@fedify/cli 2.3.0-dev.1219 → 2.3.0-dev.1273

package/dist/bench/scenarios/inbox.js

@@ -0,0 +1,155 @@
+import "@js-temporal/polyfill";
+import { discoverInbox, selectInbox } from "../discovery/discover.js";
+import { asList } from "../scenario/coerce.js";
+import { runLoad } from "../load/generator.js";
+import { aggregateSamples } from "../metrics/aggregate.js";
+import { diffSnapshots, fetchServerSnapshot, snapshotToMetrics } from "../metrics/stats-client.js";
+import { createActivityIdMinter } from "../signing/activity-id.js";
+import { createSigningPipeline } from "../signing/pipeline.js";
+import { signInboxDelivery } from "../signing/signer.js";
+import { isGenerateDirective, resolveGenerate } from "../template/generate.js";
+import { estimateTotal, loadPlanOf, measuredWindowMs, sendRequest, withMeasuredWindowStart } from "./runner.js";
+import { Create, Note } from "@fedify/vocab";
+//#region src/bench/scenarios/inbox.ts
+/**
+* The `inbox` scenario runner: the end-to-end signed-delivery benchmark.
+*
+* It discovers the recipient's inbox the way a real peer does, then drives
+* signed activity deliveries through the signing pipeline, aggregates the
+* client-measured results, and reads the target's server-side metrics.
+* @since 2.3.0
+* @module
+*/
+/** The `inbox` scenario runner. */
+const inboxRunner = {
+	validate(scenario) {
+		validateActivity(scenario);
+		validateInbox(scenario);
+	},
+	async run(context) {
+		const { scenario, fleet } = context;
+		if (fleet == null || fleet.actors.length < 1) throw new Error("The inbox scenario requires the synthetic actor server.");
+		if (scenario.recipients.length < 1) throw new Error("The inbox scenario requires a recipient.");
+		validateActivity(scenario);
+		validateInbox(scenario);
+		const fetchImpl = context.fetch ?? fetch;
+		const targets = [];
+		for (const recipient of scenario.recipients) {
+			const discovered = await discoverInbox(recipient, {
+				documentLoader: context.documentLoader,
+				contextLoader: context.contextLoader,
+				allowPrivateAddress: context.allowPrivateAddress
+			});
+			const inbox = selectInbox(discovered, scenario.inbox);
+			await context.assertDestinationAllowed?.(inbox);
+			targets.push({
+				inbox,
+				actorUri: discovered.actorUri
+			});
+		}
+		const actors = fleet.actors;
+		const minter = createActivityIdMinter(fleet.url);
+		let index = 0;
+		const factory = () => {
+			const i = index++;
+			const actor = actors[i % actors.length];
+			const target = targets[i % targets.length];
+			const activity = buildActivity(scenario.activity, actor, minter.next(), fleet.url, target.actorUri);
+			return signInboxDelivery({
+				actor,
+				inbox: target.inbox,
+				activity,
+				contextLoader: context.contextLoader
+			});
+		};
+		const pipeline = createSigningPipeline(scenario.signing, factory, { total: estimateTotal(scenario) });
+		const rawSend = async () => {
+			let request;
+			try {
+				request = await pipeline.next();
+			} catch (error) {
+				return {
+					ok: false,
+					errorKind: "client",
+					reason: String(error)
+				};
+			}
+			return sendRequest(request, fetchImpl);
+		};
+		let baseline = null;
+		let baselineTaken = false;
+		const send = withMeasuredWindowStart(scenario.warmupMs, async () => {
