npm - @fedify/fedify - Versions diffs - 1.6.1-dev.856 → 1.6.1-dev.871 - Mend

@fedify/fedify 1.6.1-dev.856 → 1.6.1-dev.871

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (457) hide show

package/dist/middleware-BiYIqI0b.js ADDED Viewed

@@ -0,0 +1,3525 @@
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+import { getDefaultActivityTransformers$1 as getDefaultActivityTransformers } from "./transformers-jxj-4o2K.js";
+import { deno_default, getDocumentLoader, kvCache } from "./docloader-DDFam5Xn.js";
+import { Activity, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId$1 as getTypeId } from "./actor-CM3gfkH6.js";
+import { lookupWebFinger } from "./lookup-B5KVF6HM.js";
+import { exportJwk, importJwk, validateCryptoKey } from "./key-DIk4Rloj.js";
+import { doubleKnock, verifyRequest } from "./http-v1TqJ9Qa.js";
+import { detachSignature$1 as detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd$1 as signJsonLd, signObject$1 as signObject, verifyJsonLd$1 as verifyJsonLd, verifyObject$1 as verifyObject } from "./proof-D0cf4R25.js";
+import { getNodeInfo, nodeInfoToJson } from "./types-D4p7qK8A.js";
+import { getAuthenticatedDocumentLoader$1 as getAuthenticatedDocumentLoader } from "./authdocloader-OfYZlI31.js";
+import { lookupObject, traverseCollection } from "./vocab-BSNlVPPE.js";
+import { getLogger, withContext } from "@logtape/logtape";
+import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
+import { encodeHex } from "byte-encodings/hex";
+import { cloneDeep } from "@es-toolkit/es-toolkit";
+import { Router } from "uri-template-router";
+import { parseTemplate } from "url-template";
+import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
+import { domainToASCII } from "node:url";
+//#region federation/inbox.ts
+var InboxListenerSet = class InboxListenerSet {
+	#listeners;
+	constructor() {
+		this.#listeners = new Map();
+	}
+	clone() {
+		const clone = new InboxListenerSet();
+		clone.#listeners = new Map(this.#listeners);
+		return clone;
+	}
+	add(type, listener) {
+		if (this.#listeners.has(type)) throw new TypeError("Listener already set for this type.");
+		this.#listeners.set(type, listener);
+	}
+	dispatchWithClass(activity) {
+		let cls = activity.constructor;
+		const inboxListeners = this.#listeners;
+		if (inboxListeners == null) return null;
+		while (true) {
+			if (inboxListeners.has(cls)) break;
+			if (cls === Activity) return null;
+			cls = globalThis.Object.getPrototypeOf(cls);
+		}
+		const listener = inboxListeners.get(cls);
+		return {
+			class: cls,
+			listener
+		};
+	}
+	dispatch(activity) {
+		return this.dispatchWithClass(activity)?.listener ?? null;
+	}
+};
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+	const logger$1 = getLogger([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	const cacheKey = activity.id == null ? null : [
+		...kvPrefixes.activityIdempotence,
+		ctx.origin,
+		activity.id.href
+	];
+	if (cacheKey != null) {
+		const cached = await kv.get(cacheKey);
+		if (cached === true) {
+			logger$1.debug("Activity {activityId} has already been processed.", {
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.UNSET,
+				message: `Activity ${activity.id?.href} has already been processed.`
+			});
+			return "alreadyProcessed";
+		}
+	}
+	if (activity.actorId == null) {
+		logger$1.error("Missing actor.", { activity: json });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Missing actor."
+		});
+		return "missingActor";
+	}
+	span.setAttribute("activitypub.actor.id", activity.actorId.href);
+	if (queue != null) {
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		try {
+			await queue.enqueue({
+				type: "inbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				activity: json,
+				identifier: recipient,
+				attempt: 0,
+				started: new Date().toISOString(),
+				traceContext: carrier
+			});
+		} catch (error) {
+			logger$1.error("Failed to enqueue the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Failed to enqueue the incoming activity ${activity.id?.href}.`
+			});
+			throw error;
+		}
+		logger$1.info("Activity {activityId} is enqueued.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		return "enqueued";
+	}
+	tracerProvider = tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	return await tracer.startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span$1) => {
+		const dispatched = inboxListeners?.dispatchWithClass(activity);
+		if (dispatched == null) {
+			logger$1.error("Unsupported activity type:\n{activity}", {
+				activity: json,
+				recipient
+			});
+			span$1.setStatus({
+				code: SpanStatusCode.UNSET,
+				message: `Unsupported activity type: ${getTypeId(activity).href}`
+			});
+			span$1.end();
+			return "unsupportedActivity";
+		}
+		const { class: cls, listener } = dispatched;
+		span$1.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+		try {
+			await listener(inboxContextFactory(recipient, json, activity?.id?.href, getTypeId(activity).href), activity);
+		} catch (error) {
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error: error$1,
+					activityId: activity.id?.href,
+					activity: json,
+					recipient
+				});
+			}
+			logger$1.error("Failed to process the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span$1.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			span$1.end();
+			return "error";
+		}
+		if (cacheKey != null) await kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+		logger$1.info("Activity {activityId} has been processed.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		span$1.end();
+		return "success";
+	});
+}
+//#endregion
+//#region federation/router.ts
+function cloneInnerRouter(router) {
+	const clone = new Router();
+	clone.nid = router.nid;
+	clone.fsm = cloneDeep(router.fsm);
+	clone.routeSet = new Set(router.routeSet);
+	clone.templateRouteMap = new Map(router.templateRouteMap);
+	clone.valueRouteMap = new Map(router.valueRouteMap);
+	clone.hierarchy = cloneDeep(router.hierarchy);
+	return clone;
+}
+/**
+* URL router and constructor based on URI Template
+* ([RFC 6570](https://tools.ietf.org/html/rfc6570)).
+*/
+var Router$1 = class Router$1 {
+	#router;
+	#templates;
+	#templateStrings;
+	/**
+	* Whether to ignore trailing slashes when matching paths.
+	* @since 1.6.0
+	*/
+	trailingSlashInsensitive;
+	/**
+	* Create a new {@link Router}.
+	* @param options Options for the router.
+	*/
+	constructor(options = {}) {
+		this.#router = new Router();
+		this.#templates = {};
+		this.#templateStrings = {};
+		this.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
+	}
+	clone() {
+		const clone = new Router$1({ trailingSlashInsensitive: this.trailingSlashInsensitive });
+		clone.#router = cloneInnerRouter(this.#router);
+		clone.#templates = { ...this.#templates };
+		clone.#templateStrings = { ...this.#templateStrings };
+		return clone;
+	}
+	/**
+	* Checks if a path name exists in the router.
+	* @param name The name of the path.
+	* @returns `true` if the path name exists, otherwise `false`.
+	*/
+	has(name) {
+		return name in this.#templates;
+	}
+	/**
+	* Adds a new path rule to the router.
+	* @param template The path pattern.
+	* @param name The name of the path.
+	* @returns The names of the variables in the path pattern.
+	*/
+	add(template, name) {
+		if (!template.startsWith("/")) throw new RouterError("Path must start with a slash.");
+		const rule = this.#router.addTemplate(template, {}, name);
+		this.#templates[name] = parseTemplate(template);
+		this.#templateStrings[name] = template;
+		return new Set(rule.variables.map((v) => v.varname));
+	}
+	/**
+	* Resolves a path name and values from a URL, if any match.
+	* @param url The URL to resolve.
+	* @returns The name of the path and its values, if any match.  Otherwise,
+	*          `null`.
+	*/
+	route(url) {
+		let match = this.#router.resolveURI(url);
+		if (match == null) {
+			if (!this.trailingSlashInsensitive) return null;
+			url = url.endsWith("/") ? url.replace(/\/+$/, "") : `${url}/`;
+			match = this.#router.resolveURI(url);
+			if (match == null) return null;
+		}
+		return {
+			name: match.matchValue,
+			template: this.#templateStrings[match.matchValue],
+			values: match.params
+		};
+	}
+	/**
+	* Constructs a URL/path from a path name and values.
+	* @param name The name of the path.
+	* @param values The values to expand the path with.
+	* @returns The URL/path, if the name exists.  Otherwise, `null`.
+	*/
+	build(name, values) {
+		if (name in this.#templates) return this.#templates[name].expand(values);
+		return null;
+	}
+};
+/**
+* An error thrown by the {@link Router}.
+*/
+var RouterError = class extends Error {
+	/**
+	* Create a new {@link RouterError}.
+	* @param message The error message.
