Merge branch 'main' into ref-merge/24a277bd654dfff260e966ccf523fc0216dbdd1c

.cargo/config.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [build]
 rustflags = ["--cfg", "tokio_unstable"]
 

.codecov.yml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 comment: false
 
 flag_management:

.config/nextest.toml

@@ -1,2 +1,7 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [profile.default]
 retries = 1

.devcontainer/.env

@@ -1 +0,0 @@
-MAS_OAUTH2_ISSUER="https://${CODESPACE_NAME}-8080.githubpreview.dev/"

.devcontainer/Dockerfile

@@ -1,10 +0,0 @@
-FROM mcr.microsoft.com/vscode/devcontainers/rust:0-1
-
-RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-     && apt-get -y install --no-install-recommends postgresql-client
-
-COPY .env /.env
-
-# TODO: pre-build custom images, those take too much time
-#RUN cargo install sqlx-cli --no-default-features --features postgres
-#RUN cargo install cargo-edit

.devcontainer/devcontainer.json

@@ -1,40 +0,0 @@
-{
-	"name": "Rust",
-	"dockerComposeFile": "docker-compose.yml",
-	"service": "app",
-	"workspaceFolder": "/workspace",
-
-	"postCreateCommand": "SQLX_OFFLINE=1 cargo run -- database migrate",
-	"settings": { 
-		"lldb.executable": "/usr/bin/lldb",
-		"sqltools.connections": [{
-			"name": "Container database",
-			"driver": "PostgreSQL",
-			"previewLimit": 50,
-			"server": "localhost",
-			"port": 5432,
-			"database": "postgres",
-			"username": "postgres",
-			"password": "postgres"
-		}],
-		"files.watcherExclude": {
-			"**/target/**": true
-		}
-	},
-
-	"forwardPorts": [8080],
-	"portsAttributes": {
-		"8080": {
-			"label": "Application"
-		}
-	},
-
-	"extensions": [
-		"bungcip.better-toml",
-		"vadimcn.vscode-lldb",
-		"mutantdino.resourcemonitor",
-		"matklad.rust-analyzer",
-		"mtxr.sqltools",
-		"mtxr.sqltools-driver-pg"
-	]
-}

.devcontainer/docker-compose.yml

@@ -1,34 +0,0 @@
-version: '3'
-
-services:
-  app:
-    build: 
-      context: .
-      dockerfile: Dockerfile
-    volumes:
-      - ..:/workspace:cached
-
-    environment: 
-      # FIXME: sqlx-cli and the app use different URIs
-      DATABASE_URL: postgresql://postgres:postgres@localhost/postgres
-      MAS_DATABASE_URI: postgresql://postgres:postgres@localhost/postgres
-      MAS_COOKIES_SECRET: a093e76c2ddc87d9de7afc1f9059d60a12176b2cdf8966029c00bc2146518a61
-      
-    # Overrides default command so things don't shut down after the process ends.
-    command: sleep infinity
-
-    # Runs app on the same network as the database container, allows "forwardPorts" in devcontainer.json function.
-    network_mode: service:db
-
-  db:
-    image: postgres:latest
-    restart: unless-stopped
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_USER: postgres
-      POSTGRES_DB: postgres
-
-volumes:
-  postgres-data:

.dockerignore

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 target/
 crates/*/target
 crates/*/node_modules

.editorconfig

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 root = true
 
 [*]

.gitattributes

@@ -1 +0,0 @@
-*.wasm binary

.github/actions/build-frontend/action.yml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Build the frontend assets
 description: Installs Node.js and builds the frontend assets from the frontend directory
 
@@ -7,7 +12,7 @@ runs:
     - name: Install Node
       uses: actions/setup-node@v4.2.0
       with:
-        node-version: '22'
+        node-version: "22"
 
     - name: Install dependencies
       run: npm ci

.github/actions/build-policies/action.yml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Build the Open Policy Agent policies
 description: Installs OPA and builds the policies
 

.github/dependabot.yml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 version: 2
 updates:
   - package-ecosystem: "cargo"

.github/release.yml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 changelog:
   categories:
     - title: Bug Fixes

.github/scripts/.gitignore

@@ -1,2 +1,7 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 node_modules/
 package-lock.json

.github/scripts/cleanup-pr.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/commit-and-tag.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/create-release-branch.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/create-version-tag.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/merge-back.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/update-release-branch.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/scripts/update-unstable-tag.cjs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 // @ts-check
 

.github/workflows/build.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Build
 
 on:
@@ -322,7 +327,7 @@ jobs:
           merge-multiple: true
 
       - name: Prepare a release
-        uses: softprops/action-gh-release@v2.2.2
+        uses: softprops/action-gh-release@v2.3.2
         with:
           generate_release_notes: true
           body: |
@@ -391,7 +396,7 @@ jobs:
             await script({ core, github, context });
 
       - name: Update unstable release
-        uses: softprops/action-gh-release@v2.2.2
+        uses: softprops/action-gh-release@v2.3.2
         with:
           name: "Unstable build"
           tag_name: unstable

.github/workflows/ci.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: CI
 
 on:

.github/workflows/coverage.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Coverage
 
 on:

.github/workflows/docs.yaml

@@ -1,10 +1,15 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Build and deploy the documentation
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/merge-back.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Merge back a reference to main
 on:
   workflow_call:

.github/workflows/release-branch.yaml

@@ -1,10 +1,24 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Create a new release branch
 on:
   workflow_dispatch:
+    inputs:
+      kind:
+        description: Kind of release (major = v1.2.3 -> v2.0.0-rc.0, minor = v1.2.3 -> v1.3.0-rc.0)
+        required: true
+        type: choice
+        default: minor
+        options:
+          - major
+          - minor
 
 jobs:
   compute-version:
-    name: Compute the next minor RC version
+    name: Compute the next ${{ inputs.kind }} RC version
     runs-on: ubuntu-24.04
 
     permissions:
@@ -27,9 +41,11 @@ jobs:
 
