@fedify/fedify 1.7.15 → 1.7.16

package/dist/middleware-Dvd4BUlF.js

@@ -0,0 +1,2661 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { d as version, i as getDocumentLoader, s as kvCache, u as name } from "./docloader-I3SkMpZK.js";
+import { t as getNodeInfo } from "./client-CJ3nfMyp.js";
+import { n as RouterError } from "./router-BuDkN4RQ.js";
+import { t as nodeInfoToJson } from "./types-CB_2uuCA.js";
+import { _ as Object$1, b as OrderedCollectionPage, h as Multikey, m as Link, o as CryptographicKey, t as Activity, y as OrderedCollection } from "./vocab-B8zleLsO.js";
+import { t as lookupWebFinger } from "./lookup-CoCshjhM.js";
+import { t as getTypeId } from "./type-DFsmi-p1.js";
+import { a as validateCryptoKey, i as importJwk, t as exportJwk } from "./key-Ba-IjS2c.js";
+import { l as verifyRequest } from "./http-CiQH4CF3.js";
+import { t as getAuthenticatedDocumentLoader } from "./authdocloader-1vrHbYJF.js";
+import { a as signJsonLd, i as hasSignature, o as verifyJsonLd, r as detachSignature } from "./ld-Dm1tdWDX.js";
+import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-BO3ZhyYg.js";
+import { n as signObject, r as verifyObject } from "./proof-Btlfk6hr.js";
+import { n as traverseCollection, t as lookupObject } from "./lookup-BumKjgCt.js";
+import { n as routeActivity } from "./inbox-BqBPO0vG.js";
+import { t as FederationBuilderImpl } from "./builder-8YjpOSrf.js";
+import { t as buildCollectionSynchronizationHeader } from "./collection-XNLQhehO.js";
+import { t as KvKeyCache } from "./keycache-BdgRTisV.js";
+import { t as createExponentialBackoffPolicy } from "./retry-BQet39_l.js";
+import { n as sendActivity, t as extractInboxes } from "./send-Dj-482tr.js";
+import { getLogger, withContext } from "@logtape/logtape";
+import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
+import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
+import { domainToASCII } from "node:url";
+
+//#region compat/transformers.ts
+const logger$1 = getLogger([
+	"fedify",
+	"compat",
+	"transformers"
+]);
+/**
+* An activity transformer that assigns a new random ID to an activity if it
+* does not already have one.  This is useful for ensuring that activities
+* have an ID before they are sent to other servers.
+*
+* The generated ID is an origin URI with a fragment which contains an activity
+* type name with a random UUID:
+*
+* ```
+* https://example.com/#Follow/12345678-1234-5678-1234-567812345678
+* ```
+*
+* @typeParam TContextData The type of the context data.
+* @param activity The activity to assign an ID to.
+* @param context The context of the activity.
+* @return The activity with an ID assigned.
+* @since 1.4.0
+*/
+function autoIdAssigner(activity, context$1) {
+	if (activity.id != null) return activity;
+	const id = new URL(`/#${activity.constructor.name}/${crypto.randomUUID()}`, context$1.origin);
+	logger$1.warn("As the activity to send does not have an id, a new id {id} has been generated for it.  However, it is recommended to explicitly set the id for the activity.", { id: id.href });
+	return activity.clone({ id });
+}
+/**
+* An activity transformer that dehydrates the actor property of an activity
+* so that it only contains the actor's URI.  For example, suppose we have an
+* activity like this:
+*
+* ```typescript
+* import { Follow, Person } from "@fedify/fedify/vocab";
+* const input = new Follow({
+*   id: new URL("http://example.com/activities/1"),
+*   actor: new Person({
+*     id: new URL("http://example.com/actors/1"),
+*     name: "Alice",
+*     preferredUsername: "alice",
+*   }),
+*   object: new Person({
+*     id: new URL("http://example.com/actors/2"),
+*     name: "Bob",
+*     preferredUsername: "bob",
+*   }),
+* });
+* ```
+*
+* The result of applying this transformer would be:
+*
+* ```typescript
+* import { Follow, Person } from "@fedify/fedify/vocab";
+* const output = new Follow({
+*   id: new URL("http://example.com/activities/1"),
+*   actor: new URL("http://example.com/actors/1"),
+*   object: new Person({
+*     id: new URL("http://example.com/actors/2"),
+*     name: "Bob",
+*     preferredUsername: "bob",
+*   }),
+* });
+* ```
+*
+* As some ActivityPub implementations like Threads fail to deal with inlined
+* actor objects, this transformer can be used to work around this issue.
+* @typeParam TContextData The type of the context data.
+* @param activity The activity to dehydrate the actor property of.
+* @param context The context of the activity.
+* @returns The dehydrated activity.
+* @since 1.4.0
+*/
+function actorDehydrator(activity, _context) {
+	if (activity.actorIds.length < 1) return activity;
+	return activity.clone({ actors: activity.actorIds });
+}
+/**
+* Gets the default activity transformers that are applied to all outgoing
+* activities.
+* @typeParam TContextData The type of the context data.
+* @returns The default activity transformers.
+* @since 1.4.0
+*/
+function getDefaultActivityTransformers() {
+	return [autoIdAssigner, actorDehydrator];
+}
+
+//#endregion
+//#region nodeinfo/handler.ts
+/**
+* Handles a NodeInfo request.  You would not typically call this function
+* directly, but instead use {@link Federation.handle} method.
+* @param request The NodeInfo request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleNodeInfo(_request, { context: context$1, nodeInfoDispatcher }) {
+	const promise = nodeInfoDispatcher(context$1);
+	const json = nodeInfoToJson(promise instanceof Promise ? await promise : promise);
+	return new Response(JSON.stringify(json), { headers: { "Content-Type": "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\"" } });
+}
+/**
+* Handles a request to `/.well-known/nodeinfo`.  You would not typically call
+* this function directly, but instead use {@link Federation.handle} method.
+* @param request The request to handle.
+* @param context The request context.
+* @returns The response to the request.
+*/
+function handleNodeInfoJrd(_request, context$1) {
+	const links = [];
+	try {
+		links.push({
+			rel: "http://nodeinfo.diaspora.software/ns/schema/2.1",
+			href: context$1.getNodeInfoUri().href,
+			type: "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\""
+		});
+	} catch (e) {
+		if (!(e instanceof RouterError)) throw e;
+	}
+	const jrd = { links };
+	const response = new Response(JSON.stringify(jrd), { headers: { "Content-Type": "application/jrd+json" } });
+	return Promise.resolve(response);
+}
+
+//#endregion
+//#region vocab/constants.ts
+/**
+* The special public collection for [public addressing].  *Do not mutate this
+* object.*
+*
+* [public addressing]: https://www.w3.org/TR/activitypub/#public-addressing
+*
+* @since 0.7.0
+*/
+const PUBLIC_COLLECTION = new URL("https://www.w3.org/ns/activitystreams#Public");
+
+//#endregion
+//#region webfinger/handler.ts
+const logger = getLogger([
+	"fedify",
+	"webfinger",
+	"server"
+]);
+/**
+* Handles a WebFinger request.  You would not typically call this function
+* directly, but instead use {@link Federation.fetch} method.
