fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732)

Remove all Matrix/Dendrite infrastructure:
- Delete lib/matrix_listener.sh (long-poll daemon), lib/matrix_listener.service
  (systemd unit), lib/hooks/on-stop-matrix.sh (response streaming hook)
- Remove matrix_send() and matrix_send_ctx() from lib/env.sh
- Remove MATRIX_HOMESERVER auto-detection, MATRIX_THREAD_MAP from lib/env.sh
- Remove [matrix] section parsing from lib/load-project.sh
- Remove Matrix hook installation from lib/agent-session.sh
- Remove notify/notify_ctx helpers and Matrix thread tracking from
  dev/dev-agent.sh and action/action-agent.sh
- Remove all matrix_send calls from dev-poll.sh, phase-handler.sh,
  action-poll.sh, vault-poll.sh, vault-fire.sh, vault-reject.sh,
  review-poll.sh, review-pr.sh, supervisor-poll.sh, formula-session.sh
- Remove Matrix listener startup from docker/agents/entrypoint.sh
- Remove append_dendrite_compose() and setup_matrix() from bin/disinto
- Remove --matrix flag from disinto init
- Clean Matrix references from .env.example, projects/*.toml.example,
  formulas/*.toml, AGENTS.md, BOOTSTRAP.md, README.md, RESOURCES.md,
  PHASE-PROTOCOL.md, and all agent AGENTS.md/PROMPT.md files

Status visibility now via Codeberg PR/issue activity. Human interaction
via vault items through forge. Proactive alerts via OpenClaw heartbeats.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

vault/AGENTS.md

@@ -6,12 +6,12 @@
 **Pipeline A — Action Gating (*.json)**: Actions enter a pending queue and are
 classified by Claude via `vault-agent.sh`, which can auto-approve (call
 `vault-fire.sh` directly), auto-reject (call `vault-reject.sh`), or escalate
-to a human by writing `PHASE:escalate` to a phase file and sending a Matrix
-message — using the same unified escalation path as dev/action agents.
+to a human by writing `PHASE:escalate` to a phase file — using the same
+unified escalation path as dev/action agents.
 
 **Pipeline B — Procurement (*.md)**: The planner files resource requests as
 markdown files in `vault/pending/`. `vault-poll.sh` notifies the human via
-Matrix. The human fulfills the request (creates accounts, provisions infra,
+vault/forge. The human fulfills the request (creates accounts, provisions infra,
 adds secrets to `.env`) and moves the file to `vault/approved/`.
 `vault-fire.sh` then extracts the proposed entry and appends it to
 `RESOURCES.md`.
@@ -20,7 +20,7 @@ adds secrets to `.env`) and moves the file to `vault/approved/`.
 `run-rent-a-human` formula (via an `action` issue) when a task requires a human
 touch — posting on Reddit, commenting on HN, signing up for a service, etc.
 Claude drafts copy-paste-ready content to `vault/outreach/{platform}/drafts/`
-and notifies the human via Matrix for one-click execution. No vault approval
+and notifies the human via vault/forge for one-click execution. No vault approval
 needed — the human reviews and publishes directly.
 
 **Trigger**: `vault-poll.sh` runs every 30 min via cron.
@@ -31,15 +31,14 @@ needed — the human reviews and publishes directly.
 - `vault/PROMPT.md` — System prompt for the vault agent's Claude invocation
 - `vault/vault-fire.sh` — Executes an approved action (JSON) or writes RESOURCES.md entry (procurement MD)
 - `vault/vault-reject.sh` — Marks a JSON action as rejected
-- `formulas/run-rent-a-human.toml` — Formula for human-action drafts: Claude researches target platform norms, drafts copy-paste content, writes to `vault/outreach/{platform}/drafts/`, notifies human via Matrix
+- `formulas/run-rent-a-human.toml` — Formula for human-action drafts: Claude researches target platform norms, drafts copy-paste content, writes to `vault/outreach/{platform}/drafts/`, notifies human via vault/forge
 
