@fedify/fedify 2.3.0-dev.1145 → 2.3.0-dev.1150

package/dist/{middleware-CyJDCmNg.mjs → middleware-ZuUcO0t1.mjs}

@@ -1,25 +1,26 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-h0TWFuEz.mjs";
-import { a as instrumentDocumentLoader, d as recordInboxActivity, h as recordWebFingerHandle, i as getRemoteHost, m as recordOutboxEnqueue, n as getDurationMs, o as isAbortError, p as recordOutboxActivity, r as getFederationMetrics, u as recordFanoutRecipients } from "./metrics-E0hAHtLZ.mjs";
+import { n as version, t as name } from "./deno-CKFE6Uya.mjs";
+import { a as instrumentDocumentLoader, d as recordInboxActivity, h as recordWebFingerHandle, i as getRemoteHost, m as recordOutboxEnqueue, n as getDurationMs, o as isAbortError, p as recordOutboxActivity, r as getFederationMetrics, u as recordFanoutRecipients } from "./metrics-7Vy9FvEw.mjs";
 import { t as formatAcceptSignature } from "./accept-CceiKpCy.mjs";
-import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-Dh2OK1XQ.mjs";
-import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-QzW9IWfs.mjs";
-import { t as getAuthenticatedDocumentLoader } from "./docloader-BdDN0Aqx.mjs";
-import { n as kvCache } from "./kv-cache-EZRIPZXD.mjs";
-import { a as signJsonLd, i as hasSignatureLike, o as verifyJsonLd, r as detachSignature } from "./ld-eZbar1rr.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-ByO_Fw6U.mjs";
+import { a as importJwk, o as validateCryptoKey, t as exportJwk } from "./key-N0zP_oJA.mjs";
+import { l as verifyRequest, o as parseRfc9421SignatureInput, u as verifyRequestDetailed } from "./http-vHCgbhTg.mjs";
+import { t as getAuthenticatedDocumentLoader } from "./docloader-B-ZE1cZf.mjs";
+import { n as kvCache } from "./kv-cache-GXXZEemD.mjs";
+import { _ as wrapContextLoaderForJsonLd, a as compactJsonLd, c as getNormalizationContextLoader, d as isClearlyMalformedContextReference, f as isInvalidUrlTypeError, l as hasSignature, m as verifyCompactJsonLd, p as signJsonLd, r as assertSafeJsonLd, s as detachSignature, t as InvalidContextReferenceError, u as hasSignatureLike } from "./ld-BwKhquPx.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "./owner-FD0H_vpj.mjs";
 import { r as normalizeOutgoingActivityJsonLd } from "./outgoing-jsonld-BgFLCJQ_.mjs";
-import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-CSo0S8OK.mjs";
+import { i as verifyObject, n as hasProofLike, r as signObject } from "./proof-V_lafPmA.mjs";
 import { t as getNodeInfo } from "./client-B_A6mfn3.mjs";
 import { t as nodeInfoToJson } from "./types-BFowWFTT.mjs";
-import { n as FederationBuilderImpl, t as ACTOR_ALIAS_PREFIX } from "./builder-ShiR1K6b.mjs";
+import { n as FederationBuilderImpl, t as ACTOR_ALIAS_PREFIX } from "./builder-Bjm1Jq9n.mjs";
 import { t as buildCollectionSynchronizationHeader } from "./collection-CA3V5zyK.mjs";
 import { t as KvKeyCache } from "./keycache-BYMd8q7F.mjs";
 import { t as acceptsJsonLd } from "./negotiation-CDW-_gUU.mjs";
-import { t as createExponentialBackoffPolicy } from "./retry-v_sGLH1d.mjs";
-import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-jzrTV1FU.mjs";
+import { t as hasMalformedKnownTemporalLiteral } from "./temporal-BkmBfs__.mjs";
+import { t as createExponentialBackoffPolicy } from "./retry-_VvV0h9f.mjs";
+import { n as extractInboxes, r as sendActivity, t as SendActivityError } from "./send-Cc2_10tF.mjs";
 import { getLogger, withContext } from "@logtape/logtape";
 import { RouterError } from "@fedify/uri-template";