+			baseline = await fetchServerSnapshot(context.target, fetchImpl);
+			baselineTaken = true;
+		}, rawSend);
+		try {
+			await pipeline.prime();
+			const measurement = aggregateSamples((await runLoad(loadPlanOf(scenario, context.rng), send, context.clock)).samples, {
+				measuredWindowMs: measuredWindowMs(scenario),
+				includeHistogram: true
+			});
+			const end = await fetchServerSnapshot(context.target, fetchImpl);
+			const server = baselineTaken && baseline != null && end != null ? snapshotToMetrics(diffSnapshots(baseline, end)) : null;
+			return {
+				...measurement,
+				server
+			};
+		} finally {
+			await pipeline.close();
+		}
+	}
+};
+/**
+* Validates the scenario's `inbox` mode.  `"shared"` and `"personal"` select a
+* discovered inbox; any other value is an explicit inbox URL the run will POST
+* to, so it must be a usable bare http(s) URL.  Without this preflight check, a
+* typo like `inbox: shraed` would crash `selectInbox` with an uncaught error
+* mid-run, and a non-http URL would slip through to the send path.
+*/
+function validateInbox(scenario) {
+	const mode = scenario.inbox;
+	if (mode == null || mode === "shared" || mode === "personal") return;
+	let url;
+	try {
+		url = new URL(mode);
+	} catch {
+		throw new Error(`Scenario "${scenario.name}": inbox must be "shared", "personal", or an http(s) URL; got ${JSON.stringify(mode)}.`);
+	}
+	if (url.protocol !== "http:" && url.protocol !== "https:" || url.hostname === "" || url.username !== "" || url.password !== "") throw new Error(`Scenario "${scenario.name}": inbox URL must be a bare http(s) URL with a host and no credentials; got ${JSON.stringify(mode)}.`);
+}
+/**
+* Rejects the activity options the inbox runner cannot yet honor: it always
+* delivers a `Create` carrying an embedded `Note`, so a different activity or
+* object type, or `embedObject: false`, is refused with a clear message.
+*/
+function validateActivity(scenario) {
+	const spec = scenario.activity;
+	if (spec == null) return;
+	const badType = asList(spec.type).find((type) => type !== "Create");
+	if (badType != null) throw new Error(`Scenario "${scenario.name}": the inbox runner currently supports only Create activities; got ${JSON.stringify(badType)}.`);
+	if (spec.embedObject === false) throw new Error(`Scenario "${scenario.name}": the inbox runner always embeds the activity's object; embedObject: false is not yet supported.`);
+	const badObjectType = asList(spec.object?.type).find((type) => type !== "Note");
+	if (badObjectType != null) throw new Error(`Scenario "${scenario.name}": the inbox runner currently supports only Note objects; got ${JSON.stringify(badObjectType)}.`);
+}
+function buildActivity(spec, actor, id, base, recipient) {
+	const note = new Note({
+		id: new URL(`/objects/${crypto.randomUUID()}`, base),
+		attribution: actor.id,
+		content: resolveContent(spec?.object?.content),
+		to: recipient
+	});
+	return new Create({
+		id,
+		actor: actor.id,
+		object: note,
+		to: recipient
+	});
+}
+function resolveContent(content) {
+	if (content == null) return "Benchmark activity.";
+	if (typeof content === "string") return content;
+	if (isGenerateDirective(content)) return resolveGenerate(content);
+	return String(content);
+}
+//#endregion
+export { inboxRunner };

