FEP-044f quote authorization#457
Conversation
Add persistent quote state, approval policy, and authorization fields so Hollo can track pending, accepted, rejected, revoked, and unauthorized quotes. Serialize FEP-044f quote properties and interaction policy data, and parse incoming quote targets from the FEP-044f quote vocabulary. Implement Mastodon-compatible quote policy editing, quote listing, and quote revocation behavior. Add QuoteRequest, Accept, Reject, and QuoteAuthorization Delete handling for federation, plus a dispatcher for local QuoteAuthorization objects. Cover the Mastodon API behavior, ActivityPub serialization and parsing, and the federation quote request lifecycle with tests. Assisted-by: Codex:gpt-5.5
Add a changelog entry under the unreleased 0.9.0 section describing the new FEP-044f quote authorization and quote policy behavior. Assisted-by: Codex:gpt-5.5
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f05a8c14ff
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Require QuoteAuthorization Delete activities to come from the account that issued the authorization before revoking local quote state. Also reject QuoteRequest activities whose actor does not match the attributed quote object before persisting the quote or mutating counters. Fixes fedify-dev#457 (comment) Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
Load the current viewer's approved follow relationship while serializing statuses so followers-only quote policies report current_user as automatic for approved followers instead of denied. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a447a6916c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Accept and Reject responses for quote requests now require the responder to match the quoted post author before mutating quote state. Responses that use the stored QuoteRequest IRI form are also resolved from the local pending quote, so peers do not have to embed the QuoteRequest object. Fixes fedify-dev#457 (comment) Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3183bef73d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Ignore inbound QuoteRequest activities when the persisted quote instrument quotes a different object than the requested local target, preventing invalid state changes, authorization responses, and counter updates. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
Do not persist remote manual-only canQuote interaction policies as public. When Hollo cannot represent a remote manual approval requirement locally, store it conservatively as nobody while preserving the no-policy public default and followers automatic approvals. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bcdc439121
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2fdd597fab
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 47105dbb56
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9f75b628da
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f1d32cde7c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Only publish FEP-044f quote and quoteUrl fields for accepted quotes or legacy quotes without a stored quote state. This prevents pending, rejected, revoked, or unauthorized quote rows from federating as active quotes. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1c108e42b7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Hide quote fallback content and Link tags for inactive quote states during normal ActivityPub serialization, while still including the quote target in pending QuoteRequest instruments so receivers can process the request. Fixes fedify-dev#457 (comment) Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 39bb3d2235
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Avoid follower fan-out when the interaction policy endpoint updates a direct status, while still delivering the update to explicitly mentioned recipients. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 03101d0942
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Treat private status quote policies as effectively nobody across the Mastodon API serializer, local quote validation, ActivityPub canQuote serialization, and inbound QuoteRequest auto-accept handling. Fixes fedify-dev#457 (comment) Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f6050532f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Refresh the previous accepted quote target when an inbound QuoteRequest moves the same remote quote object to a different local target, so stale quotes_count values do not remain on the old target. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f19bb250f1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Ignore retried inbound QuoteRequests for quote objects that were already revoked locally, so at-least-once delivery cannot silently reactivate a revoked quote authorization. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c461e72197
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Handle Delete activities whose object is an embedded QuoteAuthorization without an object id, so quote revocations can still locate the interacting object and clear accepted quote state. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9dd007b5c3
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Use the Accept or Reject object id when an embedded QuoteRequest omits its instrument, so quote request responses can still resolve the local quote and update pending quote state. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1f97d34960
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Exempt self-quotes from the direct quote mention requirement so users can quote their own statuses as direct posts without mentioning themselves. Fixes fedify-dev#457 (comment) Assisted-by: Codex:gpt-5.5
|
@codex review |
|
Codex Review: Didn't find any major issues. What shall we delve into next? ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
1 participant
QuoteRequestandQuoteAuthorization.quote_approval_policy,PUT /api/v1/statuses/:id/interaction_policy, accepted-only quote listings, and quote revocation behavior based on the Mastodon statuses API,Quoteentity, andQuoteApprovalentity.quote,quoteAuthorization, andinteractionPolicy.canQuoteActivityPub properties in src/federation/post.ts, while preservingquoteUrlcompatibility.QuoteRequest, inboundQuoteRequest,Accept(QuoteRequest),Reject(QuoteRequest),Delete(QuoteAuthorization), and dereferenceable localQuoteAuthorizationobjects.