@fedify/fedify 2.0.0-dev.1641 → 2.0.0-dev.167

package/dist/{http-ZhcoaYEa.cjs → http-d_vxukl7.cjs}

@@ -3,16 +3,376 @@
           const { URLPattern } = require("urlpattern-polyfill");
         
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-kae6M-GI.cjs');
-const require_actor = require('./actor-CP03csrm.cjs');
-const require_key = require('./key-HqzOCwDc.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
+const __fedify_vocab = require_chunk.__toESM(require("@fedify/vocab"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
-const byte_encodings_base64 = require_chunk.__toESM(require("byte-encodings/base64"));
 const byte_encodings_hex = require_chunk.__toESM(require("byte-encodings/hex"));
 const __opentelemetry_semantic_conventions = require_chunk.__toESM(require("@opentelemetry/semantic-conventions"));
+const byte_encodings_base64 = require_chunk.__toESM(require("byte-encodings/base64"));
 const structured_field_values = require_chunk.__toESM(require("structured-field-values"));
+const __fedify_vocab_runtime = require_chunk.__toESM(require("@fedify/vocab-runtime"));
 
+//#region deno.json
+var name = "@fedify/fedify";
+var version = "2.0.0-dev.167+2bfe41d4";
+var license = "MIT";
+var exports$1 = {
+	".": "./src/mod.ts",
+	"./compat": "./src/compat/mod.ts",
+	"./federation": "./src/federation/mod.ts",
+	"./nodeinfo": "./src/nodeinfo/mod.ts",
+	"./otel": "./src/otel/mod.ts",
+	"./sig": "./src/sig/mod.ts",
+	"./utils": "./src/utils/mod.ts"
+};
+var imports = {
+	"@multiformats/base-x": "npm:@multiformats/base-x@^4.0.1",
+	"@opentelemetry/core": "npm:@opentelemetry/core@^2.0.0",
+	"@opentelemetry/sdk-trace-base": "npm:@opentelemetry/sdk-trace-base@^2.0.0",
+	"@opentelemetry/semantic-conventions": "npm:@opentelemetry/semantic-conventions@^1.27.0",
+	"@std/assert": "jsr:@std/assert@^0.226.0",
+	"@std/url": "jsr:@std/url@^0.225.1",
+	"asn1js": "npm:asn1js@^3.0.7",
+	"fast-check": "npm:fast-check@^3.22.0",
+	"fetch-mock": "npm:fetch-mock@^12.5.2",
+	"json-canon": "npm:json-canon@^1.0.1",
+	"jsonld": "npm:jsonld@^9.0.0",
+	"multicodec": "npm:multicodec@^3.2.1",
+	"pkijs": "npm:pkijs@^3.3.3",
+	"structured-field-values": "npm:structured-field-values@^2.0.4",
+	"uri-template-router": "npm:uri-template-router@^1.0.0",
+	"url-template": "npm:url-template@^3.1.1"
+};
+var exclude = [
+	".test-report.xml",
+	"apidoc/",
+	"dist/",
+	"node_modules/",
+	"npm/",
+	"pnpm-lock.yaml",
+	"src/cfworkers/dist/",
+	"src/cfworkers/fixtures/",
+	"src/cfworkers/imports.ts",
+	"src/cfworkers/README.md",
+	"src/cfworkers/server.ts",
+	"src/cfworkers/server.js",
+	"src/cfworkers/server.js.map"
+];
+var publish = { "exclude": ["**/*.test.ts", "src/testing/"] };
+var tasks = {
+	"codegen": "deno task -f @fedify/vocab compile",
+	"cache": {
+		"command": "deno cache src/mod.ts",
+		"dependencies": ["codegen"]
+	},
+	"check": {
+		"command": "deno fmt --check && deno lint && deno check src/**/*.ts",
+		"dependencies": ["codegen"]
+	},
+	"test": {
+		"command": "deno test --check --doc --allow-read --allow-write --allow-env --unstable-kv --trace-leaks --parallel",
+		"dependencies": ["codegen"]
+	},
+	"coverage": "deno task test --clean --coverage && deno coverage --html coverage",
+	"bench": {
+		"command": "deno bench --allow-read --allow-write --allow-net --allow-env --allow-run --unstable-kv",
+		"dependencies": ["codegen"]
+	},
+	"apidoc": {
+		"command": "deno doc --html --name=Fedify --output=apidoc/ src/mod.ts",
+		"dependencies": ["codegen"]
+	},
+	"publish": {
+		"command": "deno publish",
+		"dependencies": ["codegen"]
+	},
+	"pnpm:install": "pnpm install --silent",
+	"pnpm:build": {
+		"command": "pnpm exec tsdown",
+		"dependencies": ["pnpm:build-vocab"]
+	},
+	"test:node": {
+		"command": "cd dist/ && node --test",
+		"dependencies": ["pnpm:build"]
+	},
+	"test:bun": {
+		"command": "cd dist/ && bun test --timeout 60000",
+		"dependencies": ["pnpm:build"]
+	},
+	"test:cfworkers": {
+		"command": "pnpm exec wrangler deploy --dry-run --outdir src/cfworkers && node --import=tsx src/cfworkers/client.ts",
+		"dependencies": ["pnpm:build"]
+	},
+	"test-all": { "dependencies": [
+		"check",
+		"test",
+		"test:node",
+		"test:bun",
+		"test:cfworkers"
+	] }
+};
+var deno_default = {
+	name,
+	version,
+	license,
+	exports: exports$1,
+	imports,
+	exclude,
+	publish,
+	tasks
+};
+
+//#endregion
+//#region src/sig/key.ts
+/**
+* Checks if the given key is valid and supported.  No-op if the key is valid,
