feat: postgresql adapter

- Added a new crate `doc` for API documentation.
- Integrated `utoipa` for OpenAPI support in the presentation layer.
- Updated routes to include social features (follow, unfollow, etc.) and diary export.
- Enhanced API request and response structures with new DTOs for social interactions.
- Updated `Cargo.toml` files to include new dependencies and features.
- Modified Dockerfile to copy the new documentation crate.
- Refactored existing handlers and routes to accommodate new API endpoints.
- Updated tests to cover new functionality and ensure proper API behavior.

Co-authored-by: Copilot <copilot@github.com>

.cargo/config.toml

@@ -0,0 +1,2 @@
+[env]
+SQLX_OFFLINE = "true"

.dockerignore

@@ -0,0 +1,10 @@
+target/
+.git/
+.env
+*.db
+*.db-shm
+*.db-wal
+.cargo/
+.sqlx/
+docs/
+dev.db

.env.example

@@ -0,0 +1,42 @@
+# Database backend — "sqlite" (default) or "postgres"
+DATABASE_BACKEND=sqlite
+
+# Option A: SQLite (default, zero external dependencies)
+DATABASE_URL=sqlite://movies.db
+
+# Option B: PostgreSQL
+# DATABASE_BACKEND=postgres
+# DATABASE_URL=postgres://user:password@localhost:5432/movies_diary
+
+# Authentication
+JWT_SECRET=change-me
+JWT_TTL_SECONDS=86400
+
+# OMDb/TMDB metadata
+OMDB_API_KEY=your-key
+TMDB_API_KEY=your-key
+
+# Poster storage — Option A (local) is active. To use S3, comment it out and uncomment Option B:
+
+# Option A: local filesystem (zero external dependencies)
+POSTER_STORAGE_BACKEND=local
+POSTER_STORAGE_PATH=./posters
+
+# Option B: S3-compatible (MinIO, AWS S3, etc.)
+# POSTER_STORAGE_BACKEND=s3
+# MINIO_ENDPOINT=http://localhost:9000
+# MINIO_BUCKET=posters
+# MINIO_REGION=minio
+# MINIO_ACCESS_KEY_ID=minioadmin
+# MINIO_SECRET_ACCESS_KEY=minioadmin
+
+# Optional
+HOST=0.0.0.0
+PORT=3000
+BASE_URL=http://localhost:3000
+SECURE_COOKIES=false
+ALLOW_REGISTRATION=false
+RATE_LIMIT=20
+POSTER_FETCH_TIMEOUT_SECONDS=30
+EVENT_CHANNEL_BUFFER=128
+RUST_LOG=presentation=debug,tower_http=debug

.gitignore

@@ -5,4 +5,12 @@
 .vscode
 
 .env
-.env.prod
+.env.prod
+
+*.db
+*db-shm
+*db-wal
+
+.worktrees/
+.superpowers/
+docs/

.sqlx/query-05d958c1fa38095ae2b5b81ede48fc85702d8c39c6301839de7b4d27f4a4d41b.json

@@ -0,0 +1,98 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at, r.remote_actor_url\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 WHERE r.movie_id = ?\n                 ORDER BY r.watched_at DESC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 13,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "05d958c1fa38095ae2b5b81ede48fc85702d8c39c6301839de7b4d27f4a4d41b"
+}

.sqlx/query-0963b9661182e139cd760bbabb0d6ea3a301a2a3adbdfdda4a88f333a1144c77.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM reviews",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "0963b9661182e139cd760bbabb0d6ea3a301a2a3adbdfdda4a88f333a1144c77"
+}

.sqlx/query-0acf3515a4d1bef7a2458d878481ba3b11c9f252311579f7daba335f70d78f07.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO users (id, email, username, password_hash, created_at, role) VALUES (?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 6
+    },
+    "nullable": []
+  },
+  "hash": "0acf3515a4d1bef7a2458d878481ba3b11c9f252311579f7daba335f70d78f07"
+}

.sqlx/query-106b5b65162314c47217c26b7e89194094e10122ea596e8d9323968e600635a9.json

@@ -0,0 +1,98 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at, r.remote_actor_url\n             FROM reviews r\n             INNER JOIN movies m ON m.id = r.movie_id\n             WHERE r.user_id = ?\n             ORDER BY r.watched_at DESC",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 13,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "106b5b65162314c47217c26b7e89194094e10122ea596e8d9323968e600635a9"
+}

.sqlx/query-25fd01355c929a83daf2c802b8ae3adaa4ce73fc037e2bf2a87d60187aeb7361.json

@@ -0,0 +1,98 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at, r.remote_actor_url\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 ORDER BY r.watched_at ASC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 13,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "25fd01355c929a83daf2c802b8ae3adaa4ce73fc037e2bf2a87d60187aeb7361"
+}

.sqlx/query-2c7353f34c4748d4d4be6abbf343fa7ea30eeb985c4bfd12b0fc3997d1ba03bb.json

@@ -0,0 +1,38 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT u.id AS \"id!: String\",\n                      u.email AS \"email!: String\",\n                      COUNT(DISTINCT r.movie_id) AS \"total_movies!: i64\",\n                      AVG(CAST(r.rating AS REAL)) AS avg_rating\n               FROM users u\n               LEFT JOIN reviews r ON r.user_id = u.id AND r.remote_actor_url IS NULL\n               GROUP BY u.id, u.email\n               ORDER BY u.email ASC",
+  "describe": {
+    "columns": [
+      {
+        "name": "id!: String",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email!: String",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "total_movies!: i64",
+        "ordinal": 2,
+        "type_info": "Integer"
+      },
+      {
+        "name": "avg_rating",
+        "ordinal": 3,
+        "type_info": "Float"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "2c7353f34c4748d4d4be6abbf343fa7ea30eeb985c4bfd12b0fc3997d1ba03bb"
+}

.sqlx/query-3047579c6ed13ce87aad9b9ce6300c02f0df3516979518976e13f9d9abc6a403.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE title = ? AND release_year = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "3047579c6ed13ce87aad9b9ce6300c02f0df3516979518976e13f9d9abc6a403"
+}

.sqlx/query-319b5d09824809a971f6c9546dde6389a0aca5a732531bb9ca9b99675d0a89f4.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, email, username, password_hash, role FROM users WHERE username = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "username",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "role",
+        "ordinal": 4,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "319b5d09824809a971f6c9546dde6389a0aca5a732531bb9ca9b99675d0a89f4"
+}

.sqlx/query-33d0dae7d16b0635c1c7eb5afd10824bb55af7cc7a854f590d326622863759d1.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "33d0dae7d16b0635c1c7eb5afd10824bb55af7cc7a854f590d326622863759d1"
+}

.sqlx/query-4b3074b532342c6356ee0e8e4d8c4a830f016234bb690e1f6240f02824d6d84f.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM reviews WHERE movie_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "4b3074b532342c6356ee0e8e4d8c4a830f016234bb690e1f6240f02824d6d84f"
+}

.sqlx/query-4d85f0ff9732576bba77dc84d3885a0002c2b600c34ba4d99f1e1c5e99f35e75.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT strftime('%Y-%m', watched_at) AS month\n             FROM reviews\n             WHERE user_id = ?\n             GROUP BY month\n             ORDER BY COUNT(*) DESC\n             LIMIT 1",
+  "describe": {
+    "columns": [
+      {
+        "name": "month",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "4d85f0ff9732576bba77dc84d3885a0002c2b600c34ba4d99f1e1c5e99f35e75"
+}

.sqlx/query-79af0324db4d0b8e4bd66e12816583598865630241deffbb8b4175fa7a755099.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, email, username, password_hash, role FROM users WHERE id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "username",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "role",
+        "ordinal": 4,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "79af0324db4d0b8e4bd66e12816583598865630241deffbb8b4175fa7a755099"
+}

.sqlx/query-7bc4aebcb94547976d3d7e063e4e908fc22b977b3cbf063ee93ffe4648c42011.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE external_metadata_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "7bc4aebcb94547976d3d7e063e4e908fc22b977b3cbf063ee93ffe4648c42011"
+}

.sqlx/query-7d7e23355ee0e442f2aa27e898dcfa40bdc4b09391afe04325f076157d9d84aa.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO movies (id, external_metadata_id, title, release_year, director, poster_path)\n             VALUES (?, ?, ?, ?, ?, ?)\n             ON CONFLICT(id) DO UPDATE SET\n                 external_metadata_id = excluded.external_metadata_id,\n                 title                = excluded.title,\n                 release_year         = excluded.release_year,\n                 director             = excluded.director,\n                 poster_path          = excluded.poster_path",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 6
+    },
+    "nullable": []
+  },
+  "hash": "7d7e23355ee0e442f2aa27e898dcfa40bdc4b09391afe04325f076157d9d84aa"
+}

.sqlx/query-7ff439f22f880f999a72aad1359eb8fec11fe868b940faee5a351795caaa2357.json

@@ -0,0 +1,62 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url\n             FROM reviews WHERE movie_id = ? ORDER BY watched_at ASC",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 7,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "7ff439f22f880f999a72aad1359eb8fec11fe868b940faee5a351795caaa2357"
+}

.sqlx/query-8a70f21c39d203867c06dc0bf74a54745b3331b84ce9a2178f7812f1ed7262cc.json

@@ -0,0 +1,98 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at, r.remote_actor_url\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 WHERE r.movie_id = ?\n                 ORDER BY r.watched_at ASC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 13,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "8a70f21c39d203867c06dc0bf74a54745b3331b84ce9a2178f7812f1ed7262cc"
+}

.sqlx/query-a01336632a54099e31686a9cbe6fc53fef1299fc7c7b52be44f99c2302490a22.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(DISTINCT movie_id) AS \"total!: i64\",\n                      AVG(CAST(rating AS REAL)) AS avg_rating\n               FROM reviews WHERE user_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "total!: i64",
+        "ordinal": 0,
+        "type_info": "Integer"
+      },
+      {
+        "name": "avg_rating",
+        "ordinal": 1,
+        "type_info": "Float"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true
+    ]
+  },
+  "hash": "a01336632a54099e31686a9cbe6fc53fef1299fc7c7b52be44f99c2302490a22"
+}

.sqlx/query-a7c424c26663e4e51b1c563fa977f28e1d55234a242a7ddba50db13cf73b488d.json

@@ -0,0 +1,98 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at, r.remote_actor_url\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 ORDER BY r.watched_at DESC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 13,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "a7c424c26663e4e51b1c563fa977f28e1d55234a242a7ddba50db13cf73b488d"
+}

.sqlx/query-aca9e7aaa32c23b4de3f5048d60340e978d31a36be9121da3c59378f2fc1ed8e.json

@@ -0,0 +1,26 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.director AS \"director!\",\n                          COUNT(*) AS \"count!: i64\"\n                   FROM reviews r\n                   INNER JOIN movies m ON m.id = r.movie_id\n                   WHERE r.user_id = ? AND m.director IS NOT NULL\n                   GROUP BY m.director\n                   ORDER BY COUNT(*) DESC\n                   LIMIT 5",
+  "describe": {
+    "columns": [
+      {
+        "name": "director!",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "count!: i64",
+        "ordinal": 1,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true,
+      false
+    ]
+  },
+  "hash": "aca9e7aaa32c23b4de3f5048d60340e978d31a36be9121da3c59378f2fc1ed8e"
+}

.sqlx/query-ae983138ad90fda3794b784fbf62c31fddcf182850782e9bfbc4ff3ee8b7d4bb.json

@@ -0,0 +1,62 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url\n             FROM reviews WHERE id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "remote_actor_url",
+        "ordinal": 7,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false,
+      true
+    ]
+  },
+  "hash": "ae983138ad90fda3794b784fbf62c31fddcf182850782e9bfbc4ff3ee8b7d4bb"
+}

.sqlx/query-c43249558d535343e387586fa00499fe813b18b9e7d8d241462f0689969dc64f.json

@@ -0,0 +1,44 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, email, username, password_hash, role FROM users WHERE email = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "username",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 3,
+        "type_info": "Text"
+      },
+      {
+        "name": "role",
+        "ordinal": 4,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true,
+      false,
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "c43249558d535343e387586fa00499fe813b18b9e7d8d241462f0689969dc64f"
+}

.sqlx/query-cca022ac6275f2b1aaf63a14420897074c8ff4cdd1d3e9a13ef4b9dd5346d12a.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO reviews (id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url)\n             VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 8
+    },
+    "nullable": []
+  },
+  "hash": "cca022ac6275f2b1aaf63a14420897074c8ff4cdd1d3e9a13ef4b9dd5346d12a"
+}

.sqlx/query-d5d2a81306488a8cee5654cea7e14d76d76ecc7d2190ffb73d12bec2874111d2.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.director\n             FROM reviews r\n             INNER JOIN movies m ON m.id = r.movie_id\n             WHERE r.user_id = ? AND m.director IS NOT NULL\n             GROUP BY m.director\n             ORDER BY COUNT(*) DESC\n             LIMIT 1",
+  "describe": {
+    "columns": [
+      {
+        "name": "director",
+        "ordinal": 0,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true
+    ]
+  },
+  "hash": "d5d2a81306488a8cee5654cea7e14d76d76ecc7d2190ffb73d12bec2874111d2"
+}

.sqlx/query-e431381ad41c1c2f7b9c89509d5e3f4c19cb52dcfff66772145cd80c53c16883.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM movies WHERE id = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "e431381ad41c1c2f7b9c89509d5e3f4c19cb52dcfff66772145cd80c53c16883"
+}

.sqlx/query-f84e5483ca4210aec67b38cc1a9de4a42c12891025236abc48ea4f175292a6cc.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "DELETE FROM reviews WHERE id = ?",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": []
+  },
+  "hash": "f84e5483ca4210aec67b38cc1a9de4a42c12891025236abc48ea4f175292a6cc"
+}

.sqlx/query-fdd5b522f26b5e0ce62f76c774fbb606fd9ee9884f4457831f693a0df3609317.json

@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT strftime('%Y-%m', watched_at) AS \"month!\",\n                          AVG(CAST(rating AS REAL)) AS \"avg_rating!: f64\",\n                          COUNT(*) AS \"count!: i64\"\n                   FROM reviews\n                   WHERE user_id = ? AND watched_at >= datetime('now', '-12 months')\n                   GROUP BY \"month!\"\n                   ORDER BY \"month!\" ASC",
+  "describe": {
+    "columns": [
+      {
+        "name": "month!",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "avg_rating!: f64",
+        "ordinal": 1,
+        "type_info": "Float"
+      },
+      {
+        "name": "count!: i64",
+        "ordinal": 2,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "fdd5b522f26b5e0ce62f76c774fbb606fd9ee9884f4457831f693a0df3609317"
+}

Cargo.toml

@@ -1,18 +1,30 @@
 [workspace]
 members = [
     "crates/adapters/auth",
+    "crates/adapters/event-publisher",
     "crates/adapters/metadata",
+    "crates/adapters/poster-fetcher",
+    "crates/adapters/poster-storage",
     "crates/adapters/rss",
     "crates/adapters/sqlite",
+    "crates/adapters/postgres",
+    "crates/adapters/sqlite-federation",
+    "crates/adapters/postgres-federation",
+    "crates/adapters/template-askama",
+    "crates/adapters/activitypub",
+    "crates/adapters/activitypub-base",
+    "crates/adapters/export",
     "crates/application",
-    "crates/common",
     "crates/domain",
     "crates/presentation",
+    "crates/tui",
+    "crates/doc",
 ]
 resolver = "2"
 
 [workspace.dependencies]
 tokio = { version = "1.0", features = ["full"] }
+dotenvy = "0.15"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 anyhow = "1.0"
@@ -20,14 +32,33 @@ thiserror = "2.0"
 tracing = "0.1"
 tracing-subscriber = { version = "0.3.23", features = ["env-filter"] }
 async-trait = "0.1"
-uuid = { version = "1.23.0", features = ["v4", "serde"] }
+uuid = { version = "1.23.0", features = ["v4", "v5", "serde"] }
 chrono = { version = "0.4", features = ["serde"] }
+sqlx = { version = "0.8.6", features = [
+    "runtime-tokio-rustls",
+    "sqlite",
+    "uuid",
+    "macros",
+] }
+reqwest = { version = "0.13", features = ["json", "query"] }
+object_store = { version = "0.11", features = ["aws"] }
+axum = { version = "0.8.8", features = ["macros"] }
 
 domain = { path = "crates/domain" }
-common = { path = "crates/common" }
 application = { path = "crates/application" }
 presentation = { path = "crates/presentation" }
 auth = { path = "crates/adapters/auth" }
 metadata = { path = "crates/adapters/metadata" }
+poster-fetcher = { path = "crates/adapters/poster-fetcher" }
+poster-storage = { path = "crates/adapters/poster-storage" }
+event-publisher = { path = "crates/adapters/event-publisher" }
 rss = { path = "crates/adapters/rss" }
+export = { path = "crates/adapters/export" }
 sqlite = { path = "crates/adapters/sqlite" }
+sqlite-federation = { path = "crates/adapters/sqlite-federation" }
+postgres = { path = "crates/adapters/postgres" }
+postgres-federation = { path = "crates/adapters/postgres-federation" }
+template-askama = { path = "crates/adapters/template-askama" }
+activitypub = { path = "crates/adapters/activitypub" }
+activitypub-base = { path = "crates/adapters/activitypub-base" }
+doc = { path = "crates/doc" }

