@claudelaw/taichu 0.6.0

package/packages/server/public/theme-minimal/index.html

@@ -0,0 +1,223 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+<title data-taichu="siteName">Taichu CMS</title>
+<meta name="description" content="">
+<link rel="stylesheet" href="/theme/style.css">
+<link rel="icon" type="image/svg+xml" href="/favicon.svg">
+<link rel="alternate" type="application/rss+xml" href="/rss.xml" title="RSS Feed">
+</head>
+<body>
+<header class="site-header">
+  <div class="header-inner">
+    <a href="/" class="site-logo">Taichu</a>
+    <nav class="site-nav" id="nav"></nav>
+  </div>
+</header>
+
+<main class="site-main" id="main"></main>
+
+<footer class="site-footer">
+  <div class="footer-inner">
+    <p>Powered by <a href="https://github.com/Caludelaw/Taichu" target="_blank">Taichu CMS</a></p>
+    <p class="icp" id="icp"></p>
+  </div>
+</footer>
+
+<script>
+(function() {
+var G = window.__TAICHU__ || {};
+document.title = G.site?.name || 'Taichu CMS';
+document.documentElement.lang = G.site?.language || 'zh-CN';
+document.querySelectorAll('[data-taichu=siteName]').forEach(function(el){ el.textContent = G.site?.name || 'Taichu' });
+
+var icpEl = document.getElementById('icp');
+if (icpEl && G.site?.icp) {
+  icpEl.innerHTML = '<a href="https://beian.miit.gov.cn" target="_blank">'+G.site.icp+'</a>' + (G.site.gongan ? ' | '+G.site.gongan : '');
+}
+
+var theme = G.theme || {};
+var rs = document.documentElement.style;
+if (theme.primaryColor) rs.setProperty('--accent', theme.primaryColor);
+if (theme.fontSize) rs.setProperty('--font-size', theme.fontSize);
+if (theme.customCSS) { var s = document.createElement('style'); s.textContent = theme.customCSS; document.head.appendChild(s); }
+
+function api(path) { return fetch('/api'+path).then(function(r){ return r.json() }); }
+function getPage() { var m = location.search.match(/page=(\d+)/); return m ? parseInt(m[1]) : 1; }
+var PAGE_SIZE = 10;
+
+function paginationHTML(page, total) {
+  var pages = Math.ceil(total / PAGE_SIZE);
+  if (pages <= 1) return '';
+  var html = '<nav class="pagination">';
+  if (page > 1) html += '<a href="?page='+(page-1)+'" class="btn-page">&larr; 前页</a>';
+  else html += '<span class="btn-page disabled">&larr; 前页</span>';
+  html += '<span class="page-info">'+page+' / '+pages+'</span>';
+  if (page < pages) html += '<a href="?page='+(page+1)+'" class="btn-page">后页 &rarr;</a>';
+  else html += '<span class="btn-page disabled">后页 &rarr;</span>';
+  html += '</nav>';
+  return html;
+}
+
+function route() {
+  var p = location.pathname;
+  if (p === '/' || p === '') return renderHome();
+  if (p.startsWith('/post/')) return renderPost(p.split('/post/')[1]);
+  if (p.startsWith('/page/')) return renderPage(p.split('/page/')[1]);
+  if (p === '/search') return renderSearch();
+  render404();
+}
+
+function buildNav(navItems, categories, pages) {
+  var nav = document.getElementById('nav');
+  var html = '<a href="/">首页</a>';
+  (navItems||[]).forEach(function(item){
+    html += '<a href="'+escAttr(item.data?.url||'#')+'"'+(item.data?.target==='_blank'?' target="_blank"':'')+'>'+escHtml(item.data?.title||'')+'</a>';
+  });
+  if (!navItems || !navItems.length) {
+    (categories||[]).forEach(function(c){
+      html += '<a href="/category/'+(c.data?.slug||c.data?.name||c.id)+'">'+escHtml(c.data?.name||c.data?.title||c.id)+'</a>';
+    });
+    (pages||[]).forEach(function(p){
+      html += '<a href="/page/'+(p.data?.slug||p.id)+'">'+escHtml(p.data?.title||p.id)+'</a>';
+    });
+  }
+  html += '<a href="/search">🔍</a>';
+  nav.innerHTML = html;