+* otherwise throws an error.
+* @param key The key to check.
+* @param type Which type of key to check.  If not specified, the key can be
+*             either public or private.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+function validateCryptoKey(key, type) {
+	if (type != null && key.type !== type) throw new TypeError(`The key is not a ${type} key.`);
+	if (!key.extractable) throw new TypeError("The key is not extractable.");
+	if (key.algorithm.name !== "RSASSA-PKCS1-v1_5" && key.algorithm.name !== "Ed25519") throw new TypeError("Currently only RSASSA-PKCS1-v1_5 and Ed25519 keys are supported.  More algorithms will be added in the future!");
+	if (key.algorithm.name === "RSASSA-PKCS1-v1_5") {
+		const algorithm = key.algorithm;
+		if (algorithm.hash.name !== "SHA-256") throw new TypeError("For compatibility with the existing Fediverse software (e.g., Mastodon), hash algorithm for RSASSA-PKCS1-v1_5 keys must be SHA-256.");
+	}
+}
+/**
+* Generates a key pair which is appropriate for Fedify.
+* @param algorithm The algorithm to use.  Currently only RSASSA-PKCS1-v1_5 and
+*                  Ed25519 are supported.
+* @returns The generated key pair.
+* @throws {TypeError} If the algorithm is unsupported.
+*/
+function generateCryptoKeyPair(algorithm) {
+	if (algorithm == null) (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"sig",
+		"key"
+	]).warn("No algorithm specified.  Using RSASSA-PKCS1-v1_5 by default, but it is recommended to specify the algorithm explicitly as the parameter will be required in the future.");
+	if (algorithm == null || algorithm === "RSASSA-PKCS1-v1_5") return crypto.subtle.generateKey({
+		name: "RSASSA-PKCS1-v1_5",
+		modulusLength: 4096,
+		publicExponent: new Uint8Array([
+			1,
+			0,
+			1
+		]),
+		hash: "SHA-256"
+	}, true, ["sign", "verify"]);
+	else if (algorithm === "Ed25519") return crypto.subtle.generateKey("Ed25519", true, ["sign", "verify"]);
+	throw new TypeError("Unsupported algorithm: " + algorithm);
+}
+/**
+* Exports a key in JWK format.
+* @param key The key to export.  Either public or private key.
+* @returns The exported key in JWK format.  The key is suitable for
+*          serialization and storage.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+async function exportJwk(key) {
+	validateCryptoKey(key);
+	const jwk = await crypto.subtle.exportKey("jwk", key);
+	if (jwk.crv === "Ed25519") jwk.alg = "Ed25519";
+	return jwk;
+}
+/**
+* Imports a key from JWK format.
+* @param jwk The key in JWK format.
+* @param type Which type of key to import, either `"public"` or `"private"`.
+* @returns The imported key.
+* @throws {TypeError} If the key is invalid or unsupported.
+*/
+async function importJwk(jwk, type) {
+	let key;
+	if (jwk.kty === "RSA" && jwk.alg === "RS256") key = await crypto.subtle.importKey("jwk", jwk, {
+		name: "RSASSA-PKCS1-v1_5",
+		hash: "SHA-256"
+	}, true, type === "public" ? ["verify"] : ["sign"]);
+	else if (jwk.kty === "OKP" && jwk.crv === "Ed25519") {
+		if (navigator?.userAgent === "Cloudflare-Workers") {
+			jwk = { ...jwk };
+			delete jwk.alg;
+		}
+		key = await crypto.subtle.importKey("jwk", jwk, "Ed25519", true, type === "public" ? ["verify"] : ["sign"]);
+	} else throw new TypeError("Unsupported JWK format.");
+	validateCryptoKey(key, type);
+	return key;
+}
+/**
+* Fetches a {@link CryptographicKey} or {@link Multikey} from the given URL.
+* If the given URL contains an {@link Actor} object, it tries to find
+* the corresponding key in the `publicKey` or `assertionMethod` property.
+* @template T The type of the key to fetch.  Either {@link CryptographicKey}
+*              or {@link Multikey}.
+* @param keyId The URL of the key.
+* @param cls The class of the key to fetch.  Either {@link CryptographicKey}
+*            or {@link Multikey}.
+* @param options Options for fetching the key.  See {@link FetchKeyOptions}.
+* @returns The fetched key or `null` if the key is not found.
+* @since 1.3.0
+*/
+function fetchKey(keyId, cls, options = {}) {
+	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	keyId = typeof keyId === "string" ? new URL(keyId) : keyId;
+	return tracer.startActiveSpan("activitypub.fetch_key", {
+		kind: __opentelemetry_api.SpanKind.CLIENT,
+		attributes: {
+			"http.method": "GET",
+			"url.full": keyId.href,
+			"url.scheme": keyId.protocol.replace(/:$/, ""),
+			"url.domain": keyId.hostname,
+			"url.path": keyId.pathname,