+* @param request The WebFinger request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleWebFinger(request, options) {
+	if (options.tracer == null) return await handleWebFingerInternal(request, options);
+	return await options.tracer.startActiveSpan("webfinger.handle", { kind: SpanKind.SERVER }, async (span) => {
+		try {
+			const response = await handleWebFingerInternal(request, options);
+			span.setStatus({ code: response.ok ? SpanStatusCode.UNSET : SpanStatusCode.ERROR });
+			return response;
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleWebFingerInternal(request, { context: context$1, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span }) {
+	if (actorDispatcher == null) return await onNotFound(request);
+	const resource = context$1.url.searchParams.get("resource");
+	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
+	span?.setAttribute("webfinger.resource", resource);
+	let resourceUrl;
+	try {
+		resourceUrl = new URL(resource);
+	} catch (e) {
+		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
+		throw e;
+	}
+	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.");
+		return await onNotFound(request);
+	}
+	async function mapUsernameToIdentifier(username) {
+		if (actorHandleMapper == null) {
+			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
+			return username;
+		}
+		const identifier$1 = await actorHandleMapper(context$1, username);
+		if (identifier$1 == null) {
+			logger.error("Actor {username} not found.", { username });
+			return null;
+		}
+		return identifier$1;
+	}
+	let identifier = null;
+	const uriParsed = context$1.parseUri(resourceUrl);
+	if (uriParsed?.type != "actor") {
+		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
+		if (match == null) {
+			const result = await actorAliasMapper?.(context$1, resourceUrl);
+			if (result == null) return await onNotFound(request);
+			if ("identifier" in result) identifier = result.identifier;
+			else identifier = await mapUsernameToIdentifier(result.username);
+		} else {
+			const portMatch = /:\d+$/.exec(match[2]);
+			const normalizedHost = portMatch == null ? domainToASCII(match[2].toLowerCase()) : domainToASCII(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
+			if (normalizedHost != context$1.url.host && normalizedHost != host) return await onNotFound(request);
+			else {
+				identifier = await mapUsernameToIdentifier(match[1]);
+				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+			}
+		}
+	} else identifier = uriParsed.identifier;
+	if (identifier == null) return await onNotFound(request);
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const links = [{
+		rel: "self",
+		href: context$1.getActorUri(identifier).href,
+		type: "application/activity+json"
+	}];
+	for (const url of actor.urls) if (url instanceof Link && url.href != null) links.push({
+		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
+		href: url.href.href,
+		type: url.mediaType == null ? void 0 : url.mediaType
+	});
+	else if (url instanceof URL) links.push({
+		rel: "http://webfinger.net/rel/profile-page",
+		href: url.href
+	});
+	for await (const image of actor.getIcons()) {
+		if (image.url?.href == null) continue;
+		const link = {
+			rel: "http://webfinger.net/rel/avatar",
+			href: image.url.href.toString()
+		};
+		if (image.mediaType != null) link.type = image.mediaType;
+		links.push(link);
+	}
+	const aliases = [];
+	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
+		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$1.url.host}`);
+		if (host != null && host !== context$1.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$1.url.host}`);
+	}
+	if (resourceUrl.href !== context$1.getActorUri(identifier).href) aliases.push(context$1.getActorUri(identifier).href);
+	if (resourceUrl.protocol === "acct:" && host != null && host !== context$1.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
+		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
+		aliases.push(`acct:${username}@${host}`);
+	}
+	const jrd = {
+		subject: resourceUrl.href,
+		aliases,
+		links
+	};
+	return new Response(JSON.stringify(jrd), { headers: {
+		"Content-Type": "application/jrd+json",
+		"Access-Control-Allow-Origin": "*"
+	} });
+}
+
+//#endregion
+//#region federation/negotiation.ts
+function compareSpecs(a, b) {
+	return b.q - a.q || (b.s ?? 0) - (a.s ?? 0) || (a.o ?? 0) - (b.o ?? 0) || a.i - b.i || 0;
+}
+function isQuality(spec) {
+	return spec.q > 0;
+}
+const simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
+function splitKeyValuePair(str) {
+	const [key, value] = str.split("=");
+	return [key.toLowerCase(), value];
+}
+function parseMediaType(str, i) {
+	const match = simpleMediaTypeRegExp.exec(str);
+	if (!match) return;
+	const [, type, subtype, parameters] = match;
+	if (!type || !subtype) return;
+	const params = Object.create(null);
+	let q = 1;
+	if (parameters) {
+		const kvps = parameters.split(";").map((p) => p.trim()).map(splitKeyValuePair);
+		for (const [key, val] of kvps) {
+			const value = val && val[0] === `"` && val[val.length - 1] === `"` ? val.slice(1, val.length - 1) : val;
+			if (key === "q" && value) {
+				q = parseFloat(value);
+				break;
+			}
+			params[key] = value;
+		}
+	}
+	return {
+		type,
+		subtype,
+		params,
+		i,
+		o: void 0,
+		q,
+		s: void 0
+	};
+}
+function parseAccept(accept) {
+	const accepts = accept.split(",").map((p) => p.trim());
+	const mediaTypes = [];
+	for (const [index, accept$1] of accepts.entries()) {
+		const mediaType = parseMediaType(accept$1.trim(), index);
+		if (mediaType) mediaTypes.push(mediaType);
+	}
+	return mediaTypes;
+}
+function getFullType(spec) {
+	return `${spec.type}/${spec.subtype}`;
+}
+function preferredMediaTypes(accept) {
+	return parseAccept(accept === void 0 ? "*/*" : accept ?? "").filter(isQuality).sort(compareSpecs).map(getFullType);
+}
+
+//#endregion
+//#region federation/handler.ts
+function acceptsJsonLd(request) {
+	const accept = request.headers.get("Accept");
+	const types = accept ? preferredMediaTypes(accept) : ["*/*"];
+	if (types == null) return true;
+	if (types[0] === "text/html" || types[0] === "application/xhtml+xml") return false;
+	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
+}
+async function handleActor(request, { identifier, context: context$1, actorDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	const logger$2 = getLogger([
+		"fedify",
+		"federation",
+		"actor"
+	]);
+	if (actorDispatcher == null) {
+		logger$2.debug("Actor dispatcher is not set.", { identifier });
+		return await onNotFound(request);
+	}
+	const actor = await actorDispatcher(context$1, identifier);
+	if (actor == null) {
+		logger$2.debug("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await actor.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+async function handleObject(request, { values, context: context$1, objectDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	if (objectDispatcher == null) return await onNotFound(request);
+	const object = await objectDispatcher(context$1, values);
+	if (object == null) return await onNotFound(request);
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$1, values, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await object.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+async function handleCollection(request, { name: name$1, identifier, uriGetter, filter, filterPredicate, context: context$1, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound, onNotAcceptable }) {
+	const spanName = name$1.trim().replace(/\s+/g, "_");
+	tracerProvider = tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(name, version);
+	const cursor = new URL(request.url).searchParams.get("cursor");
+	if (collectionCallbacks == null) return await onNotFound(request);
+	let collection;
+	const baseUri = uriGetter(identifier);
+	if (cursor == null) {
+		const firstCursor = await collectionCallbacks.firstCursor?.(context$1, identifier);
+		const totalItems = filter == null ? await collectionCallbacks.counter?.(context$1, identifier) : void 0;
+		if (firstCursor == null) {
+			const itemsOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection ${spanName}`, {
+				kind: SpanKind.SERVER,
+				attributes: {
+					"activitypub.collection.id": baseUri.href,
+					"activitypub.collection.type": OrderedCollection.typeId.href
+				}
+			}, async (span) => {
+				if (totalItems != null) span.setAttribute("activitypub.collection.total_items", Number(totalItems));
+				try {
+					const page = await collectionCallbacks.dispatcher(context$1, identifier, null, filter);
+					if (page == null) {
+						span.setStatus({ code: SpanStatusCode.ERROR });
+						return await onNotFound(request);
+					}
+					const { items } = page;
+					span.setAttribute("fedify.collection.items", items.length);
+					return items;
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			if (itemsOrResponse instanceof Response) return itemsOrResponse;
+			collection = new OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				items: filterCollectionItems(itemsOrResponse, name$1, filterPredicate)
+			});
+		} else {
+			const lastCursor = await collectionCallbacks.lastCursor?.(context$1, identifier);
+			const first = new URL(context$1.url);
+			first.searchParams.set("cursor", firstCursor);
+			let last = null;
+			if (lastCursor != null) {
+				last = new URL(context$1.url);
+				last.searchParams.set("cursor", lastCursor);
+			}
+			collection = new OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				first,
+				last
+			});
+		}
+	} else {
+		const uri = new URL(baseUri);
+		uri.searchParams.set("cursor", cursor);
+		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name$1}`, {
+			kind: SpanKind.SERVER,
+			attributes: {
+				"activitypub.collection.id": uri.href,
+				"activitypub.collection.type": OrderedCollectionPage.typeId.href,
+				"fedify.collection.cursor": cursor
+			}
+		}, async (span) => {
+			try {
+				const page = await collectionCallbacks.dispatcher(context$1, identifier, cursor, filter);
+				if (page == null) {
+					span.setStatus({ code: SpanStatusCode.ERROR });
+					return await onNotFound(request);
+				}
+				span.setAttribute("fedify.collection.items", page.items.length);
+				return page;
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+		if (pageOrResponse instanceof Response) return pageOrResponse;
+		const { items, prevCursor, nextCursor } = pageOrResponse;
+		let prev = null;
+		if (prevCursor != null) {
+			prev = new URL(context$1.url);
+			prev.searchParams.set("cursor", prevCursor);
+		}
+		let next = null;
+		if (nextCursor != null) {
+			next = new URL(context$1.url);
+			next.searchParams.set("cursor", nextCursor);
+		}
+		const partOf = new URL(context$1.url);
+		partOf.searchParams.delete("cursor");
+		collection = new OrderedCollectionPage({
+			id: uri,
+			prev,
+			next,
+			items: filterCollectionItems(items, name$1, filterPredicate),
+			partOf
+		});
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (collectionCallbacks.authorizePredicate != null) {
+		let key = await context$1.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$1.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await collectionCallbacks.authorizePredicate(context$1, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await collection.toJsonLd(context$1);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+function filterCollectionItems(items, collectionName, filterPredicate) {
+	const result = [];
+	let logged = false;
+	for (const item of items) {
+		let mappedItem;
+		if (item instanceof Object$1 || item instanceof Link || item instanceof URL) mappedItem = item;
+		else if (item.id == null) continue;
+		else mappedItem = item.id;
+		if (filterPredicate != null && !filterPredicate(item)) {
+			if (!logged) {
+				getLogger([
+					"fedify",
+					"federation",
+					"collection"
+				]).warn(`The ${collectionName} collection apparently does not implement filtering.  This may result in a large response payload.  Please consider implementing filtering for the collection.  See also: https://fedify.dev/manual/collections#filtering-by-server`);
+				logged = true;
+			}
+			continue;
+		}
+		result.push(mappedItem);
+	}
+	return result;
+}
+async function handleInbox(request, options) {
+	return await (options.tracerProvider ?? trace.getTracerProvider()).getTracer(name, version).startActiveSpan("activitypub.inbox", {
+		kind: options.queue == null ? SpanKind.SERVER : SpanKind.PRODUCER,
+		attributes: { "activitypub.shared_inbox": options.recipient == null }
+	}, async (span) => {
+		if (options.recipient != null) span.setAttribute("fedify.inbox.recipient", options.recipient);
+		try {
+			return await handleInboxInternal(request, options, span);
+		} catch (e) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+	const logger$2 = getLogger([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	if (actorDispatcher == null) {
+		logger$2.error("Actor dispatcher is not set.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Actor dispatcher is not set."