       - name: Compute the new minor RC
         id: next
+        env:
+          BUMP: pre${{ inputs.kind }}
         run: |
           CURRENT_VERSION="$(cargo metadata --format-version 1 --no-deps | jq -r '.packages[] | select(.name == "mas-cli") | .version')"
-          NEXT_VERSION="$(npx --yes semver@7.5.4 -i preminor --preid rc "${CURRENT_VERSION}")"
+          NEXT_VERSION="$(npx --yes semver@7.5.4 -i "$BUMP" --preid rc "${CURRENT_VERSION}")"
           # compute the short minor version, e.g. 0.1.0-rc.1 -> 0.1
           SHORT_VERSION="$(echo "${NEXT_VERSION}" | cut -d. -f1-2)"
           echo "full=${NEXT_VERSION}" >> "$GITHUB_OUTPUT"

.github/workflows/release-bump.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Bump the version on a release branch
 on:
   workflow_dispatch:

.github/workflows/tag.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Tag a new version
 on:
   workflow_call:

.github/workflows/translations-download.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Download translation files from Localazy
 on:
   workflow_dispatch:

.github/workflows/translations-upload.yaml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 name: Upload translation files to Localazy
 on:
   push:

.gitignore

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 # Rust
 target/
 

.rustfmt.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 max_width = 100
 comment_width = 80
 wrap_comments = true

CONTRIBUTING.md

@@ -2,60 +2,4 @@
 
 Thank you for taking the time to contribute to Matrix!
 
-This is the repository for MAS (Matrix Authentication Service), an OAuth 2.0 and OpenID Provider server for Matrix.
-
 Please see the [contributors' guide](https://element-hq.github.io/matrix-authentication-service/development/contributing.html) in our rendered documentation.
-
-## Sign off
-
-We ask that everybody who contributes to this project signs off their contributions, as explained below.
-
-We follow a simple 'inbound=outbound' model for contributions: the act of submitting an 'inbound' contribution means that the contributor agrees to license their contribution under the same terms as the project's overall 'outbound' license - in our case, this is Apache Software License v2 (see [LICENSE](./LICENSE)).
-
-In order to have a concrete record that your contribution is intentional and you agree to license it under the same terms as the project's license, we've adopted the same lightweight approach used by the [Linux Kernel](https://www.kernel.org/doc/html/latest/process/submitting-patches.html), [Docker](https://github.com/docker/docker/blob/master/CONTRIBUTING.md), and many other projects: the [Developer Certificate of Origin](https://developercertificate.org/) (DCO). This is a simple declaration that you wrote the contribution or otherwise have the right to contribute it to Matrix:
-
-```
-Developer Certificate of Origin
-Version 1.1
-
-Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-660 York Street, Suite 102,
-San Francisco, CA 94110 USA
-
-Everyone is permitted to copy and distribute verbatim copies of this
-license document, but changing it is not allowed.
-
-Developer's Certificate of Origin 1.1
-
-By making a contribution to this project, I certify that:
-
-(a) The contribution was created in whole or in part by me and I
-    have the right to submit it under the open source license
-    indicated in the file; or
-
-(b) The contribution is based upon previous work that, to the best
-    of my knowledge, is covered under an appropriate open source
-    license and I have the right under that license to submit that
-    work with modifications, whether created in whole or in part
-    by me, under the same open source license (unless I am
-    permitted to submit under a different license), as indicated
-    in the file; or
-
-(c) The contribution was provided directly to me by some other
-    person who certified (a), (b) or (c) and I have not modified
-    it.
-
-(d) I understand and agree that this project and the contribution
-    are public and that a record of the contribution (including all
-    personal information I submit with it, including my sign-off) is
-    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
-```
-
-If you agree to this for your contribution, then all that's needed is to include the line in your commit or pull request comment:
-
-```
-Signed-off-by: Your Name <your@email.example.org>
-```
-
-Git allows you to add this signoff automatically when using the `-s` flag to `git commit`, which uses the name and email set in your `user.name` and `user.email` git configs.

Cargo.lock

@@ -998,9 +998,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.39"
+version = "4.5.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd60e63e9be68e5fb56422e397cf9baddded06dae1d2e523401542383bc72a9f"
+checksum = "40b6887a1d8685cebccf115538db5c0efe625ccac9696ad45c409d96566e910f"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -1008,9 +1008,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.39"
+version = "4.5.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89cc6392a1f72bbeb820d71f32108f61fdaf18bc526e1d23954168a67759ef51"
+checksum = "e0c66c08ce9f0c698cbce5c0279d0bb6ac936d8674174fe48f736533b964f59e"
 dependencies = [
  "anstream",
  "anstyle",
@@ -1020,9 +1020,9 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.5.32"
+version = "4.5.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09176aae279615badda0765c0c0b3f6ed53f4709118af73cf4655d85d1530cd7"
+checksum = "d2c7947ae4cc3d851207c1adb5b5e260ff0cca11446b1d6d1423788e442257ce"
 dependencies = [
  "heck 0.5.0",
  "proc-macro2",
@@ -3364,7 +3364,6 @@ dependencies = [
  "sha2",
  "sqlx",
  "thiserror 2.0.12",
- "time",
  "tokio",
  "tokio-util",
  "tower",
@@ -4750,9 +4749,9 @@ dependencies = [
 
 [[package]]
 name = "psl"
-version = "2.1.119"
+version = "2.1.120"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0e49aa528239f2ca13ad87387977c208e59c3fb8c437609f95f1b3898ec6ef1"
+checksum = "bc02eae5cf5475af3fde3792e68ff74eb8625638fcaa8f1ffb91b7b98bfae4a5"
 dependencies = [
  "psl-types",
 ]
@@ -4785,9 +4784,9 @@ dependencies = [
 