+			"url.query": keyId.search.replace(/^\?/, ""),
+			"url.fragment": keyId.hash.replace(/^#/, "")
+		}
+	}, async (span) => {
+		try {
+			const result = await fetchKeyInternal(keyId, cls, options);
+			span.setAttribute("activitypub.actor.key.cached", result.cached);
+			return result;
+		} catch (e) {
+			span.setStatus({
+				code: __opentelemetry_api.SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function fetchKeyInternal(keyId, cls, { documentLoader, contextLoader, keyCache, tracerProvider } = {}) {
+	const logger = (0, __logtape_logtape.getLogger)([
+		"fedify",
+		"sig",
+		"key"
+	]);
+	const cacheKey = typeof keyId === "string" ? new URL(keyId) : keyId;
+	keyId = typeof keyId === "string" ? keyId : keyId.href;
+	if (keyCache != null) {
+		const cachedKey = await keyCache.get(cacheKey);
+		if (cachedKey instanceof cls && cachedKey.publicKey != null) {
+			logger.debug("Key {keyId} found in cache.", { keyId });
+			return {
+				key: cachedKey,
+				cached: true
+			};
+		} else if (cachedKey === null) {
+			logger.debug("Entry {keyId} found in cache, but it is unavailable.", { keyId });
+			return {
+				key: null,
+				cached: true
+			};
+		}
+	}
+	logger.debug("Fetching key {keyId} to verify signature...", { keyId });
+	let document;
+	try {
+		const remoteDocument = await (documentLoader ?? (0, __fedify_vocab_runtime.getDocumentLoader)())(keyId);
+		document = remoteDocument.document;
+	} catch (_) {
+		logger.debug("Failed to fetch key {keyId}.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	let object;
+	try {
+		object = await __fedify_vocab.Object.fromJsonLd(document, {
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		});
+	} catch (e) {
+		if (!(e instanceof TypeError)) throw e;
+		try {
+			object = await cls.fromJsonLd(document, {
+				documentLoader,
+				contextLoader,
+				tracerProvider
+			});
+		} catch (e$1) {
+			if (e$1 instanceof TypeError) {
+				logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+				await keyCache?.set(cacheKey, null);
+				return {
+					key: null,
+					cached: false
+				};
+			}
+			throw e$1;
+		}
+	}
+	let key = null;
+	if (object instanceof cls) key = object;
+	else if ((0, __fedify_vocab.isActor)(object)) {
+		const keys = cls === __fedify_vocab.CryptographicKey ? object.getPublicKeys({
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		}) : object.getAssertionMethods({
+			documentLoader,
+			contextLoader,
+			tracerProvider
+		});
+		let length = 0;
+		let lastKey = null;
+		for await (const k of keys) {
+			length++;
+			lastKey = k;
+			if (k.id?.href === keyId) {
+				key = k;
+				break;
+			}
+		}
+		const keyIdUrl = new URL(keyId);
+		if (key == null && keyIdUrl.hash === "" && length === 1) key = lastKey;
+		if (key == null) {
+			logger.debug("Failed to verify; object {keyId} returned an {actorType}, but has no key matching {keyId}.", {
+				keyId,
+				actorType: object.constructor.name
+			});
+			await keyCache?.set(cacheKey, null);
+			return {
+				key: null,
+				cached: false
+			};
+		}
+	} else {
+		logger.debug("Failed to verify; key {keyId} returned an invalid object.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	if (key.publicKey == null) {
+		logger.debug("Failed to verify; key {keyId} has no publicKeyPem field.", { keyId });
+		await keyCache?.set(cacheKey, null);
+		return {
+			key: null,
+			cached: false
+		};
+	}
+	if (keyCache != null) {
+		await keyCache.set(cacheKey, key);
+		logger.debug("Key {keyId} cached.", { keyId });
+	}
+	return {
+		key,
+		cached: false
+	};
+}
+
+//#endregion
 //#region src/sig/http.ts
 /**
 * Signs a request using the given private key.
@@ -24,9 +384,9 @@ const structured_field_values = require_chunk.__toESM(require("structured-field-
 * @throws {TypeError} If the private key is invalid or unsupported.
 */
 async function signRequest(request, privateKey, keyId, options = {}) {
-	require_key.validateCryptoKey(privateKey, "private");
+	validateCryptoKey(privateKey, "private");
 	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
 	return await tracer.startActiveSpan("http_signatures.sign", async (span) => {
 		try {
 			const spec = options.spec ?? "draft-cavage-http-signatures-12";
@@ -36,7 +396,7 @@ async function signRequest(request, privateKey, keyId, options = {}) {
 			if (span.isRecording()) {
 				span.setAttribute(__opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_METHOD, signed.method);
