fedify 2.2.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

• TODO and FIXME comments have been checked.

release notes

Released on April 28, 2026.
@fedify/fedify


Shipped an Agent Skills bundle at skills/fedify/ and declared it in package.json through the agents.skills field.  The skill teaches AI coding agents how to use Fedify inside a consumer's project (builder pattern, dispatchers, framework integrations, vocabulary, keys, queues and storage, observability, CLI, and common pitfalls).  Projects that run a tool implementing the Agent Skills spec, such as skills-npm, will pick up the skill automatically from node_modules, keeping the guidance in sync with the installed Fedify version.  [#711, #712]


Added setOutboxListeners() and OutboxContext for handling client-to-server POST requests to actor outboxes.  Outbox listeners use application-defined authorization through .authorize(), catch activity types with .on(), and require explicit delivery through ctx.sendActivity() or ctx.forwardActivity().  Fedify now also logs a runtime warning when an outbox listener returns without delivering the posted activity. [#430, #688]


Allowed actor dispatchers to return Tombstone for deleted accounts. Fedify now serves those actor URIs as 410 Gone with the serialized tombstone body, and the corresponding WebFinger lookups also return 410 Gone instead of pretending the account was never handled. Added a RequestContext.getActor() overload that can return those tombstones to application code when called with { tombstone: "passthrough" }. [#644, #680]


Added DoubleKnockOptions.maxRedirection to configure the maximum number of redirects followed by doubleKnock(). getAuthenticatedDocumentLoader() now also respects GetAuthenticatedDocumentLoaderOptions.maxRedirection.


Improved interoperability with threadiverse software by serializing the public audience as the full https://www.w3.org/ns/activitystreams#Public URI in outgoing activities' to, cc, bto, bcc, and audience fields, instead of the compacted as:Public or Public CURIEs that JSON-LD compaction would otherwise produce.  Some ActivityPub implementations, Lemmy included, match those fields as plain URLs without JSON-LD expansion and would silently drop activities carrying the CURIE form; see LemmyNet/lemmy#6465.  The rewrite is gated on a URDNA2015 canonical-form equivalence check, so an application-defined @context that redefines the as: prefix or the bare Public term is preserved as is.  The rewrite is also applied before eddsa-jcs-2022 Object Integrity Proof signing so the signed bytes match what is sent on the wire.  [#710, #721]


Improved interoperability with Pixelfed by serializing outgoing activities' attachment fields as arrays even when there is only one attachment.  JSON-LD compaction would otherwise emit a scalar value for single attachments, but Pixelfed currently expects an array and may reject incoming posts; see pixelfed/pixelfed#6588.  [#721]


@fedify/lint

Added the outbox-listener-delivery-required rule.  It warns when an outbox listener registered through setOutboxListeners() returns without an explicit delivery call, which would otherwise leave a posted client activity unfederated.  [#430, #688]

@fedify/testing

Added createOutboxContext() plus postOutboxActivity() and mock setOutboxListeners() support so outbox listeners using either sendActivity() or forwardActivity() can be tested without spinning up a live federation server.  [#430, #688]

@fedify/vocab-runtime

Added DocumentLoaderFactoryOptions.maxRedirection to configure the maximum number of redirects followed by getDocumentLoader().

@fedify/vocab


Added Tombstone.formerType plus generated entity type helpers for deleted vocabulary objects.  Applications can now construct tombstones with Fedify entity classes such as Person, and @fedify/vocab now exports $EntityType, isEntityType(), and getEntityTypeById() for working with those references.  Unknown remote formerType values are ignored with a warning instead of making the whole tombstone fail to parse. [#645, #681]


Added FEP-044f vocabulary support for Mastodon-style quote posts. [#452, #679]

Added QuoteRequest and QuoteAuthorization classes.
Added canQuote to InteractionPolicy.
Added quote and quoteAuthorization properties to Article, ChatMessage, Note, and Question.



Added vocabulary types for FEP-0837, economic resource coordination in federated networks.  [#578 by Samuel Brinkmann]

Added Proposal class for publishing offers or requests.
Added Intent class for describing economic transactions within a proposal, with action, resourceConformsTo, resourceQuantity, availableQuantity, and minimumQuantity properties.
Added Measure class for representing quantities with units of measure, with unit and numericalValue properties.