+}
+
+function renderHome() {
+  var main = document.getElementById('main');
+  var page = getPage();
+  var offset = (page - 1) * PAGE_SIZE;
+  main.innerHTML = '<div class="loading">加载中...</div>';
+
+  Promise.all([
+    api('/content/article?status=published&limit='+PAGE_SIZE+'&offset='+offset),
+    api('/content/article?status=published&limit=1'),
+    api('/content/navigation?limit=20'),
+    api('/content/category?limit=20')
+  ]).then(function(res){
+    var articles = res[0].docs || [];
+    var total = res[1].total || 0;
+    var navItems = (res[2].docs||[]).sort(function(a,b){ return (a.data?.order||0)-(b.data?.order||0) });
+    var categories = res[3].docs || [];
+    buildNav(navItems, categories, []);
+
+    if (!articles.length && page === 1) {
+      main.innerHTML = '<div class="hero"><h1>你好，我是 Taichu</h1><p>一个轻量、快速的 AI Agent-Native 内容管理系统。</p></div><div class="empty-blog"><p>还没有文章。去 <a href="/admin/">管理后台</a> 开始创作。</p></div>';
+      return;
+    }
+    var html = '<div class="post-list">';
+    articles.forEach(function(a){
+      var ex = excerpt(a.data?.body);
+      html += '<article class="post-card"><div class="post-meta"><time>'+fmtDate(a.updatedAt)+'</time></div><h2><a href="/post/'+(a.data?.slug||a.id)+'">'+escHtml(a.data?.title||'Untitled')+'</a></h2><p>'+ex+'</p></article>';
+    });
+    html += '</div>';
+    html += paginationHTML(page, total);
+    main.innerHTML = html;
+  }).catch(function(e){ main.innerHTML = '<p class="error">加载失败</p>'; });
+}
+
+function renderPost(slug) {
+  var main = document.getElementById('main');
+  main.innerHTML = '<div class="loading">加载中...</div>';
+  api('/content/article?limit=100').then(function(data){
+    var docs = data.docs || [];
+    var doc = docs.find(function(d){ return d.data?.slug === slug });
+    if (!doc) { render404(); return; }
+    main.innerHTML = '<article class="post-single"><h1>'+escHtml(doc.data?.title||'')+'</h1><time>'+fmtDate(doc.updatedAt)+'</time><div class="post-body">'+renderBody(doc.data?.body)+'</div></article>';
+    document.title = (doc.data?.title||'') + ' — ' + (G.site?.name||'Taichu');
+  }).catch(function(){ main.innerHTML = '<p class="error">加载失败</p>'; });
+}
+
+function renderPage(slug) {
+  var main = document.getElementById('main');
+  main.innerHTML = '<div class="loading">加载中...</div>';
+  api('/content/page?limit=100').then(function(data){
+    var docs = data.docs || [];
+    var doc = docs.find(function(d){ return d.data?.slug === slug });
+    if (!doc) { render404(); return; }
+    main.innerHTML = '<article class="post-single"><h1>'+escHtml(doc.data?.title||'')+'</h1><div class="post-body">'+renderBody(doc.data?.body)+'</div></article>';
+    document.title = (doc.data?.title||'') + ' — ' + (G.site?.name||'Taichu');
+  }).catch(function(){ main.innerHTML = '<p class="error">加载失败</p>'; });
+}
+
+function renderSearch() {
+  var main = document.getElementById('main');
+  var q = (new URL(location.href)).searchParams.get('q') || '';
+  main.innerHTML = '<h1 class="page-title">搜索</h1><form onsubmit="event.preventDefault();location.href=\'/search?q=\'+encodeURIComponent(this.q.value)" class="search-form"><input name="q" value="'+escAttr(q)+'" class="search-input" placeholder="输入关键词..." autofocus><button class="btn-primary">搜索</button></form><div id="search-results"></div>';
+  if (!q) return;
+  document.getElementById('search-results').innerHTML = '<div class="loading">搜索中...</div>';
+  api('/search?q='+encodeURIComponent(q)).then(function(data){
+    var docs = data.docs || [];
+    var results = document.getElementById('search-results');