+	*/
+	constructor(message) {
+		super(message);
+		this.name = "RouterError";
+	}
+};
+//#endregion
+//#region federation/builder.ts
+var FederationBuilderImpl = class {
+	router;
+	actorCallbacks;
+	nodeInfoDispatcher;
+	objectCallbacks;
+	objectTypeIds;
+	inboxPath;
+	inboxCallbacks;
+	outboxCallbacks;
+	followingCallbacks;
+	followersCallbacks;
+	likedCallbacks;
+	featuredCallbacks;
+	featuredTagsCallbacks;
+	inboxListeners;
+	inboxErrorHandler;
+	sharedInboxKeyDispatcher;
+	constructor() {
+		this.router = new Router$1();
+		this.objectCallbacks = {};
+		this.objectTypeIds = {};
+	}
+	async build(options) {
+		const { FederationImpl: FederationImpl$1 } = await import("./middleware-pAGwVkRf.js");
+		const f = new FederationImpl$1(options);
+		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
+		f.router = this.router.clone();
+		f.router.trailingSlashInsensitive = trailingSlashInsensitiveValue;
+		f._initializeRouter();
+		f.actorCallbacks = this.actorCallbacks == null ? void 0 : { ...this.actorCallbacks };
+		f.nodeInfoDispatcher = this.nodeInfoDispatcher;
+		f.objectCallbacks = { ...this.objectCallbacks };
+		f.objectTypeIds = { ...this.objectTypeIds };
+		f.inboxPath = this.inboxPath;
+		f.inboxCallbacks = this.inboxCallbacks == null ? void 0 : { ...this.inboxCallbacks };
+		f.outboxCallbacks = this.outboxCallbacks == null ? void 0 : { ...this.outboxCallbacks };
+		f.followingCallbacks = this.followingCallbacks == null ? void 0 : { ...this.followingCallbacks };
+		f.followersCallbacks = this.followersCallbacks == null ? void 0 : { ...this.followersCallbacks };
+		f.likedCallbacks = this.likedCallbacks == null ? void 0 : { ...this.likedCallbacks };
+		f.featuredCallbacks = this.featuredCallbacks == null ? void 0 : { ...this.featuredCallbacks };
+		f.featuredTagsCallbacks = this.featuredTagsCallbacks == null ? void 0 : { ...this.featuredTagsCallbacks };
+		f.inboxListeners = this.inboxListeners?.clone();
+		f.inboxErrorHandler = this.inboxErrorHandler;
+		f.sharedInboxKeyDispatcher = this.sharedInboxKeyDispatcher;
+		return f;
+	}
+	_getTracer() {
+		return trace.getTracer(deno_default.name, deno_default.version);
+	}
+	setActorDispatcher(path, dispatcher) {
+		if (this.router.has("actor")) throw new RouterError("Actor dispatcher already set.");
+		const variables = this.router.add(path, "actor");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for actor dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("The {{handle}} variable in the actor dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher: async (context$1, identifier) => {
+			const actor = await this._getTracer().startActiveSpan("activitypub.dispatch_actor", {
+				kind: SpanKind.SERVER,
+				attributes: { "fedify.actor.identifier": identifier }
+			}, async (span) => {
+				try {
+					const actor$1 = await dispatcher(context$1, identifier);
+					span.setAttribute("activitypub.actor.id", (actor$1?.id ?? context$1.getActorUri(identifier)).href);
+					if (actor$1 == null) span.setStatus({ code: SpanStatusCode.ERROR });
+					else span.setAttribute("activitypub.actor.type", getTypeId(actor$1).href);
+					return actor$1;
+				} catch (error) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					throw error;
+				} finally {
+					span.end();
+				}
+			});
+			if (actor == null) return null;
+			const logger$1 = getLogger([
+				"fedify",
+				"federation",
+				"actor"
+			]);
+			if (actor.id == null) logger$1.warn("Actor dispatcher returned an actor without an id property.  Set the property with Context.getActorUri(identifier).");
+			else if (actor.id.href != context$1.getActorUri(identifier).href) logger$1.warn("Actor dispatcher returned an actor with an id property that does not match the actor URI.  Set the property with Context.getActorUri(identifier).");
+			if (this.followingCallbacks != null && this.followingCallbacks.dispatcher != null) {
+				if (actor.followingId == null) logger$1.warn("You configured a following collection dispatcher, but the actor does not have a following property.  Set the property with Context.getFollowingUri(identifier).");
+				else if (actor.followingId.href != context$1.getFollowingUri(identifier).href) logger$1.warn("You configured a following collection dispatcher, but the actor's following property does not match the following collection URI.  Set the property with Context.getFollowingUri(identifier).");
+			}
+			if (this.followersCallbacks != null && this.followersCallbacks.dispatcher != null) {
+				if (actor.followersId == null) logger$1.warn("You configured a followers collection dispatcher, but the actor does not have a followers property.  Set the property with Context.getFollowersUri(identifier).");
+				else if (actor.followersId.href != context$1.getFollowersUri(identifier).href) logger$1.warn("You configured a followers collection dispatcher, but the actor's followers property does not match the followers collection URI.  Set the property with Context.getFollowersUri(identifier).");
+			}
+			if (this.outboxCallbacks != null && this.outboxCallbacks.dispatcher != null) {
+				if (actor?.outboxId == null) logger$1.warn("You configured an outbox collection dispatcher, but the actor does not have an outbox property.  Set the property with Context.getOutboxUri(identifier).");
+				else if (actor.outboxId.href != context$1.getOutboxUri(identifier).href) logger$1.warn("You configured an outbox collection dispatcher, but the actor's outbox property does not match the outbox collection URI.  Set the property with Context.getOutboxUri(identifier).");
+			}
+			if (this.likedCallbacks != null && this.likedCallbacks.dispatcher != null) {
+				if (actor?.likedId == null) logger$1.warn("You configured a liked collection dispatcher, but the actor does not have a liked property.  Set the property with Context.getLikedUri(identifier).");
+				else if (actor.likedId.href != context$1.getLikedUri(identifier).href) logger$1.warn("You configured a liked collection dispatcher, but the actor's liked property does not match the liked collection URI.  Set the property with Context.getLikedUri(identifier).");
+			}
+			if (this.featuredCallbacks != null && this.featuredCallbacks.dispatcher != null) {
+				if (actor?.featuredId == null) logger$1.warn("You configured a featured collection dispatcher, but the actor does not have a featured property.  Set the property with Context.getFeaturedUri(identifier).");
+				else if (actor.featuredId.href != context$1.getFeaturedUri(identifier).href) logger$1.warn("You configured a featured collection dispatcher, but the actor's featured property does not match the featured collection URI.  Set the property with Context.getFeaturedUri(identifier).");
+			}
+			if (this.featuredTagsCallbacks != null && this.featuredTagsCallbacks.dispatcher != null) {
+				if (actor?.featuredTagsId == null) logger$1.warn("You configured a featured tags collection dispatcher, but the actor does not have a featuredTags property.  Set the property with Context.getFeaturedTagsUri(identifier).");
+				else if (actor.featuredTagsId.href != context$1.getFeaturedTagsUri(identifier).href) logger$1.warn("You configured a featured tags collection dispatcher, but the actor's featuredTags property does not match the featured tags collection URI.  Set the property with Context.getFeaturedTagsUri(identifier).");
+			}
+			if (this.router.has("inbox")) {
+				if (actor.inboxId == null) logger$1.warn("You configured inbox listeners, but the actor does not have an inbox property.  Set the property with Context.getInboxUri(identifier).");
+				else if (actor.inboxId.href != context$1.getInboxUri(identifier).href) logger$1.warn("You configured inbox listeners, but the actor's inbox property does not match the inbox URI.  Set the property with Context.getInboxUri(identifier).");
+				if (actor.endpoints == null || actor.endpoints.sharedInbox == null) logger$1.warn("You configured inbox listeners, but the actor does not have a endpoints.sharedInbox property.  Set the property with Context.getInboxUri().");
+				else if (actor.endpoints.sharedInbox.href != context$1.getInboxUri().href) logger$1.warn("You configured inbox listeners, but the actor's endpoints.sharedInbox property does not match the shared inbox URI.  Set the property with Context.getInboxUri().");
+			}
+			if (callbacks.keyPairsDispatcher != null) {
+				if (actor.publicKeyId == null) logger$1.warn("You configured a key pairs dispatcher, but the actor does not have a publicKey property.  Set the property with Context.getActorKeyPairs(identifier).");
+				if (actor.assertionMethodId == null) logger$1.warn("You configured a key pairs dispatcher, but the actor does not have an assertionMethod property.  Set the property with Context.getActorKeyPairs(identifier).");
+			}
+			return actor;
+		} };
+		this.actorCallbacks = callbacks;
+		const setters = {
+			setKeyPairsDispatcher: (dispatcher$1) => {
+				callbacks.keyPairsDispatcher = (ctx, identifier) => this._getTracer().startActiveSpan("activitypub.dispatch_actor_key_pairs", {
+					kind: SpanKind.SERVER,
+					attributes: {
+						"activitypub.actor.id": ctx.getActorUri(identifier).href,
+						"fedify.actor.identifier": identifier
+					}
+				}, async (span) => {
+					try {
+						return await dispatcher$1(ctx, identifier);
+					} catch (e) {
+						span.setStatus({
+							code: SpanStatusCode.ERROR,
+							message: String(e)
+						});
+						throw e;
+					} finally {
+						span.end();
+					}
+				});
+				return setters;
+			},
+			mapHandle(mapper) {
+				callbacks.handleMapper = mapper;
+				return setters;
+			},
+			mapAlias(mapper) {
+				callbacks.aliasMapper = mapper;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setNodeInfoDispatcher(path, dispatcher) {
+		if (this.router.has("nodeInfo")) throw new RouterError("NodeInfo dispatcher already set.");
+		const variables = this.router.add(path, "nodeInfo");
+		if (variables.size !== 0) throw new RouterError("Path for NodeInfo dispatcher must have no variables.");
+		this.nodeInfoDispatcher = dispatcher;
+	}
+	setObjectDispatcher(cls, path, dispatcher) {
+		const routeName = `object:${cls.typeId.href}`;
+		if (this.router.has(routeName)) throw new RouterError(`Object dispatcher for ${cls.name} already set.`);
+		const variables = this.router.add(path, routeName);
+		if (variables.size < 1) throw new RouterError("Path for object dispatcher must have at least one variable.");
+		const callbacks = {
+			dispatcher: (ctx, values) => {
+				const tracer = this._getTracer();
+				return tracer.startActiveSpan("activitypub.dispatch_object", {
+					kind: SpanKind.SERVER,
+					attributes: {
+						"fedify.object.type": cls.typeId.href,
+						...globalThis.Object.fromEntries(globalThis.Object.entries(values).map(([k, v]) => [`fedify.object.values.${k}`, v]))
+					}
+				}, async (span) => {
+					try {
+						const object = await dispatcher(ctx, values);
+						span.setAttribute("activitypub.object.id", (object?.id ?? ctx.getObjectUri(cls, values)).href);
+						if (object == null) span.setStatus({ code: SpanStatusCode.ERROR });
+						else span.setAttribute("activitypub.object.type", getTypeId(object).href);
+						return object;
+					} catch (e) {
+						span.setStatus({
+							code: SpanStatusCode.ERROR,
+							message: String(e)
+						});
+						throw e;
+					} finally {
+						span.end();
+					}
+				});
+			},
+			parameters: variables
+		};
+		this.objectCallbacks[cls.typeId.href] = callbacks;
+		this.objectTypeIds[cls.typeId.href] = cls;
+		const setters = { authorize(predicate) {
+			callbacks.authorizePredicate = predicate;
+			return setters;
+		} };
+		return setters;
+	}
+	setInboxDispatcher(path, dispatcher) {
+		if (this.inboxCallbacks != null) throw new RouterError("Inbox dispatcher already set.");
+		if (this.router.has("inbox")) {
+			if (this.inboxPath !== path) throw new RouterError("Inbox dispatcher path must match inbox listener path.");
+		} else {
+			const variables = this.router.add(path, "inbox");
+			if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for inbox dispatcher must have one variable: {identifier}");
+			if (variables.has("handle")) getLogger([
+				"fedify",
+				"federation",
+				"inbox"
+			]).warn("The {{handle}} variable in the inbox dispatcher path is deprecated. Use {{identifier}} instead.");
+			this.inboxPath = path;
+		}
+		const callbacks = { dispatcher };
+		this.inboxCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setOutboxDispatcher(path, dispatcher) {
+		if (this.router.has("outbox")) throw new RouterError("Outbox dispatcher already set.");
+		const variables = this.router.add(path, "outbox");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for outbox dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]).warn("The {{handle}} variable in the outbox dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.outboxCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFollowingDispatcher(path, dispatcher) {
+		if (this.router.has("following")) throw new RouterError("Following collection dispatcher already set.");
+		const variables = this.router.add(path, "following");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for following collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the following collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.followingCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFollowersDispatcher(path, dispatcher) {
+		if (this.router.has("followers")) throw new RouterError("Followers collection dispatcher already set.");
+		const variables = this.router.add(path, "followers");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for followers collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the followers collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.followersCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setLikedDispatcher(path, dispatcher) {
+		if (this.router.has("liked")) throw new RouterError("Liked collection dispatcher already set.");
+		const variables = this.router.add(path, "liked");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for liked collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the liked collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.likedCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFeaturedDispatcher(path, dispatcher) {
+		if (this.router.has("featured")) throw new RouterError("Featured collection dispatcher already set.");
+		const variables = this.router.add(path, "featured");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for featured collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the featured collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.featuredCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFeaturedTagsDispatcher(path, dispatcher) {
+		if (this.router.has("featuredTags")) throw new RouterError("Featured tags collection dispatcher already set.");
+		const variables = this.router.add(path, "featuredTags");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for featured tags collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) getLogger([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the featured tags collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.featuredTagsCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setInboxListeners(inboxPath, sharedInboxPath) {
+		if (this.inboxListeners != null) throw new RouterError("Inbox listeners already set.");
+		if (this.router.has("inbox")) {
+			if (this.inboxPath !== inboxPath) throw new RouterError("Inbox listener path must match inbox dispatcher path.");
+		} else {
+			const variables = this.router.add(inboxPath, "inbox");
+			if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for inbox must have one variable: {identifier}");
+			this.inboxPath = inboxPath;
+			if (variables.has("handle")) getLogger([
+				"fedify",
+				"federation",
+				"inbox"
+			]).warn("The {{handle}} variable in the inbox path is deprecated. Use {{identifier}} instead.");
+		}
+		if (sharedInboxPath != null) {
+			const siVars = this.router.add(sharedInboxPath, "sharedInbox");
+			if (siVars.size !== 0) throw new RouterError("Path for shared inbox must have no variables.");
+		}
+		const listeners = this.inboxListeners = new InboxListenerSet();
+		const setters = {
+			on(type, listener) {
+				listeners.add(type, listener);
+				return setters;
+			},
+			onError: (handler) => {
+				this.inboxErrorHandler = handler;
+				return setters;
+			},
+			setSharedKeyDispatcher: (dispatcher) => {
+				this.sharedInboxKeyDispatcher = dispatcher;
+				return setters;
+			}
+		};
+		return setters;
+	}
+};
+/**
+* Creates a new {@link FederationBuilder} instance.
+* @returns A new {@link FederationBuilder} instance.
