@fedify/fedify 2.2.0-pr.695.16 → 2.2.0-pr.697.18

package/dist/{middleware-BjVx-_bv.mjs → middleware-BCJUFXYb.mjs}

@@ -2,24 +2,23 @@ import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { n as RouterError } from "./router-CrMLXoOr.mjs";
-import { n as version, t as name } from "./deno-vxcWcxQS.mjs";
+import { n as version, t as name } from "./deno-DFC3hdDk.mjs";
 import { t as formatAcceptSignature } from "./accept-Dd__NiUL.mjs";
-import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-CGx_dDkX.mjs";
-import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-RZPxDWq5.mjs";
-import { t as getAuthenticatedDocumentLoader } from "./docloader-D7q0-Xef.mjs";
+import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-2MxqHz-F.mjs";
+import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-BrF-JQov.mjs";
+import { t as getAuthenticatedDocumentLoader } from "./docloader-DJSGzW4N.mjs";
 import { n as kvCache } from "./kv-cache-B01V7s3h.mjs";
-import { a as signJsonLd, i as hasSignature, o as verifyJsonLd, r as detachSignature } from "./ld-wup-liFO.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-q2mUMM9a.mjs";
-import { n as signObject, r as verifyObject } from "./proof--CpZsF_p.mjs";
+import { a as signJsonLd, i as hasSignatureLike, o as verifyJsonLd, r as detachSignature } from "./ld-bY6topKr.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-D4-A8f_n.mjs";
+import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-45_MjnD1.mjs";
 import { t as getNodeInfo } from "./client-DEpOVgY1.mjs";
 import { t as nodeInfoToJson } from "./types-DCP0WLdt.mjs";
-import { n as routeActivity } from "./inbox-CmYvcSMM.mjs";
-import { t as FederationBuilderImpl } from "./builder-7PVCiLiR.mjs";
+import { t as FederationBuilderImpl } from "./builder-CssIxEgK.mjs";
 import { t as buildCollectionSynchronizationHeader } from "./collection-BD6-SZ6O.mjs";
 import { t as KvKeyCache } from "./keycache-CCSwkQcY.mjs";
 import { t as acceptsJsonLd } from "./negotiation-DnsfFF8I.mjs";
 import { t as createExponentialBackoffPolicy } from "./retry-B_E3V_Dx.mjs";
-import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-CVJfx7bF.mjs";
+import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-BeNvLSaC.mjs";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -153,6 +152,144 @@ function handleNodeInfoJrd(_request, context) {
 	return Promise.resolve(response);
 }
 //#endregion
+//#region src/federation/inbox.ts
+async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
+	const logger = getLogger([
+		"fedify",
+		"federation",
+		"inbox"
+	]);
+	let cacheKey = null;
+	if (activity.id != null) {
+		const inboxContext = inboxContextFactory(recipient, json, activity.id?.href, getTypeId(activity).href);
+		const strategy = idempotencyStrategy ?? "per-inbox";
+		let keyString;
+		if (typeof strategy === "function") keyString = await strategy(inboxContext, activity);
+		else switch (strategy) {
+			case "global":
+				keyString = activity.id.href;
+				break;
+			case "per-origin":
+				keyString = `${ctx.origin}\n${activity.id.href}`;
+				break;
+			case "per-inbox":
+				keyString = `${ctx.origin}\n${activity.id.href}\n${recipient == null ? "sharedInbox" : `inbox\n${recipient}`}`;
+				break;
+			default: keyString = `${ctx.origin}\n${activity.id.href}`;
+		}
+		if (keyString != null) cacheKey = [...kvPrefixes.activityIdempotence, keyString];
+	}
+	if (cacheKey != null) {
+		if (await kv.get(cacheKey) === true) {
+			logger.debug("Activity {activityId} has already been processed.", {
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.UNSET,
+				message: `Activity ${activity.id?.href} has already been processed.`
+			});
+			return "alreadyProcessed";
+		}
+	}
+	if (activity.actorId == null) {
+		logger.error("Missing actor.", { activity: json });
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: "Missing actor."
