@rmdes/indiekit-endpoint-activitypub 3.9.4 → 3.10.1

package/README.md

@@ -1,6 +1,6 @@
 # @rmdes/indiekit-endpoint-activitypub
 
-ActivityPub federation endpoint for [Indiekit](https://getindiekit.com), built on [Fedify](https://fedify.dev) 2.0. Makes your IndieWeb site a full fediverse actor — discoverable, followable, and interactive from Mastodon, Misskey, Pixelfed, and any ActivityPub-compatible platform. Includes a Mastodon-compatible Client API so you can use Phanpy, Elk, Moshidon, Fedilab, and other Mastodon clients with your own AP instance.
+ActivityPub federation endpoint for [Indiekit](https://getindiekit.com), built on [Fedify](https://fedify.dev) 2.1. Makes your IndieWeb site a full fediverse actor — discoverable, followable, and interactive from Mastodon, Misskey, Pixelfed, and any ActivityPub-compatible platform. Includes a Mastodon-compatible Client API so you can use Phanpy, Elk, Moshidon, Fedilab, and other Mastodon clients with your own AP instance.
 
 ## Features
 
@@ -109,10 +109,39 @@ ActivityPub federation endpoint for [Indiekit](https://getindiekit.com), built o
 - Follower and following lists with source tracking
 - Federation management page with moderation overview (blocked servers, blocked accounts, muted)
 
+**Standards Compliance**
+
+Core protocols and Fediverse Enhancement Proposals (FEPs) supported:
+
+| Standard | Name | Status | Provider |
+|----------|------|--------|----------|
+| [ActivityPub](https://www.w3.org/TR/activitypub/) | W3C ActivityPub | Full (server-to-server) | Fedify 2.1 |
+| [ActivityStreams 2.0](https://www.w3.org/TR/activitystreams-core/) | W3C Activity Streams | Full | Fedify 2.1 |
+| [HTTP Signatures](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures) | draft-cavage HTTP Signatures | Full | Fedify 2.1 |
+| [RFC 9421](https://www.rfc-editor.org/rfc/rfc9421) | HTTP Message Signatures | Full (with Accept-Signature negotiation) | Fedify 2.1 |
+| [WebFinger](https://www.rfc-editor.org/rfc/rfc7033) | RFC 7033 WebFinger | Full | Fedify 2.1 |
+| [NodeInfo 2.1](https://nodeinfo.diaspora.software/) | Server metadata discovery | Full (enriched) | Plugin |
+| [FEP-8b32](https://w3id.org/fep/8b32) | Object Integrity Proofs (Ed25519) | Full | Fedify 2.1 |
+| [FEP-521a](https://w3id.org/fep/521a) | Multiple key pairs (Multikey) | Full | Fedify 2.1 |
+| [FEP-fe34](https://w3id.org/fep/fe34) | Origin-based security model | Full | Fedify 2.1 + Plugin |
+| [FEP-8fcf](https://w3id.org/fep/8fcf) | Followers collection synchronization | Outbound only | Fedify 2.1 |
+| [FEP-5feb](https://w3id.org/fep/5feb) | Search indexing consent | Full (`indexable`, `discoverable`) | Plugin |
+| [FEP-f1d5](https://w3id.org/fep/f1d5) | Enhanced NodeInfo 2.1 | Full (metadata, staff accounts) | Plugin |
+| [FEP-4f05](https://w3id.org/fep/4f05) | Soft delete with Tombstone | Full (410 + Tombstone JSON-LD) | Plugin |
+| [FEP-3b86](https://w3id.org/fep/3b86) | Activity Intents | Full (Follow, Create, Like, Announce) | Plugin |
+| [FEP-044f](https://w3id.org/fep/044f) | Quote posts | Full (Mastodon, Misskey, Fedibird formats) | Fedify 2.1 + Plugin |
+| [FEP-c0e0](https://w3id.org/fep/c0e0) | Emoji reactions (EmojiReact) | Vocab support (no UI) | Fedify 2.1 |
+| [FEP-5711](https://w3id.org/fep/5711) | Conversation threads | Vocab support | Fedify 2.1 |
+| [Linked Data Signatures](https://w3c-dvcg.github.io/ld-signatures/) | RsaSignature2017 (legacy) | Full (outbound signing) | Fedify 2.1 |
+
+**Status key:** *Full* = complete implementation, *Outbound only* = sending side only, *Vocab support* = types available but no dedicated UI/logic.
+
+**Provider key:** *Fedify 2.1* = handled by the Fedify framework, *Plugin* = implemented in this plugin, *Fedify 2.1 + Plugin* = framework provides primitives, plugin wires them together.
+
 ## Requirements
 
