@fedify/fedify 2.2.2 → 2.2.3

package/dist/{middleware-AO-0hf_I.mjs → middleware-D9k0Knum.mjs}

@@ -2,24 +2,25 @@ import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { n as RouterError } from "./router-CrMLXoOr.mjs";
-import { n as version, t as name } from "./deno-DCXSCeB3.mjs";
+import { n as version, t as name } from "./deno-DMg4SgCb.mjs";
 import { t as formatAcceptSignature } from "./accept-CPkZzmGN.mjs";
-import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-Dk8-s0bs.mjs";
-import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-Bslazr8_.mjs";
-import { t as getAuthenticatedDocumentLoader } from "./docloader-BqX3RfO-.mjs";
+import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-BAQuZEU1.mjs";
+import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-C_edJspG.mjs";
+import { t as getAuthenticatedDocumentLoader } from "./docloader-Da15YRxG.mjs";
 import { n as kvCache } from "./kv-cache-DYsF2MhP.mjs";
-import { a as signJsonLd, i as hasSignatureLike, o as verifyJsonLd, r as detachSignature } from "./ld-BPA4jaBc.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-SWOTNh3d.mjs";
+import { _ as wrapContextLoaderForJsonLd, a as compactJsonLd, c as getNormalizationContextLoader, d as isClearlyMalformedContextReference, f as isInvalidUrlTypeError, l as hasSignature, m as verifyCompactJsonLd, p as signJsonLd, r as assertSafeJsonLd, s as detachSignature, t as InvalidContextReferenceError, u as hasSignatureLike } from "./ld-tusP_XxG.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-DRHNR5YO.mjs";
 import { r as normalizeOutgoingActivityJsonLd } from "./outgoing-jsonld-CNmZLixq.mjs";
-import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-BMoWLd-F.mjs";
+import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-DLhLRv3m.mjs";
 import { t as getNodeInfo } from "./client-D_1QpnWt.mjs";
 import { t as nodeInfoToJson } from "./types-J53Kw7so.mjs";
-import { t as FederationBuilderImpl } from "./builder-Bw2K7xaq.mjs";
+import { t as FederationBuilderImpl } from "./builder-CaVN56-q.mjs";
 import { t as buildCollectionSynchronizationHeader } from "./collection-D-HqUuA2.mjs";
 import { t as KvKeyCache } from "./keycache-EGATflN-.mjs";
 import { t as acceptsJsonLd } from "./negotiation-SQvQgUqe.mjs";
-import { t as createExponentialBackoffPolicy } from "./retry-bMXBL97A.mjs";
-import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-ir10TETC.mjs";
+import { t as hasMalformedKnownTemporalLiteral } from "./temporal-LL61Ddf2.mjs";
+import { t as createExponentialBackoffPolicy } from "./retry-v_sGLH1d.mjs";
+import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-C7tim5U9.mjs";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -154,7 +155,7 @@ function handleNodeInfoJrd(_request, context) {
 }
 //#endregion
 //#region src/federation/inbox.ts
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
+async function routeActivity({ context: ctx, json, originalJson, normalizedActivity, ldSignatureVerified, activity, recipient, inboxListeners, inboxContextFactory, listenerInboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger = getLogger([
 		"fedify",
 		"federation",
@@ -211,7 +212,9 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 				type: "inbox",
 				id: crypto.randomUUID(),
 				baseUrl: ctx.origin,
-				activity: json,
+				activity: originalJson ?? json,
+				...normalizedActivity == null ? {} : { normalizedActivity },
+				...ldSignatureVerified == null ? {} : { ldSignatureVerified },
 				identifier: recipient,
 				attempt: 0,
 				started: (/* @__PURE__ */ new Date()).toISOString(),
@@ -255,7 +258,8 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 		const { class: cls, listener } = dispatched;
 		span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
 		try {
-			await listener(inboxContextFactory(recipient, json, activity?.id?.href, getTypeId(activity).href), activity);
+			const contextFactory = listenerInboxContextFactory ?? inboxContextFactory;
+			await listener(contextFactory(recipient, contextFactory === inboxContextFactory ? json : originalJson ?? json, activity?.id?.href, getTypeId(activity).href), activity);
 		} catch (error) {
 			try {
 				await inboxErrorHandler?.(ctx, error);
@@ -292,6 +296,33 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 }
 //#endregion
 //#region src/federation/handler.ts
+const rawInboxContextFactorySymbol = Symbol("fedify.rawInboxContextFactory");
+function isRemoteContextLoadingFailure$1(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError$1(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure$1(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isInvalidJsonLdError(error) {
+	if (!(error instanceof Error)) return false;
+	const name = error.name;
+	return name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError$1(error) || name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure$1(error);
+}
+function isValidationTypeError(error) {
+	return error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
+function isPermanentActivityParseError(error) {
+	return isInvalidJsonLdError(error) || isValidationTypeError(error);
+}
+function hasHttpSignatureHeaders(request) {
