@fedify/fedify 2.0.0-pr.449.1725 → 2.0.0-pr.451.1731

package/dist/{lookup-B2Bsau2g.cjs → lookup-BmGuy-Ps.cjs}

@@ -3,10 +3,71 @@
           const { URLPattern } = require("urlpattern-polyfill");
         
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
-const require_docloader = require('./docloader-BdF5STdg.cjs');
+const require_request = require('./request-Bc5CHBqO.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
+const node_dns_promises = require_chunk.__toESM(require("node:dns/promises"));
+const node_net = require_chunk.__toESM(require("node:net"));
 
+//#region src/utils/url.ts
+var UrlError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "UrlError";
+	}
+};
+/**
+* Validates a URL to prevent SSRF attacks.
+*/
+async function validatePublicUrl(url) {
+	const parsed = new URL(url);
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new UrlError(`Unsupported protocol: ${parsed.protocol}`);
+	let hostname = parsed.hostname;
+	if (hostname.startsWith("[") && hostname.endsWith("]")) hostname = hostname.substring(1, hostname.length - 2);
+	if (hostname === "localhost") throw new UrlError("Localhost is not allowed");
+	if ("Deno" in globalThis && !(0, node_net.isIP)(hostname)) {
+		const netPermission = await Deno.permissions.query({ name: "net" });
+		if (netPermission.state !== "granted") return;
+	}
+	if ("Bun" in globalThis) {
+		if (hostname === "example.com" || hostname.endsWith(".example.com")) return;
+		else if (hostname === "fedify-test.internal") throw new UrlError("Invalid or private address: fedify-test.internal");
+	}
+	let addresses;
+	try {
+		addresses = await (0, node_dns_promises.lookup)(hostname, { all: true });
+	} catch {
+		addresses = [];
+	}
+	for (const { address, family } of addresses) if (family === 4 && !isValidPublicIPv4Address(address) || family === 6 && !isValidPublicIPv6Address(address) || family < 4 || family === 5 || family > 6) throw new UrlError(`Invalid or private address: ${address}`);
+}
+function isValidPublicIPv4Address(address) {
+	const parts = address.split(".");
+	const first = parseInt(parts[0]);
+	if (first === 0 || first === 10 || first === 127) return false;
+	const second = parseInt(parts[1]);
+	if (first === 169 && second === 254) return false;
+	if (first === 172 && second >= 16 && second <= 31) return false;
+	if (first === 192 && second === 168) return false;
+	return true;
+}
+function isValidPublicIPv6Address(address) {
+	address = expandIPv6Address(address);
+	if (address.at(4) !== ":") return false;
+	const firstWord = parseInt(address.substring(0, 4), 16);
+	return !(firstWord >= 64512 && firstWord <= 65023 || firstWord >= 65152 && firstWord <= 65215 || firstWord === 0 || firstWord >= 65280);
+}
+function expandIPv6Address(address) {
+	address = address.toLowerCase();
+	if (address === "::") return "0000:0000:0000:0000:0000:0000:0000:0000";
+	if (address.startsWith("::")) address = "0000" + address;
+	if (address.endsWith("::")) address = address + "0000";
+	address = address.replace("::", ":0000".repeat(8 - (address.match(/:/g) || []).length) + ":");
+	const parts = address.split(":");
+	return parts.map((part) => part.padStart(4, "0")).join(":");
+}
+
+//#endregion
 //#region src/webfinger/lookup.ts
 const logger = (0, __logtape_logtape.getLogger)([
 	"fedify",
@@ -23,7 +84,7 @@ const DEFAULT_MAX_REDIRECTION = 5;
 */
 async function lookupWebFinger(resource, options = {}) {
 	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	return await tracer.startActiveSpan("webfinger.lookup", {
 		kind: __opentelemetry_api.SpanKind.CLIENT,
 		attributes: {
@@ -66,9 +127,9 @@ async function lookupWebFingerInternal(resource, options = {}) {
 		logger.debug("Fetching WebFinger resource descriptor from {url}...", { url: url.href });
 		let response;
 		if (options.allowPrivateAddress !== true) try {
-			await require_docloader.validatePublicUrl(url.href);
+			await validatePublicUrl(url.href);
 		} catch (e) {
-			if (e instanceof require_docloader.UrlError) {
+			if (e instanceof UrlError) {
 				logger.error("Invalid URL for WebFinger resource descriptor: {error}", { error: e });
 				return null;
 			}
@@ -78,7 +139,7 @@ async function lookupWebFingerInternal(resource, options = {}) {
 			response = await fetch(url, {
 				headers: {
 					Accept: "application/jrd+json",
-					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : require_docloader.getUserAgent(options.userAgent)
+					"User-Agent": typeof options.userAgent === "string" ? options.userAgent : require_request.getUserAgent(options.userAgent)
 				},
 				redirect: "manual",
 				signal: options.signal
@@ -129,9 +190,21 @@ async function lookupWebFingerInternal(resource, options = {}) {
 }
 