 - [Indiekit](https://getindiekit.com) v1.0.0-beta.25+
-- [Fedify](https://fedify.dev) 2.0+ (bundled as dependency)
+- [Fedify](https://fedify.dev) 2.1+ (bundled as dependency)
 - Node.js >= 22
 - MongoDB (used by Indiekit)
 - Redis (recommended for production delivery queue; in-process queue available for development)
@@ -322,6 +351,7 @@ The plugin creates these collections automatically:
 | `ap_blocked_servers` | Blocked server domains (instance-level blocks) |
 | `ap_key_freshness` | Tracks when remote actor keys were last verified |
 | `ap_inbox_queue` | Persistent async inbox processing queue |
+| `ap_tombstones` | Tombstone records for soft-deleted posts (FEP-4f05) |
 | `ap_oauth_apps` | Mastodon API client app registrations |
 | `ap_oauth_tokens` | OAuth2 authorization codes and access tokens |
 | `ap_markers` | Read position markers for Mastodon API clients |
@@ -342,7 +372,7 @@ Categories are converted to `Hashtag` tags. Bookmarks include a bookmark emoji a
 
 ## Fedify Workarounds and Implementation Notes
 
-This plugin uses [Fedify](https://fedify.dev) 2.0 but carries several workarounds for issues in Fedify or its Express integration. These are documented here so they can be revisited when Fedify upgrades.
+This plugin uses [Fedify](https://fedify.dev) 2.1 but carries several workarounds for issues in Fedify or its Express integration. These are documented here so they can be revisited when Fedify upgrades.
 
 ### Custom Express Bridge (instead of `@fedify/express`)
 
@@ -364,14 +394,11 @@ Mastodon's `update_account_fields` checks `attachment.is_a?(Array)` and silently
 
 **Revisit when:** Fedify adds an option to preserve arrays during JSON-LD serialization, or Mastodon fixes their array check.
 
-### Endpoints `as:Endpoints` Type Stripping
+### Endpoints `as:Endpoints` Type Stripping — REMOVED
 
-**File:** `lib/federation-bridge.js` (in `sendFedifyResponse()`)
 **Upstream issue:** [fedify#576](https://github.com/fedify-dev/fedify/issues/576) — FIXED in Fedify 2.1.0
 
-Fedify serializes the `endpoints` object with `"type": "as:Endpoints"`, which is not a valid ActivityStreams type. browser.pub rejects this. The bridge strips the `type` field from the `endpoints` object before sending.
-
-**Remove when:** Upgrading to Fedify ≥ 2.1.0.
+This workaround has been removed. Fedify 2.1.0 now omits the invalid `"type": "as:Endpoints"` from serialized actor JSON.
 
 ### PropertyValue Attachment Type (Known Issue)
 

package/index.js

@@ -435,6 +435,20 @@ export default class ActivityPubEndpoint {
         });
 
         if (!post || post.properties?.deleted) {
+          // FEP-4f05: Serve Tombstone for deleted posts
+          const { getTombstone } = await import("./lib/storage/tombstones.js");
+          const tombstone = await getTombstone(self._collections, requestUrl);
+          if (tombstone) {
+            res.status(410).set("Content-Type", "application/activity+json").json({
+              "@context": "https://www.w3.org/ns/activitystreams",
+              type: "Tombstone",
+              id: requestUrl,
+              formerType: tombstone.formerType,
+              published: tombstone.published || undefined,
+              deleted: tombstone.deleted,
+            });
+            return;
+          }
           return next();
         }
 
