A while back I mentioned the idea of “Fedify Studio”—a web-based toolkit for #ActivityPub debugging and development. I've been quietly working on shaping that idea into something more concrete.

Nothing to announce yet, but it's looking like this might become a team effort rather than a solo project, which would be nice. We'll see how it goes.

#Fedify #fedidev #fediverse

I forgot how tedious it is to chase code coverage when writing tests.

However this was part of the reason that made me include the "boring" parts of building a robust library into the goals set for the #nlnet grant.

So after a couple of days of work I finally got the first of the storage backends for the #GoActivityPub library go past 80% test coverage.

I hope I can reuse some of the test logic in the other backends, as they need to perform identically.

#go #ActivityPub #fedidev

RE: https://fietkau.software/daily_rucks/ap/activity/2025-11-08

I have added Mastodon-style (FEP-044f) quote post compatibility to my @DailyRucksDaily Rucks from Bastion bot. You can now quote post the daily voice lines as much as you want! 🥳

This would be noteworthy on its own if there weren't already a bunch of non-Mastodon implementations, but I'm actually late to the party. WordPress, Bonfire, micro.blog, dotmakeup, and ActivityBot all got there before I did.

However, I think my approach is novel for being *stateless*. Thread incoming.

🧵 1/6

#Fediverse #FediDev #ActivityPub

Just opened an issue for a major new task for #Fedify: building an #interoperability smoke test suite.

To ensure Fedify-built servers federate correctly with the wider #fediverse, we're planning to run automated E2E tests in #CI against live instances of Mastodon, Misskey, and more. This is crucial for a framework's reliability.

You can see the full plan and discussion here:

https://github.com/fedify-dev/fedify/issues/481

#ActivityPub #fedidev

To know what software an instance is running (Mastodon, Pleroma, Akkoma, Firefish, Friendica, etc), have to make 2 calls:

1. `/.well-known/nodeinfo` - get the `href` for a nodeinfo link e.g. https://mastodon.social/.well-known/nodeinfo
2. `/nodeinfo/2.0` (possibly 1.0 or 2.1 too) - get the `software.name` e.g. https://mastodon.social/nodeinfo/2.0

And… both are not CORS-enabled (again) for web apps to request 😅😢

Reference: https://github.com/h3poteto/megalodon/blob/90461fa7d5a6349cb31dcd1d3c6ef8641281d29e/megalodon/src/detector.ts

#MastoDev #FediDev

Been thinking about fediverse wiki after @2chanhaeng초무 mentioned it today. Some ideas:

• Cross-instance page linking: [[Page Title@other-instance.wiki]]
• Edit pages on other instances with your home account
• Fork pages across instances: [[Page@instance-a.wiki]] → [[Page@instance-b.wiki]], sharing edit history up to the fork point

• Merge forked pages later when needed

The fork/merge model feels natural for federated collaboration. Thoughts?

#fediverse #wiki #fedidev #ActivityPub

RE: https://neuromatch.social/@jonny/115343246885448739

Rumors that the fediverse can't do mobile identity have been greatly exaggerated: #FEP_1580 is now in draft status - https://codeberg.org/fediverse/fep/src/branch/main/fep/1580/fep-1580.md

This is a proposal for how to migrate all your stuff along with you when you move instances.

The gist:

• Send a request to move along with a set of stuff you'd like to bring with you. Moderators (optionally) can, approve, send back a change request, or deny. If the changes look ok, start the move, if not, hey you avoided incompatible moderation. Should be possible to layer in any kind of bulk actions you might want: "everything except my DMs," "strip attachments," "only my favorite posts," "nothing," etc.
• keep a public collection of move events signed by both the source and target for durable, portable proof that you are the same person as the old account
• the new instance crawls your old account and grabs whatever you specified, and then posts a mapping from old URIs to new URIs.
• other instances can then immediately remap the URIs so e.g. future interactions get sent to the right place, and then gradually update their local versions over time, spacing out traffic.

