Skip to content

Piero Bosio Social Web Site Personale Logo Fediverso

Social Forum federato con il resto del mondo. Non contano le istanze, contano le persone
  1. Home
  2. Categories
  3. General Discussion
  4. Enigmatick ActivityPub C2S

Enigmatick ActivityPub C2S

General Discussion
3 2 10
  • jdt@enigmatick.socialundefined

    From its conception, #Enigmatick has leaned heavily on the /inbox and /outbox endpoints for client operations. There are some /api endpoints, but I avoid that were I can shoehorn operations into the #ActivityPub specification and #ActivityStreams vocabulary.

    While typical operational activities are fairly well accounted for, administration is a weak point. For example: I haven't identified a clear way to use the currently described mechanisms for an administrative user to pull up and manage instances or actors on a server.

    I've relied on CLI tools (e.g., ./enigmatick --help) to manage some of that. And in some cases, I know how to manipulate data in my database, so I haven't worried too much about building tooling. But I'd like to ship something that other folks can use to share in my efforts, so I've been thinking about how to model those activities in an ActivityPub-esque way to use in the Svelte UI.

    ActivityPub Messages

    To that end, I'm now using Block and Delete activities sent from the client to the server outbox to manage the blocking of instances and purging of data.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "ek": "https://enigmatick.social/ns#",
      "Instance": "ek:Instance"
    }
  ],
  "id": "https://enigmatick.social/activities/550e8400-e29b-41d4-a716-446655440000",
  "type": "Block",
  "actor": "https://enigmatick.social/user/system",
  "object": {
    "type": "Instance",
    "id": "https://spammy-instance.example"
  }
}

    In practice, my client does not generate the id, but that attribute is generated by the server and the Activity is stored alongside other typically federated activities. These local Block activities are not federated out to other servers; they are intended solely for local server management.

    The Block activity is sent as a message signed at the client by a user with administrative privileges on the server. Enigmatick's user authentication is unique (i.e., I use a separate set of encryption keys for client-signing executed by a wasm module in the browser). That can be a topic for a future article.

    That the actor as the system Application user is important. That is used by the server to establish the scope of this action as system-wide, not just for a single user. The system actor is discoverable in the nodeinfo metadata.

    I'm using a typed object rather than just an id reference. This is so that I can use this same flow for blocking and purging Actor objects (i.e., the type would be Person, Service, or Application).

    The purge action is similar, using the Delete activity.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "ek": "https://enigmatick.social/ns#",
      "Instance": "ek:Instance"
    }
  ],
  "id": "https://enigmatick.social/activities/550e8400-e29b-41d4-a716-446655440000",
  "type": "Delete",
  "actor": "https://enigmatick.social/user/system",
  "object": {
    "type": "Instance",
    "id": "https://spammy-instance.example"
  }
}

    The term, "delete" is a bit of a misnomer in this case as it applies to the instance specifically. The instance will remain, but the objects, activities, and actors associated with that instance will be fully deleted (i.e., not set to Tombstone).

    Collection Endpoints

    To facilitate the UI operations, I've created two new collection endpoints on my server: /instances and /actors. These endpoints provide typical ActivityPub Collection objects.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "Instance": "ek:Instance",
      "activitiesCount": "ek:activitiesCount",
      "actorsCount": "ek:actorsCount",
      "blocked": "ek:blocked",
      "ek": "https://enigmatick.social/ns#",
      "lastMessageAt": "ek:lastMessageAt",
      "objectsCount": "ek:objectsCount"
    }
  ],
  "type": "OrderedCollection",
  "id": "https://enigmatick.social/instances",
  "totalItems": 7702,
  "orderedItems": [
    {
      "type": "Instance",
      "id": "https://example-instance.name",
      "blocked": false,
      "created": "2025-12-16T16:56:33Z",
      "lastMessageAt": "2025-12-16T16:56:33Z",
      "actorsCount": 0,
      "objectsCount": 1,
      "activitiesCount": 0
    }
  ],
  "first": "https://enigmatick.social/instances?max=9223372036854775807",
  "last": "https://enigmatick.social/instances?min=0",
  "next": "https://enigmatick.social/instances?max=1765657395402834"
}

    I've added some extensions in the @context to account for a few non-standard attributes.

    That collection is used by the UI.

    The Enigmatick instances UI showing the most recently discovered instances from the enigmatick.social server

    Collection Discovery

    nodeinfo is a common protocol used for discovering information about ActivityPub-speaking servers. I've extended my use of that to facilitate client-discovery of these new endpoints using the metadata object contained in the nodeinfo JSON.