package/dist/bench/scenarios/registry.js

@@ -0,0 +1,21 @@
+import "@js-temporal/polyfill";
+import { inboxRunner } from "./inbox.js";
+import { webfingerRunner } from "./webfinger.js";
+//#region src/bench/scenarios/registry.ts
+/** The scenario types that have runners in this version. */
+const IMPLEMENTED_SCENARIO_TYPES = ["inbox", "webfinger"];
+/**
+* Returns the runner for a scenario type.
+* @param type The scenario type.
+* @returns The runner.
+* @throws {Error} If the type has no runner in this version.
+*/
+function runnerFor(type) {
+	switch (type) {
+		case "inbox": return inboxRunner;
+		case "webfinger": return webfingerRunner;
+		default: throw new Error(`The "${type}" scenario type is not implemented in this version of fedify bench; supported types: ${IMPLEMENTED_SCENARIO_TYPES.join(", ")}.`);
+	}
+}
+//#endregion
+export { runnerFor };

package/dist/bench/scenarios/runner.js

@@ -0,0 +1,76 @@
+import "@js-temporal/polyfill";
+//#region src/bench/scenarios/runner.ts
+/** Performs one HTTP send and classifies the result as a send outcome. */
+async function sendRequest(request, fetchImpl) {
+	const noFollow = request.redirect === "manual" ? request : new Request(request, { redirect: "manual" });
+	try {
+		const response = await fetchImpl(noFollow);
+		await response.arrayBuffer().catch(() => {});
+		if (response.type === "opaqueredirect" || response.status >= 300 && response.status < 400) return {
+			ok: false,
+			status: response.status === 0 ? void 0 : response.status,
+			reason: "redirect"
+		};
+		if (response.ok) return {
+			ok: true,
+			status: response.status
+		};
+		return {
+			ok: false,
+			status: response.status,
+			reason: `status_${response.status}`
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			errorKind: "network",
+			reason: String(error)
+		};
+	}
+}
+/** Builds the load plan for a resolved scenario. */
+function loadPlanOf(scenario, rng) {
+	return {
+		load: scenario.load,
+		durationMs: scenario.durationMs,
+		warmupMs: scenario.warmupMs,
+		rng
+	};
+}
+/** The measured window (excluding warm-up) used for throughput, in ms. */
+function measuredWindowMs(scenario) {
+	return Math.max(scenario.durationMs - scenario.warmupMs, 1);
+}
+/** Estimates the total request count, for presigning open-loop runs. */
+function estimateTotal(scenario) {
+	if (scenario.load.kind !== "open") return void 0;
+	return Math.ceil(scenario.load.ratePerSec * (scenario.durationMs / 1e3));
+}
+/**
+* Wraps a send function so that `onMeasuredWindowStart` runs exactly once, at
+* the warm-up boundary, and *every* measured request waits for it to settle
+* before being sent.  Runners use this to snapshot a server-side baseline so
+* reported server metrics cover only the measured window rather than the
+* target's cumulative lifetime; awaiting it on every measured send guarantees
+* the baseline is taken before any measured traffic reaches the target, so no
+* measured request can leak into the baseline.
+*
+* The barrier is cheap: only the handful of requests scheduled while the
+* baseline snapshot is in flight wait for it (recording that wait as their own
+* latency, the coordinated-omission-correct outcome); once it settles, later
+* waits resolve immediately.
+* @param warmupMs The warm-up window length, in milliseconds.
+* @param onMeasuredWindowStart The one-shot callback, run at the boundary.
+* @param send The underlying send function.
+* @returns A send function that gates measured sends on the callback.
+*/
+function withMeasuredWindowStart(warmupMs, onMeasuredWindowStart, send) {
+	let started;
+	return (scheduledAtMs) => {
+		if (scheduledAtMs < warmupMs) return send(scheduledAtMs);
+		started ??= Promise.resolve().then(onMeasuredWindowStart);
+		return started.then(() => send(scheduledAtMs));
+	};
+}
+//#endregion
+export { estimateTotal, loadPlanOf, measuredWindowMs, sendRequest, withMeasuredWindowStart };

package/dist/bench/scenarios/webfinger.js

@@ -0,0 +1,44 @@
+import "@js-temporal/polyfill";
+import { convertUrlIfHandle } from "../../webfinger/lib.js";
+import { runLoad } from "../load/generator.js";
+import { aggregateSamples } from "../metrics/aggregate.js";
+import { diffSnapshots, fetchServerSnapshot, snapshotToMetrics } from "../metrics/stats-client.js";
+import { loadPlanOf, measuredWindowMs, sendRequest, withMeasuredWindowStart } from "./runner.js";
+//#region src/bench/scenarios/webfinger.ts
+/**
+* The `webfinger` scenario runner: drives WebFinger handle-resolution lookups,
+* the discovery primitive every other scenario reuses.
+* @since 2.3.0
+* @module
+*/
+function webfingerUrl(target, recipient) {
+	const resource = convertUrlIfHandle(recipient).href;
+	const url = new URL("/.well-known/webfinger", target);
+	url.searchParams.set("resource", resource);
+	return url;
+}
+/** The `webfinger` scenario runner. */
+const webfingerRunner = { async run(context) {
+	const fetchImpl = context.fetch ?? fetch;
+	const urls = (context.scenario.recipients.length > 0 ? context.scenario.recipients : [context.target.href]).map((r) => webfingerUrl(context.target, r));
+	let index = 0;
+	const rawSend = () => sendRequest(new Request(urls[index++ % urls.length], { redirect: "manual" }), fetchImpl);
+	let baseline = null;
+	let baselineTaken = false;
+	const send = withMeasuredWindowStart(context.scenario.warmupMs, async () => {
+		baseline = await fetchServerSnapshot(context.target, fetchImpl);
+		baselineTaken = true;
+	}, rawSend);
+	const measurement = aggregateSamples((await runLoad(loadPlanOf(context.scenario, context.rng), send, context.clock)).samples, {
+		measuredWindowMs: measuredWindowMs(context.scenario),
+		includeHistogram: true
+	});
+	const end = await fetchServerSnapshot(context.target, fetchImpl);
+	const server = baselineTaken && baseline != null && end != null ? snapshotToMetrics(diffSnapshots(baseline, end)) : null;
+	return {
+		...measurement,
+		server
+	};
+} };
+//#endregion
+export { webfingerRunner };

