Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar
https://blog.cloudflare.com/serverless-matrix-homeserver-workers/
Building a serverless, post-quantum Matrix homeserver
As a proof of concept, we built a Matrix homeserver to Cloudflare Workers — delivering encrypted messaging at the edge with automatic post-quantum cryptography.
Let me just pick a few examples from the code, because this is so bad
This is a core part of the protocol, that's not exactly simple (https://spec.matrix.org/v1.17/server-server-api/#authorization-rules)
They just have TODO comments, and happily accept anything, even if it's blatantly forged
Rather than implementing the critical state resolution algorithm that's the core of Matrix, they just directly insert the latest state into the database. That'll instantly lead to diverging views of the room and incompatibility with every other implementation - and it's also a massive security hole.
Oh and to top things off, they make trivially false claims in their post. Tuwunel and its predecessors do not and have never used Postgres or Redis.
Honestly this is almost insulting to me, as someone who has spent a nontrivial amount of effort developing a Matrix homeserver, with how low effort it is. And what’s the point? Marketing? I’m not gonna be trusting anything Cloudflare after this.
@JadedBlueEyes
I’m not gonna be trusting anything Cloudflare after this.as if you should've been doing this in the first place
Jade
🌸 lily 🏳️⚧️ 
θΔ ⋐ & ∞
apophis