 [[package]]
 name = "quanta"
-version = "0.12.5"
+version = "0.12.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3bd1fe6824cea6538803de3ff1bc0cf3949024db3d43c9643024bfb33a807c0e"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
 dependencies = [
  "crossbeam-utils",
  "libc",
@@ -5031,9 +5030,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.19"
+version = "0.12.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2f8e5513d63f2e5b386eb5106dc67eaf3f84e95258e210489136b8b92ad6119"
+checksum = "eabf4c97d9130e2bf606614eb937e86edac8292eaa6f422f995d7e8de1eb1813"
 dependencies = [
  "base64",
  "bytes",
@@ -5048,11 +5047,9 @@ dependencies = [
  "hyper",
  "hyper-rustls",
  "hyper-util",
- "ipnet",
  "js-sys",
  "log",
  "mime",
- "once_cell",
  "percent-encoding",
  "pin-project-lite",
  "quinn",
@@ -5064,7 +5061,6 @@ dependencies = [
  "sync_wrapper",
  "tokio",
  "tokio-rustls",
- "tokio-socks",
  "tower",
  "tower-http",
  "tower-service",
@@ -6427,18 +6423,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-socks"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0d4770b8024672c1101b3f6733eab95b18007dbe0847a8afe341fcf79e06043f"
-dependencies = [
- "either",
- "futures-util",
- "thiserror 1.0.69",
- "tokio",
-]
-
 [[package]]
 name = "tokio-stream"
 version = "0.1.17"

Cargo.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [workspace]
 default-members = ["crates/cli"]
 members = ["crates/*"]
@@ -5,11 +10,12 @@ resolver = "2"
 
 # Updated in the CI with a `sed` command
 package.version = "0.17.0"
-package.license = "AGPL-3.0-only"
+package.license = "AGPL-3.0-only OR LicenseRef-Element-Commercial"
 package.authors = ["Element Backend Team"]
 package.edition = "2024"
 package.homepage = "https://element-hq.github.io/matrix-authentication-service/"
 package.repository = "https://github.com/element-hq/matrix-authentication-service/"
+package.publish = false
 
 [workspace.lints.rust]
 unsafe_code = "deny"
@@ -83,6 +89,10 @@ version = "0.1.88"
 [workspace.dependencies.anyhow]
 version = "1.0.98"
 
+# Assert that a value matches a pattern
+[workspace.dependencies.assert_matches]
+version = "1.5.0"
+
 # HTTP router
 [workspace.dependencies.axum]
 version = "0.8.4"
@@ -92,9 +102,29 @@ version = "0.8.4"
 version = "0.10.1"
 features = ["cookie-private", "cookie-key-expansion", "typed-header"]
 
+# Axum macros
+[workspace.dependencies.axum-macros]
+version = "0.5.0"
+
+# AEAD (Authenticated Encryption with Associated Data)
+[workspace.dependencies.aead]
+version = "0.5.2"
+features = ["std"]
+
+# Argon2 password hashing
+[workspace.dependencies.argon2]
+version = "0.5.3"
+features = ["password-hash", "std"]
+
 # Constant-time base64
 [workspace.dependencies.base64ct]
 version = "1.8.0"
+features = ["std"]
+
+# Bcrypt password hashing
+[workspace.dependencies.bcrypt]
+version = "0.17.0"
+default-features = true
 
 # Packed bitfields
 [workspace.dependencies.bitflags]
@@ -107,6 +137,12 @@ version = "1.10.1"
 # UTF-8 paths
 [workspace.dependencies.camino]
 version = "1.1.10"
+features = ["serde1"]
+
+# ChaCha20Poly1305 AEAD
+[workspace.dependencies.chacha20poly1305]
+version = "0.10.1"
+features = ["std"]
 
 # Memory optimisation for short strings
 [workspace.dependencies.compact_str]
@@ -116,6 +152,12 @@ version = "0.9.0"
 [workspace.dependencies.console]
 version = "0.15.11"
 
+# Cookie store
+[workspace.dependencies.cookie_store]
+version = "0.21.1"
+default-features = false
+features = ["serde_json"]
+
 # Time utilities
 [workspace.dependencies.chrono]
 version = "0.4.41"
@@ -124,13 +166,54 @@ features = ["serde", "clock"]
 
 # CLI argument parsing
 [workspace.dependencies.clap]
-version = "4.5.39"
+version = "4.5.40"
 features = ["derive"]
 
+# Object Identifiers (OIDs) as constants
+[workspace.dependencies.const-oid]
+version = "0.9.6"
+features = ["std"]
+
+# Utility for converting between different cases
+[workspace.dependencies.convert_case]
+version = "0.8.0"
+
+# CRC calculation
+[workspace.dependencies.crc]
+version = "3.3.0"
+
 # Cron expressions
 [workspace.dependencies.cron]
 version = "0.15.0"
 
+# CSV parsing and writing
+[workspace.dependencies.csv]
+version = "1.3.1"
+
+# DER encoding
+[workspace.dependencies.der]
+version = "0.7.10"
+features = ["std"]
+
+# Interactive CLI dialogs
+[workspace.dependencies.dialoguer]
+version = "0.11.0"
+default-features = false
+features = ["fuzzy-select", "password"]
+
+# Cryptographic digest algorithms
+[workspace.dependencies.digest]
+version = "0.10.7"
+
+# Load environment variables from .env files
+[workspace.dependencies.dotenvy]
+version = "0.15.7"
+
+# ECDSA algorithms
+[workspace.dependencies.ecdsa]
+version = "0.16.9"
+features = ["signing", "verifying"]
+
 # Elliptic curve cryptography
 [workspace.dependencies.elliptic-curve]
 version = "0.13.8"
@@ -141,16 +224,28 @@ features = ["std", "pem", "sec1"]
 version = "0.10.19"
 features = ["env", "yaml", "test"]
 