+	return request.headers.has("Signature") || request.headers.has("Signature-Input");
+}
+function hasObjectIntegrityProof(json) {
+	return typeof json === "object" && json != null && "proof" in json;
+}
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -818,28 +849,104 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 	}
 	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-	let ldSigVerified;
-	try {
-		ldSigVerified = await verifyJsonLd(json, {
-			contextLoader: ctx.contextLoader,
-			documentLoader: ctx.documentLoader,
-			keyCache,
-			tracerProvider
+	const jsonWithoutSig = detachSignature(json);
+	const hasLdSignature = hasSignature(json);
+	const canAttemptAlternateAuthAfterLdSignatureFailure = skipSignatureVerification || hasHttpSignatureHeaders(request) || hasObjectIntegrityProof(jsonWithoutSig);
+	let deferredLdSignatureError = void 0;
+	const respondInvalidActivity = async (error) => {
+		logger.error("Failed to parse activity:\n{error}", {
+			recipient,
+			activity: json,
+			error
 		});
-	} catch (error) {
-		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
-			logger.error("Failed to parse JSON-LD:\n{error}", {
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `Failed to parse activity:\n${error}`
+		});
+		return new Response("Invalid activity.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	};
+	let compactedJson = json;
+	let compactedJsonWithoutSig = jsonWithoutSig;
+	let ldSigVerified = false;
+	if (hasLdSignature) {
+		try {
+			compactedJson = await compactJsonLd(json, ctx.contextLoader);
+		} catch (error) {
+			if (isInvalidJsonLdError(error)) {
+				logger.error("Failed to parse JSON-LD:\n{error}", {
+					recipient,
+					error
+				});
+				return new Response("Invalid JSON-LD.", {
+					status: 400,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+			}
+			if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+			if (!skipSignatureVerification) deferredLdSignatureError = error;
+			logger.debug("Failed to normalize JSON-LD for Linked Data Signatures; deferring to another authentication path only if it verifies:\n{error}", {
 				recipient,
 				error
 			});
-			return new Response("Invalid JSON-LD.", {
-				status: 400,
-				headers: { "Content-Type": "text/plain; charset=utf-8" }
-			});
 		}
-		ldSigVerified = false;
+		if (compactedJson !== json) {
+			compactedJsonWithoutSig = detachSignature(compactedJson);
+			try {
+				ldSigVerified = await verifyCompactJsonLd(compactedJson, {
+					contextLoader: ctx.contextLoader,
+					documentLoader: ctx.documentLoader,
+					keyCache,
+					tracerProvider
+				});
+			} catch (error) {
+				if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+				if (isInvalidJsonLdError(error)) {
+					logger.error("Failed to parse JSON-LD:\n{error}", {
+						recipient,
+						error
+					});
+					return new Response("Invalid JSON-LD.", {
+						status: 400,
+						headers: { "Content-Type": "text/plain; charset=utf-8" }
+					});
+				}
+				if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+				if (!skipSignatureVerification) try {
+					await Object$1.fromJsonLd(compactedJson, {
+						contextLoader: getNormalizationContextLoader(ctx.contextLoader),
+						documentLoader: ctx.documentLoader,
+						tracerProvider
+					});
+				} catch (parseError) {
+					if (parseError instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(parseError);
+					if (isInvalidJsonLdError(parseError)) {
+						logger.error("Failed to parse JSON-LD:\n{error}", {
+							recipient,
+							error: parseError
+						});
+						return new Response("Invalid JSON-LD.", {
+							status: 400,
+							headers: { "Content-Type": "text/plain; charset=utf-8" }
+						});
+					}
+					deferredLdSignatureError = parseError;
+				}
+				ldSigVerified = false;
+			}
+		}
 	}
-	const jsonWithoutSig = detachSignature(json);
 	let activity = null;
 	let activityVerified = false;
 	if (ldSigVerified) {
@@ -847,7 +954,16 @@ async function handleInboxInternal(request, parameters, span) {
 			recipient,
 			json
 		});
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(compactedJsonWithoutSig, {
+				...ctx,
+				contextLoader: getNormalizationContextLoader(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 		activityVerified = true;
 	} else {
 		logger.debug("Linked Data Signatures are not verified.", {
@@ -856,12 +972,21 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 		try {
 			activity = await verifyObject(Activity, jsonWithoutSig, {
-				contextLoader: ctx.contextLoader,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader),
 				documentLoader: ctx.documentLoader,
 				keyCache,
 				tracerProvider
 			});
 		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(jsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (deferredLdSignatureError != null) {
+				logger.debug("Object Integrity Proof fallback did not supersede a deferred Linked Data Signature failure:\n{error}", {
+					recipient,
+					error
+				});
+				activity = null;
+			}
+			if (!isPermanentActivityParseError(error)) throw error;
 			logger.error("Failed to parse activity:\n{error}", {
 				recipient,
 				activity: json,