 //#endregion
+Object.defineProperty(exports, 'UrlError', {
+  enumerable: true,
+  get: function () {
+    return UrlError;
+  }
+});
 Object.defineProperty(exports, 'lookupWebFinger', {
   enumerable: true,
   get: function () {
     return lookupWebFinger;
   }
+});
+Object.defineProperty(exports, 'validatePublicUrl', {
+  enumerable: true,
+  get: function () {
+    return validatePublicUrl;
+  }
 });

package/dist/{lookup-BGCuyJRy.js → lookup-Bql--V-C.js}

@@ -2,10 +2,71 @@
           import { Temporal } from "@js-temporal/polyfill";
           import { URLPattern } from "urlpattern-polyfill";
         
-import { UrlError, deno_default, getUserAgent, validatePublicUrl } from "./docloader-AMdJU291.js";
+import { deno_default, getUserAgent } from "./request-C0Ags1gQ.js";
 import { getLogger } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
+import { lookup } from "node:dns/promises";
+import { isIP } from "node:net";
 
+//#region src/utils/url.ts
+var UrlError = class extends Error {
+	constructor(message) {
+		super(message);
+		this.name = "UrlError";
+	}
+};
+/**
+* Validates a URL to prevent SSRF attacks.
+*/
+async function validatePublicUrl(url) {
+	const parsed = new URL(url);
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") throw new UrlError(`Unsupported protocol: ${parsed.protocol}`);
+	let hostname = parsed.hostname;
+	if (hostname.startsWith("[") && hostname.endsWith("]")) hostname = hostname.substring(1, hostname.length - 2);
+	if (hostname === "localhost") throw new UrlError("Localhost is not allowed");
+	if ("Deno" in globalThis && !isIP(hostname)) {
+		const netPermission = await Deno.permissions.query({ name: "net" });
+		if (netPermission.state !== "granted") return;
+	}
+	if ("Bun" in globalThis) {
+		if (hostname === "example.com" || hostname.endsWith(".example.com")) return;
+		else if (hostname === "fedify-test.internal") throw new UrlError("Invalid or private address: fedify-test.internal");
+	}
+	let addresses;
+	try {
+		addresses = await lookup(hostname, { all: true });
+	} catch {
+		addresses = [];
+	}
+	for (const { address, family } of addresses) if (family === 4 && !isValidPublicIPv4Address(address) || family === 6 && !isValidPublicIPv6Address(address) || family < 4 || family === 5 || family > 6) throw new UrlError(`Invalid or private address: ${address}`);
+}
+function isValidPublicIPv4Address(address) {
+	const parts = address.split(".");
+	const first = parseInt(parts[0]);
+	if (first === 0 || first === 10 || first === 127) return false;
+	const second = parseInt(parts[1]);
+	if (first === 169 && second === 254) return false;
+	if (first === 172 && second >= 16 && second <= 31) return false;
+	if (first === 192 && second === 168) return false;
+	return true;
+}
+function isValidPublicIPv6Address(address) {
+	address = expandIPv6Address(address);
+	if (address.at(4) !== ":") return false;
+	const firstWord = parseInt(address.substring(0, 4), 16);
+	return !(firstWord >= 64512 && firstWord <= 65023 || firstWord >= 65152 && firstWord <= 65215 || firstWord === 0 || firstWord >= 65280);
+}
+function expandIPv6Address(address) {
+	address = address.toLowerCase();
+	if (address === "::") return "0000:0000:0000:0000:0000:0000:0000:0000";
+	if (address.startsWith("::")) address = "0000" + address;
+	if (address.endsWith("::")) address = address + "0000";
+	address = address.replace("::", ":0000".repeat(8 - (address.match(/:/g) || []).length) + ":");
+	const parts = address.split(":");
+	return parts.map((part) => part.padStart(4, "0")).join(":");
+}
+
+//#endregion
 //#region src/webfinger/lookup.ts
 const logger = getLogger([
 	"fedify",
@@ -128,4 +189,4 @@ async function lookupWebFingerInternal(resource, options = {}) {
 }
 
