We are pleased to announce the release of #Fedify 1.7.0. This release was expedited at the request of the Ghost team, who are actively using Fedify for their #ActivityPub implementation. As a result, several features originally planned for this version have been moved to Fedify 1.8.0 to ensure timely delivery of the most critical improvements.

This release focuses on enhancing message queue functionality and improving compatibility with ActivityPub servers through refined HTTP signature handling.

Native retry mechanism support

This release introduces support for native retry mechanisms in message queue backends. The new MessageQueue.nativeRetrial property allows queue implementations to indicate whether they provide built-in retry functionality, enabling Fedify to optimize its retry behavior accordingly.

When nativeRetrial is set to true, Fedify will delegate retry handling to the queue backend rather than implementing its own retry logic. This approach reduces overhead and leverages the proven retry mechanisms of established queue systems.

Current implementations with native retry support include:

• DenoKvMessageQueue — utilizes Deno KV's automatic retry with exponential backoff
• WorkersMessageQueue — leverages Cloudflare Queues' automatic retry and dead-letter queue features
• AmqpMessageQueue — can now be configured to use AMQP broker's native retry mechanisms

The InProcessMessageQueue continues to use Fedify's internal retry mechanism, while ParallelMessageQueue inherits the retry behavior from its wrapped queue.

AMQP message queue improvements

Alongside Fedify 1.7.0, we have also released @fedify/amqp 0.3.0. This release adds the nativeRetrial option to AmqpMessageQueueOptions, enabling you to leverage your AMQP broker's built-in retry mechanisms. When enabled, this option allows the AMQP broker to handle message retries according to its configured policies, rather than relying on Fedify's internal retry logic.

Configurable double-knocking

The new FederationOptions.firstKnock option provides control over the HTTP Signatures specification used for the initial signature attempt when communicating with previously unknown servers.

Previously, the first knock for newly encountered servers always used RFC 9421 (HTTP Message Signatures), falling back to draft-cavage-http-signatures-12 if needed. With this release, you can now configure which specification to use for the first knock when communicating with unknown servers, with RFC 9421 remaining the default.

Summary

This release maintains Fedify's commitment to reliability and compatibility while laying the groundwork for more efficient message processing. The native retry mechanism support will particularly benefit applications using queue backends with sophisticated retry capabilities, while the double-knocking mechanism addresses real-world compatibility challenges in the ActivityPub ecosystem.

For detailed technical information about these changes, please refer to the changelog in the repository.

Hi friends! ​​

I want to tell you all about a new thing I'm trying, where I'll accept bounties to work on specific features or bug fixes for Sharkey. If there's something you really want implemented, then you can make a donation and I'll prioritize that work over whatever other ticket I was going to work on.

To be clear, this is an agreement to work on a particular project, not a promise to finish it! I'll dedicate a certain amount of time to the work based on the size of the donation, and if I finish the work - then great! If not, I'll upload my progress to branch to either finish later or hand off to another interested party. I may choose to complete the work anyway if it's something that I also want, but that's not a gaurantee!

Pricing is in lose terms because tracking my hours or comtting to deadlines will take all the fun out of everything. Sorry if that's an issue, but I'm not willing to negotiate on this. I will make sure not to "count it" if I don't actually get much work done, so don't worry about picking a bad week and wasting your money. If I don't manage enough work when I initally plan to, then I'll just save my progress and resume when I have more time.

Time slots are broken down like this:
• $20 - I work on my lunch break. This is usually about an hour, so I probably won't complete a whole ticket unless it's something small.
• $30 - I dedicate an evening or two. The exact number of hours varies, but it's usually 2-4 per evening. I'll aim for at least 3 hours in total.
• $50 - It's my weekend project. Again, my availability varies - but sometimes I spend 12+ hours between Saturday and Sunday.
• $100 - This is my focus for the week. I won't devote any more Sharkey time than I would normally, but all of that time is devoted to this work item.

If this sounds like something you'd like, then please reply or send a DM! For this first trial phase, I've picked a curated list of tickets that I'm willing to work on. Assuming everything goes well, I'll add more options and open up the possibility of working on brand new ideas too. I hope this can be a good deal for everyone!

---

Ticket options:

• #499 - enhancement: Context menu button for muting the instance of a post
• #548 - enhancement: Admin feature: Ability to safely reset MFA for end users
• #675 - enhancement: API Endpoint for validating scoped tokens, returning a list of assigned scopes
• #746 - bug: When editing a quote, the "quote" indicator and button are not aligned
• #836 - enhancement: Log IP Address of Registrants
• #910 - enhancement: Allow moderators to set a content warning on any post
• #943 - enhancement: Allow moderators to force a content warning for all posts by an instance
• #953 - enhancement: Investigate a better on-disk structure for drive files
• #997 - enhancement: Increase options for number of poll options
• #1001 - enhancement: Add option to delete all users from remote instance
• #1002 - bug: "Force Content Warning" does not apply to boosts
• #1008 - bug: Search menu does not lookup url containing emoji
• #1034 - enhancement: Multi select for adding notes to clips
• #1039 - enhancement: Add change UI language when logged out
• #1040 - enhancement: Hide alt-text
• #1065 - enhancement: Option to hide note that are replies to a reply of a note
• #1069 - bug: Send abuse reports to contact email
• #1070 - enhancement: Translate Content Warning
• #1071 - enhancement: Translate Alt Text
• #1072 - enhancement: Allow user to specify the source language for translation
• #1076 - enhancement: Support multiple hosts for email delivery
• #1106 - bug: Dont mark post as long for just including certain mfm
• #1110 - enhancement: Allow admins to change bio length limit