 **Procurement flow**:
 1. Planner drops `vault/pending/<name>.md` with what/why/proposed RESOURCES.md entry
-2. `vault-poll.sh` notifies human via Matrix
+2. `vault-poll.sh` notifies human via vault/forge
 3. Human fulfills: creates account, adds secrets to `.env`, moves file to `vault/approved/`
 4. `vault-fire.sh` extracts proposed entry, appends to RESOURCES.md, moves to `vault/fired/`
 5. Next planner run reads RESOURCES.md → new capability available → unblocks prerequisite tree
 
 **Environment variables consumed**:
 - All from `lib/env.sh`
-- `MATRIX_TOKEN`, `MATRIX_ROOM_ID`, `MATRIX_HOMESERVER` — Escalation channel

vault/PROMPT.md

@@ -29,8 +29,8 @@ For each pending JSON action, decide: **auto-approve**, **escalate**, or **rejec
 |----------|------------|---------------------------------------------|
 | low      | true       | auto-approve → fire immediately             |
 | low      | false      | auto-approve → fire, log prominently        |
-| medium   | true       | auto-approve → fire, matrix notify          |
-| medium   | false      | escalate via matrix → wait for human reply   |
+| medium   | true       | auto-approve → fire, notify via vault/forge  |
+| medium   | false      | escalate via vault/forge → wait for human reply |
 | high     | any        | always escalate → wait for human reply       |
 