+# URL form encoding
+[workspace.dependencies.form_urlencoded]
+version = "1.2.1"
+
 # Utilities for dealing with futures
 [workspace.dependencies.futures-util]
 version = "0.3.31"
 
+# Fixed-size arrays with trait implementations
+[workspace.dependencies.generic-array]
+version = "0.14.7"
+
 # Rate-limiting
 [workspace.dependencies.governor]
 version = "0.10.0"
 default-features = false
 features = ["std", "dashmap", "quanta"]
 
+# HMAC calculation
+[workspace.dependencies.hmac]
+version = "0.12.1"
+
 # HTTP headers
 [workspace.dependencies.headers]
 version = "0.4.1"
@@ -174,7 +269,7 @@ version = "0.1.3"
 # HTTP client and server
 [workspace.dependencies.hyper]
 version = "1.6.0"
-features = ["client", "http1", "http2"]
+features = ["client", "server", "http1", "http2"]
 
 # Additional Hyper utilties
 [workspace.dependencies.hyper-util]
@@ -195,16 +290,67 @@ version = "0.27.7"
 features = ["http1", "http2"]
 default-features = false
 
+# ICU libraries for internationalization
+[workspace.dependencies.icu_calendar]
+version = "1.5.2"
+features = ["compiled_data", "std"]
+[workspace.dependencies.icu_datetime]
+version = "1.5.1"
+features = ["compiled_data", "std"]
+[workspace.dependencies.icu_experimental]
+version = "0.1.0"
+features = ["compiled_data", "std"]
+[workspace.dependencies.icu_locid]
+version = "1.5.0"
+features = ["std"]
+[workspace.dependencies.icu_locid_transform]
+version = "1.5.0"
+features = ["compiled_data", "std"]
+[workspace.dependencies.icu_normalizer]
+version = "1.5.0"
+[workspace.dependencies.icu_plurals]
+version = "1.5.0"
+features = ["compiled_data", "std"]
+[workspace.dependencies.icu_provider]
+version = "1.5.0"
+features = ["std", "sync"]
+[workspace.dependencies.icu_provider_adapters]
+version = "1.5.0"
+features = ["std"]
+
 # HashMap which preserves insertion order
 [workspace.dependencies.indexmap]
 version = "2.9.0"
 features = ["serde"]
 
+# Indented string literals
+[workspace.dependencies.indoc]
+version = "2.0.6"
+
 # Snapshot testing
 [workspace.dependencies.insta]
 version = "1.43.1"
 features = ["yaml", "json"]
 
+# IP network address types
+[workspace.dependencies.ipnetwork]
+version = "0.20.0"
+features = ["serde", "schemars"]
+
+# Iterator utilities
+[workspace.dependencies.itertools]
+version = "0.14.0"
+
+# K256 elliptic curve
+[workspace.dependencies.k256]
+version = "0.13.4"
+features = ["std"]
+
+# RFC 5646 language tags
+[workspace.dependencies.language-tags]
+version = "0.3.2"
+features = ["serde"]
+
 # Email sending
 [workspace.dependencies.lettre]
 version = "0.11.15"
@@ -219,6 +365,14 @@ features = [
     "sendmail-transport",
 ]
 
+# Listening on passed FDs
+[workspace.dependencies.listenfd]
+version = "1.0.2"
+
+# MIME type support
+[workspace.dependencies.mime]
+version = "0.3.17"
+
 # Templates
 [workspace.dependencies.minijinja]
 version = "2.10.2"
@@ -233,10 +387,43 @@ features = ["pycompat"]
 [workspace.dependencies.nonzero_ext]
 version = "0.3.0"
 
-# K256 elliptic curve
-[workspace.dependencies.k256]
-version = "0.13.4"
-features = ["std"]
+# Open Policy Agent support through WASM
+[workspace.dependencies.opa-wasm]
+version = "0.1.5"
+
+# OpenTelemetry
+[workspace.dependencies.opentelemetry]
+version = "0.29.1"
+features = ["trace", "metrics"]
+[workspace.dependencies.opentelemetry-http]
+version = "0.29.0"
+features = ["reqwest"]
+[workspace.dependencies.opentelemetry-jaeger-propagator]
+version = "0.29.0"
+[workspace.dependencies.opentelemetry-otlp]
+version = "0.29.0"
+default-features = false
+features = ["trace", "metrics", "http-proto"]
+[workspace.dependencies.opentelemetry-prometheus]
+version = "0.29.1"
+[workspace.dependencies.opentelemetry-resource-detectors]
+version = "0.8.0"
+[workspace.dependencies.opentelemetry-semantic-conventions]
+version = "0.29.0"
+features = ["semconv_experimental"]
+[workspace.dependencies.opentelemetry-stdout]
+version = "0.29.0"
+features = ["trace", "metrics"]
+[workspace.dependencies.opentelemetry_sdk]
+version = "0.29.0"
+features = [
+    "experimental_trace_batch_span_processor_with_async_runtime",
+    "experimental_metrics_periodicreader_with_async_runtime",
+    "rt-tokio",
+]
+[workspace.dependencies.tracing-opentelemetry]
+version = "0.30.0"
+default-features = false
 
 # P256 elliptic curve
 [workspace.dependencies.p256]
@@ -248,11 +435,28 @@ features = ["std"]
 version = "0.13.1"
 features = ["std"]
 
-# PEM file decoding
+# Text padding utilities
+[workspace.dependencies.pad]
+version = "0.1.6"
+
+# PBKDF2 password hashing
+[workspace.dependencies.pbkdf2]
+version = "0.12.2"
+features = ["password-hash", "std", "simple", "parallel"]
+
+# PEM encoding/decoding
 [workspace.dependencies.pem-rfc7468]
 version = "0.7.0"
 features = ["std"]
 