---

Clarifications and Disclaimers:

1. As stated above, this is not a promise to complete any work item! I'll put effort in - that's the only gaurantee.
2. This is not a contract of employment or payment for services.
3. If something "important" comes up, then I may pause your work item to focus on that. Think urgent bugs, security issues, or project management responsibilities. This won't count against the promised effort.
4. If multiple donations are made around the same time, then I'll complete them in order of submission.
5. If a work item is completed before I get to your request, then I'll offer the chance to select another ticket instead.
6. You're welcome to ask how long I expect a particular item to take! I may not answer in hours, but I can give a relative estimate of complexity.

#Sharkey #FediDevs #FediDev #SoftwareDev

We're excited to announce the release of #Fedify 1.6.1, which marks the beginning of the 1.6 series following the retraction of version 1.6.0. This release introduces significant new capabilities that expand Fedify's deployment options and enhance security compatibility across the #fediverse.

Cloudflare Workers support

Fedify 1.6 introduces first-class support for Cloudflare Workers, enabling #serverless deployment of #ActivityPub applications at the edge.

New components

• WorkersKvStore: A key–value store implementation using Cloudflare's KV API for persistent storage in Workers environments
• WorkersMessageQueue: A message queue implementation leveraging Cloudflare Queues for reliable message processing

Key features

• Seamless integration with #Cloudflare's serverless runtime
• Automatic handling of queue message processing through Workers' queue() method
• Support for Node.js compatibility flag required for Fedify's cryptographic operations
• Manual queue processing via Federation.processQueuedTask() method

For a complete working example, see the Cloudflare Workers example in the Fedify repository.

Federation builder pattern

Fedify 1.6 introduces the FederationBuilder class and createFederationBuilder() function to support deferred federation instantiation. This pattern provides several benefits:

• Deferred instantiation: Set up dispatchers and listeners before creating the federation object
• Better code organization: Avoid circular dependencies and improve project structure
• Cloudflare #Workers compatibility: Accommodates binding-based architectures where resources are passed as arguments rather than globals
• Modular setup: Build complex federations piece by piece before instantiation

The builder pattern is particularly useful for large applications and environments like Cloudflare Workers where configuration data is only available at runtime.

HTTP Message Signatures (RFC 9421)

Fedify 1.6 implements the official HTTP Message Signatures standard (RFC 9421) specification, the final revision of the HTTP Signatures specification.

Double-knocking mechanism

To ensure maximum compatibility across the fediverse, Fedify 1.6 introduces an intelligent double-knocking mechanism:

1. Primary attempt: RFC 9421 (HTTP Message Signatures) for modern implementations
2. Fallback: Draft cavage version for legacy compatibility
3. Adaptive caching: The system remembers which version each server supports to optimize future requests

This approach ensures seamless communication with both modern and legacy ActivityPub implementations while positioning Fedify at the forefront of security standards.

Interoperability testing

The RFC 9421 implementation has been thoroughly tested for interoperability with existing ActivityPub implementations that support RFC 9421 signature verification:

• Mitra 4.4.0: Successfully verified Fedify-generated RFC 9421 signatures
• Mastodon 4.4.0 development version: Tested RFC 9421 signature verification against Fedify's implementation (refer to Mastodon PR #34814, though Mastodon 4.4.0 has not yet been released)

These tests confirm that other ActivityPub implementations can successfully verify RFC 9421 signatures generated by Fedify, ensuring proper federation as the ecosystem gradually adopts the official specification. While these implementations currently support verification of RFC 9421 signatures, they do not yet generate RFC 9421 signatures themselves—making Fedify one of the first ActivityPub implementations to support both generation and verification of the modern standard.

WebFinger enhancements

Dedicated WebFinger lookup

The new Context.lookupWebFinger() method provides direct access to WebFinger data, offering developers more granular control over account discovery and resource resolution beyond the higher-level Context.lookupObject() method.

Context API improvements

Context data replacement

The new Context.clone() method enables dynamic context data replacement, providing greater flexibility in request processing and data flow management. This is particularly useful for middleware implementations and complex request routing scenarios.

Migration considerations

Backward compatibility

Fedify 1.6 maintains full backward compatibility with existing applications. The new HTTP Message Signatures and double-knocking mechanisms work transparently without requiring any code changes.

Node.js version requirement

Important: Fedify 1.6 requires Node.js 22.0.0 or later for Node.js environments. This change does not affect applications using Deno or Bun runtimes. If you're currently using Node.js, please ensure your environment meets this requirement before upgrading.

New deployment options

For new deployments, consider leveraging Cloudflare Workers support for:

• Global edge deployment with low latency
• Serverless scaling and automatic resource management
• Integration with Cloudflare's ecosystem of services

Looking forward

Fedify 1.6 represents a significant expansion of deployment possibilities while maintaining the framework's commitment to broad compatibility across the fediverse. The addition of Cloudflare Workers support opens new architectural patterns for federated applications, while the RFC 9421 implementation ensures Fedify stays current with emerging ActivityPub security standards.

For detailed migration guides, API documentation, and examples, please visit the Fedify documentation. Join our community on Matrix or Discord for support and discussions.