feat: add recovery key support for E2EE agents, including configuration and documentation updates

agents/runtime.go

@@ -56,6 +56,18 @@ func New(cfg *config.AgentConfig, rules []decision.Rule, logger *slog.Logger) (*
 		if err != nil {
 			return nil, fmt.Errorf("e2ee init: %w", err)
 		}
+
+		// Auto-fetch cross-signing private keys from SSSS if recovery key is configured.
+		if envName := cfg.Matrix.Encryption.RecoveryKeyEnv; envName != "" {
+			if rk := os.Getenv(envName); rk != "" {
+				if err := matrixClient.FetchCrossSigningKeys(context.Background(), rk); err != nil {
+					logger.Warn("failed to fetch cross-signing keys from SSSS (non-fatal)", "err", err)
+				} else {
+					logger.Info("cross-signing private keys fetched from SSSS")
+				}
+			}
+		}
+
 		logger.Info("e2ee ready")
 	}