+		});
+		return await onNotFound(request);
+	} else if (recipient != null) {
+		if (await actorDispatcher(ctx, recipient) == null) {
+			logger$2.error("Actor {recipient} not found.", { recipient });
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Actor ${recipient} not found.`
+			});
+			return await onNotFound(request);
+		}
+	}
+	if (request.bodyUsed) {
+		logger$2.error("Request body has already been read.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Request body has already been read."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	} else if (request.body?.locked) {
+		logger$2.error("Request body is locked.", { recipient });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Request body is locked."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	let json;
+	try {
+		json = await request.clone().json();
+	} catch (error) {
+		logger$2.error("Failed to parse JSON:\n{error}", {
+			recipient,
+			error
+		});
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error$1) {
+			logger$2.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error: error$1,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `Failed to parse JSON:\n${error}`
+		});
+		return new Response("Invalid JSON.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
+	let ldSigVerified;
+	try {
+		ldSigVerified = await verifyJsonLd(json, {
+			contextLoader: ctx.contextLoader,
+			documentLoader: ctx.documentLoader,
+			keyCache,
+			tracerProvider
+		});
+	} catch (error) {
+		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
+			logger$2.error("Failed to parse JSON-LD:\n{error}", {
+				recipient,
+				error
+			});
+			return new Response("Invalid JSON-LD.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		ldSigVerified = false;
+	}
+	const jsonWithoutSig = detachSignature(json);
+	let activity = null;
+	if (ldSigVerified) {
+		logger$2.debug("Linked Data Signatures are verified.", {
+			recipient,
+			json
+		});
+		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+	} else {
+		logger$2.debug("Linked Data Signatures are not verified.", {
+			recipient,
+			json
+		});
+		try {
+			activity = await verifyObject(Activity, jsonWithoutSig, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				keyCache,
+				tracerProvider
+			});
+		} catch (error) {
+			logger$2.error("Failed to parse activity:\n{error}", {
+				recipient,
+				activity: json,
+				error
+			});
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error$1) {
+				logger$2.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error: error$1,
+					activity: json,
+					recipient
+				});
+			}
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Failed to parse activity:\n${error}`
+			});
+			return new Response("Invalid activity.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		if (activity == null) logger$2.debug("Object Integrity Proofs are not verified.", {
+			recipient,
+			activity: json
+		});
+		else logger$2.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+	}
+	let httpSigKey = null;
+	if (activity == null) {
+		if (!skipSignatureVerification) {
+			const key = await verifyRequest(request, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				timeWindow: signatureTimeWindow,
+				keyCache,
+				tracerProvider
+			});
+			if (key == null) {
+				logger$2.error("Failed to verify the request's HTTP Signatures.", { recipient });
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Failed to verify the request's HTTP Signatures.`
+				});
+				return new Response("Failed to verify the request signature.", {
+					status: 401,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+			} else logger$2.debug("HTTP Signatures are verified.", { recipient });
+			httpSigKey = key;
+		}
+		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+	}
+	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
+		logger$2.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
+			activity: json,
+			recipient,
+			keyId: httpSigKey.id?.href,
+			actorId: activity.actorId?.href
+		});
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `The signer (${httpSigKey.id?.href}) and the actor (${activity.actorId?.href}) do not match.`
+		});
+		return new Response("The signer and the actor do not match.", {
+			status: 401,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const routeResult = await routeActivity({
+		context: ctx,
+		json,
+		activity,
+		recipient,
+		inboxListeners,
+		inboxContextFactory,
+		inboxErrorHandler,
+		kv,
+		kvPrefixes,
+		queue,
+		span,
+		tracerProvider
+	});
+	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "missingActor") return new Response("Missing actor.", {
+		status: 400,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "enqueued") return new Response("Activity is enqueued.", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "unsupportedActivity") return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "error") return new Response("Internal server error.", {
+		status: 500,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+}
+/**
+* Responds with the given object in JSON-LD format.
+*
+* @param object The object to respond with.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObject(object, options) {
+	const jsonLd = await object.toJsonLd(options);
+	return new Response(JSON.stringify(jsonLd), { headers: { "Content-Type": "application/activity+json" } });
+}
+/**
+* Responds with the given object in JSON-LD format if the request accepts
+* JSON-LD.
+*
+* @param object The object to respond with.
+* @param request The request to check for JSON-LD acceptability.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObjectIfAcceptable(object, request, options) {
+	if (!acceptsJsonLd(request)) return null;
+	const response = await respondWithObject(object, options);
+	response.headers.set("Vary", "Accept");
+	return response;
+}
+
+//#endregion
+//#region federation/middleware.ts
+/**
+* Create a new {@link Federation} instance.
+* @param parameters Parameters for initializing the instance.
+* @returns A new {@link Federation} instance.
+* @since 0.10.0
+*/
+function createFederation(options) {
+	return new FederationImpl(options);
+}
+var FederationImpl = class extends FederationBuilderImpl {
+	kv;
+	kvPrefixes;
+	inboxQueue;
+	outboxQueue;
+	fanoutQueue;
+	inboxQueueStarted;
+	outboxQueueStarted;
+	fanoutQueueStarted;
+	manuallyStartQueue;
+	origin;
+	documentLoaderFactory;
+	contextLoaderFactory;
+	authenticatedDocumentLoaderFactory;
+	allowPrivateAddress;
+	userAgent;
+	onOutboxError;
+	signatureTimeWindow;
+	skipSignatureVerification;
+	outboxRetryPolicy;
+	inboxRetryPolicy;
+	activityTransformers;
+	tracerProvider;
+	firstKnock;
+	constructor(options) {
+		super();
+		const logger$2 = getLogger(["fedify", "federation"]);
+		this.kv = options.kv;
+		this.kvPrefixes = {
+			activityIdempotence: ["_fedify", "activityIdempotence"],
+			remoteDocument: ["_fedify", "remoteDocument"],
+			publicKey: ["_fedify", "publicKey"],
+			httpMessageSignaturesSpec: ["_fedify", "httpMessageSignaturesSpec"],
+			...options.kvPrefixes ?? {}
+		};
+		if (options.queue == null) {
+			this.inboxQueue = void 0;
+			this.outboxQueue = void 0;
+			this.fanoutQueue = void 0;
+		} else if ("enqueue" in options.queue && "listen" in options.queue) {
+			this.inboxQueue = options.queue;
+			this.outboxQueue = options.queue;
+			this.fanoutQueue = options.queue;
+		} else {
+			this.inboxQueue = options.queue.inbox;
+			this.outboxQueue = options.queue.outbox;
+			this.fanoutQueue = options.queue.fanout;
+		}
+		this.inboxQueueStarted = false;
+		this.outboxQueueStarted = false;
+		this.fanoutQueueStarted = false;
+		this.manuallyStartQueue = options.manuallyStartQueue ?? false;
+		if (options.origin != null) if (typeof options.origin === "string") {
+			if (!URL.canParse(options.origin) || !options.origin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			const origin = new URL(options.origin);
+			if (!origin.pathname.match(/^\/*$/) || origin.search !== "" || origin.hash !== "") throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			this.origin = {
+				handleHost: origin.host,
+				webOrigin: origin.origin
+			};
+		} else {
+			const { handleHost, webOrigin } = options.origin;
+			if (!URL.canParse(`https://${handleHost}/`) || handleHost.includes("/")) throw new TypeError(`Invalid origin.handleHost: ${JSON.stringify(handleHost)}`);
+			if (!URL.canParse(webOrigin) || !webOrigin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			const webOriginUrl = new URL(webOrigin);
+			if (!webOriginUrl.pathname.match(/^\/*$/) || webOriginUrl.search !== "" || webOriginUrl.hash !== "") throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			this.origin = {
+				handleHost: new URL(`https://${handleHost}/`).host,
+				webOrigin: webOriginUrl.origin
+			};
+		}
+		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
+		this._initializeRouter();
+		if (options.allowPrivateAddress || options.userAgent != null) {
+			if (options.documentLoader != null) throw new TypeError("Cannot set documentLoader with allowPrivateAddress or userAgent options.");
+			else if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
+			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+		}
+		const { allowPrivateAddress, userAgent } = options;
+		this.allowPrivateAddress = allowPrivateAddress ?? false;
+		if (options.documentLoader != null) {
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set both documentLoader and documentLoaderFactory options at a time; use documentLoaderFactory only.");
+			this.documentLoaderFactory = () => options.documentLoader;
+			logger$2.warn("The documentLoader option is deprecated; use documentLoaderFactory option instead.");
+		} else this.documentLoaderFactory = options.documentLoaderFactory ?? ((opts) => {
+			return kvCache({
+				loader: getDocumentLoader({
+					allowPrivateAddress: opts?.allowPrivateAddress ?? allowPrivateAddress,
+					userAgent: opts?.userAgent ?? userAgent
+				}),
+				kv: options.kv,
+				prefix: this.kvPrefixes.remoteDocument
+			});
+		});
+		if (options.contextLoader != null) {
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
+			this.contextLoaderFactory = () => options.contextLoader;
+			logger$2.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
