@fedify/fedify 2.2.3-dev.1098 → 2.2.4

package/dist/{middleware-xR9KxICq.cjs → middleware-Cppn0oGi.cjs}

@@ -1,11 +1,11 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
-require("./chunk-DDcVe30Y.cjs");
+const require_chunk = require("./chunk-DDcVe30Y.cjs");
 const require_transformers = require("./transformers-NeAONrAq.cjs");
-const require_http = require("./http-kPc328Pc.cjs");
-const require_proof = require("./proof-CZDkoeWG.cjs");
+const require_http = require("./http-CzvQu1wC.cjs");
+const require_proof = require("./proof-Bxo0UtfN.cjs");
 const require_types = require("./types-KC4QAoxe.cjs");
-const require_kv_cache = require("./kv-cache-zxW74Wfd.cjs");
+const require_kv_cache = require("./kv-cache-10y07lRd.cjs");
 let _logtape_logtape = require("@logtape/logtape");
 let _fedify_vocab = require("@fedify/vocab");
 let _opentelemetry_api = require("@opentelemetry/api");
@@ -15,6 +15,8 @@ let url_template = require("url-template");
 let byte_encodings_hex = require("byte-encodings/hex");
 let _fedify_vocab_runtime = require("@fedify/vocab-runtime");
 let _opentelemetry_semantic_conventions = require("@opentelemetry/semantic-conventions");
+let _fedify_vocab_runtime_jsonld = require("@fedify/vocab-runtime/jsonld");
+_fedify_vocab_runtime_jsonld = require_chunk.__toESM(_fedify_vocab_runtime_jsonld);
 let _fedify_webfinger = require("@fedify/webfinger");
 let node_url = require("node:url");
 //#region src/federation/activity-listener.ts
@@ -210,7 +212,7 @@ var FederationBuilderImpl = class {
 		this.collectionTypeIds = {};
 	}
 	async build(options) {
-		const { FederationImpl } = await Promise.resolve().then(() => require("./middleware-BuOXw_hM.cjs"));
+		const { FederationImpl } = await Promise.resolve().then(() => require("./middleware-CBNvWoWG.cjs"));
 		const f = new FederationImpl(options);
 		const trailingSlashInsensitiveValue = f.router.trailingSlashInsensitive;
 		f.router = this.router.clone();
@@ -770,7 +772,7 @@ async function buildCollectionSynchronizationHeader(collectionId, actorIds) {
 }
 //#endregion
 //#region src/federation/inbox.ts
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
+async function routeActivity({ context: ctx, json, originalJson, normalizedActivity, ldSignatureVerified, activity, recipient, inboxListeners, inboxContextFactory, listenerInboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, tracerProvider, idempotencyStrategy }) {
 	const logger = (0, _logtape_logtape.getLogger)([
 		"fedify",
 		"federation",
@@ -827,7 +829,9 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 				type: "inbox",
 				id: crypto.randomUUID(),
 				baseUrl: ctx.origin,
-				activity: json,
+				activity: originalJson ?? json,
+				...normalizedActivity == null ? {} : { normalizedActivity },
+				...ldSignatureVerified == null ? {} : { ldSignatureVerified },
 				identifier: recipient,
 				attempt: 0,
 				started: (/* @__PURE__ */ new Date()).toISOString(),
@@ -871,7 +875,8 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 		const { class: cls, listener } = dispatched;
 		span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
 		try {
-			await listener(inboxContextFactory(recipient, json, activity?.id?.href, (0, _fedify_vocab.getTypeId)(activity).href), activity);
+			const contextFactory = listenerInboxContextFactory ?? inboxContextFactory;
+			await listener(contextFactory(recipient, contextFactory === inboxContextFactory ? json : originalJson ?? json, activity?.id?.href, (0, _fedify_vocab.getTypeId)(activity).href), activity);
 		} catch (error) {
 			try {
 				await inboxErrorHandler?.(ctx, error);
@@ -1062,7 +1067,123 @@ function acceptsJsonLd(request) {
 	return types.includes("application/activity+json") || types.includes("application/ld+json") || types.includes("application/json");
 }
 //#endregion
+//#region src/federation/temporal.ts
+function isPlainObject(value) {
+	return typeof value === "object" && value != null && !Array.isArray(value);
+}
+function normalizeDateTimeLiteral(value) {
+	return value.substring(19).match(/[Z+-]/) ? value : value + "Z";
+}