+		});
+		return "missingActor";
+	}
+	span.setAttribute("activitypub.actor.id", activity.actorId.href);
+	if (queue != null) {
+		const carrier = {};
+		propagation.inject(context.active(), carrier);
+		try {
+			await queue.enqueue({
+				type: "inbox",
+				id: crypto.randomUUID(),
+				baseUrl: ctx.origin,
+				activity: json,
+				identifier: recipient,
+				attempt: 0,
+				started: (/* @__PURE__ */ new Date()).toISOString(),
+				traceContext: carrier
+			});
+		} catch (error) {
+			logger.error("Failed to enqueue the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: `Failed to enqueue the incoming activity ${activity.id?.href}.`
+			});
+			throw error;
+		}
+		logger.info("Activity {activityId} is enqueued.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		return "enqueued";
+	}
+	tracerProvider = tracerProvider ?? trace.getTracerProvider();
+	return await tracerProvider.getTracer(name, version).startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span) => {
+		const dispatched = inboxListeners?.dispatchWithClass(activity);
+		if (dispatched == null) {
+			logger.error("Unsupported activity type:\n{activity}", {
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.UNSET,
+				message: `Unsupported activity type: ${getTypeId(activity).href}`
+			});
+			span.end();
+			return "unsupportedActivity";
+		}
+		const { class: cls, listener } = dispatched;
+		span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+		try {
+			await listener(inboxContextFactory(recipient, json, activity?.id?.href, getTypeId(activity).href), activity);
+		} catch (error) {
+			try {
+				await inboxErrorHandler?.(ctx, error);
+			} catch (error) {
+				logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
+					error,
+					activityId: activity.id?.href,
+					activity: json,
+					recipient
+				});
+			}
+			logger.error("Failed to process the incoming activity {activityId}:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activity: json,
+				recipient
+			});
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			span.end();
+			return "error";
+		}
+		if (cacheKey != null) await kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
+		logger.info("Activity {activityId} has been processed.", {
+			activityId: activity.id?.href,
+			activity: json,
+			recipient
+		});
+		span.end();
+		return "success";
+	});
+}
+//#endregion
 //#region src/federation/handler.ts
 /**
 * Handles an actor request.
@@ -225,8 +362,8 @@ async function handleObject(request, { values, context, objectDispatcher, author
 * @param parameters The parameters for handling the collection.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleCollection(request, { name: name$2, identifier, uriGetter, filter, filterPredicate, context, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
-	const spanName = name$2.trim().replace(/\s+/g, "_");
+async function handleCollection(request, { name: name$1, identifier, uriGetter, filter, filterPredicate, context, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
+	const spanName = name$1.trim().replace(/\s+/g, "_");
 	tracerProvider = tracerProvider ?? trace.getTracerProvider();
 	const tracer = tracerProvider.getTracer(name, version);
 	const cursor = new URL(request.url).searchParams.get("cursor");
@@ -268,7 +405,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 			collection = new OrderedCollection({
 				id: baseUri,
 				totalItems: totalItems == null ? null : Number(totalItems),
-				items: filterCollectionItems(itemsOrResponse, name$2, filterPredicate)
+				items: filterCollectionItems(itemsOrResponse, name$1, filterPredicate)
 			});
 		} else {
 			const lastCursor = await collectionCallbacks.lastCursor?.(context, identifier);
@@ -289,7 +426,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 	} else {
 		const uri = new URL(baseUri);
 		uri.searchParams.set("cursor", cursor);
-		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name$2}`, {
+		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name$1}`, {
 			kind: SpanKind.SERVER,
 			attributes: {
 				"activitypub.collection.id": uri.href,
@@ -333,7 +470,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 			id: uri,
 			prev,
 			next,
-			items: filterCollectionItems(items, name$2, filterPredicate),
+			items: filterCollectionItems(items, name$1, filterPredicate),
 			partOf
 		});
 	}
@@ -377,6 +514,202 @@ function filterCollectionItems(items, collectionName, filterPredicate) {
 	}
 	return result;
 }
+function summarizeJsonActivity(json) {
+	if (json == null || typeof json !== "object") return {};
+	const activity = json;
+	return {
+		activityId: typeof activity.id === "string" ? activity.id : void 0,
+		activityType: typeof activity.type === "string" ? activity.type : void 0
+	};
+}
+/**
+* Handles an outbox POST request.
+* @template TContextData The context data to pass to the context.
+* @param request The HTTP request.
+* @param parameters The parameters for handling the request.
+* @returns A promise that resolves to an HTTP response.
