Action Delivery
How actions are distributed and received across the federated Cloudillo network.
Outbound Actions
When a user creates an action, it’s distributed to relevant recipients:
Algorithm: Distribute Action
Input: action_token, action_type
Output: Result<()>
1. Determine recipients based on action_type:
a. "POST" → All followers of the user
b. "CMNT" / "REACT" → Owner of parent post
c. "CONN" / "FLLW" → Target from action audience (aud claim)
d. "MSG" → All conversation participants
e. Other → No recipients (skip)
2. For each recipient instance:
a. Construct URL: https://cl-o.{recipient_id_tag}/api/inbox
b. POST action token as JSON: {"token": "..."}
c. Continue on error (best-effort delivery)
3. Return successInbound Actions
Cloudillo provides two endpoints for receiving federated actions, optimized for different use cases.
Async Inbox (/api/inbox)
The standard endpoint for most federated actions:
HTTP Endpoint: POST /api/inbox
Handler Algorithm:
1. Extract action token from JSON payload
2. No authentication required (token is self-authenticating)
3. Create ActionVerifierTask with token
4. Schedule task in task scheduler (for async processing)
5. Return HTTP 202 (Accepted) immediately
- Verification and processing happen asynchronously
- Prevents network timeouts on slow verificationSync Inbox (/api/inbox/sync)
A synchronous endpoint for actions requiring immediate confirmation:
HTTP Endpoint: POST /api/inbox/sync
Handler Algorithm:
1. Extract action token from JSON payload
2. No authentication required (token is self-authenticating)
3. Process action SYNCHRONOUSLY (not queued)
4. Verify signature, check permissions, store action
5. Return HTTP 200 (OK) with result, or error response
Use Cases:
- Identity registration tokens (IDP:REG)
- Actions where sender needs immediate confirmation
- Critical federation handshakesWhen to use each endpoint:
/api/inbox: Default for most actions (POST, CMNT, REACT, MSG, etc.)/api/inbox/sync: Only for critical operations requiring immediate feedback
Delivery Guarantees
Persistent Delivery with Retry
- Delivery tasks are persisted to survive server restarts
- Automatic retry with exponential backoff
- Comprehensive failure handling
Retry Policy
Cloudillo uses exponential backoff for delivery retries:
RetryPolicy Configuration:
initial_wait: 10 seconds # First retry delay
max_wait: 12 hours # Maximum delay between retries
backoff_step: 50 seconds # Backoff increment per retryRetry Schedule Example:
Attempt 1: Immediate
↓ fails
Attempt 2: 10s later (initial_wait)
↓ fails
Attempt 3: 60s later (10s + 50s backoff)
↓ fails
Attempt 4: 110s later (60s + 50s backoff)
↓ fails
...continues with 50s backoff steps...
↓
Maximum wait capped at 12 hours between attempts- Task deduplication: Key pattern
delivery:{action_id}:{recipient}prevents duplicate deliveries - Persistent delivery: Tasks survive server restarts via MetaAdapter storage
Failure Handling
On POST /api/inbox result:
1. Success (2xx):
- Remove from delivery queue
- Log successful delivery
2. Temporary Error (network timeout, 5xx, connection refused):
- Keep in queue
- Schedule retry with backoff
- Continue retrying until max attempts
3. Permanent Error (4xx status, validation error):
- Log error with context
- Mark as undeliverable
- Remove from queue (don't waste resources)Related Actions & Fan-out
When certain actions are approved, they trigger delivery of related actions to additional recipients:
APRV (Approval) Fan-out
When a user approves another user’s content (e.g., repost), the system distributes the original content to the approver’s followers:
APRV Fan-out Algorithm:
1. User A creates POST action
2. User B reposts (creates APRV referencing POST)
3. On APRV creation:
a. Fetch User B's followers
b. For each follower:
- Create delivery task for original POST
- Include APRV context (who approved)
c. Followers receive both POST and APRVUse Cases:
- Repost/Share: Original post reaches approver’s audience
- Endorsement: Endorsed content gets wider distribution
- Curated feeds: Content discovery through trusted connections
Related Action Types
| Trigger Action | Related Actions Delivered | Recipients |
|---|---|---|
| APRV (Approval) | Original referenced action | Approver’s followers |
| CONV (Conversation) | Participant subscriptions | All participants |
| INVT (Invitation) | Conversation context | Invited user |
See Also
- Key Verification - How signatures are verified
- Trust & Distribution - Auto-approval and fan-out
- Security - Spam prevention and rate limits