+		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => getAuthenticatedDocumentLoader(identity, {
+			allowPrivateAddress,
+			userAgent,
+			specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, options.firstKnock),
+			tracerProvider: this.tracerProvider
+		}));
+		this.userAgent = userAgent;
+		this.onOutboxError = options.onOutboxError;
+		this.signatureTimeWindow = options.signatureTimeWindow ?? { hours: 1 };
+		this.skipSignatureVerification = options.skipSignatureVerification ?? false;
+		this.outboxRetryPolicy = options.outboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.inboxRetryPolicy = options.inboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.activityTransformers = options.activityTransformers ?? getDefaultActivityTransformers();
+		this.tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+		this.firstKnock = options.firstKnock;
+	}
+	_initializeRouter() {
+		this.router.add("/.well-known/webfinger", "webfinger");
+		this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
+	}
+	_getTracer() {
+		return this.tracerProvider.getTracer(name, version);
+	}
+	async _startQueueInternal(ctxData, signal, queue) {
+		if (this.inboxQueue == null && this.outboxQueue == null) return;
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"queue"
+		]);
+		const promises = [];
+		if (this.inboxQueue != null && (queue == null || queue === "inbox") && !this.inboxQueueStarted) {
+			logger$2.debug("Starting an inbox task worker.");
+			this.inboxQueueStarted = true;
+			promises.push(this.inboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.outboxQueue != null && this.outboxQueue !== this.inboxQueue && (queue == null || queue === "outbox") && !this.outboxQueueStarted) {
+			logger$2.debug("Starting an outbox task worker.");
+			this.outboxQueueStarted = true;
+			promises.push(this.outboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.fanoutQueue != null && this.fanoutQueue !== this.inboxQueue && this.fanoutQueue !== this.outboxQueue && (queue == null || queue === "fanout") && !this.fanoutQueueStarted) {
+			logger$2.debug("Starting a fanout task worker.");
+			this.fanoutQueueStarted = true;
+			promises.push(this.fanoutQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		await Promise.all(promises);
+	}
+	processQueuedTask(contextData, message) {
+		const tracer = this._getTracer();
+		const extractedContext = propagation.extract(context.active(), message.traceContext);
+		return withContext({ messageId: message.id }, async () => {
+			if (message.type === "fanout") await tracer.startActiveSpan("activitypub.fanout", {
+				kind: SpanKind.CONSUMER,
+				attributes: { "activitypub.activity.type": message.activityType }
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenFanoutMessage(contextData, message);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "outbox") await tracer.startActiveSpan("activitypub.outbox", {
+				kind: SpanKind.CONSUMER,
+				attributes: {
+					"activitypub.activity.type": message.activityType,
+					"activitypub.activity.retries": message.attempt
+				}
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenOutboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "inbox") await tracer.startActiveSpan("activitypub.inbox", {
+				kind: SpanKind.CONSUMER,
+				attributes: { "activitypub.shared_inbox": message.identifier == null }
+			}, extractedContext, async (span) => {
+				try {
+					await this.#listenInboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+		});
+	}
+	async #listenFanoutMessage(data, message) {
+		getLogger([
+			"fedify",
+			"federation",
+			"fanout"
+		]).debug("Fanning out activity {activityId} to {inboxes} inbox(es)...", {
+			activityId: message.activityId,
+			inboxes: globalThis.Object.keys(message.inboxes).length
+		});
+		const keys = await Promise.all(message.keys.map(async ({ keyId, privateKey }) => ({
+			keyId: new URL(keyId),
+			privateKey: await importJwk(privateKey, "private")
+		})));
+		const activity = await Activity.fromJsonLd(message.activity, {
+			contextLoader: this.contextLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			documentLoader: this.documentLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			tracerProvider: this.tracerProvider
+		});
+		const context$1 = this.#createContext(new URL(message.baseUrl), data, { documentLoader: this.documentLoaderFactory({
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: this.userAgent
+		}) });
+		await this.sendActivity(keys, message.inboxes, activity, {
+			collectionSync: message.collectionSync,
+			context: context$1
+		});
+	}
+	async #listenOutboxMessage(_, message, span) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const logData = {
+			keyIds: message.keys.map((pair) => pair.keyId),
+			inbox: message.inbox,
+			activity: message.activity,
+			activityId: message.activityId,
+			attempt: message.attempt,
+			headers: message.headers
+		};
+		const keys = [];
+		let rsaKeyPair = null;
+		for (const { keyId, privateKey } of message.keys) {
+			const pair = {
+				keyId: new URL(keyId),
+				privateKey: await importJwk(privateKey, "private")
+			};
+			if (rsaKeyPair == null && pair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") rsaKeyPair = pair;
+			keys.push(pair);
+		}
+		try {
+			await sendActivity({
+				keys,
+				activity: message.activity,
+				activityId: message.activityId,
+				activityType: message.activityType,
+				inbox: new URL(message.inbox),
+				sharedInbox: message.sharedInbox,
+				headers: new Headers(message.headers),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, this.firstKnock),
+				tracerProvider: this.tracerProvider
+			});
+		} catch (error) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			const loaderOptions = this.#getLoaderOptions(message.baseUrl);
+			const activity = await Activity.fromJsonLd(message.activity, {
+				contextLoader: this.contextLoaderFactory(loaderOptions),
+				documentLoader: rsaKeyPair == null ? this.documentLoaderFactory(loaderOptions) : this.authenticatedDocumentLoaderFactory(rsaKeyPair, loaderOptions),
+				tracerProvider: this.tracerProvider
+			});
+			try {
+				this.onOutboxError?.(error, activity);
+			} catch (error$1) {
+				logger$2.error("An unexpected error occurred in onError handler:\n{error}", {
+					...logData,
+					error: error$1
+				});
+			}
+			if (this.outboxQueue?.nativeRetrial) {
+				logger$2.error("Failed to send activity {activityId} to {inbox}; backend will handle retry:\n{error}", {
+					...logData,
+					error
+				});
+				throw error;
+			}
+			const delay = this.outboxRetryPolicy({
+				elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+				attempts: message.attempt
+			});
+			if (delay != null) {
+				logger$2.error("Failed to send activity {activityId} to {inbox} (attempt #{attempt}); retry...:\n{error}", {
+					...logData,
+					error
+				});
+				await this.outboxQueue?.enqueue({
+					...message,
+					attempt: message.attempt + 1
+				}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+			} else logger$2.error("Failed to send activity {activityId} to {inbox} after {attempt} attempts; giving up:\n{error}", {
+				...logData,
+				error
+			});
+			return;
+		}
+		logger$2.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
+	}
+	async #listenInboxMessage(ctxData, message, span) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const baseUrl = new URL(message.baseUrl);
+		let context$1 = this.#createContext(baseUrl, ctxData);
+		if (message.identifier != null) context$1 = this.#createContext(baseUrl, ctxData, { documentLoader: await context$1.getDocumentLoader({ identifier: message.identifier }) });
+		else if (this.sharedInboxKeyDispatcher != null) {
+			const identity = await this.sharedInboxKeyDispatcher(context$1);
+			if (identity != null) context$1 = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$1.getDocumentLoader(identity) : context$1.getDocumentLoader(identity) });
+		}
+		const activity = await Activity.fromJsonLd(message.activity, context$1);
+		span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+		const cacheKey = activity.id == null ? null : [
+			...this.kvPrefixes.activityIdempotence,
+			context$1.origin,
+			activity.id.href
+		];
+		if (cacheKey != null) {
+			if (await this.kv.get(cacheKey) === true) {
+				logger$2.debug("Activity {activityId} has already been processed.", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				return;
+			}
+		}
+		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span$1) => {
+			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			if (dispatched == null) {
+				logger$2.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span$1.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${getTypeId(activity).href}`
+				});
+				span$1.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span$1.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context$1.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
+			} catch (error) {
+				try {
+					await this.inboxErrorHandler?.(context$1, error);
+				} catch (error$1) {
+					logger$2.error("An unexpected error occurred in inbox error handler:\n{error}", {
+						error: error$1,
+						trial: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+				}
+				if (this.inboxQueue?.nativeRetrial) {
+					logger$2.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
+						error,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span$1.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span$1.end();
+					throw error;
+				}
+				const delay = this.inboxRetryPolicy({
+					elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+					attempts: message.attempt
+				});
+				if (delay != null) {
+					logger$2.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
+						error,
+						attempt: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					await this.inboxQueue?.enqueue({
+						...message,
+						attempt: message.attempt + 1
+					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+				} else logger$2.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
+					error,
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				span$1.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(error)
+				});
+				span$1.end();
+				return;
+			}