 				span.setAttribute(__opentelemetry_semantic_conventions.ATTR_URL_FULL, signed.url);
-				for (const [name, value] of signed.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_HEADER)(name), value);
+				for (const [name$1, value] of signed.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_HEADER)(name$1), value);
 				span.setAttribute("http_signatures.key_id", keyId.href);
 			}
 			return signed;
@@ -64,8 +424,8 @@ async function signRequestDraft(request, privateKey, keyId, span, currentTime, b
 	}
 	if (!headers.has("Date")) headers.set("Date", currentTime == null ? (/* @__PURE__ */ new Date()).toUTCString() : new Date(currentTime.toString()).toUTCString());
 	const serialized = [["(request-target)", `${request.method.toLowerCase()} ${url.pathname}`], ...headers];
-	const headerNames = serialized.map(([name]) => name);
-	const message = serialized.map(([name, value]) => `${name}: ${value.trim()}`).join("\n");
+	const headerNames = serialized.map(([name$1]) => name$1);
+	const message = serialized.map(([name$1, value]) => `${name$1}: ${value.trim()}`).join("\n");
 	const signature = await crypto.subtle.sign("RSASSA-PKCS1-v1_5", privateKey, new TextEncoder().encode(message));
 	const sigHeader = `keyId="${keyId.href}",algorithm="rsa-sha256",headers="${headerNames.join(" ")}",signature="${(0, byte_encodings_base64.encodeBase64)(signature)}"`;
 	headers.set("Signature", sigHeader);
@@ -255,12 +615,12 @@ const supportedHashAlgorithms = {
 */
 async function verifyRequest(request, options = {}) {
 	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
 	return await tracer.startActiveSpan("http_signatures.verify", async (span) => {
 		if (span.isRecording()) {
 			span.setAttribute(__opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_METHOD, request.method);
 			span.setAttribute(__opentelemetry_semantic_conventions.ATTR_URL_FULL, request.url);
-			for (const [name, value] of request.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_HEADER)(name), value);
+			for (const [name$1, value] of request.headers) span.setAttribute((0, __opentelemetry_semantic_conventions.ATTR_HTTP_REQUEST_HEADER)(name$1), value);
 		}
 		try {
 			let spec = options.spec;
@@ -427,7 +787,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 	const { keyId, headers, signature } = sigValues;
 	span?.setAttribute("http_signatures.key_id", keyId);
 	if ("algorithm" in sigValues) span?.setAttribute("http_signatures.algorithm", sigValues.algorithm);
-	const { key, cached } = await require_key.fetchKey(new URL(keyId), require_actor.CryptographicKey, {
+	const { key, cached } = await fetchKey(new URL(keyId), __fedify_vocab.CryptographicKey, {
 		documentLoader,
 		contextLoader,
 		keyCache,
@@ -443,7 +803,7 @@ async function verifyRequestDraft(request, span, { documentLoader, contextLoader
 		logger.debug("Failed to verify; required headers missing in the Signature header: {headers}.", { headers });
 		return null;
 	}
-	const message = headerNames.map((name) => `${name}: ` + (name === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name === "(created)" ? sigValues.created ?? "" : name === "(expires)" ? sigValues.expires ?? "" : name === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name))).join("\n");
+	const message = headerNames.map((name$1) => `${name$1}: ` + (name$1 === "(request-target)" ? `${request.method.toLowerCase()} ${new URL(request.url).pathname}` : name$1 === "(created)" ? sigValues.created ?? "" : name$1 === "(expires)" ? sigValues.expires ?? "" : name$1 === "host" ? request.headers.get("host") ?? new URL(request.url).host : request.headers.get(name$1))).join("\n");
 	const sig = (0, byte_encodings_base64.decodeBase64)(signature);
 	span?.setAttribute("http_signatures.signature", (0, byte_encodings_hex.encodeHex)(sig));
 	const verified = await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, sig, new TextEncoder().encode(message));
@@ -620,7 +980,7 @@ async function verifyRequestRfc9421(request, span, { documentLoader, contextLoad
 		}
 		span?.setAttribute("http_signatures.key_id", sigInput.keyId);
 		span?.setAttribute("http_signatures.created", sigInput.created.toString());
-		const { key, cached } = await require_key.fetchKey(new URL(sigInput.keyId), require_actor.CryptographicKey, {
+		const { key, cached } = await fetchKey(new URL(sigInput.keyId), __fedify_vocab.CryptographicKey, {
 			documentLoader,
 			contextLoader,
 			keyCache,
@@ -806,18 +1166,54 @@ function timingSafeEqual(a, b) {
 }
 