@@ -909,6 +1034,7 @@ async function handleInboxInternal(request, parameters, span) {
 				tracerProvider
 			});
 			if (verification.verified === false) {
+				if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 				const reason = verification.reason;
 				logger.error("Failed to verify the request's HTTP Signatures.", {
 					recipient,
@@ -984,7 +1110,15 @@ async function handleInboxInternal(request, parameters, span) {
 			}
 			httpSigKey = verification.key;
 		}
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(jsonWithoutSig, {
+				...ctx,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
@@ -996,6 +1130,7 @@ async function handleInboxInternal(request, parameters, span) {
 		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
 	});
 	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
+		if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 		logger.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
 			recipient,
@@ -1020,10 +1155,14 @@ async function handleInboxInternal(request, parameters, span) {
 	const routeResult = await routeActivity({
 		context: ctx,
 		json,
+		originalJson: json,
+		normalizedActivity: hasLdSignature && compactedJson !== json ? compactedJson : void 0,
+		ldSignatureVerified: hasLdSignature ? ldSigVerified : void 0,
 		activity,
 		recipient,
 		inboxListeners,
 		inboxContextFactory,
+		listenerInboxContextFactory: ldSigVerified ? inboxContextFactory[rawInboxContextFactorySymbol] : void 0,
 		inboxErrorHandler,
 		kv,
 		kvPrefixes,
@@ -1689,6 +1828,18 @@ async function handleWebFingerInternal(request, { context, host, actorDispatcher
 }
 //#endregion
 //#region src/federation/middleware.ts
+function isRemoteContextLoadingFailure(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isPermanentInboxParseError(error) {
+	return error instanceof Error && (error.name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError(error) || error.name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure(error)) || error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
 /**
 * Create a new {@link Federation} instance.
 * @param parameters Parameters for initializing the instance.
@@ -2070,7 +2221,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		}
 		logger.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
 	}
-	async #listenInboxMessage(ctxData, message, span) {
+	async #listenInboxMessage(ctxData, message, _span) {
 		const logger = getLogger([
 			"fedify",
 			"federation",
@@ -2083,60 +2234,28 @@ var FederationImpl = class extends FederationBuilderImpl {
 			const identity = await this.sharedInboxKeyDispatcher(context);
 			if (identity != null) context = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 		}
-		const activity = await Activity.fromJsonLd(message.activity, context);
-		span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
-		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
-		const cacheKey = activity.id == null ? null : [
-			...this.kvPrefixes.activityIdempotence,
-			context.origin,
-			activity.id.href
-		];
-		if (cacheKey != null) {
-			if (await this.kv.get(cacheKey) === true) {
-				logger.debug("Activity {activityId} has already been processed.", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier
-				});
-				return;
-			}
-		}
 		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span) => {
-			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
-			if (dispatched == null) {
-				logger.error("Unsupported activity type:\n{activity}", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier,
-					trial: message.attempt
-				});
-				span.setStatus({
-					code: SpanStatusCode.ERROR,
-					message: `Unsupported activity type: ${getTypeId(activity).href}`
-				});
-				span.end();
-				return;
-			}
-			const { class: cls, listener } = dispatched;
-			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
-			try {
-				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
-			} catch (error) {
+			let activity = null;
+			let cacheKey = null;
+			const reportInboxError = async (error) => {
 				try {
 					await this.inboxErrorHandler?.(context, error);
 				} catch (error) {
 					logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
 						error,
 						trial: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
 				}
+			};
+			const handleRetriableFailure = async (error) => {
+				await reportInboxError(error);
 				if (this.inboxQueue?.nativeRetrial) {
 					logger.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
 						error,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
@@ -2155,17 +2274,25 @@ var FederationImpl = class extends FederationBuilderImpl {
 					logger.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
 						error,
 						attempt: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
+					if (this.inboxQueue == null) {
+						span.setStatus({
+							code: SpanStatusCode.ERROR,
+							message: String(error)
+						});
+						span.end();
+						throw error;
+					}
 					await this.inboxQueue?.enqueue({
 						...message,
 						attempt: message.attempt + 1
 					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
 				} else logger.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
