@fedify/fedify 2.2.3-dev.1098 → 2.2.3

package/dist/{middleware-gXlDLkok.js → middleware-Ar1QOOPG.js}

@@ -2,10 +2,10 @@ import { Temporal } from "@js-temporal/polyfill";
 import { URLPattern } from "urlpattern-polyfill";
 import { t as __exportAll } from "./chunk-CRNNMoPX.js";
 import { r as getDefaultActivityTransformers } from "./transformers-BGMIq1cs.js";
-import { _ as version, a as verifyRequestDetailed, d as validateCryptoKey, f as formatAcceptSignature, g as name, i as verifyRequest, n as parseRfc9421SignatureInput, o as exportJwk, t as doubleKnock, u as importJwk } from "./http-D8qsXrUS.js";
-import { c as getKeyOwner, d as detachSignature, f as hasSignatureLike, i as verifyObject, m as verifyJsonLd, n as hasProofLike, o as normalizeOutgoingActivityJsonLd, p as signJsonLd, r as signObject, s as doesActorOwnKey } from "./proof-z93OkIov.js";
+import { _ as version, a as verifyRequestDetailed, d as validateCryptoKey, f as formatAcceptSignature, g as name, i as verifyRequest, n as parseRfc9421SignatureInput, o as exportJwk, t as doubleKnock, u as importJwk } from "./http-BPPaA2uz.js";
+import { _ as hasSignatureLike, b as signJsonLd, c as getKeyOwner, f as compactJsonLd, g as hasSignature, h as getNormalizationContextLoader, i as verifyObject, l as InvalidContextReferenceError, m as detachSignature, n as hasProofLike, o as normalizeOutgoingActivityJsonLd, r as signObject, s as doesActorOwnKey, u as assertSafeJsonLd, v as isClearlyMalformedContextReference, w as wrapContextLoaderForJsonLd, x as verifyCompactJsonLd, y as isInvalidUrlTypeError } from "./proof-SQ4cQs3A.js";
 import { n as getNodeInfo, t as nodeInfoToJson } from "./types-CAY3OdLq.js";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-D_eVhctK.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-C4DGZ_t4.js";
 import { getLogger, withContext } from "@logtape/logtape";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, context, propagation, trace } from "@opentelemetry/api";
@@ -15,6 +15,7 @@ import { parseTemplate } from "url-template";
 import { encodeHex } from "byte-encodings/hex";
 import { FetchError, getDocumentLoader } from "@fedify/vocab-runtime";
 import { ATTR_HTTP_REQUEST_HEADER, ATTR_HTTP_REQUEST_METHOD, ATTR_HTTP_RESPONSE_HEADER, ATTR_HTTP_RESPONSE_STATUS_CODE, ATTR_URL_FULL } from "@opentelemetry/semantic-conventions";
+import jsonld from "@fedify/vocab-runtime/jsonld";
 import { lookupWebFinger } from "@fedify/webfinger";
 import { domainToASCII } from "node:url";
 //#region src/federation/activity-listener.ts
@@ -770,7 +771,7 @@ async function buildCollectionSynchronizationHeader(collectionId, actorIds) {
 }
 //#endregion
 //#region src/federation/inbox.ts
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
+async function routeActivity({ context: ctx, json, originalJson, normalizedActivity, ldSignatureVerified, activity, recipient, inboxListeners, inboxContextFactory, listenerInboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger = getLogger([
 		"fedify",
 		"federation",
@@ -827,7 +828,9 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 				type: "inbox",
 				id: crypto.randomUUID(),
 				baseUrl: ctx.origin,
-				activity: json,
+				activity: originalJson ?? json,
+				...normalizedActivity == null ? {} : { normalizedActivity },
+				...ldSignatureVerified == null ? {} : { ldSignatureVerified },
 				identifier: recipient,
 				attempt: 0,
 				started: (/* @__PURE__ */ new Date()).toISOString(),
@@ -871,7 +874,8 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 		const { class: cls, listener } = dispatched;
 		span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
 		try {
-			await listener(inboxContextFactory(recipient, json, activity?.id?.href, getTypeId(activity).href), activity);
+			const contextFactory = listenerInboxContextFactory ?? inboxContextFactory;
+			await listener(contextFactory(recipient, contextFactory === inboxContextFactory ? json : originalJson ?? json, activity?.id?.href, getTypeId(activity).href), activity);
 		} catch (error) {
 			try {
 				await inboxErrorHandler?.(ctx, error);
@@ -1062,7 +1066,123 @@ function acceptsJsonLd(request) {
 	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
 }
 //#endregion
+//#region src/federation/temporal.ts
+function isPlainObject(value) {
+	return typeof value === "object" && value != null && !Array.isArray(value);
+}
+function normalizeDateTimeLiteral(value) {
+	return value.substring(19).match(/[Z+-]/) ? value : value + "Z";
+}
+function isMalformedDateTimeLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Instant.from(normalizeDateTimeLiteral(value));
+		return false;
+	} catch {
+		return true;
+	}
+}
+function isMalformedDurationLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Duration.from(value);
+		return false;
+	} catch {