 //#endregion
+Object.defineProperty(exports, 'deno_default', {
+  enumerable: true,
+  get: function () {
+    return deno_default;
+  }
+});
 Object.defineProperty(exports, 'doubleKnock', {
   enumerable: true,
   get: function () {
     return doubleKnock;
   }
 });
+Object.defineProperty(exports, 'exportJwk', {
+  enumerable: true,
+  get: function () {
+    return exportJwk;
+  }
+});
+Object.defineProperty(exports, 'fetchKey', {
+  enumerable: true,
+  get: function () {
+    return fetchKey;
+  }
+});
+Object.defineProperty(exports, 'generateCryptoKeyPair', {
+  enumerable: true,
+  get: function () {
+    return generateCryptoKeyPair;
+  }
+});
+Object.defineProperty(exports, 'importJwk', {
+  enumerable: true,
+  get: function () {
+    return importJwk;
+  }
+});
 Object.defineProperty(exports, 'signRequest', {
   enumerable: true,
   get: function () {
     return signRequest;
   }
 });
+Object.defineProperty(exports, 'validateCryptoKey', {
+  enumerable: true,
+  get: function () {
+    return validateCryptoKey;
+  }
+});
 Object.defineProperty(exports, 'verifyRequest', {
   enumerable: true,
   get: function () {

