@fedify/fedify 1.9.0-pr.428.1588 → 1.9.0-pr.431.1597

package/dist/middleware-B2DFqtJ-.cjs

@@ -0,0 +1,4240 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+const require_chunk = require('./chunk-DqRYRqnO.cjs');
+const require_transformers = require('./transformers-CoBS-oFG.cjs');
+const require_docloader = require('./docloader-eqgyMp7h.cjs');
+const require_actor = require('./actor-CfaqWvJb.cjs');
+const require_lookup = require('./lookup-D96ipStp.cjs');
+const require_key = require('./key-19P2dWvf.cjs');
+const require_http = require('./http-_vjuGcXn.cjs');
+const require_proof = require('./proof-CRHppbRk.cjs');
+const require_types = require('./types-DcKQIzdO.cjs');
+const require_authdocloader = require('./authdocloader-BVYv0Ct8.cjs');
+const require_vocab = require('./vocab-Du8FV6H1.cjs');
+const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
+const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
+const byte_encodings_hex = require_chunk.__toESM(require("byte-encodings/hex"));
+const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
+const uri_template_router = require_chunk.__toESM(require("uri-template-router"));
+const url_template = require_chunk.__toESM(require("url-template"));
+const __opentelemetry_semantic_conventions = require_chunk.__toESM(require("@opentelemetry/semantic-conventions"));
+const node_url = require_chunk.__toESM(require("node:url"));
+
+//#region src/federation/inbox.ts
+var InboxListenerSet = class InboxListenerSet {
+	#listeners;
+	constructor() {
+		this.#listeners = /* @__PURE__ */ new Map();
+	}
+	clone() {
+		const clone = new InboxListenerSet();
+		clone.#listeners = new Map(this.#listeners);
+		return clone;
+	}
+	add(type, listener) {
+		if (this.#listeners.has(type)) throw new TypeError("Listener already set for this type.");
+		this.#listeners.set(type, listener);
+	}
+	dispatchWithClass(activity) {
+		let cls = activity.constructor;
+		const inboxListeners = this.#listeners;
+		if (inboxListeners == null) return null;
+		while (true) {
+			if (inboxListeners.has(cls)) break;
+			if (cls === require_actor.Activity) return null;
+			cls = globalThis.Object.getPrototypeOf(cls);
+		}
+		const listener = inboxListeners.get(cls);
+		return {
+			class: cls,
+			listener
+		};
+	}
+	dispatch(activity) {
+		return this.dispatchWithClass(activity)?.listener ?? null;
+	}
+};
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+	const logger$1 = (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	const cacheKey = activity.id == null ? null : [
+		...kvPrefixes.activityIdempotence,
+		ctx.origin,
+		activity.id.href
+	];
+	if (cacheKey != null) {
+		const cached = await kv.get(cacheKey);
+		if (cached === true) {
+			logger$1.debug("Activity {activityId} has already been processed.", {
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.UNSET,
+				message: `Activity ${activity.id?.href} has already been processed.`
+			});
+			return "alreadyProcessed";
+		}
+	}
+	if (activity.actorId == null) {
+		logger$1.error("Missing actor.", { activity: json });
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: "Missing actor."
+		});
+		return "missingActor";
+	}
+	span.setAttribute("activitypub.actor.id", activity.actorId.href);
+	if (queue != null) {
+		const carrier = {};
+		__opentelemetry_api.propagation.inject(__opentelemetry_api.context.active(), carrier);
+		try {
+			await queue.enqueue({
+				type: "inbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				activity: json,
+				identifier: recipient,
+				attempt: 0,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				traceContext: carrier
+			});
+		} catch (error) {
+			logger$1.error("Failed to enqueue the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: `Failed to enqueue the incoming activity ${activity.id?.href}.`
+			});
+			throw error;
+		}
+		logger$1.info("Activity {activityId} is enqueued.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		return "enqueued";
+	}
+	tracerProvider = tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	return await tracer.startActiveSpan("activitypub.dispatch_inbox_listener", { kind: __opentelemetry_api.SpanKind.INTERNAL }, async (span$1) => {
+		const dispatched = inboxListeners?.dispatchWithClass(activity);
+		if (dispatched == null) {
+			logger$1.error("Unsupported activity type:\n{activity}", {
+				activity: json,
+				recipient
+			});
+			span$1.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.UNSET,
+				message: `Unsupported activity type: ${require_actor.getTypeId(activity).href}`
+			});
+			span$1.end();
+			return "unsupportedActivity";
+		}
+		const { class: cls, listener } = dispatched;
+		span$1.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+		try {
+			await listener(inboxContextFactory(recipient, json, activity?.id?.href, require_actor.getTypeId(activity).href), activity);
+		} catch (error) {
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error: error$1,
+					activityId: activity.id?.href,
+					activity: json,
+					recipient
+				});
+			}
+			logger$1.error("Failed to process the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span$1.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			span$1.end();
+			return "error";
+		}
+		if (cacheKey != null) await kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+		logger$1.info("Activity {activityId} has been processed.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		span$1.end();
+		return "success";
+	});
+}
+
+//#endregion
+//#region src/federation/router.ts
+function cloneInnerRouter(router) {
+	const clone = new uri_template_router.Router();
+	clone.nid = router.nid;
+	clone.fsm = (0, es_toolkit.cloneDeep)(router.fsm);
+	clone.routeSet = new Set(router.routeSet);
+	clone.templateRouteMap = new Map(router.templateRouteMap);
+	clone.valueRouteMap = new Map(router.valueRouteMap);
+	clone.hierarchy = (0, es_toolkit.cloneDeep)(router.hierarchy);
+	return clone;
+}
+/**
+* URL router and constructor based on URI Template
+* ([RFC 6570](https://tools.ietf.org/html/rfc6570)).
+*/
+var Router = class Router {
+	#router;
+	#templates;
+	#templateStrings;
+	/**
+	* Whether to ignore trailing slashes when matching paths.
+	* @since 1.6.0
+	*/
+	trailingSlashInsensitive;
+	/**
+	* Create a new {@link Router}.
+	* @param options Options for the router.
+	*/
+	constructor(options = {}) {
+		this.#router = new uri_template_router.Router();
+		this.#templates = {};
+		this.#templateStrings = {};
+		this.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
+	}
+	clone() {
+		const clone = new Router({ trailingSlashInsensitive: this.trailingSlashInsensitive });
+		clone.#router = cloneInnerRouter(this.#router);
+		clone.#templates = { ...this.#templates };
+		clone.#templateStrings = { ...this.#templateStrings };
+		return clone;
+	}
+	/**
+	* Checks if a path name exists in the router.
+	* @param name The name of the path.
+	* @returns `true` if the path name exists, otherwise `false`.
+	*/
+	has(name) {
+		return name in this.#templates;
+	}
+	/**
+	* Adds a new path rule to the router.
+	* @param template The path pattern.
+	* @param name The name of the path.
+	* @returns The names of the variables in the path pattern.
+	*/
+	add(template, name) {
+		if (!template.startsWith("/")) throw new RouterError("Path must start with a slash.");
+		const rule = this.#router.addTemplate(template, {}, name);
+		this.#templates[name] = (0, url_template.parseTemplate)(template);
+		this.#templateStrings[name] = template;
+		return new Set(rule.variables.map((v) => v.varname));
+	}
+	/**
+	* Resolves a path name and values from a URL, if any match.
+	* @param url The URL to resolve.
+	* @returns The name of the path and its values, if any match.  Otherwise,
+	*          `null`.
+	*/
+	route(url) {
+		let match = this.#router.resolveURI(url);
+		if (match == null) {
+			if (!this.trailingSlashInsensitive) return null;
+			url = url.endsWith("/") ? url.replace(/\/+$/, "") : `${url}/`;
+			match = this.#router.resolveURI(url);
+			if (match == null) return null;
+		}
+		return {
+			name: match.matchValue,
+			template: this.#templateStrings[match.matchValue],
+			values: match.params
+		};
+	}
+	/**
+	* Constructs a URL/path from a path name and values.
+	* @param name The name of the path.
+	* @param values The values to expand the path with.
+	* @returns The URL/path, if the name exists.  Otherwise, `null`.
+	*/
+	build(name, values) {
+		if (name in this.#templates) return this.#templates[name].expand(values);
+		return null;
+	}
+};
+/**
+* An error thrown by the {@link Router}.
+*/
+var RouterError = class extends Error {
+	/**
+	* Create a new {@link RouterError}.
+	* @param message The error message.
+	*/
+	constructor(message) {
+		super(message);
+		this.name = "RouterError";
+	}
+};
+
+//#endregion
+//#region src/federation/builder.ts
+var FederationBuilderImpl = class {
+	router;
+	actorCallbacks;
+	nodeInfoDispatcher;
+	webFingerLinksDispatcher;
+	objectCallbacks;
+	objectTypeIds;
+	inboxPath;
+	inboxCallbacks;
+	outboxCallbacks;
+	followingCallbacks;
+	followersCallbacks;
+	likedCallbacks;
+	featuredCallbacks;
+	featuredTagsCallbacks;
+	inboxListeners;
+	inboxErrorHandler;
+	sharedInboxKeyDispatcher;
+	collectionTypeIds;
+	collectionCallbacks;
+	/**
+	* Symbol registry for unique identification of unnamed symbols.
+	*/
+	#symbolRegistry = /* @__PURE__ */ new Map();
+	constructor() {
+		this.router = new Router();
+		this.objectCallbacks = {};
+		this.objectTypeIds = {};
+		this.collectionCallbacks = {};
+		this.collectionTypeIds = {};
+	}
+	async build(options) {
+		const { FederationImpl: FederationImpl$1 } = await Promise.resolve().then(() => require("./middleware-B0f850Ei.cjs"));
+		const f = new FederationImpl$1(options);
+		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
+		f.router = this.router.clone();
+		f.router.trailingSlashInsensitive = trailingSlashInsensitiveValue;
+		f._initializeRouter();
+		f.actorCallbacks = this.actorCallbacks == null ? void 0 : { ...this.actorCallbacks };
+		f.nodeInfoDispatcher = this.nodeInfoDispatcher;
+		f.webFingerLinksDispatcher = this.webFingerLinksDispatcher;
+		f.objectCallbacks = { ...this.objectCallbacks };
+		f.objectTypeIds = { ...this.objectTypeIds };
+		f.inboxPath = this.inboxPath;
+		f.inboxCallbacks = this.inboxCallbacks == null ? void 0 : { ...this.inboxCallbacks };
+		f.outboxCallbacks = this.outboxCallbacks == null ? void 0 : { ...this.outboxCallbacks };
+		f.followingCallbacks = this.followingCallbacks == null ? void 0 : { ...this.followingCallbacks };
+		f.followersCallbacks = this.followersCallbacks == null ? void 0 : { ...this.followersCallbacks };
+		f.likedCallbacks = this.likedCallbacks == null ? void 0 : { ...this.likedCallbacks };
+		f.featuredCallbacks = this.featuredCallbacks == null ? void 0 : { ...this.featuredCallbacks };
+		f.featuredTagsCallbacks = this.featuredTagsCallbacks == null ? void 0 : { ...this.featuredTagsCallbacks };
+		f.inboxListeners = this.inboxListeners?.clone();
+		f.inboxErrorHandler = this.inboxErrorHandler;
+		f.sharedInboxKeyDispatcher = this.sharedInboxKeyDispatcher;
+		return f;
+	}
+	_getTracer() {
+		return __opentelemetry_api.trace.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	}
+	setActorDispatcher(path, dispatcher) {
+		if (this.router.has("actor")) throw new RouterError("Actor dispatcher already set.");
+		const variables = this.router.add(path, "actor");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for actor dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("The {{handle}} variable in the actor dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher: async (context$2, identifier) => {
+			const actor = await this._getTracer().startActiveSpan("activitypub.dispatch_actor", {
+				kind: __opentelemetry_api.SpanKind.SERVER,
+				attributes: { "fedify.actor.identifier": identifier }
+			}, async (span) => {
+				try {
+					const actor$1 = await dispatcher(context$2, identifier);
+					span.setAttribute("activitypub.actor.id", (actor$1?.id ?? context$2.getActorUri(identifier)).href);
+					if (actor$1 == null) span.setStatus({ code: __opentelemetry_api.SpanStatusCode.ERROR });
+					else span.setAttribute("activitypub.actor.type", require_actor.getTypeId(actor$1).href);
+					return actor$1;
+				} catch (error) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					throw error;
+				} finally {
+					span.end();
+				}
+			});
+			if (actor == null) return null;
+			const logger$1 = (0, __logtape_logtape.getLogger)([
+				"fedify",
+				"federation",
+				"actor"
+			]);
+			if (actor.id == null) logger$1.warn("Actor dispatcher returned an actor without an id property.  Set the property with Context.getActorUri(identifier).");
+			else if (actor.id.href != context$2.getActorUri(identifier).href) logger$1.warn("Actor dispatcher returned an actor with an id property that does not match the actor URI.  Set the property with Context.getActorUri(identifier).");
+			if (this.followingCallbacks != null && this.followingCallbacks.dispatcher != null) {
+				if (actor.followingId == null) logger$1.warn("You configured a following collection dispatcher, but the actor does not have a following property.  Set the property with Context.getFollowingUri(identifier).");
+				else if (actor.followingId.href != context$2.getFollowingUri(identifier).href) logger$1.warn("You configured a following collection dispatcher, but the actor's following property does not match the following collection URI.  Set the property with Context.getFollowingUri(identifier).");
+			}
+			if (this.followersCallbacks != null && this.followersCallbacks.dispatcher != null) {
+				if (actor.followersId == null) logger$1.warn("You configured a followers collection dispatcher, but the actor does not have a followers property.  Set the property with Context.getFollowersUri(identifier).");
+				else if (actor.followersId.href != context$2.getFollowersUri(identifier).href) logger$1.warn("You configured a followers collection dispatcher, but the actor's followers property does not match the followers collection URI.  Set the property with Context.getFollowersUri(identifier).");
+			}
+			if (this.outboxCallbacks != null && this.outboxCallbacks.dispatcher != null) {
+				if (actor?.outboxId == null) logger$1.warn("You configured an outbox collection dispatcher, but the actor does not have an outbox property.  Set the property with Context.getOutboxUri(identifier).");
+				else if (actor.outboxId.href != context$2.getOutboxUri(identifier).href) logger$1.warn("You configured an outbox collection dispatcher, but the actor's outbox property does not match the outbox collection URI.  Set the property with Context.getOutboxUri(identifier).");
+			}
+			if (this.likedCallbacks != null && this.likedCallbacks.dispatcher != null) {
+				if (actor?.likedId == null) logger$1.warn("You configured a liked collection dispatcher, but the actor does not have a liked property.  Set the property with Context.getLikedUri(identifier).");
+				else if (actor.likedId.href != context$2.getLikedUri(identifier).href) logger$1.warn("You configured a liked collection dispatcher, but the actor's liked property does not match the liked collection URI.  Set the property with Context.getLikedUri(identifier).");
+			}
+			if (this.featuredCallbacks != null && this.featuredCallbacks.dispatcher != null) {
+				if (actor?.featuredId == null) logger$1.warn("You configured a featured collection dispatcher, but the actor does not have a featured property.  Set the property with Context.getFeaturedUri(identifier).");
+				else if (actor.featuredId.href != context$2.getFeaturedUri(identifier).href) logger$1.warn("You configured a featured collection dispatcher, but the actor's featured property does not match the featured collection URI.  Set the property with Context.getFeaturedUri(identifier).");
+			}
+			if (this.featuredTagsCallbacks != null && this.featuredTagsCallbacks.dispatcher != null) {
+				if (actor?.featuredTagsId == null) logger$1.warn("You configured a featured tags collection dispatcher, but the actor does not have a featuredTags property.  Set the property with Context.getFeaturedTagsUri(identifier).");
+				else if (actor.featuredTagsId.href != context$2.getFeaturedTagsUri(identifier).href) logger$1.warn("You configured a featured tags collection dispatcher, but the actor's featuredTags property does not match the featured tags collection URI.  Set the property with Context.getFeaturedTagsUri(identifier).");
+			}
+			if (this.router.has("inbox")) {
+				if (actor.inboxId == null) logger$1.warn("You configured inbox listeners, but the actor does not have an inbox property.  Set the property with Context.getInboxUri(identifier).");
+				else if (actor.inboxId.href != context$2.getInboxUri(identifier).href) logger$1.warn("You configured inbox listeners, but the actor's inbox property does not match the inbox URI.  Set the property with Context.getInboxUri(identifier).");
+				if (actor.endpoints == null || actor.endpoints.sharedInbox == null) logger$1.warn("You configured inbox listeners, but the actor does not have a endpoints.sharedInbox property.  Set the property with Context.getInboxUri().");
+				else if (actor.endpoints.sharedInbox.href != context$2.getInboxUri().href) logger$1.warn("You configured inbox listeners, but the actor's endpoints.sharedInbox property does not match the shared inbox URI.  Set the property with Context.getInboxUri().");
+			}
+			if (callbacks.keyPairsDispatcher != null) {
+				if (actor.publicKeyId == null) logger$1.warn("You configured a key pairs dispatcher, but the actor does not have a publicKey property.  Set the property with Context.getActorKeyPairs(identifier).");
+				if (actor.assertionMethodId == null) logger$1.warn("You configured a key pairs dispatcher, but the actor does not have an assertionMethod property.  Set the property with Context.getActorKeyPairs(identifier).");
+			}
+			return actor;
+		} };
+		this.actorCallbacks = callbacks;