+		return true;
+	}
+}
+const TEMPORAL_DATE_TIME_IRIS = new Set([
+	"https://www.w3.org/ns/activitystreams#deleted",
+	"https://www.w3.org/ns/activitystreams#endTime",
+	"https://www.w3.org/ns/activitystreams#published",
+	"https://www.w3.org/ns/activitystreams#startTime",
+	"https://www.w3.org/ns/activitystreams#updated",
+	"http://purl.org/dc/terms/created",
+	"https://w3id.org/security#created"
+]);
+const TEMPORAL_DURATION_IRIS = new Set(["https://www.w3.org/ns/activitystreams#duration"]);
+const QUESTION_CLOSED_IRI = "https://www.w3.org/ns/activitystreams#closed";
+const XSD_DATE_TIME_IRI = "http://www.w3.org/2001/XMLSchema#dateTime";
+function hasMalformedExpandedDateTimeLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDateTimeLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDateTimeLiteral(value["@value"]);
+}
+function hasMalformedExpandedQuestionClosedLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedQuestionClosedLiteral);
+	if (!isPlainObject(value) || !("@value" in value)) return false;
+	const literal = value["@value"];
+	if (typeof literal === "boolean") return false;
+	if (typeof literal !== "string") return false;
+	if (value["@type"] !== XSD_DATE_TIME_IRI) return false;
+	if (new Date(literal).toString() === "Invalid Date") return false;
+	return isMalformedDateTimeLiteral(literal);
+}
+function hasMalformedExpandedDurationLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDurationLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDurationLiteral(value["@value"]);
+}
+function hasMalformedKnownTemporalLiteralInternal(value, visited) {
+	if (Array.isArray(value)) return value.some((item) => hasMalformedKnownTemporalLiteralInternal(item, visited));
+	if (!isPlainObject(value)) return false;
+	if (visited.has(value)) return false;
+	visited.add(value);
+	if ("@value" in value) return false;
+	for (const [key, child] of Object.entries(value)) {
+		if (TEMPORAL_DATE_TIME_IRIS.has(key)) {
+			if (hasMalformedExpandedDateTimeLiteral(child)) return true;
+			continue;
+		}
+		if (key === QUESTION_CLOSED_IRI) {
+			if (hasMalformedExpandedQuestionClosedLiteral(child)) return true;
+			continue;
+		}
+		if (TEMPORAL_DURATION_IRIS.has(key)) {
+			if (hasMalformedExpandedDurationLiteral(child)) return true;
+			continue;
+		}
+		if (hasMalformedKnownTemporalLiteralInternal(child, visited)) return true;
+	}
+	return false;
+}
+async function hasMalformedKnownTemporalLiteral(value, contextLoader) {
+	try {
+		return hasMalformedKnownTemporalLiteralInternal(await jsonld.expand(value, {
+			documentLoader: getNormalizationContextLoader(contextLoader),
+			keepFreeFloatingNodes: true
+		}), /* @__PURE__ */ new Set());
+	} catch {
+		return false;
+	}
+}
+//#endregion
 //#region src/federation/handler.ts
+const rawInboxContextFactorySymbol = Symbol("fedify.rawInboxContextFactory");
+function isRemoteContextLoadingFailure$1(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError$1(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure$1(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isInvalidJsonLdError(error) {
+	if (!(error instanceof Error)) return false;
+	const name = error.name;
+	return name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError$1(error) || name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure$1(error);
+}
+function isValidationTypeError(error) {
+	return error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
+function isPermanentActivityParseError(error) {
+	return isInvalidJsonLdError(error) || isValidationTypeError(error);
+}
+function hasHttpSignatureHeaders(request) {
+	return request.headers.has("Signature") || request.headers.has("Signature-Input");
+}
+function hasObjectIntegrityProof(json) {
+	return typeof json === "object" && json != null && "proof" in json;
+}
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -1589,28 +1709,104 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 	}
 	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-	let ldSigVerified;
-	try {
-		ldSigVerified = await verifyJsonLd(json, {
-			contextLoader: ctx.contextLoader,
-			documentLoader: ctx.documentLoader,
-			keyCache,
-			tracerProvider
+	const jsonWithoutSig = detachSignature(json);
+	const hasLdSignature = hasSignature(json);
+	const canAttemptAlternateAuthAfterLdSignatureFailure = skipSignatureVerification || hasHttpSignatureHeaders(request) || hasObjectIntegrityProof(jsonWithoutSig);
+	let deferredLdSignatureError = void 0;
+	const respondInvalidActivity = async (error) => {
+		logger.error("Failed to parse activity:\n{error}", {
+			recipient,
+			activity: json,
+			error
 		});
-	} catch (error) {
-		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
-			logger.error("Failed to parse JSON-LD:\n{error}", {