+    if (!docs.length) { results.innerHTML = '<p class="empty">未找到</p>'; return; }
+    var html = '<div class="post-list">';
+    docs.forEach(function(d){
+      html += '<article class="post-card"><h2><a href="/post/'+(d.data?.slug||d.id)+'">'+escHtml(d.data?.title||'')+'</a></h2><p>'+excerpt(d.data?.body)+'</p></article>';
+    });
+    html += '</div>';
+    results.innerHTML = html;
+  });
+}
+
+function render404() {
+  document.getElementById('main').innerHTML = '<div class="empty-page"><h1>404</h1><p>页面未找到</p><a href="/">返回首页</a></div>';
+}
+
+function renderBody(body) {
+  if (!body) return '';
+  if (typeof body === 'string') return '<p>'+escHtml(body)+'</p>';
+  if (body.type === 'doc' && Array.isArray(body.content)) return body.content.map(renderNode).join('');
+  if (body.text) return '<p>'+escHtml(String(body.text||body))+'</p>';
+  return '';
+}
+
+function renderNode(node) {
+  if (!node) return '';
+  var text = '';
+  if (node.content) text = node.content.map(renderNode).join('');
+  else if (node.text) text = escHtml(String(node.text));
+  if (node.marks) {
+    node.marks.forEach(function(m){
+      if (m.type === 'bold') text = '<strong>'+text+'</strong>';
+      if (m.type === 'italic') text = '<em>'+text+'</em>';
+      if (m.type === 'code') text = '<code>'+text+'</code>';
+      if (m.type === 'link') text = '<a href="'+escAttr(m.attrs?.href||'#')+'">'+text+'</a>';
+      if (m.type === 'strike') text = '<s>'+text+'</s>';
+    });
+  }
+  switch (node.type) {
+    case 'paragraph': return '<p>'+text+'</p>';
+    case 'heading': return '<h'+(node.attrs?.level||2)+'>'+text+'</h'+(node.attrs?.level||2)+'>';
+    case 'bulletList': return '<ul>'+text+'</ul>';
+    case 'orderedList': return '<ol>'+text+'</ol>';
+    case 'listItem': return '<li>'+text+'</li>';
+    case 'blockquote': return '<blockquote>'+text+'</blockquote>';
+    case 'codeBlock': return '<pre><code>'+text+'</code></pre>';
+    case 'horizontalRule': return '<hr>';
+    case 'image': return '<img src="'+escAttr(node.attrs?.src||'')+'" alt="'+escAttr(node.attrs?.alt||'')+'" loading="lazy">';
+    default: return text;
+  }
+}
+
+function excerpt(body) {
+  if (!body) return '';
+  if (typeof body === 'string') return body.replace(/<[^>]+>/g,'').substring(0,200);
+  if (body.text) return escHtml(String(body.text)).substring(0,200);
+  if (body.content) return body.content.map(function(n){ return n.text||'' }).join(' ').substring(0,200);
+  return '';
+}
+
+function fmtDate(d) { if (!d) return ''; return new Date(d).toLocaleDateString('zh-CN',{year:'numeric',month:'long',day:'numeric'}); }
+function escHtml(s) { return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;'); }
+function escAttr(s) { return String(s).replace(/&/g,'&amp;').replace(/"/g,'&quot;').replace(/'/g,'&#39;'); }
+
+route();
+})();
+</script>
+</body>
+</html>

package/packages/server/public/theme-minimal/style.css

@@ -0,0 +1,109 @@
+/* Taichu Minimal — Clean Portfolio Theme */
+:root {
+  --accent: #1E1B4B;
+  --bg: #FAFAFA;
+  --text: #1A1A2E;
+  --text-secondary: #666;
+  --border: #EBEBEB;
+  --font: 'Georgia', 'Noto Serif SC', serif;
+  --font-size: 17px;
+  --max-width: 720px;
+}
+
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+body {
+  font-family: var(--font); font-size: var(--font-size);
+  color: var(--text); background: var(--bg); line-height: 1.8;
+}
+
+/* Header */
+.site-header { background: var(--bg); padding: 24px 0; }
+.header-inner {
+  max-width: var(--max-width); margin: 0 auto; padding: 0 24px;