+function isMalformedDateTimeLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Instant.from(normalizeDateTimeLiteral(value));
+		return false;
+	} catch {
+		return true;
+	}
+}
+function isMalformedDurationLiteral(value) {
+	if (typeof value !== "string") return false;
+	try {
+		Temporal.Duration.from(value);
+		return false;
+	} catch {
+		return true;
+	}
+}
+const TEMPORAL_DATE_TIME_IRIS = new Set([
+	"https://www.w3.org/ns/activitystreams#deleted",
+	"https://www.w3.org/ns/activitystreams#endTime",
+	"https://www.w3.org/ns/activitystreams#published",
+	"https://www.w3.org/ns/activitystreams#startTime",
+	"https://www.w3.org/ns/activitystreams#updated",
+	"http://purl.org/dc/terms/created",
+	"https://w3id.org/security#created"
+]);
+const TEMPORAL_DURATION_IRIS = new Set(["https://www.w3.org/ns/activitystreams#duration"]);
+const QUESTION_CLOSED_IRI = "https://www.w3.org/ns/activitystreams#closed";
+const XSD_DATE_TIME_IRI = "http://www.w3.org/2001/XMLSchema#dateTime";
+function hasMalformedExpandedDateTimeLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDateTimeLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDateTimeLiteral(value["@value"]);
+}
+function hasMalformedExpandedQuestionClosedLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedQuestionClosedLiteral);
+	if (!isPlainObject(value) || !("@value" in value)) return false;
+	const literal = value["@value"];
+	if (typeof literal === "boolean") return false;
+	if (typeof literal !== "string") return false;
+	if (value["@type"] !== XSD_DATE_TIME_IRI) return false;
+	if (new Date(literal).toString() === "Invalid Date") return false;
+	return isMalformedDateTimeLiteral(literal);
+}
+function hasMalformedExpandedDurationLiteral(value) {
+	if (Array.isArray(value)) return value.some(hasMalformedExpandedDurationLiteral);
+	return isPlainObject(value) && "@value" in value && isMalformedDurationLiteral(value["@value"]);
+}
+function hasMalformedKnownTemporalLiteralInternal(value, visited) {
+	if (Array.isArray(value)) return value.some((item) => hasMalformedKnownTemporalLiteralInternal(item, visited));
+	if (!isPlainObject(value)) return false;
+	if (visited.has(value)) return false;
+	visited.add(value);
+	if ("@value" in value) return false;
+	for (const [key, child] of Object.entries(value)) {
+		if (TEMPORAL_DATE_TIME_IRIS.has(key)) {
+			if (hasMalformedExpandedDateTimeLiteral(child)) return true;
+			continue;
+		}
+		if (key === QUESTION_CLOSED_IRI) {
+			if (hasMalformedExpandedQuestionClosedLiteral(child)) return true;
+			continue;
+		}
+		if (TEMPORAL_DURATION_IRIS.has(key)) {
+			if (hasMalformedExpandedDurationLiteral(child)) return true;
+			continue;
+		}
+		if (hasMalformedKnownTemporalLiteralInternal(child, visited)) return true;
+	}
+	return false;
+}
+async function hasMalformedKnownTemporalLiteral(value, contextLoader) {
+	try {
+		return hasMalformedKnownTemporalLiteralInternal(await _fedify_vocab_runtime_jsonld.default.expand(value, {
+			documentLoader: require_proof.getNormalizationContextLoader(contextLoader),
+			keepFreeFloatingNodes: true
+		}), /* @__PURE__ */ new Set());
+	} catch {
+		return false;
+	}
+}
+//#endregion
 //#region src/federation/handler.ts
+const rawInboxContextFactorySymbol = Symbol("fedify.rawInboxContextFactory");
+function isRemoteContextLoadingFailure$1(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError$1(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure$1(error) && typeof details?.url === "string" && !URL.canParse(details.url) && require_proof.isClearlyMalformedContextReference(details.url);
+}
+function isInvalidJsonLdError(error) {
+	if (!(error instanceof Error)) return false;
+	const name = error.name;
+	return name === "UnsafeJsonLdError" || error instanceof require_proof.InvalidContextReferenceError || isPermanentRemoteContextError$1(error) || name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure$1(error);
+}
+function isValidationTypeError(error) {
+	return error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || require_proof.isInvalidUrlTypeError(error));
+}
+function isPermanentActivityParseError(error) {
