Add reply-tree backfill strategy

[sij411]

Summary

This PR adds the reply-tree strategy to @fedify/backfill, last feature of the #275

The strategy walks reply relationships from a seed object by following inReplyTo ancestors and replies descendants. It is opt-in, so the default remains the cheaper FEP-f228 context collection path via context-auto.

This also wires ordered multi-strategy execution for hybrid usage such as ["context-auto", "reply-tree"]. Strategies share item/request budgets, abort state, deduplication, and a traversal-local document cache.

Related #275

Details

• Add reply-tree strategy
• Walk inReplyTo ancestors
• Walk replies descendants
• Respect maxDepth for reply-tree traversal
• Preserve ordered strategy semantics
• Share maxItems, maxRequests, interval, and signal across strategies
• Deduplicate yielded objects globally by object ID
• Avoid repeated dereferences with traversal-local caching
• Skip already-seen context collection URL items before dereferencing
• Document reply-tree usage and ordered strategy behavior

Notes

reply-tree remains opt-in because it can be more network-heavy than context collection traversal.

This PR does not impose default maxDepth or maxRequests; callers are expected to choose limits appropriate for their use case.

The cache is traversal-local only. Persistent/shared caching can be layered outside @fedify/backfill through the supplied documentLoader.

Verification

• deno task -f @fedify/backfill check
• deno task -f @fedify/backfill test
• mise exec -- pnpm --filter @fedify/backfill test
• mise exec -- pnpm --filter @fedify/backfill test:bun

AI usage

Assisted-by: Codex:gpt-5.5

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e0b40416-e45d-459e-9202-7ea74257fbec

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a new reply-tree backfill strategy to walk inReplyTo ancestors and replies descendants when context collections are unavailable or incomplete. It also implements document caching to avoid duplicate dereferences across strategies and updates options to share request, item, abort, and deduplication state. Feedback on the changes suggests enforcing a default maximum depth limit of 100 on recursive traversal functions to prevent potential stack overflow or DoS attacks, and simplifying the tracking logic for visited replies collections to improve code maintainability.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

To prevent stack overflow or denial-of-service (DoS) attacks from maliciously deep reply trees, it is highly recommended to enforce a default maximum depth limit (e.g., 100) when options.maxDepth is not explicitly provided.

  const maxDepth = options.maxDepth ?? 100;
  if (traversal.depth > maxDepth) return;

References

1. To prevent stack overflow from maliciously crafted deep JSON, implement a depth limit in recursive traversal functions. The limit should be high enough for legitimate data but low enough to prevent DoS attacks.

[sij411]

@dahlia I think we decided not to set max values intentionally, but it is valid concern. What do you think?

[dahlia]

Fair point. We should have a default maxDepth value, and 100 is even too great–how about 10?

[gemini-code-assist]

To prevent stack overflow or denial-of-service (DoS) attacks from maliciously deep reply trees, it is highly recommended to enforce a default maximum depth limit (e.g., 100) when options.maxDepth is not explicitly provided.

Suggested change

	if (options.maxDepth != null && traversal.depth > options.maxDepth) return;
	const maxDepth = options.maxDepth ?? 100;
	if (traversal.depth > maxDepth) return;

References

1. To prevent stack overflow from maliciously crafted deep JSON, implement a depth limit in recursive traversal functions. The limit should be high enough for legitimate data but low enough to prevent DoS attacks.

[sij411]

This too

[gemini-code-assist]

The current logic for tracking visited replies collections is quite complex and bypasses visitReplyTreeCollection when repliesIdVisited is true. We can simplify this significantly by checking the ID first, loading the collection, checking the loaded collection via visitReplyTreeCollection, and then marking the ID as visited. This avoids the need for the repliesIdVisited state variable and makes the code much cleaner and easier to maintain.

  const repliesId = object.repliesId;
  if (repliesId != null && traversal.visitedCollectionIds.has(repliesId.href)) {
    return;
  }
  const replies = await getRepliesCollection(context, object, options, budget);
  if (replies == null) return;
  if (!visitReplyTreeCollection(replies, traversal)) {
    return;
  }
  if (repliesId != null) {
    traversal.visitedCollectionIds.add(repliesId.href);
  }

[sij411]

The current logic marks repliesId as visited before dereferencing, which avoids repeated loads of the same replies collection URL and protects request budget.

[gemini-code-assist]

Code Review

This pull request introduces a new reply-tree backfill strategy to the @fedify/backfill package, enabling traversal of inReplyTo ancestors and replies descendants when context collections are unavailable or incomplete. The implementation shares request budgets, item limits, abort signals, and deduplication state across strategies, and introduces a document cache to prevent duplicate dereferences. Additionally, comprehensive unit tests have been added to verify the new strategy's behavior, including depth limits, request budgets, and cycle avoidance. All review comments were filtered out as they suggested implementing depth limit checks that are already present in the code changes, so there is no additional feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[codecov]

Codecov Report

❌ Patch coverage is 91.59420% with 29 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
packages/backfill/src/backfill.ts	91.59%	22 Missing and 7 partials ⚠️

Files with missing lines	Coverage Δ
packages/backfill/src/backfill.ts	88.92% <91.59%> (+4.03%)	⬆️

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sij411]

@codex review

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7d117ee9d4

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[sij411]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Swish!

Reviewed commit: 8f29cbbe4b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[dahlia]

I found two reply-tree edge cases worth fixing before merging.

[dahlia]

The descendant crawl starts every discovered ancestor at depth: 1, so depth is no longer measured from the original seed. For example, if the seed is a reply and its parent has both the seed and a sibling in replies, the sibling is discovered through seed → parent → sibling but is reported as depth 1 and still passes maxDepth: 1. That makes the public depth metadata and maxDepth budget surprising. Please keep the ancestor depth alongside each ancestor and start descendant traversal from ancestor.depth + 1, or otherwise make the API/docs explicit that reply-tree depth is local to each traversal root.

[dahlia]

This marks the replies collection IRI as visited before the collection is successfully loaded. If getRepliesCollection() later returns null because the loader hit a transient non-budget error, the traversal treats that collection as visited and will not retry it if the same IRI is reachable through another branch. That conflicts with the document-cache behavior below, where failed loads are deliberately removed so later strategies can retry. Please either mark repliesId as visited only after a successful load, or remove it from visitedCollectionIds when the load fails.

[dahlia]

Ah, also we need to add FEP-f228 to our FEDERATION.md document.