+* @since 2.2.0
+*/
+async function handleOutbox(request, { identifier, context: ctx, outboxContextFactory, actorDispatcher, authorizePredicate, outboxListeners, outboxErrorHandler, onUnauthorized, onNotFound }) {
+	const logger = getLogger([
+		"fedify",
+		"federation",
+		"outbox"
+	]);
+	if (request.bodyUsed) {
+		logger.error("Request body has already been read.", { identifier });
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	} else if (request.body?.locked) {
+		logger.error("Request body is locked.", { identifier });
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	if (actorDispatcher == null) {
+		logger.error("Actor dispatcher is not set.", { identifier });
+		return await onNotFound(request);
+	}
+	if (authorizePredicate != null) {
+		const authorizeContext = ctx.clone(ctx.data);
+		authorizeContext.request = request.clone();
+		const requestForUnauthorized = authorizeContext.request.clone();
+		if (!await authorizePredicate(authorizeContext, identifier)) return await onUnauthorized(requestForUnauthorized);
+	}
+	const actor = await actorDispatcher(ctx, identifier);
+	if (actor == null || actor instanceof Tombstone) {
+		logger.error("Actor {identifier} not found.", { identifier });
+		return await onNotFound(request);
+	}
+	const requestForParsing = request.clone();
+	let json;
+	try {
+		json = await requestForParsing.json();
+	} catch (error) {
+		logger.error("Failed to parse JSON:\n{error}", {
+			identifier,
+			error
+		});
+		const outboxContext = outboxContextFactory(identifier, null, void 0, "");
+		try {
+			await outboxErrorHandler?.(outboxContext, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in outbox error handler:\n{error}", {
+				error,
+				identifier
+			});
+		}
+		return new Response("Invalid JSON.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	let activity;
+	try {
+		activity = await Activity.fromJsonLd(json, ctx);
+	} catch (error) {
+		const summary = summarizeJsonActivity(json);
+		logger.error("Failed to parse activity:\n{error}", {
+			identifier,
+			...summary,
+			error
+		});
+		const outboxContext = outboxContextFactory(identifier, json, summary.activityId, summary.activityType ?? "");
+		try {
+			await outboxErrorHandler?.(outboxContext, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in outbox error handler:\n{error}", {
+				error,
+				identifier,
+				...summary
+			});
+		}
+		return new Response("Invalid activity.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const outboxContext = outboxContextFactory(identifier, json, activity.id?.href, getTypeId(activity).href);
+	const expectedActorId = actor.id ?? ctx.getActorUri(identifier);
+	if (activity.actorIds.length < 1) {
+		const error = /* @__PURE__ */ new Error("The posted activity has no actor.");
+		logger.error("The posted activity has no actor for outbox {identifier}.", {
+			identifier,
+			activityId: activity.id?.href,
+			expectedActorId: expectedActorId.href
+		});
+		try {
+			await outboxErrorHandler?.(outboxContext, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in outbox error handler:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				identifier
+			});
+		}
+		return new Response(error.message, {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	if (!activity.actorIds.every((actorId) => actorId.href === expectedActorId.href)) {
+		const error = /* @__PURE__ */ new Error("The activity actor does not match the outbox owner.");
+		logger.error("The posted activity actor does not match outbox owner {identifier}.", {
+			identifier,
+			activityId: activity.id?.href,
+			expectedActorId: expectedActorId.href,
+			actorIds: activity.actorIds.map((actorId) => actorId.href)
+		});
+		try {
+			await outboxErrorHandler?.(outboxContext, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in outbox error handler:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				identifier
+			});
+		}
+		return new Response(error.message, {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	const dispatched = outboxListeners?.dispatchWithClass(activity);
+	if (dispatched == null) {
+		logger.debug("Unsupported activity type {activityType}.", {
+			identifier,
+			activityId: activity.id?.href,
+			activityType: getTypeId(activity).href
+		});
+		return new Response("", {
+			status: 202,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	try {
+		await dispatched.listener(outboxContext, activity);
+	} catch (error) {
+		try {
+			await outboxErrorHandler?.(outboxContext, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in outbox error handler:\n{error}", {
+				error,
+				activityId: activity.id?.href,
+				activityType: getTypeId(activity).href,
+				identifier
+			});
+		}
+		logger.error("Failed to process the incoming activity {activityId}:\n{error}", {
+			error,
+			activityId: activity.id?.href,
+			activityType: getTypeId(activity).href,
+			identifier
+		});
+		return new Response("Internal server error.", {
+			status: 500,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	}
+	if (!outboxContext.hasDeliveredActivity()) logger.warn("Outbox listener for {identifier} returned without delivering the posted activity; ctx.sendActivity() or ctx.forwardActivity() may have been skipped or resulted in no delivery.", {
+		identifier,
+		activityId: activity.id?.href,
+		activityType: getTypeId(activity).href
+	});
+	logger.info("Activity {activityId} has been processed in outbox listener.", {
+		activityId: activity.id?.href,
+		activityType: getTypeId(activity).href,
+		identifier
+	});
+	return new Response("", {
+		status: 202,
+		headers: { "Content-Type": "text/plain; charset=utf-8" }
+	});
+}
 /**
 * Handles an inbox request for ActivityPub activities.