@@ -811,6 +825,21 @@ export default class ActivityPubEndpoint {
    * @param {string} url - Full URL of the deleted post
    */
   async delete(url) {
+    // Record tombstone for FEP-4f05
+    try {
+      const { addTombstone } = await import("./lib/storage/tombstones.js");
+      const postsCol = this._collections.posts;
+      const post = postsCol ? await postsCol.findOne({ "properties.url": url }) : null;
+      await addTombstone(this._collections, {
+        url,
+        formerType: post?.properties?.["post-type"] === "article" ? "Article" : "Note",
+        published: post?.properties?.published || null,
+        deleted: new Date().toISOString(),
+      });
+    } catch (error) {
+      console.warn(`[ActivityPub] Tombstone creation failed for ${url}: ${error.message}`);
+    }
+
     await this.broadcastDelete(url).catch((err) =>
       console.warn(`[ActivityPub] broadcastDelete failed for ${url}: ${err.message}`)
     );
@@ -927,6 +956,8 @@ export default class ActivityPubEndpoint {
     Indiekit.addCollection("ap_oauth_apps");
     Indiekit.addCollection("ap_oauth_tokens");
     Indiekit.addCollection("ap_markers");
+    // Tombstones for soft-deleted posts (FEP-4f05)
+    Indiekit.addCollection("ap_tombstones");
 
     // Store collection references (posts resolved lazily)
     const indiekitCollections = Indiekit.collections;
@@ -964,6 +995,7 @@ export default class ActivityPubEndpoint {
       ap_oauth_apps: indiekitCollections.get("ap_oauth_apps"),
       ap_oauth_tokens: indiekitCollections.get("ap_oauth_tokens"),
       ap_markers: indiekitCollections.get("ap_markers"),
+      ap_tombstones: indiekitCollections.get("ap_tombstones"),
       get posts() {
         return indiekitCollections.get("posts");
       },

package/lib/controllers/authorize-interaction.js

@@ -2,18 +2,21 @@
  * Authorize Interaction controller — handles the remote follow / authorize
  * interaction flow for ActivityPub federation.
  *
- * When a remote server (WordPress AP, Misskey, etc.) discovers our WebFinger
- * subscribe template, it redirects the user here with ?uri={actorOrPostUrl}.
+ * Supports:
+ * - OStatus subscribe template (legacy remote follow via ?uri=...)
+ * - FEP-3b86 Activity Intents (via ?uri=...&intent=follow|create|like|announce)
  *
  * Flow:
  * 1. Missing uri → render error page
  * 2. Unauthenticated → redirect to login, then back here
- * 3. Authenticated → redirect to the reader's remote profile page
+ * 3. Authenticated → route to appropriate page based on intent
  */
 
 export function authorizeInteractionController(plugin) {
   return async (req, res) => {
     const uri = req.query.uri || req.query.acct;
+    const intent = req.query.intent || "";
+
     if (!uri) {
       return res.status(400).render("activitypub-authorize-interaction", {
         title: "Authorize Interaction",
@@ -29,17 +32,28 @@ export function authorizeInteractionController(plugin) {
     // then back to this page after auth
     const session = req.session;
     if (!session?.access_token) {
-      const returnUrl = `${plugin.options.mountPath}/authorize_interaction?uri=${encodeURIComponent(uri)}`;
+      const params = `uri=${encodeURIComponent(uri)}${intent ? `&intent=${intent}` : ""}`;
+      const returnUrl = `${plugin.options.mountPath}/authorize_interaction?${params}`;
       return res.redirect(
         `/session/login?redirect=${encodeURIComponent(returnUrl)}`,
       );
     }
 
-    // Authenticated — redirect to the remote profile viewer in our reader
-    // which already has follow/unfollow/like/boost functionality
+    const mp = plugin.options.mountPath;
     const encodedUrl = encodeURIComponent(resource);
-    return res.redirect(
-      `${plugin.options.mountPath}/admin/reader/profile?url=${encodedUrl}`,
-    );
+
+    // Route based on intent (FEP-3b86)
+    switch (intent) {
+      case "follow":
+        return res.redirect(`${mp}/admin/reader/profile?url=${encodedUrl}`);
+      case "create":
+        return res.redirect(`${mp}/admin/reader/compose?replyTo=${encodedUrl}`);
+      case "like":
+      case "announce":
+        return res.redirect(`${mp}/admin/reader/post?url=${encodedUrl}`);
+      default:
+        // Default: resolve to remote profile page
+        return res.redirect(`${mp}/admin/reader/profile?url=${encodedUrl}`);
+    }
   };
 }