package/dist/bench/server/synthetic.js

@@ -0,0 +1,118 @@
+import "@js-temporal/polyfill";
+import { getContextLoader } from "../../docloader.js";
+import { actorDocument } from "../actor/documents.js";
+import { serve } from "srvx";
+//#region src/bench/server/synthetic.ts
+/**
+* The benchmark's own synthetic actor/key server.
+*
+* It serves the actor documents (with embedded keys) that the target
+* dereferences while verifying signatures, over plain HTTP — which works
+* because `benchmarkMode` enables `allowPrivateAddress` on the target.  By
+* default it binds loopback and advertises a `127.0.0.1` base URL, which a
+* same-machine (loopback) target can reach.  For a non-loopback target, pass
+* `advertiseHost`: the server then binds every interface and advertises that
+* host in the actor/key URLs, so the remote target can dereference them.
+* @since 2.3.0
+* @module
+*/
+/**
+* Starts the synthetic actor/key server and serves each fleet member's actor
+* document.
+* @param members The fleet members (with keys) to serve.
+* @param options Server options.
+* @returns The running server, including the actors with their assigned URLs.
+*/
+async function spawnSyntheticServer(members, options = {}) {
+	const advertised = options.advertiseHost == null ? null : resolveAdvertiseHost(options.advertiseHost);
+	const routes = /* @__PURE__ */ new Map();
+	const server = serve({
+		port: 0,
+		hostname: advertised?.bindHost ?? "127.0.0.1",
+		silent: true,
+		fetch(request) {
+			const { pathname } = new URL(request.url);
+			const body = routes.get(pathname);
+			if (body == null) return new Response("Not found", { status: 404 });
+			return new Response(body, {
+				status: 200,
+				headers: { "content-type": "application/activity+json" }
+			});
+		}
+	});
+	await server.ready();
+	const actors = [];
+	try {
+		const bound = new URL(server.url);
+		const base = advertised == null ? bound : new URL(`http://${advertised.urlHost}:${bound.port}/`);
+		const contextLoader = options.contextLoader ?? await getContextLoader({ allowPrivateAddress: true });
+		for (const member of members) {
+			const id = new URL(`/actors/${member.index}`, base);
+			const actor = {
+				...member,
+				id,
+				rsaKeyId: member.keys.rsa == null ? void 0 : new URL("#main-key", id),
+				ed25519KeyId: member.keys.ed25519 == null ? void 0 : new URL("#ed25519-key", id)
+			};
+			const document = await actorDocument(actor, { contextLoader });
+			routes.set(`/actors/${member.index}`, JSON.stringify(document));
+			actors.push(actor);
+		}
+		return {
+			url: base,
+			actors,
+			async close() {
+				await server.close(true);
+			}
+		};
+	} catch (error) {
+		await server.close(true);
+		throw error;
+	}
+}
+/** An error raised when `--advertise-host` is not a usable bare host. */
+var AdvertiseHostError = class extends Error {};
+/**
+* Validates and normalizes an `--advertise-host` value into a bind address and a
+* URL-authority host.  It must be a bare host name, IPv4 address, or IPv6
+* literal (bracketed or not); a scheme, port, path, or other URL syntax is
+* rejected, since the synthetic server's chosen port is appended automatically.
+* An IPv6 host binds every IPv6 interface (`::`); anything else binds every IPv4
+* interface (`0.0.0.0`).
+* @param host The raw `--advertise-host` value.
+* @returns The bind address and the URL-authority host.
+* @throws {AdvertiseHostError} If the value is not a usable bare host.
+*/
+function resolveAdvertiseHost(host) {
+	const trimmed = host.trim();
+	if (trimmed === "") throw new AdvertiseHostError("--advertise-host must not be empty.");
+	if (/[\s/\\@?#]/.test(trimmed) || trimmed.includes("://")) throw new AdvertiseHostError(`Invalid --advertise-host ${JSON.stringify(host)}: give a bare host name or IP address, with no scheme, path, or whitespace.`);
+	let urlHost;
+	let bindHost;
+	if (trimmed.startsWith("[")) {
+		if (!trimmed.endsWith("]")) throw new AdvertiseHostError(`Invalid --advertise-host ${JSON.stringify(host)}: unbalanced brackets around the IPv6 address.`);
+		urlHost = trimmed;
+		bindHost = "::";
+	} else {
+		const colons = (trimmed.match(/:/g) ?? []).length;
+		if (colons === 1) throw new AdvertiseHostError(`Invalid --advertise-host ${JSON.stringify(host)}: omit the port; the synthetic server's chosen port is appended automatically.`);
+		if (colons >= 2) {
+			urlHost = `[${trimmed}]`;
+			bindHost = "::";
+		} else {
+			urlHost = trimmed;
+			bindHost = /^\d{1,3}(?:\.\d{1,3}){3}$/.test(trimmed) ? "0.0.0.0" : "::";
+		}
+	}
+	try {
+		new URL(`http://${urlHost}/`);
+	} catch {
+		throw new AdvertiseHostError(`Invalid --advertise-host ${JSON.stringify(host)}: not a valid host name or IP address.`);
+	}
+	return {
+		bindHost,
+		urlHost
+	};
+}
+//#endregion
+export { resolveAdvertiseHost, spawnSyntheticServer };