+	return isInvalidJsonLdError(error) || isValidationTypeError(error);
+}
+function hasHttpSignatureHeaders(request) {
+	return request.headers.has("Signature") || request.headers.has("Signature-Input");
+}
+function hasObjectIntegrityProof(json) {
+	return typeof json === "object" && json != null && "proof" in json;
+}
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -1589,28 +1710,104 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 	}
 	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-	let ldSigVerified;
-	try {
-		ldSigVerified = await require_proof.verifyJsonLd(json, {
-			contextLoader: ctx.contextLoader,
-			documentLoader: ctx.documentLoader,
-			keyCache,
-			tracerProvider
+	const jsonWithoutSig = require_proof.detachSignature(json);
+	const hasLdSignature = require_proof.hasSignature(json);
+	const canAttemptAlternateAuthAfterLdSignatureFailure = skipSignatureVerification || hasHttpSignatureHeaders(request) || hasObjectIntegrityProof(jsonWithoutSig);
+	let deferredLdSignatureError = void 0;
+	const respondInvalidActivity = async (error) => {
+		logger.error("Failed to parse activity:\n{error}", {
+			recipient,
+			activity: json,
+			error
 		});
-	} catch (error) {
-		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
-			logger.error("Failed to parse JSON-LD:\n{error}", {
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: _opentelemetry_api.SpanStatusCode.ERROR,
+			message: `Failed to parse activity:\n${error}`
+		});
+		return new Response("Invalid activity.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	};
+	let compactedJson = json;
+	let compactedJsonWithoutSig = jsonWithoutSig;
+	let ldSigVerified = false;
+	if (hasLdSignature) {
+		try {
+			compactedJson = await require_proof.compactJsonLd(json, ctx.contextLoader);
+		} catch (error) {
+			if (isInvalidJsonLdError(error)) {
+				logger.error("Failed to parse JSON-LD:\n{error}", {
+					recipient,
+					error
+				});
+				return new Response("Invalid JSON-LD.", {
+					status: 400,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+			}
+			if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+			if (!skipSignatureVerification) deferredLdSignatureError = error;
+			logger.debug("Failed to normalize JSON-LD for Linked Data Signatures; deferring to another authentication path only if it verifies:\n{error}", {
 				recipient,
 				error
 			});
-			return new Response("Invalid JSON-LD.", {
-				status: 400,
-				headers: { "Content-Type": "text/plain; charset=utf-8" }
-			});
 		}
-		ldSigVerified = false;
+		if (compactedJson !== json) {
+			compactedJsonWithoutSig = require_proof.detachSignature(compactedJson);
+			try {
+				ldSigVerified = await require_proof.verifyCompactJsonLd(compactedJson, {
+					contextLoader: ctx.contextLoader,
+					documentLoader: ctx.documentLoader,
+					keyCache,
+					tracerProvider
+				});
+			} catch (error) {
+				if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+				if (isInvalidJsonLdError(error)) {
+					logger.error("Failed to parse JSON-LD:\n{error}", {
+						recipient,
+						error
+					});
+					return new Response("Invalid JSON-LD.", {
+						status: 400,
+						headers: { "Content-Type": "text/plain; charset=utf-8" }
+					});
+				}
+				if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+				if (!skipSignatureVerification) try {
+					await _fedify_vocab.Object.fromJsonLd(compactedJson, {
+						contextLoader: require_proof.getNormalizationContextLoader(ctx.contextLoader),
+						documentLoader: ctx.documentLoader,
+						tracerProvider
+					});
+				} catch (parseError) {
+					if (parseError instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(parseError);
+					if (isInvalidJsonLdError(parseError)) {
+						logger.error("Failed to parse JSON-LD:\n{error}", {
+							recipient,
+							error: parseError
+						});
+						return new Response("Invalid JSON-LD.", {
+							status: 400,
+							headers: { "Content-Type": "text/plain; charset=utf-8" }
+						});
+					}
+					deferredLdSignatureError = parseError;
+				}
+				ldSigVerified = false;
+			}
+		}
 	}
-	const jsonWithoutSig = require_proof.detachSignature(json);
 	let activity = null;
 	let activityVerified = false;
 	if (ldSigVerified) {
@@ -1618,7 +1815,16 @@ async function handleInboxInternal(request, parameters, span) {
 			recipient,
 			json
 		});
-		activity = await _fedify_vocab.Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await _fedify_vocab.Activity.fromJsonLd(compactedJsonWithoutSig, {
+				...ctx,
+				contextLoader: require_proof.getNormalizationContextLoader(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 		activityVerified = true;
 	} else {
 		logger.debug("Linked Data Signatures are not verified.", {
@@ -1627,12 +1833,21 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 		try {
 			activity = await require_proof.verifyObject(_fedify_vocab.Activity, jsonWithoutSig, {
-				contextLoader: ctx.contextLoader,
+				contextLoader: require_proof.wrapContextLoaderForJsonLd(ctx.contextLoader),
 				documentLoader: ctx.documentLoader,
 				keyCache,
 				tracerProvider
 			});
 		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(jsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (deferredLdSignatureError != null) {
+				logger.debug("Object Integrity Proof fallback did not supersede a deferred Linked Data Signature failure:\n{error}", {
+					recipient,
+					error
+				});
+				activity = null;
+			}
+			if (!isPermanentActivityParseError(error)) throw error;
 			logger.error("Failed to parse activity:\n{error}", {
 				recipient,
 				activity: json,
@@ -1680,6 +1895,7 @@ async function handleInboxInternal(request, parameters, span) {
 				tracerProvider
 			});
 			if (verification.verified === false) {
+				if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 				const reason = verification.reason;
 				logger.error("Failed to verify the request's HTTP Signatures.", {
 					recipient,
@@ -1755,7 +1971,15 @@ async function handleInboxInternal(request, parameters, span) {
 			}
 			httpSigKey = verification.key;
 		}
-		activity = await _fedify_vocab.Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await _fedify_vocab.Activity.fromJsonLd(jsonWithoutSig, {
+				...ctx,
+				contextLoader: require_proof.wrapContextLoaderForJsonLd(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", (0, _fedify_vocab.getTypeId)(activity).href);
@@ -1767,6 +1991,7 @@ async function handleInboxInternal(request, parameters, span) {
 		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
 	});
 	if (httpSigKey != null && !await require_proof.doesActorOwnKey(activity, httpSigKey, ctx)) {
+		if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 		logger.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
 			recipient,
@@ -1791,10 +2016,14 @@ async function handleInboxInternal(request, parameters, span) {
 	const routeResult = await routeActivity({
 		context: ctx,
 		json,
+		originalJson: json,
+		normalizedActivity: hasLdSignature && compactedJson !== json ? compactedJson : void 0,
+		ldSignatureVerified: hasLdSignature ? ldSigVerified : void 0,
 		activity,
 		recipient,
 		inboxListeners,
 		inboxContextFactory,
+		listenerInboxContextFactory: ldSigVerified ? inboxContextFactory[rawInboxContextFactorySymbol] : void 0,
 		inboxErrorHandler,
 		kv,
 		kvPrefixes,
@@ -2710,6 +2939,18 @@ async function handleWebFingerInternal(request, { context, host, actorDispatcher
 }
 //#endregion
 //#region src/federation/middleware.ts
+function isRemoteContextLoadingFailure(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure(error) && typeof details?.url === "string" && !URL.canParse(details.url) && require_proof.isClearlyMalformedContextReference(details.url);
+}
+function isPermanentInboxParseError(error) {
+	return error instanceof Error && (error.name === "UnsafeJsonLdError" || error instanceof require_proof.InvalidContextReferenceError || isPermanentRemoteContextError(error) || error.name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure(error)) || error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || require_proof.isInvalidUrlTypeError(error));
+}
 /**
 * Create a new {@link Federation} instance.