+* @since 1.6.0
+*/
+function createFederationBuilder() {
+	return new FederationBuilderImpl();
+}
+//#endregion
+//#region federation/collection.ts
+/**
+* Calculates the [partial follower collection digest][1].
+*
+* [1]: https://w3id.org/fep/8fcf#partial-follower-collection-digest
+* @param uris The URIs to calculate the digest.  Duplicate URIs are ignored.
+* @returns The digest.
+*/
+async function digest(uris) {
+	const processed = new Set();
+	const encoder = new TextEncoder();
+	const result = new Uint8Array(32);
+	for (const uri of uris) {
+		const u = uri instanceof URL ? uri.href : uri;
+		if (processed.has(u)) continue;
+		processed.add(u);
+		const encoded = encoder.encode(u);
+		const digest$1 = new Uint8Array(await crypto.subtle.digest("SHA-256", encoded));
+		for (let i = 0; i < 32; i++) result[i] ^= digest$1[i];
+	}
+	return result;
+}
+/**
+* Builds [`Collection-Synchronization`][1] header content.
+*
+* [1]: https://w3id.org/fep/8fcf#the-collection-synchronization-http-header
+*
+* @param collectionId The sender's followers collection URI.
+* @param actorIds The actor URIs to digest.
+* @returns The header content.
+*/
+async function buildCollectionSynchronizationHeader(collectionId, actorIds) {
+	const [anyActorId] = actorIds;
+	const baseUrl = new URL(anyActorId);
+	const url = new URL(collectionId);
+	url.searchParams.set("base-url", `${baseUrl.origin}/`);
+	const hash = encodeHex(await digest(actorIds));
+	return `collectionId="${collectionId}", url="${url}", digest="${hash}"`;
+}
+//#endregion
+//#region federation/keycache.ts
+var KvKeyCache = class {
+	kv;
+	prefix;
+	options;
+	nullKeys;
+	constructor(kv, prefix, options = {}) {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.nullKeys = new Set();
+		this.options = options;
+	}
+	async get(keyId) {
+		if (this.nullKeys.has(keyId.href)) return null;
+		const serialized = await this.kv.get([...this.prefix, keyId.href]);
+		if (serialized == null) return void 0;
+		try {
+			return await CryptographicKey.fromJsonLd(serialized, this.options);
+		} catch {
+			try {
+				return await Multikey.fromJsonLd(serialized, this.options);
+			} catch {
+				await this.kv.delete([...this.prefix, keyId.href]);
+				return void 0;
+			}
+		}
+	}
+	async set(keyId, key) {
+		if (key == null) {
+			this.nullKeys.add(keyId.href);
+			await this.kv.delete([...this.prefix, keyId.href]);
+			return;
+		}
+		this.nullKeys.delete(keyId.href);
+		const serialized = await key.toJsonLd(this.options);
+		await this.kv.set([...this.prefix, keyId.href], serialized);
+	}
+};
+//#endregion
+//#region federation/negotiation.ts
+function compareSpecs(a, b) {
+	return b.q - a.q || (b.s ?? 0) - (a.s ?? 0) || (a.o ?? 0) - (b.o ?? 0) || a.i - b.i || 0;
+}
+function isQuality(spec) {
+	return spec.q > 0;
+}
+const simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
+function splitKeyValuePair(str) {
+	const [key, value] = str.split("=");
+	return [key.toLowerCase(), value];
+}
+function parseMediaType(str, i) {
+	const match = simpleMediaTypeRegExp.exec(str);
+	if (!match) return;
+	const [, type, subtype, parameters] = match;
+	if (!type || !subtype) return;
+	const params = Object.create(null);
+	let q = 1;
+	if (parameters) {
+		const kvps = parameters.split(";").map((p) => p.trim()).map(splitKeyValuePair);
+		for (const [key, val] of kvps) {
+			const value = val && val[0] === `"` && val[val.length - 1] === `"` ? val.slice(1, val.length - 1) : val;
+			if (key === "q" && value) {
+				q = parseFloat(value);
+				break;
+			}
+			params[key] = value;
+		}
+	}
+	return {
+		type,
+		subtype,
+		params,
+		i,
+		o: void 0,
+		q,
+		s: void 0
+	};
+}
+function parseAccept(accept) {
+	const accepts = accept.split(",").map((p) => p.trim());
+	const mediaTypes = [];
+	for (const [index, accept$1] of accepts.entries()) {
+		const mediaType = parseMediaType(accept$1.trim(), index);
+		if (mediaType) mediaTypes.push(mediaType);
+	}
+	return mediaTypes;
+}
+function getFullType(spec) {
+	return `${spec.type}/${spec.subtype}`;
+}
+function preferredMediaTypes(accept) {
+	const accepts = parseAccept(accept === void 0 ? "*/*" : accept ?? "");
+	return accepts.filter(isQuality).sort(compareSpecs).map(getFullType);
+}
+//#endregion
+//#region federation/handler.ts
+function acceptsJsonLd(request) {
+	const accept = request.headers.get("Accept");
+	const types = accept ? preferredMediaTypes(accept) : ["*/*"];
+	if (types == null) return true;
+	if (types[0] === "text/html" || types[0] === "application/xhtml+xml") return false;
+	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
+}
+async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	const logger$1 = getLogger([
+		"fedify",
+		"federation",
+		"actor"
+	]);
+	if (actorDispatcher == null) {
+		logger$1.debug("Actor dispatcher is not set.", { identifier });
+		return await onNotFound(request);
+	}
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger$1.debug("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await actor.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	if (objectDispatcher == null) return await onNotFound(request);
+	const object = await objectDispatcher(context$1, values);
+	if (object == null) return await onNotFound(request);
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$1, values, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await object.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound, onNotAcceptable }) {
+	const spanName = name.trim().replace(/\s+/g, "_");
+	tracerProvider = tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	const url = new URL(request.url);
+	const cursor = url.searchParams.get("cursor");
+	if (collectionCallbacks == null) return await onNotFound(request);
+	let collection;
+	const baseUri = uriGetter(identifier);
+	if (cursor == null) {
+		const firstCursor = await collectionCallbacks.firstCursor?.(context$1, identifier);
+		const totalItems = filter == null ? await collectionCallbacks.counter?.(context$1, identifier) : void 0;
+		if (firstCursor == null) {
+			const itemsOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection ${spanName}`, {
+				kind: SpanKind.SERVER,
+				attributes: {
+					"activitypub.collection.id": baseUri.href,
+					"activitypub.collection.type": OrderedCollection.typeId.href
+				}
+			}, async (span) => {
+				if (totalItems != null) span.setAttribute("activitypub.collection.total_items", Number(totalItems));
+				try {
+					const page = await collectionCallbacks.dispatcher(context$1, identifier, null, filter);
+					if (page == null) {
+						span.setStatus({ code: SpanStatusCode.ERROR });
+						return await onNotFound(request);
+					}
+					const { items } = page;
+					span.setAttribute("fedify.collection.items", items.length);
+					return items;
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			if (itemsOrResponse instanceof Response) return itemsOrResponse;
+			collection = new OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				items: filterCollectionItems(itemsOrResponse, name, filterPredicate)
+			});
+		} else {
+			const lastCursor = await collectionCallbacks.lastCursor?.(context$1, identifier);
+			const first = new URL(context$1.url);
+			first.searchParams.set("cursor", firstCursor);
+			let last = null;
+			if (lastCursor != null) {
+				last = new URL(context$1.url);
+				last.searchParams.set("cursor", lastCursor);
+			}
+			collection = new OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				first,
+				last
+			});
+		}
+	} else {
+		const uri = new URL(baseUri);
+		uri.searchParams.set("cursor", cursor);
+		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name}`, {
+			kind: SpanKind.SERVER,
+			attributes: {
+				"activitypub.collection.id": uri.href,
+				"activitypub.collection.type": OrderedCollectionPage.typeId.href,
+				"fedify.collection.cursor": cursor
+			}
+		}, async (span) => {
+			try {
+				const page = await collectionCallbacks.dispatcher(context$1, identifier, cursor, filter);
+				if (page == null) {
+					span.setStatus({ code: SpanStatusCode.ERROR });
+					return await onNotFound(request);
+				}
+				span.setAttribute("fedify.collection.items", page.items.length);
+				return page;
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+		if (pageOrResponse instanceof Response) return pageOrResponse;
+		const { items, prevCursor, nextCursor } = pageOrResponse;
+		let prev = null;
+		if (prevCursor != null) {
+			prev = new URL(context$1.url);
+			prev.searchParams.set("cursor", prevCursor);
+		}
+		let next = null;
+		if (nextCursor != null) {
+			next = new URL(context$1.url);
+			next.searchParams.set("cursor", nextCursor);
+		}
+		const partOf = new URL(context$1.url);
+		partOf.searchParams.delete("cursor");
+		collection = new OrderedCollectionPage({
+			id: uri,
+			prev,
+			next,
+			items: filterCollectionItems(items, name, filterPredicate),
+			partOf
+		});
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (collectionCallbacks.authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await collectionCallbacks.authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await collection.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+function filterCollectionItems(items, collectionName, filterPredicate) {
+	const result = [];
+	let logged = false;
+	for (const item of items) {
+		let mappedItem;
+		if (item instanceof Object$1 || item instanceof Link || item instanceof URL) mappedItem = item;
+		else if (item.id == null) continue;
+		else mappedItem = item.id;
+		if (filterPredicate != null && !filterPredicate(item)) {
+			if (!logged) {
+				getLogger([
+					"fedify",
+					"federation",
+					"collection"
+				]).warn(`The ${collectionName} collection apparently does not implement filtering.  This may result in a large response payload.  Please consider implementing filtering for the collection.  See also: https://fedify.dev/manual/collections#filtering-by-server`);
+				logged = true;
+			}
+			continue;
+		}
+		result.push(mappedItem);
+	}
+	return result;
+}
+async function handleInbox(request, options) {
+	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	return await tracer.startActiveSpan("activitypub.inbox", {
+		kind: options.queue == null ? SpanKind.SERVER : SpanKind.PRODUCER,
+		attributes: { "activitypub.shared_inbox": options.recipient == null }
+	}, async (span) => {
+		if (options.recipient != null) span.setAttribute("fedify.inbox.recipient", options.recipient);
+		try {
+			return await handleInboxInternal(request, options, span);
+		} catch (e) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+	const logger$1 = getLogger([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	if (actorDispatcher == null) {
+		logger$1.error("Actor dispatcher is not set.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Actor dispatcher is not set."