+# Parser generator
+[workspace.dependencies.pest]
+version = "2.8.0"
+
+# Pest derive macros
+[workspace.dependencies.pest_derive]
+version = "2.8.0"
+
 # Pin projection
 [workspace.dependencies.pin-project-lite]
 version = "0.2.16"
@@ -267,9 +471,17 @@ features = ["std"]
 version = "0.10.2"
 features = ["std", "pkcs5", "encryption"]
 
+# Public Suffix List
+[workspace.dependencies.psl]
+version = "2.1.120"
+
+# Prometheus metrics
+[workspace.dependencies.prometheus]
+version = "0.14.0"
+
 # High-precision clock
 [workspace.dependencies.quanta]
-version = "0.12.5"
+version = "0.12.6"
 
 # Random values
 [workspace.dependencies.rand]
@@ -279,12 +491,25 @@ version = "0.3.1"
 [workspace.dependencies.rand_core]
 version = "0.6.4"
 
+# Regular expressions
+[workspace.dependencies.regex]
+version = "1.11.1"
+
 # High-level HTTP client
 [workspace.dependencies.reqwest]
-version = "0.12.19"
+version = "0.12.20"
 default-features = false
 features = ["http2", "rustls-tls-manual-roots", "charset", "json", "socks"]
 
+# RSA cryptography
+[workspace.dependencies.rsa]
+version = "0.9.8"
+features = ["std", "pem"]
+
+# Fast hash algorithm for HashMap
+[workspace.dependencies.rustc-hash]
+version = "2.1.1"
+
 # Matrix-related types
 [workspace.dependencies.ruma-common]
 version = "0.15.2"
@@ -293,19 +518,31 @@ version = "0.15.2"
 [workspace.dependencies.rustls]
 version = "0.23.27"
 
+# PEM parsing for rustls
+[workspace.dependencies.rustls-pemfile]
+version = "2.2.0"
+
+# PKI types for rustls
+[workspace.dependencies.rustls-pki-types]
+version = "1.12.0"
+
 # Use platform-specific verifier for TLS
 [workspace.dependencies.rustls-platform-verifier]
 version = "0.5.3"
 
+# systemd service status notification
+[workspace.dependencies.sd-notify]
+version = "0.4.5"
+
 # JSON Schema generation
 [workspace.dependencies.schemars]
 version = "0.8.22"
 features = ["url", "chrono", "preserve_order"]
 
-# SHA-2 cryptographic hash algorithm
-[workspace.dependencies.sha2]
-version = "0.10.9"
-features = ["oid"]
+# SEC1 encoding format
+[workspace.dependencies.sec1]
+version = "0.7.3"
+features = ["std"]
 
 # Query builder
 [workspace.dependencies.sea-query]
@@ -348,6 +585,37 @@ features = ["derive"] # Most of the time, if we need serde, we need derive
 version = "1.0.140"
 features = ["preserve_order"]
 
+# URL encoded form serialization
+[workspace.dependencies.serde_urlencoded]
+version = "0.7.1"
+
+# Custom serialization helpers
+[workspace.dependencies.serde_with]
+version = "3.12.0"
+features = ["hex", "chrono"]
+
+# YAML serialization
+[workspace.dependencies.serde_yaml]
+version = "0.9.34"
+
+# SHA-2 cryptographic hash algorithm
+[workspace.dependencies.sha2]
+version = "0.10.9"
+features = ["oid"]
+
+# Digital signature traits
+[workspace.dependencies.signature]
+version = "2.2.0"
+
+# Low-level socket manipulation
+[workspace.dependencies.socket2]
+version = "0.5.10"
+
+# Subject Public Key Info
+[workspace.dependencies.spki]
+version = "0.7.3"
+features = ["std"]
+
 # SQL database support
 [workspace.dependencies.sqlx]
 version = "0.8.6"
@@ -377,6 +645,14 @@ features = ["full"]
 [workspace.dependencies.tokio-stream]
 version = "0.1.17"
 
+# Tokio rustls integration
+[workspace.dependencies.tokio-rustls]
+version = "0.26.2"
+
+# Tokio test utilities
+[workspace.dependencies.tokio-test]
+version = "0.4.4"
+
 # Useful async utilities
 [workspace.dependencies.tokio-util]
 version = "0.7.15"
@@ -405,67 +681,61 @@ features = ["cors", "fs", "add-extension", "set-header"]
 version = "0.1.41"
 [workspace.dependencies.tracing-subscriber]
 version = "0.3.19"
-
-# OpenTelemetry
-[workspace.dependencies.opentelemetry]
-version = "0.29.1"
-features = ["trace", "metrics"]
-
-[workspace.dependencies.opentelemetry-http]
-version = "0.29.0"
-features = ["reqwest"]
-
-[workspace.dependencies.opentelemetry-jaeger-propagator]
-version = "0.29.0"
-
-[workspace.dependencies.opentelemetry-otlp]
-version = "0.29.0"
-default-features = false
-features = ["trace", "metrics", "http-proto"]
-
-[workspace.dependencies.opentelemetry-prometheus]
-version = "0.29.1"
-
-[workspace.dependencies.opentelemetry-resource-detectors]
-version = "0.8.0"
-
-[workspace.dependencies.opentelemetry-semantic-conventions]
-version = "0.29.0"
-features = ["semconv_experimental"]
-
-[workspace.dependencies.opentelemetry-stdout]
-version = "0.29.0"
-features = ["trace", "metrics"]
-
-[workspace.dependencies.opentelemetry_sdk]
-version = "0.29.0"
-features = [
-    "experimental_trace_batch_span_processor_with_async_runtime",
-    "experimental_metrics_periodicreader_with_async_runtime",
-    "rt-tokio",
-]
-
-[workspace.dependencies.tracing-opentelemetry]
-version = "0.30.0"
-default-features = false
-
-[workspace.dependencies.prometheus]
-version = "0.14.0"
+features = ["env-filter"]
+[workspace.dependencies.tracing-appender]
+version = "0.2.3"
 
