Description
Implement authenticated ActivityPub transport for the Linux runtime.
Scope
- Fetch remote actors and signing keys with bounded requests and safe redirect behavior.
- Resolve actor IDs to inbox or shared-inbox delivery targets.
- Verify incoming HTTP Signatures before trusted inbox processing.
- Confirm the verified signer matches the activity actor where required.
- Sign outgoing ActivityPub HTTP requests.
- Execute
SendActivity actions through a delivery queue.
- Add bounded retry/backoff and durable delivery status sufficient for the preview.
- Avoid remote JSON-LD context loading; normalize only the supported static ActivityStreams profile.
Done when
- A signed remote Follow can be verified and passed into
FederCore.
- Feder can send a signed Accept to the resolved remote inbox.
- Feder can deliver a signed Create(Note) activity to at least one compatible inbox.
- Invalid signatures, actor/signature mismatches, unsafe fetch targets, and terminal delivery failures are tested.
Out of scope
- Production-grade queue infrastructure.
- Full JSON-LD expansion, framing, or remote context processing.
- Broad support for ActivityPub authentication extensions.
Description
Implement authenticated ActivityPub transport for the Linux runtime.
Scope
SendActivityactions through a delivery queue.Done when
FederCore.Out of scope