The Mastodon-compatible API is at a stable stopping point, so I have removed the gating with_mastodon_api build flag and made it generally available.

I use the API daily via a couple different client apps. What works, works. There are known limitations, most of them rooted in architectural differences between Mastodon and Ktistec. For example, Mastodon and Ktistec manage media differently. In Ktistec, there is no simple way to upload and manage media apart from creating a post. That difference will take some work to bridge.

Here's the full changelog for this release:

Added

• Mastodon-compatible API endpoints:
  • /api/v1/accounts
  • /api/v1/accounts/lookup
  • /api/v1/accounts/:id
  • /api/v1/accounts/:id/statuses
  • /api/v1/accounts/:id/following
  • /api/v1/accounts/:id/followers
  • /api/v1/accounts/relationships
  • /api/v1/follow_requests
  • /api/v1/polls/:id/votes
  • /api/v1/preferences

Fixed

• Correctly resolve keyId from Signature header for inbox verification.

Changed

• Support both offset and cursor-based pagination in JSON collections.
• Switch following/followers pages to cursor-based pagination.

Credit goes to this thread for inspiring me to review my signature verification. There is now one more correct implementation. 😉

The next release will focus on cleaning up the internals. Ktistec is just under 100,000 lines of code, 307 source files, and 195 spec files (7030 tests). With one maintainer, the only way to stay sane is by ruthlessly refactoring and paying down the debt!

#ktistec #crystallang #activitypub #fediverse

Release v3.3.4 of Ktistec is available.

This release adds Mastodon-compatible client support for publishing posts. Just like the previous release, however, all Mastodon API support is behind a build flag (-Dwith_mastodon_api). It's still experimental, so opt in only if you're happy to work with rough edges.

Beyond that, I focused on cleanup and refactoring throughout the codebase. Here's the full changelog:

Added

• Cursor-based pagination on actor timeline and everything pages.
• Mastodon-compatible API: /api/v1/statuses endpoint for status posting.
• Mastodon-compatible API: /api/v1/timelines/public endpoint.

Fixed

• Autosave focus handling. Fixes problems introduced in v3.3.3.
• Prevent blur from creating a draft post when publishing a post.

Changed

• Integrate X-Ray Mode colors into the theming system.
• Improve CI: add npm audit, test, and caching.
• Use npm ci in Dockerfile for reproducible builds.
• Remove very old compiler bug work-around.

🏋️ Mastodon API support is coming along—more in the next release!

#ktistec #crystallang #activitypub #fediverse

is it the expectation that atomic should be used for all class level variables now?

#crystallang

I have started work on a Mastodon-compatible API layer intended to support the many Mastodon front-ends available. It is incomplete and requires an explicit build flag to enable, but what's there (the main timeline) already works with the official Mastodon app, Tusky, and Phanpy.

Here's the full changelog:

Fixed

• Editor focus now stays in the editor after the first draft is saved. (fixes #139)
• Filter settings instructions. (fixes #135)

Changed

• Improved consistency of mini button colors.

As always, check out the full diff for the complete details.

#ktistec #crystallang #activitypub #fediverse

This small release focused on two big deliverables: support for the latest version of Crystal and fixes for a few delivery issues.

Previous releases supported a wide range of Crystal Language versions, but ran into problems with version 1.17.x and beyond due to breaking changes in the standard library. This release works on 1.19.1 but also requires at least 1.19.1.

This release also fixes a bug, present since mid-2020 when HTTP signatures were first added, that resulted in signatures some fediverse servers wouldn't accept. Mastodon did, but with the proliferation of new ActivityPub servers, I increasingly encountered servers that did not.

Here's the full changelog:

Fixed

• HTTP signature keyId now includes #main-key fragment.
• IRI matching during dereferencing.
• Broken down-detection for actors.

Changed

• Fall back to Activity Streams context if supplied context is empty.
• Deliver to personal inbox if delivery to shared inbox fails.

It's always good to stay up-to-date on releases. But if your platform doesn't yet support 1.19.1, I've also released a parallel branch that still runs on 1.16.3 and earlier. I'll maintain that branch for the next few releases to give everyone time to upgrade.