package/lib/federation-bridge.js

@@ -89,12 +89,6 @@ async function sendFedifyResponse(res, response, request) {
       if (json.attachment && !Array.isArray(json.attachment)) {
         json.attachment = [json.attachment];
       }
-      // WORKAROUND: Fedify serializes endpoints with "type": "as:Endpoints"
-      // which is not a valid AS2 type. The endpoints object should be a plain
-      // object with just sharedInbox/proxyUrl etc. Strip the invalid type.
-      if (json.endpoints && json.endpoints.type) {
-        delete json.endpoints.type;
-      }
       const patched = JSON.stringify(json);
       res.setHeader("content-length", Buffer.byteLength(patched));
       res.end(patched);

package/lib/federation-setup.js

@@ -286,10 +286,48 @@ export function setupFederation(options) {
   // Add OStatus subscribe template so remote servers (WordPress AP, Misskey, etc.)
   // can redirect users to our authorize_interaction page for remote follow.
   federation.setWebFingerLinksDispatcher((_ctx, _resource) => {
+    const interactionBase = `${publicationUrl}${mountPath.replace(/^\//, "")}/authorize_interaction`;
     return [
+      // OStatus subscribe template (legacy remote follow)
       {
         rel: "http://ostatus.org/schema/1.0/subscribe",
-        template: `${publicationUrl}${mountPath.replace(/^\//, "")}/authorize_interaction?uri={uri}`,
+        template: `${interactionBase}?uri={uri}`,
+      },
+      // FEP-3b86 Activity Intents — Follow
+      {
+        rel: "https://w3id.org/fep/3b86",
+        template: `${interactionBase}?uri={uri}&intent=follow`,
+        properties: {
+          "https://w3id.org/fep/3b86#intent":
+            "https://www.w3.org/ns/activitystreams#Follow",
+        },
+      },
+      // FEP-3b86 Activity Intents — Create (reply)
+      {
+        rel: "https://w3id.org/fep/3b86",
+        template: `${interactionBase}?uri={uri}&intent=create`,
+        properties: {
+          "https://w3id.org/fep/3b86#intent":
+            "https://www.w3.org/ns/activitystreams#Create",
+        },
+      },
+      // FEP-3b86 Activity Intents — Like
+      {
+        rel: "https://w3id.org/fep/3b86",
+        template: `${interactionBase}?uri={uri}&intent=like`,
+        properties: {
+          "https://w3id.org/fep/3b86#intent":
+            "https://www.w3.org/ns/activitystreams#Like",
+        },
+      },
+      // FEP-3b86 Activity Intents — Announce (boost)
+      {
+        rel: "https://w3id.org/fep/3b86",
+        template: `${interactionBase}?uri={uri}&intent=announce`,
+        properties: {
+          "https://w3id.org/fep/3b86#intent":
+            "https://www.w3.org/ns/activitystreams#Announce",
+        },
       },
     ];
   });
@@ -305,6 +343,43 @@ export function setupFederation(options) {
     storeRawActivities,
   });
 
+  // Handle Delete activities from actors whose signing keys are gone.
+  // When an account is deleted, the remote server sends Delete but the
+  // actor's key endpoint returns 404/410, so signature verification fails.
+  // Fedify 2.1.0 lets us inspect these instead of auto-rejecting.
+  inboxChain
+    .onUnverifiedActivity(async (_ctx, activity, reason) => {
+      // Handle Delete activities from actors whose signing keys are gone.
+      // When an account is deleted, the remote server sends Delete but the
+      // actor's key endpoint returns 404/410, so signature verification fails.
+      // Fedify 2.1.0 lets us inspect these instead of auto-rejecting.
+      if (reason.type === "keyFetchError") {
+        const status = reason.result?.status;
+        if (status === 404 || status === 410) {
+          const actorId = activity.actorId?.href;
+          if (actorId) {
+            const activityType = activity.constructor?.name || "";
+            if (activityType === "Delete") {
+              console.info(
+                `[ActivityPub] Processing unverified Delete from ${actorId} (key ${status})`,
+              );
+              try {
+                await collections.ap_followers.deleteOne({ actorUrl: actorId });
+                await collections.ap_timeline.deleteMany({ "author.url": actorId });
+                await collections.ap_notifications.deleteMany({ actorUrl: actorId });
+                console.info(`[ActivityPub] Cleaned up data for deleted actor ${actorId}`);
+              } catch (error) {
+                console.warn(`[ActivityPub] Cleanup for ${actorId} failed: ${error.message}`);
+              }
+              return new Response(null, { status: 202 });
+            }
+          }
+        }
+      }
+      // All other unverified activities: return null for default 401
+      return null;
+    });
+
   // Enable authenticated fetches for the shared inbox.
   // Without this, Fedify can't verify incoming HTTP Signatures from servers
   // that require authorized fetch (e.g. hachyderm.io returns 401 on unsigned GETs).
@@ -337,17 +412,33 @@ export function setupFederation(options) {
       ? await collections.posts.countDocuments()
       : 0;
 