@fedify/vocab-tools

Added the fedify:vocabEntityType pseudo-scalar to the vocabulary generator.  Vocabulary properties can now accept generated Fedify entity constructors instead of arbitrary IRIs when the schema wants a reference to a known vocabulary type.  Generated code now also emits the supporting $EntityType, isEntityType(), and getEntityTypeById() helpers for working with those references.  [#645, #681]

@fedify/cli


Made fedify lookup --recurse honor -p/--allow-private-address for recursively discovered object URLs, matching the policy already used by -t/--traverse.  Recursive lookups still reject private or localhost targets by default unless users explicitly opt in. [#700, #718]


Added FEP-044f quote support to fedify lookup --recurse, so the CLI can follow both the new quote-post relation and the older quoteUrl compatibility surface.  [#452, #679]


@fedify/solidstart

Added @fedify/solidstart package for integrating Fedify with SolidStart.  It provides fedifyMiddleware() for request handling with SolidStart's middleware system. [#476, #601 by Hyeonseo Kim and #652 by ChanHaeng Lee]

@fedify/nuxt

Added @fedify/nuxt package for integrating Fedify with Nuxt. It provides a Nuxt module that delegates non-federation requests to Nuxt, supports shared-route content negotiation, and returns deferred 406 Not Acceptable when Fedify routes are requested without ActivityPub-compatible Accept headers and Nuxt has no matching page. [#149, #674 by ChanHaeng Lee]

@fedify/init


Added a --allow-non-empty option to fedify init for automated scaffolding in directories that already contain unrelated files.  The command still fails before making changes if any file that Fedify would generate already exists, avoiding accidental merges or appends. [#716, #717]


Fixed fedify init so that a directory containing only a freshly initialized Git repository is treated as empty.  Directories whose Git HEAD already resolves to a commit, whose Git metadata contains loose or packed refs, stored objects, an index, or reflogs, or that contain any files besides .git, still require the existing non-empty-directory confirmation.  [#716, #717]


Fixed generated biome.json files to use Biome 2 configuration syntax, matching the @biomejs/biome version that fedify init installs. Generated projects now enable import organization through Biome's assist.actions.source.organizeImports setting instead of the removed top-level organizeImports option.  [#716, #717]


Fixed errors when using fedify init with certain web framework integration packages (Astro, ElysiaJS, Nitro) alongside @fedify/mysql. Environment variables are now properly loaded at runtime, resolving the TypeError: Cannot read properties of undefined from mysql2. [#649, #656 by ChanHaeng Lee]


Supported Nuxt as a web framework option in fedify init, with templates for federation setup, logging, and Nitro middleware. [#149, #675 by ChanHaeng Lee]


Docs


Added a per-page Markdown action to the docs site so readers can open or copy the LLM-friendly Markdown for the current page without guessing the generated *.md path or starting from llms.txt.  The action is now available directly from each documentation page while llms.txt and llms-full.txt continue to exclude high-noise pages such as the changelog, contribution guide, README.md, and sponsors page.  [#706, #715]


Added Building a federated blog tutorial showing how to layer ActivityPub federation onto an Astro + Bun blog: actor setup, follower management, SQLite persistence, sending Create/Update/ Delete(Article) activities on server startup, and receiving Create/Update/Delete(Note) inbox activities as comments. [#691, #695]


Added a new tutorial, Building a threadiverse community platform, that walks through building a Lemmy-style community server with Fedify and Next.js.  Where the existing Creating your own federated microblog tutorial is actor- and timeline-centric, this one is community-centric: it models communities as Group actors, threads as Page objects wrapped in Create, replies as Note objects, and the community-side Announce redistribution that threadiverse software (Lemmy, Mbin, NodeBB) uses to fan activity out to every subscriber.  [#704, #710]


Added Creating an image sharing service tutorial, a Pixelfed-style image-sharing companion to the microblog walk-through.  Built on Nuxt 4 and the new @fedify/nuxt integration, the tutorial covers actor dispatchers, key pairs, follow/unfollow flows, image-bearing Create(Note) fan-out and reception, an outbound Like/Undo(Like) heart toggle, and threaded comments through inReplyTo.  The companion example repository keeps one commit per chapter at the bottom of its log, with a few rehearsal-driven follow-ups landed on top, and the federation flows are demonstrated against both Mastodon and Pixelfed.  [#693]


Added a custom collections cookbook example for bookmark-like data, demonstrating cursor pagination, URI-template filtering, collection counters, actor stream links, and requester-aware collections using ctx.getSignedKeyOwner().  [#694, #722]

View the full release notes at https://github.com/fedify-dev/fedify/releases/tag/2.2.0.

---

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.

Caution

Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch.