@fedify/fedify 2.2.3-dev.1098 → 2.2.4

package/dist/{builder-mqtih91o.mjs → builder-Dg2hGWk5.mjs}

@@ -2,7 +2,7 @@ import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { n as RouterError, t as Router } from "./router-CrMLXoOr.mjs";
-import { n as version, t as name } from "./deno-CziVFvS6.mjs";
+import { n as version, t as name } from "./deno-_3m2phl-.mjs";
 import { t as ActivityListenerSet } from "./activity-listener-ell7W1s9.mjs";
 import { Tombstone, getTypeId } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
@@ -58,7 +58,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl } = await import("./middleware-CfaiRKQ9.mjs");
+		const { FederationImpl } = await import("./middleware-_5uCEul-.mjs");
 		const f = new FederationImpl(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();

package/dist/compat/mod.d.cts

@@ -1,5 +1,5 @@
 /// <reference lib="esnext.temporal" />
-import { Ot as ActivityTransformer, n as Context } from "../context-DwkhwUX9.cjs";
+import { Ot as ActivityTransformer, n as Context } from "../context-DVA8wHZ0.cjs";
 import { Activity } from "@fedify/vocab";
 
 //#region src/compat/transformers.d.ts

package/dist/compat/mod.d.ts

@@ -1,5 +1,5 @@
 /// <reference lib="esnext.temporal" />
-import { Ot as ActivityTransformer, n as Context } from "../context-BPMgyX7m.js";
+import { Ot as ActivityTransformer, n as Context } from "../context-BU-1O90h.js";
 import { Activity } from "@fedify/vocab";
 
 //#region src/compat/transformers.d.ts

package/dist/compat/transformers.test.mjs

@@ -5,7 +5,7 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import { t as assertInstanceOf } from "../assert_instance_of-C4Ri6VuN.mjs";
 import { t as assert } from "../assert-DikXweDx.mjs";
 import { t as MemoryKvStore } from "../kv-rV3vodCc.mjs";
-import { n as FederationImpl, v as actorDehydrator, y as autoIdAssigner } from "../middleware-2gmMVy8b.mjs";
+import { n as FederationImpl, v as actorDehydrator, y as autoIdAssigner } from "../middleware-Bn8hcuAb.mjs";
 import { test } from "@fedify/fixture";
 import { Follow, Person } from "@fedify/vocab";
 //#region src/compat/transformers.test.ts

package/dist/{context-BPMgyX7m.d.ts → context-BU-1O90h.d.ts}

@@ -734,6 +734,42 @@ interface InboxMessage {
   readonly id: ReturnType<typeof crypto.randomUUID>;
   readonly baseUrl: string;
   readonly activity: unknown;
+  /**
+  * The normalized JSON-LD representation of a signed inbox activity that
+  * Fedify already compacted successfully while accepting the request.  Queue
+  * workers can reuse this producer-side parse cache under stricter loader or
+  * network constraints without changing the raw payload preserved for
+  * forwarding.
+  *
+  * This may exist even when {@link ldSignatureVerified} is `false`, because
+  * fallback-authenticated traffic and already-queued backlog items can still
+  * depend on the cached normalized form to avoid re-fetching remote custom
+  * contexts during worker processing.
+  *
+  * This is optional for backward compatibility with messages that were
+  * queued by older Fedify versions or that were already in a queue before
+  * upgrading.
+  *
+  * Fedify keeps this on the queued message itself instead of an external
+  * sidecar because generic queue backends do not provide reliable lifecycle
+  * guarantees for auxiliary storage across retries and redeliveries.
+  *
+  * @internal
+  */
+  readonly normalizedActivity?: unknown;
+  /**
+  * Whether the producer actually verified the Linked Data Signature before
+  * queueing this message.  This lets workers distinguish verified LDS replay
+  * from other authenticated inbox traffic that merely happened to include a
+  * signature block.  This provenance marker is separate from the optional
+  * normalizedActivity parse cache.
+  *
+  * `undefined` preserves backward compatibility with older queued messages
+  * that predate this marker.
+  *
+  * @internal
+  */
+  readonly ldSignatureVerified?: boolean;
   readonly started: string;
   readonly attempt: number;
   readonly identifier: string | null;
@@ -2497,9 +2533,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
   * Forwards a received activity to the recipients' inboxes.  The forwarded
   * activity will be signed in HTTP Signatures by the forwarder, but its
   * payload will not be modified, i.e., Linked Data Signatures and Object
-  * Integrity Proofs will not be added.  Therefore, if the activity is not
-  * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-  * Proofs), the recipient probably will not trust the activity.
+  * Integrity Proofs will not be added.  Even when Fedify internally
+  * normalizes a Linked Data Signature activity for parsing, this method still
+  * forwards the original received payload so the sender's signatures/proofs
+  * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+  * has neither Linked Data Signatures nor Object Integrity Proofs), the
+  * recipient probably will not trust the activity.
   * @param forwarder The forwarder's identifier or the forwarder's username
   *                  or the forwarder's key pair(s).
   * @param recipients The recipients of the activity.
@@ -2515,9 +2554,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
   * Forwards a received activity to the recipients' inboxes.  The forwarded
   * activity will be signed in HTTP Signatures by the forwarder, but its
   * payload will not be modified, i.e., Linked Data Signatures and Object
-  * Integrity Proofs will not be added.  Therefore, if the activity is not
-  * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-  * Proofs), the recipient probably will not trust the activity.
+  * Integrity Proofs will not be added.  Even when Fedify internally
+  * normalizes a Linked Data Signature activity for parsing, this method still
+  * forwards the original received payload so the sender's signatures/proofs
+  * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+  * has neither Linked Data Signatures nor Object Integrity Proofs), the
+  * recipient probably will not trust the activity.
   * @param forwarder The forwarder's identifier or the forwarder's username.
   * @param recipients In this case, it must be `"followers"`.
   * @param options Options for forwarding the activity.