 import { Activity, Collection, CollectionPage, CryptographicKey, Link, Multikey, Object as Object$1, OrderedCollection, OrderedCollectionPage, Tombstone, getTypeId, lookupObject, traverseCollection } from "@fedify/vocab";
@@ -155,7 +156,7 @@ function handleNodeInfoJrd(_request, context) {
 }
 //#endregion
 //#region src/federation/inbox.ts
-async function routeActivity({ context: ctx, json, activity, recipient, inboxListeners, inboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, meterProvider, tracerProvider, idempotencyStrategy }) {
+async function routeActivity({ context: ctx, json, originalJson, normalizedActivity, ldSignatureVerified, activity, recipient, inboxListeners, inboxContextFactory, listenerInboxContextFactory, inboxErrorHandler, kv, kvPrefixes, queue, span, meterProvider, tracerProvider, idempotencyStrategy }) {
 	const logger = getLogger([
 		"fedify",
 		"federation",
@@ -214,7 +215,9 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 				type: "inbox",
 				id: crypto.randomUUID(),
 				baseUrl: ctx.origin,
-				activity: json,
+				activity: originalJson ?? json,
+				...normalizedActivity == null ? {} : { normalizedActivity },
+				...ldSignatureVerified == null ? {} : { ldSignatureVerified },
 				identifier: recipient,
 				attempt: 0,
 				started: (/* @__PURE__ */ new Date()).toISOString(),
@@ -268,7 +271,8 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 			const activityType = getTypeId(activity).href;
 			const started = performance.now();
 			try {
-				await listener(inboxContextFactory(recipient, json, activity.id?.href, activityType), activity);
+				const contextFactory = listenerInboxContextFactory ?? inboxContextFactory;
+				await listener(contextFactory(recipient, contextFactory === inboxContextFactory ? json : originalJson ?? json, activity.id?.href, activityType), activity);
 			} finally {
 				getFederationMetrics(meterProvider).recordInboxProcessingDuration(activityType, getDurationMs(started));
 			}
@@ -310,6 +314,33 @@ async function routeActivity({ context: ctx, json, activity, recipient, inboxLis
 }
 //#endregion
 //#region src/federation/handler.ts
+const rawInboxContextFactorySymbol = Symbol("fedify.rawInboxContextFactory");
+function isRemoteContextLoadingFailure$1(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError$1(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure$1(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isInvalidJsonLdError(error) {
+	if (!(error instanceof Error)) return false;
+	const name = error.name;
+	return name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError$1(error) || name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure$1(error);
+}
+function isValidationTypeError(error) {
+	return error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
+function isPermanentActivityParseError(error) {
+	return isInvalidJsonLdError(error) || isValidationTypeError(error);
+}
+function hasHttpSignatureHeaders(request) {
+	return request.headers.has("Signature") || request.headers.has("Signature-Input");
+}
+function hasObjectIntegrityProof(json) {
+	return typeof json === "object" && json != null && "proof" in json;
+}
 /**
 * Handles an actor request.
 * @template TContextData The context data to pass to the context.
@@ -381,8 +412,8 @@ async function handleObject(request, { values, context, objectDispatcher, author
 * @param parameters The parameters for handling the collection.
 * @returns A promise that resolves to an HTTP response.
 */
-async function handleCollection(request, { name: name$2, identifier, uriGetter, filter, filterPredicate, context, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
-	const spanName = name$2.trim().replace(/\s+/g, "_");
+async function handleCollection(request, { name: name$1, identifier, uriGetter, filter, filterPredicate, context, collectionCallbacks, tracerProvider, onUnauthorized, onNotFound }) {
+	const spanName = name$1.trim().replace(/\s+/g, "_");
 	tracerProvider = tracerProvider ?? trace.getTracerProvider();
 	const tracer = tracerProvider.getTracer(name, version);
 	const cursor = new URL(request.url).searchParams.get("cursor");
@@ -424,7 +455,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 			collection = new OrderedCollection({
 				id: baseUri,
 				totalItems: totalItems == null ? null : Number(totalItems),
-				items: filterCollectionItems(itemsOrResponse, name$2, filterPredicate)
+				items: filterCollectionItems(itemsOrResponse, name$1, filterPredicate)
 			});
 		} else {
 			const lastCursor = await collectionCallbacks.lastCursor?.(context, identifier);
@@ -445,7 +476,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 	} else {
 		const uri = new URL(baseUri);
 		uri.searchParams.set("cursor", cursor);
-		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name$2}`, {
+		const pageOrResponse = await tracer.startActiveSpan(`activitypub.dispatch_collection_page ${name$1}`, {
 			kind: SpanKind.SERVER,
 			attributes: {
 				"activitypub.collection.id": uri.href,
@@ -489,7 +520,7 @@ async function handleCollection(request, { name: name$2, identifier, uriGetter,
 			id: uri,
 			prev,
 			next,
-			items: filterCollectionItems(items, name$2, filterPredicate),
+			items: filterCollectionItems(items, name$1, filterPredicate),
 			partOf
 		});
 	}
@@ -836,29 +867,105 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 	}
 	const keyCache = new KvKeyCache(kv, kvPrefixes.publicKey, ctx);
-	let ldSigVerified;
-	try {
-		ldSigVerified = await verifyJsonLd(json, {
-			contextLoader: ctx.contextLoader,
-			documentLoader: ctx.documentLoader,
-			keyCache,
-			meterProvider,
-			tracerProvider
+	const jsonWithoutSig = detachSignature(json);
+	const hasLdSignature = hasSignature(json);
+	const canAttemptAlternateAuthAfterLdSignatureFailure = skipSignatureVerification || hasHttpSignatureHeaders(request) || hasObjectIntegrityProof(jsonWithoutSig);
+	let deferredLdSignatureError = void 0;
+	const respondInvalidActivity = async (error) => {
+		logger.error("Failed to parse activity:\n{error}", {
+			recipient,
+			activity: json,
+			error
 		});
-	} catch (error) {
-		if (error instanceof Error && error.name === "jsonld.SyntaxError") {
-			logger.error("Failed to parse JSON-LD:\n{error}", {
+		try {
+			await inboxErrorHandler?.(ctx, error);
+		} catch (error) {
+			logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
+				error,
+				activity: json,
+				recipient
+			});
+		}
+		span.setStatus({
+			code: SpanStatusCode.ERROR,
+			message: `Failed to parse activity:\n${error}`
+		});
+		return new Response("Invalid activity.", {
+			status: 400,
+			headers: { "Content-Type": "text/plain; charset=utf-8" }
+		});
+	};
+	let compactedJson = json;
+	let compactedJsonWithoutSig = jsonWithoutSig;
+	let ldSigVerified = false;
+	if (hasLdSignature) {
+		try {
+			compactedJson = await compactJsonLd(json, ctx.contextLoader);
+		} catch (error) {
+			if (isInvalidJsonLdError(error)) {
+				logger.error("Failed to parse JSON-LD:\n{error}", {
+					recipient,
+					error
+				});
+				return new Response("Invalid JSON-LD.", {
+					status: 400,
+					headers: { "Content-Type": "text/plain; charset=utf-8" }
+				});
+			}
+			if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+			if (!skipSignatureVerification) deferredLdSignatureError = error;
+			logger.debug("Failed to normalize JSON-LD for Linked Data Signatures; deferring to another authentication path only if it verifies:\n{error}", {
 				recipient,
 				error
 			});
-			return new Response("Invalid JSON-LD.", {
-				status: 400,
-				headers: { "Content-Type": "text/plain; charset=utf-8" }
-			});
 		}
-		ldSigVerified = false;
+		if (compactedJson !== json) {
+			compactedJsonWithoutSig = detachSignature(compactedJson);
+			try {
+				ldSigVerified = await verifyCompactJsonLd(compactedJson, {
+					contextLoader: ctx.contextLoader,
+					documentLoader: ctx.documentLoader,
+					keyCache,
+					meterProvider,
+					tracerProvider
+				});
+			} catch (error) {
+				if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+				if (isInvalidJsonLdError(error)) {
+					logger.error("Failed to parse JSON-LD:\n{error}", {
+						recipient,
+						error
+					});
+					return new Response("Invalid JSON-LD.", {
+						status: 400,
+						headers: { "Content-Type": "text/plain; charset=utf-8" }
+					});
+				}
+				if (!canAttemptAlternateAuthAfterLdSignatureFailure) throw error;
+				if (!skipSignatureVerification) try {
+					await Object$1.fromJsonLd(compactedJson, {
+						contextLoader: getNormalizationContextLoader(ctx.contextLoader),
+						documentLoader: ctx.documentLoader,
+						tracerProvider
+					});
+				} catch (parseError) {
+					if (parseError instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(parseError);
+					if (isInvalidJsonLdError(parseError)) {
+						logger.error("Failed to parse JSON-LD:\n{error}", {
+							recipient,
+							error: parseError
+						});
+						return new Response("Invalid JSON-LD.", {
+							status: 400,
+							headers: { "Content-Type": "text/plain; charset=utf-8" }
+						});
+					}
+					deferredLdSignatureError = parseError;
+				}
+				ldSigVerified = false;
+			}
+		}
 	}
-	const jsonWithoutSig = detachSignature(json);
 	let activity = null;
 	let activityVerified = false;
 	if (ldSigVerified) {
@@ -866,7 +973,16 @@ async function handleInboxInternal(request, parameters, span) {
 			recipient,
 			json
 		});
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(compactedJsonWithoutSig, {
+				...ctx,
+				contextLoader: getNormalizationContextLoader(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(compactedJsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 		activityVerified = true;
 	} else {
 		logger.debug("Linked Data Signatures are not verified.", {
@@ -875,13 +991,22 @@ async function handleInboxInternal(request, parameters, span) {
 		});
 		try {
 			activity = await verifyObject(Activity, jsonWithoutSig, {
-				contextLoader: ctx.contextLoader,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader),
 				documentLoader: ctx.documentLoader,
 				keyCache,
 				meterProvider,
 				tracerProvider
 			});
 		} catch (error) {
+			if (error instanceof RangeError && await hasMalformedKnownTemporalLiteral(jsonWithoutSig, ctx.contextLoader)) return await respondInvalidActivity(error);
+			if (deferredLdSignatureError != null) {
+				logger.debug("Object Integrity Proof fallback did not supersede a deferred Linked Data Signature failure:\n{error}", {
+					recipient,
+					error
+				});
+				activity = null;
+			}
+			if (!isPermanentActivityParseError(error)) throw error;
 			logger.error("Failed to parse activity:\n{error}", {
 				recipient,
 				activity: json,
@@ -930,6 +1055,7 @@ async function handleInboxInternal(request, parameters, span) {
 				tracerProvider
 			});
 			if (verification.verified === false) {
+				if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 				const reason = verification.reason;
 				const remoteHost = "keyId" in reason && reason.keyId != null ? getRemoteHost(reason.keyId) : void 0;