+		});
+		return await onNotFound(request);
+	} else if (recipient != null) {
+		const actor = await actorDispatcher(ctx, recipient);
+		if (actor == null) {
+			logger$1.error("Actor {recipient} not found.", { recipient });
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Actor ${recipient} not found.`
+			});
+			return await onNotFound(request);
+		}
+	}
+	if (request.bodyUsed) {
+		logger$1.error("Request body has already been read.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Request body has already been read."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	} else if (request.body?.locked) {
+		logger$1.error("Request body is locked.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Request body is locked."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	let json;
+	try {
+		json = await request.clone().json();
+	} catch (error) {
+		logger$1.error("Failed to parse JSON:\n{error}", {
+			recipient,
+			error
+		});
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error$1) {
+			logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error: error$1,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `Failed to parse JSON:\n${error}`
+		});
+		return new Response("Invalid JSON.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
+	let ldSigVerified;
+	try {
+		ldSigVerified = await verifyJsonLd(json, {
+			contextLoader: ctx.contextLoader,
+			documentLoader: ctx.documentLoader,
+			keyCache,
+			tracerProvider
+		});
+	} catch (error) {
+		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
+			logger$1.error("Failed to parse JSON-LD:\n{error}", {
+				recipient,
+				error
+			});
+			return new Response("Invalid JSON-LD.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		ldSigVerified = false;
+	}
+	const jsonWithoutSig = detachSignature(json);
+	let activity = null;
+	if (ldSigVerified) {
+		logger$1.debug("Linked Data Signatures are verified.", {
+			recipient,
+			json
+		});
+		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+	} else {
+		logger$1.debug("Linked Data Signatures are not verified.", {
+			recipient,
+			json
+		});
+		try {
+			activity = await verifyObject(Activity, jsonWithoutSig, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				keyCache,
+				tracerProvider
+			});
+		} catch (error) {
+			logger$1.error("Failed to parse activity:\n{error}", {
+				recipient,
+				activity: json,
+				error
+			});
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error: error$1,
+					activity: json,
+					recipient
+				});
+			}
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Failed to parse activity:\n${error}`
+			});
+			return new Response("Invalid activity.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		if (activity == null) logger$1.debug("Object Integrity Proofs are not verified.", {
+			recipient,
+			activity: json
+		});
+		else logger$1.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+	}
+	let httpSigKey = null;
+	if (activity == null) {
+		if (!skipSignatureVerification) {
+			const key = await verifyRequest(request, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				timeWindow: signatureTimeWindow,
+				keyCache,
+				tracerProvider
+			});
+			if (key == null) {
+				logger$1.error("Failed to verify the request's HTTP Signatures.", { recipient });
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Failed to verify the request's HTTP Signatures.`
+				});
+				const response = new Response("Failed to verify the request signature.", {
+					status: 401,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+				return response;
+			} else logger$1.debug("HTTP Signatures are verified.", { recipient });
+			httpSigKey = key;
+		}
+		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+	}
+	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+	const routeResult = await routeActivity({
+		context: ctx,
+		json,
+		activity,
+		recipient,
+		inboxListeners,
+		inboxContextFactory,
+		inboxErrorHandler,
+		kv,
+		kvPrefixes,
+		queue,
+		span,
+		tracerProvider
+	});
+	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
+		logger$1.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
+			activity: json,
+			recipient,
+			keyId: httpSigKey.id?.href,
+			actorId: activity.actorId?.href
+		});
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `The signer (${httpSigKey.id?.href}) and the actor (${activity.actorId?.href}) do not match.`
+		});
+		return new Response("The signer and the actor do not match.", {
+			status: 401,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "missingActor") return new Response("Missing actor.", {
+		status: 400,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "enqueued") return new Response("Activity is enqueued.", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "unsupportedActivity") return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "error") return new Response("Internal server error.", {
+		status: 500,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+}
+/**
+* Responds with the given object in JSON-LD format.
+*
+* @param object The object to respond with.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObject(object, options) {
+	const jsonLd = await object.toJsonLd(options);
+	return new Response(JSON.stringify(jsonLd), { headers: { "Content-Type": "application/activity+json" } });
+}
+/**
+* Responds with the given object in JSON-LD format if the request accepts
+* JSON-LD.
+*
+* @param object The object to respond with.
+* @param request The request to check for JSON-LD acceptability.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObjectIfAcceptable(object, request, options) {
+	if (!acceptsJsonLd(request)) return null;
+	const response = await respondWithObject(object, options);
+	response.headers.set("Vary", "Accept");
+	return response;
+}
+//#endregion
+//#region nodeinfo/handler.ts
+/**
+* Handles a NodeInfo request.  You would not typically call this function
+* directly, but instead use {@link Federation.handle} method.
+* @param request The NodeInfo request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleNodeInfo(_request, { context: context$1, nodeInfoDispatcher }) {
+	const promise = nodeInfoDispatcher(context$1);
+	const nodeInfo = promise instanceof Promise ? await promise : promise;
+	const json = nodeInfoToJson(nodeInfo);
+	return new Response(JSON.stringify(json), { headers: { "Content-Type": "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\"" } });
+}
+/**
+* Handles a request to `/.well-known/nodeinfo`.  You would not typically call
+* this function directly, but instead use {@link Federation.handle} method.
+* @param request The request to handle.
+* @param context The request context.
+* @returns The response to the request.
+*/
+function handleNodeInfoJrd(_request, context$1) {
+	const links = [];
+	try {
+		links.push({
+			rel: "http://nodeinfo.diaspora.software/ns/schema/2.1",
+			href: context$1.getNodeInfoUri().href,
+			type: "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\""
+		});
+	} catch (e) {
+		if (!(e instanceof RouterError)) throw e;
+	}
+	const jrd = { links };
+	const response = new Response(JSON.stringify(jrd), { headers: { "Content-Type": "application/jrd+json" } });
+	return Promise.resolve(response);
+}
+//#endregion
+//#region webfinger/handler.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"server"
+]);
+/**
+* Handles a WebFinger request.  You would not typically call this function
+* directly, but instead use {@link Federation.fetch} method.
+* @param request The WebFinger request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleWebFinger(request, options) {
+	if (options.tracer == null) return await handleWebFingerInternal(request, options);
+	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
+		try {
+			const response = await handleWebFingerInternal(request, options);
+			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
+			return response;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span }) {
+	if (actorDispatcher == null) return await onNotFound(request);
+	const resource = context$1.url.searchParams.get("resource");
+	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
+	span?.setAttribute("webfinger.resource", resource);
+	let resourceUrl;
+	try {
+		resourceUrl = new URL(resource);
+	} catch (e) {
+		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
+		throw e;
+	}
+	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.");
+		return await onNotFound(request);
+	}
+	async function mapUsernameToIdentifier(username) {
+		if (actorHandleMapper == null) {
+			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
+			return username;
+		}
+		const identifier$1 = await actorHandleMapper(context$1, username);
+		if (identifier$1 == null) {
+			logger.error("Actor {username} not found.", { username });
+			return null;
+		}
+		return identifier$1;
+	}
+	let identifier = null;
+	const uriParsed = context$1.parseUri(resourceUrl);
+	if (uriParsed?.type != "actor") {
+		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
+		if (match == null) {
+			const result = await actorAliasMapper?.(context$1, resourceUrl);
+			if (result == null) return await onNotFound(request);
+			if ("identifier" in result) identifier = result.identifier;
+			else identifier = await mapUsernameToIdentifier(result.username);
+		} else {
+			const portMatch = /:\d+$/.exec(match[2]);
+			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
+			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
+			else {
+				identifier = await mapUsernameToIdentifier(match[1]);
+				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+			}
+		}
+	} else identifier = uriParsed.identifier;
+	if (identifier == null) return await onNotFound(request);
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const links = [{
+		rel: "self",
+		href: context$1.getActorUri(identifier).href,
+		type: "application/activity+json"
+	}];
+	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
+		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
+		href: url.href.href,
+		type: url.mediaType == null ? void 0 : url.mediaType
+	});
+	else if (url instanceof URL) links.push({
+		rel: "http://webfinger.net/rel/profile-page",
+		href: url.href
+	});
+	for await (const image of actor.getIcons()) {
+		if (image.url?.href == null) continue;
+		const link = {
+			rel: "http://webfinger.net/rel/avatar",
+			href: image.url.href.toString()
+		};
+		if (image.mediaType != null) link.type = image.mediaType;
+		links.push(link);
+	}
+	const aliases = [];
+	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
+		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
+		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
+	}
+	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
+	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
+		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
+		aliases.push(`acct:${username}@${host}`);
+	}
+	const jrd = {
+		subject: resourceUrl.href,
+		aliases,
+		links
+	};
+	return new Response(JSON.stringify(jrd), { headers: {
+		"Content-Type": "application/jrd+json",
+		"Access-Control-Allow-Origin": "*"
+	} });
+}
+//#endregion
+//#region federation/retry.ts
+/**
+* Creates an exponential backoff retry policy.  The delay between retries
+* starts at the `initialDelay` and is multiplied by the `factor` for each
+* subsequent retry, up to the `maxDelay`.  The policy will give up after
+* `maxAttempts` attempts.  The actual delay is randomized to avoid
+* synchronization (jitter).
+* @param options The options for the policy.
+* @returns The retry policy.
+* @since 0.12.0
+*/
+function createExponentialBackoffPolicy(options = {}) {
+	const initialDelay = Temporal.Duration.from(options.initialDelay ?? { seconds: 1 });
+	const maxDelay = Temporal.Duration.from(options.maxDelay ?? { hours: 12 });
+	const maxAttempts = options.maxAttempts ?? 10;
+	const factor = options.factor ?? 2;
+	const jitter = options.jitter ?? true;
+	return ({ attempts }) => {
+		if (attempts >= maxAttempts) return null;
+		let milliseconds = initialDelay.total("millisecond");
+		milliseconds *= factor ** attempts;
+		if (jitter) {
+			milliseconds *= 1 + Math.random();
+			milliseconds = Math.round(milliseconds);
+		}
+		const delay$1 = Temporal.Duration.from({ milliseconds });
+		return Temporal.Duration.compare(delay$1, maxDelay) > 0 ? maxDelay : delay$1;
+	};
+}
+//#endregion
+//#region federation/send.ts
+/**
+* Extracts the inbox URLs from recipients.
+* @param parameters The parameters to extract the inboxes.
+*                   See also {@link ExtractInboxesParameters}.
+* @returns The inboxes as a map of inbox URL to actor URIs.
+*/
+function extractInboxes({ recipients, preferSharedInbox, excludeBaseUris }) {
+	const inboxes = {};
+	for (const recipient of recipients) {
+		let inbox;
+		let sharedInbox = false;
+		if (preferSharedInbox && recipient.endpoints?.sharedInbox != null) {
+			inbox = recipient.endpoints.sharedInbox;
+			sharedInbox = true;
+		} else inbox = recipient.inboxId;
+		if (inbox != null && recipient.id != null) {
+			if (excludeBaseUris != null && excludeBaseUris.some((u) => u.origin === inbox?.origin)) continue;
+			inboxes[inbox.href] ??= {
+				actorIds: new Set(),
+				sharedInbox
+			};
+			inboxes[inbox.href].actorIds.add(recipient.id.href);
+		}
+	}
+	return inboxes;
+}
+/**
+* Sends an {@link Activity} to an inbox.
+*
+* @param parameters The parameters for sending the activity.
+*                   See also {@link SendActivityParameters}.
+* @throws {Error} If the activity fails to send.
+*/
+function sendActivity(options) {
+	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	return tracer.startActiveSpan("activitypub.send_activity", {
+		kind: SpanKind.CLIENT,
+		attributes: { "activitypub.shared_inbox": options.sharedInbox ?? false }
+	}, async (span) => {
+		if (options.activityId != null) span.setAttribute("activitypub.activity.id", options.activityId);
+		if (options.activityType != null) span.setAttribute("activitypub.activity.type", options.activityType);
+		try {
+			await sendActivityInternal({
+				...options,
+				tracerProvider
+			});
+		} catch (e) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function sendActivityInternal({ activity, activityId, keys, inbox, headers, specDeterminer, tracerProvider }) {
+	const logger$1 = getLogger([
+		"fedify",
+		"federation",
+		"outbox"
+	]);
+	headers = new Headers(headers);
+	headers.set("Content-Type", "application/activity+json");
+	const request = new Request(inbox, {
+		method: "POST",
+		headers,
+		body: JSON.stringify(activity)
+	});
+	let rsaKey = null;
+	for (const key of keys) if (key.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		rsaKey = key;
+		break;
+	}
+	if (rsaKey == null) logger$1.warn("No supported key found to sign the request to {inbox}.  The request will be sent without a signature.  In order to sign the request, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
+		inbox: inbox.href,
+		keys: keys.map((pair) => ({
+			keyId: pair.keyId.href,
+			privateKey: pair.privateKey
+		}))
+	});
+	let response;
+	try {
+		response = rsaKey == null ? await fetch(request) : await doubleKnock(request, rsaKey, {
+			tracerProvider,
+			specDeterminer
+		});
+	} catch (error) {
+		logger$1.error("Failed to send activity {activityId} to {inbox}:\n{error}", {
+			activityId,
+			inbox: inbox.href,
+			error
+		});
+		throw error;
+	}
+	if (!response.ok) {
+		let error;
+		try {
+			error = await response.text();
+		} catch (_) {
+			error = "";
+		}
+		logger$1.error("Failed to send activity {activityId} to {inbox} ({status} {statusText}):\n{error}", {
+			activityId,
+			inbox: inbox.href,
+			status: response.status,
+			statusText: response.statusText,
+			error
+		});
+		throw new Error(`Failed to send activity ${activityId} to ${inbox.href} (${response.status} ${response.statusText}):\n${error}`);
+	}
+}
+//#endregion
+//#region federation/middleware.ts
+/**
+* Create a new {@link Federation} instance.