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `Failed to parse activity:\n${error}`
+		});
+		return new Response("Invalid activity.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	};
+	let compactedJson = json;
+	let compactedJsonWithoutSig = jsonWithoutSig;
+	let ldSigVerified = false;
+	if (hasLdSignature) {
+		try {
+			compactedJson = await compactJsonLd(json, ctx.contextLoader);
+		} catch (error) {
+			if (isInvalidJsonLdError(error)) {
+				logger.error("Failed to parse JSON-LD:\n{error}", {
+					recipient,
+					error
+				});
+				return new Response("Invalid JSON-LD.", {
+					status: 400,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+			}
+			if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+			if (!skipSignatureVerification) deferredLdSignatureError = error;
+			logger.debug("Failed to normalize JSON-LD for Linked Data Signatures; deferring to another authentication path only if it verifies:\n{error}", {
 				recipient,
 				error
 			});
-			return new Response("Invalid JSON-LD.", {
-				status: 400,
-				headers: { "Content-Type": "text/plain; charset=utf-8" }
-			});
 		}
-		ldSigVerified = false;
+		if (compactedJson !== json) {
+			compactedJsonWithoutSig = detachSignature(compactedJson);
+			try {
+				ldSigVerified = await verifyCompactJsonLd(compactedJson, {
+					contextLoader: ctx.contextLoader,
+					documentLoader: ctx.documentLoader,
+					keyCache,
+					tracerProvider
+				});
+			} catch (error) {
+				if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+				if (isInvalidJsonLdError(error)) {
+					logger.error("Failed to parse JSON-LD:\n{error}", {
+						recipient,
+						error
+					});
+					return new Response("Invalid JSON-LD.", {
+						status: 400,
+						headers: { "Content-Type": "text/plain; charset=utf-8" }
+					});
+				}
+				if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+				if (!skipSignatureVerification) try {
+					await Object$1.fromJsonLd(compactedJson, {
+						contextLoader: getNormalizationContextLoader(ctx.contextLoader),
+						documentLoader: ctx.documentLoader,
+						tracerProvider
+					});
+				} catch (parseError) {
+					if (parseError instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(parseError);
+					if (isInvalidJsonLdError(parseError)) {
+						logger.error("Failed to parse JSON-LD:\n{error}", {
+							recipient,
+							error: parseError
+						});
+						return new Response("Invalid JSON-LD.", {
+							status: 400,
+							headers: { "Content-Type": "text/plain; charset=utf-8" }
+						});
+					}
+					deferredLdSignatureError = parseError;
+				}
+				ldSigVerified = false;
+			}
+		}
 	}
-	const jsonWithoutSig = detachSignature(json);
 	let activity = null;
 	let activityVerified = false;
 	if (ldSigVerified) {
@@ -1618,7 +1814,16 @@ async function handleInboxInternal(request, parameters, span) {
 			recipient,
 			json
 		});
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(compactedJsonWithoutSig, {
+				...ctx,
+				contextLoader: getNormalizationContextLoader(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 		activityVerified = true;
 	} else {
 		logger.debug("Linked Data Signatures are not verified.", {
@@ -1627,12 +1832,21 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 		try {
 			activity = await verifyObject(Activity, jsonWithoutSig, {
-				contextLoader: ctx.contextLoader,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader),
 				documentLoader: ctx.documentLoader,
 				keyCache,
 				tracerProvider
 			});
 		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(jsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (deferredLdSignatureError != null) {
+				logger.debug("Object Integrity Proof fallback did not supersede a deferred Linked Data Signature failure:\n{error}", {
+					recipient,
+					error
+				});
+				activity = null;
+			}
+			if (!isPermanentActivityParseError(error)) throw error;
 			logger.error("Failed to parse activity:\n{error}", {
 				recipient,
 				activity: json,
@@ -1680,6 +1894,7 @@ async function handleInboxInternal(request, parameters, span) {
 				tracerProvider
 			});
 			if (verification.verified === false) {
+				if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 				const reason = verification.reason;
 				logger.error("Failed to verify the request's HTTP Signatures.", {
 					recipient,
@@ -1755,7 +1970,15 @@ async function handleInboxInternal(request, parameters, span) {
 			}
 			httpSigKey = verification.key;
 		}
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(jsonWithoutSig, {
+				...ctx,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
@@ -1767,6 +1990,7 @@ async function handleInboxInternal(request, parameters, span) {
 		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
 	});
 	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