 # URL manipulation
 [workspace.dependencies.url]
 version = "2.5.4"
 features = ["serde"]
 
+# URL encoding
+[workspace.dependencies.urlencoding]
+version = "2.1.3"
+
 # ULID support
 [workspace.dependencies.ulid]
-version = "=1.1.4"   # Pinned to the latest version which used rand 0.8
-features = ["serde"]
+version = "=1.1.4"           # Pinned to the latest version which used rand 0.8
+features = ["serde", "uuid"]
+
+# UUID support
+[workspace.dependencies.uuid]
+version = "1.17.0"
+
+# HTML escaping
+[workspace.dependencies.v_htmlescape]
+version = "0.15.8"
+
+# Version information generation
+[workspace.dependencies.vergen-gitcl]
+version = "1.0.8"
+features = ["rustc"]
+
+# Directory traversal
+[workspace.dependencies.walkdir]
+version = "2.5.0"
 
 # HTTP mock server
 [workspace.dependencies.wiremock]
 version = "0.6.3"
 
+# User-agent parser
+[workspace.dependencies.woothee]
+version = "0.13.0"
+
+# String writing interface
+[workspace.dependencies.writeable]
+version = "0.5.5"
+
+# Zero memory after use
+[workspace.dependencies.zeroize]
+version = "1.8.1"
+
+# Password strength estimation
+[workspace.dependencies.zxcvbn]
+version = "3.1.0"
+
 [profile.release]
 codegen-units = 1 # Reduce the number of codegen units to increase optimizations
 lto = true        # Enable fat LTO

Dockerfile

@@ -1,4 +1,8 @@
 # syntax = docker/dockerfile:1.7.1
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
 
 # Builds a minimal image with the binary only. It is multi-arch capable,
 # cross-building to aarch64 and x86_64. When cross-compiling, Docker sets two

LICENSE-COMMERCIAL

@@ -0,0 +1,6 @@
+Licensees holding a valid commercial license with Element may use this
+software in accordance with the terms contained in a written agreement
+between you and Element.
+
+To purchase a commercial license please contact our sales team at
+licensing@element.io

README.md

@@ -1,34 +1,41 @@
-# OAuth2.0 + OpenID Connect Provider for Matrix Homeservers
+# Matrix Authentication Service
 
-MAS (Matrix Authentication Service) is an OAuth 2.0 and OpenID Provider server for Matrix.
+MAS (Matrix Authentication Service) is a user management and authentication service for [Matrix](https://matrix.org/) homeservers, written and maintained by [Element](https://element.io/). You can directly run and manage the source code in this repository, available under an AGPL license (or alternatively under a commercial license from Element). Support is not provided by Element unless you have a subscription.
 
-It has been created to support the migration of Matrix to an OpenID Connect (OIDC) based authentication layer as per [MSC3861](https://github.com/matrix-org/matrix-doc/pull/3861).
+It has been created to support the migration of Matrix to a next-generation of auth APIs per [MSC3861](https://github.com/matrix-org/matrix-doc/pull/3861).
 
 See the [Documentation](https://element-hq.github.io/matrix-authentication-service/index.html) for information on installation and use.
 
-You can learn more about Matrix and OIDC at [areweoidcyet.com](https://areweoidcyet.com/).
+You can learn more about Matrix and next-generation auth at [areweoidcyet.com](https://areweoidcyet.com/).
 
-![Delegated OIDC architecture with MAS overview](overview.png)
+## 💬 Community room
 
-## Features
+Developers and users of Matrix Authentication Service can chat in the [#matrix-auth:matrix.org](https://matrix.to/#/#matrix-auth:matrix.org) room on Matrix.
 
-- Supported homeservers
-  - ✅ Synapse
-- Authentication methods:
-  - ✅ Upstream OIDC
-  - 🚧 Local password
-  - ‼️ [Application Services login](https://element-hq.github.io/matrix-authentication-service/as-login.html) (**Encrypted bridges**)
-- Migration support
-  - ✅ Compatibility layer for legacy Matrix authentication
-  - ✅ Advisor on migration readiness
-  - ✅ Import users from Synapse
-  - ✅ Import password hashes from Synapse
-  - ✅ Import of external subject IDs for upstream identity providers from Synapse
+## 🛠️ Installing and configuration
 
-## Upstream Identity Providers
+The best way to get a modern Element Matrix stack is through the [Element Server Suite Community Edition](https://github.com/element-hq/ess-helm), which includes MAS.
 
-MAS is known to work with the following upstream IdPs via OIDC:
+The MAS documentation describes [how to install and configure MAS](https://element-hq.github.io/matrix-authentication-service/setup/).
+We recommend using the [Docker image](https://element-hq.github.io/matrix-authentication-service/setup/installation.html#using-the-docker-image) or the [pre-built binaries](https://element-hq.github.io/matrix-authentication-service/setup/installation.html#pre-built-binaries).
 
