	if room_id != pdu.room_id {
+	if room_id != pdu.room_id_or_hash() {
 		return Err!(Request(NotFound("Event ID does not belong to the reported room",)));
 	}

@@ -1,10 +1,10 @@
-use std::collections::BTreeMap;
+use std::collections::{BTreeMap, BTreeSet};

 use axum::extract::State;
 use conduwuit::{
-	Err, Result, debug_info, debug_warn, err, info,
+	Err, Result, RoomVersion, debug, debug_info, debug_warn, err, info,
 	matrix::{StateKey, pdu::PduBuilder},
-	warn,
+	trace, warn,
 };
 use conduwuit_service::{Services, appservice::RegistrationInfo};
 use futures::FutureExt;
@@ -13,6 +13,7 @@ use ruma::{
 	api::client::room::{self, create_room},
 	events::{
 		TimelineEventType,
+		invite_permission_config::FilterLevel,
 		room::{
 			canonical_alias::RoomCanonicalAliasEventContent,
 			create::RoomCreateEventContent,
@@ -49,6 +50,7 @@ use crate::{Ruma, client::invite_helper};
 /// - Send events implied by `name` and `topic`
 /// - Send invite events
 #[allow(clippy::large_stack_frames)]
+#[allow(clippy::cognitive_complexity)]
 pub(crate) async fn create_room_route(
 	State(services): State<crate::State>,
 	body: Ruma<create_room::v3::Request>,
@@ -68,51 +70,6 @@ pub(crate) async fn create_room_route(
 		return Err!(Request(UserSuspended("You cannot perform this action while suspended.")));
 	}

-	let room_id: OwnedRoomId = match &body.room_id {
-		| Some(custom_room_id) => custom_room_id_check(&services, custom_room_id)?,
-		| _ => RoomId::new(&services.server.name),
-	};
-
-	// check if room ID doesn't already exist instead of erroring on auth check
-	if services.rooms.short.get_shortroomid(&room_id).await.is_ok() {
-		return Err!(Request(RoomInUse("Room with that custom room ID already exists",)));
-	}
-
-	if body.visibility == room::Visibility::Public
-		&& services.server.config.lockdown_public_room_directory
-		&& !services.users.is_admin(sender_user).await
-		&& body.appservice_info.is_none()
-	{
-		warn!(
-			"Non-admin user {sender_user} tried to publish {room_id} to the room directory \
-			 while \"lockdown_public_room_directory\" is enabled"
-		);
-
-		if services.server.config.admin_room_notices {
-			services
-				.admin
-				.notice(&format!(
-					"Non-admin user {sender_user} tried to publish {room_id} to the room \
-					 directory while \"lockdown_public_room_directory\" is enabled"
-				))
-				.await;
-		}
-
-		return Err!(Request(Forbidden("Publishing rooms to the room directory is not allowed")));
-	}
-	let _short_id = services
-		.rooms
-		.short
-		.get_or_create_shortroomid(&room_id)
-		.await;
-	let state_lock = services.rooms.state.mutex.lock(&room_id).await;
-
-	let alias: Option<OwnedRoomAliasId> = match body.room_alias_name.as_ref() {
-		| Some(alias) =>
-			Some(room_alias_check(&services, alias, body.appservice_info.as_ref()).await?),
-		| _ => None,
-	};
-
 	let room_version = match body.room_version.clone() {
 		| Some(room_version) =>
 			if services.server.supported_room_version(&room_version) {
@@ -124,6 +81,86 @@ pub(crate) async fn create_room_route(
 			},
 		| None => services.server.config.default_room_version.clone(),
 	};
+	let room_features = RoomVersion::new(&room_version)?;
+
+	let room_id: Option<OwnedRoomId> = if !room_features.room_ids_as_hashes {
+		match &body.room_id {
+			| Some(custom_room_id) => Some(custom_room_id_check(&services, custom_room_id)?),
+			| None => Some(RoomId::new(services.globals.server_name())),
+		}
+	} else {
+		None
+	};
+
+	// check if room ID doesn't already exist instead of erroring on auth check
+	if let Some(ref room_id) = room_id {
+		if services.rooms.short.get_shortroomid(room_id).await.is_ok() {
+			return Err!(Request(RoomInUse("Room with that custom room ID already exists",)));
+		}
+	}
+
+	if body.visibility == room::Visibility::Public
+		&& services.server.config.lockdown_public_room_directory
+		&& !services.users.is_admin(sender_user).await
+		&& body.appservice_info.is_none()
+	{
+		warn!(
+			"Non-admin user {sender_user} tried to publish {room_id:?} to the room directory \
+			 while \"lockdown_public_room_directory\" is enabled"
+		);
+
+		if services.server.config.admin_room_notices {
+			services
+				.admin
+				.notice(&format!(
+					"Non-admin user {sender_user} tried to publish {room_id:?} to the room \
+					 directory while \"lockdown_public_room_directory\" is enabled"
+				))
+				.await;
+		}
+
+		return Err!(Request(Forbidden("Publishing rooms to the room directory is not allowed")));
+	}
+
+	let mut invitees = BTreeSet::new();
+
+	for recipient_user in &body.invite {
+		if !matches!(
+			services
+				.users
+				.invite_filter_level(recipient_user, sender_user)
+				.await,
+			FilterLevel::Allow
+		) {
+			// drop invites if the creator has them blocked
+			continue;
+		}
+
+		// if the recipient of the invite is local and has the sender blocked, error
+		// out. if the recipient is remote we can't tell yet, and if they're local and
+		// have the sender _ignored_ their invite will be filtered out in
+		// the handlers for the individual /sync endpoints
+		if services.globals.user_is_local(recipient_user)
+			&& matches!(
+				services
+					.users
+					.invite_filter_level(sender_user, recipient_user)
+					.await,
+				FilterLevel::Block
+			) {
+			return Err!(Request(InviteBlocked(
+				"{recipient_user} has blocked invites from you."
+			)));
+		}
+
+		invitees.insert(recipient_user.clone());
+	}
+
+	let alias: Option<OwnedRoomAliasId> = match body.room_alias_name.as_ref() {
+		| Some(alias) =>
+			Some(room_alias_check(&services, alias, body.appservice_info.as_ref()).await?),
+		| _ => None,
+	};

 	let create_content = match &body.creation_content {
 		| Some(content) => {
@@ -164,18 +201,36 @@ pub(crate) async fn create_room_route(
 			let content = match room_version {
 				| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 =>
 					RoomCreateEventContent::new_v1(sender_user.to_owned()),
-				| _ => RoomCreateEventContent::new_v11(),
+				| V11 => RoomCreateEventContent::new_v11(),
+				| _ => RoomCreateEventContent::new_v12(),
 			};
 			let mut content =
-				serde_json::from_str::<CanonicalJsonObject>(to_raw_value(&content)?.get())
-					.unwrap();
+				serde_json::from_str::<CanonicalJsonObject>(to_raw_value(&content)?.get())?;
 			content.insert("room_version".into(), json!(room_version.as_str()).try_into()?);
 			content
 		},
 	};

+	let state_lock = match room_id.clone() {
+		| Some(room_id) => {
+			let _short_id = services
+				.rooms
+				.short
+				.get_or_create_shortroomid(&room_id)
+				.await;
+			services.rooms.state.mutex.lock(&room_id).await
+		},
+		| None => {
+			let temp_room_id = RoomId::new(services.globals.server_name());
+			trace!("Locking temporary room state mutex for {temp_room_id}");
+			services.rooms.state.mutex.lock(&temp_room_id).await
+		},
+	};
+
 	// 1. The room create event
-	services
+	debug!("Creating room create event for {sender_user} in room {room_id:?}");
+	let tmp_id = room_id.as_deref();
+	let create_event_id = services
 		.rooms
 		.timeline
 		.build_and_append_pdu(
@@ -186,13 +241,26 @@ pub(crate) async fn create_room_route(
 				..Default::default()
 			},
 			sender_user,
-			&room_id,
+			tmp_id,
 			&state_lock,
 		)
 		.boxed()
 		.await?;
+	trace!("Created room create event with ID {}", &create_event_id);
+	let room_id = match room_id.clone() {
+		| Some(room_id) => room_id,
+		| None => {
+			let as_room_id = create_event_id.as_str().replace('$', "!");
+			trace!("Creating room with v12 room ID {as_room_id}");
+			RoomId::parse(&as_room_id)?.to_owned()
+		},
+	};
+	drop(state_lock);
+	debug!("Room created with ID {room_id}");
+	let state_lock = services.rooms.state.mutex.lock(&room_id).await;

 	// 2. Let the room creator join
+	debug_info!("Joining {sender_user} to room {room_id}");
 	services
 		.rooms
 		.timeline
@@ -205,7 +273,7 @@ pub(crate) async fn create_room_route(
 				..RoomMemberEventContent::new(MembershipState::Join)
 			}),
 			sender_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -219,26 +287,45 @@ pub(crate) async fn create_room_route(
 		| _ => RoomPreset::PrivateChat, // Room visibility should not be custom
 	});

-	let mut users = BTreeMap::from_iter([(sender_user.to_owned(), int!(100))]);
+	let mut power_levels_to_grant = BTreeMap::from_iter([(sender_user.to_owned(), int!(100))]);

 	if preset == RoomPreset::TrustedPrivateChat {
-		for invite in &body.invite {
-			if services.users.user_is_ignored(sender_user, invite).await {
-				continue;
-			} else if services.users.user_is_ignored(invite, sender_user).await {
-				// silently drop the invite to the recipient if they've been ignored by the
-				// sender, pretend it worked
-				continue;
-			}
-
-			users.insert(invite.clone(), int!(100));
+		for recipient_user in &invitees {
+			power_levels_to_grant.insert(recipient_user.clone(), int!(100));
 		}
 	}

+	let mut creators: Vec<OwnedUserId> = vec![sender_user.to_owned()];
+	// Do we care about additional_creators?
+	if room_features.explicitly_privilege_room_creators {
+		// Have they been specified?
+		if let Some(additional_creators) = create_content.get("additional_creators") {
+			// Are they a real array?
+			if let Some(additional_creators) = additional_creators.as_array() {
+				// Iterate through them
+				for creator in additional_creators {
+					// Are they a string?
+					if let Some(creator) = creator.as_str() {
+						// Do they parse into a real user ID?
+						if let Ok(creator) = OwnedUserId::parse(creator) {
+							// Add them to the power levels and creators
+							creators.push(creator.clone());
+						}
+					}
+				}
+			}
+		}
+	} else {
+		power_levels_to_grant.insert(sender_user.to_owned(), int!(100));
+		creators.clear(); // If this vec is not empty, default_power_levels_content will
+		// treat this as a v12 room
+	}
+
 	let power_levels_content = default_power_levels_content(
 		body.power_level_content_override.as_ref(),
 		&body.visibility,
-		users,
+		power_levels_to_grant,
+		creators,
 	)?;

 	services
@@ -252,7 +339,7 @@ pub(crate) async fn create_room_route(
 				..Default::default()
 			},
 			sender_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -269,7 +356,7 @@ pub(crate) async fn create_room_route(
 					alt_aliases: vec![],
 				}),
 				sender_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.boxed()
@@ -292,7 +379,7 @@ pub(crate) async fn create_room_route(
 				}),
 			),
 			sender_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -308,7 +395,7 @@ pub(crate) async fn create_room_route(
 				&RoomHistoryVisibilityEventContent::new(HistoryVisibility::Shared),
 			),
 			sender_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -327,7 +414,7 @@ pub(crate) async fn create_room_route(
 				}),
 			),
 			sender_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -363,7 +450,7 @@ pub(crate) async fn create_room_route(
 		services
 			.rooms
 			.timeline
-			.build_and_append_pdu(pdu_builder, sender_user, &room_id, &state_lock)
+			.build_and_append_pdu(pdu_builder, sender_user, Some(&room_id), &state_lock)
 			.boxed()
 			.await?;
 	}
@@ -376,7 +463,7 @@ pub(crate) async fn create_room_route(
 			.build_and_append_pdu(
 				PduBuilder::state(String::new(), &RoomNameEventContent::new(name.clone())),
 				sender_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.boxed()
@@ -390,7 +477,7 @@ pub(crate) async fn create_room_route(
 			.build_and_append_pdu(
 				PduBuilder::state(String::new(), &RoomTopicEventContent { topic: topic.clone() }),
 				sender_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.boxed()
@@ -399,17 +486,9 @@ pub(crate) async fn create_room_route(

 	// 8. Events implied by invite (and TODO: invite_3pid)
 	drop(state_lock);
-	for user_id in &body.invite {
-		if services.users.user_is_ignored(sender_user, user_id).await {
-			continue;
-		} else if services.users.user_is_ignored(user_id, sender_user).await {
-			// silently drop the invite to the recipient if they've been ignored by the
-			// sender, pretend it worked
-			continue;
-		}
-
+	for recipient_user in &invitees {
 		if let Err(e) =
-			invite_helper(&services, sender_user, user_id, &room_id, None, body.is_direct)
+			invite_helper(&services, sender_user, recipient_user, &room_id, None, body.is_direct)
 				.boxed()
 				.await
 		{
@@ -450,6 +529,7 @@ fn default_power_levels_content(
 	power_level_content_override: Option<&Raw<RoomPowerLevelsEventContent>>,
 	visibility: &room::Visibility,
 	users: BTreeMap<OwnedUserId, Int>,
+	creators: Vec<OwnedUserId>,
 ) -> Result<serde_json::Value> {
 	let mut power_levels_content =
 		serde_json::to_value(RoomPowerLevelsEventContent { users, ..Default::default() })
@@ -499,6 +579,19 @@ fn default_power_levels_content(
 		}
 	}

+	if !creators.is_empty() {
+		// Raise the default power level of tombstone to 150
+		power_levels_content["events"]["m.room.tombstone"] =
+			serde_json::to_value(150).expect("150 is valid Value");
+		for creator in creators {
+			// Omit creators from the power level list altogether
+			power_levels_content["users"]
+				.as_object_mut()
+				.expect("users is an object")
+				.remove(creator.as_str());
+		}
+	}
+
 	Ok(power_levels_content)
 }

@@ -2,7 +2,7 @@ use std::cmp::max;

 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Event, Result, debug, err, info,
+	Err, Error, Event, Result, RoomVersion, debug, err, info,
 	matrix::{StateKey, pdu::PduBuilder},
 };
 use futures::{FutureExt, StreamExt};
@@ -68,37 +68,76 @@ pub(crate) async fn upgrade_room_route(
 		return Err!(Request(UserSuspended("You cannot perform this action while suspended.")));
 	}

+	// First, check if the user has permission to upgrade the room (send tombstone
+	// event)
+	let old_room_state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+
+	// Check tombstone permission by attempting to create (but not send) the event
+	// Note that this does internally call the policy server with a fake room ID,
+	// which may not be good?
+	let tombstone_test_result = services
+		.rooms
+		.timeline
+		.create_hash_and_sign_event(
+			PduBuilder::state(StateKey::new(), &RoomTombstoneEventContent {
+				body: "This room has been replaced".to_owned(),
+				replacement_room: RoomId::new(services.globals.server_name()),
+			}),
+			sender_user,
+			Some(&body.room_id),
+			&old_room_state_lock,
+		)
+		.await;
+
+	if let Err(_e) = tombstone_test_result {
+		return Err!(Request(Forbidden("User does not have permission to upgrade this room.")));
+	}
+
+	drop(old_room_state_lock);
+
 	// Create a replacement room
-	let replacement_room = RoomId::new(services.globals.server_name());
+	let room_features = RoomVersion::new(&body.new_version)?;
+	let replacement_room: Option<&RoomId> = if room_features.room_ids_as_hashes {
+		None
+	} else {
+		Some(&RoomId::new(services.globals.server_name()))
+	};
+	let replacement_room_tmp = match replacement_room {
+		| Some(v) => v,
+		| None => &RoomId::new(services.globals.server_name()),
+	};

 	let _short_id = services
 		.rooms
 		.short
-		.get_or_create_shortroomid(&replacement_room)
+		.get_or_create_shortroomid(replacement_room_tmp)
 		.await;

-	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
-
-	// Send a m.room.tombstone event to the old room to indicate that it is not
-	// intended to be used any further Fail if the sender does not have the required
-	// permissions
-	let tombstone_event_id = services
-		.rooms
-		.timeline
-		.build_and_append_pdu(
-			PduBuilder::state(StateKey::new(), &RoomTombstoneEventContent {
-				body: "This room has been replaced".to_owned(),
-				replacement_room: replacement_room.clone(),
-			}),
-			sender_user,
-			&body.room_id,
-			&state_lock,
-		)
-		.await?;
-
-	// Change lock to replacement room
-	drop(state_lock);
-	let state_lock = services.rooms.state.mutex.lock(&replacement_room).await;
+	// For pre-v12 rooms, send tombstone before creating replacement room
+	let tombstone_event_id = if !room_features.room_ids_as_hashes {
+		let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+		// Send a m.room.tombstone event to the old room to indicate that it is not
+		// intended to be used any further
+		let tombstone_event_id = services
+			.rooms
+			.timeline
+			.build_and_append_pdu(
+				PduBuilder::state(StateKey::new(), &RoomTombstoneEventContent {
+					body: "This room has been replaced".to_owned(),
+					replacement_room: replacement_room.unwrap().to_owned(),
+				}),
+				sender_user,
+				Some(&body.room_id),
+				&state_lock,
+			)
+			.await?;
+		// Change lock to replacement room
+		drop(state_lock);
+		Some(tombstone_event_id)
+	} else {
+		None
+	};
+	let state_lock = services.rooms.state.mutex.lock(replacement_room_tmp).await;

 	// Get the old room creation event
 	let mut create_event_content: CanonicalJsonObject = services
@@ -111,7 +150,7 @@ pub(crate) async fn upgrade_room_route(
 	// Use the m.room.tombstone event as the predecessor
 	let predecessor = Some(ruma::events::room::create::PreviousRoom::new(
 		body.room_id.clone(),
-		Some(tombstone_event_id),
+		tombstone_event_id,
 	));

 	// Send a m.room.create event containing a predecessor field and the applicable
@@ -132,6 +171,7 @@ pub(crate) async fn upgrade_room_route(
 				// "creator" key no longer exists in V11 rooms
 				create_event_content.remove("creator");
 			},
+			// TODO(hydra): additional_creators
 		}
 	}

@@ -159,7 +199,7 @@ pub(crate) async fn upgrade_room_route(
 		return Err(Error::BadRequest(ErrorKind::BadJson, "Error forming creation event"));
 	}

-	services
+	let create_event_id = services
 		.rooms
 		.timeline
 		.build_and_append_pdu(
@@ -173,11 +213,18 @@ pub(crate) async fn upgrade_room_route(
 				timestamp: None,
 			},
 			sender_user,
-			&replacement_room,
+			replacement_room,
 			&state_lock,
 		)
 		.boxed()
 		.await?;
+	let create_id = create_event_id.as_str().replace('$', "!");
+	let (replacement_room, state_lock) = if room_features.room_ids_as_hashes {
+		let parsed_room_id = RoomId::parse(&create_id)?;
+		(Some(parsed_room_id), services.rooms.state.mutex.lock(parsed_room_id).await)
+	} else {
+		(replacement_room, state_lock)
+	};