 * @template TContextData The context data to pass to the context.
@@ -807,8 +1140,8 @@ var CustomCollectionHandler = class {
 	* @param CollectionPage The CollectionPage constructor.
 	* @param filterPredicate Optional filter predicate for items.
 	*/
-	constructor(name$1, values, context, callbacks, tracerProvider = trace.getTracerProvider(), Collection, CollectionPage, filterPredicate) {
-		this.name = name$1;
+	constructor(name$2, values, context, callbacks, tracerProvider = trace.getTracerProvider(), Collection, CollectionPage, filterPredicate) {
+		this.name = name$2;
 		this.values = values;
 		this.context = context;
 		this.callbacks = callbacks;
@@ -2167,16 +2500,37 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound
 				});
 			}
-			case "outbox": return await handleCollection(request, {
-				name: "outbox",
-				identifier: route.values.identifier,
-				uriGetter: context.getOutboxUri.bind(context),
-				context,
-				collectionCallbacks: this.outboxCallbacks,
-				tracerProvider: this.tracerProvider,
-				onUnauthorized,
-				onNotFound
-			});
+			case "outbox":
+				if (request.method === "POST") {
+					if (this.outboxListeners == null) return new Response("Method not allowed.", {
+						status: 405,
+						headers: {
+							Allow: "GET, HEAD",
+							"Content-Type": "text/plain; charset=utf-8"
+						}
+					});
+					return await handleOutbox(request, {
+						identifier: route.values.identifier,
+						context,
+						outboxContextFactory: context.toOutboxContext.bind(context),
+						actorDispatcher: this.actorCallbacks?.dispatcher,
+						authorizePredicate: this.outboxAuthorizePredicate ?? this.outboxCallbacks?.authorizePredicate,
+						outboxListeners: this.outboxListeners,
+						outboxErrorHandler: this.outboxListenerErrorHandler,
+						onUnauthorized,
+						onNotFound
+					});
+				}
+				return await handleCollection(request, {
+					name: "outbox",
+					identifier: route.values.identifier,
+					uriGetter: context.getOutboxUri.bind(context),
+					context,
+					collectionCallbacks: this.outboxCallbacks,
+					tracerProvider: this.tracerProvider,
+					onUnauthorized,
+					onNotFound
+				});
 			case "inbox":
 				if (request.method !== "POST") return await handleCollection(request, {
 					name: "inbox",
@@ -2346,6 +2700,16 @@ var ContextImpl = class ContextImpl {
 			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
 		});
 	}
+	toOutboxContext(identifier, activity, activityId, activityType) {
+		return new OutboxContextImpl(identifier, activity, activityId, activityType, {
+			url: this.url,
+			federation: this.federation,
+			data: this.data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		});
+	}
 	get hostname() {
 		return this.url.hostname;
 	}
@@ -2635,9 +2999,9 @@ var ContextImpl = class ContextImpl {
 			attributes: {
 				"activitypub.activity.type": getTypeId(activity).href,
 				"activitypub.activity.to": activity.toIds.map((to) => to.href),
-				"activitypub.activity.cc": activity.toIds.map((cc) => cc.href),
+				"activitypub.activity.cc": activity.ccIds.map((cc) => cc.href),
 				"activitypub.activity.bto": activity.btoIds.map((bto) => bto.href),
-				"activitypub.activity.bcc": activity.toIds.map((bcc) => bcc.href)
+				"activitypub.activity.bcc": activity.bccIds.map((bcc) => bcc.href)
 			}
 		}, async (span) => {
 			try {
@@ -2732,6 +3096,13 @@ var ContextImpl = class ContextImpl {
 			preferSharedInbox: options.preferSharedInbox,
 			excludeBaseUris: options.excludeBaseUris
 		});
+		if (globalThis.Object.keys(inboxes).length < 1) {
+			logger.debug("No inboxes found for activity {activityId}.", {
+				activityId: activity.id?.href,
+				activity
+			});
+			return false;
+		}
 		logger.debug("Sending activity {activityId} to inboxes:\n{inboxes}", {
 			inboxes: globalThis.Object.keys(inboxes),
 			activityId: activity.id?.href,
@@ -2739,7 +3110,7 @@ var ContextImpl = class ContextImpl {
 		});
 		if (this.federation.fanoutQueue == null || options.immediate || options.fanout === "skip" || (options.fanout ?? "auto") === "auto" && globalThis.Object.keys(inboxes).length < FANOUT_THRESHOLD) {
 			await this.federation.sendActivity(keys, inboxes, activity, opts);
-			return;
+			return true;
 		}
 		const keyJwkPairs = await Promise.all(keys.map(async ({ keyId, privateKey }) => ({
 			keyId: keyId.href,
@@ -2768,6 +3139,7 @@ var ContextImpl = class ContextImpl {
 		};
 		if (!this.federation.manuallyStartQueue) this.federation._startQueueInternal(this.data);
 		await this.federation.fanoutQueue.enqueue(message, { orderingKey: options.orderingKey });
+		return true;
 	}
 	async *getFollowers(identifier) {
 		if (this.federation.followersCallbacks == null) throw new Error("No followers collection dispatcher registered.");
@@ -3002,6 +3374,170 @@ var RequestContextImpl = class RequestContextImpl extends ContextImpl {
 		}
 	}
 };
+function forwardActivity(ctx, loggerCategory, forwarder, recipients, options) {
+	return ctx.tracerProvider.getTracer(name, version).startActiveSpan(ctx.federation.outboxQueue == null || options?.immediate ? `activitypub.${loggerCategory}` : "activitypub.fanout", {
+		kind: ctx.federation.outboxQueue == null || options?.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+		attributes: { "activitypub.activity.type": ctx.activityType }
+	}, async (span) => {
+		try {
+			if (ctx.activityId != null) span.setAttribute("activitypub.activity.id", ctx.activityId);
+			return await forwardActivityInternal(ctx, loggerCategory, forwarder, recipients, options);
+		} catch (e) {
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(e)
+			});
+			throw e;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function forwardActivityInternal(ctx, loggerCategory, forwarder, recipients, options) {
+	const logger = getLogger([
+		"fedify",
+		"federation",
+		loggerCategory
+	]);
+	let keys;
+	let identifier = null;
+	if ("identifier" in forwarder || "username" in forwarder) {
+		if ("identifier" in forwarder) identifier = forwarder.identifier;
+		else {
+			const username = forwarder.username;
+			if (ctx.federation.actorCallbacks?.handleMapper == null) identifier = username;
+			else {
+				const mapped = await ctx.federation.actorCallbacks.handleMapper(ctx, username);
+				if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
+				identifier = mapped;
+			}
+		}
+		const actorKeyPairs = await ctx.getActorKeyPairs(identifier);
+		if (actorKeyPairs.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
+		keys = actorKeyPairs.map((kp) => ({
+			keyId: kp.keyId,
+			privateKey: kp.privateKey
+		}));
+	} else if (Array.isArray(forwarder)) {
+		if (forwarder.length < 1) throw new Error("The forwarder's key pairs are empty.");
+		keys = forwarder;
+	} else keys = [forwarder];
+	if (!hasSignatureLike(ctx.activity)) {
+		if (!hasProofLike(ctx.activity)) {
+			if (options?.skipIfUnsigned) return false;
+			logger.warn("The activity {activityId} is not signed; even if it is forwarded to other servers as is, it may not be accepted by them due to the lack of a signature/proof.", {
+				activityId: ctx.activityId,
+				activityType: ctx.activityType,
+				identifier: identifier ?? void 0
+			});
+		}
+	}
+	if (recipients === "followers") {
+		if (identifier == null) throw new Error("If recipients is \"followers\", forwarder must be an actor identifier or username.");
+		const followers = [];
+		for await (const recipient of ctx.getFollowers(identifier)) followers.push(recipient);
+		recipients = followers;
+	}
+	const inboxes = extractInboxes({
+		recipients: Array.isArray(recipients) ? recipients : [recipients],
+		preferSharedInbox: options?.preferSharedInbox,
+		excludeBaseUris: options?.excludeBaseUris
+	});
+	if (globalThis.Object.keys(inboxes).length < 1) {
+		logger.debug("No inboxes found for activity {activityId}.", {
+			activityId: ctx.activityId,
+			activityType: ctx.activityType,
+			identifier: identifier ?? void 0
+		});
+		return false;
+	}
+	logger.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", {
+		inboxes: globalThis.Object.keys(inboxes),
+		activityId: ctx.activityId,
+		activity: ctx.activity
+	});
+	if (options?.immediate || ctx.federation.outboxQueue == null) {
+		if (options?.immediate) logger.debug("Forwarding activity immediately without queue since immediate option is set.");