 //#endregion
-export { lookupWebFinger };
+export { UrlError, lookupWebFinger, validatePublicUrl };

package/dist/{middleware-1oxZY_0z.js → middleware-BBTmHKGh.js}

@@ -3,21 +3,21 @@
           import { URLPattern } from "urlpattern-polyfill";
         
 import { getDefaultActivityTransformers } from "./transformers-BFT6d7J5.js";
-import { deno_default, getDocumentLoader, kvCache } from "./docloader-AMdJU291.js";
-import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId } from "./actor-C0gLJq8I.js";
-import { lookupWebFinger } from "./lookup-BGCuyJRy.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-DFefr8X2.js";
-import { doubleKnock, verifyRequest } from "./http-DVQEn98K.js";
-import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-CKXppjee.js";
-import { getNodeInfo, nodeInfoToJson } from "./types-CEn4wB51.js";
-import { getAuthenticatedDocumentLoader } from "./authdocloader-6F9IP-VO.js";
-import { lookupObject, traverseCollection } from "./vocab-CkWH9P5l.js";
+import { deno_default } from "./request-C0Ags1gQ.js";
+import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, getTypeId } from "./actor-CRQwUlsr.js";
+import { lookupWebFinger } from "./lookup-Bql--V-C.js";
+import { doubleKnock, exportJwk, importJwk, validateCryptoKey, verifyRequest } from "./http-BzsavjR2.js";
+import { detachSignature, doesActorOwnKey, getKeyOwner, hasSignature, signJsonLd, signObject, verifyJsonLd, verifyObject } from "./proof-aIlK5BTc.js";
+import { getNodeInfo, nodeInfoToJson } from "./types-CXnyjUdK.js";
+import { getAuthenticatedDocumentLoader, kvCache } from "./kv-cache-rR-Cnl95.js";
+import { lookupObject, traverseCollection } from "./vocab-BiKK7m2H.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
-import { encodeHex } from "byte-encodings/hex";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
 import { cloneDeep } from "es-toolkit";
 import { Router } from "uri-template-router";
 import { parseTemplate } from "url-template";
+import { encodeHex } from "byte-encodings/hex";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
 import { domainToASCII } from "node:url";
 
@@ -339,7 +339,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await import("./middleware-DipQbJmB.js");
+		const { FederationImpl: FederationImpl$1 } = await import("./middleware-BUZSGsQH.js");
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();

package/dist/middleware-BUZSGsQH.js

@@ -0,0 +1,16 @@
+
+          import { Temporal } from "@js-temporal/polyfill";
+          import { URLPattern } from "urlpattern-polyfill";
+        
+import "./transformers-BFT6d7J5.js";
+import "./request-C0Ags1gQ.js";
+import "./actor-CRQwUlsr.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-BBTmHKGh.js";
+import "./lookup-Bql--V-C.js";
+import "./http-BzsavjR2.js";
+import "./proof-aIlK5BTc.js";
+import "./types-CXnyjUdK.js";
+import "./kv-cache-rR-Cnl95.js";
+import "./vocab-BiKK7m2H.js";
+
+export { FederationImpl };

package/dist/middleware-BusTq7Js.cjs

@@ -0,0 +1,16 @@
+
+          const { Temporal } = require("@js-temporal/polyfill");
+          const { URLPattern } = require("urlpattern-polyfill");
+        
+require('./transformers-CoBS-oFG.cjs');
+require('./request-Bc5CHBqO.cjs');
+require('./actor-Ci-5y3ml.cjs');
+const require_middleware = require('./middleware-DrpnHeGO.cjs');
+require('./lookup-BmGuy-Ps.cjs');
+require('./http-DtUGyvkU.cjs');
+require('./proof-0PY1LDZY.cjs');
+require('./types-BDNYgodm.cjs');
+require('./kv-cache-3VK2-wq_.cjs');
+require('./vocab-Dapemq3v.cjs');
+
+exports.FederationImpl = require_middleware.FederationImpl;

package/dist/{middleware-BDqkoMAQ.js → middleware-D7tP9Tq6.js}

@@ -3,23 +3,24 @@
       import { URLPattern } from "urlpattern-polyfill";
       globalThis.addEventListener = () => {};
     