 					error,
-					activityId: activity.id?.href,
+					activityId: activity?.id?.href,
 					activity: message.activity,
 					recipient: message.identifier
 				});
@@ -2174,11 +2301,108 @@ var FederationImpl = class extends FederationBuilderImpl {
 					message: String(error)
 				});
 				span.end();
+			};
+			let dispatched;
+			let parseInput = void 0;
+			let parseContextLoader = context.contextLoader;
+			try {
+				const hasSignatureField = hasSignature(message.activity);
+				const shouldParseFromNormalizedSignedPayload = message.ldSignatureVerified === true || message.normalizedActivity != null || message.ldSignatureVerified == null && hasSignatureField;
+				const parseContext = hasSignatureField ? {
+					...context,
+					contextLoader: getNormalizationContextLoader(context.contextLoader)
+				} : {
+					...context,
+					contextLoader: wrapContextLoaderForJsonLd(context.contextLoader)
+				};
+				parseContextLoader = parseContext.contextLoader;
+				let normalizedActivity;
+				if (shouldParseFromNormalizedSignedPayload) {
+					normalizedActivity = message.normalizedActivity ?? await compactJsonLd(message.activity, context.contextLoader);
+					assertSafeJsonLd(normalizedActivity);
+				}
+				parseInput = shouldParseFromNormalizedSignedPayload ? detachSignature(normalizedActivity) : hasSignatureField ? detachSignature(message.activity) : message.activity;
+				activity = await Activity.fromJsonLd(parseInput, parseContext);
+				span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				cacheKey = activity.id == null ? null : [
+					...this.kvPrefixes.activityIdempotence,
+					context.origin,
+					activity.id.href
+				];
+				if (cacheKey != null) {
+					if (await this.kv.get(cacheKey) === true) {
+						logger.debug("Activity {activityId} has already been processed.", {
+							activityId: activity.id?.href,
+							activity: message.activity,
+							recipient: message.identifier
+						});
+						span.end();
+						return;
+					}
+				}
+				dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			} catch (error) {
+				if (activity == null && error instanceof RangeError && await hasMalformedKnownTemporalLiteral(parseInput, parseContextLoader)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: null,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				if (isPermanentInboxParseError(error)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: activity?.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				await handleRetriableFailure(error);
+				return;
+			}
+			if (dispatched == null) {
+				logger.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${getTypeId(activity).href}`
+				});
+				span.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
+			} catch (error) {
+				await handleRetriableFailure(error);
 				return;
 			}
 			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
 			logger.info("Activity {activityId} has been processed.", {
-				activityId: activity.id?.href,
+				activityId: activity?.id?.href,
 				activity: message.activity,
 				recipient: message.identifier
 			});
@@ -2548,16 +2772,18 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound
 				});
 				context = this.#createContext(request, contextData, { documentLoader: await context.getDocumentLoader({ identifier: route.values.identifier }) });
-			case "sharedInbox":
+			case "sharedInbox": {
 				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
 					const identity = await this.sharedInboxKeyDispatcher(context);
 					if (identity != null) context = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 				}
 				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				const inboxContextFactory = context.toInboxContext.bind(context);
+				inboxContextFactory[rawInboxContextFactorySymbol] = context.toInboxContext.bind(context);
 				return await handleInbox(request, {
 					recipient: route.values.identifier ?? null,
 					context,
-					inboxContextFactory: context.toInboxContext.bind(context),
+					inboxContextFactory,
 					kv: this.kv,
 					kvPrefixes: this.kvPrefixes,
 					queue: this.inboxQueue,
@@ -2572,6 +2798,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					tracerProvider: this.tracerProvider,
 					idempotencyStrategy: this.idempotencyStrategy
 				});
+			}
 			case "following": return await handleCollection(request, {
 				name: "following",
 				identifier: route.values.identifier,
@@ -3272,6 +3499,7 @@ var ContextImpl = class ContextImpl {
 		const routeResult = await routeActivity({
 			context: this,
 			json,
+			ldSignatureVerified: false,
 			activity,
 			recipient,
 			inboxListeners: this.federation.inboxListeners,
@@ -3552,6 +3780,14 @@ async function forwardActivityInternal(ctx, loggerCategory, forwarder, recipient
 }
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 	recipient;
+	/**
+	* The original received activity payload.
+	*
+	* Fedify may normalize a Linked Data Signature payload internally for safe
+	* parsing, but forwarding must keep the sender's payload unchanged so
+	* third-party signatures/proofs remain intact.
+	* @internal
+	*/
 	activity;
 	activityId;
 	activityType;