+* @param parameters Parameters for initializing the instance.
+* @returns A new {@link Federation} instance.
+* @since 0.10.0
+*/
+function createFederation(options) {
+	return new FederationImpl(options);
+}
+var FederationImpl = class extends FederationBuilderImpl {
+	kv;
+	kvPrefixes;
+	inboxQueue;
+	outboxQueue;
+	fanoutQueue;
+	inboxQueueStarted;
+	outboxQueueStarted;
+	fanoutQueueStarted;
+	manuallyStartQueue;
+	origin;
+	documentLoaderFactory;
+	contextLoaderFactory;
+	authenticatedDocumentLoaderFactory;
+	allowPrivateAddress;
+	userAgent;
+	onOutboxError;
+	signatureTimeWindow;
+	skipSignatureVerification;
+	outboxRetryPolicy;
+	inboxRetryPolicy;
+	activityTransformers;
+	tracerProvider;
+	constructor(options) {
+		super();
+		const logger$1 = getLogger(["fedify", "federation"]);
+		this.kv = options.kv;
+		this.kvPrefixes = {
+			activityIdempotence: ["_fedify", "activityIdempotence"],
+			remoteDocument: ["_fedify", "remoteDocument"],
+			publicKey: ["_fedify", "publicKey"],
+			httpMessageSignaturesSpec: ["_fedify", "httpMessageSignaturesSpec"],
+			...options.kvPrefixes ?? {}
+		};
+		if (options.queue == null) {
+			this.inboxQueue = void 0;
+			this.outboxQueue = void 0;
+			this.fanoutQueue = void 0;
+		} else if ("enqueue" in options.queue && "listen" in options.queue) {
+			this.inboxQueue = options.queue;
+			this.outboxQueue = options.queue;
+			this.fanoutQueue = options.queue;
+		} else {
+			this.inboxQueue = options.queue.inbox;
+			this.outboxQueue = options.queue.outbox;
+			this.fanoutQueue = options.queue.fanout;
+		}
+		this.inboxQueueStarted = false;
+		this.outboxQueueStarted = false;
+		this.fanoutQueueStarted = false;
+		this.manuallyStartQueue = options.manuallyStartQueue ?? false;
+		if (options.origin != null) if (typeof options.origin === "string") {
+			if (!URL.canParse(options.origin) || !options.origin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			const origin = new URL(options.origin);
+			if (!origin.pathname.match(/^\/*$/) || origin.search !== "" || origin.hash !== "") throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			this.origin = {
+				handleHost: origin.host,
+				webOrigin: origin.origin
+			};
+		} else {
+			const { handleHost, webOrigin } = options.origin;
+			if (!URL.canParse(`https://${handleHost}/`) || handleHost.includes("/")) throw new TypeError(`Invalid origin.handleHost: ${JSON.stringify(handleHost)}`);
+			if (!URL.canParse(webOrigin) || !webOrigin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			const webOriginUrl = new URL(webOrigin);
+			if (!webOriginUrl.pathname.match(/^\/*$/) || webOriginUrl.search !== "" || webOriginUrl.hash !== "") throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			this.origin = {
+				handleHost: new URL(`https://${handleHost}/`).host,
+				webOrigin: webOriginUrl.origin
+			};
+		}
+		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
+		this._initializeRouter();
+		if (options.allowPrivateAddress || options.userAgent != null) {
+			if (options.documentLoader != null) throw new TypeError("Cannot set documentLoader with allowPrivateAddress or userAgent options.");
+			else if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
+			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+		}
+		const { allowPrivateAddress, userAgent } = options;
+		this.allowPrivateAddress = allowPrivateAddress ?? false;
+		if (options.documentLoader != null) {
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set both documentLoader and documentLoaderFactory options at a time; use documentLoaderFactory only.");
+			this.documentLoaderFactory = () => options.documentLoader;
+			logger$1.warn("The documentLoader option is deprecated; use documentLoaderFactory option instead.");
+		} else this.documentLoaderFactory = options.documentLoaderFactory ?? ((opts) => {
+			return kvCache({
+				loader: getDocumentLoader({
+					allowPrivateAddress: opts?.allowPrivateAddress ?? allowPrivateAddress,
+					userAgent: opts?.userAgent ?? userAgent
+				}),
+				kv: options.kv,
+				prefix: this.kvPrefixes.remoteDocument
+			});
+		});
+		if (options.contextLoader != null) {
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
+			this.contextLoaderFactory = () => options.contextLoader;
+			logger$1.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
+		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => getAuthenticatedDocumentLoader(identity, {
+			allowPrivateAddress,
+			userAgent,
+			specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec),
+			tracerProvider: this.tracerProvider
+		}));
+		this.userAgent = userAgent;
+		this.onOutboxError = options.onOutboxError;
+		this.signatureTimeWindow = options.signatureTimeWindow ?? { hours: 1 };
+		this.skipSignatureVerification = options.skipSignatureVerification ?? false;
+		this.outboxRetryPolicy = options.outboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.inboxRetryPolicy = options.inboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.activityTransformers = options.activityTransformers ?? getDefaultActivityTransformers();
+		this.tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+	}
+	_initializeRouter() {
+		this.router.add("/.well-known/webfinger", "webfinger");
+		this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
+	}
+	_getTracer() {
+		return this.tracerProvider.getTracer(deno_default.name, deno_default.version);
+	}
+	async _startQueueInternal(ctxData, signal, queue) {
+		if (this.inboxQueue == null && this.outboxQueue == null) return;
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"queue"
+		]);
+		const promises = [];
+		if (this.inboxQueue != null && (queue == null || queue === "inbox") && !this.inboxQueueStarted) {
+			logger$1.debug("Starting an inbox task worker.");
+			this.inboxQueueStarted = true;
+			promises.push(this.inboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.outboxQueue != null && this.outboxQueue !== this.inboxQueue && (queue == null || queue === "outbox") && !this.outboxQueueStarted) {
+			logger$1.debug("Starting an outbox task worker.");
+			this.outboxQueueStarted = true;
+			promises.push(this.outboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.fanoutQueue != null && this.fanoutQueue !== this.inboxQueue && this.fanoutQueue !== this.outboxQueue && (queue == null || queue === "fanout") && !this.fanoutQueueStarted) {
+			logger$1.debug("Starting a fanout task worker.");
+			this.fanoutQueueStarted = true;
+			promises.push(this.fanoutQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		await Promise.all(promises);
+	}
+	processQueuedTask(contextData, message) {
+		const tracer = this._getTracer();
+		const extractedContext = propagation.extract(context.active(), message.traceContext);
+		return withContext({ messageId: message.id }, async () => {
+			if (message.type === "fanout") await tracer.startActiveSpan("activitypub.fanout", {
+				kind: SpanKind.CONSUMER,
+				attributes: { "activitypub.activity.type": message.activityType }
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenFanoutMessage(contextData, message);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "outbox") await tracer.startActiveSpan("activitypub.outbox", {
+				kind: SpanKind.CONSUMER,
+				attributes: {
+					"activitypub.activity.type": message.activityType,
+					"activitypub.activity.retries": message.attempt
+				}
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenOutboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "inbox") await tracer.startActiveSpan("activitypub.inbox", {
+				kind: SpanKind.CONSUMER,
+				attributes: { "activitypub.shared_inbox": message.identifier == null }
+			}, extractedContext, async (span) => {
+				try {
+					await this.#listenInboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+		});
+	}
+	async #listenFanoutMessage(data, message) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"fanout"
+		]);
+		logger$1.debug("Fanning out activity {activityId} to {inboxes} inbox(es)...", {
+			activityId: message.activityId,
+			inboxes: globalThis.Object.keys(message.inboxes).length
+		});
+		const keys = await Promise.all(message.keys.map(async ({ keyId, privateKey }) => ({
+			keyId: new URL(keyId),
+			privateKey: await importJwk(privateKey, "private")
+		})));
+		const activity = await Activity.fromJsonLd(message.activity, {
+			contextLoader: this.contextLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			documentLoader: this.documentLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			tracerProvider: this.tracerProvider
+		});
+		const context$1 = this.#createContext(new URL(message.baseUrl), data, { documentLoader: this.documentLoaderFactory({
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: this.userAgent
+		}) });
+		await this.sendActivity(keys, message.inboxes, activity, {
+			collectionSync: message.collectionSync,
+			context: context$1
+		});
+	}
+	async #listenOutboxMessage(_, message, span) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const logData = {
+			keyIds: message.keys.map((pair) => pair.keyId),
+			inbox: message.inbox,
+			activity: message.activity,
+			activityId: message.activityId,
+			attempt: message.attempt,
+			headers: message.headers
+		};
+		const keys = [];
+		let rsaKeyPair = null;
+		for (const { keyId, privateKey } of message.keys) {
+			const pair = {
+				keyId: new URL(keyId),
+				privateKey: await importJwk(privateKey, "private")
+			};
+			if (rsaKeyPair == null && pair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") rsaKeyPair = pair;
+			keys.push(pair);
+		}
+		try {
+			await sendActivity({
+				keys,
+				activity: message.activity,
+				activityId: message.activityId,
+				activityType: message.activityType,
+				inbox: new URL(message.inbox),
+				sharedInbox: message.sharedInbox,
+				headers: new Headers(message.headers),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec),
+				tracerProvider: this.tracerProvider
+			});
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			const loaderOptions = this.#getLoaderOptions(message.baseUrl);
+			const activity = await Activity.fromJsonLd(message.activity, {
+				contextLoader: this.contextLoaderFactory(loaderOptions),
+				documentLoader: rsaKeyPair == null ? this.documentLoaderFactory(loaderOptions) : this.authenticatedDocumentLoaderFactory(rsaKeyPair, loaderOptions),
+				tracerProvider: this.tracerProvider
+			});
+			try {
+				this.onOutboxError?.(error, activity);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in onError handler:\n{error}", {
+					...logData,
+					error: error$1
+				});
+			}
+			const delay$1 = this.outboxRetryPolicy({
+				elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+				attempts: message.attempt
+			});
+			if (delay$1 != null) {
+				logger$1.error("Failed to send activity {activityId} to {inbox} (attempt #{attempt}); retry...:\n{error}", {
+					...logData,
+					error
+				});
+				await this.outboxQueue?.enqueue({
+					...message,
+					attempt: message.attempt + 1
+				}, { delay: Temporal.Duration.compare(delay$1, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay$1 });
+			} else logger$1.error("Failed to send activity {activityId} to {inbox} after {attempt} attempts; giving up:\n{error}", {
+				...logData,
+				error
+			});
+			return;
+		}
+		logger$1.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
+	}
+	async #listenInboxMessage(ctxData, message, span) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const baseUrl = new URL(message.baseUrl);
+		let context$1 = this.#createContext(baseUrl, ctxData);
+		if (message.identifier != null) context$1 = this.#createContext(baseUrl, ctxData, { documentLoader: await context$1.getDocumentLoader({ identifier: message.identifier }) });
+		else if (this.sharedInboxKeyDispatcher != null) {
+			const identity = await this.sharedInboxKeyDispatcher(context$1);
+			if (identity != null) context$1 = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$1.getDocumentLoader(identity) : context$1.getDocumentLoader(identity) });
+		}
+		const activity = await Activity.fromJsonLd(message.activity, context$1);
+		span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+		const cacheKey = activity.id == null ? null : [
+			...this.kvPrefixes.activityIdempotence,
+			context$1.origin,
+			activity.id.href
+		];
+		if (cacheKey != null) {
+			const cached = await this.kv.get(cacheKey);
+			if (cached === true) {
+				logger$1.debug("Activity {activityId} has already been processed.", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				return;
+			}
+		}
+		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span$1) => {
+			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			if (dispatched == null) {
+				logger$1.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span$1.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${getTypeId(activity).href}`
+				});
+				span$1.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span$1.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context$1.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
+			} catch (error) {
+				try {
+					await this.inboxErrorHandler?.(context$1, error);
+				} catch (error$1) {
+					logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+						error: error$1,
+						trial: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+				}
+				const delay$1 = this.inboxRetryPolicy({
+					elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+					attempts: message.attempt
+				});
+				if (delay$1 != null) {
+					logger$1.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
+						error,
+						attempt: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					await this.inboxQueue?.enqueue({
+						...message,
+						attempt: message.attempt + 1
+					}, { delay: Temporal.Duration.compare(delay$1, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay$1 });