 	// Join the new room
 	services
@@ -204,7 +251,7 @@ pub(crate) async fn upgrade_room_route(
 				timestamp: None,
 			},
 			sender_user,
-			&replacement_room,
+			replacement_room,
 			&state_lock,
 		)
 		.boxed()
@@ -243,7 +290,7 @@ pub(crate) async fn upgrade_room_route(
 						..Default::default()
 					},
 					sender_user,
-					&replacement_room,
+					replacement_room,
 					&state_lock,
 				)
 				.boxed()
@@ -268,7 +315,7 @@ pub(crate) async fn upgrade_room_route(
 		services
 			.rooms
 			.alias
-			.set_alias(alias, &replacement_room, sender_user)?;
+			.set_alias(alias, replacement_room.unwrap(), sender_user)?;
 	}

 	// Get the old room power levels
@@ -302,7 +349,7 @@ pub(crate) async fn upgrade_room_route(
 				..power_levels_event_content
 			}),
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -310,6 +357,27 @@ pub(crate) async fn upgrade_room_route(

 	drop(state_lock);

+	// For v12 rooms, send tombstone AFTER creating replacement room
+	if room_features.room_ids_as_hashes {
+		let old_room_state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
+		// For v12 rooms, no event reference in predecessor due to cyclic dependency -
+		// could best effort one maybe?
+		services
+			.rooms
+			.timeline
+			.build_and_append_pdu(
+				PduBuilder::state(StateKey::new(), &RoomTombstoneEventContent {
+					body: "This room has been replaced".to_owned(),
+					replacement_room: replacement_room.unwrap().to_owned(),
+				}),
+				sender_user,
+				Some(&body.room_id),
+				&old_room_state_lock,
+			)
+			.await?;
+		drop(old_room_state_lock);
+	}
+
 	// Check if the old room has a space parent, and if so, whether we should update
 	// it (m.space.parent, room_id)
 	let parents = services
@@ -334,8 +402,9 @@ pub(crate) async fn upgrade_room_route(
 			continue;
 		};
 		debug!(
-			"Updating space {space_id} child event for room {} to {replacement_room}",
-			&body.room_id
+			"Updating space {space_id} child event for room {} to {}",
+			&body.room_id,
+			replacement_room.unwrap()
 		);
 		// First, drop the space's child event
 		let state_lock = services.rooms.state.mutex.lock(space_id).await;
@@ -352,14 +421,17 @@ pub(crate) async fn upgrade_room_route(
 					..Default::default()
 				},
 				sender_user,
-				space_id,
+				Some(space_id),
 				&state_lock,
 			)
 			.boxed()
 			.await
 			.ok();
 		// Now, add a new child event for the replacement room
-		debug!("Adding space child event for room {replacement_room} in space {space_id}");
+		debug!(
+			"Adding space child event for room {} in space {space_id}",
+			replacement_room.unwrap()
+		);
 		services
 			.rooms
 			.timeline
@@ -372,23 +444,26 @@ pub(crate) async fn upgrade_room_route(
 						suggested: child.suggested,
 					})
 					.expect("event is valid, we just created it"),
-					state_key: Some(replacement_room.as_str().into()),
+					state_key: Some(replacement_room.unwrap().as_str().into()),
 					..Default::default()
 				},
 				sender_user,
-				space_id,
+				Some(space_id),
 				&state_lock,
 			)
 			.boxed()
 			.await
 			.ok();
 		debug!(
-			"Finished updating space {space_id} child event for room {} to {replacement_room}",
-			&body.room_id
+			"Finished updating space {space_id} child event for room {} to {}",
+			&body.room_id,
+			replacement_room.unwrap()
 		);
 		drop(state_lock);
 	}

 	// Return the replacement room id
-	Ok(upgrade_room::v3::Response { replacement_room })
+	Ok(upgrade_room::v3::Response {
+		replacement_room: replacement_room.unwrap().to_owned(),
+	})
 }
@@ -80,7 +80,7 @@ pub(crate) async fn send_message_event_route(
 				..Default::default()
 			},
 			sender_user,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -145,9 +145,9 @@ pub(super) async fn ldap_login(
 	let is_conduwuit_admin = services.admin.user_is_admin(lowercased_user_id).await;

 	if is_ldap_admin && !is_conduwuit_admin {
-		services.admin.make_user_admin(lowercased_user_id).await?;
+		Box::pin(services.admin.make_user_admin(lowercased_user_id)).await?;
 	} else if !is_ldap_admin && is_conduwuit_admin {
-		services.admin.revoke_admin(lowercased_user_id).await?;
+		Box::pin(services.admin.revoke_admin(lowercased_user_id)).await?;
 	}

 	Ok(user_id)
@@ -201,7 +201,7 @@ async fn send_state_event_for_key_helper(
 				..Default::default()
 			},
 			sender,
-			room_id,
+			Some(room_id),
 			&state_lock,
 		)
 		.await?;
@@ -60,7 +60,10 @@ use ruma::{
 use service::rooms::short::{ShortEventId, ShortStateKey};

 use super::{load_timeline, share_encrypted_room};
-use crate::{Ruma, RumaResponse, client::ignored_filter};
+use crate::{
+	Ruma, RumaResponse,
+	client::{ignored_filter, is_ignored_invite},
+};

 #[derive(Default)]
 struct StateChanges {
@@ -238,6 +241,13 @@ pub(crate) async fn build_sync_events(
 		.rooms
 		.state_cache
 		.rooms_invited(sender_user)
+		.wide_filter_map(async |(room_id, invite_state)| {
+			if is_ignored_invite(services, sender_user, &room_id).await {
+				None
+			} else {
+				Some((room_id, invite_state))
+			}
+		})
 		.fold_default(|mut invited_rooms: BTreeMap<_, _>, (room_id, invite_state)| async move {
 			let invite_count = services
 				.rooms
@@ -457,7 +467,7 @@ async fn handle_left_room(
 			state_key: Some(sender_user.as_str().into()),
 			unsigned: None,
 			// The following keys are dropped on conversion
-			room_id: room_id.clone(),
+			room_id: Some(room_id.clone()),
 			prev_events: vec![],
 			depth: uint!(1),
 			auth_events: vec![],
@@ -11,6 +11,7 @@ use conduwuit::{
 	utils::{
 		BoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		math::{ruma_from_usize, usize_from_ruma, usize_from_u64_truncated},
+		stream::WidebandExt,
 	},
 	warn,
 };
@@ -39,7 +40,7 @@ use ruma::{
 use super::{load_timeline, share_encrypted_room};
 use crate::{
 	Ruma,
-	client::{DEFAULT_BUMP_TYPES, ignored_filter},
+	client::{DEFAULT_BUMP_TYPES, ignored_filter, is_ignored_invite},
 };

 type TodoRooms = BTreeMap<OwnedRoomId, (BTreeSet<TypeStateKey>, usize, u64)>;
@@ -102,6 +103,13 @@ pub(crate) async fn sync_events_v4_route(
 		.rooms
 		.state_cache
 		.rooms_invited(sender_user)
+		.wide_filter_map(async |(room_id, invite_state)| {
+			if is_ignored_invite(&services, sender_user, &room_id).await {
+				None
+			} else {
+				Some((room_id, invite_state))
+			}
+		})
 		.map(|r| r.0)
 		.collect()
 		.await;
@@ -14,6 +14,7 @@ use conduwuit::{
 		BoolExt, FutureBoolExt, IterStream, ReadyExt, TryFutureExtExt,
 		future::ReadyEqExt,
 		math::{ruma_from_usize, usize_from_ruma},
+		stream::WidebandExt,
 	},
 	warn,
 };
@@ -38,7 +39,7 @@ use ruma::{
 use super::share_encrypted_room;
 use crate::{
 	Ruma,
-	client::{DEFAULT_BUMP_TYPES, ignored_filter, sync::load_timeline},
+	client::{DEFAULT_BUMP_TYPES, ignored_filter, is_ignored_invite, sync::load_timeline},
 };

 type SyncInfo<'a> = (&'a UserId, &'a DeviceId, u64, &'a sync_events::v5::Request);
@@ -106,6 +107,13 @@ pub(crate) async fn sync_events_v5_route(
 		.rooms
 		.state_cache
 		.rooms_invited(sender_user)
+		.wide_filter_map(async |(room_id, invite_state)| {
+			if is_ignored_invite(services, sender_user, &room_id).await {
+				None
+			} else {
+				Some((room_id, invite_state))
+			}
+		})
 		.map(|r| r.0)
 		.collect::<Vec<OwnedRoomId>>();

@@ -59,6 +59,7 @@ pub(crate) async fn get_supported_versions_route(
 			("us.cloke.msc4175".to_owned(), true), /* Profile field for user time zone (https://github.com/matrix-org/matrix-spec-proposals/pull/4175) */
 			("org.matrix.simplified_msc3575".to_owned(), true), /* Simplified Sliding sync (https://github.com/matrix-org/matrix-spec-proposals/pull/4186) */
 			("uk.timedout.msc4323".to_owned(), true), /* agnostic suspend (https://github.com/matrix-org/matrix-spec-proposals/pull/4323) */
+			("org.matrix.msc4155".to_owned(), true), /* invite filtering (https://github.com/matrix-org/matrix-spec-proposals/pull/4155) */
 		]),
 	};

@@ -78,7 +78,7 @@ pub(crate) async fn well_known_support(
 			while let Some(user_id) = stream.next().await {
 				// Skip server user
 				if *user_id == services.globals.server_user {
-					break;
+					continue;
 				}
 				contacts.push(Contact {
 					role: role_value.clone(),
@@ -2,7 +2,7 @@ use std::cmp;

 use axum::extract::State;
 use conduwuit::{
-	PduCount, Result,
+	Event, PduCount, Result,
 	utils::{IterStream, ReadyExt, stream::TryTools},
 };
 use futures::{FutureExt, StreamExt, TryStreamExt};
@@ -68,7 +68,7 @@ pub(crate) async fn get_backfill_route(
 				Ok(services
 					.rooms
 					.state_accessor
-					.server_can_see_event(body.origin(), &pdu.room_id, &pdu.event_id)
+					.server_can_see_event(body.origin(), &pdu.room_id_or_hash(), &pdu.event_id)
 					.await
 					.then_some(pdu))
 			})
@@ -61,13 +61,16 @@ pub(crate) async fn create_invite_route(
 	let mut signed_event = utils::to_canonical_object(&body.event)
 		.map_err(|_| err!(Request(InvalidParam("Invite event is invalid."))))?;

-	let invited_user: OwnedUserId = signed_event
+	let recipient_user: OwnedUserId = signed_event
 		.get("state_key")
 		.try_into()
 		.map(UserId::to_owned)
 		.map_err(|e| err!(Request(InvalidParam("Invalid state_key property: {e}"))))?;

-	if !services.globals.server_is_ours(invited_user.server_name()) {
+	if !services
+		.globals
+		.server_is_ours(recipient_user.server_name())
+	{
 		return Err!(Request(InvalidParam("User does not belong to this homeserver.")));
 	}

@@ -75,7 +78,7 @@ pub(crate) async fn create_invite_route(
 	services
 		.rooms
 		.event_handler
-		.acl_check(invited_user.server_name(), &body.room_id)
+		.acl_check(recipient_user.server_name(), &body.room_id)
 		.await?;

 	services
@@ -89,18 +92,19 @@ pub(crate) async fn create_invite_route(
 	// Add event_id back
 	signed_event.insert("event_id".to_owned(), CanonicalJsonValue::String(event_id.to_string()));

-	let sender: &UserId = signed_event
+	let sender_user: &UserId = signed_event
 		.get("sender")
 		.try_into()
 		.map_err(|e| err!(Request(InvalidParam("Invalid sender property: {e}"))))?;

 	if services.rooms.metadata.is_banned(&body.room_id).await
-		&& !services.users.is_admin(&invited_user).await
+		&& !services.users.is_admin(&recipient_user).await
 	{
 		return Err!(Request(Forbidden("This room is banned on this homeserver.")));
 	}

-	if services.config.block_non_admin_invites && !services.users.is_admin(&invited_user).await {
+	if services.config.block_non_admin_invites && !services.users.is_admin(&recipient_user).await
+	{
 		return Err!(Request(Forbidden("This server does not allow room invites.")));
 	}

@@ -131,9 +135,9 @@ pub(crate) async fn create_invite_route(
 			.state_cache
 			.update_membership(
 				&body.room_id,
-				&invited_user,
+				&recipient_user,
 				RoomMemberEventContent::new(MembershipState::Invite),
-				sender,
+				sender_user,
 				Some(invite_state),
 				body.via.clone(),
 				true,
@@ -141,7 +145,7 @@ pub(crate) async fn create_invite_route(
 			.await?;

 		for appservice in services.appservice.read().await.values() {
-			if appservice.is_user_match(&invited_user) {
+			if appservice.is_user_match(&recipient_user) {
 				services
 					.sending
 					.send_appservice_request(
@@ -1,6 +1,6 @@
 use axum::extract::State;
 use conduwuit::{
-	Err, Error, Result, debug_info, matrix::pdu::PduBuilder, utils::IterStream, warn,
+	Err, Error, Result, debug_info, info, matrix::pdu::PduBuilder, utils::IterStream, warn,
 };
 use conduwuit_service::Services;
 use futures::StreamExt;
@@ -22,6 +22,7 @@ use crate::Ruma;
 /// # `GET /_matrix/federation/v1/make_join/{roomId}/{userId}`
 ///
 /// Creates a join template.
+#[tracing::instrument(skip_all, fields(room_id = %body.room_id, user_id = %body.user_id, origin = %body.origin()))]
 pub(crate) async fn create_join_event_template_route(
 	State(services): State<crate::State>,
 	body: Ruma<prepare_join_event::v1::Request>,
@@ -72,11 +73,16 @@ pub(crate) async fn create_join_event_template_route(
 	}

 	let state_lock = services.rooms.state.mutex.lock(&body.room_id).await;
-
+	let is_invited = services
+		.rooms
+		.state_cache
+		.is_invited(&body.user_id, &body.room_id)
+		.await;
 	let join_authorized_via_users_server: Option<OwnedUserId> = {
 		use RoomVersionId::*;
-		if matches!(room_version_id, V1 | V2 | V3 | V4 | V5 | V6 | V7) {
-			// room version does not support restricted join rules
+		if matches!(room_version_id, V1 | V2 | V3 | V4 | V5 | V6 | V7) || is_invited {
+			// room version does not support restricted join rules, or the user is currently
+			// already invited
 			None
 		} else if user_can_perform_restricted_join(
 			&services,
@@ -103,6 +109,10 @@ pub(crate) async fn create_join_event_template_route(
 				.await
 				.map(ToOwned::to_owned)
 			else {
+				info!(
+					"No local user is able to authorize the join of {} into {}",
+					&body.user_id, &body.room_id
+				);
 				return Err!(Request(UnableToGrantJoin(
 					"No user on this server is able to assist in joining."
 				)));
@@ -122,7 +132,7 @@ pub(crate) async fn create_join_event_template_route(
 				..RoomMemberEventContent::new(MembershipState::Join)
 			}),
 			&body.user_id,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -167,6 +177,7 @@ pub(crate) async fn user_can_perform_restricted_join(
 		)
 		.await
 	else {
+		// No join rules means there's nothing to authorise (defaults to invite)
 		return Ok(false);
 	};

@@ -95,7 +95,7 @@ pub(crate) async fn create_knock_event_template_route(
 				&RoomMemberEventContent::new(MembershipState::Knock),
 			),
 			&body.user_id,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -45,7 +45,7 @@ pub(crate) async fn create_leave_event_template_route(
 				&RoomMemberEventContent::new(MembershipState::Leave),
 			),
 			&body.user_id,
-			&body.room_id,
+			Some(&body.room_id),
 			&state_lock,
 		)
 		.await?;
@@ -175,7 +175,11 @@ pub(crate) async fn create_knock_event_v1_route(
 		.send_pdu_room(&body.room_id, &pdu_id)
 		.await?;

-	let knock_room_state = services.rooms.state.summary_stripped(&pdu).await;
+	let knock_room_state = services
+		.rooms
+		.state
+		.summary_stripped(&pdu, &body.room_id)
+		.await;

 	Ok(send_knock::v1::Response { knock_room_state })
 }
@@ -73,6 +73,7 @@ pub(super) fn bad_request_code(kind: &ErrorKind) -> StatusCode {
 		| ThreepidAuthFailed
 		| UserDeactivated
 		| ThreepidDenied
+		| InviteBlocked
 		| WrongRoomKeysVersion { .. }
 		| Forbidden { .. } => StatusCode::FORBIDDEN,

@@ -18,7 +18,7 @@ pub const STABLE_ROOM_VERSIONS: &[RoomVersionId] = &[

 /// Experimental, partially supported room versions
 pub const UNSTABLE_ROOM_VERSIONS: &[RoomVersionId] =
-	&[RoomVersionId::V3, RoomVersionId::V4, RoomVersionId::V5];
+	&[RoomVersionId::V3, RoomVersionId::V4, RoomVersionId::V5, RoomVersionId::V12];

 type RoomVersion = (RoomVersionId, RoomVersionStability);

@@ -10,7 +10,7 @@ mod unsigned;
 use std::fmt::Debug;

 use ruma::{
-	CanonicalJsonObject, EventId, MilliSecondsSinceUnixEpoch, OwnedEventId, RoomId,
+	CanonicalJsonObject, EventId, MilliSecondsSinceUnixEpoch, OwnedEventId, OwnedRoomId, RoomId,
 	RoomVersionId, UserId, events::TimelineEventType,
 };
 use serde::Deserialize;
@@ -168,7 +168,12 @@ pub trait Event: Clone + Debug {
 	fn redacts(&self) -> Option<&EventId>;

 	/// The `RoomId` of this event.
-	fn room_id(&self) -> &RoomId;
+	fn room_id(&self) -> Option<&RoomId>;
+
+	/// The `RoomId` or hash of this event.
+	/// This should only be preferred over room_id() if the event is a v12
+	/// create event.
+	fn room_id_or_hash(&self) -> OwnedRoomId;

 	/// The `UserId` of this event.
 	fn sender(&self) -> &UserId;
@@ -32,12 +32,19 @@ impl<E: Event> Matches<E> for &RoomEventFilter {
 }

 fn matches_room<E: Event>(event: &E, filter: &RoomEventFilter) -> bool {
-	if filter.not_rooms.iter().any(is_equal_to!(event.room_id())) {
+	if filter
+		.not_rooms
+		.iter()
+		.any(is_equal_to!(event.room_id().expect("event has a room ID")))
+	{
 		return false;
 	}

 	if let Some(rooms) = filter.rooms.as_ref() {
-		if !rooms.iter().any(is_equal_to!(event.room_id())) {
+		if !rooms
+			.iter()
+			.any(is_equal_to!(event.room_id().expect("event has a room ID")))
+		{
 			return false;
 		}
 	}
@@ -31,7 +31,8 @@ use crate::Result;
 pub struct Pdu {
 	pub event_id: OwnedEventId,