+			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+			logger$2.info("Activity {activityId} has been processed.", {
+				activityId: activity.id?.href,
+				activity: message.activity,
+				recipient: message.identifier
+			});
+			span$1.end();
+		});
+	}
+	startQueue(contextData, options = {}) {
+		return this._startQueueInternal(contextData, options.signal, options.queue);
+	}
+	createContext(urlOrRequest, contextData) {
+		return urlOrRequest instanceof Request ? this.#createContext(urlOrRequest, contextData) : this.#createContext(urlOrRequest, contextData);
+	}
+	#createContext(urlOrRequest, contextData, opts = {}) {
+		const request = urlOrRequest instanceof Request ? urlOrRequest : null;
+		const url = urlOrRequest instanceof URL ? new URL(urlOrRequest) : new URL(urlOrRequest.url);
+		if (request == null) {
+			url.pathname = "/";
+			url.hash = "";
+			url.search = "";
+		}
+		const loaderOptions = this.#getLoaderOptions(url.origin);
+		const ctxOptions = {
+			url,
+			federation: this,
+			data: contextData,
+			documentLoader: opts.documentLoader ?? this.documentLoaderFactory(loaderOptions),
+			contextLoader: this.contextLoaderFactory(loaderOptions)
+		};
+		if (request == null) return new ContextImpl(ctxOptions);
+		return new RequestContextImpl({
+			...ctxOptions,
+			request,
+			invokedFromActorDispatcher: opts.invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: opts.invokedFromObjectDispatcher
+		});
+	}
+	#getLoaderOptions(origin) {
+		origin = typeof origin === "string" ? new URL(origin).origin : origin.origin;
+		return {
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: typeof this.userAgent === "string" ? this.userAgent : {
+				url: origin,
+				...this.userAgent
+			}
+		};
+	}
+	async sendActivity(keys, inboxes, activity, options) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const { immediate, collectionSync, context: ctx } = options;
+		if (activity.id == null) throw new TypeError("The activity to send must have an id.");
+		if (activity.actorId == null) throw new TypeError("The activity to send must have at least one actor property.");
+		else if (keys.length < 1) throw new TypeError("The keys must not be empty.");
+		const contextLoader = this.contextLoaderFactory(this.#getLoaderOptions(ctx.origin));
+		const activityId = activity.id.href;
+		let proofCreated = false;
+		let rsaKey = null;
+		for (const { keyId, privateKey } of keys) {
+			validateCryptoKey(privateKey, "private");
+			if (rsaKey == null && privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+				rsaKey = {
+					keyId,
+					privateKey
+				};
+				continue;
+			}
+			if (privateKey.algorithm.name === "Ed25519") {
+				activity = await signObject(activity, privateKey, keyId, {
+					contextLoader,
+					tracerProvider: this.tracerProvider
+				});
+				proofCreated = true;
+			}
+		}
+		let jsonLd = await activity.toJsonLd({
+			format: "compact",
+			contextLoader
+		});
+		if (rsaKey == null) logger$2.warn("No supported key found to create a Linked Data signature for the activity {activityId}.  The activity will be sent without a Linked Data signature.  In order to create a Linked Data signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		else jsonLd = await signJsonLd(jsonLd, rsaKey.privateKey, rsaKey.keyId, {
+			contextLoader,
+			tracerProvider: this.tracerProvider
+		});
+		if (!proofCreated) logger$2.warn("No supported key found to create a proof for the activity {activityId}.  The activity will be sent without a proof.  In order to create a proof, at least one Ed25519 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		if (immediate || this.outboxQueue == null) {
+			if (immediate) logger$2.debug("Sending activity immediately without queue since immediate option is set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			else logger$2.debug("Sending activity immediately without queue since queue is not set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				headers: collectionSync == null ? void 0 : new Headers({ "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) }),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, this.firstKnock),
+				tracerProvider: this.tracerProvider
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$2.debug("Enqueuing activity {activityId} to send later.", {
+			activityId: activity.id.href,
+			activity: jsonLd
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		if (!this.manuallyStartQueue) this._startQueueInternal(ctx.data);
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				keys: keyJwkPairs,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				attempt: 0,
+				headers: collectionSync == null ? {} : { "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) },
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const errors = (await Promise.allSettled(promises)).filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$2.error("Failed to enqueue activity {activityId} to send later: {errors}", {
+					activityId: activity.id.href,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${activityId} to send later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$2.error("Failed to enqueue activity {activityId} to send later: {error}", {
+				activityId: activity.id.href,
+				error
+			});
+			throw error;
+		}
+	}
+	fetch(request, options) {
+		return withContext({ requestId: getRequestId(request) }, async () => {
+			const tracer = this._getTracer();
+			return await tracer.startActiveSpan(request.method, {
+				kind: SpanKind.SERVER,
+				attributes: {
+					[ATTR_HTTP_REQUEST_METHOD]: request.method,
+					[ATTR_URL_FULL]: request.url
+				}
+			}, async (span) => {
+				const logger$2 = getLogger([
+					"fedify",
+					"federation",
+					"http"
+				]);
+				if (span.isRecording()) for (const [k, v] of request.headers) span.setAttribute(ATTR_HTTP_REQUEST_HEADER(k), [v]);
+				let response;
+				try {
+					response = await this.#fetch(request, {
+						...options,
+						span,
+						tracer
+					});
+				} catch (error) {
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: `${error}`
+					});
+					span.end();
+					logger$2.error("An error occurred while serving request {method} {url}: {error}", {
+						method: request.method,
+						url: request.url,
+						error
+					});
+					throw error;
+				}
+				if (span.isRecording()) {
+					span.setAttribute(ATTR_HTTP_RESPONSE_STATUS_CODE, response.status);
+					for (const [k, v] of response.headers) span.setAttribute(ATTR_HTTP_RESPONSE_HEADER(k), [v]);
+					span.setStatus({
+						code: response.status >= 500 ? SpanStatusCode.ERROR : SpanStatusCode.UNSET,
+						message: response.statusText
+					});
+				}
+				span.end();
+				const url = new URL(request.url);
+				const logTpl = "{method} {path}: {status}";
+				const values = {
+					method: request.method,
+					path: `${url.pathname}${url.search}`,
+					url: request.url,
+					status: response.status
+				};
+				if (response.status >= 500) logger$2.error(logTpl, values);
+				else if (response.status >= 400) logger$2.warn(logTpl, values);
+				else logger$2.info(logTpl, values);
+				return response;
+			});
+		});
+	}
+	async #fetch(request, { onNotFound, onNotAcceptable, onUnauthorized, contextData, span, tracer }) {
+		onNotFound ??= notFound;
+		onNotAcceptable ??= notAcceptable;
+		onUnauthorized ??= unauthorized;
+		const url = new URL(request.url);
+		const route = this.router.route(url.pathname);
+		if (route == null) return await onNotFound(request);
+		span.updateName(`${request.method} ${route.template}`);
+		let context$1 = this.#createContext(request, contextData);
+		const routeName = route.name.replace(/:.*$/, "");
+		switch (routeName) {
+			case "webfinger": return await handleWebFinger(request, {
+				context: context$1,
+				host: this.origin?.handleHost,
+				actorDispatcher: this.actorCallbacks?.dispatcher,
+				actorHandleMapper: this.actorCallbacks?.handleMapper,
+				actorAliasMapper: this.actorCallbacks?.aliasMapper,
+				onNotFound,
+				tracer
+			});
+			case "nodeInfoJrd": return await handleNodeInfoJrd(request, context$1);
+			case "nodeInfo": return await handleNodeInfo(request, {
+				context: context$1,
+				nodeInfoDispatcher: this.nodeInfoDispatcher
+			});
+			case "actor":
+				context$1 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
+				return await handleActor(request, {
+					identifier: route.values.identifier ?? route.values.handle,
+					context: context$1,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					authorizePredicate: this.actorCallbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			case "object": {
+				const typeId = route.name.replace(/^object:/, "");
+				const callbacks = this.objectCallbacks[typeId];
+				const cls = this.objectTypeIds[typeId];
+				context$1 = this.#createContext(request, contextData, { invokedFromObjectDispatcher: {
+					cls,
+					values: route.values
+				} });
+				return await handleObject(request, {
+					values: route.values,
+					context: context$1,
+					objectDispatcher: callbacks?.dispatcher,
+					authorizePredicate: callbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "outbox": return await handleCollection(request, {
+				name: "outbox",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getOutboxUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.outboxCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "inbox":
+				if (request.method !== "POST") return await handleCollection(request, {
+					name: "inbox",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: context$1.getInboxUri.bind(context$1),
+					context: context$1,
+					collectionCallbacks: this.inboxCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+				context$1 = this.#createContext(request, contextData, { documentLoader: await context$1.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle }) });
+			case "sharedInbox":
+				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
+					const identity = await this.sharedInboxKeyDispatcher(context$1);
+					if (identity != null) context$1 = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$1.getDocumentLoader(identity) : context$1.getDocumentLoader(identity) });
+				}
+				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				return await handleInbox(request, {