Just using existing ActivityPub mechanisms. There are 6 new terms.

Bonus: lays the next steps to migrate to content addressed URIs, decouple accounts from instances, and merge and split accounts.

It being a draft means that there is a 60 day (or longer) public comment period, and feedback/edits/etc. Are very much welcome.
Issue: https://codeberg.org/fediverse/fep/issues/702
Discussion: https://socialhub.activitypub.rocks/t/fep-1580-move-actor-objects-with-a-migration-collection/8111

#FediDev #MoveAllPosts

TIL: #Mastodon specifically treats actor URIs with the pattern https://<domain>/actor as instance actors. Turns out I misread the code. 😅

#fedidev #ActivityPub

Here's a draft FEP to do full account migration with posts and whatever other kinda objects you want to bring with you. It's a trivial expansion of existing ActivityPub/streams systems and supports gradual migration as it's implemented and after an account migration. It should be possible to migrate pretty much everything this way, both private and public objects.

criticism, feedback, revisions, etc. welcome - i don't think this is a "final version" and there are certainly things i overlooked.

https://codeberg.org/sneakers-the-rat/fep/src/branch/move-map/fep/1580/fep-1580.md

https://codeberg.org/fediverse/fep/pulls/692

#MoveAllPosts #FediDev #FEP #FEP_1580 #FullMigration #AccountMigration

• https://github.com/mastodon/mastodon/issues/19399
• https://github.com/mastodon/mastodon/issues/15912
• https://github.com/mastodon/mastodon/issues/14287
• https://github.com/mastodon/mastodon/issues/12423
• https://github.com/mastodon/mastodon/issues/981

in which post migration has been requested for three years. six years? nine years!?

#mastodev #fedidev

okay i've polished up my FediTag javascript which embeds a feed of Mastodon posts from one account using a particular hashtag on a website or page. you can find it on github https://github.com/Enichan/feditag

#FediDev #Mastodon #OpenSource #JavaScript #WebDevelopment #GitHub

If we were to do a regular online Fediverse meeting —

(Maybe once a month.)

WHAT DAYS OF THE WEEK WOULD YOU BE ABLE TO ATTEND?

A regular (online) meeting for Fediverse developers, for those who care about the Fediverse as a social movement, and for those who care about the success of the Fediverse.

Sunday?
Monday?
Tuesday?
Wednesday?
Thursday?
Friday?
Saturday?

(You can pick more than one day)

PLEASE REPLY WITH YOUR ANSWER.

#ActivityPub #FediDev #FediUX #Fediverse #FediverseUX #SocialWeb

RE: https://mastodon.social/@reiver/115300910507077759

I just did a video-chat with @sl007Sebastian Lasse —

(This is the first time we chatted.)

We talked about a number of Fediverse related things.

One of those things was — having a regular (online) meeting.

A regular (online) meeting for Fediverse developers, for those who care about the Fediverse as a social movement, and for those who care about the success of the Fediverse.

I have heard others say this, too, over and over again.

(And, at times, we have had them before.)

#Fediverse #FediDev #SocialWeb

A wiki you can post on, what a concept.
But that's basically what it is we just don't have names for posts or concepts.

I actually did implement this, where you could give a post a title and that gives it a namespaced URL, ideally then one would be able to do [[my post]] or [[@jonny/my post]] , (and then quoting a named concept would be {{ @jonny/my post }} ). Idk why we never deployed this.

https://github.com/NeuromatchAcademy/mastodon/pull/35

#FediDev #MastoDev

Thinking about building “#Fedify Studio” (tentative name)—a web-based #ActivityPub debugging & development toolkit, like a supercharged version of ActivityPub.Academy and fedify inbox command. Imagine having a proper UI for testing activities, inspecting actors, debugging federation issues… Would this be useful for other ActivityPub developers out there?

