📸 6: #FOSDEM Social Web devroom pics – @hongminhee of @fedify

video: https://ftp.belnet.be/mirror/FOSDEM/video/2026/h2215/KSEUZT-fedify.mp4

Did you know there's a community space for #Fedify, #Hollo, #BotKit, and other Fedify ecosystem projects?

Whether you have questions, want to share what you're building, or just want to hang out with fellow fediverse developers—come join us!

• Matrix: #fedify:matrix.org
• Discord

Recently, @moreal built ap-thread-reader, a tool that displays threaded posts on a single page. Works with any ActivityPub platform, not just Mastodon.

Try it at https://ap-thread-reader.fly.dev/.

Built with Fedify and released as open source: https://github.com/moreal/ap-thread-reader.

More details at https://blog.moreal.dev/2026/02/ap-thread-reader-introduction/index.en.html.

It was great to see fantastic people at @offline today, and thank you for listening my talk! If you'd like to get my deck, here it is: Fedify: Building ActivityPub servers without the pain.

Huge thanks @liaizon for organizing this event!

Thanks all for listening to my talk about #Fedify at #FOSDEM 2026 today! Here's my deck for the talk: Fedify: Building ActivityPub servers without the pain.

@fedify abstracts away complexity in building for the fediverse

Now we have @hongminhee presenting @fedify!

Slides from @hongminhee talking about @fedify

#Fediverse #FOSDEM #FOSDEM2026 #SocialWeb #SocialWebFOSDEM #SocialWebFOSDEM2026

Up next is @hongminhee talking about @fedify

#Fediverse #FOSDEM #FOSDEM2026 #SocialWeb #SocialWebFOSDEM #SocialWebFOSDEM2026

We've published an AI usage policy for the Fedify project, inspired by Ghostty's approach.

TL;DR: AI tools are welcome, but contributions must disclose AI usage, be tied to accepted issues, and be human-verified. Maintainers are exempt.

https://github.com/fedify-dev/fedify/blob/main/AI_POLICY.md

ioriとFedify

ioriがActivityPubをサポートできているのは、間違いなくFedifyのおかげである。

自分でActivityPubの仕様を一から実装しようとしたことはこれまでに何度もあるが、以下の問題にぶつかり、いつも挫折してきた。

• データモデリングの対象が広範囲に及ぶ
  • Vocabularyが多岐にわたる
  • オブジェクトタイプやアクタータイプが多い
• ネットワーク通信の仕様が複雑
  • HTTPシグネチャチャの実装
  • JSON-LDのコンテキスト解決

私が本当に提供したいのはナレッジ管理サービスであり、ActivityPubの実装ではない。Fedifyはこれらの複雑さを抽象化し、開発者がビジネスロジックに集中できるようにしてくれる。

@reiver From personal experience, at the very least anything based on @fedify can represent multiple keys for an actor.

FEP-521a has a list of implementations: https://codeberg.org/fediverse/fep/src/branch/main/fep/521a/fep-521a.md#implementations

On changing keys, I used to think this was impossible, but then I saw Claire mention that Mastodon will simply accept a changed key as long as the valid updated actor can be fetched from its canonical URI. So I guess that might work straightforwardly?

I'll be presenting @fedify at @fosdem 2026! My talk Fedify: Building ActivityPub servers without the pain was accepted for the Social Web Devroom. See you in Brussels on January 31–February 1!

Fedifyってテスト用に相手のAPサーバーのモック的なのが使えるのね。署名やネットワークのことを気にせずにActivityの送受信をテストできると。素晴らしい。
https://fedify.dev/manual/test#mocking

요즘 fedify를 이용한 연합되는 블로그 만들기에 열 올리고 있는데... 참 재밌는 것 같아요. fedify도 참 잘 만든 라이브러리인 것 같구... 나중에 블로그 실서비스 하게 될 때가 기대되네요♡

Fedify 1.10.0: Observability foundations for the future debug dashboard

Fedify is a #TypeScript framework for building #ActivityPub servers that participate in the #fediverse. It reduces the complexity and boilerplate typically required for ActivityPub implementation while providing comprehensive federation capabilities.

We're excited to announce #Fedify 1.10.0, a focused release that lays critical groundwork for future debugging and observability features. Released on December 24, 2025, this version introduces infrastructure improvements that will enable the upcoming debug dashboard while maintaining full backward compatibility with existing Fedify applications.

This release represents a transitional step toward Fedify 2.0.0, introducing optional capabilities that will become standard in the next major version. The changes focus on enabling richer observability through OpenTelemetry enhancements and adding prefix scanning capabilities to the key–value store interface.

Enhanced OpenTelemetry instrumentation

Fedify 1.10.0 significantly expands OpenTelemetry instrumentation with span events that capture detailed ActivityPub data. These enhancements enable richer observability and debugging capabilities without relying solely on span attributes, which are limited to primitive values.