+  display: flex; align-items: baseline; justify-content: space-between;
+}
+.site-logo {
+  font-size: 24px; font-weight: 400; color: var(--text);
+  text-decoration: none; letter-spacing: -1px;
+}
+.site-nav { display: flex; gap: 24px; }
+.site-nav a { color: var(--text-secondary); text-decoration: none; font-size: 14px; font-family: -apple-system, sans-serif; }
+.site-nav a:hover { color: var(--accent); }
+
+/* Main */
+.site-main { max-width: var(--max-width); margin: 0 auto; padding: 48px 24px; min-height: 60vh; }
+
+/* Hero (empty home) */
+.hero { text-align: center; padding: 80px 0 40px; }
+.hero h1 { font-size: 36px; font-weight: 400; letter-spacing: -1px; margin-bottom: 12px; }
+.hero p { font-size: 16px; color: var(--text-secondary); font-family: -apple-system, sans-serif; }
+
+/* Post List */
+.post-list { display: flex; flex-direction: column; gap: 48px; }
+.post-card { border-bottom: 1px solid var(--border); padding-bottom: 32px; }
+.post-card:last-child { border-bottom: none; }
+.post-meta { margin-bottom: 8px; }
+.post-meta time { font-size: 12px; color: var(--text-secondary); font-family: -apple-system, sans-serif; text-transform: uppercase; letter-spacing: 1px; }
+.post-card h2 { font-size: 24px; line-height: 1.3; font-weight: 400; letter-spacing: -0.5px; }
+.post-card h2 a { color: var(--text); text-decoration: none; }
+.post-card h2 a:hover { color: var(--accent); }
+.post-card p { margin-top: 8px; color: var(--text-secondary); font-size: 15px; }
+
+/* Post Single */
+.post-single h1 { font-size: 32px; line-height: 1.2; font-weight: 400; letter-spacing: -1px; margin-bottom: 8px; }
+.post-single time { font-size: 12px; color: var(--text-secondary); font-family: -apple-system, sans-serif; margin-bottom: 40px; display: block; }
+.post-body p { margin-bottom: 24px; font-size: 17px; }
+.post-body h2, .post-body h3 { margin: 40px 0 16px; font-weight: 400; }
+.post-body h2 { font-size: 24px; }
+.post-body h3 { font-size: 20px; }
+.post-body ul, .post-body ol { margin: 12px 0 24px 24px; }
+.post-body li { margin-bottom: 6px; }
+.post-body blockquote {
+  border-left: 2px solid var(--accent); padding: 8px 20px; margin: 24px 0;
+  color: var(--text-secondary); font-style: italic;
+}
+.post-body pre { background: #1A1A2E; color: #E0E0E0; padding: 20px; font-size: 14px; margin: 24px 0; overflow-x: auto; }
+.post-body code { font-size: 14px; }
+.post-body pre code { background: none; }
+.post-body img { max-width: 100%; margin: 24px 0; }
+.post-body hr { border: none; border-top: 1px solid var(--border); margin: 40px 0; }
+.post-body a { color: var(--accent); border-bottom: 1px solid var(--accent); text-decoration: none; }
+
+/* Footer */
+.site-footer { border-top: 1px solid var(--border); padding: 40px 0; margin-top: 80px; }
+.footer-inner { max-width: var(--max-width); margin: 0 auto; text-align: center; padding: 0 24px; }
+.footer-inner p { font-size: 13px; color: var(--text-secondary); font-family: -apple-system, sans-serif; }
+.footer-inner a { color: var(--accent); text-decoration: none; }
+.icp { margin-top: 4px; font-size: 12px; }
+
+/* Pagination */
+.pagination { display: flex; justify-content: center; align-items: center; gap: 20px; margin-top: 48px; }
+.btn-page { padding: 8px 20px; border: 1px solid var(--border); font-size: 13px; font-family: -apple-system, sans-serif; color: var(--text-secondary); text-decoration: none; }
+.btn-page:hover { border-color: var(--accent); color: var(--accent); }
+.btn-page.disabled { opacity: 0.25; }
+.page-info { font-size: 13px; color: var(--text-secondary); font-family: -apple-system, sans-serif; }
+