+				} else logger$1.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
+					error,
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				span$1.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(error)
+				});
+				span$1.end();
+				return;
+			}
+			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+			logger$1.info("Activity {activityId} has been processed.", {
+				activityId: activity.id?.href,
+				activity: message.activity,
+				recipient: message.identifier
+			});
+			span$1.end();
+		});
+	}
+	startQueue(contextData, options = {}) {
+		return this._startQueueInternal(contextData, options.signal, options.queue);
+	}
+	createContext(urlOrRequest, contextData) {
+		return urlOrRequest instanceof Request ? this.#createContext(urlOrRequest, contextData) : this.#createContext(urlOrRequest, contextData);
+	}
+	#createContext(urlOrRequest, contextData, opts = {}) {
+		const request = urlOrRequest instanceof Request ? urlOrRequest : null;
+		const url = urlOrRequest instanceof URL ? new URL(urlOrRequest) : new URL(urlOrRequest.url);
+		if (request == null) {
+			url.pathname = "/";
+			url.hash = "";
+			url.search = "";
+		}
+		const loaderOptions = this.#getLoaderOptions(url.origin);
+		const ctxOptions = {
+			url,
+			federation: this,
+			data: contextData,
+			documentLoader: opts.documentLoader ?? this.documentLoaderFactory(loaderOptions),
+			contextLoader: this.contextLoaderFactory(loaderOptions)
+		};
+		if (request == null) return new ContextImpl(ctxOptions);
+		return new RequestContextImpl({
+			...ctxOptions,
+			request,
+			invokedFromActorDispatcher: opts.invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: opts.invokedFromObjectDispatcher
+		});
+	}
+	#getLoaderOptions(origin) {
+		origin = typeof origin === "string" ? new URL(origin).origin : origin.origin;
+		return {
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: typeof this.userAgent === "string" ? this.userAgent : {
+				url: origin,
+				...this.userAgent
+			}
+		};
+	}
+	async sendActivity(keys, inboxes, activity, options) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const { immediate, collectionSync, context: ctx } = options;
+		if (activity.id == null) throw new TypeError("The activity to send must have an id.");
+		if (activity.actorId == null) throw new TypeError("The activity to send must have at least one actor property.");
+		else if (keys.length < 1) throw new TypeError("The keys must not be empty.");
+		const contextLoader = this.contextLoaderFactory(this.#getLoaderOptions(ctx.origin));
+		const activityId = activity.id.href;
+		let proofCreated = false;
+		let rsaKey = null;
+		for (const { keyId, privateKey } of keys) {
+			validateCryptoKey(privateKey, "private");
+			if (rsaKey == null && privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+				rsaKey = {
+					keyId,
+					privateKey
+				};
+				continue;
+			}
+			if (privateKey.algorithm.name === "Ed25519") {
+				activity = await signObject(activity, privateKey, keyId, {
+					contextLoader,
+					tracerProvider: this.tracerProvider
+				});
+				proofCreated = true;
+			}
+		}
+		let jsonLd = await activity.toJsonLd({
+			format: "compact",
+			contextLoader
+		});
+		if (rsaKey == null) logger$1.warn("No supported key found to create a Linked Data signature for the activity {activityId}.  The activity will be sent without a Linked Data signature.  In order to create a Linked Data signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		else jsonLd = await signJsonLd(jsonLd, rsaKey.privateKey, rsaKey.keyId, {
+			contextLoader,
+			tracerProvider: this.tracerProvider
+		});
+		if (!proofCreated) logger$1.warn("No supported key found to create a proof for the activity {activityId}.  The activity will be sent without a proof.  In order to create a proof, at least one Ed25519 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		if (immediate || this.outboxQueue == null) {
+			if (immediate) logger$1.debug("Sending activity immediately without queue since immediate option is set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			else logger$1.debug("Sending activity immediately without queue since queue is not set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				headers: collectionSync == null ? void 0 : new Headers({ "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) }),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec),
+				tracerProvider: this.tracerProvider
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$1.debug("Enqueuing activity {activityId} to send later.", {
+			activityId: activity.id.href,
+			activity: jsonLd
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		if (!this.manuallyStartQueue) this._startQueueInternal(ctx.data);
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				keys: keyJwkPairs,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: new Date().toISOString(),
+				attempt: 0,
+				headers: collectionSync == null ? {} : { "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) },
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const results = await Promise.allSettled(promises);
+			const errors = results.filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$1.error("Failed to enqueue activity {activityId} to send later: {errors}", {
+					activityId: activity.id.href,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${activityId} to send later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$1.error("Failed to enqueue activity {activityId} to send later: {error}", {
+				activityId: activity.id.href,
+				error
+			});
+			throw error;
+		}
+	}
+	fetch(request, options) {
+		const requestId = getRequestId(request);
+		return withContext({ requestId }, async () => {
+			const tracer = this._getTracer();
+			return await tracer.startActiveSpan(request.method, {
+				kind: SpanKind.SERVER,
+				attributes: {
+					[ATTR_HTTP_REQUEST_METHOD]: request.method,
+					[ATTR_URL_FULL]: request.url
+				}
+			}, async (span) => {
+				const logger$1 = getLogger([
+					"fedify",
+					"federation",
+					"http"
+				]);
+				if (span.isRecording()) for (const [k, v] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(k), [v]);
+				let response;
+				try {
+					response = await this.#fetch(request, {
+						...options,
+						span,
+						tracer
+					});
+				} catch (error) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: `${error}`
+					});
+					span.end();
+					logger$1.error("An error occurred while serving request {method} {url}: {error}", {
+						method: request.method,
+						url: request.url,
+						error
+					});
+					throw error;
+				}
+				if (span.isRecording()) {
+					span.setAttribute(ATTR_HTTP_RESPONSE_STATUS_CODE, response.status);
+					for (const [k, v] of response.headers) span.setAttribute(ATTR_HTTP_RESPONSE_HEADER(k), [v]);
+					span.setStatus({
+						code: response.status >= 500 ? SpanStatusCode.ERROR : SpanStatusCode.UNSET,
+						message: response.statusText
+					});
+				}
+				span.end();
+				const url = new URL(request.url);
+				const logTpl = "{method} {path}: {status}";
+				const values = {
+					method: request.method,
+					path: `${url.pathname}${url.search}`,
+					url: request.url,
+					status: response.status
+				};
+				if (response.status >= 500) logger$1.error(logTpl, values);
+				else if (response.status >= 400) logger$1.warn(logTpl, values);
+				else logger$1.info(logTpl, values);
+				return response;
+			});
+		});
+	}
+	async #fetch(request, { onNotFound, onNotAcceptable, onUnauthorized, contextData, span, tracer }) {
+		onNotFound ??= notFound;
+		onNotAcceptable ??= notAcceptable;
+		onUnauthorized ??= unauthorized;
+		const url = new URL(request.url);
+		const route = this.router.route(url.pathname);
+		if (route == null) return await onNotFound(request);
+		span.updateName(`${request.method} ${route.template}`);
+		let context$1 = this.#createContext(request, contextData);
+		const routeName = route.name.replace(/:.*$/, "");
+		switch (routeName) {
+			case "webfinger": return await handleWebFinger(request, {
+				context: context$1,
+				host: this.origin?.handleHost,
+				actorDispatcher: this.actorCallbacks?.dispatcher,
+				actorHandleMapper: this.actorCallbacks?.handleMapper,
+				actorAliasMapper: this.actorCallbacks?.aliasMapper,
+				onNotFound,
+				tracer
+			});
+			case "nodeInfoJrd": return await handleNodeInfoJrd(request, context$1);
+			case "nodeInfo": return await handleNodeInfo(request, {
+				context: context$1,
+				nodeInfoDispatcher: this.nodeInfoDispatcher
+			});
+			case "actor":
+				context$1 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
+				return await handleActor(request, {
+					identifier: route.values.identifier ?? route.values.handle,
+					context: context$1,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					authorizePredicate: this.actorCallbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			case "object": {
+				const typeId = route.name.replace(/^object:/, "");
+				const callbacks = this.objectCallbacks[typeId];
+				const cls = this.objectTypeIds[typeId];
+				context$1 = this.#createContext(request, contextData, { invokedFromObjectDispatcher: {
+					cls,
+					values: route.values
+				} });
+				return await handleObject(request, {
+					values: route.values,
+					context: context$1,
+					objectDispatcher: callbacks?.dispatcher,
+					authorizePredicate: callbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "outbox": return await handleCollection(request, {
+				name: "outbox",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getOutboxUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.outboxCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "inbox":
+				if (request.method !== "POST") return await handleCollection(request, {
+					name: "inbox",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: context$1.getInboxUri.bind(context$1),
+					context: context$1,
+					collectionCallbacks: this.inboxCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+				context$1 = this.#createContext(request, contextData, { documentLoader: await context$1.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle }) });
+			case "sharedInbox":
+				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
+					const identity = await this.sharedInboxKeyDispatcher(context$1);
+					if (identity != null) context$1 = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$1.getDocumentLoader(identity) : context$1.getDocumentLoader(identity) });
+				}
+				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				return await handleInbox(request, {
+					recipient: route.values.identifier ?? route.values.handle ?? null,
+					context: context$1,
+					inboxContextFactory: context$1.toInboxContext.bind(context$1),
+					kv: this.kv,
+					kvPrefixes: this.kvPrefixes,
+					queue: this.inboxQueue,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					inboxListeners: this.inboxListeners,
+					inboxErrorHandler: this.inboxErrorHandler,
+					onNotFound,
+					signatureTimeWindow: this.signatureTimeWindow,
+					skipSignatureVerification: this.skipSignatureVerification,
+					tracerProvider: this.tracerProvider
+				});
+			case "following": return await handleCollection(request, {
+				name: "following",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFollowingUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.followingCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "followers": {
+				let baseUrl = url.searchParams.get("base-url");
+				if (baseUrl != null) try {
+					baseUrl = `${new URL(baseUrl).origin}/`;
+				} catch {
+					baseUrl = null;
+				}
+				return await handleCollection(request, {
+					name: "followers",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: baseUrl == null ? context$1.getFollowersUri.bind(context$1) : (identifier) => {
+						const uri = context$1.getFollowersUri(identifier);
+						uri.searchParams.set("base-url", baseUrl);
+						return uri;
+					},
+					context: context$1,
+					filter: baseUrl != null ? new URL(baseUrl) : void 0,
+					filterPredicate: baseUrl != null ? (i) => (i instanceof URL ? i.href : i.id?.href ?? "").startsWith(baseUrl) : void 0,
+					collectionCallbacks: this.followersCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "liked": return await handleCollection(request, {
+				name: "liked",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getLikedUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.likedCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featured": return await handleCollection(request, {
+				name: "featured",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFeaturedUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.featuredCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featuredTags": return await handleCollection(request, {
+				name: "featured tags",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFeaturedTagsUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.featuredTagsCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			default: {
+				const response = onNotFound(request);
+				return response instanceof Promise ? await response : response;
+			}
+		}
+	}
+};
+const FANOUT_THRESHOLD = 5;
+var ContextImpl = class ContextImpl {
+	url;
+	federation;
+	data;
+	documentLoader;
+	contextLoader;
+	invokedFromActorKeyPairsDispatcher;
+	constructor({ url, federation, data, documentLoader, contextLoader, invokedFromActorKeyPairsDispatcher }) {
+		this.url = url;
+		this.federation = federation;
+		this.data = data;
+		this.documentLoader = documentLoader;
+		this.contextLoader = contextLoader;
+		this.invokedFromActorKeyPairsDispatcher = invokedFromActorKeyPairsDispatcher;
+	}
+	clone(data) {
+		return new ContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	toInboxContext(recipient, activity, activityId, activityType) {
