Each AP-enabled app (blog, market, events, federation) now serves its
own webfinger, actor profile, inbox, outbox, and followers endpoints.
Per-app actors are virtual projections of the same ActorProfile/keypair,
scoped by APFollower.app_domain and APActivity.origin_app.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- EventProcessor now recovers stuck "processing" activities back to
"pending" after 5 minutes (handles process crashes)
- New ap_delivery_log table records successful inbox deliveries
- Federation delivery handler checks the log before sending, so
retries skip already-delivered inboxes
- Together these give at-least-once + idempotent semantics
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The column was added to the create_table migration after it had already
been applied, so the live DB was missing it. This new migration adds
the column and index separately.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each client app sets a persistent first-party device cookie ({app}_did).
On each request:
- Logged in: verify grant via account internal endpoint (cached 60s)
- Not logged in + device cookie: check-device endpoint detects if user
logged in since last grant revocation → triggers OAuth automatically
No cross-domain cookies. No propagation chain. Each app checks independently.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- OAuthGrant model tracks each client authorization, tied to the
account session (issuer_session) that issued it
- OAuth authorize creates grant + code together
- Client apps store grant_token in session, verify via account's
internal /auth/internal/verify-grant endpoint (Redis-cached 60s)
- Account logout revokes only grants from that device's session
- Replaces iframe-based logout with server-side grant revocation
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Each app's EventProcessor now filters by origin_app so apps don't steal
each other's pending activities. emit_activity() and publish_activity()
auto-detect the app name from Quart's current_app.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
All cross-service events now flow through ap_activities with a unified
EventProcessor. Internal events use visibility="internal"; federation
activities use visibility="public" and get delivered by a wildcard handler.
- Add processing columns to APActivity (process_state, actor_uri, etc.)
- New emit_activity() / register_activity_handler() API
- EventProcessor polls ap_activities instead of domain_events
- Rewrite all handlers to accept APActivity
- Migrate all 7 emit_event call sites to emit_activity
- publish_activity() sets process_state=pending directly (no emit_event bridge)
- Migration to drop domain_events table
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds get_followers_paginated and get_actor_timeline to FederationService
protocol + SQL implementation + stubs. Includes accumulated federation
changes: models, DTOs, delivery handler, webfinger, inline publishing,
widget nav templates, and migration.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Merge three alembic heads and drop:
- calendar_entries.order_id FK → orders.id
- tickets.order_id FK → orders.id
Columns kept as plain integers for glue-service bridging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Templates: item.post.X → item.X (MenuNode has label/slug/feature_image directly)
- factory.py: add glue.models to import loop + register_glue_handlers() at startup
- alembic env.py: add glue.models to import loop
- New migration: container_relations + menu_nodes tables with backfill from existing data
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Two branches diverged from e5c3f9a2b1d6 (tag_groups):
- domain_events → generic_containers (g7e5b1c3d4f8)
- tickets → page_configs → market_places → page_tracking (c3d4e5f6a7b8)
This merge migration joins them into a single head so
alembic upgrade head works without specifying a branch.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
requirements.txt copied from shared_lib for Docker build compatibility.
Alembic env.py now uses try/except for app-specific model imports so
upgrade head works in Docker where only one app's code is present.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
