Stop retries for gone actors

dahlia · codex · dahlia · commit a99f7e058c23 · 2026-03-24T21:44:53.000+09:00
Handle Fedify 2.1.0 unverified Delete activities whose signing key fetch now returns 410 Gone by acknowledging the request with 202 Accepted. This prevents remote servers from repeatedly redelivering deletes for actors that are already permanently gone. Keep these unverified activities out of the normal BotKit event handler flow, add regression coverage for the decision logic, and document the behavior in the changelog and events guide. fedify-dev/fedify#472 https://fedify.dev/manual/inbox Co-Authored-By: OpenAI Codex <codex@openai.com>
diff --git a/CHANGES.md b/CHANGES.md
@@ -8,6 +8,27 @@ To be released.
 
 ### @fedify/botkit
 
+ -  Upgraded Fedify to 2.1.0.
+
+     -  BotKit now targets Fedify 2.0's modular package layout, using
+        *@fedify/vocab*, *@fedify/vocab-runtime*, and *@fedify/denokv*
+        where appropriate.
+     -  `Message.language` and `SessionPublishOptions.language` now use
+        `Intl.Locale` instead of `LanguageTag`.
+     -  Bot software versions now use plain strings instead of `SemVer`
+        objects.
+     -  Removed the `parseSemVer()`, `SemVer`, `LanguageTag`, and
+        `parseLanguageTag()` public exports.
+
+ -  BotKit now acknowledges unverified remote `Delete` activities signed by
+    permanently gone actors with `202 Accepted` instead of `401 Unauthorized`.
+
+     -  This applies only when Fedify reports a `keyFetchError` and the
+        remote actor's key fetch returned `410 Gone`.
+     -  The unverified activity is not passed to BotKit event handlers, but
+        the successful response stops repeated redelivery attempts from the
+        remote server.
+
  -  Added FEP-5711 inverse properties to the bot actor's `outbox` and
     `followers` collections.
 
@@ -23,18 +44,6 @@ To be released.
         automatically redirects to the appropriate follow page using the OStatus
         subscribe protocol.
 
- -  Upgraded Fedify to 2.0.3.
-
-     -  BotKit now targets Fedify 2.0's modular package layout, using
-        *@fedify/vocab*, *@fedify/vocab-runtime*, and *@fedify/denokv*
-        where appropriate.
-     -  `Message.language` and `SessionPublishOptions.language` now use
-        `Intl.Locale` instead of `LanguageTag`.
-     -  Bot software versions now use plain strings instead of `SemVer`
-        objects.
-     -  Removed the `parseSemVer()`, `SemVer`, `LanguageTag`, and
-        `parseLanguageTag()` public exports.
-
 [#10]: https://github.com/fedify-dev/botkit/issues/10
 [#14]: https://github.com/fedify-dev/botkit/pull/14
 
diff --git a/deno.lock b/deno.lock
diff --git a/docs/concepts/events.md b/docs/concepts/events.md
@@ -25,6 +25,11 @@ bot.onMention = async (session, message) => {
 Every event handler receives a [session](./session.md) object as the first
 argument, and the event-specific object as the second argument.
 
+BotKit invokes these event handlers only for activities whose signatures were
+verified by Fedify.  As of Fedify 2.1.0, BotKit also acknowledges certain
+unverified remote `Delete` activities from actors whose keys now return
+`410 Gone`, but those activities are not dispatched to `on*` handlers.
+
 The following is a list of events that BotKit supports:
 
 
diff --git a/packages/botkit/src/bot-impl.test.ts b/packages/botkit/src/bot-impl.test.ts
@@ -13,6 +13,7 @@
 //
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
+import type { UnverifiedActivityReason } from "@fedify/fedify";
 import { type InboxContext, MemoryKvStore } from "@fedify/fedify/federation";
 import {
   Accept,
@@ -22,6 +23,7 @@ import {
   Article,
   Collection,
   Create,
+  Delete,
   Emoji,
   EmojiReact,
   Follow,
@@ -1205,6 +1207,78 @@ test("BotImpl.dispatchSharedKey()", () => {
   assert.deepStrictEqual(bot.dispatchSharedKey(ctx), { identifier });
 });
 