+		const setters = {
+			setKeyPairsDispatcher: (dispatcher$1) => {
+				callbacks.keyPairsDispatcher = (ctx, identifier) => this._getTracer().startActiveSpan("activitypub.dispatch_actor_key_pairs", {
+					kind: __opentelemetry_api.SpanKind.SERVER,
+					attributes: {
+						"activitypub.actor.id": ctx.getActorUri(identifier).href,
+						"fedify.actor.identifier": identifier
+					}
+				}, async (span) => {
+					try {
+						return await dispatcher$1(ctx, identifier);
+					} catch (e) {
+						span.setStatus({
+							code: __opentelemetry_api.SpanStatusCode.ERROR,
+							message: String(e)
+						});
+						throw e;
+					} finally {
+						span.end();
+					}
+				});
+				return setters;
+			},
+			mapHandle(mapper) {
+				callbacks.handleMapper = mapper;
+				return setters;
+			},
+			mapAlias(mapper) {
+				callbacks.aliasMapper = mapper;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setNodeInfoDispatcher(path, dispatcher) {
+		if (this.router.has("nodeInfo")) throw new RouterError("NodeInfo dispatcher already set.");
+		const variables = this.router.add(path, "nodeInfo");
+		if (variables.size !== 0) throw new RouterError("Path for NodeInfo dispatcher must have no variables.");
+		this.nodeInfoDispatcher = dispatcher;
+	}
+	setWebFingerLinksDispatcher(dispatcher) {
+		this.webFingerLinksDispatcher = dispatcher;
+	}
+	setObjectDispatcher(cls, path, dispatcher) {
+		const routeName = `object:${cls.typeId.href}`;
+		if (this.router.has(routeName)) throw new RouterError(`Object dispatcher for ${cls.name} already set.`);
+		const variables = this.router.add(path, routeName);
+		if (variables.size < 1) throw new RouterError("Path for object dispatcher must have at least one variable.");
+		const callbacks = {
+			dispatcher: (ctx, values) => {
+				const tracer = this._getTracer();
+				return tracer.startActiveSpan("activitypub.dispatch_object", {
+					kind: __opentelemetry_api.SpanKind.SERVER,
+					attributes: {
+						"fedify.object.type": cls.typeId.href,
+						...globalThis.Object.fromEntries(globalThis.Object.entries(values).map(([k, v]) => [`fedify.object.values.${k}`, v]))
+					}
+				}, async (span) => {
+					try {
+						const object = await dispatcher(ctx, values);
+						span.setAttribute("activitypub.object.id", (object?.id ?? ctx.getObjectUri(cls, values)).href);
+						if (object == null) span.setStatus({ code: __opentelemetry_api.SpanStatusCode.ERROR });
+						else span.setAttribute("activitypub.object.type", require_actor.getTypeId(object).href);
+						return object;
+					} catch (e) {
+						span.setStatus({
+							code: __opentelemetry_api.SpanStatusCode.ERROR,
+							message: String(e)
+						});
+						throw e;
+					} finally {
+						span.end();
+					}
+				});
+			},
+			parameters: variables
+		};
+		this.objectCallbacks[cls.typeId.href] = callbacks;
+		this.objectTypeIds[cls.typeId.href] = cls;
+		const setters = { authorize(predicate) {
+			callbacks.authorizePredicate = predicate;
+			return setters;
+		} };
+		return setters;
+	}
+	setInboxDispatcher(path, dispatcher) {
+		if (this.inboxCallbacks != null) throw new RouterError("Inbox dispatcher already set.");
+		if (this.router.has("inbox")) {
+			if (this.inboxPath !== path) throw new RouterError("Inbox dispatcher path must match inbox listener path.");
+		} else {
+			const variables = this.router.add(path, "inbox");
+			if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for inbox dispatcher must have one variable: {identifier}");
+			if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+				"fedify",
+				"federation",
+				"inbox"
+			]).warn("The {{handle}} variable in the inbox dispatcher path is deprecated. Use {{identifier}} instead.");
+			this.inboxPath = path;
+		}
+		const callbacks = { dispatcher };
+		this.inboxCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setOutboxDispatcher(path, dispatcher) {
+		if (this.router.has("outbox")) throw new RouterError("Outbox dispatcher already set.");
+		const variables = this.router.add(path, "outbox");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for outbox dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"outbox"
+		]).warn("The {{handle}} variable in the outbox dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.outboxCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFollowingDispatcher(path, dispatcher) {
+		if (this.router.has("following")) throw new RouterError("Following collection dispatcher already set.");
+		const variables = this.router.add(path, "following");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for following collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the following collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.followingCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFollowersDispatcher(path, dispatcher) {
+		if (this.router.has("followers")) throw new RouterError("Followers collection dispatcher already set.");
+		const variables = this.router.add(path, "followers");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for followers collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the followers collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.followersCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setLikedDispatcher(path, dispatcher) {
+		if (this.router.has("liked")) throw new RouterError("Liked collection dispatcher already set.");
+		const variables = this.router.add(path, "liked");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for liked collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the liked collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.likedCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFeaturedDispatcher(path, dispatcher) {
+		if (this.router.has("featured")) throw new RouterError("Featured collection dispatcher already set.");
+		const variables = this.router.add(path, "featured");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for featured collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the featured collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.featuredCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setFeaturedTagsDispatcher(path, dispatcher) {
+		if (this.router.has("featuredTags")) throw new RouterError("Featured tags collection dispatcher already set.");
+		const variables = this.router.add(path, "featuredTags");
+		if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for featured tags collection dispatcher must have one variable: {identifier}");
+		if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"collection"
+		]).warn("The {{handle}} variable in the featured tags collection dispatcher path is deprecated. Use {{identifier}} instead.");
+		const callbacks = { dispatcher };
+		this.featuredTagsCallbacks = callbacks;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setInboxListeners(inboxPath, sharedInboxPath) {
+		if (this.inboxListeners != null) throw new RouterError("Inbox listeners already set.");
+		if (this.router.has("inbox")) {
+			if (this.inboxPath !== inboxPath) throw new RouterError("Inbox listener path must match inbox dispatcher path.");
+		} else {
+			const variables = this.router.add(inboxPath, "inbox");
+			if (variables.size !== 1 || !(variables.has("identifier") || variables.has("handle"))) throw new RouterError("Path for inbox must have one variable: {identifier}");
+			this.inboxPath = inboxPath;
+			if (variables.has("handle")) (0, __logtape_logtape.getLogger)([
+				"fedify",
+				"federation",
+				"inbox"
+			]).warn("The {{handle}} variable in the inbox path is deprecated. Use {{identifier}} instead.");
+		}
+		if (sharedInboxPath != null) {
+			const siVars = this.router.add(sharedInboxPath, "sharedInbox");
+			if (siVars.size !== 0) throw new RouterError("Path for shared inbox must have no variables.");
+		}
+		const listeners = this.inboxListeners = new InboxListenerSet();
+		const setters = {
+			on(type, listener) {
+				listeners.add(type, listener);
+				return setters;
+			},
+			onError: (handler) => {
+				this.inboxErrorHandler = handler;
+				return setters;
+			},
+			setSharedKeyDispatcher: (dispatcher) => {
+				this.sharedInboxKeyDispatcher = dispatcher;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	setCollectionDispatcher(name, ...args) {
+		return this.#setCustomCollectionDispatcher(name, "collection", ...args);
+	}
+	setOrderedCollectionDispatcher(name, ...args) {
+		return this.#setCustomCollectionDispatcher(name, "orderedCollection", ...args);
+	}
+	#setCustomCollectionDispatcher(name, collectionType, itemType, path, dispatcher) {
+		const strName = String(name);
+		const routeName = `${collectionType}:${this.#uniqueCollectionId(name)}`;
+		if (this.router.has(routeName)) throw new RouterError(`Collection dispatcher for ${strName} already set.`);
+		if (this.collectionCallbacks[name] != null) throw new RouterError(`Collection dispatcher for ${strName} already set.`);
+		const variables = this.router.add(path, routeName);
+		if (variables.size < 1) throw new RouterError("Path for collection dispatcher must have at least one variable.");
+		const callbacks = { dispatcher };
+		this.collectionCallbacks[name] = callbacks;
+		this.collectionTypeIds[name] = itemType;
+		const setters = {
+			setCounter(counter) {
+				callbacks.counter = counter;
+				return setters;
+			},
+			setFirstCursor(cursor) {
+				callbacks.firstCursor = cursor;
+				return setters;
+			},
+			setLastCursor(cursor) {
+				callbacks.lastCursor = cursor;
+				return setters;
+			},
+			authorize(predicate) {
+				callbacks.authorizePredicate = predicate;
+				return setters;
+			}
+		};
+		return setters;
+	}
+	/**
+	* Get the URL path for a custom collection.
+	* If the collection is not registered, returns null.
+	* @template TParam The parameter names of the requested URL.
+	* @param {string | symbol} name The name of the custom collection.
+	* @param {TParam} values The values to fill in the URL parameters.
+	* @returns {string | null} The URL path for the custom collection, or null if not registered.
+	*/
+	getCollectionPath(name, values) {
+		if (!(name in this.collectionCallbacks)) return null;
+		const routeName = this.#uniqueCollectionId(name);
+		const path = this.router.build(`collection:${routeName}`, values) ?? this.router.build(`orderedCollection:${routeName}`, values);
+		return path;
+	}
+	/**
+	* Converts a name (string or symbol) to a unique string identifier.
+	* For symbols, generates and caches a UUID if not already present.
+	* For strings, returns the string as-is.
+	* @param name The name to convert to a unique identifier
+	* @returns A unique string identifier
+	*/
+	#uniqueCollectionId(name) {
+		if (typeof name === "string") return name;
+		if (!this.#symbolRegistry.has(name)) this.#symbolRegistry.set(name, crypto.randomUUID());
+		return this.#symbolRegistry.get(name);
+	}
+};
+/**
+* Creates a new {@link FederationBuilder} instance.
+* @returns A new {@link FederationBuilder} instance.
+* @since 1.6.0
+*/
+function createFederationBuilder() {
+	return new FederationBuilderImpl();
+}
+
+//#endregion
+//#region src/federation/collection.ts
+/**
+* Calculates the [partial follower collection digest][1].
+*
+* [1]: https://w3id.org/fep/8fcf#partial-follower-collection-digest
+* @param uris The URIs to calculate the digest.  Duplicate URIs are ignored.
+* @returns The digest.
+*/
+async function digest(uris) {
+	const processed = /* @__PURE__ */ new Set();
+	const encoder = new TextEncoder();
+	const result = new Uint8Array(32);
+	for (const uri of uris) {
+		const u = uri instanceof URL ? uri.href : uri;
+		if (processed.has(u)) continue;
+		processed.add(u);
+		const encoded = encoder.encode(u);
+		const digest$1 = new Uint8Array(await crypto.subtle.digest("SHA-256", encoded));
+		for (let i = 0; i < 32; i++) result[i] ^= digest$1[i];
+	}
+	return result;
+}
+/**
+* Builds [`Collection-Synchronization`][1] header content.
+*
+* [1]: https://w3id.org/fep/8fcf#the-collection-synchronization-http-header
+*
+* @param collectionId The sender's followers collection URI.
+* @param actorIds The actor URIs to digest.
+* @returns The header content.
+*/
+async function buildCollectionSynchronizationHeader(collectionId, actorIds) {
+	const [anyActorId] = actorIds;
+	const baseUrl = new URL(anyActorId);
+	const url = new URL(collectionId);
+	url.searchParams.set("base-url", `${baseUrl.origin}/`);
+	const hash = (0, byte_encodings_hex.encodeHex)(await digest(actorIds));
+	return `collectionId="${collectionId}", url="${url}", digest="${hash}"`;
+}
+
+//#endregion
+//#region src/federation/keycache.ts
+var KvKeyCache = class {
+	kv;
+	prefix;
+	options;
+	nullKeys;
+	constructor(kv, prefix, options = {}) {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.nullKeys = /* @__PURE__ */ new Set();
+		this.options = options;
+	}
+	async get(keyId) {
+		if (this.nullKeys.has(keyId.href)) return null;
+		const serialized = await this.kv.get([...this.prefix, keyId.href]);
+		if (serialized == null) return void 0;
+		try {
+			return await require_actor.CryptographicKey.fromJsonLd(serialized, this.options);
+		} catch {
+			try {
+				return await require_actor.Multikey.fromJsonLd(serialized, this.options);
+			} catch {
+				await this.kv.delete([...this.prefix, keyId.href]);
+				return void 0;
+			}
+		}
+	}
+	async set(keyId, key) {
+		if (key == null) {
+			this.nullKeys.add(keyId.href);
+			await this.kv.delete([...this.prefix, keyId.href]);
+			return;
+		}
+		this.nullKeys.delete(keyId.href);
+		const serialized = await key.toJsonLd(this.options);
+		await this.kv.set([...this.prefix, keyId.href], serialized);
+	}
+};
+
+//#endregion
+//#region src/federation/negotiation.ts
+function compareSpecs(a, b) {
+	return b.q - a.q || (b.s ?? 0) - (a.s ?? 0) || (a.o ?? 0) - (b.o ?? 0) || a.i - b.i || 0;
+}
+function isQuality(spec) {
+	return spec.q > 0;
+}
+const simpleMediaTypeRegExp = /^\s*([^\s\/;]+)\/([^;\s]+)\s*(?:;(.*))?$/;
+function splitKeyValuePair(str) {
+	const [key, value] = str.split("=");
+	return [key.toLowerCase(), value];
+}
+function parseMediaType(str, i) {
+	const match = simpleMediaTypeRegExp.exec(str);
+	if (!match) return;
+	const [, type, subtype, parameters] = match;
+	if (!type || !subtype) return;
+	const params = Object.create(null);
+	let q = 1;
+	if (parameters) {
+		const kvps = parameters.split(";").map((p) => p.trim()).map(splitKeyValuePair);
+		for (const [key, val] of kvps) {
+			const value = val && val[0] === `"` && val[val.length - 1] === `"` ? val.slice(1, val.length - 1) : val;
+			if (key === "q" && value) {
+				q = parseFloat(value);
+				break;
+			}
+			params[key] = value;
+		}
+	}
+	return {
+		type,
+		subtype,
+		params,
+		i,
+		o: void 0,
+		q,
+		s: void 0
+	};
+}
+function parseAccept(accept) {
+	const accepts = accept.split(",").map((p) => p.trim());
+	const mediaTypes = [];
+	for (const [index, accept$1] of accepts.entries()) {
+		const mediaType = parseMediaType(accept$1.trim(), index);
+		if (mediaType) mediaTypes.push(mediaType);
+	}
+	return mediaTypes;
+}
+function getFullType(spec) {
+	return `${spec.type}/${spec.subtype}`;
+}
+function preferredMediaTypes(accept) {
+	const accepts = parseAccept(accept === void 0 ? "*/*" : accept ?? "");
+	return accepts.filter(isQuality).sort(compareSpecs).map(getFullType);
+}
+
+//#endregion
+//#region src/federation/handler.ts
+function acceptsJsonLd(request) {
+	const accept = request.headers.get("Accept");
+	const types = accept ? preferredMediaTypes(accept) : ["*/*"];
+	if (types == null) return true;
+	if (types[0] === "text/html" || types[0] === "application/xhtml+xml") return false;
+	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
+}
+/**
+* Handles an actor request.
+* @template TContextData The context data to pass to the context.
+* @param request The HTTP request.
+* @param parameters The parameters for handling the actor.
+* @returns A promise that resolves to an HTTP response.
+*/
+async function handleActor(request, { identifier, context: context$2, actorDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	const logger$1 = (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"federation",
+		"actor"
+	]);
+	if (actorDispatcher == null) {
+		logger$1.debug("Actor dispatcher is not set.", { identifier });
+		return await onNotFound(request);
+	}
+	const actor = await actorDispatcher(context$2, identifier);
+	if (actor == null) {
+		logger$1.debug("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$2.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$2.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"actor"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$2, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await actor.toJsonLd(context$2);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+/**
+* Handles an object request.
+* @template TContextData The context data to pass to the context.
+* @param request The HTTP request.
+* @param parameters The parameters for handling the object.
+* @returns A promise that resolves to an HTTP response.
+*/
+async function handleObject(request, { values, context: context$2, objectDispatcher, authorizePredicate, onNotFound, onNotAcceptable, onUnauthorized }) {
+	if (objectDispatcher == null) return await onNotFound(request);
+	const object = await objectDispatcher(context$2, values);
+	if (object == null) return await onNotFound(request);
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (authorizePredicate != null) {
+		let key = await context$2.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The third parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$2.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"object"
+			],
+			message: "The fourth parameter of ObjectAuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await authorizePredicate(context$2, values, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await object.toJsonLd(context$2);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+/**
+* Handles a collection request.
+* @template TItem The type of items in the collection.
+* @template TContext The type of the context, extending {@link RequestContext}.
+* @template TContextData The context data to pass to the `TContext`.
+* @template TFilter The type of the filter.
+* @param request The HTTP request.
+* @param parameters The parameters for handling the collection.
+* @returns A promise that resolves to an HTTP response.
+*/
+async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$2, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound, onNotAcceptable }) {
+	const spanName = name.trim().replace(/\s+/g, "_");
+	tracerProvider = tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const url = new URL(request.url);
+	const cursor = url.searchParams.get("cursor");
+	if (collectionCallbacks == null) return await onNotFound(request);
+	let collection;
+	const baseUri = uriGetter(identifier);
+	if (cursor == null) {
+		const firstCursor = await collectionCallbacks.firstCursor?.(context$2, identifier);
+		const totalItems = filter == null ? await collectionCallbacks.counter?.(context$2, identifier) : void 0;
+		if (firstCursor == null) {
+			const itemsOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection ${spanName}`, {
+				kind: __opentelemetry_api.SpanKind.SERVER,
+				attributes: {
+					"activitypub.collection.id": baseUri.href,
+					"activitypub.collection.type": require_actor.OrderedCollection.typeId.href
+				}
+			}, async (span) => {
+				if (totalItems != null) span.setAttribute("activitypub.collection.total_items", Number(totalItems));
+				try {
+					const page = await collectionCallbacks.dispatcher(context$2, identifier, null, filter);
+					if (page == null) {
+						span.setStatus({ code: __opentelemetry_api.SpanStatusCode.ERROR });
+						return await onNotFound(request);
+					}
+					const { items } = page;
+					span.setAttribute("fedify.collection.items", items.length);
+					return items;
+				} catch (e) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			if (itemsOrResponse instanceof Response) return itemsOrResponse;
+			collection = new require_actor.OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				items: filterCollectionItems(itemsOrResponse, name, filterPredicate)
+			});
+		} else {
+			const lastCursor = await collectionCallbacks.lastCursor?.(context$2, identifier);
+			const first = new URL(context$2.url);
+			first.searchParams.set("cursor", firstCursor);
+			let last = null;
+			if (lastCursor != null) {
+				last = new URL(context$2.url);
+				last.searchParams.set("cursor", lastCursor);
+			}
+			collection = new require_actor.OrderedCollection({
+				id: baseUri,
+				totalItems: totalItems == null ? null : Number(totalItems),
+				first,
+				last
+			});
+		}
+	} else {
+		const uri = new URL(baseUri);
+		uri.searchParams.set("cursor", cursor);
+		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name}`, {
+			kind: __opentelemetry_api.SpanKind.SERVER,
+			attributes: {
+				"activitypub.collection.id": uri.href,
+				"activitypub.collection.type": require_actor.OrderedCollectionPage.typeId.href,
+				"fedify.collection.cursor": cursor
+			}
+		}, async (span) => {
+			try {
+				const page = await collectionCallbacks.dispatcher(context$2, identifier, cursor, filter);
+				if (page == null) {
+					span.setStatus({ code: __opentelemetry_api.SpanStatusCode.ERROR });
+					return await onNotFound(request);
+				}
+				span.setAttribute("fedify.collection.items", page.items.length);
+				return page;
+			} catch (e) {
+				span.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+		if (pageOrResponse instanceof Response) return pageOrResponse;
+		const { items, prevCursor, nextCursor } = pageOrResponse;
+		let prev = null;
+		if (prevCursor != null) {
+			prev = new URL(context$2.url);
+			prev.searchParams.set("cursor", prevCursor);
+		}
+		let next = null;
+		if (nextCursor != null) {
+			next = new URL(context$2.url);
+			next.searchParams.set("cursor", nextCursor);
+		}
+		const partOf = new URL(context$2.url);
+		partOf.searchParams.delete("cursor");
+		collection = new require_actor.OrderedCollectionPage({
+			id: uri,
+			prev,
+			next,
+			items: filterCollectionItems(items, name, filterPredicate),
+			partOf
+		});
+	}
+	if (!acceptsJsonLd(request)) return await onNotAcceptable(request);
+	if (collectionCallbacks.authorizePredicate != null) {
+		let key = await context$2.getSignedKey();
+		key = key?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+		} }) ?? null;
+		let keyOwner = await context$2.getSignedKeyOwner();
+		keyOwner = keyOwner?.clone({}, { $warning: {
+			category: [
+				"fedify",
+				"federation",
+				"collection"
+			],
+			message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+		} }) ?? null;
+		if (!await collectionCallbacks.authorizePredicate(context$2, identifier, key, keyOwner)) return await onUnauthorized(request);
+	}
+	const jsonLd = await collection.toJsonLd(context$2);
+	return new Response(JSON.stringify(jsonLd), { headers: {
+		"Content-Type": "application/activity+json",
+		Vary: "Accept"
+	} });
+}
+/**
+* Filters collection items based on the provided predicate.
+* @template TItem The type of items to filter.
+* @param items The items to filter.
+* @param collectionName The name of the collection for logging purposes.
+* @param filterPredicate Optional predicate function to filter items.
+* @returns The filtered items as Objects, Links, or URLs.
+*/
+function filterCollectionItems(items, collectionName, filterPredicate) {
+	const result = [];
+	let logged = false;
+	for (const item of items) {
+		let mappedItem;
+		if (item instanceof require_actor.Object || item instanceof require_actor.Link || item instanceof URL) mappedItem = item;
+		else if (item.id == null) continue;
+		else mappedItem = item.id;
+		if (filterPredicate != null && !filterPredicate(item)) {
+			if (!logged) {
+				(0, __logtape_logtape.getLogger)([
+					"fedify",
+					"federation",
+					"collection"
+				]).warn(`The ${collectionName} collection apparently does not implement filtering.  This may result in a large response payload.  Please consider implementing filtering for the collection.  See also: https://fedify.dev/manual/collections#filtering-by-server`);
+				logged = true;
+			}
+			continue;
+		}
+		result.push(mappedItem);
+	}
+	return result;
+}
+/**
+* Handles an inbox request for ActivityPub activities.
+* @template TContextData The context data to pass to the context.
+* @param request The HTTP request.
+* @param options The parameters for handling the inbox.
+* @returns A promise that resolves to an HTTP response.
+*/
+async function handleInbox(request, options) {
+	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	return await tracer.startActiveSpan("activitypub.inbox", {
+		kind: options.queue == null ? __opentelemetry_api.SpanKind.SERVER : __opentelemetry_api.SpanKind.PRODUCER,
+		attributes: { "activitypub.shared_inbox": options.recipient == null }
+	}, async (span) => {
+		if (options.recipient != null) span.setAttribute("fedify.inbox.recipient", options.recipient);
+		try {
+			return await handleInboxInternal(request, options, span);
+		} catch (e) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+/**
+* Internal function for handling inbox requests with detailed processing.
+* @template TContextData The context data to pass to the context.
+* @param request The HTTP request.
+* @param options The parameters for handling the inbox.
+* @param span The OpenTelemetry span for tracing.
+* @returns A promise that resolves to an HTTP response.
+*/
+async function handleInboxInternal(request, { recipient, context: ctx, inboxContextFactory, kv, kvPrefixes, queue, actorDispatcher, inboxListeners, inboxErrorHandler, onNotFound, signatureTimeWindow, skipSignatureVerification, tracerProvider }, span) {
+	const logger$1 = (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	if (actorDispatcher == null) {
+		logger$1.error("Actor dispatcher is not set.", { recipient });
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: "Actor dispatcher is not set."
+		});
+		return await onNotFound(request);
+	} else if (recipient != null) {
+		const actor = await actorDispatcher(ctx, recipient);
+		if (actor == null) {
+			logger$1.error("Actor {recipient} not found.", { recipient });
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: `Actor ${recipient} not found.`
+			});
+			return await onNotFound(request);
+		}
+	}
+	if (request.bodyUsed) {
+		logger$1.error("Request body has already been read.", { recipient });
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: "Request body has already been read."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	} else if (request.body?.locked) {
+		logger$1.error("Request body is locked.", { recipient });
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: "Request body is locked."
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	let json;
+	try {
+		json = await request.clone().json();
+	} catch (error) {
+		logger$1.error("Failed to parse JSON:\n{error}", {
+			recipient,
+			error
+		});
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error$1) {
+			logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error: error$1,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: `Failed to parse JSON:\n${error}`
+		});
+		return new Response("Invalid JSON.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
+	let ldSigVerified;
+	try {
+		ldSigVerified = await require_proof.verifyJsonLd(json, {
+			contextLoader: ctx.contextLoader,
+			documentLoader: ctx.documentLoader,
+			keyCache,
+			tracerProvider
+		});
+	} catch (error) {
+		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
+			logger$1.error("Failed to parse JSON-LD:\n{error}", {
+				recipient,
+				error
+			});
+			return new Response("Invalid JSON-LD.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		ldSigVerified = false;
+	}
+	const jsonWithoutSig = require_proof.detachSignature(json);
+	let activity = null;
+	if (ldSigVerified) {
+		logger$1.debug("Linked Data Signatures are verified.", {
+			recipient,
+			json
+		});
+		activity = await require_actor.Activity.fromJsonLd(jsonWithoutSig, ctx);
+	} else {
+		logger$1.debug("Linked Data Signatures are not verified.", {
+			recipient,
+			json
+		});
+		try {
+			activity = await require_proof.verifyObject(require_actor.Activity, jsonWithoutSig, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				keyCache,
+				tracerProvider
+			});
+		} catch (error) {
+			logger$1.error("Failed to parse activity:\n{error}", {
+				recipient,
+				activity: json,
+				error
+			});
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error: error$1,
+					activity: json,
+					recipient
+				});
+			}
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: `Failed to parse activity:\n${error}`
+			});
+			return new Response("Invalid activity.", {
+				status: 400,
+				headers: { "Content-Type": "text/plain; charset=utf-8" }
+			});
+		}
+		if (activity == null) logger$1.debug("Object Integrity Proofs are not verified.", {
+			recipient,
+			activity: json
+		});
+		else logger$1.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+	}
+	let httpSigKey = null;
+	if (activity == null) {
+		if (!skipSignatureVerification) {
+			const key = await require_http.verifyRequest(request, {
+				contextLoader: ctx.contextLoader,
+				documentLoader: ctx.documentLoader,
+				timeWindow: signatureTimeWindow,
+				keyCache,
+				tracerProvider
+			});
+			if (key == null) {
+				logger$1.error("Failed to verify the request's HTTP Signatures.", { recipient });
+				span.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: `Failed to verify the request's HTTP Signatures.`
+				});
+				const response = new Response("Failed to verify the request signature.", {
+					status: 401,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+				return response;
+			} else logger$1.debug("HTTP Signatures are verified.", { recipient });
+			httpSigKey = key;
+		}
+		activity = await require_actor.Activity.fromJsonLd(jsonWithoutSig, ctx);
+	}
+	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+	span.setAttribute("activitypub.activity.type", require_actor.getTypeId(activity).href);
+	if (httpSigKey != null && !await require_proof.doesActorOwnKey(activity, httpSigKey, ctx)) {
+		logger$1.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
+			activity: json,
+			recipient,
+			keyId: httpSigKey.id?.href,
+			actorId: activity.actorId?.href
+		});
+		span.setStatus({
+			code: __opentelemetry_api.SpanStatusCode.ERROR,
+			message: `The signer (${httpSigKey.id?.href}) and the actor (${activity.actorId?.href}) do not match.`
+		});
+		return new Response("The signer and the actor do not match.", {
+			status: 401,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const routeResult = await routeActivity({
+		context: ctx,
+		json,
+		activity,
+		recipient,
+		inboxListeners,
+		inboxContextFactory,
+		inboxErrorHandler,
+		kv,
+		kvPrefixes,
+		queue,
+		span,
+		tracerProvider
+	});
+	if (routeResult === "alreadyProcessed") return new Response(`Activity <${activity.id}> has already been processed.`, {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "missingActor") return new Response("Missing actor.", {
+		status: 400,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "enqueued") return new Response("Activity is enqueued.", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "unsupportedActivity") return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else if (routeResult === "error") return new Response("Internal server error.", {
+		status: 500,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+	else return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+}
+/**
+* Handles a custom collection request.
+* @template TItem The type of items in the collection.
+* @template TParams The parameter names of the requested URL.
+* @template TContext The type of the context, extending {@link RequestContext}.
+* @template TContextData The context data to pass to the `TContext`.
+* @param request The HTTP request.
+* @param handleParams Parameters for handling the collection.
+* @returns A promise that resolves to an HTTP response.
+* @since 1.8.0
+*/
+const handleCustomCollection = exceptWrapper(_handleCustomCollection);
+async function _handleCustomCollection(request, { name, values, context: context$2, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
+	verifyDefined(callbacks);
+	verifyJsonLdRequest(request);
+	await authIfNeeded(context$2, values, callbacks);
+	const cursor = new URL(request.url).searchParams.get("cursor");
+	return await new CustomCollectionHandler(name, values, context$2, callbacks, tracerProvider, require_actor.Collection, require_actor.CollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
+}
+/**
+* Handles an ordered collection request.
+* @template TItem The type of items in the collection.
+* @template TParams The parameter names of the requested URL.
+* @template TContext The type of the context, extending {@link RequestContext}.
+* @template TContextData The context data to pass to the `TContext`.
+* @param request The HTTP request.
+* @param handleParams Parameters for handling the collection.
+* @returns A promise that resolves to an HTTP response.
+* @since 1.8.0
+*/
+const handleOrderedCollection = exceptWrapper(_handleOrderedCollection);
+async function _handleOrderedCollection(request, { name, values, context: context$2, tracerProvider, collectionCallbacks: callbacks, filterPredicate }) {
+	verifyDefined(callbacks);
+	verifyJsonLdRequest(request);
+	await authIfNeeded(context$2, values, callbacks);
+	const cursor = new URL(request.url).searchParams.get("cursor");
+	return await new CustomCollectionHandler(name, values, context$2, callbacks, tracerProvider, require_actor.OrderedCollection, require_actor.OrderedCollectionPage, filterPredicate).fetchCollection(cursor).toJsonLd().then(respondAsActivity);
+}
+/**
+* Handling custom collections with support for pagination and filtering.
+* The main flow is on `getCollection`, `dispatch`.
+*
+* @template TItem The type of items in the collection.
+* @template TParams The parameter names of the requested URL.
+* @template TContext The type of the context. {@link Context} or {@link RequestContext}.
+* @template TContextData The context data to pass to the `TContext`.
+* @template TCollection The type of the collection, extending {@link Collection}.
+* @template TCollectionPage The type of the collection page, extending {@link CollectionPage}.
+* @since 1.8.0
+*/
+var CustomCollectionHandler = class {
+	/**
+	* The tracer for telemetry.
+	* @type {Tracer}
+	*/
+	#tracer;
+	/**
+	* The ID of the collection.
+	* @type {URL}
+	*/
+	#id;
+	/**
+	* Store total count of items in the collection.
+	* Use `this.totalItems` to access the total items count.
+	* It is a promise because it may require an asynchronous operation to count items.
+	* @type {Promise<number | null> | undefined}
+	*/
+	#totalItems = void 0;
+	/**
+	* The first cursor for pagination.
+	* It is a promise because it may require an asynchronous operation to get the first cursor.
+	* @type {Promise<string | null> | undefined}
+	*/
+	#dispatcher;
+	#collection = null;
+	/**
+	* Creates a new CustomCollection instance.
+	* @param {string} name The name of the collection.
+	* @param {TParams} values The parameter values for the collection.
+	* @param {TContext} context The request context.
+	* @param {CustomCollectionCallbacks} callbacks The collection callbacks.
+	* @param {TracerProvider} tracerProvider The tracer provider for telemetry.
+	* @param {ConstructorWithTypeId<TCollection>} Collection The Collection constructor.
+	* @param {ConstructorWithTypeId<TCollectionPage>} CollectionPage The CollectionPage constructor.
+	* @param {(item: TItem) => boolean} filterPredicate Optional filter predicate for items.
+	*/
+	constructor(name, values, context$2, callbacks, tracerProvider = __opentelemetry_api.trace.getTracerProvider(), Collection$1, CollectionPage$1, filterPredicate) {
+		this.name = name;
+		this.values = values;
+		this.context = context$2;
+		this.callbacks = callbacks;
+		this.tracerProvider = tracerProvider;
+		this.Collection = Collection$1;
+		this.CollectionPage = CollectionPage$1;
+		this.filterPredicate = filterPredicate;
+		this.name = this.name.trim().replace(/\s+/g, "_");
+		this.#tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		this.#id = new URL(this.context.url);
+		this.#dispatcher = callbacks.dispatcher.bind(callbacks);
+	}
+	/**
+	* Converts the collection to JSON-LD format.
+	* @returns A promise that resolves to the JSON-LD representation.
+	*/
+	async toJsonLd() {
+		return (await this.collection).toJsonLd(this.context);
+	}
+	/**
+	* Fetches the collection with optional cursor for pagination.
+	* This method is defined for method chaining and to show processing flow properly.
+	* So it is no problem to call `toJsonLd` directly on the instance.
+	* @param cursor The cursor for pagination, or null for the first page.
+	* @returns The CustomCollection instance for method chaining.
+	*/
+	fetchCollection(cursor = null) {
+		this.#collection = this.getCollection(cursor);
+		return this;
+	}
+	/**
+	* Gets the collection or collection page based on the cursor.
+	* @param {string | null} cursor The cursor for pagination, or null for the main collection.
+	* @returns {Promise<TCollection | TCollectionPage>} A promise that resolves to a Collection or CollectionPage.
+	*/
+	async getCollection(cursor = null) {
+		if (cursor !== null) {
+			const props$1 = await this.getPageProps(cursor);
+			return new this.CollectionPage(props$1);
+		}
+		const firstCursor = await this.firstCursor;
+		const props = typeof firstCursor === "string" ? await this.getProps(firstCursor) : await this.getPropsWithoutCursor();
+		return new this.Collection(props);
+	}
+	/**
+	* Gets the properties for a collection page.
+	* Returns the page properties including items, previous and next cursors.
+	* @param {string} cursor The cursor for the page.
+	* @returns A promise that resolves to the page properties.
+	*/
+	async getPageProps(cursor) {
+		const id = this.#id;
+		const pages = await this.getPages({ cursor });
+		const { prevCursor, nextCursor } = pages;
+		const partOf = new URL(id);
+		partOf.searchParams.delete("cursor");
+		return {
+			id,
+			partOf,
+			items: this.filterItems(pages.items),
+			prev: this.appendToUrl(prevCursor),
+			next: this.appendToUrl(nextCursor)
+		};
+	}
+	/**
+	* Gets the properties for a collection with cursors.
+	* Returns the first cursor and last cursor as URL, along with total items count.
+	* @param {string} firstCursor The first cursor for pagination.
+	* @returns A promise that resolves to the collection properties.
+	*/
+	async getProps(firstCursor) {
+		const lastCursor = await this.callbacks.lastCursor?.(this.context, this.values);
+		return {
+			id: this.#id,
+			first: this.appendToUrl(firstCursor),
+			last: this.appendToUrl(lastCursor),
+			totalItems: await this.totalItems
+		};
+	}
+	/**
+	* Gets the properties for a collection of all items and the count.
+	* @returns A promise that resolves to the collection properties.
+	*/
+	async getPropsWithoutCursor() {
+		const totalItems = await this.totalItems;
+		const pages = await this.getPages({ totalItems });
+		return {
+			id: this.#id,
+			totalItems,
+			items: this.filterItems(pages.items)
+		};
+	}
+	/**
+	* Gets a page of items from the collection.
+	* Wraps the dispatcher in a span for telemetry.
+	* @param options Options for getting the page, including cursor and total items.
+	* @returns A promise that resolves to the page items.
+	*/
+	async getPages({ cursor = null, totalItems = null }) {
+		return await this.#tracer.startActiveSpan(`${this.ATTRS.DISPATCH_COLLECTION} ${this.name}`, this.spanOptions(__opentelemetry_api.SpanKind.SERVER, cursor), this.spanPages({
+			cursor,
+			totalItems
+		}));
+	}
+	/**
+	* Creates span options for telemetry.
+	* @param {SpanKind} kind The span kind.
+	* @param {string | null} cursor The optional cursor value.
+	* @returns {SpanOptions}The span options.
+	*/
+	spanOptions = (kind, cursor) => ({
+		kind,
+		attributes: {
+			[this.ATTRS.ID]: this.#id.href,
+			[this.ATTRS.TYPE]: this.Collection.typeId.href,
+			...cursor ? { [this.ATTRS.CURSOR]: cursor } : {}
+		}
+	});
+	/**
+	* Creates a function to wrap the dispatcher so tracing can be applied.
+	* @param params Parameters including cursor and total items.
+	* @returns {(span: Span) => Promise<PageItems<TItem>>} A function that handles the span operation.
+	*/
+	spanPages = ({ totalItems = null, cursor = null }) => async (span) => {
+		try {
+			if (totalItems !== null) span.setAttribute(this.ATTRS.TOTAL_ITEMS, totalItems);
+			const page = await this.dispatch(cursor);
+			span.setAttribute(this.ATTRS.ITEMS, page.items.length);
+			return page;
+		} catch (e) {
+			const message = e instanceof Error ? e.message : String(e);
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	};
+	/**
+	* Dispatches the collection request to get items.
+	* @param {string | null} cursor The cursor for pagination, or null for the first page.
+	* @returns {Promise<PageItems<TItem>>} A promise that resolves to the page items.
+	*/
+	async dispatch(cursor = null) {
+		return await this.#dispatcher(this.context, this.values, cursor) ?? new ItemsNotFoundError().throw();
+	}
+	/**
+	* Filters the items in the collection.
+	* @param {TItem[]} items The items to filter.
+	* @returns {(Object | Link | URL)[]} The filtered items.
+	*/
+	filterItems(items) {
+		return filterCollectionItems(items, this.name, this.filterPredicate);
+	}
+	/**
+	* Appends a cursor to the URL if it exists.
+	* @param {string | null | undefined} cursor The cursor to append, or null/undefined.
+	* @returns The URL with cursor appended, or null if cursor is null/undefined.
+	*/
+	appendToUrl(cursor) {
+		return appendCursorIfExists(this.context.url, cursor);
+	}
+	/**
+	* Gets the stored collection or collection page.
+	* @returns {Promise<TCollection | TCollectionPage>} A promise that resolves to
+	the collection or collection page.
+	*/
+	get collection() {
+		if (this.#collection === null) this.#collection = this.getCollection();
+		return this.#collection;
+	}
+	/**
+	* Gets the total number of items in the collection.
+	* @returns {Promise<number | null>} A promise that
+	resolves to the total items count, or null if not available.
+	*/
+	get totalItems() {
+		if (this.#totalItems === void 0) this.totalItems = this.callbacks.counter?.(this.context, this.values);
+		return this.#totalItems;
+	}
+	/**
+	* Sets the total number of items in the collection.
+	* @param value The total items count or a promise that resolves to it.
+	*/
+	set totalItems(value) {
+		const toNumber = (value$1) => value$1 == null ? null : Number(value$1);
+		this.#totalItems = value instanceof Promise ? value.then(toNumber) : Promise.resolve(toNumber(value));
+	}
+	/**
+	* Gets the first cursor for pagination.
+	* @returns {Promise<string | null>} A promise that resolves to the first cursor,
+	or null if not available.
+	*/
+	get firstCursor() {
+		const cursor = this.callbacks.firstCursor?.(this.context, this.values);
+		return Promise.resolve(cursor ?? null);
+	}
+	/**
+	* Attribute constants for telemetry spans.
+	*/
+	ATTRS = {
+		DISPATCH_COLLECTION: "activitypub.dispatch_collection",
+		CURSOR: "fedify.collection.cursor",
+		ID: "activitypub.collection.id",
+		ITEMS: "fedify.collection.items",
+		TOTAL_ITEMS: "activitypub.collection.total_items",
+		TYPE: "activitypub.collection.type"
+	};
+};
+/**
+* A wrapper function that catches specific errors and handles them appropriately.
+* @template TParams The type of parameters that extend ErrorHandlers.
+* @param handler The handler function to wrap.
+* @returns A wrapped handler function that catches and handles specific errors.
+* @since 1.8.0
+*/
+function exceptWrapper(handler) {
+	return async (request, handlerParams) => {
+		try {
+			return await handler(request, handlerParams);
+		} catch (error) {
+			const { onNotFound, onNotAcceptable, onUnauthorized } = handlerParams;
+			switch (error?.constructor) {
+				case ItemsNotFoundError: return await onNotFound(request);
+				case NotAcceptableError: return await onNotAcceptable(request);
+				case UnauthorizedError: return await onUnauthorized(request);
+				default: throw error;
+			}
+		}
+	};
+}
+/**
+* Verifies that a value is defined (not undefined).
+* @template T The type of the value, excluding undefined.
+* @param callbacks The value to verify.
+* @throws {ItemsNotFoundError} If the value is undefined.
+* @since 1.8.0
+*/
+const verifyDefined = (callbacks) => {
+	if (callbacks === void 0) throw new ItemsNotFoundError();
+};
+/**
+* Verifies that a request accepts JSON-LD content type.
+* @param request The HTTP request to verify.
+* @throws {NotAcceptableError} If the request doesn't accept JSON-LD.
+* @since 1.8.0
+*/
+const verifyJsonLdRequest = (request) => {
+	if (!acceptsJsonLd(request)) throw new NotAcceptableError();
+};
+/**
+* Performs authorization if needed based on the authorization predicate.
+* @template TContextData The context data type.
+* @param {RequestContext<TContextData>} context The request context.
+* @param {Record<string, string>} values The parameter values.
+* @param options Options containing the authorization predicate.
+* @throws {UnauthorizedError} If authorization fails.
+* @since 1.8.0
+*/
+const authIfNeeded = async (context$2, values, { authorizePredicate: authorize = void 0 }) => {
+	if (authorize === void 0) return;
+	const key = (await context$2.getSignedKey())?.clone({}, warning.key) ?? null;
+	const keyOwner = (await context$2.getSignedKeyOwner())?.clone({}, warning.keyOwner) ?? null;
+	if (!await authorize(context$2, values, key, keyOwner)) throw new UnauthorizedError();
+};
+/** Warning messages for `authIfNeeded`. */
+const warning = {
+	key: { $warning: {
+		category: [
+			"fedify",
+			"federation",
+			"collection"
+		],
+		message: "The third parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKey() method.  The third parameter will be removed in a future release."
+	} },
+	keyOwner: { $warning: {
+		category: [
+			"fedify",
+			"federation",
+			"collection"
+		],
+		message: "The fourth parameter of AuthorizePredicate is deprecated in favor of RequestContext.getSignedKeyOwner() method.  The fourth parameter will be removed in a future release."
+	} }
+};
+/**
+* Appends a cursor parameter to a URL if the cursor exists.
+* @template Cursor The type of the cursor (string, null, or undefined).
+* @param {URL} url The base URL to append the cursor to.
+* @param {string | null | undefined} cursor The cursor value to append.
+* @returns The URL with cursor appended if cursor is a string, null otherwise.
+* @since 1.8.0
+*/
+const appendCursorIfExists = (url, cursor) => {
+	if (cursor === null || cursor === void 0) return null;
+	const copied = new URL(url);
+	copied.searchParams.set("cursor", cursor);
+	return copied;
+};
+/**
+* Creates an HTTP response for ActivityPub data.
+* @param {unknown} data The data to serialize as JSON-LD.
+* @returns {Response} An HTTP response with the data as ActivityPub JSON.
+* @since 1.8.0
+*/
+const respondAsActivity = (data) => new Response(JSON.stringify(data), { headers: {
+	"Content-Type": "application/activity+json",
+	Vary: "Accept"
+} });
+/**
+* Base class for handler errors.
+* @since 1.8.0
+*/
+var HandlerError = class extends Error {
+	constructor(message) {
+		super(message);
+	}
+	/**
+	* Throws this error.
+	* @returns Never returns, always throws.
+	*/
+	throw() {
+		throw this;
+	}
+};
+/**
+* Error thrown when items are not found in a collection.
+* @since 1.8.0
+*/
+var ItemsNotFoundError = class extends HandlerError {
+	constructor() {
+		super("Items not found in the collection.");
+	}
+};
+/**
+* Error thrown when the request is not acceptable (e.g., wrong content type).
+* @since 1.8.0
+*/
+var NotAcceptableError = class extends HandlerError {
+	constructor() {
+		super("The request is not acceptable.");
+	}
+};
+/**
+* Error thrown when access to a collection is unauthorized.
+* @since 1.8.0
+*/
+var UnauthorizedError = class extends HandlerError {
+	constructor() {
+		super("Unauthorized access to the collection.");
+	}
+};
+/**
+* Responds with the given object in JSON-LD format.
+*
+* @param object The object to respond with.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObject(object, options) {
+	const jsonLd = await object.toJsonLd(options);
+	return new Response(JSON.stringify(jsonLd), { headers: { "Content-Type": "application/activity+json" } });
+}
+/**
+* Responds with the given object in JSON-LD format if the request accepts
+* JSON-LD.
+*
+* @param object The object to respond with.
+* @param request The request to check for JSON-LD acceptability.
+* @param options Options.
+* @since 0.3.0
+*/
+async function respondWithObjectIfAcceptable(object, request, options) {
+	if (!acceptsJsonLd(request)) return null;
+	const response = await respondWithObject(object, options);
+	response.headers.set("Vary", "Accept");
+	return response;
+}
+
+//#endregion
+//#region src/nodeinfo/handler.ts
+/**
+* Handles a NodeInfo request.  You would not typically call this function
+* directly, but instead use {@link Federation.handle} method.
+* @param request The NodeInfo request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleNodeInfo(_request, { context: context$2, nodeInfoDispatcher }) {
+	const promise = nodeInfoDispatcher(context$2);
+	const nodeInfo = promise instanceof Promise ? await promise : promise;
+	const json = require_types.nodeInfoToJson(nodeInfo);
+	return new Response(JSON.stringify(json), { headers: { "Content-Type": "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\"" } });
+}
+/**
+* Handles a request to `/.well-known/nodeinfo`.  You would not typically call
+* this function directly, but instead use {@link Federation.handle} method.
+* @param request The request to handle.
+* @param context The request context.
+* @returns The response to the request.
+*/
+function handleNodeInfoJrd(_request, context$2) {
+	const links = [];
+	try {
+		links.push({
+			rel: "http://nodeinfo.diaspora.software/ns/schema/2.1",
+			href: context$2.getNodeInfoUri().href,
+			type: "application/json; profile=\"http://nodeinfo.diaspora.software/ns/schema/2.1#\""
+		});
+	} catch (e) {
+		if (!(e instanceof RouterError)) throw e;
+	}
+	const jrd = { links };
+	const response = new Response(JSON.stringify(jrd), { headers: { "Content-Type": "application/jrd+json" } });
+	return Promise.resolve(response);
+}
+
+//#endregion
+//#region src/webfinger/handler.ts
+const logger = (0, __logtape_logtape.getLogger)([
+	"fedify",
+	"webfinger",
+	"server"
+]);
+/**
+* Handles a WebFinger request.  You would not typically call this function
+* directly, but instead use {@link Federation.fetch} method.
+* @param request The WebFinger request to handle.
+* @param parameters The parameters for handling the request.
+* @returns The response to the request.