-import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, deno_default, getDocumentLoader, getTypeId, kvCache, lookupWebFinger } from "./type-COb6KNlm.js";
-import { getNodeInfo } from "./client-BS-GE3XI.js";
-import { RouterError, lookupObject, traverseCollection } from "./lookup-C3pnuyiD.js";
-import { nodeInfoToJson } from "./types-BSuWJsOm.js";
-import { exportJwk, importJwk, validateCryptoKey } from "./key-BSJX6n9o.js";
-import { verifyRequest } from "./http-DbyMqL2X.js";
-import { getAuthenticatedDocumentLoader } from "./authdocloader-C8LXxsmU.js";
-import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-CAJ6Q2od.js";
-import { doesActorOwnKey, getKeyOwner } from "./owner-CaIfLBwg.js";
-import { signObject, verifyObject } from "./proof-BQwXHakc.js";
-import { routeActivity } from "./inbox-DQlf_-Dz.js";
-import { FederationBuilderImpl } from "./builder-JjsppXTK.js";
-import { buildCollectionSynchronizationHeader } from "./collection-CcnIw1qY.js";
-import { KvKeyCache } from "./keycache-CcIfdj0m.js";
-import { acceptsJsonLd } from "./negotiation-5NPJL6zp.js";
-import { createExponentialBackoffPolicy } from "./retry-D4GJ670a.js";
-import { extractInboxes, sendActivity } from "./send-DQd3R1Oc.js";
+import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, RouterError, deno_default, getTypeId, lookupObject, lookupWebFinger, traverseCollection } from "./lookup-Bep-EOgr.js";
+import { getNodeInfo } from "./client-DylapB-t.js";
+import { nodeInfoToJson } from "./types-C2XVl6gj.js";
+import { exportJwk, importJwk, validateCryptoKey } from "./key-De1MJH3k.js";
+import { verifyRequest } from "./http-CCUJdi0H.js";
+import { detachSignature, hasSignature, signJsonLd, verifyJsonLd } from "./ld-Dux3_Cw2.js";
+import { doesActorOwnKey, getKeyOwner } from "./owner-Zq8du9WO.js";
+import { signObject, verifyObject } from "./proof-C5S_3hdJ.js";
+import { getAuthenticatedDocumentLoader } from "./docloader-BpcE9hBI.js";
+import { kvCache } from "./kv-cache-DNvS-egZ.js";
+import { routeActivity } from "./inbox-DizLjfhC.js";
+import { FederationBuilderImpl } from "./builder-BflZmL4k.js";
+import { buildCollectionSynchronizationHeader } from "./collection-BzWsN9pB.js";
+import { KvKeyCache } from "./keycache-D2HiBv4F.js";
+import { acceptsJsonLd } from "./negotiation-C4nFufNk.js";
+import { createExponentialBackoffPolicy } from "./retry-CfF8Gn4d.js";
+import { extractInboxes, sendActivity } from "./send-BbVnlsQO.js";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
 import { getLogger, withContext } from "@logtape/logtape";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";

