Excited to share that Fedify CLI is now available on Scoop for #Windows users! You can easily install it with scoop install fedify. One more way to get started with #ActivityPub development!
fedify
Build your own #fediverse server with #Fedify!
Fedify is a #TypeScript framework that simplifies #ActivityPub implementation. Want to build a federated server without the complexity? Fedify has got you covered!
✨ Key features
Complete protocol support including WebFinger, HTTP Signatures, and NodeInfo
Enhanced interoperability with Object Integrity Proofs and Linked Data Signatures
Type-safe Activity Vocabulary API to prevent development mistakes
Reliable delivery with automatic retries and message queues
Full observability through OpenTelemetry integration
Multiple backend support: Redis, PostgreSQL, AMQP
Seamless integration with popular web frameworks: Express, Hono, Fresh, SvelteKit
Comprehensive logging and tracing
Debug ActivityPub in real-time with ephemeral inbox server
Inspect ActivityPub objects and actors with lookup tool
Tunnel your local server for development
🚀 Runtime support
📚 Easy to learn
Extensive docs
Step-by-step tutorials
Community support via Matrix & Discord
Available under the #MIT license—free and open source!
이番(번)에 @lqez 님의 《우리의 코드를 찾아서》에 出演(출연)하여 #페디버스, #ActivityPub, #Fedify, #Hollo에 關(관)해 이야기를 나눴습니다. Fedify와 Hollo의 開發(개발) 祕話(비화) 같은 게 궁금하시다면 한 番(번) 보셔도 재밌을지도 모르겠습니다. ㅎㅎㅎ
I have deeply mixed feelings about #ActivityPub's adoption of JSON-LD, as someone who's spent way too long dealing with it while building #Fedify.
Part of me wishes it had never happened. A lot of developers jump into ActivityPub development without really understanding JSON-LD, and honestly, can you blame them? The result is a growing number of implementations producing technically invalid JSON-LD. It works, sort of, because everyone's just pattern-matching against what Mastodon does, but it's not correct. And even developers who do take the time to understand JSON-LD often end up hardcoding their documents anyway, because proper JSON-LD processor libraries simply don't exist for many languages. No safety net, no validation, just vibes and hoping you got the @context right. Naturally, mistakes creep in.
But then the other part of me thinks: well, we're stuck with JSON-LD now. There's no going back. So wouldn't it be nice if people actually used it properly? Process the documents, normalize them, do the compaction and expansion dance the way the spec intended. That's what Fedify does.
Here's the part that really gets to me, though. Because Fedify actually processes JSON-LD correctly, it's more likely to break when talking to implementations that produce malformed documents. From the end user's perspective, Fedify looks like the fragile one. “Why can't I follow this person?” Well, because their server is emitting garbage JSON-LD that happens to work with implementations that just treat it as a regular JSON blob. Every time I get one of these bug reports, I feel a certain injustice. Like being the only person in the group project who actually read the assignment.
To be fair, there are real practical reasons why most people don't bother with proper JSON-LD processing. Implementing a full processor is genuinely a lot of work. It leans on the entire Linked Data stack, which is bigger than most people expect going in. And the performance cost isn't trivial either. Fedify uses some tricks to keep things fast, and I'll be honest, that code isn't my proudest work.
Anyway, none of this is going anywhere. Just me grumbling into the void. If you're building an ActivityPub implementation, maybe consider using a JSON-LD processor if one's available for your language. And if you're not going to, at least test your output against implementations that do.
What to learn more about the #fediverse and #ActivityPub? This tutorial (https://fedify.dev/tutorial/microblog) from @fedify is a really good starter. It explains how to implement a really simple #federated server and see how communication exchange are done with AP.
As #Fedify's author, I'm contemplating its adoption beyond Ghost's #ActivityPub implementation. Finding potential users for ActivityPub tools seems challenging—perhaps I'm addressing a very niche need?
While the technical complexity of ActivityPub makes tools like Fedify valuable, I wonder about the actual market demand for federation outside specific communities.
Open, decentralized systems make sense to many developers, but businesses often prefer closed ecosystems that align with traditional models.
Still, I see potential as the #fediverse grows and digital sovereignty concerns increase. Fedify aims to lower the technical barriers to federation.
I'm curious: Which projects would benefit most from Fedify today? What would make federation compelling enough for platforms to implement?
Would appreciate perspectives from both developers and platform owners.
Edited 285d ago
If you're interested in building your own #ActivityPub server but don't know where to start, I recommend checking out #Fedify's #tutorial Creating your own federated microblog. It provides a comprehensive, step-by-step guide that walks you through building a fully functional federated application. Perfect for developers who want to dive into the #fediverse!
Just received word that @fedify wasn't selected for @nlnet's Open Call this round. While disappointing, I understand the competition was fierce with many worthy projects seeking limited funding.