+*/
+async function handleWebFinger(request, options) {
+	if (options.tracer == null) return await handleWebFingerInternal(request, options);
+	return await options.tracer.startActiveSpan("webfinger.handle", { kind: __opentelemetry_api.SpanKind.SERVER }, async (span) => {
+		try {
+			const response = await handleWebFingerInternal(request, options);
+			span.setStatus({ code: response.ok ? __opentelemetry_api.SpanStatusCode.UNSET : __opentelemetry_api.SpanStatusCode.ERROR });
+			return response;
+		} catch (error) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function handleWebFingerInternal(request, { context: context$2, host, actorDispatcher, actorHandleMapper, actorAliasMapper, onNotFound, span, webFingerLinksDispatcher }) {
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.");
+		return await onNotFound(request);
+	}
+	const resource = context$2.url.searchParams.get("resource");
+	if (resource == null) return new Response("Missing resource parameter.", { status: 400 });
+	span?.setAttribute("webfinger.resource", resource);
+	let resourceUrl;
+	try {
+		resourceUrl = new URL(resource);
+	} catch (e) {
+		if (e instanceof TypeError) return new Response("Invalid resource URL.", { status: 400 });
+		throw e;
+	}
+	span?.setAttribute("webfinger.resource.scheme", resourceUrl.protocol.replace(/:$/, ""));
+	async function mapUsernameToIdentifier(username) {
+		if (actorHandleMapper == null) {
+			logger.error("No actor handle mapper is set; use the WebFinger username {username} as the actor's internal identifier.", { username });
+			return username;
+		}
+		const identifier$1 = await actorHandleMapper(context$2, username);
+		if (identifier$1 == null) {
+			logger.error("Actor {username} not found.", { username });
+			return null;
+		}
+		return identifier$1;
+	}
+	let identifier = null;
+	const uriParsed = context$2.parseUri(resourceUrl);
+	if (uriParsed?.type != "actor") {
+		const match = /^acct:([^@]+)@([^@]+)$/.exec(resource);
+		if (match == null) {
+			const result = await actorAliasMapper?.(context$2, resourceUrl);
+			if (result == null) return await onNotFound(request);
+			if ("identifier" in result) identifier = result.identifier;
+			else identifier = await mapUsernameToIdentifier(result.username);
+		} else {
+			const portMatch = /:\d+$/.exec(match[2]);
+			const normalizedHost = portMatch == null ? (0, node_url.domainToASCII)(match[2].toLowerCase()) : (0, node_url.domainToASCII)(match[2].substring(0, portMatch.index).toLowerCase()) + portMatch[0];
+			if (normalizedHost != context$2.url.host && normalizedHost != host) return await onNotFound(request);
+			else {
+				identifier = await mapUsernameToIdentifier(match[1]);
+				resourceUrl = new URL(`acct:${match[1]}@${normalizedHost}`);
+			}
+		}
+	} else identifier = uriParsed.identifier;
+	if (identifier == null) return await onNotFound(request);
+	const actor = await actorDispatcher(context$2, identifier);
+	if (actor == null) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const links = [{
+		rel: "self",
+		href: context$2.getActorUri(identifier).href,
+		type: "application/activity+json"
+	}];
+	for (const url of actor.urls) if (url instanceof require_actor.Link && url.href != null) links.push({
+		rel: url.rel ?? "http://webfinger.net/rel/profile-page",
+		href: url.href.href,
+		type: url.mediaType == null ? void 0 : url.mediaType
+	});
+	else if (url instanceof URL) links.push({
+		rel: "http://webfinger.net/rel/profile-page",
+		href: url.href
+	});
+	for await (const image of actor.getIcons()) {
+		if (image.url?.href == null) continue;
+		const link = {
+			rel: "http://webfinger.net/rel/avatar",
+			href: image.url.href.toString()
+		};
+		if (image.mediaType != null) link.type = image.mediaType;
+		links.push(link);
+	}
+	if (webFingerLinksDispatcher != null) {
+		const customLinks = await webFingerLinksDispatcher(context$2, resourceUrl);
+		if (customLinks != null) for (const link of customLinks) links.push(link);
+	}
+	const aliases = [];
+	if (resourceUrl.protocol != "acct:" && actor.preferredUsername != null) {
+		aliases.push(`acct:${actor.preferredUsername}@${host ?? context$2.url.host}`);
+		if (host != null && host !== context$2.url.host) aliases.push(`acct:${actor.preferredUsername}@${context$2.url.host}`);
+	}
+	if (resourceUrl.href !== context$2.getActorUri(identifier).href) aliases.push(context$2.getActorUri(identifier).href);
+	if (resourceUrl.protocol === "acct:" && host != null && host !== context$2.url.host && !resourceUrl.href.endsWith(`@${host}`)) {
+		const username = resourceUrl.href.replace(/^acct:/, "").replace(/@.*$/, "");
+		aliases.push(`acct:${username}@${host}`);
+	}
+	const jrd = {
+		subject: resourceUrl.href,
+		aliases,
+		links
+	};
+	return new Response(JSON.stringify(jrd), { headers: {
+		"Content-Type": "application/jrd+json",
+		"Access-Control-Allow-Origin": "*"
+	} });
+}
+
+//#endregion
+//#region src/federation/retry.ts
+/**
+* Creates an exponential backoff retry policy.  The delay between retries
+* starts at the `initialDelay` and is multiplied by the `factor` for each
+* subsequent retry, up to the `maxDelay`.  The policy will give up after
+* `maxAttempts` attempts.  The actual delay is randomized to avoid
+* synchronization (jitter).
+* @param options The options for the policy.
+* @returns The retry policy.
+* @since 0.12.0
+*/
+function createExponentialBackoffPolicy(options = {}) {
+	const initialDelay = Temporal.Duration.from(options.initialDelay ?? { seconds: 1 });
+	const maxDelay = Temporal.Duration.from(options.maxDelay ?? { hours: 12 });
+	const maxAttempts = options.maxAttempts ?? 10;
+	const factor = options.factor ?? 2;
+	const jitter = options.jitter ?? true;
+	return ({ attempts }) => {
+		if (attempts >= maxAttempts) return null;
+		let milliseconds = initialDelay.total("millisecond");
+		milliseconds *= factor ** attempts;
+		if (jitter) {
+			milliseconds *= 1 + Math.random();
+			milliseconds = Math.round(milliseconds);
+		}
+		const delay = Temporal.Duration.from({ milliseconds });
+		return Temporal.Duration.compare(delay, maxDelay) > 0 ? maxDelay : delay;
+	};
+}
+
+//#endregion
+//#region src/federation/send.ts
+/**
+* Extracts the inbox URLs from recipients.
+* @param parameters The parameters to extract the inboxes.
+*                   See also {@link ExtractInboxesParameters}.
+* @returns The inboxes as a map of inbox URL to actor URIs.
+*/
+function extractInboxes({ recipients, preferSharedInbox, excludeBaseUris }) {
+	const inboxes = {};
+	for (const recipient of recipients) {
+		let inbox;
+		let sharedInbox = false;
+		if (preferSharedInbox && recipient.endpoints?.sharedInbox != null) {
+			inbox = recipient.endpoints.sharedInbox;
+			sharedInbox = true;
+		} else inbox = recipient.inboxId;
+		if (inbox != null && recipient.id != null) {
+			if (excludeBaseUris != null && excludeBaseUris.some((u) => u.origin === inbox?.origin)) continue;
+			inboxes[inbox.href] ??= {
+				actorIds: /* @__PURE__ */ new Set(),
+				sharedInbox
+			};
+			inboxes[inbox.href].actorIds.add(recipient.id.href);
+		}
+	}
+	return inboxes;
+}
+/**
+* Sends an {@link Activity} to an inbox.
+*
+* @param parameters The parameters for sending the activity.
+*                   See also {@link SendActivityParameters}.
+* @throws {Error} If the activity fails to send.
+*/
+function sendActivity(options) {
+	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	return tracer.startActiveSpan("activitypub.send_activity", {
+		kind: __opentelemetry_api.SpanKind.CLIENT,
+		attributes: { "activitypub.shared_inbox": options.sharedInbox ?? false }
+	}, async (span) => {
+		if (options.activityId != null) span.setAttribute("activitypub.activity.id", options.activityId);
+		if (options.activityType != null) span.setAttribute("activitypub.activity.type", options.activityType);
+		try {
+			await sendActivityInternal({
+				...options,
+				tracerProvider
+			});
+		} catch (e) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function sendActivityInternal({ activity, activityId, keys, inbox, headers, specDeterminer, tracerProvider }) {
+	const logger$1 = (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"federation",
+		"outbox"
+	]);
+	headers = new Headers(headers);
+	headers.set("Content-Type", "application/activity+json");
+	const request = new Request(inbox, {
+		method: "POST",
+		headers,
+		body: JSON.stringify(activity)
+	});
+	let rsaKey = null;
+	for (const key of keys) if (key.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		rsaKey = key;
+		break;
+	}
+	if (rsaKey == null) logger$1.warn("No supported key found to sign the request to {inbox}.  The request will be sent without a signature.  In order to sign the request, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
+		inbox: inbox.href,
+		keys: keys.map((pair) => ({
+			keyId: pair.keyId.href,
+			privateKey: pair.privateKey
+		}))
+	});
+	let response;
+	try {
+		response = rsaKey == null ? await fetch(request) : await require_http.doubleKnock(request, rsaKey, {
+			tracerProvider,
+			specDeterminer
+		});
+	} catch (error) {
+		logger$1.error("Failed to send activity {activityId} to {inbox}:\n{error}", {
+			activityId,
+			inbox: inbox.href,
+			error
+		});
+		throw error;
+	}
+	if (!response.ok) {
+		let error;
+		try {
+			error = await response.text();
+		} catch (_) {
+			error = "";
+		}
+		logger$1.error("Failed to send activity {activityId} to {inbox} ({status} {statusText}):\n{error}", {
+			activityId,
+			inbox: inbox.href,
+			status: response.status,
+			statusText: response.statusText,
+			error
+		});
+		throw new Error(`Failed to send activity ${activityId} to ${inbox.href} (${response.status} ${response.statusText}):\n${error}`);
+	}
+}
+
+//#endregion
+//#region src/federation/middleware.ts
+/**
+* Create a new {@link Federation} instance.
+* @param parameters Parameters for initializing the instance.
+* @returns A new {@link Federation} instance.
+* @since 0.10.0
+*/
+function createFederation(options) {
+	return new FederationImpl(options);
+}
+var FederationImpl = class extends FederationBuilderImpl {
+	kv;
+	kvPrefixes;
+	inboxQueue;
+	outboxQueue;
+	fanoutQueue;
+	inboxQueueStarted;
+	outboxQueueStarted;
+	fanoutQueueStarted;
+	manuallyStartQueue;
+	origin;
+	documentLoaderFactory;
+	contextLoaderFactory;
+	authenticatedDocumentLoaderFactory;
+	allowPrivateAddress;
+	userAgent;
+	onOutboxError;
+	signatureTimeWindow;
+	skipSignatureVerification;
+	outboxRetryPolicy;
+	inboxRetryPolicy;
+	activityTransformers;
+	tracerProvider;
+	firstKnock;
+	constructor(options) {
+		super();
+		const logger$1 = (0, __logtape_logtape.getLogger)(["fedify", "federation"]);
+		this.kv = options.kv;
+		this.kvPrefixes = {
+			activityIdempotence: ["_fedify", "activityIdempotence"],
+			remoteDocument: ["_fedify", "remoteDocument"],
+			publicKey: ["_fedify", "publicKey"],
+			httpMessageSignaturesSpec: ["_fedify", "httpMessageSignaturesSpec"],
+			...options.kvPrefixes ?? {}
+		};
+		if (options.queue == null) {
+			this.inboxQueue = void 0;
+			this.outboxQueue = void 0;
+			this.fanoutQueue = void 0;
+		} else if ("enqueue" in options.queue && "listen" in options.queue) {
+			this.inboxQueue = options.queue;
+			this.outboxQueue = options.queue;
+			this.fanoutQueue = options.queue;
+		} else {
+			this.inboxQueue = options.queue.inbox;
+			this.outboxQueue = options.queue.outbox;
+			this.fanoutQueue = options.queue.fanout;
+		}
+		this.inboxQueueStarted = false;
+		this.outboxQueueStarted = false;
+		this.fanoutQueueStarted = false;
+		this.manuallyStartQueue = options.manuallyStartQueue ?? false;
+		if (options.origin != null) if (typeof options.origin === "string") {
+			if (!URL.canParse(options.origin) || !options.origin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			const origin = new URL(options.origin);
+			if (!origin.pathname.match(/^\/*$/) || origin.search !== "" || origin.hash !== "") throw new TypeError(`Invalid origin: ${JSON.stringify(options.origin)}`);
+			this.origin = {
+				handleHost: origin.host,
+				webOrigin: origin.origin
+			};
+		} else {
+			const { handleHost, webOrigin } = options.origin;
+			if (!URL.canParse(`https://${handleHost}/`) || handleHost.includes("/")) throw new TypeError(`Invalid origin.handleHost: ${JSON.stringify(handleHost)}`);
+			if (!URL.canParse(webOrigin) || !webOrigin.match(/^https?:\/\//)) throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			const webOriginUrl = new URL(webOrigin);
+			if (!webOriginUrl.pathname.match(/^\/*$/) || webOriginUrl.search !== "" || webOriginUrl.hash !== "") throw new TypeError(`Invalid origin.webOrigin: ${JSON.stringify(webOrigin)}`);
+			this.origin = {
+				handleHost: new URL(`https://${handleHost}/`).host,
+				webOrigin: webOriginUrl.origin
+			};
+		}
+		this.router.trailingSlashInsensitive = options.trailingSlashInsensitive ?? false;
+		this._initializeRouter();
+		if (options.allowPrivateAddress || options.userAgent != null) {
+			if (options.documentLoader != null) throw new TypeError("Cannot set documentLoader with allowPrivateAddress or userAgent options.");
+			else if (options.contextLoader != null) throw new TypeError("Cannot set contextLoader with allowPrivateAddress or userAgent options.");
+			else if (options.authenticatedDocumentLoaderFactory != null) throw new TypeError("Cannot set authenticatedDocumentLoaderFactory with allowPrivateAddress or userAgent options.");
+		}
+		const { allowPrivateAddress, userAgent } = options;
+		this.allowPrivateAddress = allowPrivateAddress ?? false;
+		if (options.documentLoader != null) {
+			if (options.documentLoaderFactory != null) throw new TypeError("Cannot set both documentLoader and documentLoaderFactory options at a time; use documentLoaderFactory only.");
+			this.documentLoaderFactory = () => options.documentLoader;
+			logger$1.warn("The documentLoader option is deprecated; use documentLoaderFactory option instead.");
+		} else this.documentLoaderFactory = options.documentLoaderFactory ?? ((opts) => {
+			return require_docloader.kvCache({
+				loader: require_docloader.getDocumentLoader({
+					allowPrivateAddress: opts?.allowPrivateAddress ?? allowPrivateAddress,
+					userAgent: opts?.userAgent ?? userAgent
+				}),
+				kv: options.kv,
+				prefix: this.kvPrefixes.remoteDocument
+			});
+		});
+		if (options.contextLoader != null) {
+			if (options.contextLoaderFactory != null) throw new TypeError("Cannot set both contextLoader and contextLoaderFactory options at a time; use contextLoaderFactory only.");
+			this.contextLoaderFactory = () => options.contextLoader;
+			logger$1.warn("The contextLoader option is deprecated; use contextLoaderFactory option instead.");
+		} else this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
+		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => require_authdocloader.getAuthenticatedDocumentLoader(identity, {
+			allowPrivateAddress,
+			userAgent,
+			specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, options.firstKnock),
+			tracerProvider: this.tracerProvider
+		}));
+		this.userAgent = userAgent;
+		this.onOutboxError = options.onOutboxError;
+		this.signatureTimeWindow = options.signatureTimeWindow ?? { hours: 1 };
+		this.skipSignatureVerification = options.skipSignatureVerification ?? false;
+		this.outboxRetryPolicy = options.outboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.inboxRetryPolicy = options.inboxRetryPolicy ?? createExponentialBackoffPolicy();
+		this.activityTransformers = options.activityTransformers ?? require_transformers.getDefaultActivityTransformers();
+		this.tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+		this.firstKnock = options.firstKnock;
+	}
+	_initializeRouter() {
+		this.router.add("/.well-known/webfinger", "webfinger");
+		this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
+	}
+	_getTracer() {
+		return this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	}
+	async _startQueueInternal(ctxData, signal, queue) {
+		if (this.inboxQueue == null && this.outboxQueue == null) return;
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"queue"
+		]);
+		const promises = [];
+		if (this.inboxQueue != null && (queue == null || queue === "inbox") && !this.inboxQueueStarted) {
+			logger$1.debug("Starting an inbox task worker.");
+			this.inboxQueueStarted = true;
+			promises.push(this.inboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.outboxQueue != null && this.outboxQueue !== this.inboxQueue && (queue == null || queue === "outbox") && !this.outboxQueueStarted) {
+			logger$1.debug("Starting an outbox task worker.");
+			this.outboxQueueStarted = true;
+			promises.push(this.outboxQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		if (this.fanoutQueue != null && this.fanoutQueue !== this.inboxQueue && this.fanoutQueue !== this.outboxQueue && (queue == null || queue === "fanout") && !this.fanoutQueueStarted) {
+			logger$1.debug("Starting a fanout task worker.");
+			this.fanoutQueueStarted = true;
+			promises.push(this.fanoutQueue.listen((msg) => this.processQueuedTask(ctxData, msg), { signal }));
+		}
+		await Promise.all(promises);
+	}
+	processQueuedTask(contextData, message) {
+		const tracer = this._getTracer();
+		const extractedContext = __opentelemetry_api.propagation.extract(__opentelemetry_api.context.active(), message.traceContext);
+		return (0, __logtape_logtape.withContext)({ messageId: message.id }, async () => {
+			if (message.type === "fanout") await tracer.startActiveSpan("activitypub.fanout", {
+				kind: __opentelemetry_api.SpanKind.CONSUMER,
+				attributes: { "activitypub.activity.type": message.activityType }
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenFanoutMessage(contextData, message);
+				} catch (e) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "outbox") await tracer.startActiveSpan("activitypub.outbox", {
+				kind: __opentelemetry_api.SpanKind.CONSUMER,
+				attributes: {
+					"activitypub.activity.type": message.activityType,
+					"activitypub.activity.retries": message.attempt
+				}
+			}, extractedContext, async (span) => {
+				if (message.activityId != null) span.setAttribute("activitypub.activity.id", message.activityId);
+				try {
+					await this.#listenOutboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+			else if (message.type === "inbox") await tracer.startActiveSpan("activitypub.inbox", {
+				kind: __opentelemetry_api.SpanKind.CONSUMER,
+				attributes: { "activitypub.shared_inbox": message.identifier == null }
+			}, extractedContext, async (span) => {
+				try {
+					await this.#listenInboxMessage(contextData, message, span);
+				} catch (e) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(e)
+					});
+					throw e;
+				} finally {
+					span.end();
+				}
+			});
+		});
+	}
+	async #listenFanoutMessage(data, message) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"fanout"