package/dist/{middleware-D5H3hLTL.cjs → middleware-OQPBzyvx.cjs}

@@ -1,4 +1,4 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
-const require_middleware = require("./middleware-DBU9HFil.cjs");
+const require_middleware = require("./middleware-0V-9qj7m.cjs");
 exports.FederationImpl = require_middleware.FederationImpl;

package/dist/{middleware-CDwTn0jH.mjs → middleware-madKLp2f.mjs}

@@ -1,5 +1,5 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as FederationImpl } from "./middleware-AO-0hf_I.mjs";
+import { n as FederationImpl } from "./middleware-D9k0Knum.mjs";
 export { FederationImpl };

package/dist/{mod-CNAHY39V.d.ts → mod-BVt6iTmH.d.ts}

@@ -1,5 +1,5 @@
 /// <reference lib="esnext.temporal" />
-import { $ as ActorAliasMapper, St as WebFingerLinksDispatcher, et as ActorDispatcher, l as RequestContext, tt as ActorHandleMapper } from "./context-BPMgyX7m.js";
+import { $ as ActorAliasMapper, St as WebFingerLinksDispatcher, et as ActorDispatcher, l as RequestContext, tt as ActorHandleMapper } from "./context-BU-1O90h.js";
 import { Span, Tracer } from "@opentelemetry/api";
 
 //#region src/federation/webfinger.d.ts

package/dist/{mod-Bi6WOdti.d.cts → mod-q-NFLW6B.d.cts}

@@ -1,5 +1,5 @@
 /// <reference lib="esnext.temporal" />
-import { $ as ActorAliasMapper, St as WebFingerLinksDispatcher, et as ActorDispatcher, l as RequestContext, tt as ActorHandleMapper } from "./context-DwkhwUX9.cjs";
+import { $ as ActorAliasMapper, St as WebFingerLinksDispatcher, et as ActorDispatcher, l as RequestContext, tt as ActorHandleMapper } from "./context-DVA8wHZ0.cjs";
 import { Span, Tracer } from "@opentelemetry/api";
 