package/dist/{context-DwkhwUX9.d.cts → context-DVA8wHZ0.d.cts}

@@ -734,6 +734,42 @@ interface InboxMessage {
   readonly id: ReturnType<typeof crypto.randomUUID>;
   readonly baseUrl: string;
   readonly activity: unknown;
+  /**
+  * The normalized JSON-LD representation of a signed inbox activity that
+  * Fedify already compacted successfully while accepting the request.  Queue
+  * workers can reuse this producer-side parse cache under stricter loader or
+  * network constraints without changing the raw payload preserved for
+  * forwarding.
+  *
+  * This may exist even when {@link ldSignatureVerified} is `false`, because
+  * fallback-authenticated traffic and already-queued backlog items can still
+  * depend on the cached normalized form to avoid re-fetching remote custom
+  * contexts during worker processing.
+  *
+  * This is optional for backward compatibility with messages that were
+  * queued by older Fedify versions or that were already in a queue before
+  * upgrading.
+  *
+  * Fedify keeps this on the queued message itself instead of an external
+  * sidecar because generic queue backends do not provide reliable lifecycle
+  * guarantees for auxiliary storage across retries and redeliveries.
+  *
+  * @internal
+  */
+  readonly normalizedActivity?: unknown;
+  /**
+  * Whether the producer actually verified the Linked Data Signature before
+  * queueing this message.  This lets workers distinguish verified LDS replay
+  * from other authenticated inbox traffic that merely happened to include a
+  * signature block.  This provenance marker is separate from the optional
+  * normalizedActivity parse cache.
+  *
+  * `undefined` preserves backward compatibility with older queued messages
+  * that predate this marker.
+  *
+  * @internal
+  */
+  readonly ldSignatureVerified?: boolean;
   readonly started: string;
   readonly attempt: number;
   readonly identifier: string | null;
@@ -2497,9 +2533,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
   * Forwards a received activity to the recipients' inboxes.  The forwarded
   * activity will be signed in HTTP Signatures by the forwarder, but its
   * payload will not be modified, i.e., Linked Data Signatures and Object
-  * Integrity Proofs will not be added.  Therefore, if the activity is not
-  * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-  * Proofs), the recipient probably will not trust the activity.
+  * Integrity Proofs will not be added.  Even when Fedify internally
+  * normalizes a Linked Data Signature activity for parsing, this method still
+  * forwards the original received payload so the sender's signatures/proofs
+  * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+  * has neither Linked Data Signatures nor Object Integrity Proofs), the
+  * recipient probably will not trust the activity.
   * @param forwarder The forwarder's identifier or the forwarder's username
   *                  or the forwarder's key pair(s).
   * @param recipients The recipients of the activity.
@@ -2515,9 +2554,12 @@ interface InboxContext<TContextData> extends Context<TContextData> {
   * Forwards a received activity to the recipients' inboxes.  The forwarded
   * activity will be signed in HTTP Signatures by the forwarder, but its
   * payload will not be modified, i.e., Linked Data Signatures and Object
-  * Integrity Proofs will not be added.  Therefore, if the activity is not
-  * signed (i.e., it has neither Linked Data Signatures nor Object Integrity
-  * Proofs), the recipient probably will not trust the activity.
+  * Integrity Proofs will not be added.  Even when Fedify internally
+  * normalizes a Linked Data Signature activity for parsing, this method still
+  * forwards the original received payload so the sender's signatures/proofs
+  * are preserved as-is.  Therefore, if the activity is not signed (i.e., it
+  * has neither Linked Data Signatures nor Object Integrity Proofs), the
+  * recipient probably will not trust the activity.
   * @param forwarder The forwarder's identifier or the forwarder's username.
   * @param recipients In this case, it must be `"followers"`.
   * @param options Options for forwarding the activity.

package/dist/{deno-CziVFvS6.mjs → deno-_3m2phl-.mjs}

@@ -3,6 +3,6 @@ import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 //#region deno.json
 var name = "@fedify/fedify";
-var version = "2.2.3-dev.1098+aaf52a7f";
+var version = "2.2.4";
 //#endregion
 export { version as n, name as t };

package/dist/{docloader-fI9DeYyB.mjs → docloader-Cq_3E56G.mjs}

@@ -1,8 +1,8 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { o as validateCryptoKey } from "./key-D3TgMhcs.mjs";
-import { n as doubleKnock } from "./http-BDCGf4Ac.mjs";
+import { o as validateCryptoKey } from "./key-ckqyhgo3.mjs";
+import { n as doubleKnock } from "./http-C6206Ne5.mjs";
 import { curry } from "es-toolkit";
 import { UrlError, createActivityPubRequest, getRemoteDocument, logRequest, validatePublicUrl } from "@fedify/vocab-runtime";
 import { getLogger } from "@logtape/logtape";

package/dist/federation/builder.test.mjs

@@ -6,7 +6,7 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import { i as assertExists } from "../std__assert-CRDpx_HF.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
 import { t as MemoryKvStore } from "../kv-rV3vodCc.mjs";
-import { n as createFederationBuilder } from "../builder-mqtih91o.mjs";
+import { n as createFederationBuilder } from "../builder-Dg2hGWk5.mjs";
 import { test } from "@fedify/fixture";
 import { Activity, Note, Person } from "@fedify/vocab";
 //#region src/federation/builder.test.ts