The journey continues though—#Fedify development will move forward at its own pace. Thanks to everyone who's shown interest and support for this project so far. Building tools for the #fediverse remains important work, and I'm committed to seeing it through.
If you know of other funding opportunities that might be a good fit for open source #ActivityPub tools, I'm all ears.
#Fedify 1.6 is approaching with three major enhancements: RFC 9421 HTTP Message Signatures support with double-knocking for seamless backward compatibility, a new builder pattern for better code organization in large applications, and native #Cloudflare #Workers support for serverless deployments. These additions strengthen Fedify's standards compliance while expanding deployment flexibility across different environments. Stay tuned for the official release! 🚀
#ActivityPub #fedidev #fediverse #RFC9421 #CloudflareWorkers
Did you know? #Fedify provides #documentation optimized for LLMs through the llms.txt standard.
Available endpoints:
https://fedify.dev/llms.txt — Core documentation overview
https://fedify.dev/llms-full.txt — Complete documentation dump
Useful for training #AI assistants on #ActivityPub/#fediverse development, building documentation chatbots, or #LLM-powered dev tools.
🎉 Big thanks to @2chanhaeng for his first contribution to #Fedify! He implemented the new fedify webfinger command in PR #278, which allows isolated #WebFinger lookups for testing configurations. This addresses the need for developers to test WebFinger functionality without performing comprehensive object retrieval.
The contribution includes:
A new fedify webfinger <handle> command that accepts @user@domain format handles or URIs
Clean JSON output of WebFinger JRD results
Proper error handling for invalid handles and lookup failures
Complete #CLI integration with help text and usage examples
This was originally filed as issue #260 and marked as a good first issue—perfect for newcomers to learn the codebase structure while contributing meaningful functionality. The PR has been merged and will be included in the upcoming Fedify 1.8.0 release.
We appreciate all first-time contributors who help make Fedify better for the entire #fediverse community. Welcome aboard, ChanHaeng!
🎉 Huge shoutout to two amazing contributors from Korea's #OSSCA program who've made excellent contributions to #Fedify!
👏 @gaebalgom tackled a tricky terminal compatibility issue in PR #282, fixing the fedify node command's favicon display on terminal emulators without truecolor support (#168). His solution elegantly detects terminal capabilities and falls back to 256-color mode when needed—ensuring a great experience across different environments.
🌟 @joonnot enhanced Fedify's #WebFinger functionality in PR #281 by adding a configurable maxRedirection option to the lookupWebFinger() function (#248). He transformed a hardcoded limitation into a flexible, user-customizable parameter while maintaining perfect backward compatibility.
Both delivered thoughtful, well-implemented solutions that showcase the quality of contributions coming from the OSSCA program. Welcome to the Fedify community! 
We are pleased to announce the release of #Fedify 1.7.0. This release was expedited at the request of the Ghost team, who are actively using Fedify for their #ActivityPub implementation. As a result, several features originally planned for this version have been moved to Fedify 1.8.0 to ensure timely delivery of the most critical improvements.
This release focuses on enhancing message queue functionality and improving compatibility with ActivityPub servers through refined HTTP signature handling.
Native retry mechanism support
This release introduces support for native retry mechanisms in message queue backends. The new MessageQueue.nativeRetrial property allows queue implementations to indicate whether they provide built-in retry functionality, enabling Fedify to optimize its retry behavior accordingly.
When nativeRetrial is set to true, Fedify will delegate retry handling to the queue backend rather than implementing its own retry logic. This approach reduces overhead and leverages the proven retry mechanisms of established queue systems.
Current implementations with native retry support include:
DenoKvMessageQueue — utilizes Deno KV's automatic retry with exponential backoff
WorkersMessageQueue — leverages Cloudflare Queues' automatic retry and dead-letter queue features
AmqpMessageQueue — can now be configured to use AMQP broker's native retry mechanisms
The InProcessMessageQueue continues to use Fedify's internal retry mechanism, while ParallelMessageQueue inherits the retry behavior from its wrapped queue.
AMQP message queue improvements
Alongside Fedify 1.7.0, we have also released @fedify/amqp 0.3.0. This release adds the nativeRetrial option to AmqpMessageQueueOptions, enabling you to leverage your AMQP broker's built-in retry mechanisms. When enabled, this option allows the AMQP broker to handle message retries according to its configured policies, rather than relying on Fedify's internal retry logic.
Configurable double-knocking
The new FederationOptions.firstKnock option provides control over the HTTP Signatures specification used for the initial signature attempt when communicating with previously unknown servers.
Previously, the first knock for newly encountered servers always used RFC 9421 (HTTP Message Signatures), falling back to draft-cavage-http-signatures-12 if needed. With this release, you can now configure which specification to use for the first knock when communicating with unknown servers, with RFC 9421 remaining the default.