 //#region src/federation/webfinger.d.ts

package/dist/mod.cjs

@@ -4,11 +4,11 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 require("./chunk-DDcVe30Y.cjs");
 const require_transformers = require("./transformers-NeAONrAq.cjs");
 require("./compat/mod.cjs");
-const require_http = require("./http-DhcDuRya.cjs");
-const require_middleware = require("./middleware-DBU9HFil.cjs");
-const require_proof = require("./proof-e42uuEG9.cjs");
+const require_http = require("./http-Cl0Q2bUO.cjs");
+const require_middleware = require("./middleware-0V-9qj7m.cjs");
+const require_proof = require("./proof-DfrItHmh.cjs");
 const require_types = require("./types-KC4QAoxe.cjs");
-const require_kv_cache = require("./kv-cache-Csre9hbs.cjs");
+const require_kv_cache = require("./kv-cache-DmGi6uC-.cjs");
 const require_federation_mod = require("./federation/mod.cjs");
 require("./nodeinfo/mod.cjs");
 require("./runtime/mod.cjs");

package/dist/mod.d.cts

@@ -2,10 +2,10 @@
 import { a as InboundService, c as OutboundService, d as Software, f as Usage, i as parseNodeInfo, l as Protocol, n as ParseNodeInfoOptions, o as JsonValue, p as nodeInfoToJson, r as getNodeInfo, s as NodeInfo, t as GetNodeInfoOptions, u as Services } from "./client-CAM_bQXx.cjs";
 import { C as exportJwk, D as importJwk, E as generateCryptoKeyPair, S as KeyCache, T as fetchKeyDetailed, _ as validateAcceptSignature, a as VerifyRequestDetailedResult, b as FetchKeyOptions, c as signRequest, d as AcceptSignatureMember, f as AcceptSignatureParameters, g as parseAcceptSignature, h as fulfillAcceptSignature, i as SignRequestOptions, l as verifyRequest, m as formatAcceptSignature, n as HttpMessageSignaturesSpecDeterminer, o as VerifyRequestFailureReason, p as FulfillAcceptSignatureResult, r as Rfc9421SignRequestOptions, s as VerifyRequestOptions, t as HttpMessageSignaturesSpec, u as verifyRequestDetailed, v as FetchKeyDetailedResult, w as fetchKey, x as FetchKeyResult, y as FetchKeyErrorResult } from "./http-C87EWkO0.cjs";
 import { i as getKeyOwner, n as GetKeyOwnerOptions, r as doesActorOwnKey, t as DoesActorOwnKeyOptions } from "./owner-DEvZuyOE.cjs";
-import { $ as ActorAliasMapper, A as FederationKvPrefixes, B as Router, C as IdempotencyKeyCallback, Ct as SendActivityError, D as ObjectCallbackSetters, Dt as digest, E as InboxListenerSetters, Et as buildCollectionSynchronizationHeader, F as RetryContext, G as respondWithObject, H as RouterOptions, I as RetryPolicy, J as InProcessMessageQueueOptions, K as respondWithObjectIfAcceptable, L as createExponentialBackoffPolicy, M as FederationQueueOptions, N as createFederation, O as OutboxListenerSetters, Ot as ActivityTransformer, P as CreateExponentialBackoffPolicyOptions, Q as ParallelMessageQueue, R as Message, S as FederationStartQueueOptions, St as WebFingerLinksDispatcher, T as InboxChallengePolicy, Tt as PageItems, U as RouterRouteResult, V as RouterError, W as RespondWithObjectOptions, X as MessageQueueEnqueueOptions, Y as MessageQueue, Z as MessageQueueListenOptions, _ as Federatable, _t as OutboxListenerErrorHandler, a as GetSignedKeyOptions, at as CollectionCursor, b as FederationFetchOptions, bt as UnverifiedActivityHandler, c as ParseUriResult, ct as CustomCollectionCursor, d as SendActivityOptions, dt as InboxListener, et as ActorDispatcher, f as SendActivityOptionsForCollection, ft as NodeInfoDispatcher, g as CustomCollectionCallbackSetters, gt as OutboxListener, h as ConstructorWithTypeId, ht as OutboxErrorHandler, i as GetActorOptions, it as CollectionCounter, j as FederationOrigin, k as Rfc6570Expression, l as RequestContext, lt as CustomCollectionDispatcher, m as CollectionCallbackSetters, mt as ObjectDispatcher, n as Context, nt as ActorKeyPairsDispatcher, o as InboxContext, ot as CollectionDispatcher, p as ActorCallbackSetters, pt as ObjectAuthorizePredicate, q as InProcessMessageQueue, r as ForwardActivityOptions, rt as AuthorizePredicate, s as OutboxContext, st as CustomCollectionCounter, t as ActorKeyPair, tt as ActorHandleMapper, u as RouteActivityOptions, ut as InboxErrorHandler, v as Federation, vt as OutboxPermanentFailureHandler, w as IdempotencyStrategy, wt as SenderKeyPair, x as FederationOptions, xt as UnverifiedActivityReason, y as FederationBuilder, yt as SharedInboxKeyDispatcher, z as createFederationBuilder } from "./context-DwkhwUX9.cjs";