+    const profile = await getProfile(collections);
+
     return {
       software: {
         name: "indiekit",
         version: softwareVersion,
+        repository: new URL("https://github.com/getindiekit/indiekit"),
+        homepage: new URL("https://getindiekit.com"),
       },
       protocols: ["activitypub"],
+      services: {
+        inbound: [],
+        outbound: [],
+      },
+      openRegistrations: false,
       usage: {
         users: { total: 1, activeMonth: 1, activeHalfyear: 1 },
         localPosts: postsCount,
         localComments: 0,
       },
+      metadata: {
+        nodeName: profile.name || handle,
+        nodeDescription: profile.summary || "",
+        staffAccounts: [
+          `${publicationUrl}${mountPath.replace(/^\//, "")}/users/${handle}`,
+        ],
+      },
     };
   });
 
@@ -740,6 +831,8 @@ export async function buildPersonActor(
     featuredTags: ctx.getFeaturedTagsUri(identifier),
     endpoints: new Endpoints({ sharedInbox: ctx.getInboxUri() }),
     manuallyApprovesFollowers: profile.manuallyApprovesFollowers || false,
+    indexable: true,
+    discoverable: true,
   };
 
   if (profile.summary) {

package/lib/init-indexes.js

@@ -244,6 +244,12 @@ export function createIndexes(collections, options) {
       { userId: 1, timeline: 1 },
       { unique: true, background: true },
     );
+
+    // Tombstone indexes (FEP-4f05)
+    collections.ap_tombstones?.createIndex(
+      { url: 1 },
+      { unique: true, background: true },
+    );
   } catch {
     // Index creation failed — collections not yet available.
     // Indexes already exist from previous startups; non-fatal.

package/lib/storage/tombstones.js

@@ -0,0 +1,52 @@
+/**
+ * Tombstone storage for soft-deleted posts (FEP-4f05).
+ * When a post is deleted, a tombstone record is created so remote servers
+ * fetching the URL get a proper Tombstone response instead of 404.
+ * @module storage/tombstones
+ */
+
+/**
+ * Record a tombstone for a deleted post.
+ * @param {object} collections - MongoDB collections
+ * @param {object} data - { url, formerType, published, deleted }
+ */
+export async function addTombstone(collections, { url, formerType, published, deleted }) {
+  const { ap_tombstones } = collections;
+  if (!ap_tombstones) return;
+
+  await ap_tombstones.updateOne(
+    { url },
+    {
+      $set: {
+        url,
+        formerType: formerType || "Note",
+        published: published || null,
+        deleted: deleted || new Date().toISOString(),
+      },
+    },
+    { upsert: true },
+  );
+}
+
+/**
+ * Remove a tombstone (post re-published).
+ * @param {object} collections - MongoDB collections
+ * @param {string} url - Post URL
+ */
+export async function removeTombstone(collections, url) {
+  const { ap_tombstones } = collections;
+  if (!ap_tombstones) return;
+  await ap_tombstones.deleteOne({ url });
+}
+
+/**
+ * Look up a tombstone by URL.
+ * @param {object} collections - MongoDB collections
+ * @param {string} url - Post URL
+ * @returns {Promise<object|null>} Tombstone record or null
+ */
+export async function getTombstone(collections, url) {
+  const { ap_tombstones } = collections;
+  if (!ap_tombstones) return null;
+  return ap_tombstones.findOne({ url });
+}

package/lib/syndicator.js

@@ -8,6 +8,7 @@ import {
 } from "./jf2-to-as2.js";
 import { lookupWithSecurity } from "./lookup-helpers.js";
 import { logActivity } from "./activity-log.js";
+import { addTimelineItem } from "./storage/timeline.js";
 
 /**
  * Create the ActivityPub syndicator object.
@@ -219,6 +220,54 @@ export function createSyndicator(plugin) {
           `[ActivityPub] Syndication queued: ${typeName} for ${properties.url}${replyNote}`,
         );
 