Summary
This release maintains Fedify's commitment to reliability and compatibility while laying the groundwork for more efficient message processing. The native retry mechanism support will particularly benefit applications using queue backends with sophisticated retry capabilities, while the double-knocking mechanism addresses real-world compatibility challenges in the ActivityPub ecosystem.
For detailed technical information about these changes, please refer to the changelog in the repository.
We're pleased to share that Encyclia has joined our success stories.
@encyclia bridges academic research to the #fediverse by making #ORCID researcher profiles and publications discoverable through #ActivityPub—built with #Fedify for seamless interoperability across Mastodon and other fediverse platforms.
This demonstrates Fedify's versatility beyond traditional social networking, helping specialized domains connect to the federated web.
We're also grateful for #Encyclia's sponsorship support, which helps make Fedify's development possible.
Learn more about Encyclia at https://encyclia.pub/. 📚
Excited to share that I've joined #OSSCA (Open Source Software Contribution Academy) as a mentor for the @fedify project!
OSSCA is a national program run by South Korea's NIPA (National IT Industry Promotion Agency) through their Open Source Software Support Center, aimed at fostering the next generation of open source contributors.
We're currently in the process of selecting around 20 mentees who will start contributing to #Fedify once the selection is complete. I've been busy preparing good first issues to help them get started on their open source journey.
Looking forward to working with these new contributors and seeing what amazing things we can build together!
We're thrilled to highlight five outstanding contributions from the Korean Open Source Contribution Academy (#OSSCA) program participants who have been working on #Fedify! Their dedication and effort have significantly enhanced our #ActivityPub server framework.
First up is @nyeong with his monumental #318 PR, implementing a SQLite-based key–value store to address #274. This contribution adds the SqliteKvStore class with full cross-runtime support for Node.js, Deno, and Bun through the new @fedify/sqlite package. His implementation includes atomic operations, TTL support, comprehensive test coverage, and careful attention to SQL injection prevention. This enables developers to use SQLite as a persistent storage backend while maintaining compatibility with Fedify's existing KvStore API—a crucial feature for production deployments!
Next, @crohasang delivered an excellent quality-of-life improvement with #341 PR, fixing #257. He enhanced the CLI to properly respect TTY status and the NO_COLOR environment variable, implementing intelligent color control across all CLI commands. The solution involved switching from @cliffy/ansi/colors to @std/fmt/colors, creating a helper function using Deno.inspect() to handle object formatting, and ensuring colors are correctly disabled when output is redirected to files. This makes the CLI much more pipe-friendly and suitable for automated workflows!
@menele contributed a thoughtful enhancement with #342 PR, addressing #191. She updated the fedify inbox command to display not just the activity type, but also the type of object contained within each activity—transforming output like "Create" into the more informative "Create(Note)" or "Undo" into "Undo(Follow)". This seemingly simple change required making the display function asynchronous to fetch the enclosed objects, significantly improving the debugging experience for developers!
@woaol tackled an important developer experience issue with #329 PR, solving #306. Previously, the fedify init command would often install outdated versions of Fedify packages like @fedify/redis because version numbers were hardcoded in the CLI. They created a getLatestVersion() function that dynamically retrieves package versions from local metadata files, ensuring that developers always get the latest versions of all Fedify packages when initializing a new project. This improvement includes comprehensive test coverage and eliminates the frustration of starting a project with outdated dependencies!
Finally, @kodingwarrior made a significant contribution with #309 PR, implementing #269—NestJS integration! They created the @fedify/nestjs package with a FedifyModule that seamlessly integrates Fedify into NestJS applications. This includes proper middleware implementation, dependency injection support through NestJS's module system, and compatibility with both CommonJS and ESM environments. This opens up Fedify to the large NestJS developer community, making it easier than ever to build ActivityPub-enabled applications with this popular enterprise framework!
These contributions showcase the incredible talent and dedication of the OSSCA participants. From core infrastructure improvements to developer experience enhancements, each contribution makes Fedify better for the entire community. Thank you all for your hard work and welcome to the Fedify contributor family! 🚀
We're looking forward to seeing more amazing contributions from the OSSCA program and the broader community. If you're interested in contributing to Fedify, check out our GitHub repository and join us in building the future of federated social web! 🌟
🎉 Huge shoutouts to two amazing contributors from Korea's #OSSCA program who just made #Fedify even better!
First, @z9mb1 delivered PR #321, adding a handy -o/--output option to fedify lookup. Now you can save lookup results directly to files instead of just printing to terminal—a nice quality-of-life improvement for analysis and scripting workflows.
But the real showstopper is @joonnot's incredible PR #283, which introduces the brand new @fedify/testing package! This massive contribution (2,014 lines across 20 files) brings MockFederation and MockContext classes that completely transform how we test federated applications. No more complex setups or actual network requests—just clean, straightforward unit testing with activity tracking, inbox simulation, and queue-aware testing capabilities.