+		if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 		logger.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
 			recipient,
@@ -1791,10 +2015,14 @@ async function handleInboxInternal(request, parameters, span) {
 	const routeResult = await routeActivity({
 		context: ctx,
 		json,
+		originalJson: json,
+		normalizedActivity: hasLdSignature && compactedJson !== json ? compactedJson : void 0,
+		ldSignatureVerified: hasLdSignature ? ldSigVerified : void 0,
 		activity,
 		recipient,
 		inboxListeners,
 		inboxContextFactory,
+		listenerInboxContextFactory: ldSigVerified ? inboxContextFactory[rawInboxContextFactorySymbol] : void 0,
 		inboxErrorHandler,
 		kv,
 		kvPrefixes,
@@ -2718,6 +2946,18 @@ var middleware_exports = /* @__PURE__ */ __exportAll({
 	OutboxContextImpl: () => OutboxContextImpl,
 	createFederation: () => createFederation
 });
+function isRemoteContextLoadingFailure(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isPermanentInboxParseError(error) {
+	return error instanceof Error && (error.name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError(error) || error.name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure(error)) || error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
 /**
 * Create a new {@link Federation} instance.
 * @param parameters Parameters for initializing the instance.
@@ -3099,7 +3339,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		}
 		logger.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
 	}
-	async #listenInboxMessage(ctxData, message, span) {
+	async #listenInboxMessage(ctxData, message, _span) {
 		const logger = getLogger([
 			"fedify",
 			"federation",
@@ -3112,60 +3352,28 @@ var FederationImpl = class extends FederationBuilderImpl {
 			const identity = await this.sharedInboxKeyDispatcher(context);
 			if (identity != null) context = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 		}
-		const activity = await Activity.fromJsonLd(message.activity, context);
-		span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
-		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
-		const cacheKey = activity.id == null ? null : [
-			...this.kvPrefixes.activityIdempotence,
-			context.origin,
-			activity.id.href
-		];
-		if (cacheKey != null) {
-			if (await this.kv.get(cacheKey) === true) {
-				logger.debug("Activity {activityId} has already been processed.", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier
-				});
-				return;
-			}
-		}
 		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span) => {
-			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
-			if (dispatched == null) {
-				logger.error("Unsupported activity type:\n{activity}", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier,
-					trial: message.attempt
-				});
-				span.setStatus({
-					code: SpanStatusCode.ERROR,
-					message: `Unsupported activity type: ${getTypeId(activity).href}`
-				});
-				span.end();
-				return;
-			}
-			const { class: cls, listener } = dispatched;
-			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
-			try {
-				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
-			} catch (error) {
+			let activity = null;
+			let cacheKey = null;
+			const reportInboxError = async (error) => {
 				try {
 					await this.inboxErrorHandler?.(context, error);
 				} catch (error) {
 					logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
 						error,
 						trial: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
 				}
+			};
+			const handleRetriableFailure = async (error) => {
+				await reportInboxError(error);
 				if (this.inboxQueue?.nativeRetrial) {
 					logger.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
 						error,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
@@ -3184,17 +3392,25 @@ var FederationImpl = class extends FederationBuilderImpl {
 					logger.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
 						error,
 						attempt: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
+					if (this.inboxQueue == null) {
+						span.setStatus({
+							code: SpanStatusCode.ERROR,
+							message: String(error)
+						});
+						span.end();
+						throw error;
+					}
 					await this.inboxQueue?.enqueue({
 						...message,
 						attempt: message.attempt + 1
 					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
 				} else logger.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
 					error,
-					activityId: activity.id?.href,
+					activityId: activity?.id?.href,
 					activity: message.activity,
 					recipient: message.identifier
 				});
@@ -3203,11 +3419,108 @@ var FederationImpl = class extends FederationBuilderImpl {
 					message: String(error)
 				});
 				span.end();
+			};
+			let dispatched;
+			let parseInput = void 0;
