Emit accept actions for follows

[sij411]

Summary

Implements the Phase 1 Follow -> Accept core flow for feder-core.

This changes Input::ReceivedFollow to carry runtime-provided data needed by the core:

• the received Follow
• the Accept activity ID to use when an accept can be emitted

When a valid Follow targets the configured local actor, core now returns actions for the runtime:

• Action::StoreFollower
• Action::SendActivity(Activity::Accept(...)) when a follower inbox is already known

Design Notes

The core still performs no HTTP, storage, fetching, signing, delivery, clock reads, or ID generation.

A first-time ID-only Follow records/stores the follower but does not emit SendActivity(Accept), because the core does not know the follower inbox and actor fetching is out of scope. Accept delivery is emitted when the follower actor is embedded or when the inbox is already known from core state.

This keeps actor resolution as a future runtime/core boundary concern instead of pulling I/O into feder-core.

Validation

• cargo fmt --check
• cargo test -p feder-core
• mise run check

Refs #8

Summary by CodeRabbit

Bug Fixes

• Follow requests are now properly accepted and follower relationships are recorded.
• The system sends confirmation messages to users who attempt to follow.
• Delivery targets are automatically configured based on follower inbox information.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3c3389ae-5afd-46a0-98bc-6e446c97bbfb

📥 Commits

Reviewing files that changed from the base of the PR and between 824d486 and 684a2f9.

📒 Files selected for processing (1)

• crates/feder-core/src/lib.rs

---

📝 Walkthrough

Walkthrough

Input::ReceivedFollow now carries a ReceivedFollow struct containing a vocab::Follow and an accept_id. FederState::record_follow was changed from a void method into an action-returning function that emits StoreFollower and, when inbox data is available, a SendActivity(Accept). Tests assert the exact action contents produced.

Changes

ReceivedFollow → Accept action flow

Layer / File(s)	Summary
Public types: ReceivedFollow struct and Input variant crates/feder-core/src/lib.rs	Input::ReceivedFollow variant changed from vocab::Follow to the new ReceivedFollow struct; ReceivedFollow { follow, accept_id } added as a public type.
FederCore::handle dispatch crates/feder-core/src/lib.rs	FederCore::handle routes Input::ReceivedFollow through state.record_follow and wraps the returned actions in HandleResult::new, replacing the previous empty-result branch.
FederState::record_follow implementation crates/feder-core/src/lib.rs	record_follow constructs the Follower relation, emits StoreFollower, resolves the inbox from an existing delivery target or embedded actor data, and conditionally emits SendActivity(Accept) using accept_id. Returns the accumulated action list.
Test helper and updated follow-handling tests crates/feder-core/src/lib.rs	received_follow helper added to construct the new Input variant. Tests assert exact action contents: StoreFollower fields, SendActivity Accept shape, actor-ID-only path emits only StoreFollower, and the other-actor-ignored path still returns empty actions.

Sequence Diagram(s)

sequenceDiagram
  participant Caller
  participant FederCore
  participant FederState
  participant Actions as Vec<Action>

  Caller->>FederCore: handle(Input::ReceivedFollow { follow, accept_id })
  FederCore->>FederState: record_follow(ReceivedFollow { follow, accept_id })
  FederState->>Actions: push StoreFollower(follower, following)
  alt actor has embedded inbox
    FederState->>Actions: upsert delivery_targets entry
    FederState->>Actions: push SendActivity(Accept { id: accept_id, object: follow })
  else actor ID only
    FederState->>FederState: skip SendActivity
  end
  FederState-->>FederCore: Vec<Action>
  FederCore-->>Caller: HandleResult::new(actions)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• Follow -> Accept flow #8: This PR directly implements the proposed behavior: handling Input::ReceivedFollow by storing the follower via StoreFollower and emitting SendActivity(Accept), with unit tests validating the Follow-to-Accept flow.

Possibly related PRs

• fedify-dev/feder#16: Established the ReceivedFollow branch in FederCore::handle with an empty-result placeholder that this PR replaces with action-producing logic.
• fedify-dev/feder#17: Added the minimal record_follow state machinery and delivery target tracking that this PR extends into the full action-returning flow.

Suggested labels

enhancement, phase 1

Poem

🐇 A follow arrives, and the rabbit takes note,
It stores the new friend and prepares a reply quote.
An Accept hops out with an inbox address,
The actor's delivery confirmed—no more guesswork or mess!
With actions returned and the test passing true,
Federation magic complete through and through~ 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Emit accept actions for follows' directly reflects the main change: the core now emits SendActivity actions with Accept responses for Follow inputs.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sij411]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[sij411]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 684a2f9684

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Normalize the stored follow target

When a remote Follow targets Alice with an embedded Actor object whose id matches local_actor but whose other fields are attacker-controlled, the in-memory follower relation is normalized by ID, but this persistence action still forwards that embedded local actor object to the runtime. Since StoreFollower is the action a runtime will use to persist the relationship, this can cache or overwrite bogus local-actor data; record_created_note already avoids the same trust issue by emitting the configured local actor ID. Use Reference::id(self.local_actor.id.clone()) for following here.

Useful? React with 👍 / 👎.