+		return new InboxContextImpl(recipient, activity, activityId, activityType, {
+			url: this.url,
+			federation: this.federation,
+			data: this.data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	get hostname() {
+		return this.url.hostname;
+	}
+	get host() {
+		return this.url.host;
+	}
+	get origin() {
+		return this.url.origin;
+	}
+	get canonicalOrigin() {
+		return this.federation.origin?.webOrigin ?? this.origin;
+	}
+	get tracerProvider() {
+		return this.federation.tracerProvider;
+	}
+	getNodeInfoUri() {
+		const path = this.federation.router.build("nodeInfo", {});
+		if (path == null) throw new RouterError("No NodeInfo dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getActorUri(identifier) {
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No actor dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getObjectUri(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new RouterError("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		const path = this.federation.router.build(`object:${cls.typeId.href}`, values);
+		if (path == null) throw new RouterError("No object dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getOutboxUri(identifier) {
+		const path = this.federation.router.build("outbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No outbox dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getInboxUri(identifier) {
+		if (identifier == null) {
+			const path$1 = this.federation.router.build("sharedInbox", {});
+			if (path$1 == null) throw new RouterError("No shared inbox path registered.");
+			return new URL(path$1, this.canonicalOrigin);
+		}
+		const path = this.federation.router.build("inbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No inbox path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowingUri(identifier) {
+		const path = this.federation.router.build("following", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No following collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowersUri(identifier) {
+		const path = this.federation.router.build("followers", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No followers collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getLikedUri(identifier) {
+		const path = this.federation.router.build("liked", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No liked collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedUri(identifier) {
+		const path = this.federation.router.build("featured", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedTagsUri(identifier) {
+		const path = this.federation.router.build("featuredTags", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured tags collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	parseUri(uri) {
+		if (uri == null) return null;
+		if (uri.origin !== this.origin && uri.origin !== this.canonicalOrigin) return null;
+		const route = this.federation.router.route(uri.pathname);
+		const logger$1 = getLogger(["fedify", "federation"]);
+		if (route == null) return null;
+		else if (route.name === "sharedInbox") return {
+			type: "inbox",
+			identifier: void 0,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return void 0;
+			}
+		};
+		const identifier = "identifier" in route.values ? route.values.identifier : route.values.handle;
+		if (route.name === "actor") return {
+			type: "actor",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name.startsWith("object:")) {
+			const typeId = route.name.replace(/^object:/, "");
+			return {
+				type: "object",
+				class: this.federation.objectTypeIds[typeId],
+				typeId: new URL(typeId),
+				values: route.values
+			};
+		} else if (route.name === "inbox") return {
+			type: "inbox",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "outbox") return {
+			type: "outbox",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "following") return {
+			type: "following",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "followers") return {
+			type: "followers",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "liked") return {
+			type: "liked",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featured") return {
+			type: "featured",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featuredTags") return {
+			type: "featuredTags",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		return null;
+	}
+	async getActorKeyPairs(identifier) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.invokedFromActorKeyPairsDispatcher != null) logger$1.warn("Context.getActorKeyPairs({getActorKeyPairsIdentifier}) method is invoked from the actor key pairs dispatcher ({actorKeyPairsDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorKeyPairsIdentifier: identifier,
+			actorKeyPairsDispatcherIdentifier: this.invokedFromActorKeyPairsDispatcher.identifier
+		});
+		let keyPairs;
+		try {
+			keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		} catch (_) {
+			logger$1.warn("No actor key pairs dispatcher registered.");
+			return [];
+		}
+		const owner = this.getActorUri(identifier);
+		const result = [];
+		for (const keyPair of keyPairs) {
+			const newPair = {
+				...keyPair,
+				cryptographicKey: new CryptographicKey({
+					id: keyPair.keyId,
+					owner,
+					publicKey: keyPair.publicKey
+				}),
+				multikey: new Multikey({
+					id: keyPair.keyId,
+					controller: owner,
+					publicKey: keyPair.publicKey
+				})
+			};
+			result.push(newPair);
+		}
+		return result;
+	}
+	async getKeyPairsFromIdentifier(identifier) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.federation.actorCallbacks?.keyPairsDispatcher == null) throw new Error("No actor key pairs dispatcher registered.");
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) {
+			logger$1.warn("No actor dispatcher registered.");
+			return [];
+		}
+		const actorUri = new URL(path, this.canonicalOrigin);
+		const keyPairs = await this.federation.actorCallbacks?.keyPairsDispatcher(new ContextImpl({
+			...this,
+			invokedFromActorKeyPairsDispatcher: { identifier }
+		}), identifier);
+		if (keyPairs.length < 1) logger$1.warn("No key pairs found for actor {identifier}.", { identifier });
+		let i = 0;
+		const result = [];
+		for (const keyPair of keyPairs) {
+			result.push({
+				...keyPair,
+				keyId: new URL(i == 0 ? `#main-key` : `#key-${i + 1}`, actorUri)
+			});
+			i++;
+		}
+		return result;
+	}
+	async getRsaKeyPairFromIdentifier(identifier) {
+		const keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		for (const keyPair of keyPairs) {
+			const { privateKey } = keyPair;
+			if (privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" && privateKey.algorithm.hash.name === "SHA-256") return keyPair;
+		}
+		getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("No RSA-PKCS#1-v1.5 SHA-256 key found for actor {identifier}.", { identifier });
+		return null;
+	}
+	getDocumentLoader(identity) {
+		if ("identifier" in identity || "username" in identity || "handle" in identity) {
+			let identifierPromise;
+			if ("username" in identity || "handle" in identity) {
+				let username;
+				if ("username" in identity) username = identity.username;
+				else {
+					username = identity.handle;
+					getLogger([
+						"fedify",
+						"runtime",
+						"docloader"
+					]).warn("The \"handle\" property is deprecated; use \"identifier\" or \"username\" instead.", { identity });
+				}
+				const mapper = this.federation.actorCallbacks?.handleMapper;
+				if (mapper == null) identifierPromise = Promise.resolve(username);
+				else {
+					const identifier = mapper(this, username);
+					identifierPromise = identifier instanceof Promise ? identifier : Promise.resolve(identifier);
+				}
+			} else identifierPromise = Promise.resolve(identity.identifier);
+			return identifierPromise.then((identifier) => {
+				if (identifier == null) return this.documentLoader;
+				const keyPair = this.getRsaKeyPairFromIdentifier(identifier);
+				return keyPair.then((pair) => pair == null ? this.documentLoader : this.federation.authenticatedDocumentLoaderFactory(pair));
+			});
+		}
+		return this.federation.authenticatedDocumentLoaderFactory(identity);
+	}
+	lookupObject(identifier, options = {}) {
+		return lookupObject(identifier, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	traverseCollection(collection, options = {}) {
+		return traverseCollection(collection, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader
+		});
+	}
+	lookupNodeInfo(url, options = {}) {
+		return options.parse === "none" ? getNodeInfo(url, {
+			parse: "none",
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		}) : getNodeInfo(url, {
+			parse: options.parse,
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		});
+	}
+	lookupWebFinger(resource, options = {}) {
+		return lookupWebFinger(resource, {
+			...options,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	sendActivity(sender, recipients, activity, options = {}) {
+		const tracer = this.tracerProvider.getTracer(deno_default.name, deno_default.version);
+		return tracer.startActiveSpan(this.federation.outboxQueue == null || options.immediate ? "activitypub.outbox" : "activitypub.fanout", {
+			kind: this.federation.outboxQueue == null || options.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+			attributes: {
+				"activitypub.activity.type": getTypeId(activity).href,
+				"activitypub.activity.to": activity.toIds.map((to) => to.href),
+				"activitypub.activity.cc": activity.toIds.map((cc) => cc.href),
+				"activitypub.activity.bto": activity.btoIds.map((bto) => bto.href),
+				"activitypub.activity.bcc": activity.toIds.map((bcc) => bcc.href)
+			}
+		}, async (span) => {
+			try {
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				await this.sendActivityInternal(sender, recipients, activity, options, span);
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async sendActivityInternal(sender, recipients, activity, options, span) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in sender || "username" in sender || "handle" in sender) {
+			if ("identifier" in sender) identifier = sender.identifier;
+			else {
+				let username;
+				if ("username" in sender) username = sender.username;
+				else {
+					username = sender.handle;
+					logger$1.warn("The \"handle\" property for the sender parameter is deprecated; use \"identifier\" or \"username\" instead.", { sender });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			span.setAttribute("fedify.actor.identifier", identifier);
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(sender)) {
+			if (sender.length < 1) throw new Error("The sender's key pairs are empty.");
+			keys = sender;
+		} else keys = [sender];
+		if (keys.length < 1) throw new TypeError("The sender's keys must not be empty.");
+		for (const { privateKey } of keys) validateCryptoKey(privateKey, "private");
+		const opts = { context: this };
+		let expandedRecipients;
+		if (Array.isArray(recipients)) expandedRecipients = recipients;
+		else if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", sender must be an actor identifier or username.");
+			expandedRecipients = [];
+			for await (const recipient of this.getFollowers(identifier)) expandedRecipients.push(recipient);
+			if (options.syncCollection) {
+				const collectionId = this.federation.router.build("followers", {
+					identifier,
+					handle: identifier
+				});
+				opts.collectionSync = collectionId == null ? void 0 : new URL(collectionId, this.canonicalOrigin).href;
+			}
+		} else expandedRecipients = [recipients];
+		span.setAttribute("activitypub.inboxes", expandedRecipients.length);
+		for (const activityTransformer of this.federation.activityTransformers) activity = activityTransformer(activity, this);
+		span?.setAttribute("activitypub.activity.id", activity?.id?.href ?? "");
+		if (activity.actorId == null) {
+			logger$1.error("Activity {activityId} to send does not have an actor.", {
+				activity,
+				activityId: activity?.id?.href
+			});
+			throw new TypeError("The activity to send must have at least one actor property.");
+		}
+		const inboxes = extractInboxes({
+			recipients: expandedRecipients,
+			preferSharedInbox: options.preferSharedInbox,
+			excludeBaseUris: options.excludeBaseUris
+		});
+		logger$1.debug("Sending activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: activity.id?.href,
+			activity
+		});
+		if (this.federation.fanoutQueue == null || options.immediate || options.fanout === "skip" || (options.fanout ?? "auto") === "auto" && globalThis.Object.keys(inboxes).length < FANOUT_THRESHOLD) {
+			await this.federation.sendActivity(keys, inboxes, activity, opts);
+			return;
+		}
+		const keyJwkPairs = await Promise.all(keys.map(async ({ keyId, privateKey }) => ({
+			keyId: keyId.href,
+			privateKey: await exportJwk(privateKey)
+		})));
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const message = {
+			type: "fanout",
+			id: crypto.randomUUID(),
+			baseUrl: this.origin,
+			keys: keyJwkPairs,
+			inboxes: globalThis.Object.fromEntries(globalThis.Object.entries(inboxes).map(([k, { actorIds, sharedInbox }]) => [k, {
+				actorIds: [...actorIds],
+				sharedInbox
+			}])),
+			activity: await activity.toJsonLd({
+				format: "compact",
+				contextLoader: this.contextLoader
+			}),
+			activityId: activity.id?.href,
+			activityType: getTypeId(activity).href,
+			collectionSync: opts.collectionSync,
+			traceContext: carrier
+		};
+		if (!this.federation.manuallyStartQueue) this.federation._startQueueInternal(this.data);
+		this.federation.fanoutQueue.enqueue(message);
+	}
+	async *getFollowers(identifier) {
+		if (this.federation.followersCallbacks == null) throw new Error("No followers collection dispatcher registered.");
+		const result = await this.federation.followersCallbacks.dispatcher(this, identifier, null);
+		if (result != null) {
+			for (const recipient of result.items) yield recipient;