    "metadata": {
  "actor": "https://enigmatick.social/user/system",
  "adminActors": "https://enigmatick.social/actors",
  "adminInstances": "https://enigmatick.social/instances",
  "domain": "enigmatick.social",
  "url": "https://enigmatick.social"
}

    Final Thoughts

    As I'm reading through this, I see some opportunities for refinement. I should probably be using OrderedCollectionPage instead of OrderedCollection for my collection endpoints. I'm sure there are other tweaks to be made.

    0
  • jdt@enigmatick.socialundefined jdt@enigmatick.social

    From its conception, #Enigmatick has leaned heavily on the /inbox and /outbox endpoints for client operations. There are some /api endpoints, but I avoid that were I can shoehorn operations into the #ActivityPub specification and #ActivityStreams vocabulary.

    While typical operational activities are fairly well accounted for, administration is a weak point. For example: I haven't identified a clear way to use the currently described mechanisms for an administrative user to pull up and manage instances or actors on a server.

    I've relied on CLI tools (e.g., ./enigmatick --help) to manage some of that. And in some cases, I know how to manipulate data in my database, so I haven't worried too much about building tooling. But I'd like to ship something that other folks can use to share in my efforts, so I've been thinking about how to model those activities in an ActivityPub-esque way to use in the Svelte UI.

    ActivityPub Messages

    To that end, I'm now using Block and Delete activities sent from the client to the server outbox to manage the blocking of instances and purging of data.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "ek": "https://enigmatick.social/ns#",
      "Instance": "ek:Instance"
    }
  ],
  "id": "https://enigmatick.social/activities/550e8400-e29b-41d4-a716-446655440000",
  "type": "Block",
  "actor": "https://enigmatick.social/user/system",
  "object": {
    "type": "Instance",
    "id": "https://spammy-instance.example"
  }
}

    In practice, my client does not generate the id, but that attribute is generated by the server and the Activity is stored alongside other typically federated activities. These local Block activities are not federated out to other servers; they are intended solely for local server management.

    The Block activity is sent as a message signed at the client by a user with administrative privileges on the server. Enigmatick's user authentication is unique (i.e., I use a separate set of encryption keys for client-signing executed by a wasm module in the browser). That can be a topic for a future article.

    That the actor as the system Application user is important. That is used by the server to establish the scope of this action as system-wide, not just for a single user. The system actor is discoverable in the nodeinfo metadata.

    I'm using a typed object rather than just an id reference. This is so that I can use this same flow for blocking and purging Actor objects (i.e., the type would be Person, Service, or Application).

    The purge action is similar, using the Delete activity.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "ek": "https://enigmatick.social/ns#",
      "Instance": "ek:Instance"
    }
  ],
  "id": "https://enigmatick.social/activities/550e8400-e29b-41d4-a716-446655440000",
  "type": "Delete",
  "actor": "https://enigmatick.social/user/system",
  "object": {
    "type": "Instance",
    "id": "https://spammy-instance.example"
  }
}

    The term, "delete" is a bit of a misnomer in this case as it applies to the instance specifically. The instance will remain, but the objects, activities, and actors associated with that instance will be fully deleted (i.e., not set to Tombstone).

    Collection Endpoints

    To facilitate the UI operations, I've created two new collection endpoints on my server: /instances and /actors. These endpoints provide typical ActivityPub Collection objects.

    {
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    {
      "Instance": "ek:Instance",
      "activitiesCount": "ek:activitiesCount",
      "actorsCount": "ek:actorsCount",
      "blocked": "ek:blocked",
      "ek": "https://enigmatick.social/ns#",
      "lastMessageAt": "ek:lastMessageAt",
      "objectsCount": "ek:objectsCount"
    }
  ],
  "type": "OrderedCollection",
  "id": "https://enigmatick.social/instances",
  "totalItems": 7702,
  "orderedItems": [
    {
      "type": "Instance",
      "id": "https://example-instance.name",
      "blocked": false,
      "created": "2025-12-16T16:56:33Z",
      "lastMessageAt": "2025-12-16T16:56:33Z",
      "actorsCount": 0,
      "objectsCount": 1,
      "activitiesCount": 0
    }
  ],
  "first": "https://enigmatick.social/instances?max=9223372036854775807",
  "last": "https://enigmatick.social/instances?min=0",
  "next": "https://enigmatick.social/instances?max=1765657395402834"
}

    I've added some extensions in the @context to account for a few non-standard attributes.

    That collection is used by the UI.