+		else logger.debug("Forwarding activity immediately without queue since queue is not set.");
+		const promises = [];
+		for (const inbox in inboxes) promises.push(sendActivity({
+			keys,
+			activity: ctx.activity,
+			activityId: ctx.activityId,
+			activityType: ctx.activityType,
+			inbox: new URL(inbox),
+			sharedInbox: inboxes[inbox].sharedInbox,
+			tracerProvider: ctx.tracerProvider,
+			specDeterminer: new KvSpecDeterminer(ctx.federation.kv, ctx.federation.kvPrefixes.httpMessageSignaturesSpec, ctx.federation.firstKnock)
+		}));
+		await Promise.all(promises);
+		return true;
+	}
+	logger.debug("Enqueuing activity {activityId} to forward later.", {
+		activityId: ctx.activityId,
+		activity: ctx.activity
+	});
+	if (!ctx.federation.manuallyStartQueue) ctx.federation._startQueueInternal(ctx.data);
+	const keyJwkPairs = [];
+	for (const { keyId, privateKey } of keys) {
+		const privateKeyJwk = await exportJwk(privateKey);
+		keyJwkPairs.push({
+			keyId: keyId.href,
+			privateKey: privateKeyJwk
+		});
+	}
+	const carrier = {};
+	propagation.inject(context.active(), carrier);
+	const orderingKey = options?.orderingKey;
+	const started = (/* @__PURE__ */ new Date()).toISOString();
+	const messages = [];
+	for (const inbox in inboxes) {
+		const inboxUrl = new URL(inbox);
+		const message = {
+			type: "outbox",
+			id: crypto.randomUUID(),
+			baseUrl: ctx.origin,
+			keys: keyJwkPairs,
+			activity: ctx.activity,
+			activityId: ctx.activityId,
+			activityType: ctx.activityType,
+			inbox,
+			sharedInbox: inboxes[inbox].sharedInbox,
+			actorIds: [...inboxes[inbox].actorIds],
+			started,
+			attempt: 0,
+			headers: {},
+			orderingKey: orderingKey == null ? void 0 : `${orderingKey}\n${inboxUrl.origin}`,
+			traceContext: carrier
+		};
+		messages.push({
+			message,
+			orderingKey: message.orderingKey
+		});
+	}
+	const { outboxQueue } = ctx.federation;
+	if (outboxQueue.enqueueMany == null || orderingKey != null) {
+		const promises = messages.map((m) => outboxQueue.enqueue(m.message, { orderingKey: m.orderingKey }));
+		const errors = (await Promise.allSettled(promises)).filter((r) => r.status === "rejected").map((r) => r.reason);
+		if (errors.length > 0) {
+			logger.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
+				activityId: ctx.activityId,
+				errors
+			});
+			if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${ctx.activityId} to forward later.`);
+			throw errors[0];
+		}
+	} else try {
+		await outboxQueue.enqueueMany(messages.map((m) => m.message));
+	} catch (error) {
+		logger.error("Failed to enqueue activity {activityId} to forward later:\n{error}", {
+			activityId: ctx.activityId,
+			error
+		});
+		throw error;
+	}
+	return true;
+}
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 	recipient;
 	activity;
@@ -3025,13 +3561,40 @@ var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 		});
 	}
 	forwardActivity(forwarder, recipients, options) {
-		return this.tracerProvider.getTracer(name, version).startActiveSpan("activitypub.outbox", {
-			kind: this.federation.outboxQueue == null || options?.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
-			attributes: { "activitypub.activity.type": this.activityType }
+		return forwardActivity(this, "inbox", forwarder, recipients, options).then(() => void 0);
+	}
+};
+var OutboxContextImpl = class OutboxContextImpl extends ContextImpl {
+	#deliveryState;
+	identifier;
+	activity;
+	activityId;
+	activityType;
+	constructor(identifier, activity, activityId, activityType, options, deliveryState = { delivered: false }) {
+		super(options);
+		this.#deliveryState = deliveryState;
+		this.identifier = identifier;
+		this.activity = activity;
+		this.activityId = activityId;
+		this.activityType = activityType;
+	}
+	hasDeliveredActivity() {
+		return this.#deliveryState.delivered;
+	}
+	sendActivity(sender, recipients, activity, options = {}) {
+		return this.tracerProvider.getTracer(name, version).startActiveSpan(this.federation.outboxQueue == null || options.immediate ? "activitypub.outbox" : "activitypub.fanout", {
+			kind: this.federation.outboxQueue == null || options.immediate ? SpanKind.CLIENT : SpanKind.PRODUCER,