Dockerfile

@@ -0,0 +1,75 @@
+# ----- build -----
+FROM rust:slim-bookworm AS builder
+
+RUN apt-get update && apt-get install -y --no-install-recommends sqlite3 && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Cache dependency compilation separately from source
+COPY Cargo.toml Cargo.lock ./
+COPY crates/adapters/activitypub/Cargo.toml       crates/adapters/activitypub/Cargo.toml
+COPY crates/adapters/activitypub-base/Cargo.toml  crates/adapters/activitypub-base/Cargo.toml
+COPY crates/adapters/auth/Cargo.toml              crates/adapters/auth/Cargo.toml
+COPY crates/adapters/event-publisher/Cargo.toml   crates/adapters/event-publisher/Cargo.toml
+COPY crates/adapters/metadata/Cargo.toml          crates/adapters/metadata/Cargo.toml
+COPY crates/adapters/poster-fetcher/Cargo.toml    crates/adapters/poster-fetcher/Cargo.toml
+COPY crates/adapters/poster-storage/Cargo.toml    crates/adapters/poster-storage/Cargo.toml
+COPY crates/adapters/export/Cargo.toml            crates/adapters/export/Cargo.toml
+COPY crates/adapters/rss/Cargo.toml               crates/adapters/rss/Cargo.toml
+COPY crates/adapters/sqlite/Cargo.toml            crates/adapters/sqlite/Cargo.toml
+COPY crates/adapters/sqlite-federation/Cargo.toml crates/adapters/sqlite-federation/Cargo.toml
+COPY crates/adapters/postgres/Cargo.toml           crates/adapters/postgres/Cargo.toml
+COPY crates/adapters/postgres-federation/Cargo.toml crates/adapters/postgres-federation/Cargo.toml
+COPY crates/adapters/template-askama/Cargo.toml   crates/adapters/template-askama/Cargo.toml
+COPY crates/application/Cargo.toml                crates/application/Cargo.toml
+COPY crates/domain/Cargo.toml                     crates/domain/Cargo.toml
+COPY crates/presentation/Cargo.toml               crates/presentation/Cargo.toml
+COPY crates/doc/Cargo.toml                        crates/doc/Cargo.toml
+COPY crates/tui/Cargo.toml                        crates/tui/Cargo.toml
+
+# Stub every crate so cargo can resolve and fetch deps
+RUN find crates -name "Cargo.toml" | sed 's|/Cargo.toml||' | \
+    xargs -I{} sh -c 'mkdir -p {}/src && echo "fn main(){}" > {}/src/main.rs && echo "" > {}/src/lib.rs'
+
+RUN cargo fetch
+
+# Now copy real sources (invalidates cache only on source changes)
+COPY crates ./crates
+
+# sqlx macros verify queries at compile time; create a real DB from migrations
+RUN sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0001_initial.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0002_users.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0003_activitypub.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0004_username.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0005_activitypub_v2.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0006_follower_activity_id.sql && \
+    sqlite3 /build/dev.db \
+      < crates/adapters/sqlite/migrations/0007_user_role.sql
+
+ENV DATABASE_URL=sqlite:///build/dev.db
+
+RUN cargo build --release -p presentation
+
+# ----- runtime -----
+FROM debian:bookworm-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY --from=builder /build/target/release/presentation ./presentation
+COPY static ./static
+
+EXPOSE 3000
+
+ENV RUST_LOG=presentation=info,tower_http=info
+
+CMD ["./presentation"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gabriel Kaszewski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,137 @@
+# Movies Diary
+
+A self-hosted, server-side rendered movie logging system with a full REST API. Built in Rust — no JavaScript in the HTML interface, just HTML forms and an RSS feed. Designed to run as a lightweight widget embedded on a personal site or as a backend for third-party clients.
+
+## Features
+
+- Log movies with a TMDB/OMDb ID or manual title/year/director, with a 0–5 rating
+- Immutable append-only viewing ledger (tracks re-watches)
+- Background poster fetching and storage (local filesystem or S3-compatible)
+- RSS/Atom feed for public subscription (global and per-user)
+- JWT authentication via cookie (HTML) or Bearer token (REST API)
+- ActivityPub federation — follow/unfollow remote users on any compatible server, accept/reject/remove followers, pending follow request management
+- CSV and JSON diary export (full round-trip: exported files can be re-imported via the TUI bulk import)
+- REST API v1 (`/api/v1/`) with full feature parity with the HTML interface
+- OpenAPI documentation at `/docs` (Swagger UI) and `/scalar` (Scalar)
+- CSRF protection on all HTML form routes (double-submit cookie, defense-in-depth on top of `SameSite=Strict`)
+- Per-IP rate limiting via token bucket (production-grade, backed by `axum-governor`)
+- Terminal UI client (`crates/tui`) for logging reviews, bulk CSV import, and diary browsing
+
+## Architecture
+
+Hexagonal (Ports & Adapters) with Domain-Driven Design:
+
+```
+domain              — pure types and trait definitions, no external deps
+application         — use cases / business logic orchestration
+presentation        — Axum HTTP router, wires all adapters together
+adapters/
+  auth              — JWT issuance and validation (Argon2 passwords)
+  sqlite            — SQLite repository via sqlx
+  metadata          — OMDb HTTP client
+  poster-fetcher    — downloads poster images
+  poster-storage    — uploads posters to local filesystem or S3-compatible storage
+  template-askama   — Askama HTML rendering
+  rss               — RSS/Atom feed generation
+  export            — CSV and JSON diary serialization
+  event-publisher   — async event channel for background poster sync
+  activitypub       — ActivityPub federation (follow, inbox/outbox, actor)
+  activitypub-base  — core ActivityPub types and repository traits
+doc                 — OpenAPI spec assembly and Swagger UI / Scalar serving
+tui                 — terminal UI client (ratatui)
+```
+
+## Prerequisites
+
+- Rust (stable, 2024 edition)
+- SQLite
+- Poster storage: local filesystem (zero deps) or an S3-compatible object store (e.g. MinIO)
+- An [OMDb API key](https://www.omdbapi.com/apikey.aspx)
+
+## Environment Variables
+
+A `.env.example` file is provided at the repo root — copy it to `.env` and fill in your values.
+
+```env
+# Database
+DATABASE_URL=sqlite://movies.db
+
+# Authentication
+JWT_SECRET=change-me
+
+# OMDb metadata
+OMDB_API_KEY=your-key
+
+# Public base URL (used for ActivityPub actor URLs and canonical links)
+BASE_URL=https://yourdomain.example.com
+
+# Poster storage — pick one backend:
+
+# Option A: local filesystem (zero deps)
+POSTER_STORAGE_BACKEND=local
+POSTER_STORAGE_PATH=./posters
+
+# Option B: S3-compatible (MinIO, AWS S3, etc.)
+# POSTER_STORAGE_BACKEND=s3
+# MINIO_ENDPOINT=http://localhost:9000
+# MINIO_BUCKET=posters
+# MINIO_REGION=minio
+# MINIO_ACCESS_KEY_ID=minioadmin
+# MINIO_SECRET_ACCESS_KEY=minioadmin
+
+# Optional
+HOST=0.0.0.0
+PORT=3000
+RATE_LIMIT=60           # requests per minute per IP (default: 60)
+ALLOW_REGISTRATION=true # set to false to disable new sign-ups
+SECURE_COOKIES=true     # set when serving over HTTPS
+RUST_LOG=presentation=info,tower_http=info
+```
+
+## Run
+
+```bash
+cargo run -p presentation
+```
+
+Server listens on `0.0.0.0:3000` by default.
+
+## API
+
+All REST endpoints are under `/api/v1/`. Authentication uses `Authorization: Bearer <token>` obtained from `POST /api/v1/auth/login`.
+
+Interactive API documentation is available at runtime:
+
+- **Swagger UI** — `http://localhost:3000/docs`
+- **Scalar** — `http://localhost:3000/scalar`
+
+## Terminal UI
+
+```bash
+cargo run -p tui
+```
+
+Supports review logging, bulk CSV import (column order matches the export format), and diary browsing with review history.
+
+## Test
+
+```bash
+cargo test
+```
+
+## Docker
+
+```bash
+docker build -t movies-diary .
+docker run -p 3000:3000 \
+  -e DATABASE_URL=sqlite:///data/movies.db \
+  -e JWT_SECRET=change-me \
+  -e OMDB_API_KEY=your-key \
+  -e BASE_URL=https://yourdomain.example.com \
+  -v $(pwd)/data:/data \
+  movies-diary
+```
+
+## License
+
+MIT License. See [LICENSE](LICENSE).

crates/adapters/activitypub-base/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "activitypub-base"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+tokio = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+reqwest = { workspace = true }
+uuid = { workspace = true }
+chrono = { workspace = true }
+thiserror = { workspace = true }
+anyhow = { workspace = true }
+tracing = { workspace = true }
+async-trait = { workspace = true }
+axum = { workspace = true }
+
+activitypub_federation = "0.7.0-beta.11"
+url = { version = "2", features = ["serde"] }
+enum_delegate = "0.2"

crates/adapters/activitypub-base/src/activities.rs

@@ -0,0 +1,353 @@
+use activitypub_federation::{
+    config::Data,
+    fetch::object_id::ObjectId,
+    kinds::activity::{
+        AcceptType, CreateType, DeleteType, FollowType, RejectType, UndoType, UpdateType,
+    },
+    traits::Activity,
+};
+use serde::{Deserialize, Serialize};
+use url::Url;
+
+use crate::actors::DbActor;
+use crate::data::FederationData;
+use crate::error::Error;
+use crate::repository::{FollowerStatus, FollowingStatus};
+
+// --- Follow ---
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct FollowActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: FollowType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: ObjectId<DbActor>,
+}
+
+#[async_trait::async_trait]
+impl Activity for FollowActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let target_url = self.object.inner();
+        let target_domain = match (target_url.host_str(), target_url.port()) {
+            (Some(host), Some(port)) => format!("{}:{}", host, port),
+            (Some(host), None) => host.to_string(),
+            _ => {
+                return Err(Error::bad_request(anyhow::anyhow!(
+                    "invalid follow target URL"
+                )));
+            }
+        };
+        if target_domain != data.domain {
+            return Err(Error::bad_request(anyhow::anyhow!(
+                "follow target is not a local actor"
+            )));
+        }
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let _follower = self.actor.dereference(data).await?;
+        let local_actor = self.object.dereference(data).await?;
+
+        data.federation_repo
+            .add_follower(
+                local_actor.user_id,
+                self.actor.inner().as_str(),
+                FollowerStatus::Pending,
+                self.id.as_str(),
+            )
+            .await?;
+
+        tracing::info!(
+            follower = %self.actor.inner(),
+            local_user = %local_actor.user_id,
+            "follow request pending approval"
+        );
+        Ok(())
+    }
+}
+
+// --- Accept ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct AcceptActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: AcceptType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: FollowActivity,
+}
+
+#[async_trait::async_trait]
+impl Activity for AcceptActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let local_user_id = crate::urls::extract_user_id_from_url(self.object.actor.inner())
+            .ok_or_else(|| Error::bad_request(anyhow::anyhow!("invalid actor URL in Follow")))?;
+        data.federation_repo
+            .update_following_status(
+                local_user_id,
+                self.actor.inner().as_str(),
+                FollowingStatus::Accepted,
+            )
+            .await?;
+        tracing::info!(remote_actor = %self.actor.inner(), "follow accepted by remote");
+        Ok(())
+    }
+}
+
+// --- Reject ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct RejectActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: RejectType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: FollowActivity,
+}
+
+#[async_trait::async_trait]
+impl Activity for RejectActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        if let Some(user_id) = crate::urls::extract_user_id_from_url(self.object.actor.inner()) {
+            data.federation_repo
+                .remove_following(user_id, self.actor.inner().as_str())
+                .await?;
+        }
+        tracing::info!(actor = %self.actor.inner(), "follow rejected");
+        Ok(())
+    }
+}
+
+// --- Undo ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct UndoActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: UndoType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: FollowActivity,
+}
+
+#[async_trait::async_trait]
+impl Activity for UndoActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        if let Some(user_id) = crate::urls::extract_user_id_from_url(self.object.object.inner()) {
+            data.federation_repo
+                .remove_follower(user_id, self.actor.inner().as_str())
+                .await?;
+        }
+        data.object_handler
+            .on_actor_removed(self.actor.inner())
+            .await
+            .map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+        tracing::info!(actor = %self.actor.inner(), "unfollowed");
+        Ok(())
+    }
+}
+
+// --- Create ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct CreateActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: CreateType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: serde_json::Value,
+}
+
+#[async_trait::async_trait]
+impl Activity for CreateActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let ap_id = self.id.clone();
+        let actor_url = self.actor.inner().clone();
+        data.object_handler
+            .on_create(&ap_id, &actor_url, self.object)
+            .await
+            .map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+        tracing::info!(actor = %actor_url, "received create activity");
+        Ok(())
+    }
+}
+
+// --- Delete ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct DeleteActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: DeleteType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: Url,
+}
+
+#[async_trait::async_trait]
+impl Activity for DeleteActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let actor_url = self.actor.inner().clone();
+        data.object_handler
+            .on_delete(&self.object, &actor_url)
+            .await
+            .map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+        tracing::info!(object = %self.object, "received delete activity");
+        Ok(())
+    }
+}
+
+// --- Update ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct UpdateActivity {
+    pub(crate) id: Url,
+    #[serde(rename = "type", default)]
+    pub(crate) kind: UpdateType,
+    pub(crate) actor: ObjectId<DbActor>,
+    pub(crate) object: serde_json::Value,
+}
+
+#[async_trait::async_trait]
+impl Activity for UpdateActivity {
+    type DataType = FederationData;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.id
+    }
+
+    fn actor(&self) -> &Url {
+        self.actor.inner()
+    }
+
+    async fn verify(&self, _data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    async fn receive(self, data: &Data<Self::DataType>) -> Result<(), Self::Error> {
+        let ap_id = self.id.clone();
+        let actor_url = self.actor.inner().clone();
+        data.object_handler
+            .on_update(&ap_id, &actor_url, self.object)
+            .await
+            .map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+        tracing::info!(actor = %actor_url, "received update activity");
+        Ok(())
+    }
+}
+
+// --- Inbox dispatch enum ---
+
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(tag = "type")]
+#[enum_delegate::implement(Activity)]
+pub enum InboxActivities {
+    #[serde(rename = "Follow")]
+    Follow(FollowActivity),
+    #[serde(rename = "Accept")]
+    Accept(AcceptActivity),
+    #[serde(rename = "Reject")]
+    Reject(RejectActivity),
+    #[serde(rename = "Undo")]
+    Undo(UndoActivity),
+    #[serde(rename = "Create")]
+    Create(CreateActivity),
+    #[serde(rename = "Delete")]
+    Delete(DeleteActivity),
+    #[serde(rename = "Update")]
+    Update(UpdateActivity),
+}