    The Enigmatick instances UI showing the most recently discovered instances from the enigmatick.social server

    Collection Discovery

    nodeinfo is a common protocol used for discovering information about ActivityPub-speaking servers. I've extended my use of that to facilitate client-discovery of these new endpoints using the metadata object contained in the nodeinfo JSON.

    "metadata": {
  "actor": "https://enigmatick.social/user/system",
  "adminActors": "https://enigmatick.social/actors",
  "adminInstances": "https://enigmatick.social/instances",
  "domain": "enigmatick.social",
  "url": "https://enigmatick.social"
}

    Final Thoughts

    As I'm reading through this, I see some opportunities for refinement. I should probably be using OrderedCollectionPage instead of OrderedCollection for my collection endpoints. I'm sure there are other tweaks to be made.

    silverpill@mitra.socialundefined

    @jdt

    >nodeinfo is a common protocol used for discovering information about ActivityPub-speaking servers

    NodeInfo is used primarily by sites like https://fediverse.observer, it is not intended to be used by clients. There is a similar entity in ActivityPub: server actor (instance actor). In your case it seems to be located at https://enigmatick.social/user/system ?

    I prefer Webfinger discovery method, as described in this FEP: https://codeberg.org/fediverse/fep/src/branch/main/fep/d556/fep-d556.md.

    0
  • silverpill@mitra.socialundefined silverpill@mitra.social

    @jdt

    >nodeinfo is a common protocol used for discovering information about ActivityPub-speaking servers

    NodeInfo is used primarily by sites like https://fediverse.observer, it is not intended to be used by clients. There is a similar entity in ActivityPub: server actor (instance actor). In your case it seems to be located at https://enigmatick.social/user/system ?

    I prefer Webfinger discovery method, as described in this FEP: https://codeberg.org/fediverse/fep/src/branch/main/fep/d556/fep-d556.md.

    jdt@enigmatick.socialundefined

    @silverpill@mitra.social Thanks - that solves a number of issues I've been encountering. From the outset, I wanted to use the system actor to point at the relevant administrative collections, but couldn't think of a good way to identify the actor to the client (without hard-coding it). That webfinger adjustment solves that.

    0
Log in to reply

Feed RSS
Enigmatick ActivityPub C2S

Gli ultimi otto messaggi ricevuti dalla Federazione
  • macgirvin@activitypub.spaceundefined
    macgirvin@activitypub.space

    @edent@mastodon.social -- It's also used for the username component of email addresses iirc; as these are originally also specified as 7-bit US-ASCII. So I convert local usernames with idn. Just something I did out of habit really. You can use UTF-8 if you want, so I'm only saying that punycode seems to federate better based on my experience. We tested this with a bunch of fediverse software at the time and it just worked. We'll accept either.

    read more
  • edent@mastodon.socialundefined
    edent@mastodon.social

    @macgirvin
    I thought Punycode was only for domain names. Are you saying you also use it for the user part?

    read more
  • macgirvin@activitypub.spaceundefined
    macgirvin@activitypub.space

    @edent@mastodon.social -- I've just tested and that account also works fine with Hubzilla. I will mention that your implementation in this case uses url-encoded usernames while ours uses punycode. They should be able to interact just fine, but the fact that there are multiple ways to arrive at a solution could cause a bit of confusion for implementers.

    You'll need to use punycode if you wish to federate with the diaspora protocol or email or any other projects or protocols which restrict the character set for usernames. So it might end up being a more flexible solution in the long run and should work fine with every other fediverse project today. ASCII-restricted software will just use the xn-- name; and all their links and buttons should work fine.

    Url-encoding should also work, but perhaps not so universally and easily as punycode; as witnessed by the number of issues documented in this thread.

    read more
  • liaizon@social.wake.stundefined
    liaizon@social.wake.st

    @apps look @julian isn't this sorta what you were just talking about with hashtag combining schemes

    read more
  • apps@toot.fedilab.appundefined
    apps@toot.fedilab.app

    @jandi
    Yes, that would really help. I will set the priority in the Weblate project for the part used to understand tags inside messages. Thank you for your continuous support on projects :)

    read more
  • macgirvin@activitypub.spaceundefined
    macgirvin@activitypub.space

    @edent@mastodon.social -- Just looked again... this was first introduced as a hidden feature in redmatrix around 2013-2014, and so may also be available currently in Hubzilla (behind the "system.unicode_usernames" feature toggle). There were some major changes in 2019 that to my knowledge weren't ever backported. I think these only applied to local usernames and not remote usernames, but the functionality in hubzilla still might need to be verified.