 				getFederationMetrics(parameters.meterProvider).recordSignatureVerificationFailure(reason.type, remoteHost);
@@ -1007,7 +1133,15 @@ async function handleInboxInternal(request, parameters, span) {
 			}
 			httpSigKey = verification.key;
 		}
-		activity = await Activity.fromJsonLd(jsonWithoutSig, ctx);
+		try {
+			activity = await Activity.fromJsonLd(jsonWithoutSig, {
+				...ctx,
+				contextLoader: wrapContextLoaderForJsonLd(ctx.contextLoader)
+			});
+		} catch (error) {
+			if (!isPermanentActivityParseError(error)) throw error;
+			return await respondInvalidActivity(error);
+		}
 	}
 	if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
 	span.setAttribute("activitypub.activity.type", getTypeId(activity).href);
@@ -1019,6 +1153,7 @@ async function handleInboxInternal(request, parameters, span) {
 		"http_signatures.key_id": httpSigKey?.id?.href ?? ""
 	});
 	if (httpSigKey != null && !await doesActorOwnKey(activity, httpSigKey, ctx)) {
+		if (deferredLdSignatureError != null) throw deferredLdSignatureError;
 		getFederationMetrics(parameters.meterProvider).recordSignatureVerificationFailure("actorKeyMismatch", httpSigKey.id == null ? void 0 : getRemoteHost(httpSigKey.id));
 		logger.error("The signer ({keyId}) and the actor ({actorId}) do not match.", {
 			activity: json,
@@ -1045,10 +1180,14 @@ async function handleInboxInternal(request, parameters, span) {
 	const routeResult = await routeActivity({
 		context: ctx,
 		json,
+		originalJson: json,
+		normalizedActivity: hasLdSignature && compactedJson !== json ? compactedJson : void 0,
+		ldSignatureVerified: hasLdSignature ? ldSigVerified : void 0,
 		activity,
 		recipient,
 		inboxListeners,
 		inboxContextFactory,
+		listenerInboxContextFactory: ldSigVerified ? inboxContextFactory[rawInboxContextFactorySymbol] : void 0,
 		inboxErrorHandler,
 		kv,
 		kvPrefixes,
@@ -1175,8 +1314,8 @@ var CustomCollectionHandler = class {
 	* @param CollectionPage The CollectionPage constructor.
 	* @param filterPredicate Optional filter predicate for items.
 	*/
-	constructor(name$1, values, context, callbacks, tracerProvider = trace.getTracerProvider(), Collection, CollectionPage, filterPredicate) {
-		this.name = name$1;
+	constructor(name$2, values, context, callbacks, tracerProvider = trace.getTracerProvider(), Collection, CollectionPage, filterPredicate) {
+		this.name = name$2;
 		this.values = values;
 		this.context = context;
 		this.callbacks = callbacks;
@@ -1773,6 +1912,18 @@ async function handleWebFingerInternal(request, { context, host, actorDispatcher
 }
 //#endregion
 //#region src/federation/middleware.ts
+function isRemoteContextLoadingFailure(error) {
+	return error instanceof Error && typeof error.details === "object" && error.details != null && error.details.code === "loading remote context failed";
+}
+function isPermanentRemoteContextError(error) {
+	if (!(error instanceof Error) || error.name !== "jsonld.InvalidUrl") return false;
+	const details = error.details;
+	if (details?.code === "invalid remote context") return true;
+	return isRemoteContextLoadingFailure(error) && typeof details?.url === "string" && !URL.canParse(details.url) && isClearlyMalformedContextReference(details.url);
+}
+function isPermanentInboxParseError(error) {
+	return error instanceof Error && (error.name === "UnsafeJsonLdError" || error instanceof InvalidContextReferenceError || isPermanentRemoteContextError(error) || error.name === "jsonld.SyntaxError" && !isRemoteContextLoadingFailure(error)) || error instanceof TypeError && (/^(Invalid JSON-LD:|Invalid type:|Unexpected type:)/.test(error.message) || isInvalidUrlTypeError(error));
+}
 /**
 * Create a new {@link Federation} instance.
 * @param parameters Parameters for initializing the instance.