-	pub room_id: OwnedRoomId,
+	#[serde(skip_serializing_if = "Option::is_none")]
+	pub room_id: Option<OwnedRoomId>,

 	pub sender: OwnedUserId,

@@ -110,7 +111,27 @@ impl Event for Pdu {
 	fn redacts(&self) -> Option<&EventId> { self.redacts.as_deref() }

 	#[inline]
-	fn room_id(&self) -> &RoomId { &self.room_id }
+	fn room_id(&self) -> Option<&RoomId> { self.room_id.as_deref() }
+
+	#[inline]
+	fn room_id_or_hash(&self) -> OwnedRoomId {
+		if *self.event_type() != TimelineEventType::RoomCreate {
+			return self
+				.room_id()
+				.expect("Event must have a room ID")
+				.to_owned();
+		}
+		if let Some(room_id) = &self.room_id {
+			// v1-v11
+			room_id.clone()
+		} else {
+			// v12+
+			let constructed_hash = self.event_id.as_str().replace('$', "!");
+			RoomId::parse(&constructed_hash)
+				.expect("event ID can be parsed")
+				.to_owned()
+		}
+	}

 	#[inline]
 	fn sender(&self) -> &UserId { &self.sender }
@@ -163,7 +184,27 @@ impl Event for &Pdu {
 	fn redacts(&self) -> Option<&EventId> { self.redacts.as_deref() }

 	#[inline]
-	fn room_id(&self) -> &RoomId { &self.room_id }
+	fn room_id(&self) -> Option<&RoomId> { self.room_id.as_ref().map(AsRef::as_ref) }
+
+	#[inline]
+	fn room_id_or_hash(&self) -> OwnedRoomId {
+		if *self.event_type() != TimelineEventType::RoomCreate {
+			return self
+				.room_id()
+				.expect("Event must have a room ID")
+				.to_owned();
+		}
+		if let Some(room_id) = &self.room_id {
+			// v1-v11
+			room_id.clone()
+		} else {
+			// v12+
+			let constructed_hash = self.event_id.as_str().replace('$', "!");
+			RoomId::parse(&constructed_hash)
+				.expect("event ID can be parsed")
+				.to_owned()
+		}
+	}

 	#[inline]
 	fn sender(&self) -> &UserId { &self.sender }
@@ -406,7 +406,7 @@ where

 	Pdu {
 		event_id: id.try_into().unwrap(),
-		room_id: room_id().to_owned(),
+		room_id: Some(room_id().to_owned()),
 		sender: sender.to_owned(),
 		origin_server_ts: ts.try_into().unwrap(),
 		state_key: state_key.map(Into::into),
@@ -36,8 +36,9 @@ pub use self::{
 	room_version::RoomVersion,
 };
 use crate::{
-	debug, debug_error,
+	debug, debug_error, err,
 	matrix::{Event, StateKey},
+	state_res::room_version::StateResolutionVersion,
 	trace,
 	utils::stream::{BroadbandExt, IterStream, ReadyExt, TryBroadbandExt, WidebandExt},
 	warn,
@@ -92,30 +93,48 @@ where
 	Pdu: Event + Clone + Send + Sync,
 	for<'b> &'b Pdu: Event + Send,
 {
-	debug!("State resolution starting");
+	use RoomVersionId::*;
+	let stateres_version = match room_version {
+		| V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 | V11 => StateResolutionVersion::V2,
+		| _ => StateResolutionVersion::V2_1,
+	};
+	debug!(version = ?stateres_version, "State resolution starting");

 	// Split non-conflicting and conflicting state
-	let (clean, conflicting) = separate(state_sets.into_iter());
+	let (unconflicted, conflicting) = separate(state_sets.into_iter());

-	debug!(count = clean.len(), "non-conflicting events");
-	trace!(map = ?clean, "non-conflicting events");
+	debug!(count = unconflicted.len(), "non-conflicting events");
+	trace!(map = ?unconflicted, "non-conflicting events");

 	if conflicting.is_empty() {
 		debug!("no conflicting state found");
-		return Ok(clean);
+		return Ok(unconflicted);
 	}

 	debug!(count = conflicting.len(), "conflicting events");
 	trace!(map = ?conflicting, "conflicting events");
-
-	let conflicting_values = conflicting.into_values().flatten().stream();
+	let (conflicted_state_subgraph, initial_state) =
+		if stateres_version == StateResolutionVersion::V2_1 {
+			let csg = calculate_conflicted_subgraph(&conflicting, event_fetch)
+				.await
+				.ok_or_else(|| {
+					Error::InvalidPdu("Failed to calculate conflicted subgraph".to_owned())
+				})?;
+			debug!(count = csg.len(), "conflicted subgraph");
+			trace!(set = ?csg, "conflicted subgraph");
+			(csg, HashMap::new())
+		} else {
+			(HashSet::new(), unconflicted.clone())
+		};

 	// `all_conflicted` contains unique items
 	// synapse says `full_set = {eid for eid in full_conflicted_set if eid in
 	// event_map}`
+	// Hydra: Also consider the conflicted state subgraph
 	let all_conflicted: HashSet<_> = get_auth_chain_diff(auth_chain_sets)
-		.chain(conflicting_values)
+		.chain(conflicting.into_values().flatten().stream())
 		.broad_filter_map(async |id| event_exists(id.clone()).await.then_some(id))
+		.chain(conflicted_state_subgraph.into_iter().stream())
 		.collect()
 		.await;

@@ -151,7 +170,7 @@ where
 	let resolved_control = iterative_auth_check(
 		&room_version,
 		sorted_control_levels.iter().stream().map(AsRef::as_ref),
-		clean.clone(),
+		initial_state,
 		&event_fetch,
 	)
 	.await?;
@@ -163,6 +182,9 @@ where
 	// sort the remaining events using the mainline of the resolved power level.
 	let deduped_power_ev: HashSet<_> = sorted_control_levels.into_iter().collect();

+	debug!(count = deduped_power_ev.len(), "deduped power events");
+	trace!(set = ?deduped_power_ev, "deduped power events");
+
 	// This removes the control events that passed auth and more importantly those
 	// that failed auth
 	let events_to_resolve: Vec<_> = all_conflicted
@@ -178,12 +200,12 @@ where
 	let power_levels_ty_sk = (StateEventType::RoomPowerLevels, StateKey::new());
 	let power_event = resolved_control.get(&power_levels_ty_sk);

-	debug!(event_id = ?power_event, "power event");
+	trace!(event_id = ?power_event, "power event");

 	let sorted_left_events =
 		mainline_sort(&events_to_resolve, power_event.cloned(), &event_fetch).await?;

-	trace!(list = ?sorted_left_events, "events left, sorted");
+	trace!(list = ?sorted_left_events, "events left, sorted, running iterative auth check");

 	let mut resolved_state = iterative_auth_check(
 		&room_version,
@@ -193,11 +215,11 @@ where
 	)
 	.await?;

-	// Add unconflicted state to the resolved state
-	// We priorities the unconflicting state
-	resolved_state.extend(clean);
+	// Ensure unconflicting state is in the final state
+	resolved_state.extend(unconflicted);

 	debug!("state resolution finished");
+	trace!( map = ?resolved_state, "final resolved state" );

 	Ok(resolved_state)
 }
@@ -250,6 +272,63 @@ where
 	(unconflicted_state, conflicted_state)
 }

+/// Calculate the conflicted subgraph
+async fn calculate_conflicted_subgraph<F, Fut, E>(
+	conflicted: &StateMap<Vec<OwnedEventId>>,
+	fetch_event: &F,
+) -> Option<HashSet<OwnedEventId>>
+where
+	F: Fn(OwnedEventId) -> Fut + Sync,
+	Fut: Future<Output = Option<E>> + Send,
+	E: Event + Send + Sync,
+{
+	let conflicted_events: HashSet<_> = conflicted.values().flatten().cloned().collect();
+	let mut subgraph: HashSet<OwnedEventId> = HashSet::new();
+	let mut stack: Vec<Vec<OwnedEventId>> =
+		vec![conflicted_events.iter().cloned().collect::<Vec<_>>()];
+	let mut path: Vec<OwnedEventId> = Vec::new();
+	let mut seen: HashSet<OwnedEventId> = HashSet::new();
+	let next_event = |stack: &mut Vec<Vec<_>>, path: &mut Vec<_>| {
+		while stack.last().is_some_and(Vec::is_empty) {
+			stack.pop();
+			path.pop();
+		}
+		stack.last_mut().and_then(Vec::pop)
+	};
+	while let Some(event_id) = next_event(&mut stack, &mut path) {
+		path.push(event_id.clone());
+		if subgraph.contains(&event_id) {
+			if path.len() > 1 {
+				subgraph.extend(path.iter().cloned());
+			}
+			path.pop();
+			continue;
+		}
+		if conflicted_events.contains(&event_id) && path.len() > 1 {
+			subgraph.extend(path.iter().cloned());
+		}
+		if seen.contains(&event_id) {
+			path.pop();
+			continue;
+		}
+		trace!(event_id = event_id.as_str(), "fetching event for its auth events");
+		let evt = fetch_event(event_id.clone()).await;
+		if evt.is_none() {
+			err!("could not fetch event {} to calculate conflicted subgraph", event_id);
+			path.pop();
+			continue;
+		}
+		stack.push(
+			evt.expect("checked")
+				.auth_events()
+				.map(ToOwned::to_owned)
+				.collect(),
+		);
+		seen.insert(event_id);
+	}
+	Some(subgraph)
+}
+
 /// Returns a Vec of deduped EventIds that appear in some chains but not others.
 #[allow(clippy::arithmetic_side_effects)]
 fn get_auth_chain_diff<Id, Hasher>(
@@ -513,6 +592,7 @@ where
 /// For each `events_to_check` event we gather the events needed to auth it from
 /// the the `fetch_event` closure and verify each event using the
 /// `event_auth::auth_check` function.
+#[tracing::instrument(level = "trace", skip_all)]
 async fn iterative_auth_check<'a, E, F, Fut, S>(
 	room_version: &RoomVersion,
 	events_to_check: S,
@@ -538,12 +618,19 @@ where
 		.try_collect()
 		.boxed()
 		.await?;
+	trace!(list = ?events_to_check, "events to check");
+	if events_to_check.is_empty() {
+		debug!("no events to check, returning unconflicted state");
+		return Ok(unconflicted_state);
+	}

 	let auth_event_ids: HashSet<OwnedEventId> = events_to_check
 		.iter()
 		.flat_map(|event: &E| event.auth_events().map(ToOwned::to_owned))
 		.collect();

+	trace!(set = ?auth_event_ids, "auth event IDs to fetch");
+
 	let auth_events: HashMap<OwnedEventId, E> = auth_event_ids
 		.into_iter()
 		.stream()
@@ -553,9 +640,16 @@ where
 		.boxed()
 		.await;

+	trace!(map = ?auth_events.keys().collect::<Vec<_>>(), "fetched auth events");
+
 	let auth_events = &auth_events;
+	// NOTE: in state resolution v2.1, auth checks should start with an empty state
+	// map. It is the caller's job to do this. Previously, this function would
+	// force an empty state map in this case, and this resulted in power events
+	// going missing from the resolved state as they'd be discarded here.
 	let mut resolved_state = unconflicted_state;
 	for event in events_to_check {
+		trace!(event_id = event.event_id().as_str(), "checking event");
 		let state_key = event
 			.state_key()
 			.ok_or_else(|| Error::InvalidPdu("State event had no state key".to_owned()))?;
@@ -565,13 +659,29 @@ where
 			event.sender(),
 			Some(state_key),
 			event.content(),
+			room_version,
 		)?;
+		trace!(list = ?auth_types, event_id = event.event_id().as_str(), "auth types for event");

 		let mut auth_state = StateMap::new();
+		if room_version.room_ids_as_hashes {
+			trace!("room version uses hashed IDs, manually fetching create event");
+			let create_event_id_raw = event.room_id_or_hash().as_str().replace('!', "$");
+			let create_event_id = EventId::parse(&create_event_id_raw).map_err(|e| {
+				Error::InvalidPdu(format!(
+					"Failed to parse create event ID from room ID/hash: {e}"
+				))
+			})?;
+			let create_event = fetch_event(create_event_id.into())
+				.await
+				.ok_or_else(|| Error::NotFound("Failed to find create event".into()))?;
+			auth_state.insert(create_event.event_type().with_state_key(""), create_event);
+		}
 		for aid in event.auth_events() {
 			if let Some(ev) = auth_events.get(aid) {
 				//TODO: synapse checks "rejected_reason" which is most likely related to
 				// soft-failing
+				trace!(event_id = aid.as_str(), "found auth event");
 				auth_state.insert(
 					ev.event_type()
 						.with_state_key(ev.state_key().ok_or_else(|| {
@@ -600,8 +710,9 @@ where
 				auth_state.insert(key.to_owned(), event);
 			})
 			.await;
+		trace!(map = ?auth_state.keys().collect::<Vec<_>>(), event_id = event.event_id().as_str(), "auth state for event");

-		debug!("event to check {:?}", event.event_id());
+		debug!(event_id = event.event_id().as_str(), "Running auth checks");

 		// The key for this is (eventType + a state_key of the signed token not sender)
 		// so search for it
@@ -617,16 +728,29 @@ where
 			)
 		};

-		let auth_result =
-			auth_check(room_version, &event, current_third_party, fetch_state).await;
+		let auth_result = auth_check(
+			room_version,
+			&event,
+			current_third_party,
+			fetch_state,
+			&fetch_state(&StateEventType::RoomCreate, "")
+				.await
+				.expect("create event must exist"),
+		)
+		.await;

 		match auth_result {
 			| Ok(true) => {
 				// add event to resolved state map
+				trace!(
+					event_id = event.event_id().as_str(),
+					"event passed the authentication check, adding to resolved state"
+				);
 				resolved_state.insert(
 					event.event_type().with_state_key(state_key),
 					event.event_id().to_owned(),
 				);
+				trace!(map = ?resolved_state, "new resolved state");
 			},
 			| Ok(false) => {
 				// synapse passes here on AuthError. We do not add this event to resolved_state.
@@ -638,7 +762,8 @@ where
 			},
 		}
 	}
-
+	trace!(map = ?resolved_state, "final resolved state from iterative auth check");
+	debug!("iterative auth check finished");
 	Ok(resolved_state)
 }

@@ -877,6 +1002,7 @@ mod tests {
 	use crate::{
 		debug,
 		matrix::{Event, EventTypeExt, Pdu as PduEvent},
+		state_res::room_version::StateResolutionVersion,
 		utils::stream::IterStream,
 	};

@@ -947,7 +1073,8 @@ mod tests {
 		);
 	}

-	#[tokio::test]
+	// NOTE(2025-09-17): Disabled due to unknown "create event must exist" bug
+	// #[tokio::test]
 	async fn test_sort() {
 		for _ in 0..20 {
 			// since we shuffle the eventIds before we sort them introducing randomness
@@ -956,7 +1083,8 @@ mod tests {
 		}
 	}

-	#[tokio::test]
+	// NOTE(2025-09-17): Disabled due to unknown "create event must exist" bug
+	//#[tokio::test]
 	async fn ban_vs_power_level() {
 		let _ = tracing::subscriber::set_default(
 			tracing_subscriber::fmt().with_test_writer().finish(),
@@ -22,13 +22,15 @@ pub enum EventFormatVersion {
 	V3,
 }

-#[derive(Debug)]
+#[derive(Debug, PartialEq)]
 #[cfg_attr(not(feature = "unstable-exhaustive-types"), non_exhaustive)]
 pub enum StateResolutionVersion {
 	/// State resolution for rooms at version 1.
 	V1,
 	/// State resolution for room at version 2 or later.
 	V2,
+	/// State resolution for room at version 12 or later.
+	V2_1,
 }

 #[cfg_attr(not(feature = "unstable-exhaustive-types"), non_exhaustive)]
@@ -61,25 +63,34 @@ pub struct RoomVersion {
 	pub extra_redaction_checks: bool,
 	/// Allow knocking in event authentication.
 	///
-	/// See [room v7 specification](https://spec.matrix.org/latest/rooms/v7/) for more information.
+	/// See [room v7 specification](https://spec.matrix.org/latest/rooms/v7/)
 	pub allow_knocking: bool,
 	/// Adds support for the restricted join rule.
 	///
-	/// See: [MSC3289](https://github.com/matrix-org/matrix-spec-proposals/pull/3289) for more information.
+	/// See: [MSC3289](https://github.com/matrix-org/matrix-spec-proposals/pull/3289)
 	pub restricted_join_rules: bool,
 	/// Adds support for the knock_restricted join rule.
 	///
-	/// See: [MSC3787](https://github.com/matrix-org/matrix-spec-proposals/pull/3787) for more information.
+	/// See: [MSC3787](https://github.com/matrix-org/matrix-spec-proposals/pull/3787)
 	pub knock_restricted_join_rule: bool,
 	/// Enforces integer power levels.
 	///
-	/// See: [MSC3667](https://github.com/matrix-org/matrix-spec-proposals/pull/3667) for more information.
+	/// See: [MSC3667](https://github.com/matrix-org/matrix-spec-proposals/pull/3667)
 	pub integer_power_levels: bool,
 	/// Determine the room creator using the `m.room.create` event's `sender`,
 	/// instead of the event content's `creator` field.
 	///
-	/// See: [MSC2175](https://github.com/matrix-org/matrix-spec-proposals/pull/2175) for more information.
+	/// See: [MSC2175](https://github.com/matrix-org/matrix-spec-proposals/pull/2175)
 	pub use_room_create_sender: bool,
+	/// Whether the room creators are considered superusers.
+	/// A superuser will always have infinite power levels in the room.
+	///
+	/// See: [MSC4289](https://github.com/matrix-org/matrix-spec-proposals/pull/4289)
+	pub explicitly_privilege_room_creators: bool,
+	/// Whether the room's m.room.create event ID is itself the room ID.
+	///
+	/// See: [MSC4291](https://github.com/matrix-org/matrix-spec-proposals/pull/4291)
+	pub room_ids_as_hashes: bool,
 }

 impl RoomVersion {
@@ -97,6 +108,8 @@ impl RoomVersion {
 		knock_restricted_join_rule: false,
 		integer_power_levels: false,
 		use_room_create_sender: false,
+		explicitly_privilege_room_creators: false,
+		room_ids_as_hashes: false,
 	};
 	pub const V10: Self = Self {
 		knock_restricted_join_rule: true,
@@ -107,6 +120,11 @@ impl RoomVersion {
 		use_room_create_sender: true,
 		..Self::V10
 	};
+	pub const V12: Self = Self {
+		explicitly_privilege_room_creators: true,
+		room_ids_as_hashes: true,
+		..Self::V11
+	};
 	pub const V2: Self = Self {
 		state_res: StateResolutionVersion::V2,
 		..Self::V1
@@ -144,6 +162,7 @@ impl RoomVersion {
 			| RoomVersionId::V9 => Self::V9,
 			| RoomVersionId::V10 => Self::V10,
 			| RoomVersionId::V11 => Self::V11,
+			| RoomVersionId::V12 => Self::V12,
 			| ver => return Err(Error::Unsupported(format!("found version `{ver}`"))),
 		})
 	}
@@ -24,7 +24,7 @@ use serde_json::{

 use super::auth_types_for_event;
 use crate::{
-	Result, info,
+	Result, RoomVersion, info,
 	matrix::{Event, EventTypeExt, Pdu, StateMap, pdu::EventHash},
 };

