svemagie/indiekit-endpoint-activitypub
1
0
Fork 0
mirror of https://github.com/svemagie/indiekit-endpoint-activitypub.git synced 2026-04-02 15:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
263 Commits 1 Branch 0 Tags
main
Commit Graph

18 Commits

Author SHA1 Message Date
svemagie
230bfd105e merge: upstream c1a6f7e — Fedify 2.1.0, 5 FEPs, security/perf audit, v3.9.x 
Upstream commits merged (0820067..c1a6f7e):
- Fedify 2.1.0 upgrade (FEP-5feb, FEP-f1d5/0151, FEP-4f05 Tombstone,
  FEP-3b86 Activity Intents, FEP-8fcf Collection Sync)
- Comprehensive security/perf audit: XSS/CSRF fixes, OAuth scopes,
  rate limiting, secret hashing, token expiry/rotation, SSRF fix
- Architecture refactoring: syndicator.js, batch-broadcast.js,
  init-indexes.js, federation-actions.js; index.js -35%
- CSS split into 15 feature-scoped files + reader-interactions.js
- Mastodon API status creation: content-warning field, linkify fix

Fork-specific resolutions:
- syndicator.js: added addTimelineItem mirror for own Micropub posts
- syndicator.js: fixed missing await on jf2ToAS2Activity (async fn)
- statuses.js: kept DM path, pin/unpin routes, edit post route,
  processStatusContent (used by edit), addTimelineItem/lookupWithSecurity/
  addNotification imports
- compose.js: kept addNotification + added federation-actions.js imports
- enrich-accounts.js: kept cache-first approach for avatar updates
- ap-notification-card.njk: kept DM lock icon (🔒) for isDirect mentions
 2026-03-27 09:30:34 +01:00
Ricardo
c1a6f7e24c docs: add comprehensive FEP/standards compliance tables 
README.md: 18-row table covering core protocols (ActivityPub, HTTP
Signatures, RFC 9421, WebFinger, NodeInfo) and 11 FEPs with status
and provider attribution (Fedify vs Plugin).

CLAUDE.md: developer-facing 11-row FEP table with implementation
file locations for each standard.
 2026-03-26 18:03:25 +01:00
Ricardo
35ab840a56 feat: upgrade Fedify to 2.1.0 + implement 5 FEPs 
Fedify 2.1.0 upgrade:
- Upgrade @fedify/fedify, @fedify/redis, @fedify/debugger to ^2.1.0
- Remove as:Endpoints type-stripping workaround (fixed upstream, fedify#576)
- Wire onUnverifiedActivity handler for Delete from actors with gone keys

FEP implementations:
- FEP-5feb: Add indexable + discoverable to actor (search indexing consent)
- FEP-f1d5/0151: Enrich NodeInfo 2.1 with metadata, staff accounts, repo info
- FEP-4f05: Soft delete with Tombstone — deleted posts serve 410 + Tombstone
  JSON-LD with formerType, published, deleted timestamps. New ap_tombstones
  collection + lib/storage/tombstones.js
- FEP-3b86: Activity Intents — WebFinger links for Follow/Create/Like/Announce
  intents, authorize_interaction routes by intent parameter
- FEP-8fcf: Collection Sync outbound via Fedify syncCollection (documented
  that receiving side is not yet implemented)
 2026-03-26 17:33:28 +01:00
Ricardo
80ef9bca11 docs: update CLAUDE.md and README.md for v3.9 audit refactoring 
CLAUDE.md:
- Architecture tree: add 4 extracted modules (batch-broadcast,
  syndicator, init-indexes, federation-actions)
- Update index.js description to "lifecycle orchestration"
- Data flow: add batch-broadcast delivery path

README.md:
- Remove stale "no custom emoji rendering" limitation
- Update account enrichment to describe non-blocking behavior
- Add 3 missing Mastodon API MongoDB collections
- Add OAuth scope enforcement, rate limiting, token expiry,
  and CSRF to Mastodon Client API features
 2026-03-25 12:35:10 +01:00
svemagie
6089df0c27 Merge remote-tracking branch 'upstream/main' 2026-03-22 15:51:46 +01:00
Ricardo
0d8b2d0f11 docs: update CLAUDE.md and README.md with Mastodon Client API layer 
CLAUDE.md:
- Architecture: add full lib/mastodon/ tree (entities, helpers, middleware, routes)
- Data flow: add Mastodon API path (client → /api/v1/* → ap_timeline + Fedify)
- Collections: add ap_oauth_apps, ap_oauth_tokens, ap_markers; fix ap_blocked_servers field name
- Gotchas #34-35: Mastodon API architecture decisions (pagination, own-post detection,
  account enrichment, OAuth native app redirect, token storage, route ordering,
  unsigned fallback, backfill, content processing)
- Route table: add all Mastodon Client API endpoints

README.md:
- Updated description to mention Mastodon Client API compatibility
- Added full Mastodon Client API feature section
- Added moderation overview to Admin UI features
 2026-03-21 20:50:36 +01:00
svemagie
a040fb2ea8 docs: update post type table and add OG image documentation 
- Likes now shown as Create(Note) bookmark, not Like activity
- Announces use upstream addressing (to: Public, no cc)
- Document OG image support for fediverse preview cards