@@ -2275,78 +2426,37 @@ var FederationImpl = class extends FederationBuilderImpl {
 			const identity = await this.sharedInboxKeyDispatcher(context);
 			if (identity != null) context = this.#createContext(baseUrl, ctxData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 		}
-		const activity = await Activity.fromJsonLd(message.activity, context);
-		const activityType = getTypeId(activity).href;
-		span.setAttribute("activitypub.activity.type", activityType);
-		onActivityType?.(activityType);
-		if (activity.id != null) span.setAttribute("activitypub.activity.id", activity.id.href);
-		const cacheKey = activity.id == null ? null : [
-			...this.kvPrefixes.activityIdempotence,
-			context.origin,
-			activity.id.href
-		];
-		if (cacheKey != null) {
-			if (await this.kv.get(cacheKey) === true) {
-				logger.debug("Activity {activityId} has already been processed.", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier
-				});
-				recordInboxActivity(this.meterProvider, "rejected", activityType);
-				return;
-			}
-		}
-		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (span) => {
-			const dispatched = this.inboxListeners?.dispatchWithClass(activity);
-			if (dispatched == null) {
-				logger.error("Unsupported activity type:\n{activity}", {
-					activityId: activity.id?.href,
-					activity: message.activity,
-					recipient: message.identifier,
-					trial: message.attempt
-				});
-				span.setStatus({
-					code: SpanStatusCode.ERROR,
-					message: `Unsupported activity type: ${activityType}`
-				});
-				recordInboxActivity(this.meterProvider, "rejected", activityType);
-				span.end();
-				return;
-			}
-			const { class: cls, listener } = dispatched;
-			span.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
-			try {
-				const started = performance.now();
-				try {
-					await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, activityType), activity);
-				} finally {
-					getFederationMetrics(this.meterProvider).recordInboxProcessingDuration(activityType, getDurationMs(started));
-				}
-				recordInboxActivity(this.meterProvider, "processed", activityType);
-			} catch (error) {
+		await this._getTracer().startActiveSpan("activitypub.dispatch_inbox_listener", { kind: SpanKind.INTERNAL }, async (listenerSpan) => {
+			let activity = null;
+			let cacheKey = null;
+			let activityType;
+			const reportInboxError = async (error) => {
 				try {
 					await this.inboxErrorHandler?.(context, error);
 				} catch (error) {
 					logger.error("An unexpected error occurred in inbox error handler:\n{error}", {
 						error,
 						trial: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
 				}
+			};
+			const handleRetriableFailure = async (error) => {
+				await reportInboxError(error);
 				if (this.inboxQueue?.nativeRetrial) {
 					logger.error("Failed to process the incoming activity {activityId}; backend will handle retry:\n{error}", {
 						error,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
-					span.setStatus({
+					listenerSpan.setStatus({
 						code: SpanStatusCode.ERROR,
 						message: String(error)
 					});
-					span.end();
+					listenerSpan.end();
 					throw error;
 				}
 				const delay = this.inboxRetryPolicy({
@@ -2357,20 +2467,27 @@ var FederationImpl = class extends FederationBuilderImpl {
 					logger.error("Failed to process the incoming activity {activityId} (attempt #{attempt}); retry...:\n{error}", {
 						error,
 						attempt: message.attempt,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
+					if (this.inboxQueue == null) {
+						listenerSpan.setStatus({
+							code: SpanStatusCode.ERROR,
+							message: String(error)
+						});
+						listenerSpan.end();
+						throw error;
+					}
 					const retryMessage = {
 						...message,
 						attempt: message.attempt + 1
 					};
-					const { inboxQueue } = this;
-					if (inboxQueue != null) {
-						await inboxQueue.enqueue(retryMessage, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+					await this.inboxQueue.enqueue(retryMessage, { delay: Temporal.Duration.compare(delay, { seconds: 0 }) < 0 ? Temporal.Duration.from({ seconds: 0 }) : delay });