+        // Add own post to ap_timeline so it appears in Mastodon Client API
+        // timelines (Phanpy/Moshidon). Uses $setOnInsert — idempotent.
+        try {
+          const profile = await plugin._collections.ap_profile?.findOne({});
+          const content = normalizeContent(properties.content);
+          const timelineItem = {
+            uid: properties.url,
+            url: properties.url,
+            type: mapPostType(properties["post-type"]),
+            content,
+            author: {
+              name: profile?.name || handle,
+              url: profile?.url || plugin._publicationUrl,
+              photo: profile?.icon || "",
+              handle: `@${handle}`,
+              emojis: [],
+              bot: false,
+            },
+            published: properties.published || new Date().toISOString(),
+            createdAt: new Date().toISOString(),
+            visibility: properties.visibility || "public",
+            sensitive: properties.sensitive === "true",
+            category: Array.isArray(properties.category)
+              ? properties.category
+              : properties.category ? [properties.category] : [],
+            photo: normalizeMedia(properties.photo, plugin._publicationUrl),
+            video: normalizeMedia(properties.video, plugin._publicationUrl),
+            audio: normalizeMedia(properties.audio, plugin._publicationUrl),
+            counts: { replies: 0, boosts: 0, likes: 0 },
+          };
+          if (properties.name) timelineItem.name = properties.name;
+          if (properties.summary) timelineItem.summary = properties.summary;
+          if (properties["content-warning"]) {
+            timelineItem.summary = properties["content-warning"];
+            timelineItem.sensitive = true;
+          }
+          if (properties["in-reply-to"]) {
+            timelineItem.inReplyTo = Array.isArray(properties["in-reply-to"])
+              ? properties["in-reply-to"][0]
+              : properties["in-reply-to"];
+          }
+          await addTimelineItem(plugin._collections, timelineItem);
+        } catch (tlError) {
+          console.warn(
+            `[ActivityPub] Failed to add own post to timeline: ${tlError.message}`,
+          );
+        }
+
         return properties.url || undefined;
       } catch (error) {
         console.error("[ActivityPub] Syndication failed:", error.message);
@@ -237,3 +286,35 @@ export function createSyndicator(plugin) {
     update: async (properties) => plugin.update(properties),
   };
 }
+
+// ─── Timeline helpers ───────────────────────────────────────────────────────
+
+function normalizeContent(content) {
+  if (!content) return { text: "", html: "" };
+  if (typeof content === "string") return { text: content, html: `<p>${content}</p>` };
+  return {
+    text: content.text || content.value || "",
+    html: content.html || content.text || content.value || "",
+  };
+}
+
+function mapPostType(postType) {
+  if (postType === "article") return "article";
+  if (postType === "repost") return "boost";
+  return "note";
+}
+
+function normalizeMedia(value, siteUrl) {
+  if (!value) return [];
+  const base = siteUrl?.replace(/\/$/, "") || "";
+  const arr = Array.isArray(value) ? value : [value];
+  return arr.map((item) => {
+    if (typeof item === "string") {
+      return item.startsWith("http") ? item : `${base}/${item.replace(/^\//, "")}`;
+    }
+    if (item?.url && !item.url.startsWith("http")) {
+      return { ...item, url: `${base}/${item.url.replace(/^\//, "")}` };
+    }
+    return item;
+  }).filter(Boolean);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rmdes/indiekit-endpoint-activitypub",
-  "version": "3.9.4",
+  "version": "3.10.1",
   "description": "ActivityPub federation endpoint for Indiekit via Fedify. Adds full fediverse support: actor, inbox, outbox, followers, following, syndication, and Mastodon migration.",
   "keywords": [
     "indiekit",
@@ -37,9 +37,9 @@
     "url": "https://github.com/rmdes/indiekit-endpoint-activitypub/issues"
   },
   "dependencies": {
-    "@fedify/debugger": "^2.0.0",
-    "@fedify/fedify": "^2.0.0",
-    "@fedify/redis": "^2.0.0",
+    "@fedify/debugger": "^2.1.0",
+    "@fedify/fedify": "^2.1.0",
+    "@fedify/redis": "^2.1.0",
     "@js-temporal/polyfill": "^0.5.0",
     "express": "^5.0.0",
     "express-rate-limit": "^7.5.1",