Back to Codeberg

Milestones

forgejo-contrib-federation-milestones.md

latest9.9 KB
Original Source

forgejo-contrib/federation

Watch21

Star82

Fork

You've already forked federation

6

CodeIssues 16Pull requests 8Projects 2ActivityActions

LabelsMilestones

4 Open0 Closed

Sort Nearest due dateFarthest due dateLeast completeMost completeMost issuesLeast issuesName

Milestone -1: Finish old PRs

0%

0 Open

0 Closed

Updated 2026-07-06 17:15:37 +02:00

No due date

This milestone collects all the old PRs waiting for being merged.

Deliveries:

  1. Code

  2. Follow remote users; feed tab: 1. federation-dev: merged 2. forgejo: forgejo/forgejo#4767

  3. federated-undo-like 1. federation-dev: meissa/forgejo#34 2. forgejo: waiting for PR

Milestone 0: Extend E2E Capabilities to Test Masto

100%

0 Open

3 Closed

Updated 2026-04-14 14:29:35 +02:00

No due date

We will extend our end-to-end testing capabilities to successfully test federation against Mastodon instances. Currently, our federation e2e tests use authorized fetch but fail when directed against Mastodon, limiting our ability to ensure interoperability with the broader ActivityPub ecosystem. This work is critical because Mastodon is the most widely deployed ActivityPub implementation, and ensuring compatibility validates our federation approach. Fixing this testing infrastructure will enable us to develop with confidence that our federation features work across different ActivityPub implementations.

A.C.:

  1. We have automated test for mastodon: https://codeberg.org/forgejo-contrib/federation/src/branch/main/doc/user-activity-following/manual-test.md

Deliveries:

  1. adjust end-2-end test with mastodon as additional target

  2. Upstream PR: https://code.forgejo.org/forgejo/end-to-end/pulls/1269 (superseded, see below)

  3. Patch series 1. https://code.forgejo.org/forgejo/end-to-end/pulls/1273 (merged) 2. https://code.forgejo.org/forgejo/end-to-end/pulls/1274 (merged) 3. https://code.forgejo.org/forgejo/end-to-end/pulls/1275 (merged) 4. https://code.forgejo.org/forgejo/end-to-end/pulls/1276 (merged) 5. https://code.forgejo.org/forgejo/end-to-end/pulls/1277 (merged)

  4. adjust mastodon container image:

  5. https://code.forgejo.org/federation/build-mastodon/pulls/1 (merged)

  6. https://code.forgejo.org/federation/build-mastodon/pulls/2 (merged)

  7. https://code.forgejo.org/federation/build-mastodon/pulls/3 (merged)

Kudos to the reviewers: @Gusted, @viceice, @earl-warren, @Beowulf

Milestone 1: Enhance Signature Handling for Actors

67%

1 Open

2 Closed

Updated 2026-01-30 13:17:26 +01:00

No due date

We will refactor the signature handling architecture to support Repository and Organization actors in addition to the currently supported Instance and User actors. This architectural refactoring is essential for enabling repositories and organizations to participate in federated activities with proper authentication and authorization. We will document our decisions in an Architecture Decision Record and deliver the refactored architecture as a pull request to forgejo-contrib/federation. This work establishes the foundation for more complex federation features by ensuring all actor types can securely communicate across instances.

A.C.:

  1. Architecture is updated
  2. SignatureService is cleaned up & we've migrated existing key material in to the new structure

Deliveries:

  1. Architecture

  2. PR about http signature details: #57 (merged)

  3. PR about ID handling / normalization: #82 (merged)

  4. PR about having federation keys in own table: #73 (merged)

  5. PR about simplified signature verification: #84

  6. PR about changing the lifecycle to reduce normalization issues: #85

  7. forgejo code

  8. Simplify signature validation to be the least common denominator: forgejo/forgejo#10189 (merged)

  9. Add support for RFC9421 signatures (which is implemented by Mastodon, and may be implemented by GoToSocial in near future): forgejo/forgejo#10206 - added examples for api.ini configuration of RFC 9421 signatures: forgejo/docs#1672

  10. Handle federated key material as first class citizen instead of attaching them to their actors: forgejo/forgejo#10074

  11. simplified signature verification: 1. federation-dev: meissa/forgejo#38 2. forgejo: waiting for PR

  12. refactor model.forgefed -> model.federation_host 1. federation-dev: meissa/forgejo#39 2. forgejo: waiting for PR

  13. (wip) refactor federation: use optional return types: forgejo/forgejo#10329

Example feature branches of merging the above PRs: meissa/forgejo/federation/dev, 0xllx0/forgejo/federation/dev

Kudos to the reviewers: @n0toose, @silverpill, @Gusted, @mfenniak, @earl-warren, @sclu1034, @mahlzahn

33%

2 Open

1 Closed

Updated 2026-01-30 13:19:53 +01:00

No due date

We will implement Federated Search functionality that allows users to discover and access federated repositories, organizations, and users without copy-pasting URLs.

  1. Users will be able to enter "repo@orga@server" in the search bar and the local instance will display repository stubs for federated content.
  2. We will implement UI representations for stubs and enable users to fetch federated repository objects by pasting remote URLs into the search bar, requiring Accept: application/activity+json header support on repository and user paths.
  3. Additionally, we will deliver a proof-of-concept for an updated threat-model, using the Threagile threat modeling tool to ensure security considerations are addressed as federation capabilities expand. This milestone represents significant effort as it fundamentally changes how users discover and interact with federated content across the forge network.

A.C.:

  1. Scenario works as described here: forgejo/sustainability@d8921b4858/2025/2025-10-01-sta-federation/considerations.md (milestone2-federated-search)
  2. threats are modeled & report is generated continuously by ci

Deliveries:

  1. Architercture

  2. threat-workshop for newly introduced repository search: #89

  3. threat-tool configured: https://repo.prod.meissa.de/meissa/forgejo-threats

  4. Code

  5. (wip) doc: add federated search documentation: #74

  6. (wip) Enhance webfinger for the upcoming actor types like repository or organization: forgejo/forgejo#10107

  7. Create a federated user type: forgejo/forgejo#10434 (merged)

  8. (wip) Create a federated repository: forgejo/forgejo#10453

  9. (wip) threat-analysis: add search threagile model: #83

  10. create webfinger and search provider: forgejo/forgejo#10929

Work to consider:

  1. WIP: Add a POC for the ForgeFeed Specification - forgejo/forgejo#10151/files

Kudos to the reviewers: @Gusted