Context
During the Matrix prefs investigation, the local DB showed the destructive event as source = sync with tx_id = null. That proves the connected client received the write from sync, but it does not identify which client, browser origin/profile, app build, or extension version produced the bad upload.
Problem
For replicated/background writes, the current local event trail answers "not this client" but not "which client/build did this." That makes cross-device sync bugs hard to attribute, especially when a stale local row or preview build writes a full properties_json payload.
Proposal
Add non-secret origin metadata to uploaded command/write batches and preserve it in local diagnostics after sync materialization.
Useful fields could include:
- stable per-install/client id
- browser/profile/origin identifier where available
- app build id/version/git SHA
- extension source block id and source hash for extension-authored writes, where applicable
- bridge/profile id for agent-authored writes, where applicable
- upload timestamp / local tx id correlation that survives through server echo
Acceptance criteria
- A future
row_events.source = sync record can be traced to an origin client/build without reading local secret stores.
- Metadata is available in diagnostics/SQL for investigations, but does not expose tokens, localStorage secrets, or user content beyond existing event snapshots.
- The implementation covers normal app writes, plugin/effect writes, and agent bridge writes.
- Tests verify metadata is attached on upload and visible after sync materialization.
Notes
This is observability/debuggability work. It would not have prevented the Matrix prefs clobber, but it would have made the responsible client/build much easier to identify.
Context
During the Matrix prefs investigation, the local DB showed the destructive event as
source = syncwithtx_id = null. That proves the connected client received the write from sync, but it does not identify which client, browser origin/profile, app build, or extension version produced the bad upload.Problem
For replicated/background writes, the current local event trail answers "not this client" but not "which client/build did this." That makes cross-device sync bugs hard to attribute, especially when a stale local row or preview build writes a full
properties_jsonpayload.Proposal
Add non-secret origin metadata to uploaded command/write batches and preserve it in local diagnostics after sync materialization.
Useful fields could include:
Acceptance criteria
row_events.source = syncrecord can be traced to an origin client/build without reading local secret stores.Notes
This is observability/debuggability work. It would not have prevented the Matrix prefs clobber, but it would have made the responsible client/build much easier to identify.