+					recipient: route.values.identifier ?? route.values.handle ?? null,
+					context: context$1,
+					inboxContextFactory: context$1.toInboxContext.bind(context$1),
+					kv: this.kv,
+					kvPrefixes: this.kvPrefixes,
+					queue: this.inboxQueue,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					inboxListeners: this.inboxListeners,
+					inboxErrorHandler: this.inboxErrorHandler,
+					onNotFound,
+					signatureTimeWindow: this.signatureTimeWindow,
+					skipSignatureVerification: this.skipSignatureVerification,
+					tracerProvider: this.tracerProvider
+				});
+			case "following": return await handleCollection(request, {
+				name: "following",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFollowingUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.followingCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "followers": {
+				let baseUrl = url.searchParams.get("base-url");
+				if (baseUrl != null) try {
+					baseUrl = `${new URL(baseUrl).origin}/`;
+				} catch {
+					baseUrl = null;
+				}
+				return await handleCollection(request, {
+					name: "followers",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: baseUrl == null ? context$1.getFollowersUri.bind(context$1) : (identifier) => {
+						const uri = context$1.getFollowersUri(identifier);
+						uri.searchParams.set("base-url", baseUrl);
+						return uri;
+					},
+					context: context$1,
+					filter: baseUrl != null ? new URL(baseUrl) : void 0,
+					filterPredicate: baseUrl != null ? ((i) => (i instanceof URL ? i.href : i.id?.href ?? "").startsWith(baseUrl)) : void 0,
+					collectionCallbacks: this.followersCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "liked": return await handleCollection(request, {
+				name: "liked",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getLikedUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.likedCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featured": return await handleCollection(request, {
+				name: "featured",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFeaturedUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.featuredCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featuredTags": return await handleCollection(request, {
+				name: "featured tags",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$1.getFeaturedTagsUri.bind(context$1),
+				context: context$1,
+				collectionCallbacks: this.featuredTagsCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			default: {
+				const response = onNotFound(request);
+				return response instanceof Promise ? await response : response;
+			}
+		}
+	}
+};
+const FANOUT_THRESHOLD = 5;
+var ContextImpl = class ContextImpl {
+	url;
+	federation;
+	data;
+	documentLoader;
+	contextLoader;
+	invokedFromActorKeyPairsDispatcher;
+	constructor({ url, federation, data, documentLoader, contextLoader, invokedFromActorKeyPairsDispatcher }) {
+		this.url = url;
+		this.federation = federation;
+		this.data = data;
+		this.documentLoader = documentLoader;
+		this.contextLoader = contextLoader;
+		this.invokedFromActorKeyPairsDispatcher = invokedFromActorKeyPairsDispatcher;
+	}
+	clone(data) {
+		return new ContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	toInboxContext(recipient, activity, activityId, activityType) {
+		return new InboxContextImpl(recipient, activity, activityId, activityType, {
+			url: this.url,
+			federation: this.federation,
+			data: this.data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	get hostname() {
+		return this.url.hostname;
+	}
+	get host() {
+		return this.url.host;
+	}
+	get origin() {
+		return this.url.origin;
+	}
+	get canonicalOrigin() {
+		return this.federation.origin?.webOrigin ?? this.origin;
+	}
+	get tracerProvider() {
+		return this.federation.tracerProvider;
+	}
+	getNodeInfoUri() {
+		const path = this.federation.router.build("nodeInfo", {});
+		if (path == null) throw new RouterError("No NodeInfo dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getActorUri(identifier) {
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No actor dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getObjectUri(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new RouterError("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		const path = this.federation.router.build(`object:${cls.typeId.href}`, values);
+		if (path == null) throw new RouterError("No object dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getOutboxUri(identifier) {
+		const path = this.federation.router.build("outbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No outbox dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getInboxUri(identifier) {
+		if (identifier == null) {
+			const path$1 = this.federation.router.build("sharedInbox", {});
+			if (path$1 == null) throw new RouterError("No shared inbox path registered.");
+			return new URL(path$1, this.canonicalOrigin);
+		}
+		const path = this.federation.router.build("inbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No inbox path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowingUri(identifier) {
+		const path = this.federation.router.build("following", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No following collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowersUri(identifier) {
+		const path = this.federation.router.build("followers", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No followers collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getLikedUri(identifier) {
+		const path = this.federation.router.build("liked", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No liked collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedUri(identifier) {
+		const path = this.federation.router.build("featured", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedTagsUri(identifier) {
+		const path = this.federation.router.build("featuredTags", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured tags collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	parseUri(uri) {
+		if (uri == null) return null;
+		if (uri.origin !== this.origin && uri.origin !== this.canonicalOrigin) return null;
+		const route = this.federation.router.route(uri.pathname);
+		const logger$2 = getLogger(["fedify", "federation"]);
+		if (route == null) return null;
+		else if (route.name === "sharedInbox") return {
+			type: "inbox",
+			identifier: void 0,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+			}
+		};
+		const identifier = "identifier" in route.values ? route.values.identifier : route.values.handle;
+		if (route.name === "actor") return {
+			type: "actor",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name.startsWith("object:")) {
+			const typeId = route.name.replace(/^object:/, "");
+			return {
+				type: "object",
+				class: this.federation.objectTypeIds[typeId],
+				typeId: new URL(typeId),
+				values: route.values
+			};
+		} else if (route.name === "inbox") return {
+			type: "inbox",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "outbox") return {
+			type: "outbox",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "following") return {
+			type: "following",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "followers") return {
+			type: "followers",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "liked") return {
+			type: "liked",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featured") return {
+			type: "featured",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featuredTags") return {
+			type: "featuredTags",
+			identifier,
+			get handle() {
+				logger$2.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		return null;
+	}
+	async getActorKeyPairs(identifier) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.invokedFromActorKeyPairsDispatcher != null) logger$2.warn("Context.getActorKeyPairs({getActorKeyPairsIdentifier}) method is invoked from the actor key pairs dispatcher ({actorKeyPairsDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorKeyPairsIdentifier: identifier,
+			actorKeyPairsDispatcherIdentifier: this.invokedFromActorKeyPairsDispatcher.identifier
+		});
+		let keyPairs;
+		try {
+			keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		} catch (_) {
+			logger$2.warn("No actor key pairs dispatcher registered.");
+			return [];
+		}
+		const owner = this.getActorUri(identifier);
+		const result = [];
+		for (const keyPair of keyPairs) {
+			const newPair = {
+				...keyPair,
+				cryptographicKey: new CryptographicKey({
+					id: keyPair.keyId,
+					owner,
+					publicKey: keyPair.publicKey
+				}),
+				multikey: new Multikey({
+					id: keyPair.keyId,
+					controller: owner,
+					publicKey: keyPair.publicKey
+				})
+			};
+			result.push(newPair);
+		}
+		return result;
+	}
+	async getKeyPairsFromIdentifier(identifier) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.federation.actorCallbacks?.keyPairsDispatcher == null) throw new Error("No actor key pairs dispatcher registered.");
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) {
+			logger$2.warn("No actor dispatcher registered.");
+			return [];
+		}
+		const actorUri = new URL(path, this.canonicalOrigin);
+		const keyPairs = await this.federation.actorCallbacks?.keyPairsDispatcher(new ContextImpl({
+			...this,
+			invokedFromActorKeyPairsDispatcher: { identifier }
+		}), identifier);
+		if (keyPairs.length < 1) logger$2.warn("No key pairs found for actor {identifier}.", { identifier });
+		let i = 0;
+		const result = [];
+		for (const keyPair of keyPairs) {
+			result.push({
+				...keyPair,
+				keyId: new URL(i == 0 ? `#main-key` : `#key-${i + 1}`, actorUri)
+			});
+			i++;
+		}
+		return result;
+	}
+	async getRsaKeyPairFromIdentifier(identifier) {
+		const keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		for (const keyPair of keyPairs) {
+			const { privateKey } = keyPair;
+			if (privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" && privateKey.algorithm.hash.name === "SHA-256") return keyPair;
+		}
+		getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("No RSA-PKCS#1-v1.5 SHA-256 key found for actor {identifier}.", { identifier });
+		return null;
+	}
+	getDocumentLoader(identity) {
+		if ("identifier" in identity || "username" in identity || "handle" in identity) {
+			let identifierPromise;
