Skip to content

Comments

Add wp activitypub fetch CLI command#2906

Merged
pfefferle merged 6 commits intotrunkfrom
add/cli-fetch-command
Feb 11, 2026
Merged

Add wp activitypub fetch CLI command#2906
pfefferle merged 6 commits intotrunkfrom
add/cli-fetch-command

Conversation

@pfefferle
Copy link
Member

@pfefferle pfefferle commented Feb 11, 2026
edited
Loading

Proposed changes:

  • Add a new wp activitypub fetch CLI command for fetching remote ActivityPub URLs with signed HTTP requests.
  • Support switching between signature modes (draft-cavage, rfc9421, double-knock, none) via the --signature flag for debugging federation and HTTP Signature issues.
  • Delegates to Http::get() for request handling and uses filter overrides to force specific signature modes.

Other information:

  • Have you written new tests for your changes, if applicable?

Testing instructions:

  • Run wp activitypub fetch https://mastodon.social/@Gargron — should return the actor profile as pretty-printed JSON.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --signature=rfc9421 — should fetch using RFC 9421 signature.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --signature=draft-cavage — should fetch using Draft Cavage signature.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --signature=double-knock — should try RFC 9421 first, fall back to Draft Cavage on 4xx.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --signature=none — should fetch without signing.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --include-headers — should show response headers.
  • Run wp activitypub fetch https://mastodon.social/@Gargron --raw — should output the raw response body.

Changelog entry

  • Automatically create a changelog entry from the details below.
Changelog Entry Details

Significance

  • Patch
  • Minor
  • Major

Type

  • Added - for new features
  • Changed - for changes in existing functionality
  • Deprecated - for soon-to-be removed features
  • Removed - for now removed features
  • Fixed - for any bug fixes
  • Security - in case of vulnerabilities

Message

Add wp activitypub fetch CLI command for fetching remote URLs with signed HTTP requests.

@pfefferle
Add wp activitypub fetch CLI command.
8698629 
Introduces a new WP-CLI command for fetching remote ActivityPub URLs
with signed HTTP requests. Supports switching between signature modes
(draft-cavage, rfc9421, none) for debugging federation issues.
@pfefferle
Address code review feedback.
689d5b7 
- Disable maybe_double_knock when forcing rfc9421 to prevent marking
  hosts as unsupported.
- Include error message in failure output.
- Use strict null check for json_decode result.
@pfefferle
Fix infinite loop when forcing rfc9421 signature mode.
39e5535 
When pre_option forced RFC 9421 and the server returned 4xx,
maybe_double_knock retried with Draft Cavage, but sign_request
re-signed with RFC 9421 (due to the active filter), causing an
infinite loop.

Fix by replacing sign_request entirely for forced rfc9421 mode
and disabling maybe_double_knock during the request.
Copilot AI review requested due to automatic review settings February 11, 2026 13:44
@pfefferle pfefferle self-assigned this Feb 11, 2026
@pfefferle pfefferle requested a review from a team February 11, 2026 13:44
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new WP-CLI subcommand to fetch remote ActivityPub URLs while optionally forcing different HTTP signature modes to aid debugging.

Changes:

  • Introduces wp activitypub fetch <url> with --signature, --raw, and --include-headers options.
  • Implements signature-mode overrides (RFC 9421 / Draft Cavage / none) via WordPress filters for request signing behavior.
  • Registers the command and adds a changelog entry.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File Description
includes/cli/class-fetch-command.php New Fetch_Command implementation handling request + output and signature overrides.
includes/class-cli.php Registers the new activitypub fetch WP-CLI command.
.github/changelog/2906-from-description Documents the new CLI command in the changelog.

@pfefferle
Add double-knock signature mode.
48d0830 
Tries RFC 9421 first, falls back to Draft Cavage on 4xx via
maybe_double_knock. Avoids the infinite loop by skipping
re-signing when the request is already signed by the retry.
@pfefferle
Address code review feedback for fetch CLI command.
465f132 
Fix error message labeling WP_Error codes as HTTP codes, use
json_last_error() for reliable JSON detection, document the default
signature mode, validate invalid modes with early error, and only
restore filters that were actually removed.
@pfefferle pfefferle requested a review from Copilot February 11, 2026 14:00
Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

@pfefferle pfefferle merged commit e2b272b into trunk Feb 11, 2026
16 checks passed
@pfefferle pfefferle deleted the add/cli-fetch-command branch February 11, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@pfefferle pfefferle

Labels

[Feature] CLI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pfefferle @matticbot