#fedidev #fediverse

"＠context": [
"https://www.w3.org/ns/activitystreams",
{
"Quotation": "as:Quotation",
"citation": "as:citation",
"quotation": "as:quotation"
},
],

#ActivityPub #ActivityStreams #FediDev #Fediverse #JSONLD #ObjectTypeQuotation #retejo

4/

Apparently, Bookwyrm stores quotations with:

type="Quotation"

And if one Bookwyrm server talks to another Bookwyrm server, then — the ActivityPub / ActivityStreams representation of the quotation will have:

type="Quotation"

...

BUT — if a non-Bookwyrm server talks to a Bookwyrm server, then — the ActivityPub / ActivityStreams representation of the quotation will have:

type="Note"

#ActivityPub #ActivityStreams #FediDev #Fediverse #ObjectTypeNote #ObjectTypeQuotation #retejo

3/

Apparently the Bookwyrm developer had the exact same idea!

(Which isn't too surprising.)

Here is how it works —

...

#ActivityPub #ActivityStreams #FediDev #Fediverse #ObjectTypeNote #ObjectTypeQuotation #retejo

2/

How could you represent a quotation in ActivityPub‽

...

I suppose there are 2 major approaches.

Either use an existing Object Type. Maybe:

type="Note"

Or create a new Object Type:

type="Quotation"

...

Here is the interesting thing though —

#ActivityPub #ActivityStreams #FediDev #Fediverse #ObjectTypeNote #ObjectTypeQuotation #retejo

Quotations & the Fediverse / ActivityPub

1/

One thing I used to do a lot on social-media is — post quotations.

Sometimes I was reading a book. And, I would quote things from the book and post it on social-media.

Or I was reading a scholarly paper, or reading a blog post, or watching a video, or listening to a podcast, etc.

...

I was thinking — how could you represent a quotation in ActivityPub‽

#ActivityPub #ActivityStreams #FediDev #Fediverse #ObjectTypeNote #ObjectTypeQuotation #retejo

9/

A regular users might write Markdown like this:

"""
# Hello!

How do you do?
"""

Or write HTML like this:

"""
<article>
<h1>Hello!</h1>
<p>How do you do?</p>
</article>
"""

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

8/

REMEMBER: this is for power-users, not regular users

How would you get ActivityPub / ActivityStreams into HTML using RDFa‽

Like this:

<div vocab="https://www.w3.org/ns/activitystreams#" typeof="Note">
<p property="name">Hello!</p>
<p>How do you do?</p>
</div>

AGAIN, REMEMBER: this is for power-users, not regular users.

Regular users can just write Markdown or HTML and Retejo will figure this out automatically for you

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

7/

If you are wondering what RDFa is —

You might be more familiar with OpenGraph.

https://ogp.me/

OpenGraph is usually the thing that causes "preview cards" to be showed for links shared on social-media.

OpenGraph is written in RDFa. Which, in practice, is some special HTML elements added to the page.

For example:

<meta property="og:image" content="https://example.com/img/preview.png" />

So what about ActivityPub‽ —

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

6/

Obviously, beginners are NOT going to do this, but — some power-users may want this level of control.

There are different way this could be done, but — one way might be that power-users could use RDFa to explicitly specify what data from the HTML gets into the ActivityPub / ActivityStreams data.

Again, beginners and typical users would NOT do this.

But a power-user might want to.

Here is an example —

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

5/

So, what would be a good user-experience (UX) for power-users be — in a system that automatically creates ActivityPub / ActivityStreams data from HTML and Markdown‽

One thought I had is that power-users could explicitly mark what data from their HTML gets into the ActivityPub / ActivityStreams data (if they want to).

I'll explain —

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

4/

I think one mistake some software does is — they create a good experience for beginners, but have a poor experience for power-users.

And keep in mind that — some beginners become power-users later on.

I think it is important to design for power-users, too, in addition to beginners.

...

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

3/

If a typical user is writing in Markdown, and their Markdown file has a level-1 heading right at the beginning, then —

That could go into the ActivityPub "name" field.