package/dist/bench/signing/activity-id.js

@@ -0,0 +1,18 @@
+import "@js-temporal/polyfill";
+//#region src/bench/signing/activity-id.ts
+/**
+* Creates a minter that produces unique activity ids under a base URL.  Ids
+* combine a per-run random component with a monotonic counter, so they are
+* unique within a run and across runs.
+* @param base The base URL (typically the synthetic server's URL).
+* @returns A new minter.
+*/
+function createActivityIdMinter(base) {
+	const run = crypto.randomUUID();
+	let counter = 0;
+	return { next() {
+		return new URL(`/activities/${run}/${counter++}`, base);
+	} };
+}
+//#endregion
+export { createActivityIdMinter };

package/dist/bench/signing/pipeline.js

@@ -0,0 +1,134 @@
+import "@js-temporal/polyfill";
+//#region src/bench/signing/pipeline.ts
+/** An error used to release consumers waiting on a closed pipeline. */
+var PipelineClosedError = class extends Error {};
+const DEFAULT_BUFFER_SIZE = 256;
+const DEFAULT_SIGNERS = 4;
+/**
+* After this many signing failures with no successful sign in between, the
+* pipeline gives up so a deterministic signing error fails fast instead of
+* spinning forever.
+*/
+const FATAL_FAILURE_THRESHOLD = 8;
+/**
+* Creates a signing pipeline for the given mode.
+* @param mode The lookahead mode.
+* @param factory The per-request signing factory.
+* @param options Buffer, total, and concurrency options.
+* @returns The signing pipeline.
+*/
+function createSigningPipeline(mode, factory, options = {}) {
+	if (mode === "jit") return createJit(factory);
+	const signers = options.signers ?? DEFAULT_SIGNERS;
+	if (mode === "presign") {
+		const total = options.total ?? DEFAULT_BUFFER_SIZE;
+		return createBuffered(factory, {
+			bufferSize: total,
+			fillTarget: total,
+			signers,
+			countStarvation: false,
+			maxProduced: total
+		});
+	}
+	const bufferSize = options.bufferSize ?? DEFAULT_BUFFER_SIZE;
+	return createBuffered(factory, {
+		bufferSize,
+		fillTarget: bufferSize,
+		signers,
+		countStarvation: true
+	});
+}
+function createJit(factory) {
+	return {
+		next: factory,
+		prime: () => Promise.resolve(),
+		starvationCount: 0,
+		close: () => Promise.resolve()
+	};
+}
+function createBuffered(factory, options) {
+	const ready = [];
+	const waiters = [];
+	const maxProduced = options.maxProduced ?? Infinity;
+	let produced = 0;
+	let starvationCount = 0;
+	let inFlight = 0;
+	let closed = false;
+	let consecutiveFailures = 0;
+	let fatalError = null;
+	const CLOSED = Symbol("closed");
+	let signalClose;
+	const closeSignal = new Promise((resolve) => {
+		signalClose = () => resolve(CLOSED);
+	});
+	function deliver(request) {
+		const waiter = waiters.shift();
+		if (waiter != null) waiter.resolve(request);
+		else ready.push(request);
+	}
+	function fail(error) {
+		fatalError = error;
+		closed = true;
+		signalClose();
+		ready.length = 0;
+		while (waiters.length > 0) waiters.shift().reject(error);
+	}
+	async function producer() {
+		while (!closed) {
+			if (produced + inFlight >= maxProduced) break;
+			if (waiters.length === 0 && ready.length + inFlight >= options.bufferSize) {
+				await Promise.race([delay(), closeSignal]);
+				continue;
+			}
+			inFlight++;
+			try {
+				const pending = Promise.resolve().then(factory);
+				pending.catch(() => {});
+				const result = await Promise.race([pending, closeSignal]);
+				if (result === CLOSED || closed) break;
+				consecutiveFailures = 0;
+				produced++;
+				deliver(result);
+			} catch (error) {
+				if (++consecutiveFailures >= FATAL_FAILURE_THRESHOLD) fail(error);
+			} finally {
+				inFlight--;
+			}
+		}
+	}
+	const producers = Array.from({ length: options.signers }, () => producer());
+	return {
+		get starvationCount() {
+			return starvationCount;
+		},
+		next() {
+			const buffered = ready.shift();
+			if (buffered != null) return Promise.resolve(buffered);
+			if (fatalError != null) return Promise.reject(fatalError);
+			if (closed) return Promise.reject(new PipelineClosedError("closed"));
+			if (produced >= maxProduced) return Promise.resolve().then(factory);
+			if (options.countStarvation) starvationCount++;
+			return new Promise((resolve, reject) => {
+				waiters.push({
+					resolve,
+					reject
+				});
+			});
+		},
+		async prime() {
+			while (!closed && ready.length < options.fillTarget) await Promise.race([delay(), closeSignal]);
+			if (fatalError != null) throw fatalError;
+		},
+		async close() {
+			closed = true;
+			signalClose();
+			while (waiters.length > 0) waiters.shift().reject(new PipelineClosedError("closed"));
+			await Promise.allSettled(producers);
+		}
+	};
+}
+function delay() {
+	return new Promise((resolve) => setTimeout(resolve, 1));
+}
+//#endregion
+export { createSigningPipeline };