+		]);
+		logger$1.debug("Fanning out activity {activityId} to {inboxes} inbox(es)...", {
+			activityId: message.activityId,
+			inboxes: globalThis.Object.keys(message.inboxes).length
+		});
+		const keys = await Promise.all(message.keys.map(async ({ keyId, privateKey }) => ({
+			keyId: new URL(keyId),
+			privateKey: await require_key.importJwk(privateKey, "private")
+		})));
+		const activity = await require_actor.Activity.fromJsonLd(message.activity, {
+			contextLoader: this.contextLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			documentLoader: this.documentLoaderFactory({
+				allowPrivateAddress: this.allowPrivateAddress,
+				userAgent: this.userAgent
+			}),
+			tracerProvider: this.tracerProvider
+		});
+		const context$2 = this.#createContext(new URL(message.baseUrl), data, { documentLoader: this.documentLoaderFactory({
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: this.userAgent
+		}) });
+		await this.sendActivity(keys, message.inboxes, activity, {
+			collectionSync: message.collectionSync,
+			context: context$2
+		});
+	}
+	async #listenOutboxMessage(_, message, span) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const logData = {
+			keyIds: message.keys.map((pair) => pair.keyId),
+			inbox: message.inbox,
+			activity: message.activity,
+			activityId: message.activityId,
+			attempt: message.attempt,
+			headers: message.headers
+		};
+		const keys = [];
+		let rsaKeyPair = null;
+		for (const { keyId, privateKey } of message.keys) {
+			const pair = {
+				keyId: new URL(keyId),
+				privateKey: await require_key.importJwk(privateKey, "private")
+			};
+			if (rsaKeyPair == null && pair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") rsaKeyPair = pair;
+			keys.push(pair);
+		}
+		try {
+			await sendActivity({
+				keys,
+				activity: message.activity,
+				activityId: message.activityId,
+				activityType: message.activityType,
+				inbox: new URL(message.inbox),
+				sharedInbox: message.sharedInbox,
+				headers: new Headers(message.headers),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, this.firstKnock),
+				tracerProvider: this.tracerProvider
+			});
+		} catch (error) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			const loaderOptions = this.#getLoaderOptions(message.baseUrl);
+			const activity = await require_actor.Activity.fromJsonLd(message.activity, {
+				contextLoader: this.contextLoaderFactory(loaderOptions),
+				documentLoader: rsaKeyPair == null ? this.documentLoaderFactory(loaderOptions) : this.authenticatedDocumentLoaderFactory(rsaKeyPair, loaderOptions),
+				tracerProvider: this.tracerProvider
+			});
+			try {
+				this.onOutboxError?.(error, activity);
+			} catch (error$1) {
+				logger$1.error("An unexpected error occurred in onError handler:\n{error}", {
+					...logData,
+					error: error$1
+				});
+			}
+			if (this.outboxQueue?.nativeRetrial) {
+				logger$1.error("Failed to send activity {activityId} to {inbox}; backend will handle retry:\n{error}", {
+					...logData,
+					error
+				});
+				throw error;
+			}
+			const delay = this.outboxRetryPolicy({
+				elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+				attempts: message.attempt
+			});
+			if (delay != null) {
+				logger$1.error("Failed to send activity {activityId} to {inbox} (attempt #{attempt}); retry...:\n{error}", {
+					...logData,
+					error
+				});
+				await this.outboxQueue?.enqueue({
+					...message,
+					attempt: message.attempt + 1
+				}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+			} else logger$1.error("Failed to send activity {activityId} to {inbox} after {attempt} attempts; giving up:\n{error}", {
+				...logData,
+				error
+			});
+			return;
+		}
+		logger$1.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
+	}
+	async #listenInboxMessage(ctxData, message, span) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const baseUrl = new URL(message.baseUrl);
+		let context$2 = this.#createContext(baseUrl, ctxData);
+		if (message.identifier != null) context$2 = this.#createContext(baseUrl, ctxData, { documentLoader: await context$2.getDocumentLoader({ identifier: message.identifier }) });
+		else if (this.sharedInboxKeyDispatcher != null) {
+			const identity = await this.sharedInboxKeyDispatcher(context$2);
+			if (identity != null) context$2 = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$2.getDocumentLoader(identity) : context$2.getDocumentLoader(identity) });
+		}
+		const activity = await require_actor.Activity.fromJsonLd(message.activity, context$2);
+		span.setAttribute("activitypub.activity.type", require_actor.getTypeId(activity).href);
+		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+		const cacheKey = activity.id == null ? null : [
+			...this.kvPrefixes.activityIdempotence,
+			context$2.origin,
+			activity.id.href
+		];
+		if (cacheKey != null) {
+			const cached = await this.kv.get(cacheKey);
+			if (cached === true) {
+				logger$1.debug("Activity {activityId} has already been processed.", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				return;
+			}
+		}
+		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: __opentelemetry_api.SpanKind.INTERNAL }, async (span$1) => {
+			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			if (dispatched == null) {
+				logger$1.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span$1.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${require_actor.getTypeId(activity).href}`
+				});
+				span$1.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span$1.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context$2.toInboxContext(message.identifier, message.activity, activity.id?.href, require_actor.getTypeId(activity).href), activity);
+			} catch (error) {
+				try {
+					await this.inboxErrorHandler?.(context$2, error);
+				} catch (error$1) {
+					logger$1.error("An unexpected error occurred in inbox error handler:\n{error}", {
+						error: error$1,
+						trial: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+				}
+				if (this.inboxQueue?.nativeRetrial) {
+					logger$1.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
+						error,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span$1.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span$1.end();
+					throw error;
+				}
+				const delay = this.inboxRetryPolicy({
+					elapsedTime: Temporal.Instant.from(message.started).until(Temporal.Now.instant()),
+					attempts: message.attempt
+				});
+				if (delay != null) {
+					logger$1.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
+						error,
+						attempt: message.attempt,
+						activityId: activity.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					await this.inboxQueue?.enqueue({
+						...message,
+						attempt: message.attempt + 1
+					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+				} else logger$1.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
+					error,
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier
+				});
+				span$1.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: String(error)
+				});
+				span$1.end();
+				return;
+			}
+			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+			logger$1.info("Activity {activityId} has been processed.", {
+				activityId: activity.id?.href,
+				activity: message.activity,
+				recipient: message.identifier
+			});
+			span$1.end();
+		});
+	}
+	startQueue(contextData, options = {}) {
+		return this._startQueueInternal(contextData, options.signal, options.queue);
+	}
+	createContext(urlOrRequest, contextData) {
+		return urlOrRequest instanceof Request ? this.#createContext(urlOrRequest, contextData) : this.#createContext(urlOrRequest, contextData);
+	}
+	#createContext(urlOrRequest, contextData, opts = {}) {
+		const request = urlOrRequest instanceof Request ? urlOrRequest : null;
+		const url = urlOrRequest instanceof URL ? new URL(urlOrRequest) : new URL(urlOrRequest.url);
+		if (request == null) {
+			url.pathname = "/";
+			url.hash = "";
+			url.search = "";
+		}
+		const loaderOptions = this.#getLoaderOptions(url.origin);
+		const ctxOptions = {
+			url,
+			federation: this,
+			data: contextData,
+			documentLoader: opts.documentLoader ?? this.documentLoaderFactory(loaderOptions),
+			contextLoader: this.contextLoaderFactory(loaderOptions)
+		};
+		if (request == null) return new ContextImpl(ctxOptions);
+		return new RequestContextImpl({
+			...ctxOptions,
+			request,
+			invokedFromActorDispatcher: opts.invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: opts.invokedFromObjectDispatcher
+		});
+	}
+	#getLoaderOptions(origin) {
+		origin = typeof origin === "string" ? new URL(origin).origin : origin.origin;
+		return {
+			allowPrivateAddress: this.allowPrivateAddress,
+			userAgent: typeof this.userAgent === "string" ? this.userAgent : {
+				url: origin,
+				...this.userAgent
+			}
+		};
+	}
+	async sendActivity(keys, inboxes, activity, options) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		const { immediate, collectionSync, context: ctx } = options;
+		if (activity.id == null) throw new TypeError("The activity to send must have an id.");
+		if (activity.actorId == null) throw new TypeError("The activity to send must have at least one actor property.");
+		else if (keys.length < 1) throw new TypeError("The keys must not be empty.");
+		const contextLoader = this.contextLoaderFactory(this.#getLoaderOptions(ctx.origin));
+		const activityId = activity.id.href;
+		let proofCreated = false;
+		let rsaKey = null;
+		for (const { keyId, privateKey } of keys) {
+			require_key.validateCryptoKey(privateKey, "private");
+			if (rsaKey == null && privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
+				rsaKey = {
+					keyId,
+					privateKey
+				};
+				continue;
+			}
+			if (privateKey.algorithm.name === "Ed25519") {
+				activity = await require_proof.signObject(activity, privateKey, keyId, {
+					contextLoader,
+					tracerProvider: this.tracerProvider
+				});
+				proofCreated = true;
+			}
+		}
+		let jsonLd = await activity.toJsonLd({
+			format: "compact",
+			contextLoader
+		});
+		if (rsaKey == null) logger$1.warn("No supported key found to create a Linked Data signature for the activity {activityId}.  The activity will be sent without a Linked Data signature.  In order to create a Linked Data signature, at least one RSASSA-PKCS1-v1_5 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		else jsonLd = await require_proof.signJsonLd(jsonLd, rsaKey.privateKey, rsaKey.keyId, {
+			contextLoader,
+			tracerProvider: this.tracerProvider
+		});
+		if (!proofCreated) logger$1.warn("No supported key found to create a proof for the activity {activityId}.  The activity will be sent without a proof.  In order to create a proof, at least one Ed25519 key must be provided.", {
+			activityId,
+			keys: keys.map((pair) => ({
+				keyId: pair.keyId.href,
+				privateKey: pair.privateKey
+			}))
+		});
+		if (immediate || this.outboxQueue == null) {
+			if (immediate) logger$1.debug("Sending activity immediately without queue since immediate option is set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			else logger$1.debug("Sending activity immediately without queue since queue is not set.", {
+				activityId: activity.id.href,
+				activity: jsonLd
+			});
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: require_actor.getTypeId(activity).href,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				headers: collectionSync == null ? void 0 : new Headers({ "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) }),
+				specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, this.firstKnock),
+				tracerProvider: this.tracerProvider
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$1.debug("Enqueuing activity {activityId} to send later.", {
+			activityId: activity.id.href,
+			activity: jsonLd
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await require_key.exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		if (!this.manuallyStartQueue) this._startQueueInternal(ctx.data);
+		const carrier = {};
+		__opentelemetry_api.propagation.inject(__opentelemetry_api.context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				keys: keyJwkPairs,
+				activity: jsonLd,
+				activityId: activity.id?.href,
+				activityType: require_actor.getTypeId(activity).href,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				attempt: 0,
+				headers: collectionSync == null ? {} : { "Collection-Synchronization": await buildCollectionSynchronizationHeader(collectionSync, inboxes[inbox].actorIds) },
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const results = await Promise.allSettled(promises);
+			const errors = results.filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$1.error("Failed to enqueue activity {activityId} to send later: {errors}", {
+					activityId: activity.id.href,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${activityId} to send later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$1.error("Failed to enqueue activity {activityId} to send later: {error}", {
+				activityId: activity.id.href,
+				error
+			});
+			throw error;
+		}
+	}
+	fetch(request, options) {
+		const requestId = getRequestId(request);
+		return (0, __logtape_logtape.withContext)({ requestId }, async () => {
+			const tracer = this._getTracer();
+			return await tracer.startActiveSpan(request.method, {
+				kind: __opentelemetry_api.SpanKind.SERVER,
+				attributes: {
+					[__opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_METHOD]: request.method,
+					[__opentelemetry_semantic_conventions.ATTR_URL_FULL]: request.url
+				}
+			}, async (span) => {
+				const logger$1 = (0, __logtape_logtape.getLogger)([
+					"fedify",
+					"federation",
+					"http"
+				]);
+				if (span.isRecording()) for (const [k, v] of request.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_HEADER)(k), [v]);
+				let response;
+				try {
+					response = await this.#fetch(request, {
+						...options,
+						span,
+						tracer
+					});
+				} catch (error) {
+					span.setStatus({
+						code: __opentelemetry_api.SpanStatusCode.ERROR,
+						message: `${error}`
+					});
+					span.end();
+					logger$1.error("An error occurred while serving request {method} {url}: {error}", {
+						method: request.method,
+						url: request.url,
+						error
+					});
+					throw error;
+				}
+				if (span.isRecording()) {
+					span.setAttribute(__opentelemetry_semantic_conventions.ATTR_HTTP_RESPONSE_STATUS_CODE, response.status);
+					for (const [k, v] of response.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_RESPONSE_HEADER)(k), [v]);
+					span.setStatus({
+						code: response.status >= 500 ? __opentelemetry_api.SpanStatusCode.ERROR : __opentelemetry_api.SpanStatusCode.UNSET,
+						message: response.statusText
+					});
+				}
+				span.end();
+				const url = new URL(request.url);
+				const logTpl = "{method} {path}: {status}";
+				const values = {
+					method: request.method,
+					path: `${url.pathname}${url.search}`,
+					url: request.url,
+					status: response.status
+				};
+				if (response.status >= 500) logger$1.error(logTpl, values);
+				else if (response.status >= 400) logger$1.warn(logTpl, values);
+				else logger$1.info(logTpl, values);
+				return response;
+			});
+		});
+	}
+	async #fetch(request, { onNotFound, onNotAcceptable, onUnauthorized, contextData, span, tracer }) {
+		onNotFound ??= notFound;
+		onNotAcceptable ??= notAcceptable;
+		onUnauthorized ??= unauthorized;
+		const url = new URL(request.url);
+		const route = this.router.route(url.pathname);
+		if (route == null) return await onNotFound(request);
+		span.updateName(`${request.method} ${route.template}`);
+		let context$2 = this.#createContext(request, contextData);
+		const routeName = route.name.replace(/:.*$/, "");
+		switch (routeName) {
+			case "webfinger": return await handleWebFinger(request, {
+				context: context$2,
+				host: this.origin?.handleHost,
+				actorDispatcher: this.actorCallbacks?.dispatcher,
+				actorHandleMapper: this.actorCallbacks?.handleMapper,
+				actorAliasMapper: this.actorCallbacks?.aliasMapper,
+				webFingerLinksDispatcher: this.webFingerLinksDispatcher,
+				onNotFound,
+				tracer
+			});
+			case "nodeInfoJrd": return await handleNodeInfoJrd(request, context$2);
+			case "nodeInfo": return await handleNodeInfo(request, {
+				context: context$2,
+				nodeInfoDispatcher: this.nodeInfoDispatcher
+			});
+			case "actor":
+				context$2 = this.#createContext(request, contextData, { invokedFromActorDispatcher: { identifier: route.values.identifier ?? route.values.handle } });
+				return await handleActor(request, {
+					identifier: route.values.identifier ?? route.values.handle,
+					context: context$2,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					authorizePredicate: this.actorCallbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			case "object": {
+				const typeId = route.name.replace(/^object:/, "");
+				const callbacks = this.objectCallbacks[typeId];
+				const cls = this.objectTypeIds[typeId];
+				context$2 = this.#createContext(request, contextData, { invokedFromObjectDispatcher: {
+					cls,
+					values: route.values
+				} });
+				return await handleObject(request, {
+					values: route.values,
+					context: context$2,
+					objectDispatcher: callbacks?.dispatcher,
+					authorizePredicate: callbacks?.authorizePredicate,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "outbox": return await handleCollection(request, {
+				name: "outbox",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$2.getOutboxUri.bind(context$2),
+				context: context$2,
+				collectionCallbacks: this.outboxCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "inbox":
+				if (request.method !== "POST") return await handleCollection(request, {
+					name: "inbox",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: context$2.getInboxUri.bind(context$2),
+					context: context$2,
+					collectionCallbacks: this.inboxCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+				context$2 = this.#createContext(request, contextData, { documentLoader: await context$2.getDocumentLoader({ identifier: route.values.identifier ?? route.values.handle }) });
+			case "sharedInbox":
+				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
+					const identity = await this.sharedInboxKeyDispatcher(context$2);
+					if (identity != null) context$2 = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity || "handle" in identity ? await context$2.getDocumentLoader(identity) : context$2.getDocumentLoader(identity) });
+				}
+				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				return await handleInbox(request, {
+					recipient: route.values.identifier ?? route.values.handle ?? null,
+					context: context$2,
+					inboxContextFactory: context$2.toInboxContext.bind(context$2),