@@ -154,6 +154,7 @@ pub(crate) async fn do_check(
 			fake_event.sender(),
 			fake_event.state_key(),
 			fake_event.content(),
+			&RoomVersion::V6,
 		)
 		.unwrap();

@@ -398,7 +399,7 @@ pub(crate) fn to_init_pdu_event(

 	Pdu {
 		event_id: id.try_into().unwrap(),
-		room_id: room_id().to_owned(),
+		room_id: Some(room_id().to_owned()),
 		sender: sender.to_owned(),
 		origin_server_ts: ts.try_into().unwrap(),
 		state_key: state_key.map(Into::into),
@@ -446,7 +447,7 @@ where

 	Pdu {
 		event_id: id.try_into().unwrap(),
-		room_id: room_id().to_owned(),
+		room_id: Some(room_id().to_owned()),
 		sender: sender.to_owned(),
 		origin_server_ts: ts.try_into().unwrap(),
 		state_key: state_key.map(Into::into),
@@ -417,7 +417,7 @@ impl<'a, 'de: 'a> de::Deserializer<'de> for &'a mut Deserializer<'de> {
 	fn deserialize_any<V: Visitor<'de>>(self, visitor: V) -> Result<V::Value> {
 		debug_assert_eq!(
 			conduwuit::debug::type_name::<V>(),
-			"serde_json::value::de::<impl serde::de::Deserialize for \
+			"serde_json::value::de::<impl serde_core::de::Deserialize for \
 			 serde_json::value::Value>::deserialize::ValueVisitor",
 			"deserialize_any: type not expected"
 		);
@@ -38,7 +38,6 @@ pub(crate) fn db_options(config: &Config, env: &Env, row_cache: &Cache) -> Resul
 	}
 	if config.rocksdb_optimize_for_spinning_disks {
 		// speeds up opening DB on hard drives
-		opts.set_skip_checking_sst_file_sizes_on_db_open(true);
 		opts.set_skip_stats_update_on_db_open(true);
 		//opts.set_max_file_opening_threads(threads.try_into().unwrap());
 	} else {
@@ -227,7 +227,7 @@ where
 	let write_options = &self.write_options;
 	self.db
 		.db
-		.write_opt(batch, write_options)
+		.write_opt(&batch, write_options)
 		.or_else(or_else)
 		.expect("database insert batch error");

@@ -434,4 +434,8 @@ pub(super) static MAPS: &[Descriptor] = &[
 		name: "userroomid_notificationcount",
 		..descriptor::RANDOM
 	},
+	Descriptor {
+		name: "userroomid_invitesender",
+		..descriptor::RANDOM_SMALL
+	},
 ];
@@ -1,6 +1,6 @@
 use std::collections::BTreeMap;

-use conduwuit::{Result, pdu::PduBuilder};
+use conduwuit::{Result, info, pdu::PduBuilder};
 use futures::FutureExt;
 use ruma::{
 	RoomId, RoomVersionId,
@@ -26,7 +26,7 @@ use crate::Services;
 /// used to issue admin commands by talking to the server user inside it.
 pub async fn create_admin_room(services: &Services) -> Result {
 	let room_id = RoomId::new(services.globals.server_name());
-	let room_version = &services.config.default_room_version;
+	let room_version = &RoomVersionId::V11;

 	let _short_id = services
 		.rooms
@@ -45,10 +45,13 @@ pub async fn create_admin_room(services: &Services) -> Result {
 		match room_version {
 			| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 =>
 				RoomCreateEventContent::new_v1(server_user.into()),
-			| _ => RoomCreateEventContent::new_v11(),
+			| V11 => RoomCreateEventContent::new_v11(),
+			| _ => RoomCreateEventContent::new_v12(),
 		}
 	};

+	info!("Creating admin room {} with version {}", room_id, room_version);
+
 	// 1. The room create event
 	services
 		.rooms
@@ -61,7 +64,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				..create_content
 			}),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -77,7 +80,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				&RoomMemberEventContent::new(MembershipState::Join),
 			),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -95,7 +98,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				..Default::default()
 			}),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -108,7 +111,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &RoomJoinRulesEventContent::new(JoinRule::Invite)),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -124,7 +127,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				&RoomHistoryVisibilityEventContent::new(HistoryVisibility::Shared),
 			),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -140,7 +143,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				&RoomGuestAccessEventContent::new(GuestAccess::Forbidden),
 			),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -154,7 +157,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &RoomNameEventContent::new(room_name)),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -168,7 +171,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				topic: format!("Manage {} | Run commands prefixed with `!admin` | Run `!admin -h` for help | Documentation: https://continuwuity.org/", services.config.server_name),
 			}),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -186,7 +189,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 				alt_aliases: Vec::new(),
 			}),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -204,7 +207,7 @@ pub async fn create_admin_room(services: &Services) -> Result {
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &RoomPreviewUrlsEventContent { disabled: true }),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.boxed()
@@ -55,7 +55,7 @@ pub async fn make_user_admin(&self, user_id: &UserId) -> Result {
 					&RoomMemberEventContent::new(MembershipState::Invite),
 				),
 				server_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.await?;
@@ -69,7 +69,7 @@ pub async fn make_user_admin(&self, user_id: &UserId) -> Result {
 					&RoomMemberEventContent::new(MembershipState::Join),
 				),
 				user_id,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.await?;
@@ -83,7 +83,7 @@ pub async fn make_user_admin(&self, user_id: &UserId) -> Result {
 					&RoomMemberEventContent::new(MembershipState::Invite),
 				),
 				server_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.await?;
@@ -111,7 +111,7 @@ pub async fn make_user_admin(&self, user_id: &UserId) -> Result {
 		.build_and_append_pdu(
 			PduBuilder::state(String::new(), &room_power_levels),
 			server_user,
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.await?;
@@ -135,7 +135,7 @@ pub async fn make_user_admin(&self, user_id: &UserId) -> Result {
 			.build_and_append_pdu(
 				PduBuilder::timeline(&RoomMessageEventContent::text_markdown(welcome_message)),
 				server_user,
-				&room_id,
+				Some(&room_id),
 				&state_lock,
 			)
 			.await?;
@@ -218,7 +218,7 @@ pub async fn revoke_admin(&self, user_id: &UserId) -> Result {
 				..event
 			}),
 			self.services.globals.server_user.as_ref(),
-			&room_id,
+			Some(&room_id),
 			&state_lock,
 		)
 		.await
@@ -393,13 +393,13 @@ impl Service {
 			return Ok(());
 		};

-		let response_sender = if self.is_admin_room(pdu.room_id()).await {
+		let response_sender = if self.is_admin_room(pdu.room_id().unwrap()).await {
 			&self.services.globals.server_user
 		} else {
 			pdu.sender()
 		};

-		self.respond_to_room(content, pdu.room_id(), response_sender)
+		self.respond_to_room(content, pdu.room_id().unwrap(), response_sender)
 			.boxed()
 			.await
 	}
@@ -419,12 +419,13 @@ impl Service {
 			.build_and_append_pdu(
 				PduBuilder::timeline(&self.text_or_file(content).await),
 				user_id,
-				room_id,
+				Some(room_id),
 				&state_lock,
 			)
 			.await
 		{
 			self.handle_response_error(e, room_id, user_id, &state_lock)
+				.boxed()
 				.await
 				.unwrap_or_else(default_log);
 		}
@@ -447,7 +448,12 @@ impl Service {

 		self.services
 			.timeline
-			.build_and_append_pdu(PduBuilder::timeline(&content), user_id, room_id, state_lock)
+			.build_and_append_pdu(
+				PduBuilder::timeline(&content),
+				user_id,
+				Some(room_id),
+				state_lock,
+			)
 			.await?;

 		Ok(())
@@ -484,7 +490,10 @@ impl Service {
 		}

 		// Prevent unescaped !admin from being used outside of the admin room
-		if is_public_prefix && !self.is_admin_room(event.room_id()).await {
+		if event.room_id().is_some()
+			&& is_public_prefix
+			&& !self.is_admin_room(event.room_id().unwrap()).await
+		{
 			return false;
 		}

@@ -497,7 +506,7 @@ impl Service {
 		// the administrator can execute commands as the server user
 		let emergency_password_set = self.services.server.config.emergency_password.is_some();
 		let from_server = event.sender() == server_user && !emergency_password_set;
-		if from_server && self.is_admin_room(event.room_id()).await {
+		if from_server && self.is_admin_room(event.room_id().unwrap()).await {
 			return false;
 		}

@@ -9,7 +9,8 @@ use conduwuit::{
 	},
 	warn,
 };
-use futures::{FutureExt, StreamExt};
+use database::Json;
+use futures::{FutureExt, StreamExt, TryStreamExt};
 use itertools::Itertools;
 use ruma::{
 	OwnedUserId, RoomId, UserId,
@@ -27,7 +28,7 @@ use crate::{Services, media};
 /// - If database is opened at lesser version we apply migrations up to this.
 ///   Note that named-feature migrations may also be performed when opening at
 ///   equal or lesser version. These are expected to be backward-compatible.
-pub(crate) const DATABASE_VERSION: u64 = 17;
+pub(crate) const DATABASE_VERSION: u64 = 18;

 pub(crate) async fn migrations(services: &Services) -> Result<()> {
 	let users_count = services.users.count().await;
@@ -138,6 +139,19 @@ async fn migrate(services: &Services) -> Result<()> {
 		info!("Migration: Bumped database version to 17");
 	}

+	if db["global"]
+		.get(FIXED_CORRUPT_MSC4133_FIELDS_MARKER)
+		.await
+		.is_not_found()
+	{
+		fix_corrupt_msc4133_fields(services).await?;
+	}
+
+	if services.globals.db.database_version().await < 18 {
+		services.globals.db.bump_database_version(18);
+		info!("Migration: Bumped database version to 18");
+	}
+
 	assert_eq!(
 		services.globals.db.database_version().await,
 		DATABASE_VERSION,
@@ -559,3 +573,54 @@ async fn fix_readreceiptid_readreceipt_duplicates(services: &Services) -> Result
 	db["global"].insert(b"fix_readreceiptid_readreceipt_duplicates", []);
 	db.db.sort()
 }
+
+const FIXED_CORRUPT_MSC4133_FIELDS_MARKER: &[u8] = b"fix_corrupt_msc4133_fields";
+async fn fix_corrupt_msc4133_fields(services: &Services) -> Result {
+	use serde_json::{Value, from_slice};
+	type KeyVal<'a> = ((OwnedUserId, String), &'a [u8]);
+
+	warn!("Fixing corrupted `us.cloke.msc4175.tz` fields...");
+
+	let db = &services.db;
+	let cork = db.cork_and_sync();
+	let useridprofilekey_value = db["useridprofilekey_value"].clone();
+
+	let (total, fixed) = useridprofilekey_value
+		.stream()
+		.try_fold(
+			(0_usize, 0_usize),
+			async |(mut total, mut fixed),
+			       ((user, key), value): KeyVal<'_>|
+			       -> Result<(usize, usize)> {
+				if let Err(error) = from_slice::<Value>(value) {
+					// Due to an old bug, some conduwuit databases have `us.cloke.msc4175.tz` user
+					// profile fields with raw strings instead of quoted JSON ones.
+					// This migration fixes that.
+					let new_value = if key == "us.cloke.msc4175.tz" {
+						Value::String(String::from_utf8(value.to_vec())?)
+					} else {
+						return Err!(
+							"failed to deserialize msc4133 key {} of user {}: {}",
+							key,
+							user,
+							error
+						);
+					};
+
+					useridprofilekey_value.put((user, key), Json(new_value));
+					fixed = fixed.saturating_add(1);
+				}
+				total = total.saturating_add(1);
+
+				Ok((total, fixed))
+			},
+		)
+		.await?;
+
+	drop(cork);
+	info!(?total, ?fixed, "Fixed corrupted `us.cloke.msc4175.tz` fields.");
+
+	db["global"].insert(FIXED_CORRUPT_MSC4133_FIELDS_MARKER, []);
+	db.db.sort()?;
+	Ok(())
+}
@@ -287,18 +287,22 @@ impl Service {
 	{
 		let mut notify = None;
 		let mut tweaks = Vec::new();
+		if event.room_id().is_none() {
+			// TODO(hydra): does this matter?
+			return Ok(());
+		}

 		let power_levels: RoomPowerLevelsEventContent = self
 			.services
 			.state_accessor
-			.room_state_get(event.room_id(), &StateEventType::RoomPowerLevels, "")
+			.room_state_get(event.room_id().unwrap(), &StateEventType::RoomPowerLevels, "")
 			.await
 			.and_then(|event| event.get_content())
 			.unwrap_or_default();

 		let serialized = event.to_format();
 		for action in self
-			.get_actions(user, &ruleset, &power_levels, &serialized, event.room_id())
+			.get_actions(user, &ruleset, &power_levels, &serialized, event.room_id().unwrap())
 			.await
 		{
 			let n = match action {
@@ -426,7 +430,7 @@ impl Service {
 				let mut notifi = Notification::new(d);

 				notifi.event_id = Some(event.event_id().to_owned());
-				notifi.room_id = Some(event.room_id().to_owned());
+				notifi.room_id = Some(event.room_id().unwrap().to_owned());
 				if http
 					.data
 					.get("org.matrix.msc4076.disable_badge_count")
@@ -464,14 +468,14 @@ impl Service {
 					notifi.room_name = self
 						.services
 						.state_accessor
-						.get_name(event.room_id())
+						.get_name(event.room_id().unwrap())
 						.await
 						.ok();

 					notifi.room_alias = self
 						.services
 						.state_accessor
-						.get_canonical_alias(event.room_id())
+						.get_canonical_alias(event.room_id().unwrap())
 						.await
 						.ok();
 				}
@@ -195,13 +195,15 @@ async fn get_auth_chain_inner(
 				debug_error!(?event_id, ?e, "Could not find pdu mentioned in auth events");
 			},
 			| Ok(pdu) => {
-				if pdu.room_id != room_id {
-					return Err!(Request(Forbidden(error!(
-						?event_id,
-						?room_id,
-						wrong_room_id = ?pdu.room_id,
-						"auth event for incorrect room"
-					))));
+				if let Some(claimed_room_id) = pdu.room_id.clone() {
+					if claimed_room_id != *room_id {
+						return Err!(Request(Forbidden(error!(
+							?event_id,
+							?room_id,
+							wrong_room_id = ?pdu.room_id.unwrap(),
+							"auth event for incorrect room"
+						))));
+					}
 				}

 				for auth_event in &pdu.auth_events {
@@ -4,9 +4,8 @@ use std::{
 };

 use conduwuit::{
-	Event, PduEvent, debug, debug_error, debug_warn, implement,
-	matrix::event::gen_event_id_canonical_json, trace, utils::continue_exponential_backoff_secs,
-	warn,
+	Event, PduEvent, debug, debug_warn, implement, matrix::event::gen_event_id_canonical_json,
+	trace, utils::continue_exponential_backoff_secs, warn,
 };
 use ruma::{
 	CanonicalJsonValue, EventId, OwnedEventId, RoomId, ServerName,
@@ -52,12 +51,14 @@ where
 	};

 	let mut events_with_auth_events = Vec::with_capacity(events.clone().count());
+	trace!("Fetching {} outlier pdus", events.clone().count());

 	for id in events {
 		// a. Look in the main timeline (pduid_pdu tree)
 		// b. Look at outlier pdu tree
 		// (get_pdu_json checks both)
 		if let Ok(local_pdu) = self.services.timeline.get_pdu(id).await {
+			trace!("Found {id} in main timeline or outlier tree");
 			events_with_auth_events.push((id.to_owned(), Some(local_pdu), vec![]));
 			continue;
 		}
@@ -104,7 +105,7 @@ where
 				continue;
 			}

-			debug!("Fetching {next_id} over federation.");
+			debug!("Fetching {next_id} over federation from {origin}.");
 			match self
 				.services
 				.sending
@@ -115,7 +116,7 @@ where
 				.await
 			{
 				| Ok(res) => {
-					debug!("Got {next_id} over federation");
+					debug!("Got {next_id} over federation from {origin}");
 					let Ok(room_version_id) = get_room_version_id(create_event) else {
 						back_off((*next_id).to_owned());
 						continue;
@@ -145,6 +146,9 @@ where
 								auth_event.clone().into(),
 							) {
 								| Ok(auth_event) => {
+									trace!(
+										"Found auth event id {auth_event} for event {next_id}"
+									);
 									todo_auth_events.push_back(auth_event);
 								},
 								| _ => {
@@ -160,7 +164,7 @@ where
 					events_all.insert(next_id);
 				},
 				| Err(e) => {
-					debug_error!("Failed to fetch event {next_id}: {e}");
+					warn!("Failed to fetch auth event {next_id} from {origin}: {e}");
 					back_off((*next_id).to_owned());
 				},
 			}
@@ -175,7 +179,7 @@ where
 		// b. Look at outlier pdu tree
 		// (get_pdu_json checks both)
 		if let Some(local_pdu) = local_pdu {
-			trace!("Found {id} in db");
+			trace!("Found {id} in main timeline or outlier tree");
 			pdus.push((local_pdu.clone(), None));
 		}

@@ -201,6 +205,7 @@ where
 				}
 			}

+			trace!("Handling outlier {next_id}");
 			match Box::pin(self.handle_outlier_pdu(
 				origin,
 				create_event,
@@ -213,6 +218,7 @@ where
 			{
 				| Ok((pdu, json)) =>
 					if next_id == *id {
+						trace!("Handled outlier {next_id} (original request)");
 						pdus.push((pdu, Some(json)));
 					},
 				| Err(e) => {
@@ -222,6 +228,6 @@ where
 			}
 		}
 	}
-
+	trace!("Fetched and handled {} outlier pdus", pdus.len());
 	pdus
 }
@@ -1,11 +1,12 @@
 use std::collections::{BTreeMap, HashMap, hash_map};

 use conduwuit::{
-	Err, Event, PduEvent, Result, debug, debug_info, err, implement, state_res, trace, warn,
+	Err, Event, PduEvent, Result, debug, debug_info, debug_warn, err, implement, state_res, trace,
 };
 use futures::future::ready;
 use ruma::{
-	CanonicalJsonObject, CanonicalJsonValue, EventId, RoomId, ServerName, events::StateEventType,
+	CanonicalJsonObject, CanonicalJsonValue, EventId, OwnedEventId, RoomId, ServerName,
+	events::StateEventType,
 };

 use super::{check_room_id, get_room_version_id, to_room_version};
@@ -74,36 +75,73 @@ where

 	check_room_id(room_id, &pdu_event)?;