+/* States */
+.loading { text-align: center; padding: 80px 0; color: var(--text-secondary); }
+.error { color: #C0392B; padding: 40px; text-align: center; }
+.empty-page { text-align: center; padding: 80px 0; }
+.empty-page h1 { font-size: 72px; font-weight: 300; color: #CCC; }
+.empty-blog { text-align: center; padding: 40px 0; font-family: -apple-system, sans-serif; }
+.empty-blog a { color: var(--accent); }
+.page-title { font-size: 28px; font-weight: 400; margin-bottom: 32px; }
+
+.search-form { display: flex; gap: 10px; margin-bottom: 32px; }
+.search-input {
+  flex: 1; padding: 10px 16px; border: 1px solid var(--border); background: white;
+  font-size: 15px; font-family: inherit;
+}
+.btn-primary {
+  padding: 10px 24px; background: var(--accent); color: white; border: none;
+  font-size: 14px; font-family: -apple-system, sans-serif; cursor: pointer;
+}
+
+@media (max-width: 768px) {
+  .site-main { padding: 32px 16px; }
+  .post-single h1 { font-size: 24px; }
+  .post-card h2 { font-size: 20px; }
+}

package/packages/server/public/ws-test.html

@@ -0,0 +1,106 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<title>Taichu WebSocket Test</title>
+<style>
+  * { margin:0; padding:0; box-sizing:border-box; }
+  body { font-family: monospace; background: #0F172A; color: #E2E8F0; padding: 20px; }
+  h1 { font-size: 18px; color: #10B981; margin-bottom: 16px; }
+  .panel { background: #1E293B; border: 1px solid #334155; border-radius: 8px; padding: 16px; margin-bottom: 16px; }
+  .panel h2 { font-size: 14px; color: #94A3B8; margin-bottom: 8px; }
+  .status { display: inline-block; padding: 2px 10px; border-radius: 4px; font-size: 12px; }
+  .connected { background: #065F46; color: #10B981; }
+  .disconnected { background: #7F1D1D; color: #FCA5A5; }
+  .log { max-height: 300px; overflow-y: auto; font-size: 12px; line-height: 1.6; }
+  .log .create { color: #10B981; }
+  .log .update { color: #F59E0B; }
+  .log .delete { color: #EF4444; }
+  .log .info { color: #94A3B8; }
+  button { padding: 6px 16px; border: 1px solid #334155; background: #1E293B; color: #E2E8F0; border-radius: 4px; cursor: pointer; font-size: 12px; margin-right: 8px; margin-bottom: 8px; }
+  button:hover { border-color: #10B981; color: #10B981; }
+  input { padding: 6px 10px; background: #0F172A; border: 1px solid #334155; color: #E2E8F0; border-radius: 4px; font-size: 12px; width: 200px; }
+</style>
+</head>
+<body>
+<h1>⚡ Taichu WebSocket Live Test</h1>
+
+<div class="panel">
+  <h2>Connection</h2>
+  <div><span id="ws-status" class="status disconnected">disconnected</span></div>
+  <p style="margin-top:8px;font-size:12px;color:#94A3B8;" id="ws-url"></p>
+</div>
+
+<div class="panel">
+  <h2>Subscribe</h2>
+  <input id="channel" value="article" placeholder="channel name" />
+  <button onclick="subscribe()">Subscribe</button>
+  <button onclick="unsubscribe()">Unsubscribe</button>
+  <button onclick="connect()">Connect</button>
+</div>
+
+<div class="panel">
+  <h2>Events</h2>
+  <div class="log" id="log">
+    <div class="info">Waiting for WebSocket events...</div>
+  </div>
+</div>
+
+<script>
+const protocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
+const wsUrl = `${protocol}//${location.host}`;
+document.getElementById('ws-url').textContent = wsUrl;
+
+let ws = null;
+
+function connect() {
+  if (ws) ws.close();
+  ws = new WebSocket(wsUrl);
+
+  ws.onopen = () => {
+    document.getElementById('ws-status').className = 'status connected';
+    document.getElementById('ws-status').textContent = 'connected';
+    log('info', 'WebSocket connected');