crates/adapters/activitypub-base/src/actor_handler.rs

@@ -0,0 +1,21 @@
+use activitypub_federation::{
+    axum::json::FederationJson, config::Data, protocol::context::WithContext, traits::Object,
+};
+use axum::extract::Path;
+
+use crate::actors::{Person, get_local_actor};
+use crate::data::FederationData;
+use crate::error::Error;
+
+pub async fn actor_handler(
+    Path(user_id_str): Path<String>,
+    data: Data<FederationData>,
+) -> Result<FederationJson<WithContext<Person>>, Error> {
+    let uuid = uuid::Uuid::parse_str(&user_id_str)
+        .map_err(|_| Error::bad_request(anyhow::anyhow!("invalid user id")))?;
+
+    let db_actor = get_local_actor(uuid, &data).await?;
+    let person = db_actor.into_json(&data).await?;
+
+    Ok(FederationJson(WithContext::new_default(person)))
+}

crates/adapters/activitypub-base/src/actors.rs

@@ -0,0 +1,223 @@
+use activitypub_federation::{
+    config::Data,
+    fetch::object_id::ObjectId,
+    http_signatures::generate_actor_keypair,
+    kinds::actor::PersonType,
+    protocol::{public_key::PublicKey, verification::verify_domains_match},
+    traits::{Actor, Object},
+};
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use url::Url;
+
+use crate::data::FederationData;
+use crate::error::Error;
+use crate::repository::RemoteActor;
+
+#[derive(Debug, Clone)]
+pub struct DbActor {
+    pub user_id: uuid::Uuid,
+    pub username: String,
+    pub public_key_pem: String,
+    pub private_key_pem: Option<String>,
+    pub inbox_url: Url,
+    pub outbox_url: Url,
+    pub followers_url: Url,
+    pub following_url: Url,
+    pub ap_id: Url,
+    pub last_refreshed_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct Person {
+    #[serde(rename = "type")]
+    kind: PersonType,
+    id: ObjectId<DbActor>,
+    preferred_username: String,
+    inbox: Url,
+    outbox: Url,
+    followers: Url,
+    following: Url,
+    public_key: PublicKey,
+    name: Option<String>,
+}
+
+pub async fn get_local_actor(
+    user_id: uuid::Uuid,
+    data: &Data<FederationData>,
+) -> Result<DbActor, Error> {
+    let user = data
+        .user_repo
+        .find_by_id(user_id)
+        .await
+        .map_err(Error::from)?
+        .ok_or_else(|| Error::not_found(anyhow::anyhow!("user not found: {}", user_id)))?;
+
+    let (public_key, private_key) = match data
+        .federation_repo
+        .get_local_actor_keypair(user_id)
+        .await?
+    {
+        Some(kp) => kp,
+        None => {
+            let kp = generate_actor_keypair()?;
+            data.federation_repo
+                .save_local_actor_keypair(user_id, kp.public_key.clone(), kp.private_key.clone())
+                .await?;
+            (kp.public_key, kp.private_key)
+        }
+    };
+
+    let ap_id = crate::urls::actor_url(&data.base_url, user_id);
+    let inbox_url = Url::parse(&format!("{}/inbox", &ap_id)).expect("valid inbox url");
+    let outbox_url = Url::parse(&format!("{}/outbox", &ap_id)).expect("valid outbox url");
+    let followers_url = Url::parse(&format!("{}/followers", &ap_id)).expect("valid followers url");
+    let following_url = Url::parse(&format!("{}/following", &ap_id)).expect("valid following url");
+
+    Ok(DbActor {
+        user_id,
+        username: user.username,
+        public_key_pem: public_key,
+        private_key_pem: Some(private_key),
+        inbox_url,
+        outbox_url,
+        followers_url,
+        following_url,
+        ap_id,
+        last_refreshed_at: Utc::now(),
+    })
+}
+
+#[async_trait::async_trait]
+impl Object for DbActor {
+    type DataType = FederationData;
+    type Kind = Person;
+    type Error = Error;
+
+    fn id(&self) -> &Url {
+        &self.ap_id
+    }
+
+    fn last_refreshed_at(&self) -> Option<DateTime<Utc>> {
+        Some(self.last_refreshed_at)
+    }
+
+    async fn read_from_id(
+        object_id: Url,
+        data: &Data<Self::DataType>,
+    ) -> Result<Option<Self>, Self::Error> {
+        let user_id = match crate::urls::extract_user_id_from_url(&object_id) {
+            Some(id) => id,
+            None => return Ok(None),
+        };
+        let user = match data.user_repo.find_by_id(user_id).await {
+            Ok(Some(u)) => u,
+            _ => return Ok(None),
+        };
+
+        let keypair = data
+            .federation_repo
+            .get_local_actor_keypair(user_id)
+            .await?;
+
+        let (public_key, private_key) = match keypair {
+            Some(kp) => (kp.0, Some(kp.1)),
+            None => return Ok(None),
+        };
+
+        let ap_id = crate::urls::actor_url(&data.base_url, user_id);
+        let inbox_url = Url::parse(&format!("{}/inbox", &ap_id)).expect("valid url");
+        let outbox_url = Url::parse(&format!("{}/outbox", &ap_id)).expect("valid url");
+        let followers_url = Url::parse(&format!("{}/followers", &ap_id)).expect("valid url");
+        let following_url = Url::parse(&format!("{}/following", &ap_id)).expect("valid url");
+
+        Ok(Some(DbActor {
+            user_id,
+            username: user.username,
+            public_key_pem: public_key,
+            private_key_pem: private_key,
+            inbox_url,
+            outbox_url,
+            followers_url,
+            following_url,
+            ap_id,
+            last_refreshed_at: Utc::now(),
+        }))
+    }
+
+    async fn into_json(self, _data: &Data<Self::DataType>) -> Result<Self::Kind, Self::Error> {
+        let public_key = PublicKey {
+            id: format!("{}#main-key", &self.ap_id),
+            owner: self.ap_id.clone(),
+            public_key_pem: self.public_key_pem.clone(),
+        };
+
+        Ok(Person {
+            kind: Default::default(),
+            id: self.ap_id.clone().into(),
+            preferred_username: self.username.clone(),
+            inbox: self.inbox_url.clone(),
+            outbox: self.outbox_url.clone(),
+            followers: self.followers_url.clone(),
+            following: self.following_url.clone(),
+            public_key,
+            name: Some(self.username.clone()),
+        })
+    }
+
+    async fn verify(
+        json: &Self::Kind,
+        expected_domain: &Url,
+        _data: &Data<Self::DataType>,
+    ) -> Result<(), Self::Error> {
+        verify_domains_match(json.id.inner(), expected_domain)?;
+        Ok(())
+    }
+
+    async fn from_json(json: Self::Kind, data: &Data<Self::DataType>) -> Result<Self, Self::Error> {
+        let actor = RemoteActor {
+            url: json.id.inner().to_string(),
+            handle: json.preferred_username.clone(),
+            inbox_url: json.inbox.to_string(),
+            shared_inbox_url: None,
+            display_name: json.name.clone(),
+        };
+        data.federation_repo.upsert_remote_actor(actor).await?;
+
+        let url_str = json.id.inner().to_string();
+        let user_id = uuid::Uuid::new_v5(&uuid::Uuid::NAMESPACE_URL, url_str.as_bytes());
+        let ap_id = json.id.inner().clone();
+        let inbox_url = json.inbox.clone();
+        let outbox_url = json.outbox.clone();
+        let followers_url = json.followers.clone();
+        let following_url = json.following.clone();
+
+        Ok(DbActor {
+            user_id,
+            username: json.preferred_username.clone(),
+            public_key_pem: json.public_key.public_key_pem,
+            private_key_pem: None,
+            inbox_url,
+            outbox_url,
+            followers_url,
+            following_url,
+            ap_id,
+            last_refreshed_at: Utc::now(),
+        })
+    }
+}
+
+impl Actor for DbActor {
+    fn public_key_pem(&self) -> &str {
+        &self.public_key_pem
+    }
+
+    fn private_key_pem(&self) -> Option<String> {
+        self.private_key_pem.clone()
+    }
+
+    fn inbox(&self) -> Url {
+        self.inbox_url.clone()
+    }
+}

crates/adapters/activitypub-base/src/content.rs

@@ -0,0 +1,34 @@
+use async_trait::async_trait;
+use url::Url;
+
+#[async_trait]
+pub trait ApObjectHandler: Send + Sync {
+    /// Returns (ap_id, serialized object) for all local content owned by this user.
+    /// Used by outbox (count) and backfill (delivery). Must only return locally-authored content.
+    async fn get_local_objects_for_user(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> anyhow::Result<Vec<(Url, serde_json::Value)>>;
+
+    /// Incoming Create activity — persist remote content.
+    async fn on_create(
+        &self,
+        ap_id: &Url,
+        actor_url: &Url,
+        object: serde_json::Value,
+    ) -> anyhow::Result<()>;
+
+    /// Incoming Update activity — update existing remote content.
+    async fn on_update(
+        &self,
+        ap_id: &Url,
+        actor_url: &Url,
+        object: serde_json::Value,
+    ) -> anyhow::Result<()>;
+
+    /// Incoming Delete activity — remove specific remote content.
+    async fn on_delete(&self, ap_id: &Url, actor_url: &Url) -> anyhow::Result<()>;
+
+    /// Actor unfollowed/was removed — clean up all their remote content.
+    async fn on_actor_removed(&self, actor_url: &Url) -> anyhow::Result<()>;
+}

crates/adapters/activitypub-base/src/data.rs

@@ -0,0 +1,38 @@
+use std::sync::Arc;
+
+use crate::content::ApObjectHandler;
+use crate::repository::FederationRepository;
+use crate::user::ApUserRepository;
+
+#[derive(Clone)]
+pub struct FederationData {
+    pub(crate) federation_repo: Arc<dyn FederationRepository>,
+    pub(crate) user_repo: Arc<dyn ApUserRepository>,
+    pub(crate) object_handler: Arc<dyn ApObjectHandler>,
+    pub(crate) base_url: String,
+    pub(crate) domain: String,
+}
+
+impl FederationData {
+    pub fn new(
+        federation_repo: Arc<dyn FederationRepository>,
+        user_repo: Arc<dyn ApUserRepository>,
+        object_handler: Arc<dyn ApObjectHandler>,
+        base_url: String,
+    ) -> Self {
+        let domain = base_url
+            .trim_start_matches("https://")
+            .trim_start_matches("http://")
+            .split('/')
+            .next()
+            .unwrap_or("")
+            .to_string();
+        Self {
+            federation_repo,
+            user_repo,
+            object_handler,
+            base_url,
+            domain,
+        }
+    }
+}