-	if !auth_events_known {
-		// 4. fetch any missing auth events doing all checks listed here starting at 1.
-		//    These are not timeline events
-		// 5. Reject "due to auth events" if can't get all the auth events or some of
-		//    the auth events are also rejected "due to auth events"
-		// NOTE: Step 5 is not applied anymore because it failed too often
-		debug!("Fetching auth events");
-		Box::pin(self.fetch_and_handle_outliers(
-			origin,
-			pdu_event.auth_events(),
-			create_event,
-			room_id,
-		))
-		.await;
+	// Fetch all auth events
+	let mut auth_events: HashMap<OwnedEventId, PduEvent> = HashMap::new();
+
+	for aid in pdu_event.auth_events() {
+		if let Ok(auth_event) = self.services.timeline.get_pdu(aid).await {
+			check_room_id(room_id, &auth_event)?;
+			trace!("Found auth event {aid} for outlier event {event_id} locally");
+			auth_events.insert(aid.to_owned(), auth_event);
+		} else {
+			debug_warn!("Could not find auth event {aid} for outlier event {event_id} locally");
+		}
+	}
+
+	// Fetch any missing ones & reject invalid ones
+	let missing_auth_events = if auth_events_known {
+		pdu_event
+			.auth_events()
+			.filter(|id| !auth_events.contains_key(*id))
+			.collect::<Vec<_>>()
+	} else {
+		pdu_event.auth_events().collect::<Vec<_>>()
+	};
+	if !missing_auth_events.is_empty() || !auth_events_known {
+		debug_info!(
+			"Fetching {} missing auth events for outlier event {event_id}",
+			missing_auth_events.len()
+		);
+		for (pdu, _) in self
+			.fetch_and_handle_outliers(
+				origin,
+				missing_auth_events.iter().copied(),
+				create_event,
+				room_id,
+			)
+			.await
+		{
+			auth_events.insert(pdu.event_id().to_owned(), pdu);
+		}
+	} else {
+		debug!("No missing auth events for outlier event {event_id}");
+	}
+	// reject if we are still missing some
+	let still_missing = pdu_event
+		.auth_events()
+		.filter(|id| !auth_events.contains_key(*id))
+		.collect::<Vec<_>>();
+	if !still_missing.is_empty() {
+		return Err!(Request(InvalidParam(
+			"Could not fetch all auth events for outlier event {event_id}, still missing: \
+			 {still_missing:?}"
+		)));
 	}

 	// 6. Reject "due to auth events" if the event doesn't pass auth based on the
 	//    auth events
 	debug!("Checking based on auth events");
+	let mut auth_events_by_key: HashMap<_, _> = HashMap::with_capacity(auth_events.len());
 	// Build map of auth events
-	let mut auth_events = HashMap::with_capacity(pdu_event.auth_events().count());
 	for id in pdu_event.auth_events() {
-		let Ok(auth_event) = self.services.timeline.get_pdu(id).await else {
-			warn!("Could not find auth event {id}");
-			continue;
-		};
+		let auth_event = auth_events
+			.get(id)
+			.expect("we just checked that we have all auth events")
+			.to_owned();

 		check_room_id(room_id, &auth_event)?;

-		match auth_events.entry((
+		match auth_events_by_key.entry((
 			auth_event.kind.to_string().into(),
 			auth_event
 				.state_key
@@ -123,7 +161,7 @@ where

 	// The original create event must be in the auth events
 	if !matches!(
-		auth_events.get(&(StateEventType::RoomCreate, String::new().into())),
+		auth_events_by_key.get(&(StateEventType::RoomCreate, String::new().into())),
 		Some(_) | None
 	) {
 		return Err!(Request(InvalidParam("Incoming event refers to wrong create event.")));
@@ -131,7 +169,7 @@ where

 	let state_fetch = |ty: &StateEventType, sk: &str| {
 		let key = (ty.to_owned(), sk.into());
-		ready(auth_events.get(&key).map(ToOwned::to_owned))
+		ready(auth_events_by_key.get(&key).map(ToOwned::to_owned))
 	};

 	let auth_check = state_res::event_auth::auth_check(
@@ -139,6 +177,7 @@ where
 		&pdu_event,
 		None, // TODO: third party invite
 		state_fetch,
+		create_event.as_pdu(),
 	)
 	.await
 	.map_err(|e| err!(Request(Forbidden("Auth check failed: {e:?}"))))?;
@@ -99,7 +99,10 @@ impl Service {
 }

 fn check_room_id<Pdu: Event>(room_id: &RoomId, pdu: &Pdu) -> Result {
-	if pdu.room_id() != room_id {
+	if pdu
+		.room_id()
+		.is_some_and(|claimed_room_id| claimed_room_id != room_id)
+	{
 		return Err!(Request(InvalidParam(error!(
 			pdu_event_id = ?pdu.event_id(),
 			pdu_room_id = ?pdu.room_id(),
@@ -1,7 +1,8 @@
 use conduwuit::{
-	Result, err, implement, matrix::event::gen_event_id_canonical_json, result::FlatOk,
+	Result, RoomVersion, err, implement, matrix::event::gen_event_id_canonical_json,
+	result::FlatOk,
 };
-use ruma::{CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId};
+use ruma::{CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, RoomVersionId};
 use serde_json::value::RawValue as RawJsonValue;

 type Parsed = (OwnedRoomId, OwnedEventId, CanonicalJsonObject);
@@ -11,12 +12,44 @@ pub async fn parse_incoming_pdu(&self, pdu: &RawJsonValue) -> Result<Parsed> {
 	let value = serde_json::from_str::<CanonicalJsonObject>(pdu.get()).map_err(|e| {
 		err!(BadServerResponse(debug_warn!("Error parsing incoming event {e:?}")))
 	})?;
-
-	let room_id: OwnedRoomId = value
-		.get("room_id")
+	let event_type = value
+		.get("type")
 		.and_then(CanonicalJsonValue::as_str)
-		.map(OwnedRoomId::parse)
-		.flat_ok_or(err!(Request(InvalidParam("Invalid room_id in pdu"))))?;
+		.ok_or_else(|| err!(Request(InvalidParam("Missing or invalid type in pdu"))))?;
+
+	let room_id: OwnedRoomId = if event_type != "m.room.create" {
+		value
+			.get("room_id")
+			.and_then(CanonicalJsonValue::as_str)
+			.map(OwnedRoomId::parse)
+			.flat_ok_or(err!(Request(InvalidParam("Invalid room_id in pdu"))))?
+	} else {
+		// v12 rooms might have no room_id in the create event. We'll need to check the
+		// content.room_version
+		let content = value
+			.get("content")
+			.and_then(CanonicalJsonValue::as_object)
+			.ok_or_else(|| err!(Request(InvalidParam("Missing or invalid content in pdu"))))?;
+		let room_version = content
+			.get("room_version")
+			.and_then(CanonicalJsonValue::as_str)
+			.unwrap_or("1");
+		let vi = RoomVersionId::try_from(room_version).unwrap_or(RoomVersionId::V1);
+		let vf = RoomVersion::new(&vi).expect("supported room version");
+		if vf.room_ids_as_hashes {
+			let (event_id, _) = gen_event_id_canonical_json(pdu, &vi).map_err(|e| {
+				err!(Request(InvalidParam("Could not convert event to canonical json: {e}")))
+			})?;
+			OwnedRoomId::parse(event_id.as_str().replace('$', "!")).expect("valid room ID")
+		} else {
+			// V11 or below room, room_id must be present
+			value
+				.get("room_id")
+				.and_then(CanonicalJsonValue::as_str)
+				.map(OwnedRoomId::parse)
+				.flat_ok_or(err!(Request(InvalidParam("Invalid or missing room_id in pdu"))))?
+		}
+	};

 	let room_version_id = self
 		.services
@@ -24,10 +57,8 @@ pub async fn parse_incoming_pdu(&self, pdu: &RawJsonValue) -> Result<Parsed> {
 		.get_room_version(&room_id)
 		.await
 		.map_err(|_| err!("Server is not in room {room_id}"))?;
-
 	let (event_id, value) = gen_event_id_canonical_json(pdu, &room_version_id).map_err(|e| {
 		err!(Request(InvalidParam("Could not convert event to canonical json: {e}")))
 	})?;
-
 	Ok((room_id, event_id, value))
 }
@@ -5,9 +5,9 @@

 use std::time::Duration;

-use conduwuit::{Err, Event, PduEvent, Result, debug, implement, warn};
+use conduwuit::{Err, Event, PduEvent, Result, debug, debug_info, implement, trace, warn};
 use ruma::{
-	RoomId, ServerName,
+	CanonicalJsonObject, RoomId, ServerName,
 	api::federation::room::policy::v1::Request as PolicyRequest,
 	events::{StateEventType, room::policy::RoomPolicyEventContent},
 };
@@ -25,7 +25,12 @@ use ruma::{
 /// fail-open operation.
 #[implement(super::Service)]
 #[tracing::instrument(skip_all, level = "debug")]
-pub async fn ask_policy_server(&self, pdu: &PduEvent, room_id: &RoomId) -> Result<bool> {
+pub async fn ask_policy_server(
+	&self,
+	pdu: &PduEvent,
+	pdu_json: &CanonicalJsonObject,
+	room_id: &RoomId,
+) -> Result<bool> {
 	if *pdu.event_type() == StateEventType::RoomPolicy.into() {
 		debug!(
 			room_id = %room_id,
@@ -47,12 +52,12 @@ pub async fn ask_policy_server(&self, pdu: &PduEvent, room_id: &RoomId) -> Resul
 	let via = match policyserver.via {
 		| Some(ref via) => ServerName::parse(via)?,
 		| None => {
-			debug!("No policy server configured for room {room_id}");
+			trace!("No policy server configured for room {room_id}");
 			return Ok(true);
 		},
 	};
 	if via.is_empty() {
-		debug!("Policy server is empty for room {room_id}, skipping spam check");
+		trace!("Policy server is empty for room {room_id}, skipping spam check");
 		return Ok(true);
 	}
 	if !self.services.state_cache.server_in_room(via, room_id).await {
@@ -66,12 +71,12 @@ pub async fn ask_policy_server(&self, pdu: &PduEvent, room_id: &RoomId) -> Resul
 	let outgoing = self
 		.services
 		.sending
-		.convert_to_outgoing_federation_event(pdu.to_canonical_object())
+		.convert_to_outgoing_federation_event(pdu_json.clone())
 		.await;
-	debug!(
+	debug_info!(
 		room_id = %room_id,
 		via = %via,
-		outgoing = ?outgoing,
+		outgoing = ?pdu_json,
 		"Checking event for spam with policy server"
 	);
 	let response = tokio::time::timeout(
@@ -85,7 +90,10 @@ pub async fn ask_policy_server(&self, pdu: &PduEvent, room_id: &RoomId) -> Resul
 	)
 	.await;
 	let response = match response {
-		| Ok(Ok(response)) => response,
+		| Ok(Ok(response)) => {
+			debug!("Response from policy server: {:?}", response);
+			response
+		},
 		| Ok(Err(e)) => {
 			warn!(
 				via = %via,
@@ -97,16 +105,18 @@ pub async fn ask_policy_server(&self, pdu: &PduEvent, room_id: &RoomId) -> Resul
 			// default.
 			return Err(e);
 		},
-		| Err(_) => {
+		| Err(elapsed) => {
 			warn!(
-				via = %via,
+				%via,
 				event_id = %pdu.event_id(),
-				room_id = %room_id,
+				%room_id,
+				%elapsed,
 				"Policy server request timed out after 10 seconds"
 			);
 			return Err!("Request to policy server timed out");
 		},
 	};
+	trace!("Recommendation from policy server was {}", response.recommendation);
 	if response.recommendation == "spam" {
 		warn!(
 			via = %via,
@@ -102,6 +102,7 @@ where
 		&incoming_pdu,
 		None, // TODO: third party invite
 		|ty, sk| state_fetch(ty.clone(), sk.into()),
+		create_event.as_pdu(),
 	)
 	.await
 	.map_err(|e| err!(Request(Forbidden("Auth check failed: {e:?}"))))?;
@@ -123,6 +124,7 @@ where
 			incoming_pdu.sender(),
 			incoming_pdu.state_key(),
 			incoming_pdu.content(),
+			&room_version,
 		)
 		.await?;

@@ -140,6 +142,7 @@ where
 		&incoming_pdu,
 		None, // third-party invite
 		state_fetch,
+		create_event.as_pdu(),
 	)
 	.await
 	.map_err(|e| err!(Request(Forbidden("Auth check failed: {e:?}"))))?;
@@ -156,7 +159,7 @@ where
 			!self
 				.services
 				.state_accessor
-				.user_can_redact(&redact_id, incoming_pdu.sender(), incoming_pdu.room_id(), true)
+				.user_can_redact(&redact_id, incoming_pdu.sender(), room_id, true)
 				.await?,
 	};

@@ -172,7 +175,7 @@ where
 	// Now we calculate the set of extremities this room has after the incoming
 	// event has been applied. We start with the previous extremities (aka leaves)
 	trace!("Calculating extremities");
-	let extremities: Vec<_> = self
+	let mut extremities: Vec<_> = self
 		.services
 		.state
 		.get_forward_extremities(room_id)
@@ -192,6 +195,7 @@ where
 		})
 		.collect()
 		.await;
+	extremities.push(incoming_pdu.event_id().to_owned());

 	debug!(
 		"Retained {} extremities checked against {} prev_events",
@@ -251,7 +255,10 @@ where
 		// 14-pre. If the event is not a state event, ask the policy server about it
 		if incoming_pdu.state_key.is_none() {
 			debug!(event_id = %incoming_pdu.event_id, "Checking policy server for event");
-			match self.ask_policy_server(&incoming_pdu, room_id).await {
+			match self
+				.ask_policy_server(&incoming_pdu, &incoming_pdu.to_canonical_object(), room_id)
+				.await
+			{
 				| Ok(false) => {
 					warn!(
 						event_id = %incoming_pdu.event_id,
@@ -303,6 +310,7 @@ where
 		);
 		// assert!(extremities.is_empty(), "soft_fail extremities empty");
 		let extremities = extremities.iter().map(Borrow::borrow);
+		debug_assert!(extremities.clone().count() > 0, "extremities not empty");

 		self.services
 			.timeline
@@ -313,6 +321,7 @@ where
 				state_ids_compressed,
 				soft_fail,
 				&state_lock,
+				room_id,
 			)
 			.await?;

@@ -336,6 +345,7 @@ where
 		.iter()
 		.map(Borrow::borrow)
 		.chain(once(incoming_pdu.event_id()));
+	debug_assert!(extremities.clone().count() > 0, "extremities not empty");

 	let pdu_id = self
 		.services
@@ -347,6 +357,7 @@ where
 			state_ids_compressed,
 			soft_fail,
 			&state_lock,
+			room_id,
 		)
 		.await?;

@@ -124,7 +124,7 @@ pub async fn search_pdus<'a>(
 		.wide_filter_map(move |pdu| async move {
 			self.services
 				.state_accessor
-				.user_can_see_event(query.user_id?, pdu.room_id(), pdu.event_id())
+				.user_can_see_event(query.user_id?, pdu.room_id().unwrap(), pdu.event_id())
 				.await
 				.then_some(pdu)
 		})
@@ -1,6 +1,7 @@
 use std::{collections::HashMap, fmt::Write, iter::once, sync::Arc};

 use async_trait::async_trait;
+use conduwuit::{RoomVersion, debug};
 use conduwuit_core::{
 	Event, PduEvent, Result, err,
 	result::FlatOk,
@@ -148,7 +149,7 @@ impl Service {
 						.roomid_spacehierarchy_cache
 						.lock()
 						.await
-						.remove(&pdu.room_id);
+						.remove(room_id);
 				},
 				| _ => continue,
 			}
@@ -239,7 +240,7 @@ impl Service {
 	/// This adds all current state events (not including the incoming event)
 	/// to `stateid_pduid` and adds the incoming event to `eventid_statehash`.
 	#[tracing::instrument(skip(self, new_pdu), level = "debug")]
-	pub async fn append_to_state(&self, new_pdu: &PduEvent) -> Result<u64> {
+	pub async fn append_to_state(&self, new_pdu: &PduEvent, room_id: &RoomId) -> Result<u64> {
 		const BUFSIZE: usize = size_of::<u64>();

 		let shorteventid = self
@@ -248,7 +249,7 @@ impl Service {
 			.get_or_create_shorteventid(&new_pdu.event_id)
 			.await;

-		let previous_shortstatehash = self.get_room_shortstatehash(&new_pdu.room_id).await;
+		let previous_shortstatehash = self.get_room_shortstatehash(room_id).await;

 		if let Ok(p) = previous_shortstatehash {
 			self.db
@@ -319,7 +320,11 @@ impl Service {
 	}

 	#[tracing::instrument(skip_all, level = "debug")]
-	pub async fn summary_stripped<'a, E>(&self, event: &'a E) -> Vec<Raw<AnyStrippedStateEvent>>
+	pub async fn summary_stripped<'a, E>(
+		&self,
+		event: &'a E,
+		room_id: &RoomId,
+	) -> Vec<Raw<AnyStrippedStateEvent>>
 	where
 		E: Event + Send + Sync,
 		&'a E: Event + Send,
@@ -338,7 +343,7 @@ impl Service {
 		let fetches = cells.into_iter().map(|(event_type, state_key)| {
 			self.services
 				.state_accessor
-				.room_state_get(event.room_id(), event_type, state_key)
+				.room_state_get(room_id, event_type, state_key)
 		});

 		join_all(fetches)
@@ -421,7 +426,7 @@ impl Service {
 	}

 	/// This fetches auth events from the current state.
-	#[tracing::instrument(skip(self, content), level = "debug")]
+	#[tracing::instrument(skip(self, content, room_version), level = "trace")]
 	pub async fn get_auth_events(
 		&self,
 		room_id: &RoomId,
@@ -429,13 +434,15 @@ impl Service {
 		sender: &UserId,
 		state_key: Option<&str>,
 		content: &serde_json::value::RawValue,
+		room_version: &RoomVersion,
 	) -> Result<StateMap<PduEvent>> {
 		let Ok(shortstatehash) = self.get_room_shortstatehash(room_id).await else {
 			return Ok(HashMap::new());
 		};