package/dist/{inbox-BDdRbWNI.js → inbox-Dv3k4z7l.js}

@@ -3,8 +3,9 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Activity, deno_default, getTypeId } from "./type-B4NJkfVg.js";
+import { deno_default } from "./deno-Bvf4AA-X.js";
 import { getLogger } from "@logtape/logtape";
+import { Activity, getTypeId } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 
 //#region src/federation/inbox.ts
@@ -41,17 +42,34 @@ var InboxListenerSet = class InboxListenerSet {
 		return this.dispatchWithClass(activity)?.listener ?? null;
 	}
 };
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider }) {
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger = getLogger([
 		"fedify",
 		"federation",
 		"inbox"
 	]);
-	const cacheKey = activity.id == null ? null : [
-		...kvPrefixes.activityIdempotence,
-		ctx.origin,
-		activity.id.href
-	];
+	let cacheKey = null;
+	if (activity.id != null) {
+		const inboxContext = inboxContextFactory(recipient, json, activity.id?.href, getTypeId(activity).href);
+		const strategy = idempotencyStrategy ?? "per-inbox";
+		let keyString;
+		if (typeof strategy === "function") {
+			const result = await strategy(inboxContext, activity);
+			keyString = result;
+		} else switch (strategy) {
+			case "global":
+				keyString = activity.id.href;
+				break;
+			case "per-origin":
+				keyString = `${ctx.origin}\n${activity.id.href}`;
+				break;
+			case "per-inbox":
+				keyString = `${ctx.origin}\n${activity.id.href}\n${recipient == null ? "sharedInbox" : `inbox\n${recipient}`}`;
+				break;
+			default: keyString = `${ctx.origin}\n${activity.id.href}`;
+		}
+		if (keyString != null) cacheKey = [...kvPrefixes.activityIdempotence, keyString];
+	}
 	if (cacheKey != null) {
 		const cached = await kv.get(cacheKey);
 		if (cached === true) {

package/dist/{key-CfiBDu3o.js → key-t0uDOx8t.js}

@@ -3,9 +3,10 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Object as Object$1, deno_default, getDocumentLoader } from "./type-B4NJkfVg.js";
-import { isActor } from "./actor-DVpsNXhn.js";
+import { deno_default } from "./deno-Bvf4AA-X.js";
 import { getLogger } from "@logtape/logtape";
+import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 
 //#region src/sig/key.ts

package/dist/{keycache-CVBjz3xi.js → keycache-DRxpZ5r9.js}

@@ -3,7 +3,7 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey } from "./type-B4NJkfVg.js";
+import { CryptographicKey, Multikey } from "@fedify/vocab";
 
 //#region src/federation/keycache.ts
 var KvKeyCache = class {

package/dist/{keys-CBKbYaJA.js → keys-ZbcByPg9.js}

@@ -3,7 +3,8 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { CryptographicKey, Multikey, importSpki } from "./type-B4NJkfVg.js";
+import { CryptographicKey, Multikey } from "@fedify/vocab";
+import { importSpki } from "@fedify/vocab-runtime";
 
 //#region src/testing/keys.ts
 const rsaPublicKey1 = new CryptographicKey({

package/dist/{kv-63Cil1MD.d.cts → kv-B4vFhIYL.d.cts}

@@ -16,6 +16,21 @@ interface KvStoreSetOptions {
    */
   ttl?: Temporal.Duration;
 }
+/**
+ * An entry returned by the {@link KvStore.list} method.
+ *
+ * @since 1.10.0
+ */
+interface KvStoreListEntry {
+  /**
+   * The key of the entry.
+   */
+  readonly key: KvKey;
+  /**
+   * The value of the entry.
+   */
+  readonly value: unknown;
+}
 /**
  * An abstract interface for a key–value store.
  *
@@ -51,6 +66,16 @@ interface KvStore {
    * @since 1.8.0
    */
   cas?: (key: KvKey, expectedValue: unknown, newValue: unknown, options?: KvStoreSetOptions) => Promise<boolean>;
+  /**
+   * Lists all entries in the store that match the given prefix.
+   * If no prefix is given, all entries are returned.
+   * @param prefix The prefix to filter keys by.  If not specified, all entries
+   *               are returned.
+   * @returns An async iterable of entries matching the prefix.
+   * @since 1.10.0
+   * @since 2.0.0 This method is now required instead of optional.
+   */
+  list(prefix?: KvKey): AsyncIterable<KvStoreListEntry>;
 }
 /**
  * A key–value store that stores values in memory.
@@ -76,6 +101,10 @@ declare class MemoryKvStore implements KvStore {
    * {@inheritDoc KvStore.cas}
    */
   cas(key: KvKey, expectedValue: unknown, newValue: unknown, options?: KvStoreSetOptions): Promise<boolean>;
+  /**
+   * {@inheritDoc KvStore.list}
+   */
+  list(prefix?: KvKey): AsyncIterable<KvStoreListEntry>;
 }
 //#endregion
-export { KvKey, KvStore, KvStoreSetOptions, MemoryKvStore };
+export { KvKey, KvStore, KvStoreListEntry, KvStoreSetOptions, MemoryKvStore };