The new span events provide complete activity payloads and verification status, making it possible to build comprehensive debugging tools that show the full context of federation operations:

• activitypub.activity.received event on activitypub.inbox span — records the full activity JSON, verification status (activity verified, HTTP signatures verified, Linked Data signatures verified), and actor information
• activitypub.activity.sent event on activitypub.send_activity span — records the full activity JSON and target inbox URL
• activitypub.object.fetched event on activitypub.lookup_object span — records the fetched object's type and complete JSON-LD representation

Additionally, Fedify now instruments previously uncovered operations:

• activitypub.fetch_document span for document loader operations, tracking URL fetching, HTTP redirects, and final document URLs
• activitypub.verify_key_ownership span for cryptographic key ownership verification, recording actor ID, key ID, verification result, and the verification method used

These instrumentation improvements emerged from work on issue #234 (Real-time ActivityPub debug dashboard). Rather than introducing a custom observer interface as originally proposed in #323, we leveraged Fedify's existing OpenTelemetry infrastructure to capture rich federation data through span events. This approach provides a standards-based foundation that's composable with existing observability tools like Jaeger, Zipkin, and Grafana Tempo.

Distributed trace storage with FedifySpanExporter

Building on the enhanced instrumentation, Fedify 1.10.0 introduces FedifySpanExporter, a new OpenTelemetry SpanExporter that persists ActivityPub activity traces to a KvStore. This enables distributed tracing support across multiple nodes in a Fedify deployment, which is essential for building debug dashboards that can show complete request flows across web servers and background workers.

The new @fedify/fedify/otel module provides the following types and interfaces:

import { MemoryKvStore } from "@fedify/fedify";
import { FedifySpanExporter } from "@fedify/fedify/otel";
import {
  BasicTracerProvider,
  SimpleSpanProcessor,
} from "@opentelemetry/sdk-trace-base";

const kv = new MemoryKvStore();
const exporter = new FedifySpanExporter(kv, {
  ttl: Temporal.Duration.from({ hours: 1 }),
});

const provider = new BasicTracerProvider();
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));

The stored traces can be queried for display in debugging interfaces:

// Get all activities for a specific trace
const activities = await exporter.getActivitiesByTraceId(traceId);

// Get recent traces with summary information
const recentTraces = await exporter.getRecentTraces({ limit: 100 });

The exporter supports two storage strategies depending on the KvStore capabilities. When the list() method is available (preferred), it stores individual records with keys like [prefix, traceId, spanId]. When only cas() is available, it uses compare-and-swap operations to append records to arrays stored per trace.

This infrastructure provides the foundation for implementing a comprehensive debug dashboard as a custom SpanExporter, as outlined in the updated implementation plan for issue #234.

Optional list() method for KvStore interface

Fedify 1.10.0 adds an optional list() method to the KvStore interface for enumerating entries by key prefix. This method enables efficient prefix scanning, which is useful for implementing features like distributed trace storage, cache invalidation by prefix, and listing related entries.

interface KvStore {
  // ... existing methods
  list?(prefix?: KvKey): AsyncIterable<KvStoreListEntry>;
}

When the prefix parameter is omitted or empty, list() returns all entries in the store. This is useful for debugging and administrative purposes. All official KvStore implementations have been updated to support this method:

• MemoryKvStore — filters in-memory keys by prefix
• SqliteKvStore — uses LIKE query with JSON key pattern
• PostgresKvStore — uses array slice comparison
• RedisKvStore — uses SCAN with pattern matching and key deserialization
• DenoKvStore — delegates to Deno KV's built-in list() API
• WorkersKvStore — uses Cloudflare Workers KV list() with JSON key prefix pattern

While list() is currently optional to give existing custom KvStore implementations time to add support, it will become a required method in Fedify 2.0.0 (tracked in issue #499). This migration path allows implementers to gradually adopt the new capability throughout the 1.x release cycle.

The addition of list() support was implemented in pull request #500, which also included the setup of proper testing infrastructure for WorkersKvStore using Vitest with @cloudflare/vitest-pool-workers.

NestJS 11 and Express 5 support

Thanks to a contribution from Cho Hasang (@crohasang), the @fedify/nestjs package now supports NestJS 11 environments that use Express 5. The peer dependency range for Express has been widened to ^4.0.0 || ^5.0.0, eliminating peer dependency conflicts in modern NestJS projects while maintaining backward compatibility with Express 4.

This change, implemented in pull request #493, keeps the workspace catalog pinned to Express 4 for internal development and test stability while allowing Express 5 in consuming applications.

What's next

Fedify 1.10.0 serves as a stepping stone toward the upcoming 2.0.0 release. The optional list() method introduced in this version will become required in 2.0.0, simplifying the interface contract and allowing Fedify internals to rely on prefix scanning being universally available.

The enhanced #OpenTelemetry instrumentation and FedifySpanExporter provide the foundation for implementing the debug dashboard proposed in issue #234. The next steps include building the web dashboard UI with real-time activity lists, filtering, and JSON inspection capabilities—all as a separate package that leverages the standards-based observability infrastructure introduced in this release.

Depending on the development timeline and feature priorities, there may be additional 1.x releases before the 2.0.0 migration. For developers building custom KvStore implementations, now is the time to add list() support to prepare for the eventual 2.0.0 upgrade. The implementation patterns used in the official backends provide clear guidance for various storage strategies.