-		let auth_types = state_res::auth_types_for_event(kind, sender, state_key, content)?;
-
+		let auth_types =
+			state_res::auth_types_for_event(kind, sender, state_key, content, room_version)?;
+		debug!(?auth_types, "Auth types for event");
 		let sauthevents: HashMap<_, _> = auth_types
 			.iter()
 			.stream()
@@ -448,6 +455,7 @@ impl Service {
 			})
 			.collect()
 			.await;
+		debug!(?sauthevents, "Auth events to fetch");

 		let (state_keys, event_ids): (Vec<_>, Vec<_>) = self
 			.services
@@ -461,7 +469,7 @@ impl Service {
 			})
 			.unzip()
 			.await;
-
+		debug!(?state_keys, ?event_ids, "Auth events found in state");
 		self.services
 			.short
 			.multi_get_eventid_from_short(event_ids.into_iter().stream())
@@ -473,6 +481,7 @@ impl Service {
 					.get_pdu(&event_id)
 					.await
 					.map(move |pdu| (((*ty).clone(), (*sk).clone()), pdu))
+					.inspect_err(|e| warn!("Failed to get auth event {event_id}: {e:?}"))
 					.ok()
 			})
 			.collect()
@@ -1,9 +1,10 @@
-use conduwuit::{Err, Result, implement, matrix::Event, pdu::PduBuilder};
+use conduwuit::{Err, Result, RoomVersion, implement, matrix::Event, pdu::PduBuilder};
 use ruma::{
 	EventId, RoomId, UserId,
 	events::{
 		StateEventType, TimelineEventType,
 		room::{
+			create::RoomCreateEventContent,
 			history_visibility::{HistoryVisibility, RoomHistoryVisibilityEventContent},
 			member::{MembershipState, RoomMemberEventContent},
 			power_levels::{RoomPowerLevels, RoomPowerLevelsEventContent},
@@ -44,6 +45,23 @@ pub async fn user_can_redact(
 		)));
 	}

+	let room_create = self
+		.room_state_get(room_id, &StateEventType::RoomCreate, "")
+		.await?;
+	let create_content: RoomCreateEventContent =
+		serde_json::from_str(room_create.content().get())?;
+	let room_features = RoomVersion::new(&create_content.room_version)?;
+	if room_features.explicitly_privilege_room_creators {
+		let sender_owned = sender.to_owned();
+		if sender == room_create.sender()
+			|| create_content
+				.additional_creators
+				.is_some_and(|cs| cs.contains(&sender_owned))
+		{
+			return Ok(true);
+		}
+	}
+
 	match self
 		.room_state_get_content::<RoomPowerLevelsEventContent>(
 			room_id,
@@ -68,18 +86,10 @@ pub async fn user_can_redact(
 		},
 		| _ => {
 			// Falling back on m.room.create to judge power level
-			match self
-				.room_state_get(room_id, &StateEventType::RoomCreate, "")
-				.await
-			{
-				| Ok(room_create) => Ok(room_create.sender() == sender
-					|| redacting_event
-						.as_ref()
-						.is_ok_and(|redacting_event| redacting_event.sender() == sender)),
-				| _ => Err!(Database(
-					"No m.room.power_levels or m.room.create events in database for room"
-				)),
-			}
+			Ok(room_create.sender() == sender
+				|| redacting_event
+					.as_ref()
+					.is_ok_and(|redacting_event| redacting_event.sender() == sender))
 		},
 	}
 }
@@ -161,7 +171,7 @@ pub async fn user_can_invite(
 				&RoomMemberEventContent::new(MembershipState::Invite),
 			),
 			sender,
-			room_id,
+			Some(room_id),
 			state_lock,
 		)
 		.await
@@ -12,7 +12,7 @@ use conduwuit::{
 use database::{Deserialized, Ignore, Interfix, Map};
 use futures::{Stream, StreamExt, future::join5, pin_mut};
 use ruma::{
-	OwnedRoomId, RoomId, ServerName, UserId,
+	OwnedRoomId, OwnedUserId, RoomId, ServerName, UserId,
 	events::{AnyStrippedStateEvent, AnySyncStateEvent, room::member::MembershipState},
 	serde::Raw,
 };
@@ -49,6 +49,7 @@ struct Data {
 	userroomid_joined: Arc<Map>,
 	userroomid_leftstate: Arc<Map>,
 	userroomid_knockedstate: Arc<Map>,
+	userroomid_invitesender: Arc<Map>,
 }

 type AppServiceInRoomCache = SyncRwLock<HashMap<OwnedRoomId, HashMap<String, bool>>>;
@@ -83,6 +84,7 @@ impl crate::Service for Service {
 				userroomid_joined: args.db["userroomid_joined"].clone(),
 				userroomid_leftstate: args.db["userroomid_leftstate"].clone(),
 				userroomid_knockedstate: args.db["userroomid_knockedstate"].clone(),
+				userroomid_invitesender: args.db["userroomid_invitesender"].clone(),
 			},
 		}))
 	}
@@ -523,3 +525,14 @@ pub async fn is_left(&self, user_id: &UserId, room_id: &RoomId) -> bool {
 	let key = (user_id, room_id);
 	self.db.userroomid_leftstate.qry(&key).await.is_ok()
 }
+
+#[implement(Service)]
+#[tracing::instrument(skip(self), level = "trace")]
+pub async fn invite_sender(&self, user_id: &UserId, room_id: &RoomId) -> Result<OwnedUserId> {
+	let key = (user_id, room_id);
+	self.db
+		.userroomid_invitesender
+		.qry(&key)
+		.await
+		.deserialized()
+}
@@ -1,6 +1,6 @@
 use std::collections::HashSet;

-use conduwuit::{Result, implement, is_not_empty, utils::ReadyExt, warn};
+use conduwuit::{Err, Result, implement, is_not_empty, utils::ReadyExt, warn};
 use database::{Json, serialize_key};
 use futures::StreamExt;
 use ruma::{
@@ -9,6 +9,7 @@ use ruma::{
 		AnyStrippedStateEvent, AnySyncStateEvent, GlobalAccountDataEventType,
 		RoomAccountDataEventType, StateEventType,
 		direct::DirectEvent,
+		invite_permission_config::FilterLevel,
 		room::{
 			create::RoomCreateEventContent,
 			member::{MembershipState, RoomMemberEventContent},
@@ -121,12 +122,21 @@ pub async fn update_membership(
 			self.mark_as_joined(user_id, room_id);
 		},
 		| MembershipState::Invite => {
-			// We want to know if the sender is ignored by the receiver
-			if self.services.users.user_is_ignored(sender, user_id).await {
-				return Ok(());
+			// return an error for blocked invites. ignored invites aren't handled here
+			// since the recipient's membership should still be changed to `invite`.
+			// they're filtered out in the individual /sync handlers
+			if matches!(
+				self.services
+					.users
+					.invite_filter_level(sender, user_id)
+					.await,
+				FilterLevel::Block
+			) {
+				return Err!(Request(InviteBlocked(
+					"{user_id} has blocked invites from {sender}."
+				)));
 			}
-
-			self.mark_as_invited(user_id, room_id, last_state, invite_via)
+			self.mark_as_invited(user_id, room_id, sender, last_state, invite_via)
 				.await;
 		},
 		| MembershipState::Leave | MembershipState::Ban => {
@@ -231,6 +241,7 @@ pub fn mark_as_joined(&self, user_id: &UserId, room_id: &RoomId) {

 	self.db.userroomid_invitestate.remove(&userroom_id);
 	self.db.roomuserid_invitecount.remove(&roomuser_id);
+	self.db.userroomid_invitesender.remove(&userroom_id);

 	self.db.userroomid_leftstate.remove(&userroom_id);
 	self.db.roomuserid_leftcount.remove(&roomuser_id);
@@ -268,6 +279,7 @@ pub fn mark_as_left(&self, user_id: &UserId, room_id: &RoomId) {

 	self.db.userroomid_invitestate.remove(&userroom_id);
 	self.db.roomuserid_invitecount.remove(&roomuser_id);
+	self.db.userroomid_invitesender.remove(&userroom_id);

 	self.db.userroomid_knockedstate.remove(&userroom_id);
 	self.db.roomuserid_knockedcount.remove(&roomuser_id);
@@ -304,6 +316,7 @@ pub fn mark_as_knocked(

 	self.db.userroomid_invitestate.remove(&userroom_id);
 	self.db.roomuserid_invitecount.remove(&roomuser_id);
+	self.db.userroomid_invitesender.remove(&userroom_id);

 	self.db.userroomid_leftstate.remove(&userroom_id);
 	self.db.roomuserid_leftcount.remove(&roomuser_id);
@@ -335,6 +348,7 @@ pub async fn mark_as_invited(
 	&self,
 	user_id: &UserId,
 	room_id: &RoomId,
+	sender_user: &UserId,
 	last_state: Option<Vec<Raw<AnyStrippedStateEvent>>>,
 	invite_via: Option<Vec<OwnedServerName>>,
 ) {
@@ -350,6 +364,9 @@ pub async fn mark_as_invited(
 	self.db
 		.roomuserid_invitecount
 		.raw_aput::<8, _, _>(&roomuser_id, self.services.globals.next_count().unwrap());
+	self.db
+		.userroomid_invitesender
+		.raw_put(&userroom_id, sender_user);

 	self.db.userroomid_joined.remove(&userroom_id);
 	self.db.roomuserid_joined.remove(&roomuser_id);
@@ -3,6 +3,7 @@ use std::{
 	sync::Arc,
 };

+use conduwuit::trace;
 use conduwuit_core::{
 	Result, err, error, implement,
 	matrix::{
@@ -34,6 +35,7 @@ use crate::{appservice::NamespaceRegex, rooms::state_compressor::CompressedState
 /// the server that sent the event.
 #[implement(super::Service)]
 #[tracing::instrument(level = "debug", skip_all)]
+#[allow(clippy::too_many_arguments)]
 pub async fn append_incoming_pdu<'a, Leaves>(
 	&'a self,
 	pdu: &'a PduEvent,
@@ -42,6 +44,7 @@ pub async fn append_incoming_pdu<'a, Leaves>(
 	state_ids_compressed: Arc<CompressedState>,
 	soft_fail: bool,
 	state_lock: &'a RoomMutexGuard,
+	room_id: &'a ruma::RoomId,
 ) -> Result<Option<RawPduId>>
 where
 	Leaves: Iterator<Item = &'a EventId> + Send + 'a,
@@ -51,24 +54,24 @@ where
 	// fail.
 	self.services
 		.state
-		.set_event_state(&pdu.event_id, &pdu.room_id, state_ids_compressed)
+		.set_event_state(&pdu.event_id, room_id, state_ids_compressed)
 		.await?;

 	if soft_fail {
 		self.services
 			.pdu_metadata
-			.mark_as_referenced(&pdu.room_id, pdu.prev_events.iter().map(AsRef::as_ref));
+			.mark_as_referenced(room_id, pdu.prev_events.iter().map(AsRef::as_ref));

-		self.services
-			.state
-			.set_forward_extremities(&pdu.room_id, new_room_leaves, state_lock)
-			.await;
+		// self.services
+		// 	.state
+		// 	.set_forward_extremities(room_id, new_room_leaves, state_lock)
+		// 	.await;

 		return Ok(None);
 	}

 	let pdu_id = self
-		.append_pdu(pdu, pdu_json, new_room_leaves, state_lock)
+		.append_pdu(pdu, pdu_json, new_room_leaves, state_lock, room_id)
 		.await?;

 	Ok(Some(pdu_id))
@@ -88,6 +91,7 @@ pub async fn append_pdu<'a, Leaves>(
 	mut pdu_json: CanonicalJsonObject,
 	leaves: Leaves,
 	state_lock: &'a RoomMutexGuard,
+	room_id: &'a ruma::RoomId,
 ) -> Result<RawPduId>
 where
 	Leaves: Iterator<Item = &'a EventId> + Send + 'a,
@@ -98,7 +102,7 @@ where
 	let shortroomid = self
 		.services
 		.short
-		.get_shortroomid(pdu.room_id())
+		.get_shortroomid(room_id)
 		.await
 		.map_err(|_| err!(Database("Room does not exist")))?;

@@ -151,14 +155,15 @@ where
 	// We must keep track of all events that have been referenced.
 	self.services
 		.pdu_metadata
-		.mark_as_referenced(pdu.room_id(), pdu.prev_events().map(AsRef::as_ref));
+		.mark_as_referenced(room_id, pdu.prev_events().map(AsRef::as_ref));

+	trace!("setting forward extremities");
 	self.services
 		.state
-		.set_forward_extremities(pdu.room_id(), leaves, state_lock)
+		.set_forward_extremities(room_id, leaves, state_lock)
 		.await;

-	let insert_lock = self.mutex_insert.lock(pdu.room_id()).await;
+	let insert_lock = self.mutex_insert.lock(room_id).await;

 	let count1 = self.services.globals.next_count().unwrap();

@@ -166,11 +171,11 @@ where
 	// appending fails
 	self.services
 		.read_receipt
-		.private_read_set(pdu.room_id(), pdu.sender(), count1);
+		.private_read_set(room_id, pdu.sender(), count1);

 	self.services
 		.user
-		.reset_notification_counts(pdu.sender(), pdu.room_id());
+		.reset_notification_counts(pdu.sender(), room_id);

 	let count2 = PduCount::Normal(self.services.globals.next_count().unwrap());
 	let pdu_id: RawPduId = PduId { shortroomid, shorteventid: count2 }.into();
@@ -184,14 +189,14 @@ where
 	let power_levels: RoomPowerLevelsEventContent = self
 		.services
 		.state_accessor
-		.room_state_get_content(pdu.room_id(), &StateEventType::RoomPowerLevels, "")
+		.room_state_get_content(room_id, &StateEventType::RoomPowerLevels, "")
 		.await
 		.unwrap_or_default();

 	let mut push_target: HashSet<_> = self
 			.services
 			.state_cache
-			.active_local_users_in_room(pdu.room_id())
+			.active_local_users_in_room(room_id)
 			.map(ToOwned::to_owned)
 			// Don't notify the sender of their own events, and dont send from ignored users
 			.ready_filter(|user| *user != pdu.sender())
@@ -230,7 +235,7 @@ where
 		for action in self
 			.services
 			.pusher
-			.get_actions(user, &rules_for_user, &power_levels, &serialized, pdu.room_id())
+			.get_actions(user, &rules_for_user, &power_levels, &serialized, room_id)
 			.await
 		{
 			match action {
@@ -268,20 +273,20 @@ where
 	}

 	self.db
-		.increment_notification_counts(pdu.room_id(), notifies, highlights);
+		.increment_notification_counts(room_id, notifies, highlights);

 	match *pdu.kind() {
 		| TimelineEventType::RoomRedaction => {
 			use RoomVersionId::*;

-			let room_version_id = self.services.state.get_room_version(pdu.room_id()).await?;
+			let room_version_id = self.services.state.get_room_version(room_id).await?;
 			match room_version_id {
 				| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 => {
 					if let Some(redact_id) = pdu.redacts() {
 						if self
 							.services
 							.state_accessor
-							.user_can_redact(redact_id, pdu.sender(), pdu.room_id(), false)
+							.user_can_redact(redact_id, pdu.sender(), room_id, false)
 							.await?
 						{
 							self.redact_pdu(redact_id, pdu, shortroomid).await?;
@@ -294,7 +299,7 @@ where
 						if self
 							.services
 							.state_accessor
-							.user_can_redact(redact_id, pdu.sender(), pdu.room_id(), false)
+							.user_can_redact(redact_id, pdu.sender(), room_id, false)
 							.await?
 						{
 							self.redact_pdu(redact_id, pdu, shortroomid).await?;
@@ -310,7 +315,7 @@ where
 					.roomid_spacehierarchy_cache
 					.lock()
 					.await
-					.remove(pdu.room_id());
+					.remove(room_id);
 			},
 		| TimelineEventType::RoomMember => {
 			if let Some(state_key) = pdu.state_key() {
@@ -320,8 +325,12 @@ where

 				let content: RoomMemberEventContent = pdu.get_content()?;
 				let stripped_state = match content.membership {
-					| MembershipState::Invite | MembershipState::Knock =>
-						self.services.state.summary_stripped(pdu).await.into(),
+					| MembershipState::Invite | MembershipState::Knock => self
+						.services
+						.state
+						.summary_stripped(pdu, room_id)
+						.await
+						.into(),
 					| _ => None,
 				};

@@ -331,7 +340,7 @@ where
 				self.services
 					.state_cache
 					.update_membership(
-						pdu.room_id(),
+						room_id,
 						target_user_id,
 						content,
 						pdu.sender(),
@@ -392,7 +401,7 @@ where
 		if self
 			.services
 			.state_cache
-			.appservice_in_room(pdu.room_id(), appservice)
+			.appservice_in_room(room_id, appservice)
 			.await
 		{
 			self.services
@@ -430,12 +439,12 @@ where
 		let matching_aliases = |aliases: NamespaceRegex| {
 			self.services
 				.alias
-				.local_aliases_for_room(pdu.room_id())
+				.local_aliases_for_room(room_id)
 				.ready_any(move |room_alias| aliases.is_match(room_alias.as_str()))
 		};

 		if matching_aliases(appservice.aliases.clone()).await
-			|| appservice.rooms.is_match(pdu.room_id().as_str())
+			|| appservice.rooms.is_match(room_id.as_str())
 			|| matching_users(&appservice.users)
 		{
 			self.services
@@ -1,6 +1,6 @@
 use std::iter::once;

-use conduwuit::{Err, PduEvent};
+use conduwuit::{Err, PduEvent, RoomVersion};
 use conduwuit_core::{
 	Result, debug, debug_warn, err, implement, info,
 	matrix::{
@@ -12,10 +12,11 @@ use conduwuit_core::{
 };
 use futures::{FutureExt, StreamExt};
 use ruma::{
-	CanonicalJsonObject, EventId, RoomId, ServerName,
+	CanonicalJsonObject, EventId, Int, RoomId, ServerName,
 	api::federation,
 	events::{
-		StateEventType, TimelineEventType, room::power_levels::RoomPowerLevelsEventContent,
+		StateEventType, TimelineEventType,
+		room::{create::RoomCreateEventContent, power_levels::RoomPowerLevelsEventContent},
 	},
 	uint,
 };
@@ -24,7 +25,7 @@ use serde_json::value::RawValue as RawJsonValue;
 use super::ExtractBody;

 #[implement(super::Service)]
-#[tracing::instrument(name = "backfill", level = "debug", skip(self))]
+#[tracing::instrument(name = "backfill", level = "trace", skip(self))]
 pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Result<()> {
 	if self
 		.services
@@ -39,6 +40,7 @@ pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Re
 			.await
 	{
 		// Room is empty (1 user or none), there is no one that can backfill
+		debug_warn!("Room {room_id} is empty, skipping backfill");
 		return Ok(());
 	}

@@ -49,6 +51,7 @@ pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Re

 	if first_pdu.0 < from {
 		// No backfill required, there are still events between them
+		debug!("No backfill required in room {room_id}, {:?} < {from}", first_pdu.0);
 		return Ok(());
 	}

@@ -58,11 +61,47 @@ pub async fn backfill_if_required(&self, room_id: &RoomId, from: PduCount) -> Re
 		.room_state_get_content(room_id, &StateEventType::RoomPowerLevels, "")
 		.await
 		.unwrap_or_default();
+	let create_event_content: RoomCreateEventContent = self
+		.services
+		.state_accessor
+		.room_state_get_content(room_id, &StateEventType::RoomCreate, "")
+		.await?;
+	let create_event = self
+		.services
+		.state_accessor
+		.room_state_get(room_id, &StateEventType::RoomCreate, "")
+		.await?;