+import { $ as ActorAliasMapper, A as FederationKvPrefixes, B as Router, C as IdempotencyKeyCallback, Ct as SendActivityError, D as ObjectCallbackSetters, Dt as digest, E as InboxListenerSetters, Et as buildCollectionSynchronizationHeader, F as RetryContext, G as respondWithObject, H as RouterOptions, I as RetryPolicy, J as InProcessMessageQueueOptions, K as respondWithObjectIfAcceptable, L as createExponentialBackoffPolicy, M as FederationQueueOptions, N as createFederation, O as OutboxListenerSetters, Ot as ActivityTransformer, P as CreateExponentialBackoffPolicyOptions, Q as ParallelMessageQueue, R as Message, S as FederationStartQueueOptions, St as WebFingerLinksDispatcher, T as InboxChallengePolicy, Tt as PageItems, U as RouterRouteResult, V as RouterError, W as RespondWithObjectOptions, X as MessageQueueEnqueueOptions, Y as MessageQueue, Z as MessageQueueListenOptions, _ as Federatable, _t as OutboxListenerErrorHandler, a as GetSignedKeyOptions, at as CollectionCursor, b as FederationFetchOptions, bt as UnverifiedActivityHandler, c as ParseUriResult, ct as CustomCollectionCursor, d as SendActivityOptions, dt as InboxListener, et as ActorDispatcher, f as SendActivityOptionsForCollection, ft as NodeInfoDispatcher, g as CustomCollectionCallbackSetters, gt as OutboxListener, h as ConstructorWithTypeId, ht as OutboxErrorHandler, i as GetActorOptions, it as CollectionCounter, j as FederationOrigin, k as Rfc6570Expression, l as RequestContext, lt as CustomCollectionDispatcher, m as CollectionCallbackSetters, mt as ObjectDispatcher, n as Context, nt as ActorKeyPairsDispatcher, o as InboxContext, ot as CollectionDispatcher, p as ActorCallbackSetters, pt as ObjectAuthorizePredicate, q as InProcessMessageQueue, r as ForwardActivityOptions, rt as AuthorizePredicate, s as OutboxContext, st as CustomCollectionCounter, t as ActorKeyPair, tt as ActorHandleMapper, u as RouteActivityOptions, ut as InboxErrorHandler, v as Federation, vt as OutboxPermanentFailureHandler, w as IdempotencyStrategy, wt as SenderKeyPair, x as FederationOptions, xt as UnverifiedActivityReason, y as FederationBuilder, yt as SharedInboxKeyDispatcher, z as createFederationBuilder } from "./context-DVA8wHZ0.cjs";
 import { a as MemoryKvStore, i as KvStoreSetOptions, n as KvStore, r as KvStoreListEntry, t as KvKey } from "./kv-gJ8LYbxX.cjs";
 import { actorDehydrator, autoIdAssigner, getDefaultActivityTransformers } from "./compat/mod.cjs";
-import { n as handleWebFinger, t as WebFingerHandlerParameters } from "./mod-Bi6WOdti.cjs";
+import { n as handleWebFinger, t as WebFingerHandlerParameters } from "./mod-q-NFLW6B.cjs";
 import { _ as hasSignatureLike, a as createProof, b as verifySignature, c as verifyObject, d as SignJsonLdOptions, f as VerifyJsonLdOptions, g as detachSignature, h as createSignature, i as VerifyProofOptions, l as verifyProof, m as attachSignature, n as SignObjectOptions, o as hasProofLike, p as VerifySignatureOptions, r as VerifyObjectOptions, s as signObject, t as CreateProofOptions, u as CreateSignatureOptions, v as signJsonLd, y as verifyJsonLd } from "./mod-DXY9JF28.cjs";
 import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./mod-B0rWmfW5.cjs";
 export * from "@fedify/vocab-runtime";