+			return;
+		}
+		if (this.federation.followersCallbacks.firstCursor == null) throw new Error("No first cursor dispatcher registered for followers collection.");
+		let cursor = await this.federation.followersCallbacks.firstCursor(this, identifier);
+		if (cursor != null) getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]).warn("Since the followers collection dispatcher returned null for no cursor (i.e., one-shot dispatcher), the pagination is used to fetch \"followers\".  However, it is recommended to implement the one-shot dispatcher for better performance.", { identifier });
+		while (cursor != null) {
+			const result$1 = await this.federation.followersCallbacks.dispatcher(this, identifier, cursor);
+			if (result$1 == null) break;
+			for (const recipient of result$1.items) yield recipient;
+			cursor = result$1.nextCursor ?? null;
+		}
+	}
+	routeActivity(recipient, activity, options = {}) {
+		const tracerProvider = this.tracerProvider ?? this.tracerProvider;
+		const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+		return tracer.startActiveSpan("activitypub.inbox", {
+			kind: this.federation.inboxQueue == null || options.immediate ? SpanKind.INTERNAL : SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": getTypeId(activity).href }
+		}, async (span) => {
+			if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+			if (activity.toIds.length > 0) span.setAttribute("activitypub.activity.to", activity.toIds.map((to) => to.href));
+			if (activity.ccIds.length > 0) span.setAttribute("activitypub.activity.cc", activity.ccIds.map((cc) => cc.href));
+			if (activity.btoIds.length > 0) span.setAttribute("activitypub.activity.bto", activity.btoIds.map((bto) => bto.href));
+			if (activity.bccIds.length > 0) span.setAttribute("activitypub.activity.bcc", activity.bccIds.map((bcc) => bcc.href));
+			try {
+				const ok = await this.routeActivityInternal(recipient, activity, options, span);
+				if (ok) {
+					span.setAttribute("activitypub.shared_inbox", recipient == null);
+					if (recipient != null) span.setAttribute("fedify.inbox.recipient", recipient);
+				} else span.setStatus({ code: SpanStatusCode.ERROR });
+				return ok;
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async routeActivityInternal(recipient, activity, options = {}, span) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const contextLoader = options.contextLoader ?? this.contextLoader;
+		const json = await activity.toJsonLd({ contextLoader });
+		const keyCache = new KvKeyCache(this.federation.kv, this.federation.kvPrefixes.publicKey, this);
+		const verified = await verifyObject(Activity, json, {
+			contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			keyCache
+		});
+		if (verified == null) {
+			logger$1.debug("Object Integrity Proofs are not verified.", {
+				recipient,
+				activity: json
+			});
+			if (activity.id == null) {
+				logger$1.debug("Activity is missing an ID; unable to fetch.", {
+					recipient,
+					activity: json
+				});
+				return false;
+			}
+			const fetched = await this.lookupObject(activity.id, options);
+			if (fetched == null) {
+				logger$1.debug("Failed to fetch the remote activity object {activityId}.", {
+					recipient,
+					activity: json,
+					activityId: activity.id.href
+				});
+				return false;
+			} else if (!(fetched instanceof Activity)) {
+				logger$1.debug("Fetched object is not an Activity.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.id?.href !== activity.id.href) {
+				logger$1.debug("Fetched activity object has a different ID; failed to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.actorIds.length < 1) {
+				logger$1.debug("Fetched activity object is missing an actor; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			const activityId = fetched.id;
+			if (!fetched.actorIds.every((actor) => actor.origin === activityId.origin)) {
+				logger$1.debug("Fetched activity object has actors from different origins; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			logger$1.debug("Successfully fetched the remote activity object {activityId}; ignore the original activity and use the fetched one, which is trustworthy.");
+			activity = fetched;
+		} else logger$1.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+		const routeResult = await routeActivity({
+			context: this,
+			json,
+			activity,
+			recipient,
+			inboxListeners: this.federation.inboxListeners,
+			inboxContextFactory: this.toInboxContext.bind(this),
+			inboxErrorHandler: this.federation.inboxErrorHandler,
+			kv: this.federation.kv,
+			kvPrefixes: this.federation.kvPrefixes,
+			queue: this.federation.inboxQueue,
+			span,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
+	}
+};
+var RequestContextImpl = class RequestContextImpl extends ContextImpl {
+	#invokedFromActorDispatcher;
+	#invokedFromObjectDispatcher;
+	request;
+	url;
+	constructor(options) {
+		super(options);
+		this.#invokedFromActorDispatcher = options.invokedFromActorDispatcher;
+		this.#invokedFromObjectDispatcher = options.invokedFromObjectDispatcher;
+		this.request = options.request;
+		this.url = options.url;
+	}
+	clone(data) {
+		return new RequestContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher,
+			invokedFromActorDispatcher: this.#invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: this.#invokedFromObjectDispatcher,
+			request: this.request
+		});
+	}
+	async getActor(identifier) {
+		if (this.federation.actorCallbacks == null || this.federation.actorCallbacks.dispatcher == null) throw new Error("No actor dispatcher registered.");
+		if (this.#invokedFromActorDispatcher != null) getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("RequestContext.getActor({getActorIdentifier}) is invoked from the actor dispatcher ({actorDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorIdentifier: identifier,
+			actorDispatcherIdentifier: this.#invokedFromActorDispatcher.identifier
+		});
+		return await this.federation.actorCallbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromActorDispatcher: { identifier }
+		}), identifier);
+	}
+	async getObject(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new Error("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		if (this.#invokedFromObjectDispatcher != null) getLogger(["fedify", "federation"]).warn("RequestContext.getObject({getObjectClass}, {getObjectValues}) is invoked from the object dispatcher ({actorDispatcherClass}, {actorDispatcherValues}); this may cause an infinite loop.", {
+			getObjectClass: cls.name,
+			getObjectValues: values,
+			actorDispatcherClass: this.#invokedFromObjectDispatcher.cls.name,
+			actorDispatcherValues: this.#invokedFromObjectDispatcher.values
+		});
+		return await callbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromObjectDispatcher: {
+				cls,
+				values
+			}
+		}), values);
+	}
+	#signedKey = void 0;
+	async getSignedKey(options = {}) {
+		if (this.#signedKey != null) return this.#signedKey;
+		return this.#signedKey = await verifyRequest(this.request, {
+			...this,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			timeWindow: this.federation.signatureTimeWindow,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+	#signedKeyOwner = void 0;
+	async getSignedKeyOwner(options = {}) {
+		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
+		const key = await this.getSignedKey(options);
+		if (key == null) return this.#signedKeyOwner = null;
+		return this.#signedKeyOwner = await getKeyOwner(key, {
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+};
+var InboxContextImpl = class InboxContextImpl extends ContextImpl {
+	recipient;
+	activity;
+	activityId;
+	activityType;
+	constructor(recipient, activity, activityId, activityType, options) {
+		super(options);
+		this.recipient = recipient;
+		this.activity = activity;
+		this.activityId = activityId;
+		this.activityType = activityType;
+	}
+	clone(data) {
+		return new InboxContextImpl(this.recipient, this.activity, this.activityId, this.activityType, {
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	forwardActivity(forwarder, recipients, options) {
+		const tracer = this.tracerProvider.getTracer(deno_default.name, deno_default.version);
+		return tracer.startActiveSpan("activitypub.outbox", {
+			kind: this.federation.outboxQueue == null || options?.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": this.activityType }
+		}, async (span) => {
+			try {
+				if (this.activityId != null) span.setAttribute("activitypub.activity.id", this.activityId);
+				await this.forwardActivityInternal(forwarder, recipients, options);
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async forwardActivityInternal(forwarder, recipients, options) {
+		const logger$1 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in forwarder || "username" in forwarder || "handle" in forwarder) {
+			if ("identifier" in forwarder) identifier = forwarder.identifier;
+			else {
+				let username;
+				if ("username" in forwarder) username = forwarder.username;
+				else {
+					username = forwarder.handle;
+					logger$1.warn("The \"handle\" property for the forwarder parameter is deprecated; use \"identifier\" or \"username\" instead.", { forwarder });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(forwarder)) {
+			if (forwarder.length < 1) throw new Error("The forwarder's key pairs are empty.");
+			keys = forwarder;
+		} else keys = [forwarder];
+		if (!hasSignature(this.activity)) {
+			let hasProof;
+			try {
+				const activity = await Activity.fromJsonLd(this.activity, this);
+				hasProof = await activity.getProof() != null;
+			} catch {
+				hasProof = false;
+			}
+			if (!hasProof) {
+				if (options?.skipIfUnsigned) return;
+				logger$1.warn("The received activity {activityId} is not signed; even if it is forwarded to other servers as is, it may not be accepted by them due to the lack of a signature/proof.");
+			}
+		}
+		if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", forwarder must be an actor identifier or username.");
+			const followers = [];
+			for await (const recipient of this.getFollowers(identifier)) followers.push(recipient);
+			recipients = followers;
+		}
+		const inboxes = extractInboxes({
+			recipients: Array.isArray(recipients) ? recipients : [recipients],
+			preferSharedInbox: options?.preferSharedInbox,
+			excludeBaseUris: options?.excludeBaseUris
+		});
+		logger$1.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		if (options?.immediate || this.federation.outboxQueue == null) {
+			if (options?.immediate) logger$1.debug("Forwarding activity immediately without queue since immediate option is set.");
+			else logger$1.debug("Forwarding activity immediately without queue since queue is not set.");
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				tracerProvider: this.tracerProvider,
+				specDeterminer: new KvSpecDeterminer(this.federation.kv, this.federation.kvPrefixes.httpMessageSignaturesSpec)
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$1.debug("Enqueuing activity {activityId} to forward later.", {
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: this.origin,
+				keys: keyJwkPairs,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: new Date().toISOString(),
+				attempt: 0,
+				headers: {},
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this.federation;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const results = await Promise.allSettled(promises);
+			const errors = results.filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$1.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
+					activityId: this.activityId,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${this.activityId} to forward later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$1.error("Failed to enqueue activity {activityId} to forward later:\n{error}", {
+				activityId: this.activityId,
+				error
+			});
+			throw error;
+		}
+	}
+};
+var KvSpecDeterminer = class {
+	kv;
+	prefix;
+	defaultSpec;
+	constructor(kv, prefix, defaultSpec = "rfc9421") {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.defaultSpec = defaultSpec;
+	}
+	async determineSpec(origin) {
+		return await this.kv.get([...this.prefix, origin]) ?? this.defaultSpec;
+	}
+	async rememberSpec(origin, spec) {
+		await this.kv.set([...this.prefix, origin], spec);
+	}
+};
+function notFound(_request) {
+	return new Response("Not Found", { status: 404 });
+}
+function notAcceptable(_request) {
+	return new Response("Not Acceptable", {
+		status: 406,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+function unauthorized(_request) {
+	return new Response("Unauthorized", {
+		status: 401,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+/**
+* Generates or extracts a unique identifier for a request.
+*
+* This function first attempts to extract an existing request ID from standard
+* tracing headers. If none exists, it generates a new one. The ID format is:
+*
+*  -  If from headers, uses the existing ID.
+*  -  If generated, uses format `req_` followed by a base36 timestamp and
+*     6 random chars.
+*
+* @param request The incoming HTTP request.
+* @returns A string identifier unique to this request.
+*/
+function getRequestId(request) {
+	const traceId = request.headers.get("X-Request-Id") || request.headers.get("X-Correlation-Id") || request.headers.get("Traceparent")?.split("-")[1];
+	if (traceId != null) return traceId;
+	const timestamp = Date.now().toString(36);
+	const random = Math.random().toString(36).slice(2, 8);
+	return `req_${timestamp}${random}`;
+}
+//#endregion
+export { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, Router$1 as Router, RouterError, buildCollectionSynchronizationHeader, createExponentialBackoffPolicy, createFederation, createFederationBuilder, digest, respondWithObject, respondWithObjectIfAcceptable };