+  };
+
+  ws.onmessage = (e) => {
+    const msg = JSON.parse(e.data);
+    if (msg.type === 'subscribed') {
+      log('info', `Subscribed to "${msg.channel}"`);
+    } else if (msg.type === 'content_change') {
+      log(msg.event, `[${msg.channel}] ${msg.event}: ${msg.doc.title || msg.doc.id}`);
+    }
+  };
+
+  ws.onclose = () => {
+    document.getElementById('ws-status').className = 'status disconnected';
+    document.getElementById('ws-status').textContent = 'disconnected';
+    log('info', 'WebSocket disconnected');
+  };
+
+  ws.onerror = () => log('info', 'WebSocket error');
+}
+
+function subscribe() {
+  const ch = document.getElementById('channel').value || 'article';
+  if (ws) ws.send(JSON.stringify({ type: 'subscribe', channel: ch }));
+}
+
+function unsubscribe() {
+  const ch = document.getElementById('channel').value || 'article';
+  if (ws) ws.send(JSON.stringify({ type: 'unsubscribe', channel: ch }));
+}
+
+function log(ev, msg) {
+  const el = document.getElementById('log');
+  const div = document.createElement('div');
+  div.className = ev;
+  div.textContent = `[${new Date().toLocaleTimeString()}] ${msg}`;
+  el.prepend(div);
+  if (el.children.length > 100) el.removeChild(el.lastChild);
+}
+
+connect();
+</script>
+</body>
+</html>

package/packages/server/src/activitypub.js

@@ -0,0 +1,228 @@
+/**
+ * ActivityPub — 联邦协议基础
+ *
+ * 实现 ActivityPub Server-to-Server 协议的最小功能子集：
+ *   - Actor 端点（JSON-LD）
+ *   - WebFinger 发现
+ *   - Outbox（已发布活动列表）
+ *   - Inbox（接收 Follow/Create/Accept 等）
+ *   - HTTP 签名验证（基础）
+ *
+ * 配置：
+ *   TAICHU_AP_HOST  — 实例公开域名（默认 localhost）
+ *   TAICHU_AP_PORT  — 公开端口（默认 3120）
+ */
+
+import { createLogger } from './logger.js';
+import { getStore } from './context.js';
+
+const log = createLogger('activitypub');
+
+const AP_CONTEXT = [
+  'https://www.w3.org/ns/activitystreams',
+  'https://w3id.org/security/v1'
+];
+
+const HOST = process.env.TAICHU_AP_HOST || 'localhost';
+const PORT = process.env.TAICHU_AP_PORT || process.env.TAICHU_PORT || '3120';
+const BASE_URL = process.env.TAICHU_AP_BASE_URL || `http://${HOST}:${PORT}`;
+
+/**
+ * Generate Actor object.
+ */
+export function actorObject() {
+  const actorId = `${BASE_URL}/api/activitypub/actor`;
+  return {
+    '@context': AP_CONTEXT,
+    id: actorId,
+    type: 'Person',
+    preferredUsername: 'taichu',
+    name: 'Taichu CMS',
+    summary: 'AI Agent-Native Content Infrastructure',
+    url: BASE_URL,
+    icon: { type: 'Image', url: `${BASE_URL}/favicon.svg` },
+    inbox: `${BASE_URL}/api/activitypub/inbox`,
+    outbox: `${BASE_URL}/api/activitypub/outbox`,
+    followers: `${BASE_URL}/api/activitypub/followers`,
+    publicKey: {
+      id: `${actorId}#main-key`,
+      owner: actorId,
+      publicKeyPem: getPublicKeyPem()
+    }
+  };
+}
+
+/**
+ * Generate WebFinger response.
+ */
+export function webfingerResponse(resource) {
+  const actorUrl = `${BASE_URL}/api/activitypub/actor`;
+  return {
+    subject: resource,
+    links: [
+      {
+        rel: 'self',
+        type: 'application/activity+json',
+        href: actorUrl
+      }
+    ]
+  };
+}
+
+/**
+ * Create an activity (used to publish content events).
+ */
+export function createActivity(type, object) {
+  return {
+    '@context': AP_CONTEXT,
+    id: `${BASE_URL}/api/activitypub/activity/${Date.now()}`,
+    type,
+    actor: `${BASE_URL}/api/activitypub/actor`,
+    published: new Date().toISOString(),
+    to: ['https://www.w3.org/ns/activitystreams#Public'],
+    object
+  };
+}
+
+/**
+ * Create a "Create" activity when content is published.