crates/adapters/activitypub-base/src/error.rs

@@ -0,0 +1,48 @@
+use std::fmt::{Display, Formatter};
+
+use axum::http::StatusCode;
+
+#[derive(Debug)]
+pub struct Error(pub(crate) anyhow::Error, pub(crate) StatusCode);
+
+impl Error {
+    pub fn not_found(e: impl Into<anyhow::Error>) -> Self {
+        Self(e.into(), StatusCode::NOT_FOUND)
+    }
+
+    pub fn bad_request(e: impl Into<anyhow::Error>) -> Self {
+        Self(e.into(), StatusCode::BAD_REQUEST)
+    }
+}
+
+impl Display for Error {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        std::fmt::Display::fmt(&self.0, f)
+    }
+}
+
+impl<T> From<T> for Error
+where
+    T: Into<anyhow::Error>,
+{
+    fn from(t: T) -> Self {
+        Error(t.into(), StatusCode::INTERNAL_SERVER_ERROR)
+    }
+}
+
+impl axum::response::IntoResponse for Error {
+    fn into_response(self) -> axum::response::Response {
+        let status = self.1;
+        if status.is_server_error() {
+            tracing::error!(error = %self.0, status = status.as_u16(), "federation error");
+        } else {
+            tracing::debug!(error = %self.0, status = status.as_u16(), "federation response");
+        }
+        let body = if status.is_server_error() {
+            "internal server error".to_string()
+        } else {
+            self.0.to_string()
+        };
+        (status, body).into_response()
+    }
+}

crates/adapters/activitypub-base/src/federation.rs

@@ -0,0 +1,50 @@
+use activitypub_federation::config::{Data, FederationConfig, FederationMiddleware, UrlVerifier};
+use activitypub_federation::error::Error as FedError;
+use url::Url;
+
+use crate::data::FederationData;
+
+#[derive(Clone)]
+struct PermissiveVerifier;
+
+#[async_trait::async_trait]
+impl UrlVerifier for PermissiveVerifier {
+    async fn verify(&self, _url: &Url) -> Result<(), FedError> {
+        Ok(())
+    }
+}
+
+#[derive(Clone)]
+pub struct ApFederationConfig(pub FederationConfig<FederationData>);
+
+impl ApFederationConfig {
+    pub async fn new(data: FederationData, debug: bool) -> anyhow::Result<Self> {
+        let config = if debug {
+            FederationConfig::builder()
+                .domain(&data.domain)
+                .app_data(data)
+                .debug(true)
+                .http_signature_compat(true)
+                .url_verifier(Box::new(PermissiveVerifier))
+                .build()
+                .await?
+        } else {
+            FederationConfig::builder()
+                .domain(&data.domain)
+                .app_data(data)
+                .debug(false)
+                .http_signature_compat(true)
+                .build()
+                .await?
+        };
+        Ok(Self(config))
+    }
+
+    pub fn to_request_data(&self) -> Data<FederationData> {
+        self.0.to_request_data()
+    }
+
+    pub fn middleware(&self) -> FederationMiddleware<FederationData> {
+        FederationMiddleware::new(self.0.clone())
+    }
+}

crates/adapters/activitypub-base/src/followers_handler.rs

@@ -0,0 +1,71 @@
+use activitypub_federation::{axum::json::FederationJson, config::Data};
+use axum::extract::Path;
+use serde_json::json;
+
+use crate::data::FederationData;
+use crate::error::Error;
+use crate::repository::FollowerStatus;
+
+fn ordered_collection(id: String, total: usize, items: Vec<String>) -> serde_json::Value {
+    json!({
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "type": "OrderedCollection",
+        "id": id,
+        "totalItems": total,
+        "orderedItems": items,
+    })
+}
+
+pub async fn followers_handler(
+    Path(user_id_str): Path<String>,
+    data: Data<FederationData>,
+) -> Result<FederationJson<serde_json::Value>, Error> {
+    let user_id = uuid::Uuid::parse_str(&user_id_str)
+        .map_err(|_| Error::bad_request(anyhow::anyhow!("invalid user id")))?;
+
+    data.user_repo
+        .find_by_id(user_id)
+        .await
+        .map_err(Error::from)?
+        .ok_or_else(|| Error::not_found(anyhow::anyhow!("user not found")))?;
+
+    let followers = data
+        .federation_repo
+        .get_followers(user_id)
+        .await
+        .map_err(Error::from)?;
+
+    let items: Vec<String> = followers
+        .into_iter()
+        .filter(|f| f.status == FollowerStatus::Accepted)
+        .map(|f| f.actor.url)
+        .collect();
+
+    let id = format!("{}/users/{}/followers", data.base_url, user_id_str);
+    Ok(FederationJson(ordered_collection(id, items.len(), items)))
+}
+
+pub async fn following_handler(
+    Path(user_id_str): Path<String>,
+    data: Data<FederationData>,
+) -> Result<FederationJson<serde_json::Value>, Error> {
+    let user_id = uuid::Uuid::parse_str(&user_id_str)
+        .map_err(|_| Error::bad_request(anyhow::anyhow!("invalid user id")))?;
+
+    data.user_repo
+        .find_by_id(user_id)
+        .await
+        .map_err(Error::from)?
+        .ok_or_else(|| Error::not_found(anyhow::anyhow!("user not found")))?;
+
+    let following = data
+        .federation_repo
+        .get_following(user_id)
+        .await
+        .map_err(Error::from)?;
+
+    let items: Vec<String> = following.into_iter().map(|a| a.url).collect();
+
+    let id = format!("{}/users/{}/following", data.base_url, user_id_str);
+    Ok(FederationJson(ordered_collection(id, items.len(), items)))
+}

crates/adapters/activitypub-base/src/inbox.rs

@@ -0,0 +1,18 @@
+use activitypub_federation::{
+    axum::inbox::{ActivityData, receive_activity},
+    config::Data,
+    protocol::context::WithContext,
+};
+
+use crate::activities::InboxActivities;
+use crate::actors::DbActor;
+use crate::data::FederationData;
+use crate::error::Error;
+
+pub async fn inbox_handler(
+    data: Data<FederationData>,
+    activity_data: ActivityData,
+) -> Result<(), Error> {
+    receive_activity::<WithContext<InboxActivities>, DbActor, FederationData>(activity_data, &data)
+        .await
+}

crates/adapters/activitypub-base/src/lib.rs

@@ -0,0 +1,25 @@
+pub mod activities;
+pub mod actor_handler;
+pub mod actors;
+pub mod content;
+pub mod data;
+pub mod error;
+pub mod federation;
+pub mod followers_handler;
+pub mod inbox;
+pub mod outbox;
+pub mod repository;
+pub mod service;
+pub(crate) mod urls;
+pub mod user;
+pub mod webfinger;
+
+pub use content::ApObjectHandler;
+pub use data::FederationData;
+pub use error::Error;
+pub use federation::ApFederationConfig;
+pub use repository::{
+    FederationRepository, Follower, FollowerStatus, FollowingStatus, RemoteActor,
+};
+pub use service::ActivityPubService;
+pub use user::{ApUser, ApUserRepository};

crates/adapters/activitypub-base/src/outbox.rs

@@ -0,0 +1,48 @@
+use activitypub_federation::{axum::json::FederationJson, config::Data};
+use axum::extract::Path;
+use serde::{Deserialize, Serialize};
+
+use crate::data::FederationData;
+use crate::error::Error;
+
+#[derive(Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct OrderedCollection {
+    #[serde(rename = "@context")]
+    context: String,
+    #[serde(rename = "type")]
+    kind: String,
+    id: String,
+    total_items: u64,
+    ordered_items: Vec<serde_json::Value>,
+}
+
+pub async fn outbox_handler(
+    Path(user_id_str): Path<String>,
+    data: Data<FederationData>,
+) -> Result<FederationJson<OrderedCollection>, Error> {
+    let uuid = uuid::Uuid::parse_str(&user_id_str)
+        .map_err(|_| Error::bad_request(anyhow::anyhow!("invalid user id")))?;
+
+    data.user_repo
+        .find_by_id(uuid)
+        .await
+        .map_err(Error::from)?
+        .ok_or_else(|| Error::not_found(anyhow::anyhow!("user not found")))?;
+
+    let objects = data
+        .object_handler
+        .get_local_objects_for_user(uuid)
+        .await
+        .map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+
+    let outbox_url = format!("{}/users/{}/outbox", data.base_url, user_id_str);
+
+    Ok(FederationJson(OrderedCollection {
+        context: "https://www.w3.org/ns/activitystreams".to_string(),
+        kind: "OrderedCollection".to_string(),
+        id: outbox_url,
+        total_items: objects.len() as u64,
+        ordered_items: vec![],
+    }))
+}

crates/adapters/activitypub-base/src/repository.rs

@@ -0,0 +1,91 @@
+use anyhow::Result;
+use async_trait::async_trait;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum FollowerStatus {
+    Pending,
+    Accepted,
+    Rejected,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub enum FollowingStatus {
+    Pending,
+    Accepted,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct RemoteActor {
+    pub url: String,
+    pub handle: String,
+    pub inbox_url: String,
+    pub shared_inbox_url: Option<String>,
+    pub display_name: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub struct Follower {
+    pub actor: RemoteActor,
+    pub status: FollowerStatus,
+}
+
+#[async_trait]
+pub trait FederationRepository: Send + Sync {
+    async fn add_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+        follow_activity_id: &str,
+    ) -> Result<()>;
+    async fn get_follower_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>>;
+    async fn remove_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<()>;
+    async fn get_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<Follower>>;
+    async fn update_follower_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+    ) -> Result<()>;
+    async fn add_following(
+        &self,
+        local_user_id: uuid::Uuid,
+        actor: RemoteActor,
+        follow_activity_id: &str,
+    ) -> Result<()>;
+    async fn get_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>>;
+    async fn remove_following(&self, local_user_id: uuid::Uuid, actor_url: &str) -> Result<()>;
+    async fn get_following(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>>;
+    async fn count_following(&self, local_user_id: uuid::Uuid) -> Result<usize>;
+    async fn upsert_remote_actor(&self, actor: RemoteActor) -> Result<()>;
+    async fn get_remote_actor(&self, actor_url: &str) -> Result<Option<RemoteActor>>;
+    async fn get_local_actor_keypair(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> Result<Option<(String, String)>>;
+    async fn save_local_actor_keypair(
+        &self,
+        user_id: uuid::Uuid,
+        public_key: String,
+        private_key: String,
+    ) -> Result<()>;
+    async fn get_pending_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>>;
+    async fn update_following_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowingStatus,
+    ) -> Result<()>;
+}