package/dist/{middleware-D0XMPoN8.cjs → middleware-DrpnHeGO.cjs}

@@ -4,21 +4,21 @@
         
 const require_chunk = require('./chunk-DqRYRqnO.cjs');
 const require_transformers = require('./transformers-CoBS-oFG.cjs');
-const require_docloader = require('./docloader-BdF5STdg.cjs');
-const require_actor = require('./actor-CsRJa7wV.cjs');
-const require_lookup = require('./lookup-B2Bsau2g.cjs');
-const require_key = require('./key-D-RgWfcf.cjs');
-const require_http = require('./http-D_BI5KHC.cjs');
-const require_proof = require('./proof-AhyVJcNZ.cjs');
-const require_types = require('./types-DI0yutHB.cjs');
-const require_authdocloader = require('./authdocloader-BkuVo8LL.cjs');
-const require_vocab = require('./vocab-NZXL5Pr-.cjs');
+const require_request = require('./request-Bc5CHBqO.cjs');
+const require_actor = require('./actor-Ci-5y3ml.cjs');
+const require_lookup = require('./lookup-BmGuy-Ps.cjs');
+const require_http = require('./http-DtUGyvkU.cjs');
+const require_proof = require('./proof-0PY1LDZY.cjs');
+const require_types = require('./types-BDNYgodm.cjs');
+const require_kv_cache = require('./kv-cache-3VK2-wq_.cjs');
+const require_vocab = require('./vocab-Dapemq3v.cjs');
 const __logtape_logtape = require_chunk.__toESM(require("@logtape/logtape"));
 const __opentelemetry_api = require_chunk.__toESM(require("@opentelemetry/api"));
-const byte_encodings_hex = require_chunk.__toESM(require("byte-encodings/hex"));
+const __fedify_vocab_runtime = require_chunk.__toESM(require("@fedify/vocab-runtime"));
 const es_toolkit = require_chunk.__toESM(require("es-toolkit"));
 const uri_template_router = require_chunk.__toESM(require("uri-template-router"));
 const url_template = require_chunk.__toESM(require("url-template"));
+const byte_encodings_hex = require_chunk.__toESM(require("byte-encodings/hex"));
 const __opentelemetry_semantic_conventions = require_chunk.__toESM(require("@opentelemetry/semantic-conventions"));
 const node_url = require_chunk.__toESM(require("node:url"));
 