+			if ("username" in identity || "handle" in identity) {
+				let username;
+				if ("username" in identity) username = identity.username;
+				else {
+					username = identity.handle;
+					getLogger([
+						"fedify",
+						"runtime",
+						"docloader"
+					]).warn("The \"handle\" property is deprecated; use \"identifier\" or \"username\" instead.", { identity });
+				}
+				const mapper = this.federation.actorCallbacks?.handleMapper;
+				if (mapper == null) identifierPromise = Promise.resolve(username);
+				else {
+					const identifier = mapper(this, username);
+					identifierPromise = identifier instanceof Promise ? identifier : Promise.resolve(identifier);
+				}
+			} else identifierPromise = Promise.resolve(identity.identifier);
+			return identifierPromise.then((identifier) => {
+				if (identifier == null) return this.documentLoader;
+				return this.getRsaKeyPairFromIdentifier(identifier).then((pair) => pair == null ? this.documentLoader : this.federation.authenticatedDocumentLoaderFactory(pair));
+			});
+		}
+		return this.federation.authenticatedDocumentLoaderFactory(identity);
+	}
+	lookupObject(identifier, options = {}) {
+		return lookupObject(identifier, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	traverseCollection(collection, options = {}) {
+		return traverseCollection(collection, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader
+		});
+	}
+	lookupNodeInfo(url, options = {}) {
+		return options.parse === "none" ? getNodeInfo(url, {
+			parse: "none",
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		}) : getNodeInfo(url, {
+			parse: options.parse,
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		});
+	}
+	lookupWebFinger(resource, options = {}) {
+		return lookupWebFinger(resource, {
+			...options,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	sendActivity(sender, recipients, activity, options = {}) {
+		return this.tracerProvider.getTracer(name, version).startActiveSpan(this.federation.outboxQueue == null || options.immediate ? "activitypub.outbox" : "activitypub.fanout", {
+			kind: this.federation.outboxQueue == null || options.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+			attributes: {
+				"activitypub.activity.type": getTypeId(activity).href,
+				"activitypub.activity.to": activity.toIds.map((to) => to.href),
+				"activitypub.activity.cc": activity.toIds.map((cc) => cc.href),
+				"activitypub.activity.bto": activity.btoIds.map((bto) => bto.href),
+				"activitypub.activity.bcc": activity.toIds.map((bcc) => bcc.href)
+			}
+		}, async (span) => {
+			try {
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				await this.sendActivityInternal(sender, recipients, activity, options, span);
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async sendActivityInternal(sender, recipients, activity, options, span) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in sender || "username" in sender || "handle" in sender) {
+			if ("identifier" in sender) identifier = sender.identifier;
+			else {
+				let username;
+				if ("username" in sender) username = sender.username;
+				else {
+					username = sender.handle;
+					logger$2.warn("The \"handle\" property for the sender parameter is deprecated; use \"identifier\" or \"username\" instead.", { sender });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			span.setAttribute("fedify.actor.identifier", identifier);
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(sender)) {
+			if (sender.length < 1) throw new Error("The sender's key pairs are empty.");
+			keys = sender;
+		} else keys = [sender];
+		if (keys.length < 1) throw new TypeError("The sender's keys must not be empty.");
+		for (const { privateKey } of keys) validateCryptoKey(privateKey, "private");
+		const opts = { context: this };
+		let expandedRecipients;
+		if (Array.isArray(recipients)) expandedRecipients = recipients;
+		else if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", sender must be an actor identifier or username.");
+			expandedRecipients = [];
+			for await (const recipient of this.getFollowers(identifier)) expandedRecipients.push(recipient);
+			if (options.syncCollection) {
+				const collectionId = this.federation.router.build("followers", {
+					identifier,
+					handle: identifier
+				});
+				opts.collectionSync = collectionId == null ? void 0 : new URL(collectionId, this.canonicalOrigin).href;
+			}
+		} else expandedRecipients = [recipients];
+		span.setAttribute("activitypub.inboxes", expandedRecipients.length);
+		for (const activityTransformer of this.federation.activityTransformers) activity = activityTransformer(activity, this);
+		span?.setAttribute("activitypub.activity.id", activity?.id?.href ?? "");
+		if (activity.actorId == null) {
+			logger$2.error("Activity {activityId} to send does not have an actor.", {
+				activity,
+				activityId: activity?.id?.href
+			});
+			throw new TypeError("The activity to send must have at least one actor property.");
+		}
+		const inboxes = extractInboxes({
+			recipients: expandedRecipients,
+			preferSharedInbox: options.preferSharedInbox,
+			excludeBaseUris: options.excludeBaseUris
+		});
+		logger$2.debug("Sending activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: activity.id?.href,
+			activity
+		});
+		if (this.federation.fanoutQueue == null || options.immediate || options.fanout === "skip" || (options.fanout ?? "auto") === "auto" && globalThis.Object.keys(inboxes).length < FANOUT_THRESHOLD) {
+			await this.federation.sendActivity(keys, inboxes, activity, opts);
+			return;
+		}
+		const keyJwkPairs = await Promise.all(keys.map(async ({ keyId, privateKey }) => ({
+			keyId: keyId.href,
+			privateKey: await exportJwk(privateKey)
+		})));
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const message = {
+			type: "fanout",
+			id: crypto.randomUUID(),
+			baseUrl: this.origin,
+			keys: keyJwkPairs,
+			inboxes: globalThis.Object.fromEntries(globalThis.Object.entries(inboxes).map(([k, { actorIds, sharedInbox }]) => [k, {
+				actorIds: [...actorIds],
+				sharedInbox
+			}])),
+			activity: await activity.toJsonLd({
+				format: "compact",
+				contextLoader: this.contextLoader
+			}),
+			activityId: activity.id?.href,
+			activityType: getTypeId(activity).href,
+			collectionSync: opts.collectionSync,
+			traceContext: carrier
+		};
+		if (!this.federation.manuallyStartQueue) this.federation._startQueueInternal(this.data);
+		this.federation.fanoutQueue.enqueue(message);
+	}
+	async *getFollowers(identifier) {
+		if (this.federation.followersCallbacks == null) throw new Error("No followers collection dispatcher registered.");
+		const result = await this.federation.followersCallbacks.dispatcher(this, identifier, null);
+		if (result != null) {
+			for (const recipient of result.items) yield recipient;
+			return;
+		}
+		if (this.federation.followersCallbacks.firstCursor == null) throw new Error("No first cursor dispatcher registered for followers collection.");
+		let cursor = await this.federation.followersCallbacks.firstCursor(this, identifier);
+		if (cursor != null) getLogger([
+			"fedify",
+			"federation",
+			"outbox"
+		]).warn("Since the followers collection dispatcher returned null for no cursor (i.e., one-shot dispatcher), the pagination is used to fetch \"followers\".  However, it is recommended to implement the one-shot dispatcher for better performance.", { identifier });
+		while (cursor != null) {
+			const result$1 = await this.federation.followersCallbacks.dispatcher(this, identifier, cursor);
+			if (result$1 == null) break;
+			for (const recipient of result$1.items) yield recipient;
+			cursor = result$1.nextCursor ?? null;
+		}
+	}
+	routeActivity(recipient, activity, options = {}) {
+		return (this.tracerProvider ?? this.tracerProvider).getTracer(name, version).startActiveSpan("activitypub.inbox", {
+			kind: this.federation.inboxQueue == null || options.immediate ? SpanKind.INTERNAL : SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": getTypeId(activity).href }
+		}, async (span) => {
+			if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+			if (activity.toIds.length > 0) span.setAttribute("activitypub.activity.to", activity.toIds.map((to) => to.href));
+			if (activity.ccIds.length > 0) span.setAttribute("activitypub.activity.cc", activity.ccIds.map((cc) => cc.href));
+			if (activity.btoIds.length > 0) span.setAttribute("activitypub.activity.bto", activity.btoIds.map((bto) => bto.href));
+			if (activity.bccIds.length > 0) span.setAttribute("activitypub.activity.bcc", activity.bccIds.map((bcc) => bcc.href));
+			try {
+				const ok = await this.routeActivityInternal(recipient, activity, options, span);
+				if (ok) {
+					span.setAttribute("activitypub.shared_inbox", recipient == null);
+					if (recipient != null) span.setAttribute("fedify.inbox.recipient", recipient);
+				} else span.setStatus({ code: SpanStatusCode.ERROR });
+				return ok;
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async routeActivityInternal(recipient, activity, options = {}, span) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const contextLoader = options.contextLoader ?? this.contextLoader;
+		const json = await activity.toJsonLd({ contextLoader });
+		const keyCache = new KvKeyCache(this.federation.kv, this.federation.kvPrefixes.publicKey, this);
+		if (await verifyObject(Activity, json, {
+			contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			keyCache
+		}) == null) {
+			logger$2.debug("Object Integrity Proofs are not verified.", {
+				recipient,
+				activity: json
+			});
+			if (activity.id == null) {
+				logger$2.debug("Activity is missing an ID; unable to fetch.", {
+					recipient,
+					activity: json
+				});
+				return false;
+			}
+			const fetched = await this.lookupObject(activity.id, options);
+			if (fetched == null) {
+				logger$2.debug("Failed to fetch the remote activity object {activityId}.", {
+					recipient,
+					activity: json,
+					activityId: activity.id.href
+				});
+				return false;
+			} else if (!(fetched instanceof Activity)) {
+				logger$2.debug("Fetched object is not an Activity.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.id?.href !== activity.id.href) {