Acknowledgments

Special thanks to Cho Hasang (@crohasang) for the NestJS 11 compatibility improvements, and to all community members who provided feedback and testing for the new observability features.

For the complete list of changes, bug fixes, and improvements, please refer to the CHANGES.md file in the repository.

#fedidev #release

On a related note, if you learn better by building things, @fedify has a step-by-step tutorial where you create a federated microblog from scratch—implementing actors, inbox/outbox, following, and posts along the way:

https://fedify.dev/tutorial/microblog

According to @tchambers's My 2026 Open Social Web Predictions:

Fedify will power the federation layer for at least one mid-sized social platform (500K+ users) that adds ActivityPub support in 2026. The “build vs. buy” calculation for federation shifts decisively toward “just use Fedify.”

We're honored by this recognition and will keep working hard to make #ActivityPub adoption easier for everyone. Thank you, Tim!

#Fedify #fediverse #fedidev

My 2026 Open Social Web Predictions: includes fediverse predctions focuesed on work being done by: @dansup @surf @Mastodon @piefedadmin @ghostexplore @rimu @activitypub.blog @anewsocial @fedify @fed.brid.gy @altstore See what you think. What did I miss? https://www.timothychambers.net/2025/12/23/my-open-social-web-predictions.html

🚨 Security Advisory: CVE-2025-68475

A ReDoS (Regular Expression Denial of Service) vulnerability has been discovered in Fedify's HTML parsing code. This vulnerability could allow a malicious federated server to cause denial of service by sending specially crafted HTML responses.

If you're running Fedify in production, please upgrade to one of the patched versions immediately.

For full details, see the security advisory: https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93

Thank you to Yue (Knox) Liu for responsibly reporting this vulnerability.

#Fedify #ActivityPub #security #fediverse #fedidev

We've been struggling with a JSR publishing issue for nearly two months now—@fedify/cli and @fedify/testing packages hang indefinitely during the server-side processing stage, blocking our releases. Strangely, the problem doesn't reproduce on a local JSR server at all.

We've opened a GitHub issue to track this: https://github.com/jsr-io/jsr/issues/1238.

Fedify has been a Deno-first, JSR-first project from the start, and we really want to keep it that way. If you've experienced similar issues or have any insights, we'd appreciate your input on the issue.

@sirber83@fosstodon.org that's not true! There is Fedify! @hongminhee@hollo.social

There's also the helper lib that NodeBB uses, although that's baked in core.

I'm happy to split this out into an npm module if there is interest though!

@shauna @fedify Nice try! Fedify is elegant to provide federation abilities for web projects.

Chris Hayes built a single-user ActivityPub server for sharing YouTube videos on the fediverse using Fedify and Next.js. The source code is available at https://codeberg.org/chris-hayes/yt-on-fedi.

It's alive! 🧟

After a bit of trial-error, got fediverse comments showing on a #nextjs site running #fedify. My personal fediverse-connected youtube mirror is now mostly feature complete.
(The video post in the screenshot is over here: https://watch.hayes.software/video/16)
#fediverse

It's very long so there's basically no chance of doing this all in one sitting but...whatever, let's see how far I can get this afternoon with @fedify's "build a federated microblog" tutorial: https://unstable.fedify.dev/tutorial/microblog

TBH I may get stuck with basic setup, I've written a lot of javascript but I've largely avoided having to learn JS/TS package management. 😂 (Fun fact, I learned Vue over React or Angular etc because you can build absurdly complex apps while still just importing vue via script tag)

Just opened an issue for a major new task for #Fedify: building an #interoperability smoke test suite.

To ensure Fedify-built servers federate correctly with the wider #fediverse, we're planning to run automated E2E tests in #CI against live instances of Mastodon, Misskey, and more. This is crucial for a framework's reliability.

You can see the full plan and discussion here:

https://github.com/fedify-dev/fedify/issues/481

#ActivityPub #fedidev

By the way:

As a consumer of the public ORCID API, Encyclia is not allowed to generate revenue. To be on the safe side, we don't accept donations either. However, we are happy to be making a modest contribution out of our private pockets to @fedify on @opencollective here: https://opencollective.com/fedify

If you'd like to donate some money to improve Encyclia's functionality and reliability, @fedify is the best place to do so! 🙂

恭喜！太猛了！！
ActivityPub 框架 Fedify 獲得了主權科技基金（Sovereign Tech Fund）19.2 萬歐元的補助，以進一步強化生態系統。

https://hollo.social/@fedify/0199a579-adb3-7bf5-a8ea-970c8fa91f09

Quick update on our release schedule! While we initially planned for Fedify 2.0 to follow version 1.9, we've decided to release Fedify 1.10 next instead. A few features originally slated for 1.9 need more time to mature, and we want to ensure Fedify 2.0 gets the careful attention it deserves for its breaking changes. This means you'll get incremental improvements sooner with 1.10—including our new RFC 6570 URI Template implementation for better expansion and pattern matching—while we continue preparing the more substantial architectural changes for 2.0 in parallel. Rest assured, this doesn't change our long-term roadmap; it just gives us more flexibility to deliver features when they're ready rather than holding them back for a major release.