+					kv: this.kv,
+					kvPrefixes: this.kvPrefixes,
+					queue: this.inboxQueue,
+					actorDispatcher: this.actorCallbacks?.dispatcher,
+					inboxListeners: this.inboxListeners,
+					inboxErrorHandler: this.inboxErrorHandler,
+					onNotFound,
+					signatureTimeWindow: this.signatureTimeWindow,
+					skipSignatureVerification: this.skipSignatureVerification,
+					tracerProvider: this.tracerProvider
+				});
+			case "following": return await handleCollection(request, {
+				name: "following",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$2.getFollowingUri.bind(context$2),
+				context: context$2,
+				collectionCallbacks: this.followingCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "followers": {
+				let baseUrl = url.searchParams.get("base-url");
+				if (baseUrl != null) try {
+					baseUrl = `${new URL(baseUrl).origin}/`;
+				} catch {
+					baseUrl = null;
+				}
+				return await handleCollection(request, {
+					name: "followers",
+					identifier: route.values.identifier ?? route.values.handle,
+					uriGetter: baseUrl == null ? context$2.getFollowersUri.bind(context$2) : (identifier) => {
+						const uri = context$2.getFollowersUri(identifier);
+						uri.searchParams.set("base-url", baseUrl);
+						return uri;
+					},
+					context: context$2,
+					filter: baseUrl != null ? new URL(baseUrl) : void 0,
+					filterPredicate: baseUrl != null ? (i) => (i instanceof URL ? i.href : i.id?.href ?? "").startsWith(baseUrl) : void 0,
+					collectionCallbacks: this.followersCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "liked": return await handleCollection(request, {
+				name: "liked",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$2.getLikedUri.bind(context$2),
+				context: context$2,
+				collectionCallbacks: this.likedCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featured": return await handleCollection(request, {
+				name: "featured",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$2.getFeaturedUri.bind(context$2),
+				context: context$2,
+				collectionCallbacks: this.featuredCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "featuredTags": return await handleCollection(request, {
+				name: "featured tags",
+				identifier: route.values.identifier ?? route.values.handle,
+				uriGetter: context$2.getFeaturedTagsUri.bind(context$2),
+				context: context$2,
+				collectionCallbacks: this.featuredTagsCallbacks,
+				tracerProvider: this.tracerProvider,
+				onUnauthorized,
+				onNotFound,
+				onNotAcceptable
+			});
+			case "collection": {
+				const name = route.name.replace(/^collection:/, "");
+				const callbacks = this.collectionCallbacks[name];
+				return await handleCustomCollection(request, {
+					name,
+					context: context$2,
+					values: route.values,
+					collectionCallbacks: callbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			case "orderedCollection": {
+				const name = route.name.replace(/^orderedCollection:/, "");
+				const callbacks = this.collectionCallbacks[name];
+				return await handleOrderedCollection(request, {
+					name,
+					context: context$2,
+					values: route.values,
+					collectionCallbacks: callbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound,
+					onNotAcceptable
+				});
+			}
+			default: {
+				const response = onNotFound(request);
+				return response instanceof Promise ? await response : response;
+			}
+		}
+	}
+};
+const FANOUT_THRESHOLD = 5;
+var ContextImpl = class ContextImpl {
+	url;
+	federation;
+	data;
+	documentLoader;
+	contextLoader;
+	invokedFromActorKeyPairsDispatcher;
+	constructor({ url, federation, data, documentLoader, contextLoader, invokedFromActorKeyPairsDispatcher }) {
+		this.url = url;
+		this.federation = federation;
+		this.data = data;
+		this.documentLoader = documentLoader;
+		this.contextLoader = contextLoader;
+		this.invokedFromActorKeyPairsDispatcher = invokedFromActorKeyPairsDispatcher;
+	}
+	clone(data) {
+		return new ContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	toInboxContext(recipient, activity, activityId, activityType) {
+		return new InboxContextImpl(recipient, activity, activityId, activityType, {
+			url: this.url,
+			federation: this.federation,
+			data: this.data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	get hostname() {
+		return this.url.hostname;
+	}
+	get host() {
+		return this.url.host;
+	}
+	get origin() {
+		return this.url.origin;
+	}
+	get canonicalOrigin() {
+		return this.federation.origin?.webOrigin ?? this.origin;
+	}
+	get tracerProvider() {
+		return this.federation.tracerProvider;
+	}
+	getNodeInfoUri() {
+		const path = this.federation.router.build("nodeInfo", {});
+		if (path == null) throw new RouterError("No NodeInfo dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getActorUri(identifier) {
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No actor dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getObjectUri(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new RouterError("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		const path = this.federation.router.build(`object:${cls.typeId.href}`, values);
+		if (path == null) throw new RouterError("No object dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getOutboxUri(identifier) {
+		const path = this.federation.router.build("outbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No outbox dispatcher registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getInboxUri(identifier) {
+		if (identifier == null) {
+			const path$1 = this.federation.router.build("sharedInbox", {});
+			if (path$1 == null) throw new RouterError("No shared inbox path registered.");
+			return new URL(path$1, this.canonicalOrigin);
+		}
+		const path = this.federation.router.build("inbox", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No inbox path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowingUri(identifier) {
+		const path = this.federation.router.build("following", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No following collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFollowersUri(identifier) {
+		const path = this.federation.router.build("followers", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No followers collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getLikedUri(identifier) {
+		const path = this.federation.router.build("liked", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No liked collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedUri(identifier) {
+		const path = this.federation.router.build("featured", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getFeaturedTagsUri(identifier) {
+		const path = this.federation.router.build("featuredTags", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) throw new RouterError("No featured tags collection path registered.");
+		return new URL(path, this.canonicalOrigin);
+	}
+	getCollectionUri(name, values) {
+		const path = this.federation.getCollectionPath(name, values);
+		if (path === null) throw new RouterError(`No collection dispatcher registered for "${String(name)}".`);
+		return new URL(path, this.canonicalOrigin);
+	}
+	parseUri(uri) {
+		if (uri == null) return null;
+		if (uri.origin !== this.origin && uri.origin !== this.canonicalOrigin) return null;
+		const route = this.federation.router.route(uri.pathname);
+		const logger$1 = (0, __logtape_logtape.getLogger)(["fedify", "federation"]);
+		if (route == null) return null;
+		else if (route.name === "sharedInbox") return {
+			type: "inbox",
+			identifier: void 0,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return void 0;
+			}
+		};
+		const identifier = "identifier" in route.values ? route.values.identifier : route.values.handle;
+		if (route.name === "actor") return {
+			type: "actor",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name.startsWith("object:")) {
+			const typeId = route.name.replace(/^object:/, "");
+			return {
+				type: "object",
+				class: this.federation.objectTypeIds[typeId],
+				typeId: new URL(typeId),
+				values: route.values
+			};
+		} else if (route.name === "inbox") return {
+			type: "inbox",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "outbox") return {
+			type: "outbox",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "following") return {
+			type: "following",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "followers") return {
+			type: "followers",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "liked") return {
+			type: "liked",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featured") return {
+			type: "featured",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		else if (route.name === "featuredTags") return {
+			type: "featuredTags",
+			identifier,
+			get handle() {
+				logger$1.warn("The ParseUriResult.handle property is deprecated; use ParseUriResult.identifier instead.");
+				return identifier;
+			}
+		};
+		const collectionTypes = ["collection", "orderedCollection"];
+		const collectionRegex = /* @__PURE__ */ new RegExp(`^(${collectionTypes.join("|")}):(.*)$`);
+		const match = route.name.match(collectionRegex);
+		if (match !== null) {
+			const [, type, name] = match;
+			const cls = this.federation.collectionTypeIds[name];
+			return {
+				type,
+				name,
+				class: cls,
+				typeId: cls.typeId,
+				values: route.values
+			};
+		}
+		return null;
+	}
+	async getActorKeyPairs(identifier) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.invokedFromActorKeyPairsDispatcher != null) logger$1.warn("Context.getActorKeyPairs({getActorKeyPairsIdentifier}) method is invoked from the actor key pairs dispatcher ({actorKeyPairsDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorKeyPairsIdentifier: identifier,
+			actorKeyPairsDispatcherIdentifier: this.invokedFromActorKeyPairsDispatcher.identifier
+		});
+		let keyPairs;
+		try {
+			keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		} catch (_) {
+			logger$1.warn("No actor key pairs dispatcher registered.");
+			return [];
+		}
+		const owner = this.getActorUri(identifier);
+		const result = [];
+		for (const keyPair of keyPairs) {
+			const newPair = {
+				...keyPair,
+				cryptographicKey: new require_actor.CryptographicKey({
+					id: keyPair.keyId,
+					owner,
+					publicKey: keyPair.publicKey
+				}),
+				multikey: new require_actor.Multikey({
+					id: keyPair.keyId,
+					controller: owner,
+					publicKey: keyPair.publicKey
+				})
+			};
+			result.push(newPair);
+		}
+		return result;
+	}
+	async getKeyPairsFromIdentifier(identifier) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"actor"
+		]);
+		if (this.federation.actorCallbacks?.keyPairsDispatcher == null) throw new Error("No actor key pairs dispatcher registered.");
+		const path = this.federation.router.build("actor", {
+			identifier,
+			handle: identifier
+		});
+		if (path == null) {
+			logger$1.warn("No actor dispatcher registered.");
+			return [];
+		}
+		const actorUri = new URL(path, this.canonicalOrigin);
+		const keyPairs = await this.federation.actorCallbacks?.keyPairsDispatcher(new ContextImpl({
+			...this,
+			invokedFromActorKeyPairsDispatcher: { identifier }
+		}), identifier);
+		if (keyPairs.length < 1) logger$1.warn("No key pairs found for actor {identifier}.", { identifier });
+		let i = 0;
+		const result = [];
+		for (const keyPair of keyPairs) {
+			result.push({
+				...keyPair,
+				keyId: new URL(i == 0 ? `#main-key` : `#key-${i + 1}`, actorUri)
+			});
+			i++;
+		}
+		return result;
+	}
+	async getRsaKeyPairFromIdentifier(identifier) {
+		const keyPairs = await this.getKeyPairsFromIdentifier(identifier);
+		for (const keyPair of keyPairs) {
+			const { privateKey } = keyPair;
+			if (privateKey.algorithm.name === "RSASSA-PKCS1-v1_5" && privateKey.algorithm.hash.name === "SHA-256") return keyPair;
+		}
+		(0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("No RSA-PKCS#1-v1.5 SHA-256 key found for actor {identifier}.", { identifier });
+		return null;
+	}
+	getDocumentLoader(identity) {
+		if ("identifier" in identity || "username" in identity || "handle" in identity) {
+			let identifierPromise;
+			if ("username" in identity || "handle" in identity) {
+				let username;
+				if ("username" in identity) username = identity.username;
+				else {
+					username = identity.handle;
+					(0, __logtape_logtape.getLogger)([
+						"fedify",
+						"runtime",
+						"docloader"
+					]).warn("The \"handle\" property is deprecated; use \"identifier\" or \"username\" instead.", { identity });
+				}
+				const mapper = this.federation.actorCallbacks?.handleMapper;
+				if (mapper == null) identifierPromise = Promise.resolve(username);
+				else {
+					const identifier = mapper(this, username);
+					identifierPromise = identifier instanceof Promise ? identifier : Promise.resolve(identifier);
+				}
+			} else identifierPromise = Promise.resolve(identity.identifier);
+			return identifierPromise.then((identifier) => {
+				if (identifier == null) return this.documentLoader;
+				const keyPair = this.getRsaKeyPairFromIdentifier(identifier);
+				return keyPair.then((pair) => pair == null ? this.documentLoader : this.federation.authenticatedDocumentLoaderFactory(pair));
+			});
+		}
+		return this.federation.authenticatedDocumentLoaderFactory(identity);
+	}
+	lookupObject(identifier, options = {}) {
+		return require_vocab.lookupObject(identifier, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	traverseCollection(collection, options = {}) {
+		return require_vocab.traverseCollection(collection, {
+			...options,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			contextLoader: options.contextLoader ?? this.contextLoader
+		});
+	}
+	lookupNodeInfo(url, options = {}) {
+		return options.parse === "none" ? require_types.getNodeInfo(url, {
+			parse: "none",
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		}) : require_types.getNodeInfo(url, {
+			parse: options.parse,
+			direct: options.direct,
+			userAgent: options?.userAgent ?? this.federation.userAgent
+		});
+	}
+	lookupWebFinger(resource, options = {}) {
+		return require_lookup.lookupWebFinger(resource, {
+			...options,
+			userAgent: options.userAgent ?? this.federation.userAgent,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			allowPrivateAddress: this.federation.allowPrivateAddress
+		});
+	}
+	sendActivity(sender, recipients, activity, options = {}) {
+		const tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		return tracer.startActiveSpan(this.federation.outboxQueue == null || options.immediate ? "activitypub.outbox" : "activitypub.fanout", {
+			kind: this.federation.outboxQueue == null || options.immediate ? __opentelemetry_api.SpanKind.CLIENT : __opentelemetry_api.SpanKind.PRODUCER,
+			attributes: {
+				"activitypub.activity.type": require_actor.getTypeId(activity).href,
+				"activitypub.activity.to": activity.toIds.map((to) => to.href),
+				"activitypub.activity.cc": activity.toIds.map((cc) => cc.href),
+				"activitypub.activity.bto": activity.btoIds.map((bto) => bto.href),
+				"activitypub.activity.bcc": activity.toIds.map((bcc) => bcc.href)
+			}
+		}, async (span) => {
+			try {
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				await this.sendActivityInternal(sender, recipients, activity, options, span);
+			} catch (e) {
+				span.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async sendActivityInternal(sender, recipients, activity, options, span) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"outbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in sender || "username" in sender || "handle" in sender) {
+			if ("identifier" in sender) identifier = sender.identifier;
+			else {
+				let username;
+				if ("username" in sender) username = sender.username;
+				else {
+					username = sender.handle;
+					logger$1.warn("The \"handle\" property for the sender parameter is deprecated; use \"identifier\" or \"username\" instead.", { sender });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			span.setAttribute("fedify.actor.identifier", identifier);
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(sender)) {
+			if (sender.length < 1) throw new Error("The sender's key pairs are empty.");
+			keys = sender;
+		} else keys = [sender];
+		if (keys.length < 1) throw new TypeError("The sender's keys must not be empty.");
+		for (const { privateKey } of keys) require_key.validateCryptoKey(privateKey, "private");
+		const opts = { context: this };
+		let expandedRecipients;
+		if (Array.isArray(recipients)) expandedRecipients = recipients;
+		else if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", sender must be an actor identifier or username.");
+			expandedRecipients = [];
+			for await (const recipient of this.getFollowers(identifier)) expandedRecipients.push(recipient);
+			if (options.syncCollection) {
+				const collectionId = this.federation.router.build("followers", {
+					identifier,
+					handle: identifier
+				});
+				opts.collectionSync = collectionId == null ? void 0 : new URL(collectionId, this.canonicalOrigin).href;
+			}
+		} else expandedRecipients = [recipients];
+		span.setAttribute("activitypub.inboxes", expandedRecipients.length);
+		for (const activityTransformer of this.federation.activityTransformers) activity = activityTransformer(activity, this);
+		span?.setAttribute("activitypub.activity.id", activity?.id?.href ?? "");
+		if (activity.actorId == null) {
+			logger$1.error("Activity {activityId} to send does not have an actor.", {
+				activity,
+				activityId: activity?.id?.href
+			});
+			throw new TypeError("The activity to send must have at least one actor property.");
+		}
+		const inboxes = extractInboxes({
+			recipients: expandedRecipients,
+			preferSharedInbox: options.preferSharedInbox,
+			excludeBaseUris: options.excludeBaseUris
+		});
+		logger$1.debug("Sending activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: activity.id?.href,
+			activity
+		});
+		if (this.federation.fanoutQueue == null || options.immediate || options.fanout === "skip" || (options.fanout ?? "auto") === "auto" && globalThis.Object.keys(inboxes).length < FANOUT_THRESHOLD) {
+			await this.federation.sendActivity(keys, inboxes, activity, opts);
+			return;
+		}
+		const keyJwkPairs = await Promise.all(keys.map(async ({ keyId, privateKey }) => ({
+			keyId: keyId.href,
+			privateKey: await require_key.exportJwk(privateKey)
+		})));
+		const carrier = {};
+		__opentelemetry_api.propagation.inject(__opentelemetry_api.context.active(), carrier);
+		const message = {
+			type: "fanout",
+			id: crypto.randomUUID(),
+			baseUrl: this.origin,
+			keys: keyJwkPairs,
+			inboxes: globalThis.Object.fromEntries(globalThis.Object.entries(inboxes).map(([k, { actorIds, sharedInbox }]) => [k, {
+				actorIds: [...actorIds],
+				sharedInbox
+			}])),
+			activity: await activity.toJsonLd({