And, similar could be done for HTML, too.

...

But what about power users —

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

2/

What are "good" ways of automatically creating ActivityPub / ActivityStreams data from HTML and Markdown‽

I think the answer depends on who, for example, is writing HTML, and how they are writing it.

For example, is this a typical user? Is this a power-user? Do they know HTML? And if they do know HTML, how well do they know it? Etc?

I will show you what I mean —

...

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

1/

I have spending time thinking of ways you could automatically create ActivityPub / ActivityStreams data from HTML and Markdown

Most people will probably write in plain UTF-8 text, or Markdown, or HTML

How to do you take that and get it onto the Fediverse and Social Web‽

This isn't just a question of how to technically do it — but also a question of user-experience (UX)

I.e., what are "good" ways of doing it‽

...

#ActivityPub #ActivityStreams #FediDev #Fediverse #Markdown #retejo #RDFa

Today I discovered an interesting inconsistency in Activity Streams specs while investigating a Fedify issue.

The question: How should we interpret URLs like "icon": "https://example.com/avatar.png"?

JSON-LD context (https://www.w3.org/ns/activitystreams): @type: "@id" → “This is an IRI reference, dereference it to fetch an ActivityStreams object.”

Activity Streams Primer: “assume that a bare string is the href of a Link object, not an id” (no dereferencing)

Result: JSON-LD processor-based implementations try to parse PNG files as JSON and fail.

Turns out w3c/activitystreams#595 already discusses the same issue for href properties. I added a note that icon, image, etc. have the same problem.

Once again reminded of how tricky spec work can be…

#ActivityPub #Fedify #ActivityStreams #fedidev #specifications

We're excited to share an update on #Fedify's development! While we're actively working on Fedify 1.9 in the main branch, we've also begun preparations for Fedify 2.0 in the next branch.

Before you get too excited about revolutionary new features, we want to set clear expectations: Fedify 2.0 will primarily focus on cleaning up technical debt that we couldn't address due to backward compatibility constraints. This means removing deprecated APIs and making breaking changes that will ultimately result in a cleaner, more maintainable codebase. Think of it as a major housekeeping release—necessary work that will make Fedify better in the long run.

Some of the planned improvements include adding readonly modifiers throughout our types and interfaces to better enforce our immutability-by-default principle, implementing our own RFC 6570 URI Template library for symmetric expansion and pattern matching, and various CLI tool migrations to our new Optique framework for better cross-runtime support. While the majority of changes will be about refinement rather than revolution, these updates will strengthen Fedify's foundation and improve interoperability across the #fediverse. You can track all planned changes in detail by checking out the Fedify 2.0 milestone on our GitHub repository.

#Fedify2 #fedidev #ActivityPub

In #WebFinger, are there any relations that use the template property instead of the href property, excluding the http://ostatus.org/schema/1.0/subscribe relation?

#fedidev

The #Fedify monorepo has grown to 16 packages!

We've been working hard to make Fedify more modular and easier to integrate with your favorite tools and platforms. From the core framework to database drivers, from CLI tools to web framework integrations—we've got you covered.

Our packages now include:

• Core framework and CLI tools
• Web framework integrations: Express, Hono, H3, Elysia, NestJS, Next.js, SvelteKit
• Database drivers: PostgreSQL, Redis, SQLite, AMQP/RabbitMQ
• Platform integrations: Cloudflare Workers, Deno KV
• Testing utilities

Each package is available on JSR and/or npm, making it easy to pick exactly what you need for your ActivityPub implementation.

What integration would you like to see next? Let us know!

#ActivityPub #fedidev #fediverse #OpenSource #TypeScript

Are you a Fediverse developer? Do you work with ActivityPub?

You should follow https://activitypub.space

And here is the awesome thing — you can follow it from your existing Fediverse account!