@@ -143,7 +143,7 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 		return "enqueued";
 	}
 	tracerProvider = tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	return await tracer.startActiveSpan("activitypub.dispatch_inbox_listener", { kind: __opentelemetry_api.SpanKind.INTERNAL }, async (span$1) => {
 		const dispatched = inboxListeners?.dispatchWithClass(activity);
 		if (dispatched == null) {
@@ -340,7 +340,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl: FederationImpl$1 } = await Promise.resolve().then(() => require("./middleware-mLaQeD_Z.cjs"));
+		const { FederationImpl: FederationImpl$1 } = await Promise.resolve().then(() => require("./middleware-BusTq7Js.cjs"));
 		const f = new FederationImpl$1(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -366,7 +366,7 @@ var FederationBuilderImpl = class {
 		return f;
 	}
 	_getTracer() {
-		return __opentelemetry_api.trace.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		return __opentelemetry_api.trace.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	}
 	setActorDispatcher(path, dispatcher) {
 		if (this.router.has("actor")) throw new RouterError("Actor dispatcher already set.");
@@ -1113,7 +1113,7 @@ async function handleObject(request, { values, context: context$2, objectDispatc
 async function handleCollection(request, { name, identifier, uriGetter, filter, filterPredicate, context: context$2, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
 	const spanName = name.trim().replace(/\s+/g, "_");
 	tracerProvider = tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	const url = new URL(request.url);
 	const cursor = url.searchParams.get("cursor");
 	if (collectionCallbacks == null) return await onNotFound(request);
@@ -1290,7 +1290,7 @@ function filterCollectionItems(items, collectionName, filterPredicate) {
 */
 async function handleInbox(request, options) {
 	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	return await tracer.startActiveSpan("activitypub.inbox", {
 		kind: options.queue == null ? __opentelemetry_api.SpanKind.SERVER : __opentelemetry_api.SpanKind.PRODUCER,
 		attributes: { "activitypub.shared_inbox": options.recipient == null }
@@ -1642,7 +1642,7 @@ var CustomCollectionHandler = class {
 		this.CollectionPage = CollectionPage$1;
 		this.filterPredicate = filterPredicate;
 		this.name = this.name.trim().replace(/\s+/g, "_");
-		this.#tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		this.#tracer = this.tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 		this.#id = new URL(this.context.url);
 		this.#dispatcher = callbacks.dispatcher.bind(callbacks);
 	}
@@ -2233,7 +2233,7 @@ function extractInboxes({ recipients, preferSharedInbox, excludeBaseUris }) {
 */
 function sendActivity(options) {
 	const tracerProvider = options.tracerProvider ?? __opentelemetry_api.trace.getTracerProvider();
-	const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+	const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	return tracer.startActiveSpan("activitypub.send_activity", {
 		kind: __opentelemetry_api.SpanKind.CLIENT,
 		attributes: { "activitypub.shared_inbox": options.sharedInbox ?? false }
@@ -2404,8 +2404,8 @@ var FederationImpl = class extends FederationBuilderImpl {
 		const { allowPrivateAddress, userAgent } = options;
 		this.allowPrivateAddress = allowPrivateAddress ?? false;
 		this.documentLoaderFactory = options.documentLoaderFactory ?? ((opts) => {
-			return require_docloader.kvCache({
-				loader: require_docloader.getDocumentLoader({
+			return require_kv_cache.kvCache({
+				loader: (0, __fedify_vocab_runtime.getDocumentLoader)({
 					allowPrivateAddress: opts?.allowPrivateAddress ?? allowPrivateAddress,
 					userAgent: opts?.userAgent ?? userAgent
 				}),
@@ -2414,7 +2414,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 			});
 		});
 		this.contextLoaderFactory = options.contextLoaderFactory ?? this.documentLoaderFactory;
-		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => require_authdocloader.getAuthenticatedDocumentLoader(identity, {
+		this.authenticatedDocumentLoaderFactory = options.authenticatedDocumentLoaderFactory ?? ((identity) => require_kv_cache.getAuthenticatedDocumentLoader(identity, {
 			allowPrivateAddress,
 			userAgent,
 			specDeterminer: new KvSpecDeterminer(this.kv, this.kvPrefixes.httpMessageSignaturesSpec, options.firstKnock),
@@ -2435,7 +2435,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
 	}
 	_getTracer() {
-		return this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		return this.tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 	}
 	async _startQueueInternal(ctxData, signal, queue) {
 		if (this.inboxQueue == null && this.outboxQueue == null) return;
@@ -2533,7 +2533,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		});
 		const keys = await Promise.all(message.keys.map(async ({ keyId, privateKey }) => ({
 			keyId: new URL(keyId),
-			privateKey: await require_key.importJwk(privateKey, "private")
+			privateKey: await require_http.importJwk(privateKey, "private")
 		})));
 		const activity = await require_actor.Activity.fromJsonLd(message.activity, {
 			contextLoader: this.contextLoaderFactory({
@@ -2574,7 +2574,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		for (const { keyId, privateKey } of message.keys) {
 			const pair = {
 				keyId: new URL(keyId),
-				privateKey: await require_key.importJwk(privateKey, "private")
+				privateKey: await require_http.importJwk(privateKey, "private")
 			};
 			if (rsaKeyPair == null && pair.privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") rsaKeyPair = pair;
 			keys.push(pair);
@@ -2809,7 +2809,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		let proofCreated = false;
 		let rsaKey = null;
 		for (const { keyId, privateKey } of keys) {
-			require_key.validateCryptoKey(privateKey, "private");
+			require_http.validateCryptoKey(privateKey, "private");
 			if (rsaKey == null && privateKey.algorithm.name === "RSASSA-PKCS1-v1_5") {
 				rsaKey = {
 					keyId,
@@ -2877,7 +2877,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		});
 		const keyJwkPairs = [];
 		for (const { keyId, privateKey } of keys) {
-			const privateKeyJwk = await require_key.exportJwk(privateKey);
+			const privateKeyJwk = await require_http.exportJwk(privateKey);
 			keyJwkPairs.push({
 				keyId: keyId.href,
 				privateKey: privateKeyJwk
@@ -3577,7 +3577,7 @@ var ContextImpl = class ContextImpl {
 		});
 	}
 	sendActivity(sender, recipients, activity, options = {}) {
-		const tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		const tracer = this.tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 		return tracer.startActiveSpan(this.federation.outboxQueue == null || options.immediate ? "activitypub.outbox" : "activitypub.fanout", {
 			kind: this.federation.outboxQueue == null || options.immediate ? __opentelemetry_api.SpanKind.CLIENT : __opentelemetry_api.SpanKind.PRODUCER,
 			attributes: {
@@ -3634,7 +3634,7 @@ var ContextImpl = class ContextImpl {
 			keys = sender;
 		} else keys = [sender];
 		if (keys.length < 1) throw new TypeError("The sender's keys must not be empty.");
-		for (const { privateKey } of keys) require_key.validateCryptoKey(privateKey, "private");
+		for (const { privateKey } of keys) require_http.validateCryptoKey(privateKey, "private");
 		const opts = { context: this };
 		let expandedRecipients;
 		if (Array.isArray(recipients)) expandedRecipients = recipients;
@@ -3675,7 +3675,7 @@ var ContextImpl = class ContextImpl {
 		}
 		const keyJwkPairs = await Promise.all(keys.map(async ({ keyId, privateKey }) => ({
 			keyId: keyId.href,
-			privateKey: await require_key.exportJwk(privateKey)
+			privateKey: await require_http.exportJwk(privateKey)
 		})));
 		const carrier = {};
 		__opentelemetry_api.propagation.inject(__opentelemetry_api.context.active(), carrier);
@@ -3723,7 +3723,7 @@ var ContextImpl = class ContextImpl {
 	}
 	routeActivity(recipient, activity, options = {}) {
 		const tracerProvider = this.tracerProvider ?? this.tracerProvider;
-		const tracer = tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		const tracer = tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 		return tracer.startActiveSpan("activitypub.inbox", {
 			kind: this.federation.inboxQueue == null || options.immediate ? __opentelemetry_api.SpanKind.INTERNAL : __opentelemetry_api.SpanKind.PRODUCER,
 			attributes: { "activitypub.activity.type": require_actor.getTypeId(activity).href }
@@ -3941,7 +3941,7 @@ var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 		});
 	}
 	forwardActivity(forwarder, recipients, options) {
-		const tracer = this.tracerProvider.getTracer(require_docloader.deno_default.name, require_docloader.deno_default.version);
+		const tracer = this.tracerProvider.getTracer(require_request.deno_default.name, require_request.deno_default.version);
 		return tracer.startActiveSpan("activitypub.outbox", {
 			kind: this.federation.outboxQueue == null || options?.immediate ? __opentelemetry_api.SpanKind.CLIENT : __opentelemetry_api.SpanKind.PRODUCER,
 			attributes: { "activitypub.activity.type": this.activityType }
@@ -4042,7 +4042,7 @@ var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 		});
 		const keyJwkPairs = [];
 		for (const { keyId, privateKey } of keys) {
-			const privateKeyJwk = await require_key.exportJwk(privateKey);
+			const privateKeyJwk = await require_http.exportJwk(privateKey);
 			keyJwkPairs.push({
 				keyId: keyId.href,
 				privateKey: privateKeyJwk

