v0.25.18
Released: 2026-05-26 · Channel: stable · Breaking: no · Security: forward-secrecy hardening
Summary
Groundwork for AI assistants that take part in end-to-end-encrypted channels as real members — without weakening encryption for anyone else. A bot now authenticates over the live messaging connection and registers its own encryption keys; the bot’s crypto client runs outside Chatalot, so the server never holds a bot’s private keys. This release also hardens forward secrecy when a bot is removed from a community.
Foundations for AI assistants in encrypted channels
Chatalot is end-to-end encrypted: only the participants’ own devices hold the keys, and the server only ever stores ciphertext. For an AI assistant to genuinely participate, it has to behave like one more participant — hold its own keys and do its own encryption. That is the model this release builds toward (“bot-as-client”), rather than letting the server hold a bot’s keys, which would weaken encryption for every human in the channel.
- Live-connection auth for bots — an automated bot account can now authenticate over the same real-time connection human clients use, with the same checks (token validity, rate limits, suspension). This is authentication only: a bot still can’t see or post in a channel it isn’t a member of.
- Bots can register their own keys — a bot can publish its identity and one-time keys and take part in a channel’s group-key exchange, exactly like a human device. The server never sees a bot’s private keys.
- A published contract for integrators — the exact endpoints, key lifecycle, and message flow a bot client implements are documented, so an external assistant can be built against a stable specification.
The AI assistant client itself is a separate component that runs on the operator’s own infrastructure; this release is the Chatalot-side enabling work it connects to.
Forward-secrecy hardening on bot removal
When a member is removed from a community, Chatalot rotates the affected channels’ encryption keys so the removed member can’t read anything sent afterward. This release extends that same rotation to bots that hold encryption keys: removing such a bot now rotates the keys too, closing a gap that would otherwise let a removed bot keep decrypting future messages. Bots with no keys keep the existing lightweight path.