mono/federation/README.md

# Federation App

OAuth2 authorization server and ActivityPub social hub for the Rose Ash cooperative. Handles user authentication, fediverse federation, and social features (timeline, compose, follow, notifications).

## Structure

```
app.py                  # Application factory (create_base_app + blueprints)
path_setup.py           # Adds project root + app dir to sys.path
entrypoint.sh           # Container entrypoint (optional migrations, Redis flush, start)
bp/
  auth/                 #   Login, magic link, logout, OAuth2 authorize endpoint
  identity/             #   Actor profile management
  social/               #   Timeline, compose, search, follow/unfollow,
                        #   like/boost, notifications, following/followers lists
  fragments/            #   Fragment endpoints
models/                 # Re-export stubs pointing to shared/models/
services/               # register_domain_services() — wires all domains
templates/              # Federation-specific templates (override shared/)
```

## OAuth2 SSO

Federation is the authorization server for all Rose Ash apps:

- `/oauth/authorize` — authorization endpoint (PKCE supported)
- Magic link login (passwordless email)
- All client apps auto-get `/auth/login`, `/auth/callback`, `/auth/logout` via `shared/infrastructure/oauth.py`
- Per-app first-party session cookies (Safari ITP compatible)

## ActivityPub

- Per-app actors: each app has its own AP actor (virtual projection of the same keypair)
- Actor endpoints: webfinger, actor profile, inbox, outbox, followers
- Social features: timeline, compose, search, follow/unfollow, like/boost, notifications
- Activities emitted to `ap_activities` table, processed by `EventProcessor`
- HTTP signatures + IPFS content addressing

## Cross-domain communication

- `services.blog.*` — post queries for content federation
- `services.calendar.*` — event queries
- `services.market.*` — product queries
- `services.cart.*` — cart summary for context processor