+			let parseContextLoader = context.contextLoader;
+			try {
+				const hasSignatureField = hasSignature(message.activity);
+				const shouldParseFromNormalizedSignedPayload = message.ldSignatureVerified === true || message.normalizedActivity != null || message.ldSignatureVerified == null && hasSignatureField;
+				const parseContext = hasSignatureField ? {
+					...context,
+					contextLoader: getNormalizationContextLoader(context.contextLoader)
+				} : {
+					...context,
+					contextLoader: wrapContextLoaderForJsonLd(context.contextLoader)
+				};
+				parseContextLoader = parseContext.contextLoader;
+				let normalizedActivity;
+				if (shouldParseFromNormalizedSignedPayload) {
+					normalizedActivity = message.normalizedActivity ?? await compactJsonLd(message.activity, context.contextLoader);
+					assertSafeJsonLd(normalizedActivity);
+				}
+				parseInput = shouldParseFromNormalizedSignedPayload ? detachSignature(normalizedActivity) : hasSignatureField ? detachSignature(message.activity) : message.activity;
+				activity = await Activity.fromJsonLd(parseInput, parseContext);
+				span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				cacheKey = activity.id == null ? null : [
+					...this.kvPrefixes.activityIdempotence,
+					context.origin,
+					activity.id.href
+				];
+				if (cacheKey != null) {
+					if (await this.kv.get(cacheKey) === true) {
+						logger.debug("Activity {activityId} has already been processed.", {
+							activityId: activity.id?.href,
+							activity: message.activity,
+							recipient: message.identifier
+						});
+						span.end();
+						return;
+					}
+				}
+				dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			} catch (error) {
+				if (activity == null && error instanceof RangeError && await hasMalformedKnownTemporalLiteral(parseInput, parseContextLoader)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: null,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				if (isPermanentInboxParseError(error)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: activity?.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				await handleRetriableFailure(error);
+				return;
+			}
+			if (dispatched == null) {
+				logger.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${getTypeId(activity).href}`
+				});
+				span.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, getTypeId(activity).href), activity);
+			} catch (error) {
+				await handleRetriableFailure(error);
 				return;
 			}
 			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
 			logger.info("Activity {activityId} has been processed.", {
-				activityId: activity.id?.href,
+				activityId: activity?.id?.href,
 				activity: message.activity,
 				recipient: message.identifier
 			});
@@ -3577,16 +3890,18 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound
 				});
 				context = this.#createContext(request, contextData, { documentLoader: await context.getDocumentLoader({ identifier: route.values.identifier }) });
-			case "sharedInbox":
+			case "sharedInbox": {
 				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
 					const identity = await this.sharedInboxKeyDispatcher(context);
 					if (identity != null) context = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 				}
 				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				const inboxContextFactory = context.toInboxContext.bind(context);
+				inboxContextFactory[rawInboxContextFactorySymbol] = context.toInboxContext.bind(context);
 				return await handleInbox(request, {
 					recipient: route.values.identifier ?? null,
 					context,
-					inboxContextFactory: context.toInboxContext.bind(context),
+					inboxContextFactory,
 					kv: this.kv,
 					kvPrefixes: this.kvPrefixes,
 					queue: this.inboxQueue,
@@ -3601,6 +3916,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					tracerProvider: this.tracerProvider,
 					idempotencyStrategy: this.idempotencyStrategy
 				});
+			}
 			case "following": return await handleCollection(request, {
 				name: "following",
 				identifier: route.values.identifier,
@@ -4301,6 +4617,7 @@ var ContextImpl = class ContextImpl {
 		const routeResult = await routeActivity({
 			context: this,
 			json,
+			ldSignatureVerified: false,
 			activity,
 			recipient,
 			inboxListeners: this.federation.inboxListeners,
@@ -4581,6 +4898,14 @@ async function forwardActivityInternal(ctx, loggerCategory, forwarder, recipient
 }
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 	recipient;
+	/**
+	* The original received activity payload.
+	*
+	* Fedify may normalize a Linked Data Signature payload internally for safe
+	* parsing, but forwarding must keep the sender's payload unchanged so
+	* third-party signatures/proofs remain intact.
+	* @internal
+	*/
 	activity;
 	activityId;
 	activityType;