+				logger$2.debug("Fetched activity object has a different ID; failed to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.actorIds.length < 1) {
+				logger$2.debug("Fetched activity object is missing an actor; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			const activityId = fetched.id;
+			if (!fetched.actorIds.every((actor) => actor.origin === activityId.origin)) {
+				logger$2.debug("Fetched activity object has actors from different origins; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			logger$2.debug("Successfully fetched the remote activity object {activityId}; ignore the original activity and use the fetched one, which is trustworthy.");
+			activity = fetched;
+		} else logger$2.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+		const routeResult = await routeActivity({
+			context: this,
+			json,
+			activity,
+			recipient,
+			inboxListeners: this.federation.inboxListeners,
+			inboxContextFactory: this.toInboxContext.bind(this),
+			inboxErrorHandler: this.federation.inboxErrorHandler,
+			kv: this.federation.kv,
+			kvPrefixes: this.federation.kvPrefixes,
+			queue: this.federation.inboxQueue,
+			span,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
+	}
+};
+var RequestContextImpl = class RequestContextImpl extends ContextImpl {
+	#invokedFromActorDispatcher;
+	#invokedFromObjectDispatcher;
+	request;
+	url;
+	constructor(options) {
+		super(options);
+		this.#invokedFromActorDispatcher = options.invokedFromActorDispatcher;
+		this.#invokedFromObjectDispatcher = options.invokedFromObjectDispatcher;
+		this.request = options.request;
+		this.url = options.url;
+	}
+	clone(data) {
+		return new RequestContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher,
+			invokedFromActorDispatcher: this.#invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: this.#invokedFromObjectDispatcher,
+			request: this.request
+		});
+	}
+	async getActor(identifier) {
+		if (this.federation.actorCallbacks == null || this.federation.actorCallbacks.dispatcher == null) throw new Error("No actor dispatcher registered.");
+		if (this.#invokedFromActorDispatcher != null) getLogger([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("RequestContext.getActor({getActorIdentifier}) is invoked from the actor dispatcher ({actorDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorIdentifier: identifier,
+			actorDispatcherIdentifier: this.#invokedFromActorDispatcher.identifier
+		});
+		return await this.federation.actorCallbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromActorDispatcher: { identifier }
+		}), identifier);
+	}
+	async getObject(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new Error("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		if (this.#invokedFromObjectDispatcher != null) getLogger(["fedify", "federation"]).warn("RequestContext.getObject({getObjectClass}, {getObjectValues}) is invoked from the object dispatcher ({actorDispatcherClass}, {actorDispatcherValues}); this may cause an infinite loop.", {
+			getObjectClass: cls.name,
+			getObjectValues: values,
+			actorDispatcherClass: this.#invokedFromObjectDispatcher.cls.name,
+			actorDispatcherValues: this.#invokedFromObjectDispatcher.values
+		});
+		return await callbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromObjectDispatcher: {
+				cls,
+				values
+			}
+		}), values);
+	}
+	#signedKey = void 0;
+	async getSignedKey(options = {}) {
+		if (this.#signedKey != null) return this.#signedKey;
+		return this.#signedKey = await verifyRequest(this.request, {
+			...this,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			timeWindow: this.federation.signatureTimeWindow,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+	#signedKeyOwner = void 0;
+	async getSignedKeyOwner(options = {}) {
+		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
+		const key = await this.getSignedKey(options);
+		if (key == null) return this.#signedKeyOwner = null;
+		return this.#signedKeyOwner = await getKeyOwner(key, {
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+};
+var InboxContextImpl = class InboxContextImpl extends ContextImpl {
+	recipient;
+	activity;
+	activityId;
+	activityType;
+	constructor(recipient, activity, activityId, activityType, options) {
+		super(options);
+		this.recipient = recipient;
+		this.activity = activity;
+		this.activityId = activityId;
+		this.activityType = activityType;
+	}
+	clone(data) {
+		return new InboxContextImpl(this.recipient, this.activity, this.activityId, this.activityType, {
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	forwardActivity(forwarder, recipients, options) {
+		return this.tracerProvider.getTracer(name, version).startActiveSpan("activitypub.outbox", {
+			kind: this.federation.outboxQueue == null || options?.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": this.activityType }
+		}, async (span) => {
+			try {
+				if (this.activityId != null) span.setAttribute("activitypub.activity.id", this.activityId);
+				await this.forwardActivityInternal(forwarder, recipients, options);
+			} catch (e) {
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async forwardActivityInternal(forwarder, recipients, options) {
+		const logger$2 = getLogger([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in forwarder || "username" in forwarder || "handle" in forwarder) {
+			if ("identifier" in forwarder) identifier = forwarder.identifier;
+			else {
+				let username;
+				if ("username" in forwarder) username = forwarder.username;
+				else {
+					username = forwarder.handle;
+					logger$2.warn("The \"handle\" property for the forwarder parameter is deprecated; use \"identifier\" or \"username\" instead.", { forwarder });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(forwarder)) {
+			if (forwarder.length < 1) throw new Error("The forwarder's key pairs are empty.");
+			keys = forwarder;
+		} else keys = [forwarder];
+		if (!hasSignature(this.activity)) {
+			let hasProof;
+			try {
+				hasProof = await (await Activity.fromJsonLd(this.activity, this)).getProof() != null;
+			} catch {
+				hasProof = false;
+			}
+			if (!hasProof) {
+				if (options?.skipIfUnsigned) return;
+				logger$2.warn("The received activity {activityId} is not signed; even if it is forwarded to other servers as is, it may not be accepted by them due to the lack of a signature/proof.");
+			}
+		}
+		if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", forwarder must be an actor identifier or username.");
+			const followers = [];
+			for await (const recipient of this.getFollowers(identifier)) followers.push(recipient);
+			recipients = followers;
+		}
+		const inboxes = extractInboxes({
+			recipients: Array.isArray(recipients) ? recipients : [recipients],
+			preferSharedInbox: options?.preferSharedInbox,
+			excludeBaseUris: options?.excludeBaseUris
+		});
+		logger$2.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		if (options?.immediate || this.federation.outboxQueue == null) {
+			if (options?.immediate) logger$2.debug("Forwarding activity immediately without queue since immediate option is set.");
+			else logger$2.debug("Forwarding activity immediately without queue since queue is not set.");
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				tracerProvider: this.tracerProvider,
+				specDeterminer: new KvSpecDeterminer(this.federation.kv, this.federation.kvPrefixes.httpMessageSignaturesSpec, this.federation.firstKnock)
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$2.debug("Enqueuing activity {activityId} to forward later.", {
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: this.origin,
+				keys: keyJwkPairs,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				attempt: 0,
+				headers: {},
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this.federation;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const errors = (await Promise.allSettled(promises)).filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$2.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
+					activityId: this.activityId,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${this.activityId} to forward later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$2.error("Failed to enqueue activity {activityId} to forward later:\n{error}", {
+				activityId: this.activityId,
+				error
+			});
+			throw error;
+		}
+	}
+};
+var KvSpecDeterminer = class {
+	kv;
+	prefix;
+	defaultSpec;
+	constructor(kv, prefix, defaultSpec = "rfc9421") {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.defaultSpec = defaultSpec;
+	}
+	async determineSpec(origin) {
+		return await this.kv.get([...this.prefix, origin]) ?? this.defaultSpec;
+	}
+	async rememberSpec(origin, spec) {
+		await this.kv.set([...this.prefix, origin], spec);
+	}
+};
+function notFound(_request) {
+	return new Response("Not Found", { status: 404 });
+}
+function notAcceptable(_request) {
+	return new Response("Not Acceptable", {
+		status: 406,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+function unauthorized(_request) {
+	return new Response("Unauthorized", {
+		status: 401,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+/**
+* Generates or extracts a unique identifier for a request.
+*
+* This function first attempts to extract an existing request ID from standard
+* tracing headers. If none exists, it generates a new one. The ID format is:
+*
+*  -  If from headers, uses the existing ID.
+*  -  If generated, uses format `req_` followed by a base36 timestamp and
+*     6 random chars.
+*
+* @param request The incoming HTTP request.
+* @returns A string identifier unique to this request.
+*/
+function getRequestId(request) {
+	const traceId = request.headers.get("X-Request-Id") || request.headers.get("X-Correlation-Id") || request.headers.get("Traceparent")?.split("-")[1];
+	if (traceId != null) return traceId;
+	return `req_${Date.now().toString(36)}${Math.random().toString(36).slice(2, 8)}`;
+}
+
+//#endregion
+export { autoIdAssigner as _, createFederation as a, handleCollection as c, respondWithObject as d, respondWithObjectIfAcceptable as f, actorDehydrator as g, handleNodeInfoJrd as h, KvSpecDeterminer as i, handleInbox as l, handleNodeInfo as m, FederationImpl as n, acceptsJsonLd as o, handleWebFinger as p, InboxContextImpl as r, handleActor as s, ContextImpl as t, handleObject as u };