crates/adapters/activitypub-base/src/service.rs

@@ -0,0 +1,620 @@
+use std::sync::Arc;
+
+use activitypub_federation::{
+    activity_sending::SendActivityTask,
+    fetch::{object_id::ObjectId, webfinger::webfinger_resolve_actor},
+    protocol::context::WithContext,
+    traits::Actor,
+};
+use axum::{Router, routing::get, routing::post};
+use url::Url;
+
+use crate::{
+    activities::{AcceptActivity, CreateActivity, FollowActivity, RejectActivity, UndoActivity},
+    actors::{DbActor, get_local_actor},
+    content::ApObjectHandler,
+    data::FederationData,
+    federation::ApFederationConfig,
+    followers_handler::{followers_handler, following_handler},
+    inbox::inbox_handler,
+    outbox::outbox_handler,
+    repository::{FederationRepository, FollowerStatus, FollowingStatus, RemoteActor},
+    urls::activity_url,
+    user::ApUserRepository,
+    webfinger::webfinger_handler,
+};
+
+pub(crate) async fn send_with_retry(
+    sends: Vec<SendActivityTask>,
+    data: &activitypub_federation::config::Data<FederationData>,
+) -> Vec<anyhow::Error> {
+    let mut failures = vec![];
+    for send in sends {
+        let mut delay = std::time::Duration::from_secs(1);
+        for attempt in 1..=3u32 {
+            match send.clone().sign_and_send(data).await {
+                Ok(()) => break,
+                Err(e) if attempt < 3 => {
+                    tracing::warn!(attempt, error = %e, "delivery failed, retrying");
+                    tokio::time::sleep(delay).await;
+                    delay *= 2;
+                }
+                Err(e) => {
+                    tracing::error!(attempt, error = %e, "delivery failed permanently");
+                    failures.push(anyhow::anyhow!(e));
+                }
+            }
+        }
+    }
+    failures
+}
+
+pub struct ActivityPubService {
+    federation_config: ApFederationConfig,
+    base_url: String,
+}
+
+impl ActivityPubService {
+    pub async fn new(
+        repo: Arc<dyn FederationRepository>,
+        user_repo: Arc<dyn ApUserRepository>,
+        object_handler: Arc<dyn ApObjectHandler>,
+        base_url: String,
+        debug: bool,
+    ) -> anyhow::Result<Self> {
+        let data = FederationData::new(repo, user_repo, object_handler, base_url.clone());
+        let federation_config = ApFederationConfig::new(data, debug).await?;
+        Ok(Self {
+            federation_config,
+            base_url,
+        })
+    }
+
+    pub fn federation_config(&self) -> &ApFederationConfig {
+        &self.federation_config
+    }
+
+    pub fn request_data(&self) -> activitypub_federation::config::Data<FederationData> {
+        self.federation_config.to_request_data()
+    }
+
+    pub async fn actor_json(&self, user_id_str: &str) -> anyhow::Result<String> {
+        use activitypub_federation::traits::Object;
+        let uuid = uuid::Uuid::parse_str(user_id_str)?;
+        let data = self.federation_config.to_request_data();
+        let actor = get_local_actor(uuid, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+        let person = actor
+            .into_json(&data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+        Ok(serde_json::to_string(&WithContext::new_default(person))?)
+    }
+
+    pub fn router(&self) -> Router {
+        Router::new()
+            .route("/.well-known/webfinger", get(webfinger_handler))
+            .route("/users/{id}/inbox", post(inbox_handler))
+            .route("/users/{id}/outbox", get(outbox_handler))
+            .route("/users/{id}/followers", get(followers_handler))
+            .route("/users/{id}/following", get(following_handler))
+            .layer(self.federation_config.middleware())
+    }
+
+    pub async fn follow(&self, local_user_id: uuid::Uuid, handle: &str) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+
+        let normalized = handle.trim_start_matches('@');
+        let parts: Vec<&str> = normalized.splitn(2, '@').collect();
+        if parts.len() == 2 && parts[1] == data.domain {
+            return self.follow_local(local_user_id, parts[0], &data).await;
+        }
+
+        let remote_actor: DbActor = webfinger_resolve_actor(handle, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let local_actor = get_local_actor(local_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let follow_id = activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?;
+        let follow_id_str = follow_id.to_string();
+        let follow = FollowActivity {
+            id: follow_id,
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object: ObjectId::from(remote_actor.ap_id.clone()),
+        };
+        let follow_with_ctx = WithContext::new_default(follow);
+
+        let sends = SendActivityTask::prepare(
+            &follow_with_ctx,
+            &local_actor,
+            vec![remote_actor.inbox()],
+            &data,
+        )
+        .await?;
+        let failures = send_with_retry(sends, &data).await;
+        if !failures.is_empty() {
+            tracing::warn!(
+                count = failures.len(),
+                "some activity deliveries failed permanently"
+            );
+        }
+
+        let remote = RemoteActor {
+            url: remote_actor.ap_id.to_string(),
+            handle: remote_actor.username.clone(),
+            inbox_url: remote_actor.inbox_url.to_string(),
+            shared_inbox_url: None,
+            display_name: Some(remote_actor.username.clone()),
+        };
+        data.federation_repo
+            .add_following(local_user_id, remote, &follow_id_str)
+            .await?;
+
+        Ok(())
+    }
+
+    pub async fn unfollow(
+        &self,
+        local_user_id: uuid::Uuid,
+        actor_url_str: &str,
+    ) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+
+        if actor_url_str.starts_with(&self.base_url) {
+            return self
+                .unfollow_local(local_user_id, actor_url_str, &data)
+                .await;
+        }
+
+        let remote = data
+            .federation_repo
+            .get_remote_actor(actor_url_str)
+            .await?
+            .ok_or_else(|| anyhow::anyhow!("remote actor not found: {}", actor_url_str))?;
+
+        let local_actor = get_local_actor(local_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let remote_ap_id = Url::parse(actor_url_str)?;
+        let inbox = Url::parse(&remote.inbox_url)?;
+
+        let follow_activity_id_str = data
+            .federation_repo
+            .get_follow_activity_id(local_user_id, actor_url_str)
+            .await?;
+        let follow_id = match follow_activity_id_str {
+            Some(id) => Url::parse(&id)?,
+            None => activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?,
+        };
+        let follow = FollowActivity {
+            id: follow_id,
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object: ObjectId::from(remote_ap_id),
+        };
+
+        let undo_id = activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?;
+        let undo = UndoActivity {
+            id: undo_id,
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object: follow,
+        };
+
+        let sends = SendActivityTask::prepare(
+            &WithContext::new_default(undo),
+            &local_actor,
+            vec![inbox],
+            &data,
+        )
+        .await?;
+        let failures = send_with_retry(sends, &data).await;
+        if !failures.is_empty() {
+            tracing::warn!(
+                count = failures.len(),
+                "some activity deliveries failed permanently"
+            );
+        }
+
+        data.federation_repo
+            .remove_following(local_user_id, actor_url_str)
+            .await?;
+
+        data.object_handler
+            .on_actor_removed(&Url::parse(actor_url_str)?)
+            .await?;
+
+        Ok(())
+    }
+
+    pub async fn accept_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+        let local_actor = get_local_actor(local_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let remote_actor = data
+            .federation_repo
+            .get_remote_actor(remote_actor_url)
+            .await?
+            .ok_or_else(|| anyhow::anyhow!("remote actor not found"))?;
+
+        let follow_id_str = data
+            .federation_repo
+            .get_follower_follow_activity_id(local_user_id, remote_actor_url)
+            .await?
+            .ok_or_else(|| {
+                anyhow::anyhow!("follow activity id not found for {}", remote_actor_url)
+            })?;
+        let follow_id = Url::parse(&follow_id_str)?;
+        let follow = FollowActivity {
+            id: follow_id,
+            kind: Default::default(),
+            actor: ObjectId::from(Url::parse(remote_actor_url)?),
+            object: ObjectId::from(local_actor.ap_id.clone()),
+        };
+        let accept = AcceptActivity {
+            id: activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?,
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object: follow,
+        };
+
+        data.federation_repo
+            .update_follower_status(local_user_id, remote_actor_url, FollowerStatus::Accepted)
+            .await?;
+
+        let inbox = Url::parse(&remote_actor.inbox_url)?;
+        let sends = SendActivityTask::prepare(
+            &WithContext::new_default(accept),
+            &local_actor,
+            vec![inbox.clone()],
+            &data,
+        )
+        .await?;
+        let failures = send_with_retry(sends, &data).await;
+        if !failures.is_empty() {
+            tracing::warn!(
+                "failed to deliver Accept activity, but follower is marked accepted locally"
+            );
+        }
+
+        self.spawn_backfill(local_user_id, remote_actor.inbox_url.clone());
+
+        Ok(())
+    }
+
+    pub async fn reject_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+        let local_actor = get_local_actor(local_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let remote_actor = data
+            .federation_repo
+            .get_remote_actor(remote_actor_url)
+            .await?
+            .ok_or_else(|| anyhow::anyhow!("remote actor not found"))?;
+
+        let follow_id = activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?;
+        let follow = FollowActivity {
+            id: follow_id,
+            kind: Default::default(),
+            actor: ObjectId::from(Url::parse(remote_actor_url)?),
+            object: ObjectId::from(local_actor.ap_id.clone()),
+        };
+        let reject = RejectActivity {
+            id: activity_url(&self.base_url).map_err(|e| anyhow::anyhow!("{e}"))?,
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object: follow,
+        };
+
+        let inbox = Url::parse(&remote_actor.inbox_url)?;
+        let sends = SendActivityTask::prepare(
+            &WithContext::new_default(reject),
+            &local_actor,
+            vec![inbox],
+            &data,
+        )
+        .await?;
+        let failures = send_with_retry(sends, &data).await;
+        if !failures.is_empty() {
+            tracing::warn!(
+                count = failures.len(),
+                "some activity deliveries failed permanently"
+            );
+        }
+
+        data.federation_repo
+            .remove_follower(local_user_id, remote_actor_url)
+            .await?;
+
+        Ok(())
+    }
+
+    pub async fn get_pending_followers(
+        &self,
+        local_user_id: uuid::Uuid,
+    ) -> anyhow::Result<Vec<RemoteActor>> {
+        let data = self.federation_config.to_request_data();
+        data.federation_repo
+            .get_pending_followers(local_user_id)
+            .await
+    }
+
+    pub async fn get_accepted_followers(
+        &self,
+        local_user_id: uuid::Uuid,
+    ) -> anyhow::Result<Vec<RemoteActor>> {
+        let data = self.federation_config.to_request_data();
+        let followers = data.federation_repo.get_followers(local_user_id).await?;
+        Ok(followers
+            .into_iter()
+            .filter(|f| f.status == FollowerStatus::Accepted)
+            .map(|f| f.actor)
+            .collect())
+    }
+
+    pub async fn count_accepted_followers(
+        &self,
+        local_user_id: uuid::Uuid,
+    ) -> anyhow::Result<usize> {
+        let data = self.federation_config.to_request_data();
+        let followers = data.federation_repo.get_followers(local_user_id).await?;
+        Ok(followers
+            .into_iter()
+            .filter(|f| f.status == FollowerStatus::Accepted)
+            .count())
+    }
+
+    pub async fn get_following(
+        &self,
+        local_user_id: uuid::Uuid,
+    ) -> anyhow::Result<Vec<RemoteActor>> {
+        let data = self.federation_config.to_request_data();
+        data.federation_repo.get_following(local_user_id).await
+    }
+
+    pub async fn count_following(&self, local_user_id: uuid::Uuid) -> anyhow::Result<usize> {
+        let data = self.federation_config.to_request_data();
+        data.federation_repo.count_following(local_user_id).await
+    }
+
+    pub async fn remove_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        actor_url: &str,
+    ) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+        data.federation_repo
+            .remove_follower(local_user_id, actor_url)
+            .await
+    }
+
+    /// Broadcast a single object to all accepted followers as a Create activity.
+    /// Called by project-specific event handlers when new content is created.
+    pub async fn broadcast_to_followers(
+        &self,
+        local_user_id: uuid::Uuid,
+        ap_id: Url,
+        object: serde_json::Value,
+    ) -> anyhow::Result<()> {
+        let data = self.federation_config.to_request_data();
+        let local_actor = get_local_actor(local_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+
+        let followers = data.federation_repo.get_followers(local_user_id).await?;
+        let accepted: Vec<_> = followers
+            .into_iter()
+            .filter(|f| f.status == FollowerStatus::Accepted)
+            .collect();
+
+        if accepted.is_empty() {
+            return Ok(());
+        }
+
+        let create = CreateActivity {
+            id: ap_id.clone(),
+            kind: Default::default(),
+            actor: ObjectId::from(local_actor.ap_id.clone()),
+            object,
+        };
+        let create_with_ctx = WithContext::new_default(create);
+
+        let inboxes: Vec<Url> = accepted
+            .iter()
+            .filter_map(|f| Url::parse(&f.actor.inbox_url).ok())
+            .collect();
+
+        let sends =
+            SendActivityTask::prepare(&create_with_ctx, &local_actor, inboxes, &data).await?;
+        let failures = send_with_retry(sends, &data).await;
+        if !failures.is_empty() {
+            tracing::warn!(
+                count = failures.len(),
+                "some activity deliveries failed permanently"
+            );
+        }
+
+        Ok(())
+    }
+
+    async fn follow_local(
+        &self,
+        local_user_id: uuid::Uuid,
+        target_username: &str,
+        data: &activitypub_federation::config::Data<FederationData>,
+    ) -> anyhow::Result<()> {
+        let target = data
+            .user_repo
+            .find_by_username(target_username)
+            .await?
+            .ok_or_else(|| anyhow::anyhow!("user not found: {}", target_username))?;
+
+        if target.id == local_user_id {
+            return Err(anyhow::anyhow!("cannot follow yourself"));
+        }
+
+        let follower_actor_url = crate::urls::actor_url(&self.base_url, local_user_id).to_string();
+        let target_actor_url = crate::urls::actor_url(&self.base_url, target.id);
+        let target_inbox_url = format!("{}/inbox", target_actor_url);
+        let follow_id = activity_url(&self.base_url)
+            .map_err(|e| anyhow::anyhow!("{e}"))?
+            .to_string();
+
+        data.federation_repo
+            .add_follower(
+                target.id,
+                &follower_actor_url,
+                FollowerStatus::Accepted,
+                &follow_id,
+            )
+            .await?;
+
+        let target_as_remote = RemoteActor {
+            url: target_actor_url.to_string(),
+            handle: format!("{}@{}", target.username, data.domain),
+            inbox_url: target_inbox_url,
+            shared_inbox_url: None,
+            display_name: Some(target.username),
+        };
+        data.federation_repo
+            .add_following(local_user_id, target_as_remote, &follow_id)
+            .await?;
+
+        data.federation_repo
+            .update_following_status(
+                local_user_id,
+                &target_actor_url.to_string(),
+                FollowingStatus::Accepted,
+            )
+            .await?;
+
+        tracing::info!(follower = %local_user_id, followee = %target.id, "local follow");
+        Ok(())
+    }
+
+    async fn unfollow_local(
+        &self,
+        local_user_id: uuid::Uuid,
+        target_actor_url: &str,
+        data: &activitypub_federation::config::Data<FederationData>,
+    ) -> anyhow::Result<()> {
+        let target_url = Url::parse(target_actor_url)?;
+        let target_user_id = crate::urls::extract_user_id_from_url(&target_url)
+            .ok_or_else(|| anyhow::anyhow!("invalid local actor URL: {}", target_actor_url))?;
+
+        let local_actor_url = crate::urls::actor_url(&self.base_url, local_user_id).to_string();
+
+        data.federation_repo
+            .remove_follower(target_user_id, &local_actor_url)
+            .await?;
+        data.federation_repo
+            .remove_following(local_user_id, target_actor_url)
+            .await?;
+
+        tracing::info!(follower = %local_user_id, followee = %target_user_id, "local unfollow");
+        Ok(())
+    }
+
+    fn spawn_backfill(&self, owner_user_id: uuid::Uuid, follower_inbox_url: String) {
+        let config = self.federation_config.clone();
+        let base_url = self.base_url.clone();
+        tokio::spawn(async move {
+            if let Err(e) = ActivityPubService::run_backfill(
+                config,
+                base_url,
+                owner_user_id,
+                follower_inbox_url,
+            )
+            .await
+            {
+                tracing::warn!(error = %e, "backfill: task failed");
+            }
+        });
+    }
+
+    async fn run_backfill(
+        config: ApFederationConfig,
+        base_url: String,
+        owner_user_id: uuid::Uuid,
+        follower_inbox_url: String,
+    ) -> anyhow::Result<()> {
+        const BATCH_SIZE: usize = 20;
+
+        let data = config.to_request_data();
+        let local_actor = get_local_actor(owner_user_id, &data)
+            .await
+            .map_err(|e| anyhow::anyhow!("{e}"))?;
+        let inbox = Url::parse(&follower_inbox_url)?;
+
+        let mut objects = data
+            .object_handler
+            .get_local_objects_for_user(owner_user_id)
+            .await?;
+        objects.reverse(); // oldest first → chronological feed
+
+        let total = objects.len();
+        let mut success_count = 0usize;
+        let mut failure_count = 0usize;
+
+        for chunk in objects.chunks(BATCH_SIZE) {
+            for (ap_id, object_json) in chunk {
+                // Use a stable Create activity ID derived from the object's ap_id
+                let create_id = Url::parse(&format!(
+                    "{}/activities/create/{}",
+                    base_url,
+                    uuid::Uuid::new_v5(&uuid::Uuid::NAMESPACE_URL, ap_id.as_str().as_bytes())
+                ))?;
+
+                let create = CreateActivity {
+                    id: create_id,
+                    kind: Default::default(),
+                    actor: ObjectId::from(local_actor.ap_id.clone()),
+                    object: object_json.clone(),
+                };
+
+                let sends = SendActivityTask::prepare(
+                    &WithContext::new_default(create),
+                    &local_actor,
+                    vec![inbox.clone()],
+                    &data,
+                )
+                .await?;
+                let failures = send_with_retry(sends, &data).await;
+                if failures.is_empty() {
+                    success_count += 1;
+                } else {
+                    failure_count += 1;
+                }
+            }
+            tokio::time::sleep(std::time::Duration::from_millis(100)).await;
+        }
+
+        tracing::info!(
+            user_id = %owner_user_id,
+            follower = %follower_inbox_url,
+            sent = success_count,
+            failed = failure_count,
+            total = total,
+            "backfill complete"
+        );
+        Ok(())
+    }
+}