package/dist/middleware-tZdLtCWz.js

@@ -0,0 +1,26 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      import { URLPattern } from "urlpattern-polyfill";
+      globalThis.addEventListener = () => {};
+    
+import "./lookup-Bep-EOgr.js";
+import { ContextImpl, FederationImpl, InboxContextImpl, KvSpecDeterminer, createFederation } from "./middleware-D7tP9Tq6.js";
+import "./client-DylapB-t.js";
+import "./types-C2XVl6gj.js";
+import "./actor-GwnlqPRv.js";
+import "./key-De1MJH3k.js";
+import "./http-CCUJdi0H.js";
+import "./ld-Dux3_Cw2.js";
+import "./owner-Zq8du9WO.js";
+import "./proof-C5S_3hdJ.js";
+import "./docloader-BpcE9hBI.js";
+import "./kv-cache-DNvS-egZ.js";
+import "./inbox-DizLjfhC.js";
+import "./builder-BflZmL4k.js";
+import "./collection-BzWsN9pB.js";
+import "./keycache-D2HiBv4F.js";
+import "./negotiation-C4nFufNk.js";
+import "./retry-CfF8Gn4d.js";
+import "./send-BbVnlsQO.js";
+
+export { FederationImpl };

package/dist/{mod-CxkWO3Mg.d.cts → mod--K7l84wp.d.cts}

@@ -1,5 +1,6 @@
-import { DocumentLoader, GetUserAgentOptions } from "./docloader-D-MrRyHl.cjs";
-import { Collection, Link, Object as Object$1 } from "./vocab-Dw1-yVGg.cjs";
+import { GetUserAgentOptions } from "./request-BbHkedIU.cjs";
+import { Collection, Link, Object as Object$1 } from "./vocab-DCBw44JZ.cjs";
+import { DocumentLoader } from "@fedify/vocab-runtime";
 import { TracerProvider } from "@opentelemetry/api";
 
 //#region src/vocab/lookup.d.ts

package/dist/{mod-DBzN0aCM.d.ts → mod-CB80AlIA.d.ts}

@@ -1,6 +1,6 @@
 import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
-import { GetUserAgentOptions } from "./docloader-CxWcuWqQ.js";
+import { GetUserAgentOptions } from "./request-U1t6zZtk.js";
 import { TracerProvider } from "@opentelemetry/api";
 
 //#region src/webfinger/jrd.d.ts