+					if (activityType != null) {
 						getFederationMetrics(this.meterProvider).recordQueueTaskEnqueued({
 							role: "inbox",
-							queue: inboxQueue,
+							queue: this.inboxQueue,
 							activityType
 						}, retryMessage.attempt);
 						recordInboxActivity(this.meterProvider, "retried", activityType);
@@ -2378,26 +2495,137 @@ var FederationImpl = class extends FederationBuilderImpl {
 				} else {
 					logger.error("Failed to process the incoming activity {activityId} after {trial} attempts; giving up:\n{error}", {
 						error,
-						activityId: activity.id?.href,
+						activityId: activity?.id?.href,
 						activity: message.activity,
 						recipient: message.identifier
 					});
-					recordInboxActivity(this.meterProvider, "abandoned", activityType);
+					if (activityType != null) recordInboxActivity(this.meterProvider, "abandoned", activityType);
 				}
-				span.setStatus({
+				listenerSpan.setStatus({
 					code: SpanStatusCode.ERROR,
 					message: String(error)
 				});
-				span.end();
+				listenerSpan.end();
+			};
+			let dispatched;
+			let parseInput = void 0;
+			let parseContextLoader = context.contextLoader;
+			try {
+				const hasSignatureField = hasSignature(message.activity);
+				const shouldParseFromNormalizedSignedPayload = message.ldSignatureVerified === true || message.normalizedActivity != null || message.ldSignatureVerified == null && hasSignatureField;
+				const parseContext = hasSignatureField ? {
+					...context,
+					contextLoader: getNormalizationContextLoader(context.contextLoader)
+				} : {
+					...context,
+					contextLoader: wrapContextLoaderForJsonLd(context.contextLoader)
+				};
+				parseContextLoader = parseContext.contextLoader;
+				let normalizedActivity;
+				if (shouldParseFromNormalizedSignedPayload) {
+					normalizedActivity = message.normalizedActivity ?? await compactJsonLd(message.activity, context.contextLoader);
+					assertSafeJsonLd(normalizedActivity);
+				}
+				parseInput = shouldParseFromNormalizedSignedPayload ? detachSignature(normalizedActivity) : hasSignatureField ? detachSignature(message.activity) : message.activity;
+				activity = await Activity.fromJsonLd(parseInput, parseContext);
+				activityType = getTypeId(activity).href;
+				span.setAttribute("activitypub.activity.type", activityType);
+				listenerSpan.setAttribute("activitypub.activity.type", activityType);
+				onActivityType?.(activityType);
+				if (activity.id != null) {
+					span.setAttribute("activitypub.activity.id", activity.id.href);
+					listenerSpan.setAttribute("activitypub.activity.id", activity.id.href);
+				}
+				cacheKey = activity.id == null ? null : [
+					...this.kvPrefixes.activityIdempotence,
+					context.origin,
+					activity.id.href
+				];
+				if (cacheKey != null) {
+					if (await this.kv.get(cacheKey) === true) {
+						logger.debug("Activity {activityId} has already been processed.", {
+							activityId: activity.id?.href,
+							activity: message.activity,
+							recipient: message.identifier
+						});
+						recordInboxActivity(this.meterProvider, "rejected", activityType);
+						listenerSpan.end();
+						return;
+					}
+				}
+				dispatched = this.inboxListeners?.dispatchWithClass(activity);
+			} catch (error) {
+				if (activity == null && error instanceof RangeError && await hasMalformedKnownTemporalLiteral(parseInput, parseContextLoader)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: null,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					listenerSpan.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					listenerSpan.end();
+					return;
+				}
+				if (isPermanentInboxParseError(error)) {
+					await reportInboxError(error);
+					logger.error("Failed to parse the queued incoming activity {activityId}:\n{error}", {
+						error,
+						trial: message.attempt,
+						activityId: activity?.id?.href,
+						activity: message.activity,