+				format: "compact",
+				contextLoader: this.contextLoader
+			}),
+			activityId: activity.id?.href,
+			activityType: require_actor.getTypeId(activity).href,
+			collectionSync: opts.collectionSync,
+			traceContext: carrier
+		};
+		if (!this.federation.manuallyStartQueue) this.federation._startQueueInternal(this.data);
+		this.federation.fanoutQueue.enqueue(message);
+	}
+	async *getFollowers(identifier) {
+		if (this.federation.followersCallbacks == null) throw new Error("No followers collection dispatcher registered.");
+		const result = await this.federation.followersCallbacks.dispatcher(this, identifier, null);
+		if (result != null) {
+			for (const recipient of result.items) yield recipient;
+			return;
+		}
+		if (this.federation.followersCallbacks.firstCursor == null) throw new Error("No first cursor dispatcher registered for followers collection.");
+		let cursor = await this.federation.followersCallbacks.firstCursor(this, identifier);
+		if (cursor != null) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"outbox"
+		]).warn("Since the followers collection dispatcher returned null for no cursor (i.e., one-shot dispatcher), the pagination is used to fetch \"followers\".  However, it is recommended to implement the one-shot dispatcher for better performance.", { identifier });
+		while (cursor != null) {
+			const result$1 = await this.federation.followersCallbacks.dispatcher(this, identifier, cursor);
+			if (result$1 == null) break;
+			for (const recipient of result$1.items) yield recipient;
+			cursor = result$1.nextCursor ?? null;
+		}
+	}
+	routeActivity(recipient, activity, options = {}) {
+		const tracerProvider = this.tracerProvider ?? this.tracerProvider;
+		const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		return tracer.startActiveSpan("activitypub.inbox", {
+			kind: this.federation.inboxQueue == null || options.immediate ? __opentelemetry_api.SpanKind.INTERNAL : __opentelemetry_api.SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": require_actor.getTypeId(activity).href }
+		}, async (span) => {
+			if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+			if (activity.toIds.length > 0) span.setAttribute("activitypub.activity.to", activity.toIds.map((to) => to.href));
+			if (activity.ccIds.length > 0) span.setAttribute("activitypub.activity.cc", activity.ccIds.map((cc) => cc.href));
+			if (activity.btoIds.length > 0) span.setAttribute("activitypub.activity.bto", activity.btoIds.map((bto) => bto.href));
+			if (activity.bccIds.length > 0) span.setAttribute("activitypub.activity.bcc", activity.bccIds.map((bcc) => bcc.href));
+			try {
+				const ok = await this.routeActivityInternal(recipient, activity, options, span);
+				if (ok) {
+					span.setAttribute("activitypub.shared_inbox", recipient == null);
+					if (recipient != null) span.setAttribute("fedify.inbox.recipient", recipient);
+				} else span.setStatus({ code: __opentelemetry_api.SpanStatusCode.ERROR });
+				return ok;
+			} catch (e) {
+				span.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async routeActivityInternal(recipient, activity, options = {}, span) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		const contextLoader = options.contextLoader ?? this.contextLoader;
+		const json = await activity.toJsonLd({ contextLoader });
+		const keyCache = new KvKeyCache(this.federation.kv, this.federation.kvPrefixes.publicKey, this);
+		const verified = await require_proof.verifyObject(require_actor.Activity, json, {
+			contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider,
+			keyCache
+		});
+		if (verified == null) {
+			logger$1.debug("Object Integrity Proofs are not verified.", {
+				recipient,
+				activity: json
+			});
+			if (activity.id == null) {
+				logger$1.debug("Activity is missing an ID; unable to fetch.", {
+					recipient,
+					activity: json
+				});
+				return false;
+			}
+			const fetched = await this.lookupObject(activity.id, options);
+			if (fetched == null) {
+				logger$1.debug("Failed to fetch the remote activity object {activityId}.", {
+					recipient,
+					activity: json,
+					activityId: activity.id.href
+				});
+				return false;
+			} else if (!(fetched instanceof require_actor.Activity)) {
+				logger$1.debug("Fetched object is not an Activity.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.id?.href !== activity.id.href) {
+				logger$1.debug("Fetched activity object has a different ID; failed to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			} else if (fetched.actorIds.length < 1) {
+				logger$1.debug("Fetched activity object is missing an actor; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			const activityId = fetched.id;
+			if (!fetched.actorIds.every((actor) => actor.origin === activityId.origin)) {
+				logger$1.debug("Fetched activity object has actors from different origins; unable to verify.", {
+					recipient,
+					activity: await fetched.toJsonLd({ contextLoader })
+				});
+				return false;
+			}
+			logger$1.debug("Successfully fetched the remote activity object {activityId}; ignore the original activity and use the fetched one, which is trustworthy.");
+			activity = fetched;
+		} else logger$1.debug("Object Integrity Proofs are verified.", {
+			recipient,
+			activity: json
+		});
+		const routeResult = await routeActivity({
+			context: this,
+			json,
+			activity,
+			recipient,
+			inboxListeners: this.federation.inboxListeners,
+			inboxContextFactory: this.toInboxContext.bind(this),
+			inboxErrorHandler: this.federation.inboxErrorHandler,
+			kv: this.federation.kv,
+			kvPrefixes: this.federation.kvPrefixes,
+			queue: this.federation.inboxQueue,
+			span,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+		return routeResult === "alreadyProcessed" || routeResult === "enqueued" || routeResult === "unsupportedActivity" || routeResult === "success";
+	}
+};
+var RequestContextImpl = class RequestContextImpl extends ContextImpl {
+	#invokedFromActorDispatcher;
+	#invokedFromObjectDispatcher;
+	request;
+	url = void 0;
+	constructor(options) {
+		super(options);
+		this.#invokedFromActorDispatcher = options.invokedFromActorDispatcher;
+		this.#invokedFromObjectDispatcher = options.invokedFromObjectDispatcher;
+		this.request = options.request;
+		this.url = options.url;
+	}
+	clone(data) {
+		return new RequestContextImpl({
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher,
+			invokedFromActorDispatcher: this.#invokedFromActorDispatcher,
+			invokedFromObjectDispatcher: this.#invokedFromObjectDispatcher,
+			request: this.request
+		});
+	}
+	async getActor(identifier) {
+		if (this.federation.actorCallbacks == null || this.federation.actorCallbacks.dispatcher == null) throw new Error("No actor dispatcher registered.");
+		if (this.#invokedFromActorDispatcher != null) (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"actor"
+		]).warn("RequestContext.getActor({getActorIdentifier}) is invoked from the actor dispatcher ({actorDispatcherIdentifier}); this may cause an infinite loop.", {
+			getActorIdentifier: identifier,
+			actorDispatcherIdentifier: this.#invokedFromActorDispatcher.identifier
+		});
+		return await this.federation.actorCallbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromActorDispatcher: { identifier }
+		}), identifier);
+	}
+	async getObject(cls, values) {
+		const callbacks = this.federation.objectCallbacks[cls.typeId.href];
+		if (callbacks == null) throw new Error("No object dispatcher registered.");
+		for (const param of callbacks.parameters) if (!(param in values)) throw new TypeError(`Missing parameter: ${param}`);
+		if (this.#invokedFromObjectDispatcher != null) (0, __logtape_logtape.getLogger)(["fedify", "federation"]).warn("RequestContext.getObject({getObjectClass}, {getObjectValues}) is invoked from the object dispatcher ({actorDispatcherClass}, {actorDispatcherValues}); this may cause an infinite loop.", {
+			getObjectClass: cls.name,
+			getObjectValues: values,
+			actorDispatcherClass: this.#invokedFromObjectDispatcher.cls.name,
+			actorDispatcherValues: this.#invokedFromObjectDispatcher.values
+		});
+		return await callbacks.dispatcher(new RequestContextImpl({
+			...this,
+			invokedFromObjectDispatcher: {
+				cls,
+				values
+			}
+		}), values);
+	}
+	#signedKey = void 0;
+	async getSignedKey(options = {}) {
+		if (this.#signedKey != null) return this.#signedKey;
+		return this.#signedKey = await require_http.verifyRequest(this.request, {
+			...this,
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			timeWindow: this.federation.signatureTimeWindow,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+	#signedKeyOwner = void 0;
+	async getSignedKeyOwner(options = {}) {
+		if (this.#signedKeyOwner != null) return this.#signedKeyOwner;
+		const key = await this.getSignedKey(options);
+		if (key == null) return this.#signedKeyOwner = null;
+		return this.#signedKeyOwner = await require_proof.getKeyOwner(key, {
+			contextLoader: options.contextLoader ?? this.contextLoader,
+			documentLoader: options.documentLoader ?? this.documentLoader,
+			tracerProvider: options.tracerProvider ?? this.tracerProvider
+		});
+	}
+};
+var InboxContextImpl = class InboxContextImpl extends ContextImpl {
+	recipient;
+	activity;
+	activityId;
+	activityType;
+	constructor(recipient, activity, activityId, activityType, options) {
+		super(options);
+		this.recipient = recipient;
+		this.activity = activity;
+		this.activityId = activityId;
+		this.activityType = activityType;
+	}
+	clone(data) {
+		return new InboxContextImpl(this.recipient, this.activity, this.activityId, this.activityType, {
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
+	forwardActivity(forwarder, recipients, options) {
+		const tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		return tracer.startActiveSpan("activitypub.outbox", {
+			kind: this.federation.outboxQueue == null || options?.immediate ? __opentelemetry_api.SpanKind.CLIENT : __opentelemetry_api.SpanKind.PRODUCER,
+			attributes: { "activitypub.activity.type": this.activityType }
+		}, async (span) => {
+			try {
+				if (this.activityId != null) span.setAttribute("activitypub.activity.id", this.activityId);
+				await this.forwardActivityInternal(forwarder, recipients, options);
+			} catch (e) {
+				span.setStatus({
+					code: __opentelemetry_api.SpanStatusCode.ERROR,
+					message: String(e)
+				});
+				throw e;
+			} finally {
+				span.end();
+			}
+		});
+	}
+	async forwardActivityInternal(forwarder, recipients, options) {
+		const logger$1 = (0, __logtape_logtape.getLogger)([
+			"fedify",
+			"federation",
+			"inbox"
+		]);
+		let keys;
+		let identifier = null;
+		if ("identifier" in forwarder || "username" in forwarder || "handle" in forwarder) {
+			if ("identifier" in forwarder) identifier = forwarder.identifier;
+			else {
+				let username;
+				if ("username" in forwarder) username = forwarder.username;
+				else {
+					username = forwarder.handle;
+					logger$1.warn("The \"handle\" property for the forwarder parameter is deprecated; use \"identifier\" or \"username\" instead.", { forwarder });
+				}
+				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
+				else {
+					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
+					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+					identifier = mapped;
+				}
+			}
+			keys = await this.getKeyPairsFromIdentifier(identifier);
+			if (keys.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		} else if (Array.isArray(forwarder)) {
+			if (forwarder.length < 1) throw new Error("The forwarder's key pairs are empty.");
+			keys = forwarder;
+		} else keys = [forwarder];
+		if (!require_proof.hasSignature(this.activity)) {
+			let hasProof;
+			try {
+				const activity = await require_actor.Activity.fromJsonLd(this.activity, this);
+				hasProof = await activity.getProof() != null;
+			} catch {
+				hasProof = false;
+			}
+			if (!hasProof) {
+				if (options?.skipIfUnsigned) return;
+				logger$1.warn("The received activity {activityId} is not signed; even if it is forwarded to other servers as is, it may not be accepted by them due to the lack of a signature/proof.");
+			}
+		}
+		if (recipients === "followers") {
+			if (identifier == null) throw new Error("If recipients is \"followers\", forwarder must be an actor identifier or username.");
+			const followers = [];
+			for await (const recipient of this.getFollowers(identifier)) followers.push(recipient);
+			recipients = followers;
+		}
+		const inboxes = extractInboxes({
+			recipients: Array.isArray(recipients) ? recipients : [recipients],
+			preferSharedInbox: options?.preferSharedInbox,
+			excludeBaseUris: options?.excludeBaseUris
+		});
+		logger$1.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", {
+			inboxes: globalThis.Object.keys(inboxes),
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		if (options?.immediate || this.federation.outboxQueue == null) {
+			if (options?.immediate) logger$1.debug("Forwarding activity immediately without queue since immediate option is set.");
+			else logger$1.debug("Forwarding activity immediately without queue since queue is not set.");
+			const promises = [];
+			for (const inbox in inboxes) promises.push(sendActivity({
+				keys,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox: new URL(inbox),
+				sharedInbox: inboxes[inbox].sharedInbox,
+				tracerProvider: this.tracerProvider,
+				specDeterminer: new KvSpecDeterminer(this.federation.kv, this.federation.kvPrefixes.httpMessageSignaturesSpec, this.federation.firstKnock)
+			}));
+			await Promise.all(promises);
+			return;
+		}
+		logger$1.debug("Enqueuing activity {activityId} to forward later.", {
+			activityId: this.activityId,
+			activity: this.activity
+		});
+		const keyJwkPairs = [];
+		for (const { keyId, privateKey } of keys) {
+			const privateKeyJwk = await require_key.exportJwk(privateKey);
+			keyJwkPairs.push({
+				keyId: keyId.href,
+				privateKey: privateKeyJwk
+			});
+		}
+		const carrier = {};
+		__opentelemetry_api.propagation.inject(__opentelemetry_api.context.active(), carrier);
+		const messages = [];
+		for (const inbox in inboxes) {
+			const message = {
+				type: "outbox",
+				id: crypto.randomUUID(),
+				baseUrl: this.origin,
+				keys: keyJwkPairs,
+				activity: this.activity,
+				activityId: this.activityId,
+				activityType: this.activityType,
+				inbox,
+				sharedInbox: inboxes[inbox].sharedInbox,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				attempt: 0,
+				headers: {},
+				traceContext: carrier
+			};
+			messages.push(message);
+		}
+		const { outboxQueue } = this.federation;
+		if (outboxQueue.enqueueMany == null) {
+			const promises = messages.map((m) => outboxQueue.enqueue(m));
+			const results = await Promise.allSettled(promises);
+			const errors = results.filter((r) => r.status === "rejected").map((r) => r.reason);
+			if (errors.length > 0) {
+				logger$1.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
+					activityId: this.activityId,
+					errors
+				});
+				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${this.activityId} to forward later.`);
+				throw errors[0];
+			}
+		} else try {
+			await outboxQueue.enqueueMany(messages);
+		} catch (error) {
+			logger$1.error("Failed to enqueue activity {activityId} to forward later:\n{error}", {
+				activityId: this.activityId,
+				error
+			});
+			throw error;
+		}
+	}
+};
+var KvSpecDeterminer = class {
+	kv;
+	prefix;
+	defaultSpec;
+	constructor(kv, prefix, defaultSpec = "rfc9421") {
+		this.kv = kv;
+		this.prefix = prefix;
+		this.defaultSpec = defaultSpec;
+	}
+	async determineSpec(origin) {
+		return await this.kv.get([...this.prefix, origin]) ?? this.defaultSpec;
+	}
+	async rememberSpec(origin, spec) {
+		await this.kv.set([...this.prefix, origin], spec);
+	}
+};
+function notFound(_request) {
+	return new Response("Not Found", { status: 404 });
+}
+function notAcceptable(_request) {
+	return new Response("Not Acceptable", {
+		status: 406,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+function unauthorized(_request) {
+	return new Response("Unauthorized", {
+		status: 401,
+		headers: { Vary: "Accept, Signature" }
+	});
+}
+/**
+* Generates or extracts a unique identifier for a request.
+*
+* This function first attempts to extract an existing request ID from standard
+* tracing headers. If none exists, it generates a new one. The ID format is:
+*
+*  -  If from headers, uses the existing ID.
+*  -  If generated, uses format `req_` followed by a base36 timestamp and
+*     6 random chars.
+*
+* @param request The incoming HTTP request.
+* @returns A string identifier unique to this request.
+*/
+function getRequestId(request) {
+	const traceId = request.headers.get("X-Request-Id") || request.headers.get("X-Correlation-Id") || request.headers.get("Traceparent")?.split("-")[1];
+	if (traceId != null) return traceId;
+	const timestamp = Date.now().toString(36);
+	const random = Math.random().toString(36).slice(2, 8);
+	return `req_${timestamp}${random}`;
+}
+
+//#endregion
+Object.defineProperty(exports, 'ContextImpl', {
+  enumerable: true,
+  get: function () {
+    return ContextImpl;
+  }
+});
+Object.defineProperty(exports, 'FederationImpl', {
+  enumerable: true,
+  get: function () {
+    return FederationImpl;
+  }
+});
+Object.defineProperty(exports, 'InboxContextImpl', {
+  enumerable: true,
+  get: function () {
+    return InboxContextImpl;
+  }
+});
+Object.defineProperty(exports, 'KvSpecDeterminer', {
+  enumerable: true,
+  get: function () {
+    return KvSpecDeterminer;
+  }
+});
+Object.defineProperty(exports, 'Router', {
+  enumerable: true,
+  get: function () {
+    return Router;
+  }
+});
+Object.defineProperty(exports, 'RouterError', {
+  enumerable: true,
+  get: function () {
+    return RouterError;
+  }
+});
+Object.defineProperty(exports, 'buildCollectionSynchronizationHeader', {
+  enumerable: true,
+  get: function () {
+    return buildCollectionSynchronizationHeader;
+  }
+});
+Object.defineProperty(exports, 'createExponentialBackoffPolicy', {
+  enumerable: true,
+  get: function () {
+    return createExponentialBackoffPolicy;
+  }
+});
+Object.defineProperty(exports, 'createFederation', {
+  enumerable: true,
+  get: function () {
+    return createFederation;
+  }
+});
+Object.defineProperty(exports, 'createFederationBuilder', {
+  enumerable: true,
+  get: function () {
+    return createFederationBuilder;
+  }
+});
+Object.defineProperty(exports, 'digest', {
+  enumerable: true,
+  get: function () {
+    return digest;
+  }
+});
+Object.defineProperty(exports, 'respondWithObject', {
+  enumerable: true,
+  get: function () {
+    return respondWithObject;
+  }
+});
+Object.defineProperty(exports, 'respondWithObjectIfAcceptable', {
+  enumerable: true,
+  get: function () {
+    return respondWithObjectIfAcceptable;
+  }
+});