 * @param parameters Parameters for initializing the instance.
@@ -3091,7 +3332,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 		}
 		logger.info("Successfully sent activity {activityId} to {inbox}.", { ...logData });
 	}
-	async #listenInboxMessage(ctxData, message, span) {
+	async #listenInboxMessage(ctxData, message, _span) {
 		const logger = (0, _logtape_logtape.getLogger)([
 			"fedify",
 			"federation",
@@ -3104,60 +3345,28 @@ var FederationImpl = class extends FederationBuilderImpl {
 			const identity = await this.sharedInboxKeyDispatcher(context);
 			if (identity != null) context = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 		}
-		const activity = await _fedify_vocab.Activity.fromJsonLd(message.activity, context);
-		span.setAttribute("activitypub.activity.type", (0, _fedify_vocab.getTypeId)(activity).href);
-		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
-		const cacheKey = activity.id == null ? null : [
-			...this.kvPrefixes.activityIdempotence,
-			context.origin,
-			activity.id.href
-		];
-		if (cacheKey != null) {
-			if (await this.kv.get(cacheKey) === true) {
-				logger.debug("Activity {activityId} has already been processed.", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier
-				});
-				return;
-			}
-		}
 		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: _opentelemetry_api.SpanKind.INTERNAL }, async (span) => {
-			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
-			if (dispatched == null) {
-				logger.error("Unsupported activity type:\n{activity}", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier,
-					trial: message.attempt
-				});
-				span.setStatus({
-					code: _opentelemetry_api.SpanStatusCode.ERROR,
-					message: `Unsupported activity type: ${(0, _fedify_vocab.getTypeId)(activity).href}`
-				});
-				span.end();
-				return;
-			}
-			const { class: cls, listener } = dispatched;
-			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
-			try {
-				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, (0, _fedify_vocab.getTypeId)(activity).href), activity);
-			} catch (error) {
+			let activity = null;
+			let cacheKey = null;
+			const reportInboxError = async (error) => {
 				try {
 					await this.inboxErrorHandler?.(context, error);
 				} catch (error) {
 					logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
 						error,
 						trial: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
 				}
+			};
+			const handleRetriableFailure = async (error) => {
+				await reportInboxError(error);
 				if (this.inboxQueue?.nativeRetrial) {
 					logger.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
 						error,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
@@ -3176,17 +3385,25 @@ var FederationImpl = class extends FederationBuilderImpl {
 					logger.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
 						error,
 						attempt: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
+					if (this.inboxQueue == null) {
+						span.setStatus({
+							code: _opentelemetry_api.SpanStatusCode.ERROR,
+							message: String(error)
+						});
+						span.end();
+						throw error;
+					}
 					await this.inboxQueue?.enqueue({
 						...message,
 						attempt: message.attempt + 1
 					}, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
 				} else logger.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
 					error,
-					activityId: activity.id?.href,
+					activityId: activity?.id?.href,
 					activity: message.activity,
 					recipient: message.identifier
 				});
@@ -3195,11 +3412,108 @@ var FederationImpl = class extends FederationBuilderImpl {
 					message: String(error)
 				});
 				span.end();
+			};
+			let dispatched;
+			let parseInput = void 0;
+			let parseContextLoader = context.contextLoader;
+			try {
+				const hasSignatureField = require_proof.hasSignature(message.activity);
+				const shouldParseFromNormalizedSignedPayload = message.ldSignatureVerified === true || message.normalizedActivity != null || message.ldSignatureVerified == null && hasSignatureField;
+				const parseContext = hasSignatureField ? {
+					...context,
+					contextLoader: require_proof.getNormalizationContextLoader(context.contextLoader)
+				} : {
+					...context,
+					contextLoader: require_proof.wrapContextLoaderForJsonLd(context.contextLoader)
+				};
+				parseContextLoader = parseContext.contextLoader;
+				let normalizedActivity;
+				if (shouldParseFromNormalizedSignedPayload) {
+					normalizedActivity = message.normalizedActivity ?? await require_proof.compactJsonLd(message.activity, context.contextLoader);
