Add at-least-once delivery + idempotent federation handler

- EventProcessor now recovers stuck "processing" activities back to "pending" after 5 minutes (handles process crashes) - New ap_delivery_log table records successful inbox deliveries - Federation delivery handler checks the log before sending, so retries skip already-delivered inboxes - Together these give at-least-once + idempotent semantics Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 16:16:55 +00:00
parent 8951a62b90
commit 9cb8cf9e1d
4 changed files with 140 additions and 12 deletions
--- a/events/handlers/ap_delivery_handler.py
+++ b/events/handlers/ap_delivery_handler.py
@@ -2,6 +2,9 @@

 Registered as a wildcard handler — fires for every activity.  Skips
 non-public activities and those without an actor profile.
+
+Idempotent: successful deliveries are recorded in ap_delivery_log.
+On retry (at-least-once reaper), already-delivered inboxes are skipped.
 """
 from __future__ import annotations

@@ -12,7 +15,7 @@ from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

 from shared.events.bus import register_activity_handler
-from shared.models.federation import ActorProfile, APActivity, APFollower
+from shared.models.federation import ActorProfile, APActivity, APFollower, APDeliveryLog
 from shared.services.registry import services

 log = logging.getLogger(__name__)
@@ -67,8 +70,8 @@ async def _deliver_to_inbox(
    body: dict,
    actor: ActorProfile,
    domain: str,
-) -> bool:
-    """POST signed activity to a single inbox. Returns True on success."""
+) -> int | None:
+    """POST signed activity to a single inbox. Returns status code or None on error."""
    from shared.utils.http_signatures import sign_request
    from urllib.parse import urlparse
    import json
@@ -96,13 +99,12 @@ async def _deliver_to_inbox(
        )
        if resp.status_code < 300:
            log.info("Delivered to %s → %d", inbox_url, resp.status_code)
-            return True
        else:
            log.warning("Delivery to %s → %d: %s", inbox_url, resp.status_code, resp.text[:200])
-            return False
+        return resp.status_code
    except Exception:
        log.exception("Delivery failed for %s", inbox_url)
-        return False
+        return None


 async def on_any_activity(activity: APActivity, session: AsyncSession) -> None:
@@ -140,12 +142,34 @@ async def on_any_activity(activity: APActivity, session: AsyncSession) -> None:
        log.debug("No followers to deliver to for %s", activity.activity_id)
        return

+    # Deduplicate inboxes
+    all_inboxes = {f.follower_inbox for f in followers if f.follower_inbox}
+
+    # Check delivery log — skip inboxes we already delivered to (idempotency)
+    existing = (
+        await session.execute(
+            select(APDeliveryLog.inbox_url).where(
+                APDeliveryLog.activity_id == activity.id,
+                APDeliveryLog.status_code < 300,
+            )
+        )
+    ).scalars().all()
+    already_delivered = set(existing)
+
+    inboxes = all_inboxes - already_delivered
+    if not inboxes:
+        log.info("All %d inbox(es) already delivered for %s", len(all_inboxes), activity.activity_id)
+        return
+
+    if already_delivered:
+        log.info(
+            "Skipping %d already-delivered inbox(es), delivering to %d remaining",
+            len(already_delivered), len(inboxes),
+        )
+
    # Build activity JSON
    activity_json = _build_activity_json(activity, actor, domain)

-    # Deduplicate inboxes
-    inboxes = {f.follower_inbox for f in followers if f.follower_inbox}
-
    log.info(
        "Delivering %s to %d inbox(es) for @%s",
        activity.activity_type, len(inboxes), actor.preferred_username,
@@ -153,7 +177,17 @@ async def on_any_activity(activity: APActivity, session: AsyncSession) -> None:

    async with httpx.AsyncClient() as client:
        for inbox_url in inboxes:
-            await _deliver_to_inbox(client, inbox_url, activity_json, actor, domain)
+            status_code = await _deliver_to_inbox(
+                client, inbox_url, activity_json, actor, domain
+            )
+            # Log successful deliveries for idempotency
+            if status_code is not None and status_code < 300:
+                session.add(APDeliveryLog(
+                    activity_id=activity.id,
+                    inbox_url=inbox_url,
+                    status_code=status_code,
+                ))
+                await session.flush()


 # Wildcard: fires for every activity