crates/adapters/activitypub-base/src/urls.rs

@@ -0,0 +1,20 @@
+use url::Url;
+
+use crate::error::Error;
+
+pub fn extract_user_id_from_url(url: &Url) -> Option<uuid::Uuid> {
+    let path = url.path();
+    path.strip_prefix("/users/")
+        .and_then(|s| s.split('/').next())
+        .and_then(|s| uuid::Uuid::parse_str(s).ok())
+}
+
+pub fn activity_url(base_url: &str) -> Result<Url, Error> {
+    Url::parse(&format!("{}/activities/{}", base_url, uuid::Uuid::new_v4()))
+        .map_err(|e| Error::bad_request(anyhow::anyhow!(e)))
+}
+
+pub fn actor_url(base_url: &str, user_id: uuid::Uuid) -> Url {
+    Url::parse(&format!("{}/users/{}", base_url, user_id))
+        .expect("base_url is always a valid URL prefix")
+}

crates/adapters/activitypub-base/src/user.rs

@@ -0,0 +1,13 @@
+use async_trait::async_trait;
+
+#[derive(Debug, Clone)]
+pub struct ApUser {
+    pub id: uuid::Uuid,
+    pub username: String,
+}
+
+#[async_trait]
+pub trait ApUserRepository: Send + Sync {
+    async fn find_by_id(&self, id: uuid::Uuid) -> anyhow::Result<Option<ApUser>>;
+    async fn find_by_username(&self, username: &str) -> anyhow::Result<Option<ApUser>>;
+}

crates/adapters/activitypub-base/src/webfinger.rs

@@ -0,0 +1,38 @@
+use activitypub_federation::{
+    config::Data,
+    fetch::webfinger::{Webfinger, build_webfinger_response, extract_webfinger_name},
+};
+use axum::{
+    extract::Query,
+    http::header,
+    response::{IntoResponse, Response},
+};
+use serde::Deserialize;
+
+use crate::data::FederationData;
+use crate::error::Error;
+
+#[derive(Deserialize)]
+pub struct WebfingerQuery {
+    resource: String,
+}
+
+pub async fn webfinger_handler(
+    Query(query): Query<WebfingerQuery>,
+    data: Data<FederationData>,
+) -> Result<Response, Error> {
+    let name = extract_webfinger_name(&query.resource, &data)?;
+
+    let user = data
+        .user_repo
+        .find_by_username(name)
+        .await
+        .map_err(Error::from)?
+        .ok_or_else(|| Error::not_found(anyhow::anyhow!("user not found")))?;
+
+    let ap_id = crate::urls::actor_url(&data.base_url, user.id);
+
+    let wf: Webfinger = build_webfinger_response(query.resource, ap_id);
+    let body = serde_json::to_string(&wf).map_err(|e| Error::from(anyhow::anyhow!(e)))?;
+    Ok(([(header::CONTENT_TYPE, "application/jrd+json")], body).into_response())
+}