-- [Keycloak](https://www.keycloak.org/)
-- [Dex](https://dexidp.io/)
-- [Google](https://developers.google.com/identity/openid-connect/openid-connect)
+## 📖 Translations
+
+Matrix Authentication Service is available in multiple languages.
+Anyone can contribute to translations through [Localazy](https://localazy.com/element-matrix-authentication-service/).
+
+## 🏗️ Contributing
+
+See the [contribution guidelines](https://element-hq.github.io/matrix-authentication-service/development/contributing.html) for information on how to contribute to this project.
+
+## ⚖️ Copyright & License
+
+Copyright 2024, 2025 New Vector Ltd.
+Copyright 2021-2024 The Matrix.org Foundation C.I.C.
+
+This software is dual-licensed by New Vector Ltd (Element). It can be used either:
+
+(1) for free under the terms of the GNU Affero General Public License (as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version); OR
+
+(2) under the terms of a paid-for Element Commercial License agreement between you and Element (the terms of which may vary depending on what you and Element have agreed to).
+Unless required by applicable law or agreed to in writing, software distributed under the Licenses is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the Licenses for the specific language governing permissions and limitations under the Licenses.

book.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 # Documentation for possible options in this file is at
 # https://rust-lang.github.io/mdBook/format/config.html
 [book]

clippy.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 doc-valid-idents = ["OpenID", "OAuth", "..", "PostgreSQL", "SQLite"]
 
 disallowed-methods = [

crates/axum-utils/Cargo.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [package]
 name = "mas-axum-utils"
 version.workspace = true
@@ -6,7 +11,7 @@ edition.workspace = true
 license.workspace = true
 homepage.workspace = true
 repository.workspace = true
-publish = false
+publish.workspace = true
 
 [lints]
 workspace = true
@@ -19,13 +24,13 @@ base64ct.workspace = true
 chrono.workspace = true
 headers.workspace = true
 http.workspace = true
-icu_locid = "1.5.0"
-mime = "0.3.17"
+icu_locid.workspace = true
+mime.workspace = true
 rand.workspace = true
 reqwest.workspace = true
 sentry.workspace = true
 serde.workspace = true
-serde_with = "3.12.0"
+serde_with.workspace = true
 serde_json.workspace = true
 thiserror.workspace = true
 tokio.workspace = true

crates/axum-utils/src/client_authorization.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::collections::HashMap;
 

crates/axum-utils/src/cookies.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 //! Private (encrypted) cookie jar, based on axum-extra's cookie jar
 

crates/axum-utils/src/csrf.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use base64ct::{Base64UrlUnpadded, Encoding};
 use chrono::{DateTime, Duration, Utc};

crates/axum-utils/src/error_wrapper.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use axum::response::{IntoResponse, Response};
 

crates/axum-utils/src/fancy_error.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use axum::{
     Extension,

crates/axum-utils/src/jwt.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use axum::response::{IntoResponse, Response};
 use axum_extra::typed_header::TypedHeader;

crates/axum-utils/src/language_detection.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::cmp::Reverse;
 

crates/axum-utils/src/lib.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 #![deny(clippy::future_not_send)]
 #![allow(clippy::module_name_repetitions)]

crates/axum-utils/src/sentry.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::convert::Infallible;
 

crates/axum-utils/src/session.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use mas_data_model::BrowserSession;
 use mas_storage::RepositoryAccess;

crates/axum-utils/src/user_authorization.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{collections::HashMap, error::Error};
 

crates/cli/Cargo.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [package]
 name = "mas-cli"
 version.workspace = true
@@ -6,7 +11,7 @@ edition.workspace = true
 license.workspace = true
 homepage.workspace = true
 repository.workspace = true
-publish = false
+publish.workspace = true
 
 build = "build.rs"
 
@@ -20,38 +25,35 @@ bytes.workspace = true
 camino.workspace = true
 chrono.workspace = true
 clap.workspace = true
-console = "0.15.11"
-dialoguer = { version = "0.11.0", default-features = false, features = [
-    "fuzzy-select",
-    "password",
-] }
-dotenvy = "0.15.7"
+console.workspace = true
+dialoguer.workspace = true
+dotenvy.workspace = true
 figment.workspace = true
 futures-util.workspace = true
 headers.workspace = true
 http-body-util.workspace = true
 hyper.workspace = true
-ipnetwork = "0.20.0"
-itertools = "0.14.0"
-listenfd = "1.0.2"
+ipnetwork.workspace = true
+itertools.workspace = true
+listenfd.workspace = true
 rand.workspace = true
 rand_chacha.workspace = true
 reqwest.workspace = true
 rustls.workspace = true
-sd-notify = "0.4.5"
+sd-notify.workspace = true
 serde_json.workspace = true
-serde_yaml = "0.9.34"
+serde_yaml.workspace = true
 sqlx.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tower.workspace = true
 tower-http.workspace = true
 url.workspace = true
-zeroize = "1.8.1"
+zeroize.workspace = true
 
 tracing.workspace = true
-tracing-appender = "0.2.3"
-tracing-subscriber = { workspace = true, features = ["env-filter"] }
+tracing-appender.workspace = true
+tracing-subscriber.workspace = true
 tracing-opentelemetry.workspace = true
 opentelemetry.workspace = true
 opentelemetry-http.workspace = true
@@ -90,7 +92,7 @@ syn2mas.workspace = true
 
 [build-dependencies]
 anyhow.workspace = true
-vergen-gitcl = { version = "1.0.8", features = ["rustc"] }
+vergen-gitcl.workspace = true
 
 [features]
 # Features used for the prebuilt binaries

crates/cli/build.rs

@@ -1,7 +1,7 @@
 // Copyright 2024, 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use vergen_gitcl::{Emitter, GitclBuilder, RustcBuilder};
 

crates/cli/src/app_state.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{convert::Infallible, net::IpAddr, sync::Arc};
 

crates/cli/src/commands/config.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::process::ExitCode;
 

crates/cli/src/commands/database.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::process::ExitCode;
 

crates/cli/src/commands/debug.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::process::ExitCode;
 

crates/cli/src/commands/doctor.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 //! Diagnostic utility to check the health of the deployment
 //!