package/dist/bench/signing/signer.js

@@ -0,0 +1,39 @@
+import "@js-temporal/polyfill";
+import { signJsonLd, signObject, signRequest } from "@fedify/fedify";
+//#region src/bench/signing/signer.ts
+/**
+* Signing one inbox delivery, reusing the `@fedify/fedify` signers so the
+* client pays realistic crypto cost.
+*
+* Document signatures are applied first (FEP-8b32 object proof, then LD
+* Signature on the serialized document), then the HTTP request signature is
+* applied to the final body, matching how a real sender composes a request.
+* @since 2.3.0
+* @module
+*/
+/**
+* Signs an inbox delivery and returns a ready-to-send `Request`.
+* @param options The delivery options.
+* @returns The signed POST request.
+* @throws {TypeError} If the actor lacks the RSA key required for HTTP signing.
+*/
+async function signInboxDelivery(options) {
+	const { actor, inbox, contextLoader } = options;
+	if (actor.keys.rsa == null || actor.rsaKeyId == null) throw new TypeError("Actor is missing the RSA key required for HTTP request signing.");
+	let activity = options.activity;
+	if (actor.standards.includes("fep8b32") && actor.keys.ed25519 != null && actor.ed25519KeyId != null) activity = await signObject(activity, actor.keys.ed25519.privateKey, actor.ed25519KeyId, { contextLoader });
+	let document = await activity.toJsonLd({ contextLoader });
+	if (actor.standards.includes("ld-signatures")) document = await signJsonLd(document, actor.keys.rsa.privateKey, actor.rsaKeyId, { contextLoader });
+	const body = new TextEncoder().encode(JSON.stringify(document));
+	return await signRequest(new Request(inbox, {
+		method: "POST",
+		headers: { "content-type": "application/activity+json" },
+		body,
+		redirect: "manual"
+	}), actor.keys.rsa.privateKey, actor.rsaKeyId, {
+		spec: actor.httpStandard,
+		body: body.buffer.slice(body.byteOffset, body.byteOffset + body.byteLength)
+	});
+}
+//#endregion
+export { signInboxDelivery };