+ */
+export function createContentActivity(doc) {
+  const contentId = `${BASE_URL}/api/content/${doc.type}/${doc.id}`;
+  return createActivity('Create', {
+    id: contentId,
+    type: 'Article',
+    attributedTo: `${BASE_URL}/api/activitypub/actor`,
+    name: doc.data?.title || '',
+    content: typeof doc.data?.body === 'string'
+      ? doc.data.body.substring(0, 2000)
+      : (doc.data?.summary || ''),
+    url: contentId,
+    published: doc.publishedAt || doc.createdAt
+  });
+}
+
+/**
+ * Process an incoming activity (inbox handler).
+ * @returns {Promise<{accepted: boolean, type?: string}>}
+ */
+export async function processInboxActivity(activity, headers) {
+  // Verify HTTP signature (basic)
+  const sigValid = verifySignature(headers);
+  if (!sigValid) {
+    log.warn('Inbox activity rejected: invalid signature');
+    return { accepted: false, reason: 'invalid_signature' };
+  }
+
+  const { type, actor } = activity;
+
+  switch (type) {
+    case 'Follow': {
+      log.info(`Follow request from ${actor}`);
+      // Auto-accept follows
+      const accept = createActivity('Accept', activity);
+      return { accepted: true, type: 'Follow', response: accept };
+    }
+
+    case 'Create':
+    case 'Announce':
+    case 'Like':
+      log.info(`Received ${type} from ${actor}`);
+      // Store for potential future use
+      await storeActivity(activity);
+      return { accepted: true, type };
+
+    case 'Undo':
+      log.info(`Received Undo from ${actor}`);
+      return { accepted: true, type: 'Undo' };
+
+    case 'Delete':
+      log.info(`Received Delete from ${actor}`);
+      return { accepted: true, type: 'Delete' };
+
+    default:
+      log.debug(`Unhandled activity type: ${type}`);
+      return { accepted: true, type: 'unhandled' };
+  }
+}
+
+/**
+ * Store received activity as a document.
+ */
+async function storeActivity(activity) {
+  try {
+    const store = getStore();
+    if (store) {
+      await store.create({
+        type: 'activitypub_activity',
+        data: activity,
+        status: 'received'
+      });
+    }
+  } catch (err) {
+    log.error(`Failed to store activity: ${err.message}`);
+  }
+}
+
+/**
+ * Verify HTTP Signature header (basic implementation).
+ */
+function verifySignature(headers) {
+  const sigHeader = headers['signature'];
+  if (!sigHeader) return false;
+
+  // Parse signature header
+  const sigParts = {};
+  sigHeader.split(',').forEach(part => {
+    const [key, ...vals] = part.trim().split('=');
+    sigParts[key.trim()] = vals.join('=').replace(/^"|"$/g, '');
+  });
+
+  // In production, this would:
+  // 1. Fetch the actor's public key
+  // 2. Reconstruct the signed string
+  // 3. Verify with crypto
+  //
+  // For P2 MVP: accept basic structure with keyId presence
+  if (sigParts.keyId && sigParts.signature && sigParts.headers) {
+    log.debug(`Signature from ${sigParts.keyId}`);
+    return true; // Basic acceptance for MVP
+  }
+
+  return false;
+}
+
+/**
+ * Get the instance's public key (generated once at startup).
+ */
+let _publicKeyPem = null;
+let _privateKeyPem = null;
+
+function getPublicKeyPem() {
+  ensureKeys();
+  return _publicKeyPem;
+}
+
+export function getPrivateKeyPem() {
+  ensureKeys();
+  return _privateKeyPem;
+}
+
+function ensureKeys() {
+  if (_publicKeyPem) return;
+
+  // Use configured keys or generate placeholder
+  const pubEnv = process.env.TAICHU_AP_PUBLIC_KEY;
+  const privEnv = process.env.TAICHU_AP_PRIVATE_KEY;
+
+  if (pubEnv && privEnv) {
+    _publicKeyPem = pubEnv.replace(/\\n/g, '\n');
+    _privateKeyPem = privEnv.replace(/\\n/g, '\n');
+  } else {
+    // Generate ephemeral keys for dev
+    // In production, generate via: openssl genpkey -algorithm RSA -out private.pem
+    log.warn('No AP keys configured. ActivityPub federation will not work in production.');
+    _publicKeyPem = 'GENERATE_KEYS_FOR_PRODUCTION';
+    _privateKeyPem = '';
+  }
+}