+			attributes: {
+				"activitypub.activity.type": getTypeId(activity).href,
+				"activitypub.activity.to": activity.toIds.map((to) => to.href),
+				"activitypub.activity.cc": activity.ccIds.map((cc) => cc.href),
+				"activitypub.activity.bto": activity.btoIds.map((bto) => bto.href),
+				"activitypub.activity.bcc": activity.bccIds.map((bcc) => bcc.href)
+			}
 		}, async (span) => {
 			try {
-				if (this.activityId != null) span.setAttribute("activitypub.activity.id", this.activityId);
-				await this.forwardActivityInternal(forwarder, recipients, options);
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				if (await this.sendActivityInternal(sender, recipients, activity, options, span)) this.#deliveryState.delivered = true;
 			} catch (e) {
 				span.setStatus({
 					code: SpanStatusCode.ERROR,
@@ -3043,151 +3606,20 @@ var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 			}
 		});
 	}
-	async forwardActivityInternal(forwarder, recipients, options) {
-		const logger = getLogger([
-			"fedify",
-			"federation",
-			"inbox"
-		]);
-		let keys;
-		let identifier = null;
-		if ("identifier" in forwarder || "username" in forwarder) {
-			if ("identifier" in forwarder) identifier = forwarder.identifier;
-			else {
-				const username = forwarder.username;
-				if (this.federation.actorCallbacks?.handleMapper == null) identifier = username;
-				else {
-					const mapped = await this.federation.actorCallbacks.handleMapper(this, username);
-					if (mapped == null) throw new Error(`No actor found for the given username ${JSON.stringify(username)}.`);
-					identifier = mapped;
-				}
-			}
-			const actorKeyPairs = await this.getActorKeyPairs(identifier);
-			if (actorKeyPairs.length < 1) throw new Error(`No key pair found for actor ${JSON.stringify(identifier)}.`);
-			keys = actorKeyPairs.map((kp) => ({
-				keyId: kp.keyId,
-				privateKey: kp.privateKey
-			}));
-		} else if (Array.isArray(forwarder)) {
-			if (forwarder.length < 1) throw new Error("The forwarder's key pairs are empty.");
-			keys = forwarder;
-		} else keys = [forwarder];
-		if (!hasSignature(this.activity)) {
-			let hasProof;
-			try {
-				hasProof = await (await Activity.fromJsonLd(this.activity, this)).getProof() != null;
-			} catch {
-				hasProof = false;
-			}
-			if (!hasProof) {
-				if (options?.skipIfUnsigned) return;
-				logger.warn("The received activity {activityId} is not signed; even if it is forwarded to other servers as is, it may not be accepted by them due to the lack of a signature/proof.");
-			}
-		}
-		if (recipients === "followers") {
-			if (identifier == null) throw new Error("If recipients is \"followers\", forwarder must be an actor identifier or username.");
-			const followers = [];
-			for await (const recipient of this.getFollowers(identifier)) followers.push(recipient);
-			recipients = followers;
-		}
-		const inboxes = extractInboxes({
-			recipients: Array.isArray(recipients) ? recipients : [recipients],
-			preferSharedInbox: options?.preferSharedInbox,
-			excludeBaseUris: options?.excludeBaseUris
-		});
-		logger.debug("Forwarding activity {activityId} to inboxes:\n{inboxes}", {
-			inboxes: globalThis.Object.keys(inboxes),
-			activityId: this.activityId,
-			activity: this.activity
-		});
-		if (options?.immediate || this.federation.outboxQueue == null) {
-			if (options?.immediate) logger.debug("Forwarding activity immediately without queue since immediate option is set.");
-			else logger.debug("Forwarding activity immediately without queue since queue is not set.");
-			const promises = [];
-			for (const inbox in inboxes) promises.push(sendActivity({
-				keys,
-				activity: this.activity,
-				activityId: this.activityId,
-				activityType: this.activityType,
-				inbox: new URL(inbox),
-				sharedInbox: inboxes[inbox].sharedInbox,
-				tracerProvider: this.tracerProvider,
-				specDeterminer: new KvSpecDeterminer(this.federation.kv, this.federation.kvPrefixes.httpMessageSignaturesSpec, this.federation.firstKnock)
-			}));
-			await Promise.all(promises);
-			return;
-		}
-		logger.debug("Enqueuing activity {activityId} to forward later.", {