These contributions solve real pain points and showcase the amazing talent emerging from the OSSCA program. Both features will be available in the upcoming Fedify 1.8 release. The future of federated software development just got a lot brighter! 🚀
We'd like to recognize some excellent contributions from our #OSSCA (Open Source Contribution Academy) participants who have been working on #Fedify.
@gaebalgom contributed PR #339, which introduces the @fedify/elysia package to provide Elysia integration for Fedify. This work addresses issue #286 by creating a plugin that enables developers using #Bun and #Elysia to integrate Fedify's #ActivityPub capabilities into their applications. The contribution includes the core integration module, documentation, examples, and proper monorepo configuration, making Fedify accessible to the Elysia community.
@r4bb1t submitted PR #315, implementing comprehensive AbortSignal support across multiple APIs to resolve issue #51. This contribution adds request cancellation capabilities not only to lookupWebFinger() but also to lookupObject(), DocumentLoader, and the HTTP signature authentication flow (doubleKnock()), allowing developers to properly handle timeouts and abort ongoing requests throughout the entire request chain. The implementation includes extensive test coverage for cancellation scenarios across all affected components and lays the groundwork for adding --timeout options to various CLI commands like fedify lookup, fedify webfinger, and fedify nodeinfo, making federated applications more robust and responsive.
@ooheunda addressed a testing infrastructure issue with PR #350, fixing a race condition in PostgreSQL message queue tests that was causing intermittent failures (issue #346). By adding explicit initialization before concurrent message queue listeners, this fix prevents table creation conflicts that were affecting test reliability, ensuring more consistent PR testing for all contributors.
@songbirds provided two test stability improvements with PR #344 and PR #347. The first PR adds skip guards to RedisKvStore tests as a workaround for a known Bun runtime issue, keeping the test suite functional while awaiting an upstream fix. The second PR resolves a race condition in the code generation process by randomizing output filenames, preventing conflicts during parallel test execution. These contributions help maintain a stable testing environment for the project.
Thank you all for your contributions to Fedify. Your work helps make federated social networking more accessible to developers.
🎉 Huge shoutout to @2chanhaeng for implementing custom collection dispatchers in #Fedify through the Korean #OSSCA program!
This incredible contribution adds support for creating arbitrary collections beyond the built-in ones (e.g., outbox, inbox, following, followers). Now developers can expose custom collections like user bookmarks, post categories, or any grouped content through the #ActivityPub protocol:
federation .setCollectionDispatcher( "bookmarks", Article, "/users/{identifier}/bookmarks", async (ctx, values, cursor) => { const { posts, nextCursor } = await getBookmarkedPosts(values.identifier, cursor); return { items: posts, nextCursor }; } ) .setCounter(async (ctx, values) => getBookmarkCount(values.identifier) );
The implementation is technically excellent with full #TypeScript support, both Collection and OrderedCollection types, cursor-based pagination, authorization predicates, and zero breaking changes. @2chanhaeng delivered not just code but a complete feature with 313 lines of comprehensive documentation, practical examples, and thorough test coverage.
This opens up countless possibilities for ActivityPub applications built with Fedify. From user-specific collections to complex categorization systems, developers now have the flexibility to create any type of custom collection while maintaining full ActivityPub compliance.
Thank you @2chanhaeng for this outstanding contribution and to the OSSCA program for fostering such excellent open source collaboration! 🚀
Issue: https://github.com/fedify-dev/fedify/issues/310
Pull request: https://github.com/fedify-dev/fedify/pull/332
#Fedify has moved to a monorepo structure with unified versioning across all packages (@fedify/fedify, @fedify/cli, database adapters & framework integrations).
All packages now release together, making dependency management much simpler!
Hi #fediverse and #ActivityPub developers!
I'm currently working on interoperability testing for #Hollo and #Fedify, and I need a #Bonfire account to test federation with their implementation.
Since there aren't many open public Bonfire instances available, I was wondering if any Bonfire instance admins out there would be willing to grant me a test account? It would be a huge help for improving interop! Let me know if you can help. Thanks!
🔒 Security Update for BotKit Users
We've released #security patch versions BotKit 0.1.2 and 0.2.2 to address CVE-2025-54888, a security #vulnerability discovered in #Fedify. These updates incorporate the latest patched version of Fedify to ensure your bots remain secure.
We strongly recommend all #BotKit users update to the latest patch version immediately. Thank you for keeping the #fediverse safe! 🛡️
We've released #security updates for #Hollo (0.4.12, 0.5.7, and 0.6.6) to address a #vulnerability in the underlying #Fedify framework. These updates incorporate the latest Fedify security patches that fix CVE-2025-54888.
We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.
Update Instructions:
Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”
Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers
Manual installations: Run git pull to get the latest code, then pnpm install and restart your service