-	let room_mods = power_levels.users.iter().filter_map(|(user_id, level)| {
-		if level > &power_levels.users_default && !self.services.globals.user_is_local(user_id) {
+	let room_version =
+		RoomVersion::new(&create_event_content.room_version).expect("supported room version");
+	let mut users = power_levels.users.clone();
+	if room_version.explicitly_privilege_room_creators {
+		users.insert(create_event.sender().to_owned(), Int::MAX);
+		if let Some(additional_creators) = &create_event_content.additional_creators {
+			for user_id in additional_creators {
+				users.insert(user_id.to_owned(), Int::MAX);
+			}
+		}
+	}
+
+	let room_mods = users.iter().filter_map(|(user_id, level)| {
+		let remote_powered =
+			level > &power_levels.users_default && !self.services.globals.user_is_local(user_id);
+		let creator = if room_version.explicitly_privilege_room_creators {
+			create_event.sender() == user_id
+				|| create_event_content
+					.additional_creators
+					.as_ref()
+					.is_some_and(|c| c.contains(user_id))
+		} else {
+			false
+		};
+
+		if remote_powered || creator {
+			debug!(%remote_powered, %creator, "User {user_id} can backfill in room {room_id}");
 			Some(user_id.server_name())
 		} else {
+			debug!(%remote_powered, %creator, "User {user_id} cannot backfill in room {room_id}");
 			None
 		}
 	});
@@ -1,5 +1,6 @@
 use std::{collections::HashSet, iter::once};

+use conduwuit::trace;
 use conduwuit_core::{
 	Err, Result, implement,
 	matrix::{event::Event, pdu::PduBuilder},
@@ -23,32 +24,34 @@ use super::RoomMutexGuard;
 /// takes a roomid_mutex_state, meaning that only this function is able to
 /// mutate the room state.
 #[implement(super::Service)]
-#[tracing::instrument(skip(self, state_lock), level = "debug")]
+#[tracing::instrument(skip(self, state_lock, pdu_builder), level = "trace")]
 pub async fn build_and_append_pdu(
 	&self,
 	pdu_builder: PduBuilder,
 	sender: &UserId,
-	room_id: &RoomId,
+	room_id: Option<&RoomId>,
 	state_lock: &RoomMutexGuard,
 ) -> Result<OwnedEventId> {
 	let (pdu, pdu_json) = self
 		.create_hash_and_sign_event(pdu_builder, sender, room_id, state_lock)
 		.await?;

-	if self.services.admin.is_admin_room(pdu.room_id()).await {
+	let room_id = pdu.room_id_or_hash();
+	if self.services.admin.is_admin_room(&room_id).await {
 		self.check_pdu_for_admin_room(&pdu, sender).boxed().await?;
 	}

 	// If redaction event is not authorized, do not append it to the timeline
 	if *pdu.kind() == TimelineEventType::RoomRedaction {
 		use RoomVersionId::*;
-		match self.services.state.get_room_version(pdu.room_id()).await? {
+		trace!("Running redaction checks for room {room_id}");
+		match self.services.state.get_room_version(&room_id).await? {
 			| V1 | V2 | V3 | V4 | V5 | V6 | V7 | V8 | V9 | V10 => {
 				if let Some(redact_id) = pdu.redacts() {
 					if !self
 						.services
 						.state_accessor
-						.user_can_redact(redact_id, pdu.sender(), pdu.room_id(), false)
+						.user_can_redact(redact_id, pdu.sender(), &room_id, false)
 						.await?
 					{
 						return Err!(Request(Forbidden("User cannot redact this event.")));
@@ -61,7 +64,7 @@ pub async fn build_and_append_pdu(
 					if !self
 						.services
 						.state_accessor
-						.user_can_redact(redact_id, pdu.sender(), pdu.room_id(), false)
+						.user_can_redact(redact_id, pdu.sender(), &room_id, false)
 						.await?
 					{
 						return Err!(Request(Forbidden("User cannot redact this event.")));
@@ -72,6 +75,7 @@ pub async fn build_and_append_pdu(
 	}

 	if *pdu.kind() == TimelineEventType::RoomMember {
+		trace!("Running room member checks for room {room_id}");
 		let content: RoomMemberEventContent = pdu.get_content()?;

 		if content.join_authorized_via_users_server.is_some()
@@ -93,12 +97,22 @@ pub async fn build_and_append_pdu(
 			)));
 		}
 	}
+	if *pdu.kind() == TimelineEventType::RoomCreate {
+		trace!("Creating shortroomid for {room_id}");
+		self.services
+			.short
+			.get_or_create_shortroomid(&room_id)
+			.await;
+	}

 	// We append to state before appending the pdu, so we don't have a moment in
 	// time with the pdu without it's state. This is okay because append_pdu can't
 	// fail.
-	let statehashid = self.services.state.append_to_state(&pdu).await?;
+	trace!("Appending {} state for room {room_id}", pdu.event_id());
+	let statehashid = self.services.state.append_to_state(&pdu, &room_id).await?;
+	trace!("State hash ID for {room_id}: {statehashid:?}");

+	trace!("Generating raw ID for PDU {}", pdu.event_id());
 	let pdu_id = self
 		.append_pdu(
 			&pdu,
@@ -107,20 +121,22 @@ pub async fn build_and_append_pdu(
 			// of the room
 			once(pdu.event_id()),
 			state_lock,
+			&room_id,
 		)
 		.boxed()
 		.await?;

 	// We set the room state after inserting the pdu, so that we never have a moment
 	// in time where events in the current room state do not exist
+	trace!("Setting room state for room {room_id}");
 	self.services
 		.state
-		.set_room_state(pdu.room_id(), statehashid, state_lock);
+		.set_room_state(&room_id, statehashid, state_lock);

 	let mut servers: HashSet<OwnedServerName> = self
 		.services
 		.state_cache
-		.room_servers(pdu.room_id())
+		.room_servers(&room_id)
 		.map(ToOwned::to_owned)
 		.collect()
 		.await;
@@ -141,11 +157,13 @@ pub async fn build_and_append_pdu(
 	// room_servers() and/or the if statement above
 	servers.remove(self.services.globals.server_name());

+	trace!("Sending PDU {} to {} servers", pdu.event_id(), servers.len());
 	self.services
 		.sending
 		.send_pdu_servers(servers.iter().map(AsRef::as_ref).stream(), &pdu_id)
 		.await?;

+	trace!("Event {} in room {:?} has been appended", pdu.event_id(), room_id);
 	Ok(pdu.event_id().to_owned())
 }

@@ -179,7 +197,7 @@ where
 					let count = self
 						.services
 						.state_cache
-						.room_members(pdu.room_id())
+						.room_members(&pdu.room_id_or_hash())
 						.ready_filter(|user| self.services.globals.user_is_local(user))
 						.ready_filter(|user| *user != target)
 						.boxed()
@@ -203,7 +221,7 @@ where
 					let count = self
 						.services
 						.state_cache
-						.room_members(pdu.room_id())
+						.room_members(&pdu.room_id_or_hash())
 						.ready_filter(|user| self.services.globals.user_is_local(user))
 						.ready_filter(|user| *user != target)
 						.boxed()
@@ -1,5 +1,6 @@
-use std::cmp;
+use std::{cmp, collections::HashMap};

+use conduwuit::{smallstr::SmallString, trace};
 use conduwuit_core::{
 	Err, Error, Result, err, implement,
 	matrix::{
@@ -8,16 +9,17 @@ use conduwuit_core::{
 		state_res::{self, RoomVersion},
 	},
 	utils::{self, IterStream, ReadyExt, stream::TryIgnore},
+	warn,
 };
 use futures::{StreamExt, TryStreamExt, future, future::ready};
 use ruma::{
-	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, RoomId, RoomVersionId, UserId,
+	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, OwnedRoomId, RoomId, RoomVersionId,
+	UserId,
 	canonical_json::to_canonical_value,
 	events::{StateEventType, TimelineEventType, room::create::RoomCreateEventContent},
 	uint,
 };
-use serde_json::value::to_raw_value;
-use tracing::warn;
+use serde_json::value::{RawValue, to_raw_value};

 use super::RoomMutexGuard;

@@ -26,10 +28,26 @@ pub async fn create_hash_and_sign_event(
 	&self,
 	pdu_builder: PduBuilder,
 	sender: &UserId,
-	room_id: &RoomId,
+	room_id: Option<&RoomId>,
 	_mutex_lock: &RoomMutexGuard, /* Take mutex guard to make sure users get the room
 	                               * state mutex */
 ) -> Result<(PduEvent, CanonicalJsonObject)> {
+	#[allow(clippy::boxed_local)]
+	fn from_evt(
+		room_id: OwnedRoomId,
+		event_type: &TimelineEventType,
+		content: &RawValue,
+	) -> Result<RoomVersionId> {
+		if event_type == &TimelineEventType::RoomCreate {
+			let content: RoomCreateEventContent = serde_json::from_str(content.get())?;
+			Ok(content.room_version)
+		} else {
+			Err(Error::InconsistentRoomState(
+				"non-create event for room of unknown version",
+				room_id,
+			))
+		}
+	}
 	let PduBuilder {
 		event_type,
 		content,
@@ -38,86 +56,114 @@ pub async fn create_hash_and_sign_event(
 		redacts,
 		timestamp,
 	} = pdu_builder;
-
-	let prev_events: Vec<OwnedEventId> = self
-		.services
-		.state
-		.get_forward_extremities(room_id)
-		.take(20)
-		.map(Into::into)
-		.collect()
-		.await;
-
 	// If there was no create event yet, assume we are creating a room
-	let room_version_id = self
-		.services
-		.state
-		.get_room_version(room_id)
-		.await
-		.or_else(|_| {
-			if event_type == TimelineEventType::RoomCreate {
-				let content: RoomCreateEventContent = serde_json::from_str(content.get())?;
-				Ok(content.room_version)
-			} else {
-				Err(Error::InconsistentRoomState(
-					"non-create event for room of unknown version",
-					room_id.to_owned(),
-				))
-			}
-		})?;
+	trace!(
+		"Creating event of type {} in room {}",
+		event_type,
+		room_id.as_ref().map_or("None", |id| id.as_str())
+	);
+	let room_version_id = match room_id {
+		| Some(room_id) => {
+			trace!(%room_id, "Looking up existing room ID");
+			self.services
+				.state
+				.get_room_version(room_id)
+				.await
+				.or_else(|_| {
+					from_evt(room_id.to_owned(), &event_type.clone(), &content.clone())
+				})?
+		},
+		| None => {
+			trace!("No room ID, assuming room creation");
+			from_evt(
+				RoomId::new(self.services.globals.server_name()),
+				&event_type.clone(),
+				&content.clone(),
+			)?
+		},
+	};

 	let room_version = RoomVersion::new(&room_version_id).expect("room version is supported");

-	let auth_events = self
-		.services
-		.state
-		.get_auth_events(room_id, &event_type, sender, state_key.as_deref(), &content)
-		.await?;
+	let prev_events: Vec<OwnedEventId> = match room_id {
+		| Some(room_id) =>
+			self.services
+				.state
+				.get_forward_extremities(room_id)
+				.take(20)
+				.map(Into::into)
+				.collect()
+				.await,
+		| None => Vec::new(),
+	};

+	let auth_events: HashMap<(StateEventType, SmallString<[u8; 48]>), PduEvent> = match room_id {
+		| Some(room_id) =>
+			self.services
+				.state
+				.get_auth_events(
+					room_id,
+					&event_type,
+					sender,
+					state_key.as_deref(),
+					&content,
+					&room_version,
+				)
+				.await?,
+		| None => HashMap::new(),
+	};
 	// Our depth is the maximum depth of prev_events + 1
-	let depth = prev_events
-		.iter()
-		.stream()
-		.map(Ok)
-		.and_then(|event_id| self.get_pdu(event_id))
-		.and_then(|pdu| future::ok(pdu.depth))
-		.ignore_err()
-		.ready_fold(uint!(0), cmp::max)
-		.await
-		.saturating_add(uint!(1));
+	let depth = match room_id {
+		| Some(_) => prev_events
+			.iter()
+			.stream()
+			.map(Ok)
+			.and_then(|event_id| self.get_pdu(event_id))
+			.and_then(|pdu| future::ok(pdu.depth))
+			.ignore_err()
+			.ready_fold(uint!(0), cmp::max)
+			.await
+			.saturating_add(uint!(1)),
+		| None => uint!(1),
+	};

 	let mut unsigned = unsigned.unwrap_or_default();

-	if let Some(state_key) = &state_key {
-		if let Ok(prev_pdu) = self
-			.services
-			.state_accessor
-			.room_state_get(room_id, &event_type.to_string().into(), state_key)
-			.await
-		{
-			unsigned.insert("prev_content".to_owned(), prev_pdu.get_content_as_value());
-			unsigned.insert("prev_sender".to_owned(), serde_json::to_value(prev_pdu.sender())?);
-			unsigned
-				.insert("replaces_state".to_owned(), serde_json::to_value(prev_pdu.event_id())?);
+	if let Some(room_id) = room_id {
+		if let Some(state_key) = &state_key {
+			if let Ok(prev_pdu) = self
+				.services
+				.state_accessor
+				.room_state_get(room_id, &event_type.clone().to_string().into(), state_key)
+				.await
+			{
+				unsigned.insert("prev_content".to_owned(), prev_pdu.get_content_as_value());
+				unsigned
+					.insert("prev_sender".to_owned(), serde_json::to_value(prev_pdu.sender())?);
+				unsigned.insert(
+					"replaces_state".to_owned(),
+					serde_json::to_value(prev_pdu.event_id())?,
+				);
+			}
 		}
 	}

-	if event_type != TimelineEventType::RoomCreate && prev_events.is_empty() {
-		return Err!(Request(Unknown("Event incorrectly had zero prev_events.")));
-	}
-	if state_key.is_none() && depth.lt(&uint!(2)) {
-		// The first two events in a room are always m.room.create and m.room.member,
-		// so any other events with that same depth are illegal.
-		warn!(
-			"Had unsafe depth {depth} when creating non-state event in {room_id}. Cowardly \
-			 aborting"
-		);
-		return Err!(Request(Unknown("Unsafe depth for non-state event.")));
-	}
+	// if event_type != TimelineEventType::RoomCreate && prev_events.is_empty() {
+	// 	return Err!(Request(Unknown("Event incorrectly had zero prev_events.")));
+	// }
+	// if state_key.is_none() && depth.lt(&uint!(2)) {
+	// 	// The first two events in a room are always m.room.create and
+	// m.room.member, 	// so any other events with that same depth are illegal.
+	// 	warn!(
+	// 		"Had unsafe depth {depth} when creating non-state event in {}. Cowardly
+	// aborting", 		room_id.expect("room_id is Some here").as_str()
+	// 	);
+	// 	return Err!(Request(Unknown("Unsafe depth for non-state event.")));
+	// }

 	let mut pdu = PduEvent {
 		event_id: ruma::event_id!("$thiswillbefilledinlater").into(),
-		room_id: room_id.to_owned(),
+		room_id: room_id.map(ToOwned::to_owned),
 		sender: sender.to_owned(),
 		origin: None,
 		origin_server_ts: timestamp.map_or_else(
@@ -152,11 +198,30 @@ pub async fn create_hash_and_sign_event(
 		ready(auth_events.get(&key).map(ToOwned::to_owned))
 	};

+	let room_id_or_hash = pdu.room_id_or_hash();
+	let create_pdu = match &pdu.kind {
+		| TimelineEventType::RoomCreate => None,
+		| _ => Some(
+			self.services
+				.state_accessor
+				.room_state_get(&room_id_or_hash, &StateEventType::RoomCreate, "")
+				.await
+				.map_err(|e| {
+					err!(Request(Forbidden(warn!("Failed to fetch room create event: {e}"))))
+				})?,
+		),
+	};
+	let create_event = match &pdu.kind {
+		| TimelineEventType::RoomCreate => &pdu,
+		| _ => create_pdu.as_ref().unwrap().as_pdu(),
+	};
+
 	let auth_check = state_res::auth_check(
 		&room_version,
 		&pdu,
 		None, // TODO: third_party_invite
 		auth_fetch,
+		create_event,
 	)
 	.await
 	.map_err(|e| err!(Request(Forbidden(warn!("Auth check failed: {e:?}")))))?;
@@ -164,6 +229,11 @@ pub async fn create_hash_and_sign_event(
 	if !auth_check {
 		return Err!(Request(Forbidden("Event is not authorized.")));
 	}
+	trace!(
+		"Event {} in room {} is authorized",
+		pdu.event_id,
+		pdu.room_id.as_ref().map_or("None", |id| id.as_str())
+	);

 	// Hash and sign
 	let mut pdu_json = utils::to_canonical_object(&pdu).map_err(|e| {
@@ -178,13 +248,13 @@ pub async fn create_hash_and_sign_event(
 		},
 	}

-	// Add origin because synapse likes that (and it's required in the spec)
 	pdu_json.insert(
 		"origin".to_owned(),
 		to_canonical_value(self.services.globals.server_name())
 			.expect("server name is a valid CanonicalJsonValue"),
 	);

+	trace!("hashing and signing event {}", pdu.event_id);
 	if let Err(e) = self
 		.services
 		.server_keys
@@ -197,37 +267,72 @@ pub async fn create_hash_and_sign_event(
 			| _ => Err!(Request(Unknown(warn!("Signing event failed: {e}")))),
 		};
 	}
-
+	// Check with the policy server
 	// Generate event id
 	pdu.event_id = gen_event_id(&pdu_json, &room_version_id)?;
-
 	pdu_json.insert("event_id".into(), CanonicalJsonValue::String(pdu.event_id.clone().into()));
+	if room_id.is_some() {
+		trace!(
+			"Checking event in room {} with policy server",
+			pdu.room_id.as_ref().map_or("None", |id| id.as_str())
+		);
+		match self
+			.services
+			.event_handler
+			.ask_policy_server(&pdu, &pdu_json, pdu.room_id().expect("has room ID"))
+			.await
+		{
+			| Ok(true) => {},
+			| Ok(false) => {
+				return Err!(Request(Forbidden(debug_warn!(
+					"Policy server marked this event as spam"
+				))));
+			},
+			| Err(e) => {
+				// fail open
+				warn!("Failed to check event with policy server: {e}");
+			},
+		}
+	}

 	// Check with the policy server
-	match self
-		.services
-		.event_handler
-		.ask_policy_server(&pdu, room_id)
-		.await
-	{
-		| Ok(true) => {},
-		| Ok(false) => {
-			return Err!(Request(Forbidden(debug_warn!(
-				"Policy server marked this event as spam"
-			))));
-		},
-		| Err(e) => {
-			// fail open
-			warn!("Failed to check event with policy server: {e}");
-		},
+	if room_id.is_some() {
+		trace!(
+			"Checking event {} in room {} with policy server",
+			pdu.event_id,
+			pdu.room_id.as_ref().map_or("None", |id| id.as_str())
+		);
+		match self
+			.services
+			.event_handler
+			.ask_policy_server(&pdu, &pdu_json, &pdu.room_id_or_hash())
+			.await
+		{
+			| Ok(true) => {},
+			| Ok(false) => {
+				return Err!(Request(Forbidden(debug_warn!(
+					"Policy server marked this event as spam"
+				))));
+			},
+			| Err(e) => {
+				// fail open
+				warn!("Failed to check event with policy server: {e}");
+			},
+		}
 	}