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-19 01:38:50 +01:00
svemagie
b99f5fb73e Merge upstream rmdes:main — v2.13.0–v2.15.4 into svemagie/main 
New upstream features:
- v2.13.0: FEP-8fcf/fe34 compliance, custom emoji, manual follow approval
- v2.14.0: Server blocking, Redis caching, key refresh, async inbox queue
- v2.15.0: Outbox failure handling (strike system), reply chain forwarding
- v2.15.1: Reply intelligence in reader (visibility badges, thread reconstruction)
- v2.15.2: Strip invalid as:Endpoints type from actor serialization
- v2.15.3: Exclude soft-deleted posts from outbox/content negotiation
- v2.15.4: Wire content-warning property for CW text

Conflict resolution:
- federation-setup.js: merged our draft/unlisted/visibility filters with
  upstream's soft-delete filter
- compose.js: kept our DM compose path, adopted upstream's
  lookupWithSecurity for remote object resolution
- notifications.js: kept our separate reply/mention tabs, added upstream's
  follow_request grouping
- inbox-listeners.js: took upstream's thin-shim rewrite (handlers moved to
  inbox-handlers.js which already has DM detection)
- notification-card.njk: merged DM badge with follow_request support

Preserved from our fork:
- Like/Announce to:Public cc:followers addressing
- Nested tag normalization (cat.split("/").at(-1))
- DM compose/reply path in compose controller

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-19 00:42:31 +01:00
svemagie
f6f13b86e9 docs: document Like/Announce addressing and nested tag normalization 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-19 00:17:49 +01:00
Ricardo
d676374ec1 docs: document Fedify workarounds for endpoints type and PropertyValue attachment 
- Gotcha 10: endpoints as:Endpoints type stripping (fedify#576, fixed in 2.1.0)
- Gotcha 11: PropertyValue attachment type validation (fedify#629, open)
- README: added both to Fedify Workarounds section
- Renumbered gotchas 10-31 → 12-33

Confab-Link: http://localhost:8080/sessions/af5f8b45-6b8d-442d-8f25-78c326190709
 2026-03-17 15:16:01 +01:00
Ricardo
a87fe59259 docs: update CLAUDE.md and README.md with v2.14.0/v2.15.0 features 
Add full feature documentation for federation resilience (v2.14.0) and
Hollo-inspired patterns (v2.15.0). Add credits to Hollo, Fedify, and Wafrn.
Update architecture tree, collections table, routes, and gotchas in CLAUDE.md.

Confab-Link: http://localhost:8080/sessions/af5f8b45-6b8d-442d-8f25-78c326190709
 2026-03-17 11:23:12 +01:00
svemagie
1b2554618e docs: document DM threading, getTags() fix, and outbound storage 2026-03-13 07:31:52 +01:00
svemagie
e18d61d951 docs: update README for svemagie fork with DM support 2026-03-13 06:46:34 +01:00
Ricardo
ab2363d123 docs: update CLAUDE.md and README.md for v2.5.0 
Document unified item processing pipeline (gotcha #23), parameterized
infinite scroll component (gotcha #24), quote embeds (gotcha #25).
Update architecture tree with new modules and controllers. Expand
route table and admin UI pages with explore, tag timeline, post detail,
and API endpoints. Add reader features (explore, hashtags, quotes,
link previews, read tracking, infinite scroll) to README.

Confab-Link: http://localhost:8080/sessions/e9d666ac-3c90-4298-9e92-9ac9d142bc06
 2026-03-03 13:03:48 +01:00
Ricardo
ef0887e0dd docs: document Fedify workarounds and implementation notes in README 
Add section covering all five workarounds carried against Fedify 2.0,
each with file location, upstream issue, and revisit conditions.
 2026-02-25 09:56:32 +01:00
Ricardo
a6f3f8dd6c docs: update CLAUDE.md and README.md for Fedify 2.0 
- Update dependencies table (remove @fedify/express, add @fedify/debugger, unfurl.js)
- Add new config options: debugDashboard, debugPassword, notificationRetentionDays
- Document new gotchas: modular imports, importSpkiPem removal, KvStore list(), debug dashboard body consumption
- Update LogTape gotcha for debug dashboard interaction
- Add debug dashboard and public profile routes to route table
- README: add public profile and debug dashboard feature sections, Fedify 2.0 mention
 2026-02-22 14:36:40 +01:00
Ricardo
0fa446ceb2 feat: make Fedify log level configurable via logLevel option 
Default changed from "info" to "warning" so production logs are quiet.
Set logLevel to "info" or "debug" in config to troubleshoot federation.
 2026-02-21 22:51:07 +01:00
Ricardo
b81ecbcaa4 docs: add CLAUDE.md for AI agents and README.md for humans 
CLAUDE.md covers architecture, 18 critical gotchas distilled from
bug fixes (Fedify bridge, objectId vs getObject, template collisions,
Express 5 redirect, date handling, author fallback chain, etc.),
MongoDB collections, route table, and publishing workflow.

README.md covers features, installation, configuration, nginx setup,
how syndication/inbox/content negotiation work, Mastodon migration,
admin UI reference, and known limitations.
 2026-02-21 17:06:11 +01:00