Follow these activitypub.space channels:

• @generalGeneral Discussion
• @technical-discussion
• @faqFrequently Asked Questions
• @random
• @meta

(Thank you @julian )

#ActivityPub #FediDev #Fediverse #SocialWeb

We're excited to announce the release of BotKit 0.3.0! This release marks a significant milestone as #BotKit now supports #Node.js alongside #Deno, making it accessible to a wider audience. The minimum required Node.js version is 22.0.0. This dual-runtime support means you can now choose your preferred #JavaScript runtime while building #ActivityPub #bots with the same powerful BotKit APIs.

One of the most requested features has landed: poll support! You can now create interactive polls in your #bot messages, allowing followers to vote on questions with single or multiple-choice options. Polls are represented as ActivityPub Question objects with proper expiration times, and your bot can react to votes through the new onVote event handler. This feature enhances engagement possibilities and brings BotKit to feature parity with major #fediverse platforms like Mastodon and Misskey.

// Create a poll with multiple choices
await session.publish(text`What's your favorite programming language?`, {
  class: Question,
  poll: {
    multiple: true,  // Allow multiple selections
    options: ["JavaScript", "TypeScript", "Python", "Rust"],
    endTime: Temporal.Now.instant().add({ hours: 24 }),
  },
});

// Handle votes
bot.onVote = async (session, vote) => {
  console.log(`${vote.actor} voted for "${vote.option}"`);
};

The web frontend has been enhanced with a new followers page, thanks to the contribution from Hyeonseo Kim (@gaebalgom개발곰)! The /followers route now displays a paginated list of your bot's followers, and the follower count on the main profile page is now clickable, providing better visibility into your bot's audience. This improvement makes the web interface more complete and user-friendly.

For developers looking for alternative storage backends, we've introduced the SqliteRepository through the new @fedify/botkit-sqlite package. This provides a production-ready SQLite-based storage solution with ACID compliance, write-ahead logging (WAL) for optimal performance, and proper indexing. Additionally, the new @fedify/botkit/repository module offers MemoryCachedRepository for adding an in-memory cache layer on top of any repository implementation, improving read performance for frequently accessed data.

This release also includes an important security update: we've upgraded to #Fedify 1.8.8, ensuring your bots stay secure and compatible with the latest ActivityPub standards. The repository pattern has been expanded with new interfaces and types like RepositoryGetMessagesOptions, RepositoryGetFollowersOptions, and proper support for polls storage through the KvStoreRepositoryPrefixes.polls option, providing more flexibility for custom implementations.

#fedidev

@dariusDarius Kazemi

super nice.
#fedidev #ActivityPub

What I worked on the past weeks was to analyze the current news corpora of the University of Leipzig in different languages.
Then mixed it with an anonymized fedi corpus and wrote a thing which can
- compress ActivityPub Objects to 20% of its size by a combination of semantic compression where 256 languages can be covered. The rest would be uncompressed in multilanguage Objects (see Evans new Primer Page).
Result is UInt8Array for a database.

What I am working on now is to "preserve hashtags and common knowledge".
One byte is a pointer to Hashtags (where any word has a # at 0) and one byte is a pointer to 3x(256²) wikidata tables. So that we directly get the e.g. Q1055 for Hamburg and can ask the author if the prominent Hamburg is meant …
This was just a first demo for German https://github.com/sebilasse/compressDE which meanwhile improved and soon you can generate your lexica from corpora.
btw This can detect 852 languages https://github.com/redaktor/languages
Less data, better climate …

I just realized that the default specifications for ActivityPub/ActivityStreams do not have a way to perform an update on an object's ID. (ie, moving it from example.com/1 -> example.com/2)

An Update activity does not allow ID updates because it would lose the reference to the original one. (It can be massaged by using an Origin property, but I don't like that).

Another option would be to use a Move activity (which is defined as moving objects between collections), where the Origin property is the object itself instead of a collection. (I like this behaviour better, as it requires less divergence from the spec)

#ActivityPub #fedidev #ActivityPubDev

We'd like to recognize the valuable contributions from two developers who participated in Korea's #OSSCA (Open Source Contribution Academy) program. Both contributors identified important gaps in #Fedify's functionality and documentation, providing thoughtful solutions that benefit the broader #ActivityPub ecosystem.

@gaebalgom개발곰 contributed PR #365, addressing issue #353 regarding NodeInfo parser compatibility, originally reported by @andypiper. The issue arose when Fedify incorrectly rejected #NodeInfo documents from snac instances due to overly strict version string parsing that required semantic versioning compliance. Their solution improves the fallback behavior in the parseSoftware() function to handle non-SemVer version strings by parsing dot-separated numbers and defaulting to zero for missing components. The implementation includes thorough test coverage for various edge cases, including single numbers (3), two-part versions (2.81), and malformed version strings. This fix provides immediate compatibility improvements across the fediverse while maintaining backward compatibility, and will be included in Fedify 1.9. The contribution serves as an interim solution, with a more comprehensive fix planned for Fedify 2.0 (issue #366), where the NodeInfo software.version field will be changed from the SemVer type to a plain string to fully comply with the NodeInfo specification.

@z9mb1wwj contributed PR #364, resolving issue #337 by adding practical examples for Fedify's custom collection dispatchers feature. Custom collections were introduced in Fedify 1.8 but lacked clear documentation for developers seeking to implement them. Their contribution provides a comprehensive example demonstrating how to set up custom collections for tagged posts, including proper routing patterns, pagination handling, and counter functionality. The example includes mock data structures, shows how to configure collection dispatchers with URL patterns like /users/{userId}/tags/{tag}, and demonstrates the complete request/response cycle using federation.fetch(). This work provides developers with a clear, runnable reference that reduces the complexity of implementing custom collections in ActivityPub applications.

We appreciate these meaningful contributions that help make Fedify more accessible and robust for the entire ActivityPub community.

#opensource #fedidev #fediverse

Improved the setup steps for a new #ONI instance.

Initially it wasn't possible to operate everything without manually editing some json files, but now everything works with vanilla client to server #ActivityPub activities triggered from a CLI helper.

Now I just need to put it all into a document.

#fedidev

Feditext, one of my favorite, consistently solid fediverse apps, (love it for GtS) is looking for iOS devs to swat at a bug or two.

#FediApps #FediDev #iosdev https://mastodon.social/@Feditext/114990933150568200

🔒 Security Update for BotKit Users

We've released #security patch versions BotKit 0.1.2 and 0.2.2 to address CVE-2025-54888, a security #vulnerability discovered in #Fedify. These updates incorporate the latest patched version of Fedify to ensure your bots remain secure.

We strongly recommend all #BotKit users update to the latest patch version immediately. Thank you for keeping the #fediverse safe! 🛡️

#fedidev

All #Fedify users must immediately update to the latest patched versions. A #critical authentication bypass #vulnerability (CVE-2025-54888) has been discovered in Fedify that allows attackers to impersonate any #ActivityPub actor by sending forged activities signed with their own keys.

This vulnerability affects all Fedify instances and enables complete actor impersonation across the federation network. Attackers can send fake posts and messages as any user, create or remove follows as any user, boost and share content as any user, and completely compromise the federation trust model. The vulnerability affects all Fedify instances but does not propagate to other ActivityPub implementations like Mastodon, which properly validate authentication before processing activities.

The following versions contain the #security fix: 1.3.20, 1.4.13, 1.5.5, 1.6.8, 1.7.9, and 1.8.5. Users should update immediately using their package manager with commands such as npm update @fedify/fedify, yarn upgrade @fedify/fedify, pnpm update @fedify/fedify, bun update @fedify/fedify, or deno update @fedify/fedify.

After updating, redeploy your application immediately and monitor recent activities for any suspicious content. Please also inform other Fedify operators about this critical update to ensure the security of the entire federation network.

The safety and security of our community depends on immediate action. Please update now and feel free to leave comments below if you have any questions.

#fedidev