-			activityId: this.activityId,
-			activity: this.activity
+	forwardActivity(forwarder, recipients, options) {
+		return forwardActivity(this, "outbox", forwarder, recipients, options).then((delivered) => {
+			if (delivered) this.#deliveryState.delivered = true;
 		});
-		const keyJwkPairs = [];
-		for (const { keyId, privateKey } of keys) {
-			const privateKeyJwk = await exportJwk(privateKey);
-			keyJwkPairs.push({
-				keyId: keyId.href,
-				privateKey: privateKeyJwk
-			});
-		}
-		const carrier = {};
-		propagation.inject(context.active(), carrier);
-		const orderingKey = options?.orderingKey;
-		const messages = [];
-		for (const inbox in inboxes) {
-			const inboxUrl = new URL(inbox);
-			const message = {
-				type: "outbox",
-				id: crypto.randomUUID(),
-				baseUrl: this.origin,
-				keys: keyJwkPairs,
-				activity: this.activity,
-				activityId: this.activityId,
-				activityType: this.activityType,
-				inbox,
-				sharedInbox: inboxes[inbox].sharedInbox,
-				started: (/* @__PURE__ */ new Date()).toISOString(),
-				attempt: 0,
-				headers: {},
-				orderingKey: orderingKey == null ? void 0 : `${orderingKey}\n${inboxUrl.origin}`,
-				traceContext: carrier
-			};
-			messages.push({
-				message,
-				orderingKey: message.orderingKey
-			});
-		}
-		const { outboxQueue } = this.federation;
-		if (outboxQueue.enqueueMany == null) {
-			const promises = messages.map((m) => outboxQueue.enqueue(m.message, { orderingKey: m.orderingKey }));
-			const errors = (await Promise.allSettled(promises)).filter((r) => r.status === "rejected").map((r) => r.reason);
-			if (errors.length > 0) {
-				logger.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
-					activityId: this.activityId,
-					errors
-				});
-				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${this.activityId} to forward later.`);
-				throw errors[0];
-			}
-		} else if (orderingKey != null) {
-			const promises = messages.map((m) => outboxQueue.enqueue(m.message, { orderingKey: m.orderingKey }));
-			const errors = (await Promise.allSettled(promises)).filter((r) => r.status === "rejected").map((r) => r.reason);
-			if (errors.length > 0) {
-				logger.error("Failed to enqueue activity {activityId} to forward later:\n{errors}", {
-					activityId: this.activityId,
-					errors
-				});
-				if (errors.length > 1) throw new AggregateError(errors, `Failed to enqueue activity ${this.activityId} to forward later.`);
-				throw errors[0];
-			}
-		} else try {
-			await outboxQueue.enqueueMany(messages.map((m) => m.message));
-		} catch (error) {
-			logger.error("Failed to enqueue activity {activityId} to forward later:\n{error}", {
-				activityId: this.activityId,
-				error
-			});
-			throw error;
-		}
+	}
+	clone(data) {
+		return new OutboxContextImpl(this.identifier, this.activity, this.activityId, this.activityType, {
+			url: this.url,
+			federation: this.federation,
+			data,
+			documentLoader: this.documentLoader,
+			contextLoader: this.contextLoader,
+			invokedFromActorKeyPairsDispatcher: this.invokedFromActorKeyPairsDispatcher
+		}, this.#deliveryState);
 	}
 };
 var KvSpecDeterminer = class {
@@ -3240,4 +3672,4 @@ function getRequestId(request) {
 	return `req_${Date.now().toString(36)}${Math.random().toString(36).slice(2, 8)}`;
 }
 //#endregion
-export { autoIdAssigner as _, createFederation as a, handleCollection as c, handleObject as d, respondWithObject as f, actorDehydrator as g, handleNodeInfoJrd as h, KvSpecDeterminer as i, handleCustomCollection as l, handleNodeInfo as m, FederationImpl as n, handleWebFinger as o, respondWithObjectIfAcceptable as p, InboxContextImpl as r, handleActor as s, ContextImpl as t, handleInbox as u };
+export { handleNodeInfoJrd as _, OutboxContextImpl as a, handleActor as c, handleInbox as d, handleObject as f, handleNodeInfo as g, respondWithObjectIfAcceptable as h, KvSpecDeterminer as i, handleCollection as l, respondWithObject as m, FederationImpl as n, createFederation as o, handleOutbox as p, InboxContextImpl as r, handleWebFinger as s, ContextImpl as t, handleCustomCollection as u, actorDehydrator as v, autoIdAssigner as y };