#ktistec #crystallang #activitypub #fediverse

The latest release of Ktistec addresses the shortcomings of the previous release that became apparent after using quote posts in production for a few days. So far, there have been no major bugs, but there was room for improvement.

Here's the full changelog.

Added

• Federation documentation (FEDERATION.md).
• Visibility (private or direct) icon in object summary.
• Object social activity details include dislikes.
• "quotes-me" theming class for objects.
• Notification for quote posts.
• MCP integration for quote posts.

Changed

• Renamed NodeInfo siteName to more standard nodeName.
• Increased hard-coded limits for actor attachments and pinned collections.

Fixed

• Displaying quoted posts in draft view.
• Visual indication of nested quotes in object view.

I added a FEDERATION.md document to the project. This is documentation required by FEP-67ff on "information necessary for achieving interoperability with a federated service". The document describes, at a high level, what federation protocols and standards Ktistec currently supports.

#ktistec #crystallang #activitypub #fediverse

Release v3.3.0 of Ktistec adds support for consent-respecting quote posts (FEP-044f). Quote posts represent the most lines of code I've written for any single changelog entry in my life.

Added

• Support for consent-respecting quote posts (FEP-044f).

Changed

• next_attempt_at in tasks now means not scheduled when nil.
• Permit type changes for ActivityPub objects.

Important: Quote posts come with a few big caveats. I've been using iterations of this in production for weeks, but if you don't like what you read below you might want to wait for the patch release.

• FEP-044f quote posts require delicate choreography between quoted and quoting servers. Server support across the fediverse is incomplete and evolving. If a quote post doesn't display it might be my bug, it might be their bug. Expect bugs.
• Quote authorization is currently all or nothing—you either blanket reject quote post requests (the default) or blanket accept them. I intend to support more granular controls and manual approval but that comes later.
• Quote authorization revocation isn't supported.
• Automatic re-verification of quote authorization isn't supported.
• Compatibility with other quote implementations is incomplete.
• There will be bugs 🐞 and more bugs 🐜.

#ktistec #crystallang #activitypub #fediverse

I just released v3.2.9 of Ktistec!

You can now customize the secondary menu on your home page. This is the menu that links to your posts, drafts, notifications, etc. Posts, drafts, and notifications are fixed, but you can change the final three—they default to bookmarks, followers, and following. Edit the links on your Settings page in the section titled Pinned Collections. I typically replace the defaults with hashtags I'm following and threads I'm actively participating in.

I am slowly adding functionality to support Mastodon API compatible clients. In line with that effort, OAuth access tokens are now associated with sessions, which makes it possible for clients that authenticate via OAuth (instead of username/password) to access all of the existing API.

I use this extensively when building scripts to automate my Ktistec instance. A script can authenticate and cache the access token in a secure keystore. Since access tokens have a limited lifespan and can be individually invalidated, a compromised access token does not force me to change my password!

Here's the full list of changes:

Added

• Support for customizing the secondary menu with pinned collections.

Fixed

• Thread rendering no longer fails when drafts are present.

Changed

• Content warnings are now preserved when replying to posts. (fixes #136)
• OAuth access tokens are now associated with sessions.
• Attachments are deleted when draft objects are destroyed.
• Actor icons and images are deleted when replaced or unset.

A recent poll prioritized emoji reactions and quote posts. I see dozens of quote posts every day, so that's where I plan to focus next.

#ktistec #crystallang #activitypub #fediverse

I didn't think I'd ever pull it off 😀, but the new editor framework is complete and with it support for creating polls. One nice extra—you can now choose which content editor to use (rich text or Markdown) on a per-post basis without updating your settings.

The full set of changes in this release:

Added

• Front-end support for creating polls.
• Editor selection support for content, polls, and optional metadata (name, summary, etc.).
• Poll expiry notifications for poll authors.

Fixed

• Poll closed_at handling for drafts and remote polls.

I'll try not to be quite as ambitious for the next release! 😅

#ktistec #crystallang #activitypub #fediverse