+						recipient: message.identifier
+					});
+					listenerSpan.setStatus({
+						code: SpanStatusCode.ERROR,
+						message: String(error)
+					});
+					listenerSpan.end();
+					return;
+				}
+				await handleRetriableFailure(error);
+				return;
+			}
+			if (dispatched == null) {
+				logger.error("Unsupported activity type:\n{activity}", {
+					activityId: activity.id?.href,
+					activity: message.activity,
+					recipient: message.identifier,
+					trial: message.attempt
+				});
+				listenerSpan.setStatus({
+					code: SpanStatusCode.ERROR,
+					message: `Unsupported activity type: ${activityType}`
+				});
+				recordInboxActivity(this.meterProvider, "rejected", activityType);
+				listenerSpan.end();
+				return;
+			}
+			const { class: cls, listener } = dispatched;
+			listenerSpan.updateName(`activitypub.dispatch_inbox_listener ${cls.name}`);
+			try {
+				const started = performance.now();
+				try {
+					await listener(context.toInboxContext(message.identifier, message.activity, activity.id?.href, activityType), activity);
+				} finally {
+					getFederationMetrics(this.meterProvider).recordInboxProcessingDuration(activityType, getDurationMs(started));
+				}
+				recordInboxActivity(this.meterProvider, "processed", activityType);
+			} catch (error) {
+				await handleRetriableFailure(error);
 				return;
 			}
 			if (cacheKey != null) await this.kv.set(cacheKey, true, { ttl: Temporal.Duration.from({ days: 1 }) });
 			logger.info("Activity {activityId} has been processed.", {
-				activityId: activity.id?.href,
+				activityId: activity?.id?.href,
 				activity: message.activity,
 				recipient: message.identifier
 			});
-			span.end();
+			listenerSpan.end();
 		});
 	}
 	startQueue(contextData, options = {}) {
@@ -2778,16 +3006,18 @@ var FederationImpl = class extends FederationBuilderImpl {
 					onNotFound
 				});
 				context = this.#createContext(request, contextData, { documentLoader: await context.getDocumentLoader({ identifier: route.values.identifier }) });
-			case "sharedInbox":
+			case "sharedInbox": {
 				if (routeName !== "inbox" && this.sharedInboxKeyDispatcher != null) {
 					const identity = await this.sharedInboxKeyDispatcher(context);
 					if (identity != null) context = this.#createContext(request, contextData, { documentLoader: "identifier" in identity || "username" in identity ? await context.getDocumentLoader(identity) : context.getDocumentLoader(identity) });
 				}
 				if (!this.manuallyStartQueue) this._startQueueInternal(contextData);
+				const inboxContextFactory = context.toInboxContext.bind(context);
+				inboxContextFactory[rawInboxContextFactorySymbol] = context.toInboxContext.bind(context);
 				return await handleInbox(request, {
 					recipient: route.values.identifier ?? null,
 					context,
-					inboxContextFactory: context.toInboxContext.bind(context),
+					inboxContextFactory,
 					kv: this.kv,
 					kvPrefixes: this.kvPrefixes,
 					queue: this.inboxQueue,
@@ -2803,6 +3033,7 @@ var FederationImpl = class extends FederationBuilderImpl {
 					tracerProvider: this.tracerProvider,
 					idempotencyStrategy: this.idempotencyStrategy
 				});
+			}
 			case "following": return await handleCollection(request, {
 				name: "following",
 				identifier: route.values.identifier,
@@ -3536,6 +3767,7 @@ var ContextImpl = class ContextImpl {
 		const routeResult = await routeActivity({
 			context: this,
 			json,
+			ldSignatureVerified: false,
 			activity,
 			recipient,
 			inboxListeners: this.federation.inboxListeners,
@@ -3824,6 +4056,14 @@ async function forwardActivityInternal(ctx, loggerCategory, forwarder, recipient
 }
 var InboxContextImpl = class InboxContextImpl extends ContextImpl {
 	recipient;
+	/**
+	* The original received activity payload.
+	*
+	* Fedify may normalize a Linked Data Signature payload internally for safe
+	* parsing, but forwarding must keep the sender's payload unchanged so
+	* third-party signatures/proofs remain intact.
+	* @internal
+	*/
 	activity;
 	activityId;
 	activityType;