+					require_proof.assertSafeJsonLd(normalizedActivity);
+				}
+				parseInput = shouldParseFromNormalizedSignedPayload ? require_proof.detachSignature(normalizedActivity) : hasSignatureField ? require_proof.detachSignature(message.activity) : message.activity;
+				activity = await _fedify_vocab.Activity.fromJsonLd(parseInput, parseContext);
+				span.setAttribute("activitypub.activity.type", (0, _fedify_vocab.getTypeId)(activity).href);
+				if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
+				cacheKey = activity.id == null ? null : [
+					...this.kvPrefixes.activityIdempotence,
+					context.origin,
+					activity.id.href
+				];
+				if (cacheKey != null) {
+					if (await this.kv.get(cacheKey) === true) {
+						logger.debug("Activity {activityId} has already been processed.", {
+							activityId: activity.id?.href,
+							activity: message.activity,
+							recipient: message.identifier
+						});
+						span.end();
+						return;
+					}
+				}
+				dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			} catch (error) {
+				if (activity == null && error instanceof RangeError && await hasMalformedKnownTemporalLiteral(parseInput, parseContextLoader)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: null,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: _opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				if (isPermanentInboxParseError(error)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: activity?.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					span.setStatus({
+						code: _opentelemetry_api.SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					span.end();
+					return;
+				}
+				await handleRetriableFailure(error);
+				return;
+			}
+			if (dispatched == null) {
+				logger.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				span.setStatus({
+					code: _opentelemetry_api.SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${(0, _fedify_vocab.getTypeId)(activity).href}`
+				});
+				span.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, (0, _fedify_vocab.getTypeId)(activity).href), activity);
+			} catch (error) {
+				await handleRetriableFailure(error);
 				return;
 			}
 			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
 			logger.info("Activity {activityId} has been processed.", {
-				activityId: activity.id?.href,
+				activityId: activity?.id?.href,
 				activity: message.activity,
 				recipient: message.identifier
 			});
@@ -3569,16 +3883,18 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound
 				});
 				context = this.#createContext(request, contextData, { documentLoader: await context.getDocumentLoader({ identifier: route.values.identifier }) });
-			case "sharedInbox":
+			case "sharedInbox": {
 				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
 					const identity = await this.sharedInboxKeyDispatcher(context);
 					if (identity != null) context = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 				}
 				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				const inboxContextFactory = context.toInboxContext.bind(context);
+				inboxContextFactory[rawInboxContextFactorySymbol] = context.toInboxContext.bind(context);
 				return await handleInbox(request, {
 					recipient: route.values.identifier ?? null,
 					context,
-					inboxContextFactory: context.toInboxContext.bind(context),
+					inboxContextFactory,
 					kv: this.kv,
 					kvPrefixes: this.kvPrefixes,
 					queue: this.inboxQueue,
@@ -3593,6 +3909,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					tracerProvider: this.tracerProvider,
 					idempotencyStrategy: this.idempotencyStrategy
 				});
+			}
 			case "following": return await handleCollection(request, {
 				name: "following",
 				identifier: route.values.identifier,
@@ -4293,6 +4610,7 @@ var ContextImpl = class ContextImpl {
 		const routeResult = await routeActivity({
 			context: this,
 			json,
+			ldSignatureVerified: false,
 			activity,
 			recipient,
 			inboxListeners: this.federation.inboxListeners,
@@ -4573,6 +4891,14 @@ async function forwardActivityInternal(ctx, loggerCategory, forwarder, recipient
 }
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 	recipient;
+	/**
+	* The original received activity payload.
+	*
+	* Fedify may normalize a Linked Data Signature payload internally for safe
+	* parsing, but forwarding must keep the sender's payload unchanged so
+	* third-party signatures/proofs remain intact.
+	* @internal
+	*/
 	activity;
 	activityId;
 	activityType;