crates/cli/src/commands/manage.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{collections::BTreeMap, process::ExitCode};
 

crates/cli/src/commands/mod.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::process::ExitCode;
 

crates/cli/src/commands/server.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{collections::BTreeSet, process::ExitCode, sync::Arc, time::Duration};
 

crates/cli/src/commands/syn2mas.rs

@@ -1,7 +1,7 @@
 // Copyright 2024, 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{collections::HashMap, process::ExitCode, time::Duration};
 

crates/cli/src/commands/templates.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::process::ExitCode;
 

crates/cli/src/commands/worker.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{process::ExitCode, time::Duration};
 

crates/cli/src/lifecycle.rs

@@ -1,7 +1,7 @@
 // Copyright 2024, 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{process::ExitCode, time::Duration};
 

crates/cli/src/main.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 #![allow(clippy::module_name_repetitions)]
 

crates/cli/src/server.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{
     net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr, TcpListener, ToSocketAddrs},

crates/cli/src/sync.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 //! Utilities to synchronize the configuration file with the database.
 

crates/cli/src/telemetry.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 mod tokio;
 

crates/cli/src/telemetry/tokio.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use opentelemetry::KeyValue;
 use tokio::runtime::RuntimeMetrics;

crates/cli/src/util.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{sync::Arc, time::Duration};
 

crates/config/Cargo.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [package]
 name = "mas-config"
 version.workspace = true
@@ -6,41 +11,36 @@ edition.workspace = true
 license.workspace = true
 homepage.workspace = true
 repository.workspace = true
-publish = false
+publish.workspace = true
 
 [lints]
 workspace = true
 
 [dependencies]
-tokio.workspace = true
-tracing.workspace = true
 anyhow.workspace = true
-futures-util.workspace = true
-
-camino = { workspace = true, features = ["serde1"] }
+camino.workspace = true
 chrono.workspace = true
 figment.workspace = true
+futures-util.workspace = true
+governor.workspace = true
 hex.workspace = true
-ipnetwork = { version = "0.20.0", features = ["serde", "schemars"] }
+indoc.workspace = true
+ipnetwork.workspace = true
 lettre.workspace = true
+pem-rfc7468.workspace = true
+rand_chacha.workspace = true
+rand.workspace = true
+rustls-pemfile.workspace = true
+rustls-pki-types.workspace = true
 schemars.workspace = true
+serde_json.workspace = true
+serde_with.workspace = true
+serde.workspace = true
+tokio.workspace = true
+tracing.workspace = true
 ulid.workspace = true
 url.workspace = true
 
-serde.workspace = true
-serde_with = { version = "3.12.0", features = ["hex", "chrono"] }
-serde_json.workspace = true
-
-pem-rfc7468 = "0.7.0"
-rustls-pki-types = "1.12.0"
-rustls-pemfile = "2.2.0"
-rand.workspace = true
-rand_chacha.workspace = true
-
-indoc = "2.0.6"
-
-governor.workspace = true
-
 mas-jose.workspace = true
 mas-keystore.workspace = true
 mas-iana.workspace = true

crates/config/src/bin/schema.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use schemars::r#gen::SchemaSettings;
 

crates/config/src/lib.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 #![deny(missing_docs, rustdoc::missing_crate_level_docs)]
 #![allow(clippy::module_name_repetitions)]

crates/config/src/schema.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 //! Useful JSON Schema definitions
 

crates/config/src/sections/account.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};

crates/config/src/sections/branding.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};

crates/config/src/sections/captcha.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize, de::Error};

crates/config/src/sections/clients.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::ops::Deref;
 

crates/config/src/sections/database.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{num::NonZeroU32, time::Duration};
 

crates/config/src/sections/email.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 #![allow(deprecated)]
 

crates/config/src/sections/experimental.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use chrono::Duration;
 use schemars::JsonSchema;

crates/config/src/sections/http.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 #![allow(deprecated)]
 

crates/config/src/sections/matrix.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use rand::{
     Rng,

crates/config/src/sections/mod.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use rand::Rng;
 use schemars::JsonSchema;

crates/config/src/sections/passwords.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::cmp::Reverse;
 

crates/config/src/sections/policy.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use camino::Utf8PathBuf;
 use schemars::JsonSchema;

crates/config/src/sections/rate_limiting.rs

@@ -1,8 +1,8 @@
 // Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{num::NonZeroU32, time::Duration};
 

crates/config/src/sections/secrets.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2022-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::borrow::Cow;
 

crates/config/src/sections/telemetry.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize, de::Error as _};

crates/config/src/sections/templates.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use camino::Utf8PathBuf;
 use schemars::JsonSchema;

crates/config/src/sections/upstream_oauth2.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2023, 2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::collections::BTreeMap;
 

crates/config/src/util.rs

@@ -1,8 +1,8 @@
-// Copyright 2024 New Vector Ltd.
+// Copyright 2024, 2025 New Vector Ltd.
 // Copyright 2021-2024 The Matrix.org Foundation C.I.C.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use figment::{Figment, error::Error as FigmentError};
 use serde::de::DeserializeOwned;

crates/context/Cargo.toml

@@ -1,3 +1,8 @@
+# Copyright 2025 New Vector Ltd.
+#
+# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+# Please see LICENSE files in the repository root for full details.
+
 [package]
 name = "mas-context"
 version.workspace = true
@@ -6,7 +11,7 @@ edition.workspace = true
 license.workspace = true
 homepage.workspace = true
 repository.workspace = true
-publish = false
+publish.workspace = true
 
 [lints]
 workspace = true

crates/context/src/fmt.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use console::{Color, Style};
 use opentelemetry::{

crates/context/src/future.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::{
     pin::Pin,

crates/context/src/layer.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 New Vector Ltd.
 //
-// SPDX-License-Identifier: AGPL-3.0-only
-// Please see LICENSE in the repository root for full details.
+// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+// Please see LICENSE files in the repository root for full details.
 
 use std::borrow::Cow;