 ## Rules
@@ -94,18 +94,9 @@ source ${FACTORY_ROOT}/lib/env.sh
 bash ${FACTORY_ROOT}/vault/vault-fire.sh <action-id>
 ```
 
-### Escalate via Matrix
+### Escalate
 ```bash
-matrix_send "vault" "🔒 VAULT — approval required
-
-Source:  <source>
-Type:    <type>
-Risk:    <risk> / <reversible|irreversible>
-Created: <created>
-
-<one-line summary of what the action does>
-
-Reply APPROVE <id> or REJECT <id>" 2>/dev/null
+echo "PHASE:escalate" > "$PHASE_FILE"
 ```
 
 ### Reject
@@ -125,8 +116,7 @@ ROUTE: <action-id> → <auto-approve|escalate|reject> — <reason>
 
 - Process ALL pending JSON actions in the batch. Never skip silently.
 - For auto-approved actions, fire them immediately via `vault-fire.sh`.
-- For escalated actions, move to `vault/approved/` only AFTER human approval
-  (vault-poll handles this via matrix_listener dispatch).
+- For escalated actions, move to `vault/approved/` only AFTER human approval.
 - Read the action JSON carefully. Check the payload, not just the metadata.
 - Ignore `.md` files in pending/ — those are procurement requests handled
   separately by vault-poll.sh and the human.

vault/vault-agent.sh

@@ -69,7 +69,6 @@ ${ACTIONS_BATCH}
 - Vault directory: ${VAULT_DIR}
 - vault-fire.sh: bash ${VAULT_DIR}/vault-fire.sh <action-id>
 - vault-reject.sh: bash ${VAULT_DIR}/vault-reject.sh <action-id> \"<reason>\"
-- matrix_send is available after: source ${FACTORY_ROOT}/lib/env.sh
 
 Process each action now. For auto-approve, fire immediately. For reject, call vault-reject.sh.
 

vault/vault-fire.sh

@@ -83,7 +83,6 @@ if [ "$IS_PROCUREMENT" = true ]; then
 
   if [ -z "$ENTRY" ]; then
     log "ERROR: $ACTION_ID has no '## Proposed RESOURCES.md Entry' section"
-    matrix_send "vault" "❌ Procurement $ACTION_ID has no RESOURCES.md entry — cannot fire" 2>/dev/null || true
     exit 1
   fi
 
@@ -95,7 +94,6 @@ if [ "$IS_PROCUREMENT" = true ]; then
   mv "$ACTION_FILE" "${VAULT_DIR}/fired/${ACTION_ID}.md"
   rm -f "${LOCKS_DIR}/${ACTION_ID}.notified"
   log "$ACTION_ID: approved → fired (procurement)"
-  matrix_send "vault" "✅ Procurement fulfilled: ${ACTION_ID} — RESOURCES.md updated" 2>/dev/null || true
   exit 0
 fi
 
@@ -175,9 +173,7 @@ if [ "$FIRE_EXIT" -eq 0 ]; then
     && mv "$TMP" "${VAULT_DIR}/fired/${ACTION_ID}.json"
   rm -f "$ACTION_FILE"
   log "$ACTION_ID: approved → fired"
-  matrix_send "vault" "✅ Vault fired: ${ACTION_ID} (${ACTION_TYPE} from ${ACTION_SOURCE})" 2>/dev/null || true
 else
   log "ERROR: $ACTION_ID fire failed (exit $FIRE_EXIT) — stays in approved/ for retry"
-  matrix_send "vault" "❌ Vault fire failed: ${ACTION_ID} (${ACTION_TYPE}) — will retry" 2>/dev/null || true
   exit "$FIRE_EXIT"
 fi

vault/vault-poll.sh

@@ -91,7 +91,6 @@ for action_file in "${VAULT_DIR}/approved/"*.json; do
     log "fired $ACTION_ID (retry)"
   else
     log "ERROR: fire failed for $ACTION_ID (retry)"
-    matrix_send "vault" "❌ Vault fire failed on retry: ${ACTION_ID}" 2>/dev/null || true
   fi
 
   unlock_action "$ACTION_ID"
@@ -112,7 +111,6 @@ for req_file in "${VAULT_DIR}/approved/"*.md; do
     log "fired procurement $REQ_ID (retry)"
   else
     log "ERROR: fire failed for procurement $REQ_ID (retry)"
-    matrix_send "vault" "❌ Vault fire failed on retry: ${REQ_ID} (procurement)" 2>/dev/null || true
   fi
 
   unlock_action "$REQ_ID"
@@ -143,7 +141,6 @@ for action_file in "${VAULT_DIR}/pending/"*.json; do
     AGE_HOURS=$((AGE_SECS / 3600))
     log "timeout: $ACTION_ID escalated ${AGE_HOURS}h ago with no reply — auto-rejecting"
     bash "${VAULT_DIR}/vault-reject.sh" "$ACTION_ID" "timeout (${AGE_HOURS}h, no human reply)" >> "$LOGFILE" 2>&1 || true
-    matrix_send "vault" "⏰ Vault auto-rejected ${ACTION_ID} — no reply after ${AGE_HOURS}h" 2>/dev/null || true
   fi
 done
 
@@ -184,7 +181,6 @@ if [ "$PENDING_COUNT" -gt 0 ]; then
 
   bash "${VAULT_DIR}/vault-agent.sh" >> "$LOGFILE" 2>&1 || {
     log "ERROR: vault-agent failed"
-    matrix_send "vault" "❌ vault-agent.sh failed — check vault.log" 2>/dev/null || true
   }
 fi
 
@@ -216,15 +212,6 @@ for req_file in "${VAULT_DIR}/pending/"*.md; do
 
   log "new procurement request: $REQ_ID — $REQ_TITLE"
 
-  # Notify human via Matrix
-  matrix_send "vault" "🔑 PROCUREMENT REQUEST — ${REQ_TITLE}
-
-ID: ${REQ_ID}
-Action: review vault/pending/${REQ_ID}.md
-To approve: fulfill the request, add secrets to .env, move file to vault/approved/
-
-$(head -20 "$req_file")" 2>/dev/null || true
-
   # Mark as notified so we don't re-send
   mkdir -p "${VAULT_DIR}/.locks"
   touch "${VAULT_DIR}/.locks/${REQ_ID}.notified"

vault/vault-reject.sh

@@ -43,4 +43,3 @@ rm -f "$ACTION_FILE"
 rm -f "${VAULT_DIR}/.locks/${ACTION_ID}.lock"
 
 log "$ACTION_ID: rejected — $REASON"
-matrix_send "vault" "🚫 Vault rejected: ${ACTION_ID} (${ACTION_TYPE} from ${ACTION_SOURCE}) — ${REASON}" 2>/dev/null || true