+test("BotImpl.onUnverifiedActivity()", async (t) => {
+  const bot = new BotImpl<void>({
+    kv: new MemoryKvStore(),
+    username: "bot",
+  });
+  const ctx = bot.federation.createContext(
+    new Request("https://example.com/ap/inbox", { method: "POST" }),
+    undefined,
+  );
+  const deleteActivity = new Delete({
+    id: new URL("https://remote.example/activities/delete"),
+    actor: new URL("https://remote.example/actors/deleted"),
+    object: new URL("https://remote.example/actors/deleted"),
+  });
+  const createActivity = new Create({
+    id: new URL("https://remote.example/activities/create"),
+    actor: new URL("https://remote.example/actors/deleted"),
+    object: new Note({
+      id: new URL("https://remote.example/notes/1"),
+      attribution: new URL("https://remote.example/actors/deleted"),
+      content: "Hello, world!",
+    }),
+  });
+  const keyFetch410: UnverifiedActivityReason = {
+    type: "keyFetchError",
+    keyId: new URL("https://remote.example/actors/deleted#main-key"),
+    result: {
+      status: 410,
+      response: new Response(null, { status: 410 }),
+    },
+  };
+
+  await t.test("acknowledges gone actor deletes", () => {
+    const response = bot.onUnverifiedActivity(ctx, deleteActivity, keyFetch410);
+    assert.ok(response instanceof Response);
+    assert.deepStrictEqual(response.status, 202);
+  });
+
+  await t.test("ignores non-410 key fetch failures", () => {
+    const reason: UnverifiedActivityReason = {
+      ...keyFetch410,
+      result: {
+        status: 404,
+        response: new Response(null, { status: 404 }),
+      },
+    };
+    const response = bot.onUnverifiedActivity(ctx, deleteActivity, reason);
+    assert.deepStrictEqual(response, undefined);
+  });
+
+  await t.test("ignores non-delete activities", () => {
+    const response = bot.onUnverifiedActivity(ctx, createActivity, keyFetch410);
+    assert.deepStrictEqual(response, undefined);
+  });
+
+  await t.test("ignores other verification failures", () => {
+    const noSignature: UnverifiedActivityReason = { type: "noSignature" };
+    const invalidSignature: UnverifiedActivityReason = {
+      type: "invalidSignature",
+      keyId: new URL("https://remote.example/actors/deleted#main-key"),
+    };
+    assert.deepStrictEqual(
+      bot.onUnverifiedActivity(ctx, deleteActivity, noSignature),
+      undefined,
+    );
+    assert.deepStrictEqual(
+      bot.onUnverifiedActivity(ctx, deleteActivity, invalidSignature),
+      undefined,
+    );
+  });
+});
+
 for (const policy of ["accept", "reject", "manual"] as const) {
   test(`BotImpl.onFollowed() [followerPolicy: ${policy}]`, async (t) => {
     const repository = new MemoryRepository();
diff --git a/packages/botkit/src/bot-impl.ts b/packages/botkit/src/bot-impl.ts
@@ -23,6 +23,7 @@ import {
   type PageItems,
   type RequestContext,
   type Software,
+  type UnverifiedActivityReason,
 } from "@fedify/fedify";
 import {
   Accept,
@@ -33,6 +34,7 @@ import {
   Article,
   ChatMessage,
   Create,
+  Delete,
   Emoji as APEmoji,
   EmojiReact,
   Endpoints,
@@ -236,6 +238,7 @@ export class BotImpl<TContextData> implements Bot<TContextData> {
     );
     this.federation
       .setInboxListeners("/ap/actor/{identifier}/inbox", "/ap/inbox")
+      .onUnverifiedActivity(this.onUnverifiedActivity.bind(this))
       .on(Follow, this.onFollowed.bind(this))
       .on(Undo, async (ctx, undo) => {
         const object = await undo.getObject(ctx);
@@ -552,6 +555,21 @@ export class BotImpl<TContextData> implements Bot<TContextData> {
     return { identifier: this.identifier };
   }
 
+  onUnverifiedActivity(
+    _ctx: RequestContext<TContextData>,
+    activity: Activity,
+    reason: UnverifiedActivityReason,
+  ): Response | void {
+    if (
+      activity instanceof Delete &&
+      reason.type === "keyFetchError" &&
+      "status" in reason.result &&
+      reason.result.status === 410
+    ) {
+      return new Response(null, { status: 202 });
+    }
+  }
+
   async onFollowed(
     ctx: InboxContext<TContextData>,
     follow: Follow,