    read more
  • apps@toot.fedilab.appundefined
    apps@toot.fedilab.app

    The map combines community reports from the and shelters and veterinaries from loaded in real time as you zoom in.
    PawFed is built to be a community project, not a one person effort. There will be many ways to contribute beyond posting reports.
    If you find the project useful, don't hesitate to share it. Thank you. (3/3)

    read more
  • apps@toot.fedilab.appundefined
    apps@toot.fedilab.app

    PawFed is not tied to any country or language. Right now it works in French and English: and produce the same report.
    But the goal is to go further. Hashtag and keyword detection is based on translation files. When someone contributes a new language, PawFed starts understanding posts in that language automatically. (2/3)

    read more
@pierobosio@soc.bosio.info
Post suggeriti
  • fedify@hollo.socialundefined

    # Fedify 1.10.0: Observability foundations for the future debug dashboard

    Technical Discussion fedify fedidev release fediverse typescript activitypub opentelemetry
    1
    0 Votes
    1 Posts
    8 Views
    fedify@hollo.socialundefined
    Fedify 1.10.0: Observability foundations for the future debug dashboard Fedify is a #TypeScript framework for building #ActivityPub servers that participate in the #fediverse. It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities. We're excited to announce #Fedify 1.10.0, a focused release that lays critical groundwork for future debugging and observability features. Released on December 24, 2025, this version introduces infrastructure improvements that will enable the upcoming debug dashboard while maintaining full backward compatibility with existing Fedify applications. This release represents a transitional step toward Fedify 2.0.0, introducing optional capabilities that will become standard in the next major version. The changes focus on enabling richer observability through OpenTelemetry enhancements and adding prefix scanning capabilities to the key–value store interface. Enhanced OpenTelemetry instrumentation Fedify 1.10.0 significantly expands OpenTelemetry instrumentation with span events that capture detailed ActivityPub data. These enhancements enable richer observability and debugging capabilities without relying solely on span attributes, which are limited to primitive values. The new span events provide complete activity payloads and verification status, making it possible to build comprehensive debugging tools that show the full context of federation operations: activitypub.activity.received event on activitypub.inbox span — records the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information activitypub.activity.sent event on activitypub.send_activity span — records the full activity JSON and target inbox URL activitypub.object.fetched event on activitypub.lookup_object span — records the fetched object's type and complete JSON-LD representation Additionally, Fedify now instruments previously uncovered operations: activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used These instrumentation improvements emerged from work on issue #234 (Real-time ActivityPub debug dashboard). Rather than introducing a custom observer interface as originally proposed in #323, we leveraged Fedify's existing OpenTelemetry infrastructure to capture rich federation data through span events. This approach provides a standards-based foundation that's composable with existing observability tools like Jaeger, Zipkin, and Grafana Tempo. Distributed trace storage with FedifySpanExporter Building on the enhanced instrumentation, Fedify 1.10.0 introduces FedifySpanExporter, a new OpenTelemetry SpanExporter that persists ActivityPub activity traces to a KvStore. This enables distributed tracing support across multiple nodes in a Fedify deployment, which is essential for building debug dashboards that can show complete request flows across web servers and background workers. The new @fedify/fedify/otel module provides the following types and interfaces: import { MemoryKvStore } from "@fedify/fedify"; import { FedifySpanExporter } from "@fedify/fedify/otel"; import { BasicTracerProvider, SimpleSpanProcessor, } from "@opentelemetry/sdk-trace-base"; const kv = new MemoryKvStore(); const exporter = new FedifySpanExporter(kv, { ttl: Temporal.Duration.from({ hours: 1 }), }); const provider = new BasicTracerProvider(); provider.addSpanProcessor(new SimpleSpanProcessor(exporter)); The stored traces can be queried for display in debugging interfaces: // Get all activities for a specific trace const activities = await exporter.getActivitiesByTraceId(traceId); // Get recent traces with summary information const recentTraces = await exporter.getRecentTraces({ limit: 100 }); The exporter supports two storage strategies depending on the KvStore capabilities. When the list() method is available (preferred), it stores individual records with keys like [prefix, traceId, spanId]. When only cas() is available, it uses compare-and-swap operations to append records to arrays stored per trace. This infrastructure provides the foundation for implementing a comprehensive debug dashboard as a custom SpanExporter, as outlined in the updated implementation plan for issue #234. Optional list() method for KvStore interface Fedify 1.10.0 adds an optional list() method to the KvStore interface for enumerating entries by key prefix. This method enables efficient prefix scanning, which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries. interface KvStore { // ... existing methods list?(prefix?: KvKey): AsyncIterable<KvStoreListEntry>; } When the prefix parameter is omitted or empty, list() returns all entries in the store. This is useful for debugging and administrative purposes. All official KvStore implementations have been updated to support this method: MemoryKvStore — filters in-memory keys by prefix SqliteKvStore — uses LIKE query with JSON key pattern PostgresKvStore — uses array slice comparison RedisKvStore — uses SCAN with pattern matching and key deserialization DenoKvStore — delegates to Deno KV's built-in list() API WorkersKvStore — uses Cloudflare Workers KV list() with JSON key prefix pattern While list() is currently optional to give existing custom KvStore implementations time to add support, it will become a required method in Fedify 2.0.0 (tracked in issue #499). This migration path allows implementers to gradually adopt the new capability throughout the 1.x release cycle. The addition of list() support was implemented in pull request #500, which also included the setup of proper testing infrastructure for WorkersKvStore using Vitest with @cloudflare/vitest-pool-workers. NestJS 11 and Express 5 support Thanks to a contribution from Cho Hasang (@crohasang@hackers.pub), the @fedify/nestjs package now supports NestJS 11 environments that use Express 5. The peer dependency range for Express has been widened to ^4.0.0 || ^5.0.0, eliminating peer dependency conflicts in modern NestJS projects while maintaining backward compatibility with Express 4. This change, implemented in pull request #493, keeps the workspace catalog pinned to Express 4 for internal development and test stability while allowing Express 5 in consuming applications. What's next Fedify 1.10.0 serves as a stepping stone toward the upcoming 2.0.0 release. The optional list() method introduced in this version will become required in 2.0.0, simplifying the interface contract and allowing Fedify internals to rely on prefix scanning being universally available. The enhanced #OpenTelemetry instrumentation and FedifySpanExporter provide the foundation for implementing the debug dashboard proposed in issue #234. The next steps include building the web dashboard UI with real-time activity lists, filtering, and JSON inspection capabilities—all as a separate package that leverages the standards-based observability infrastructure introduced in this release. Depending on the development timeline and feature priorities, there may be additional 1.x releases before the 2.0.0 migration. For developers building custom KvStore implementations, now is the time to add list() support to prepare for the eventual 2.0.0 upgrade. The implementation patterns used in the official backends provide clear guidance for various storage strategies. Acknowledgments Special thanks to Cho Hasang (@crohasang@hackers.pub) for the NestJS 11 compatibility improvements, and to all community members who provided feedback and testing for the new observability features. For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository. #fedidev #release
  • activitypub.blog@activitypub.blogundefined

    7.8.0 – Happy Holidays

    Fediverso activitypub fediverse moderation reactions reader wordpress
    5
    4
    0 Votes
    5 Posts
    25 Views
    pfefferle@mastodon.socialundefined
    @atarifrosch @activitypub.blog @about.iftas.org There’s no intention to exclude ClassicPress. Our resources are limited, so we don’t actively test with it, but I’m happy to fix issues when possible... or, even better, merge PRs that resolve them.
  • zeab@fosstodon.orgundefined

    Kind of wild #cooklang has its own federation setup now.

    General Discussion cooklang rss activitypub
    1
    0 Votes
    1 Posts
    13 Views
    zeab@fosstodon.orgundefined
    Kind of wild #cooklang has its own federation setup now. 😅Sure it uses #rss. No fancy #ActivityPub. Still, fascinating to see something like this. More of the web trying to index itself as primary search engines lose all their meaning to what search means. 🫠https://cooklang.org/blog/13-the-dishwasher-salmon-problem/
  • openrisk.eu@bsky.brid.gyundefined

    remarkably, after a decade of #activitypub / #fediverse and several years of #atproto / #bluesky protocols, LinkedIn is the only major social media platform type that doesn't face *any* competition from a decentralized, #opensource platform.

    Fediverso activitypub fediverse atproto bluesky opensource
    2
    0 Votes
    2 Posts
    17 Views
    openrisk.eu@bsky.brid.gyundefined
    remarkably, after a decade of #activitypub / #fediverse and several years of #atproto / #bluesky protocols, LinkedIn is the only major social media platform type that doesn't face *any* competition from a decentralized, #opensource platform. Not even a token effort. Interesting, no?RE: https://bsky.app/profile/did:plc:ks244q2qaqc5r3u5uftv4rbj/post/3lz4giuit7k2p