 	// Generate short event id
+	trace!(
+		"Generating short event ID for {} in room {}",
+		pdu.event_id,
+		pdu.room_id.as_ref().map_or("None", |id| id.as_str())
+	);
 	let _shorteventid = self
 		.services
 		.short
 		.get_or_create_shorteventid(&pdu.event_id)
 		.await;

+	trace!("New PDU created: {pdu:?}");
 	Ok((pdu, pdu_json))
 }
@@ -39,7 +39,11 @@ pub async fn redact_pdu<Pdu: Event + Send + Sync>(
 		}
 	}

-	let room_version_id = self.services.state.get_room_version(pdu.room_id()).await?;
+	let room_version_id = self
+		.services
+		.state
+		.get_room_version(&pdu.room_id_or_hash())
+		.await?;

 	pdu.redact(&room_version_id, reason.to_value())?;

@@ -798,7 +798,7 @@ impl Service {
 			let unread: UInt = self
 				.services
 				.user
-				.notification_count(&user_id, pdu.room_id())
+				.notification_count(&user_id, &pdu.room_id_or_hash())
 				.await
 				.try_into()
 				.expect("notification count can't go that high");
@@ -1,6 +1,6 @@
 use std::borrow::Borrow;

-use conduwuit::{Err, Result, implement};
+use conduwuit::{Err, Result, debug_error, implement, trace};
 use ruma::{
 	CanonicalJsonObject, RoomVersionId, ServerName, ServerSigningKeyId,
 	api::federation::discovery::VerifyKey,
@@ -19,9 +19,11 @@ pub async fn get_event_keys(
 	let required = match required_keys(object, version) {
 		| Ok(required) => required,
 		| Err(e) => {
+			debug_error!("Failed to determine keys required to verify: {e}");
 			return Err!(BadServerResponse("Failed to determine keys required to verify: {e}"));
 		},
 	};
+	trace!(?required, "Keys required to verify event");

 	let batch = required
 		.iter()
@@ -61,6 +63,7 @@ where
 }

 #[implement(super::Service)]
+#[tracing::instrument(skip(self))]
 pub async fn get_verify_key(
 	&self,
 	origin: &ServerName,
@@ -70,6 +73,7 @@ pub async fn get_verify_key(
 	let notary_only = self.services.server.config.only_query_trusted_key_servers;

 	if let Some(result) = self.verify_keys_for(origin).await.remove(key_id) {
+		trace!("Found key in cache");
 		return Ok(result);
 	}

@@ -8,7 +8,7 @@ mod verify;
 use std::{collections::BTreeMap, sync::Arc, time::Duration};

 use conduwuit::{
-	Result, Server, implement,
+	Result, Server, debug_error, debug_warn, implement, trace,
 	utils::{IterStream, timepoint_from_now},
 };
 use database::{Deserialized, Json, Map};
@@ -112,6 +112,7 @@ async fn add_signing_keys(&self, new_keys: ServerSigningKeys) {
 }

 #[implement(Service)]
+#[tracing::instrument(skip(self, object))]
 pub async fn required_keys_exist(
 	&self,
 	object: &CanonicalJsonObject,
@@ -119,10 +120,12 @@ pub async fn required_keys_exist(
 ) -> bool {
 	use ruma::signatures::required_keys;

+	trace!(?object, "Checking required keys exist");
 	let Ok(required_keys) = required_keys(object, version) else {
+		debug_error!("Failed to determine required keys");
 		return false;
 	};
-
+	trace!(?required_keys, "Required keys to verify event");
 	required_keys
 		.iter()
 		.flat_map(|(server, key_ids)| key_ids.iter().map(move |key_id| (server, key_id)))
@@ -132,6 +135,7 @@ pub async fn required_keys_exist(
 }

 #[implement(Service)]
+#[tracing::instrument(skip(self))]
 pub async fn verify_key_exists(&self, origin: &ServerName, key_id: &ServerSigningKeyId) -> bool {
 	type KeysMap<'a> = BTreeMap<&'a ServerSigningKeyId, &'a RawJsonValue>;

@@ -142,6 +146,7 @@ pub async fn verify_key_exists(&self, origin: &ServerName, key_id: &ServerSignin
 		.await
 		.deserialized::<Raw<ServerSigningKeys>>()
 	else {
+		debug_warn!("No known signing keys found for {origin}");
 		return false;
 	};

@@ -157,6 +162,7 @@ pub async fn verify_key_exists(&self, origin: &ServerName, key_id: &ServerSignin
 		}
 	}

+	debug_warn!("Key {key_id} not found for {origin}");
 	false
 }

@@ -1,4 +1,6 @@
-use conduwuit::{Err, Result, implement, matrix::event::gen_event_id_canonical_json};
+use conduwuit::{
+	Err, Result, debug_warn, implement, matrix::event::gen_event_id_canonical_json, trace,
+};
 use ruma::{
 	CanonicalJsonObject, CanonicalJsonValue, OwnedEventId, RoomVersionId, signatures::Verified,
 };
@@ -28,18 +30,25 @@ pub async fn validate_and_add_event_id_no_fetch(
 	pdu: &RawJsonValue,
 	room_version: &RoomVersionId,
 ) -> Result<(OwnedEventId, CanonicalJsonObject)> {
+	trace!(?pdu, "Validating PDU without fetching keys");
 	let (event_id, mut value) = gen_event_id_canonical_json(pdu, room_version)?;
+	trace!(event_id = event_id.as_str(), "Generated event ID, checking required keys");
 	if !self.required_keys_exist(&value, room_version).await {
+		debug_warn!(
+			"Event {event_id} is missing required keys, cannot verify without fetching keys"
+		);
 		return Err!(BadServerResponse(debug_warn!(
 			"Event {event_id} cannot be verified: missing keys."
 		)));
 	}
-
+	trace!("All required keys exist, verifying event");
 	if let Err(e) = self.verify_event(&value, Some(room_version)).await {
+		debug_warn!("Event verification failed");
 		return Err!(BadServerResponse(debug_error!(
 			"Event {event_id} failed verification: {e:?}"
 		)));
 	}
+	trace!("Event verified successfully");

 	value.insert("event_id".into(), CanonicalJsonValue::String(event_id.as_str().into()));

@@ -52,7 +61,7 @@ pub async fn verify_event(
 	event: &CanonicalJsonObject,
 	room_version: Option<&RoomVersionId>,
 ) -> Result<Verified> {
-	let room_version = room_version.unwrap_or(&RoomVersionId::V11);
+	let room_version = room_version.unwrap_or(&RoomVersionId::V12);
 	let keys = self.get_event_keys(event, room_version).await?;
 	ruma::signatures::verify_event(&keys, event, room_version).map_err(Into::into)
 }
@@ -63,7 +72,7 @@ pub async fn verify_json(
 	event: &CanonicalJsonObject,
 	room_version: Option<&RoomVersionId>,
 ) -> Result {
-	let room_version = room_version.unwrap_or(&RoomVersionId::V11);
+	let room_version = room_version.unwrap_or(&RoomVersionId::V12);
 	let keys = self.get_event_keys(event, room_version).await?;
 	ruma::signatures::verify_json(&keys, event.clone()).map_err(Into::into)
 }
@@ -20,7 +20,9 @@ use ruma::{
 	api::client::{device::Device, error::ErrorKind, filter::FilterDefinition},
 	encryption::{CrossSigningKey, DeviceKeys, OneTimeKey},
 	events::{
-		AnyToDeviceEvent, GlobalAccountDataEventType, ignored_user_list::IgnoredUserListEvent,
+		AnyToDeviceEvent, GlobalAccountDataEventType,
+		ignored_user_list::IgnoredUserListEvent,
+		invite_permission_config::{FilterLevel, InvitePermissionConfigEvent},
 	},
 	serde::Raw,
 };
@@ -139,6 +141,26 @@ impl Service {
 			})
 	}

+	/// Returns the recipient's filter level for an invite from the sender.
+	pub async fn invite_filter_level(
+		&self,
+		sender_user: &UserId,
+		recipient_user: &UserId,
+	) -> FilterLevel {
+		if self.user_is_ignored(sender_user, recipient_user).await {
+			FilterLevel::Ignore
+		} else {
+			self.services
+				.account_data
+				.get_global(recipient_user, GlobalAccountDataEventType::InvitePermissionConfig)
+				.await
+				.map(|config: InvitePermissionConfigEvent| {
+					config.content.user_filter_level(sender_user)
+				})
+				.unwrap_or(FilterLevel::Allow)
+		}
+	}
+
 	/// Check if a user is an admin
 	#[inline]
 	pub async fn is_admin(&self, user_id: &UserId) -> bool {
@@ -1102,34 +1124,6 @@ impl Service {
 		Ok(user_id)
 	}

-	#[inline]
-	fn parse_profile_kv(
-		&self,
-		user_id: &UserId,
-		key: &str,
-		value: Vec<u8>,
-	) -> Result<serde_json::Value> {
-		match serde_json::from_slice(&value) {
-			| Ok(value) => Ok(value),
-			| Err(error) => {
-				// Due to an old bug, some conduwuit databases have `us.cloke.msc4175.tz` user
-				// profile fields with raw strings instead of quoted JSON ones.
-				if key == "us.cloke.msc4175.tz" {
-					// TODO insert a hint about this being a cold path
-					debug_warn!(
-						"Fixing corrupt `us.cloke.msc4175.tz` field in the profile of {}",
-						user_id
-					);
-					let raw_tz = serde_json::Value::String(String::from_utf8(value)?);
-					self.set_profile_key(user_id, "us.cloke.msc4175.tz", Some(raw_tz.clone()));
-					Ok(raw_tz)
-				} else {
-					Err(error.into())
-				}
-			},
-		}
-	}
-
 	/// Gets a specific user profile key
 	pub async fn profile_key(
 		&self,
@@ -1141,7 +1135,7 @@ impl Service {
 			.useridprofilekey_value
 			.qry(&key)
 			.await
-			.and_then(|handle| self.parse_profile_kv(user_id, profile_key, handle.to_vec()))
+			.and_then(|handle| serde_json::from_slice(&handle).map_err(Into::into))
 	}

 	/// Gets all the user's profile keys and values in an iterator
@@ -1156,10 +1150,7 @@ impl Service {
 			.useridprofilekey_value
 			.stream_prefix(&prefix)
 			.ignore_err()
-			.map(|((_, key), value): KeyVal<'_>| {
-				let value = self.parse_profile_kv(user_id, &key, value.to_vec())?;
-				Ok((key, value))
-			})
+			.map(|((_, key), value): KeyVal<'_>| Ok((key, serde_json::from_slice(value)?)))
 			.ignore_err()
 	}
Author	SHA1	Message	Date
timedout	bb6c513ee8	chore: Bump version to 0.5.0-rc.8.1	2025-11-16 21:00:14 +00:00
Jade Ellis	5241f89ebc	ci: Run image release workflow on tag (cherry picked from commit `e5e2db37d9`)	2025-11-16 21:00:14 +00:00
timedout	e2349de270	style: Fix clippy failures from `9e73146` (cherry picked from commit `def8816c02`)	2025-11-16 20:05:57 +00:00
timedout	7c51688251	fix: Restore continuwuity's remembering capabilities (cherry picked from commit `9e73146b19`)	2025-11-16 20:05:57 +00:00
timedout	80399a0be0	fix(1163): Resolve algorithm misinterpretations (cherry picked from commit `9375e81974`)	2025-11-16 20:05:57 +00:00
Jade	bdcd08dd01	fix: Don't break when encountering the server user, as there may be real users after (cherry picked from commit `45e4053883`)	2025-11-16 20:05:57 +00:00
timedout	55df764af2	fix(user_can): Fix room creators being unable to redact events in v12 rooms (cherry picked from commit `fbf48addc7`)	2025-11-16 20:05:57 +00:00
nexy7574	6d2cac66b7	fix: Kicks in !v12 are impossible (cherry picked from commit `cbf726580f`)	2025-11-16 20:05:57 +00:00
nexy7574	22835ae8ec	fix: Incorrect interpretation of 5.5.4 (cherry picked from commit `28f258fc8c`)	2025-11-16 20:05:57 +00:00
nexy7574	cc4852076f	fix: Inverted creatorship check (cherry picked from commit `8b3acfd770`)	2025-11-16 20:05:56 +00:00
nexy7574	94507285d8	fix: Don't check restricted join rules for invite joins (cherry picked from commit `a581e8de01`)	2025-11-16 20:05:56 +00:00
nexy7574	138bbf23df	fix: Weird re-application of partially resolved state (cherry picked from commit `7c74db5e74`)	2025-11-16 20:05:56 +00:00
nexy7574	3aaecb0c5c	fix: Unbans and kicks incorrectly checked creatorship in !v12 (cherry picked from commit `b17b4235f3`)	2025-11-16 20:05:56 +00:00
timedout	1c430c0fd4	fix: Policy server calls use the correct JSON object (#1126 ) Fixes #1060 Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1126 Reviewed-by: Jacob Taylor <aranjedeath@noreply.forgejo.ellis.link> Co-authored-by: timedout <git@nexy7574.co.uk> Co-committed-by: timedout <git@nexy7574.co.uk> (cherry picked from commit `26b700bf51`)	2025-11-16 20:05:56 +00:00
nexy7574	93966e4d78	fix(stateres): Creators can always unban Also basically rewrote all of the event auth logs to be more digestable (cherry picked from commit `d614e43981`)	2025-11-16 20:05:56 +00:00
Jade Ellis	fa3424eb2e	fix(v12): Create tombstone event on room upgrade (cherry picked from commit `ef84e1bb02`)	2025-11-16 20:05:56 +00:00
nexy7574	9092e5f69f	fix: V12 room upgrades (cherry picked from commit `1887d58df8`)	2025-11-16 20:05:55 +00:00
nexy7574	bbd1316b80	fix(stateres): Correctly fetch missing auth events for incoming PDUs (cherry picked from commit `c66f6f8900`)	2025-11-16 20:05:55 +00:00
Ginger	209601a8ea	fix: Fix panic in debug builds caused by MSC4133 migration (cherry picked from commit `902fe7b7ab`)	2025-11-16 20:05:55 +00:00
Ginger	4182a67df2	feat: Advertise support for MSC4155 (cherry picked from commit `92d74c293e`)	2025-11-16 20:05:55 +00:00
nexy7574	b70470fa71	fix: Event filters all non-state events	2025-09-21 20:10:36 +01:00
nexy7574	703d6a2075	chore: Bump version to rc.8	2025-09-21 18:17:24 +01:00
Savyasachee Jha	5b75e21810	Update resolv-conf to upstream 0.7.5	2025-09-21 17:13:38 +00:00
Ginger	13b7538785	Add support for MSC4155 (#1013 ) [rendered msc here](https://github.com/Johennes/matrix-spec-proposals/blob/johannes/invite-filtering/proposals/4155-invite-filtering.md). Closes #836. Co-authored-by: nexy7574 <git@nexy7574.co.uk> Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/1013 Reviewed-by: nex <nex@noreply.forgejo.ellis.link> Co-authored-by: Ginger <ginger@gingershaped.computer> Co-committed-by: Ginger <ginger@gingershaped.computer>	2025-09-21 17:03:40 +00:00
Renovate Bot	9745bcba1c	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.121.4	2025-09-21 05:02:02 +00:00
nexy7574	c9c79fbea6	fix: Fix restricted join rules inconsistencies	2025-09-20 21:07:13 +00:00
nexy7574	92e9802340	style: Tidy up 1054	2025-09-20 21:07:00 +00:00
nexy7574	1d80b7ce0c	fix: Don't perform local join when there's no remote servers	2025-09-20 21:07:00 +00:00
Jade	563b6d4b30	fix: Update debug assertion with new serde type location Fixes !1052	2025-09-20 18:04:16 +00:00
Renovate Bot	e86fc6d9f8	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.119.5	2025-09-20 05:03:27 +00:00
Renovate Bot	13adea6498	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.118.1	2025-09-19 10:31:58 +00:00
Renovate Bot	17d0bb6cf6	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.117.0	2025-09-18 21:06:35 +00:00
Renovate Bot	6dc5051fa6	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.116.10	2025-09-18 19:26:39 +00:00
Renovate Bot	3034c03ad1	chore(deps): update ghcr.io/renovatebot/renovate docker tag to v41.116.8	2025-09-18 13:36:19 +00:00
Renovate Bot	fa6f549d39	chore(deps): lock file maintenance	2025-09-18 13:32:26 +00:00
Renovate Bot	999217b0f6	chore(deps): update dependency cargo-bins/cargo-binstall to v1.15.5	2025-09-18 13:31:48 +00:00
Renovate Bot	74fccff2cc	chore(deps): update github-actions-non-major	2025-09-18 13:31:19 +00:00
Shuroii	7a56a2462c	fix(ci): Use github env namespace as forgejo is still unsupported	2025-09-18 13:30:50 +00:00
Ginger	458811f241	fix: Fix nexy's very accurate and not-at-all busted fix to my fix	2025-09-17 20:04:50 -04:00
nexy7574	0672ce5b88	style: Fix clippy lint errors	2025-09-17 23:54:09 +01:00
Ginger	7f287c7880	fix: Use a database migration to fix corrupted `us.cloke.msc4175.tz` fields (cherry picked from commit 4a893ce4cc81487bcf324dccefd8184ddef5b215)	2025-09-17 23:14:07 +01:00
Shuroii	9142978a15	fix: Fully qualify action This fixes an issue where Forgejo tries to look for code.forgejo.org for the action despite it not being available.	2025-09-17 21:37:50 +00:00
Shuroii	a8eb9c47f8	feat(ci): Add a workflow to update flake hashes This workflow is intended to be ran as dispatch whenever the rocksdb fork changes! Other than that, it'll run on any toolchain changes (rust-toolchain.toml, Cargo.lock, Cargo.toml) and update the relevant hash accordingly.	2025-09-17 21:37:50 +00:00
nexy7574	9f18cf667a	chore: Temporarily disable bad tests	2025-09-17 22:25:04 +01:00
nexy7574	7e4071c117	Implement room v12 (#943 ) Does not yet work! Currently, state resolution does not correctly resolve conflicting states. Everything else appears to work as expected, so stateres will be fixed soon, then we should be clear for takeoff. Also: a lot of things currently accept a nullable room ID that really just don't need to. This will need tidying up before merge. Some authentication checks have also been disabled temporarily but nothing important. A lot of things are tagged with `TODO(hydra)`, those need resolving before merge. External contributors should PR to the `hydra/public` branch, not ` main`. --- This PR should be squash merged. Reviewed-on: https://forgejo.ellis.link/continuwuation/continuwuity/pulls/943 Co-authored-by: nexy7574 <git@nexy7574.co.uk> Co-committed-by: nexy7574 <git@nexy7574.co.uk>	2025-09-17 20:46:03 +00:00