crates/adapters/activitypub/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "activitypub"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+activitypub-base = { workspace = true }
+domain = { workspace = true }
+tokio = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+uuid = { workspace = true }
+chrono = { workspace = true }
+anyhow = { workspace = true }
+tracing = { workspace = true }
+async-trait = { workspace = true }
+
+activitypub_federation = "0.7.0-beta.11"
+url = { version = "2", features = ["serde"] }

crates/adapters/activitypub/src/event_handler.rs

@@ -0,0 +1,99 @@
+use async_trait::async_trait;
+use domain::ports::EventHandler;
+use domain::{
+    errors::DomainError,
+    events::DomainEvent,
+    ports::{MovieRepository, ReviewRepository},
+    value_objects::{ReviewId, UserId},
+};
+use std::sync::Arc;
+
+use activitypub_base::ActivityPubService;
+
+use crate::objects::review_to_ap_object;
+use crate::urls::{actor_url, review_url};
+
+pub struct ActivityPubEventHandler {
+    ap_service: Arc<ActivityPubService>,
+    movie_repository: Arc<dyn MovieRepository>,
+    review_repository: Arc<dyn ReviewRepository>,
+    base_url: String,
+}
+
+impl ActivityPubEventHandler {
+    pub fn new(
+        ap_service: Arc<ActivityPubService>,
+        movie_repository: Arc<dyn MovieRepository>,
+        review_repository: Arc<dyn ReviewRepository>,
+        base_url: String,
+    ) -> Self {
+        Self {
+            ap_service,
+            movie_repository,
+            review_repository,
+            base_url,
+        }
+    }
+}
+
+#[async_trait]
+impl EventHandler for ActivityPubEventHandler {
+    async fn handle(&self, event: &DomainEvent) -> Result<(), DomainError> {
+        match event {
+            DomainEvent::ReviewLogged {
+                review_id, user_id, ..
+            } => self
+                .on_review_logged(user_id, review_id)
+                .await
+                .map_err(|e| DomainError::InfrastructureError(e.to_string())),
+            _ => Ok(()),
+        }
+    }
+}
+
+impl ActivityPubEventHandler {
+    async fn on_review_logged(&self, user_id: &UserId, review_id: &ReviewId) -> anyhow::Result<()> {
+        let review = match self.review_repository.get_review_by_id(review_id).await? {
+            Some(r) => r,
+            None => return Ok(()),
+        };
+
+        let ap_id = review_url(&self.base_url, review_id);
+        let actor = actor_url(&self.base_url, user_id.value());
+
+        let movie = self
+            .movie_repository
+            .get_movie_by_id(review.movie_id())
+            .await
+            .ok()
+            .flatten();
+        let movie_title = movie
+            .as_ref()
+            .map(|m| m.title().value().to_string())
+            .unwrap_or_else(|| "Unknown".to_string());
+        let release_year = movie
+            .as_ref()
+            .map(|m| m.release_year().value())
+            .unwrap_or(0);
+        let poster_url = movie
+            .as_ref()
+            .and_then(|m| m.poster_path())
+            .map(|p| format!("{}/posters/{}", self.base_url, p.value()));
+
+        let obj = review_to_ap_object(
+            &review,
+            ap_id.clone(),
+            actor,
+            movie_title,
+            release_year,
+            poster_url,
+        );
+        let json = serde_json::to_value(obj)?;
+
+        self.ap_service
+            .broadcast_to_followers(user_id.value(), ap_id, json)
+            .await?;
+
+        Ok(())
+    }
+}

crates/adapters/activitypub/src/lib.rs

@@ -0,0 +1,19 @@
+pub mod event_handler;
+pub mod objects;
+pub mod port;
+pub mod remote_review_repository;
+pub mod review_handler;
+pub(crate) mod urls;
+pub mod user_adapter;
+
+// Re-export the generic base types that callers need
+pub use activitypub_base::{
+    ActivityPubService, ApFederationConfig, ApObjectHandler, ApUser, ApUserRepository,
+    FederationData, FederationRepository, Follower, FollowerStatus, FollowingStatus, RemoteActor,
+};
+
+pub use event_handler::ActivityPubEventHandler;
+pub use port::{ActivityPubPort, NoopActivityPubService};
+pub use remote_review_repository::RemoteReviewRepository;
+pub use review_handler::ReviewObjectHandler;
+pub use user_adapter::DomainUserRepoAdapter;

crates/adapters/activitypub/src/objects.rs

@@ -0,0 +1,66 @@
+use activitypub_federation::kinds::object::NoteType;
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use url::Url;
+
+use domain::models::Review;
+
+#[derive(Debug, Clone, Deserialize, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ReviewObject {
+    #[serde(rename = "type")]
+    pub(crate) kind: NoteType,
+    pub(crate) id: Url,
+    pub(crate) attributed_to: Url,
+    pub(crate) content: String,
+    pub(crate) published: DateTime<Utc>,
+    pub(crate) movie_title: String,
+    #[serde(default)]
+    pub(crate) release_year: u16,
+    #[serde(default)]
+    pub(crate) poster_url: Option<String>,
+    pub(crate) rating: u8,
+    pub(crate) comment: Option<String>,
+    pub(crate) watched_at: DateTime<Utc>,
+}
+
+/// Serialize a local Review into a ReviewObject for AP delivery.
+/// Takes movie metadata explicitly since the handler fetches it separately.
+pub fn review_to_ap_object(
+    review: &Review,
+    ap_id: Url,
+    actor_url: Url,
+    movie_title: String,
+    release_year: u16,
+    poster_url: Option<String>,
+) -> ReviewObject {
+    let stars: String = "\u{2B50}".repeat(review.rating().value() as usize);
+    let comment_text = review.comment().map(|c| c.value().to_string());
+    let year_str = if release_year > 0 {
+        format!(" ({})", release_year)
+    } else {
+        String::new()
+    };
+    let watched_str = format!("Watched: {}", review.watched_at().format("%b %-d, %Y"));
+    let content = match &comment_text {
+        Some(c) => format!(
+            "{} {}{}\n{}\n{}",
+            stars, movie_title, year_str, c, watched_str
+        ),
+        None => format!("{} {}{}\n{}", stars, movie_title, year_str, watched_str),
+    };
+
+    ReviewObject {
+        kind: NoteType::default(),
+        id: ap_id,
+        attributed_to: actor_url,
+        content,
+        published: DateTime::from_naive_utc_and_offset(*review.created_at(), Utc),
+        movie_title,
+        release_year,
+        poster_url,
+        rating: review.rating().value(),
+        comment: comment_text,
+        watched_at: DateTime::from_naive_utc_and_offset(*review.watched_at(), Utc),
+    }
+}

crates/adapters/activitypub/src/port.rs

@@ -0,0 +1,115 @@
+use async_trait::async_trait;
+use uuid::Uuid;
+
+use activitypub_base::{ActivityPubService, RemoteActor};
+
+#[async_trait]
+pub trait ActivityPubPort: Send + Sync {
+    async fn actor_json(&self, user_id: &str) -> anyhow::Result<String>;
+    async fn count_following(&self, local_user_id: Uuid) -> anyhow::Result<usize>;
+    async fn count_accepted_followers(&self, local_user_id: Uuid) -> anyhow::Result<usize>;
+    async fn get_pending_followers(&self, local_user_id: Uuid) -> anyhow::Result<Vec<RemoteActor>>;
+    async fn follow(&self, local_user_id: Uuid, handle: &str) -> anyhow::Result<()>;
+    async fn unfollow(&self, local_user_id: Uuid, actor_url: &str) -> anyhow::Result<()>;
+    async fn accept_follower(
+        &self,
+        local_user_id: Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()>;
+    async fn reject_follower(
+        &self,
+        local_user_id: Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()>;
+    async fn get_following(&self, local_user_id: Uuid) -> anyhow::Result<Vec<RemoteActor>>;
+    async fn get_accepted_followers(&self, local_user_id: Uuid)
+    -> anyhow::Result<Vec<RemoteActor>>;
+    async fn remove_follower(&self, local_user_id: Uuid, actor_url: &str) -> anyhow::Result<()>;
+}
+
+#[async_trait]
+impl ActivityPubPort for ActivityPubService {
+    async fn actor_json(&self, user_id: &str) -> anyhow::Result<String> {
+        self.actor_json(user_id).await
+    }
+    async fn count_following(&self, local_user_id: Uuid) -> anyhow::Result<usize> {
+        self.count_following(local_user_id).await
+    }
+    async fn count_accepted_followers(&self, local_user_id: Uuid) -> anyhow::Result<usize> {
+        self.count_accepted_followers(local_user_id).await
+    }
+    async fn get_pending_followers(&self, local_user_id: Uuid) -> anyhow::Result<Vec<RemoteActor>> {
+        self.get_pending_followers(local_user_id).await
+    }
+    async fn follow(&self, local_user_id: Uuid, handle: &str) -> anyhow::Result<()> {
+        self.follow(local_user_id, handle).await
+    }
+    async fn unfollow(&self, local_user_id: Uuid, actor_url: &str) -> anyhow::Result<()> {
+        self.unfollow(local_user_id, actor_url).await
+    }
+    async fn accept_follower(
+        &self,
+        local_user_id: Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()> {
+        self.accept_follower(local_user_id, remote_actor_url).await
+    }
+    async fn reject_follower(
+        &self,
+        local_user_id: Uuid,
+        remote_actor_url: &str,
+    ) -> anyhow::Result<()> {
+        self.reject_follower(local_user_id, remote_actor_url).await
+    }
+    async fn get_following(&self, local_user_id: Uuid) -> anyhow::Result<Vec<RemoteActor>> {
+        self.get_following(local_user_id).await
+    }
+    async fn get_accepted_followers(
+        &self,
+        local_user_id: Uuid,
+    ) -> anyhow::Result<Vec<RemoteActor>> {
+        self.get_accepted_followers(local_user_id).await
+    }
+    async fn remove_follower(&self, local_user_id: Uuid, actor_url: &str) -> anyhow::Result<()> {
+        self.remove_follower(local_user_id, actor_url).await
+    }
+}
+
+pub struct NoopActivityPubService;
+
+#[async_trait]
+impl ActivityPubPort for NoopActivityPubService {
+    async fn actor_json(&self, _: &str) -> anyhow::Result<String> {
+        Ok(String::new())
+    }
+    async fn count_following(&self, _: Uuid) -> anyhow::Result<usize> {
+        Ok(0)
+    }
+    async fn count_accepted_followers(&self, _: Uuid) -> anyhow::Result<usize> {
+        Ok(0)
+    }
+    async fn get_pending_followers(&self, _: Uuid) -> anyhow::Result<Vec<RemoteActor>> {
+        Ok(vec![])
+    }
+    async fn follow(&self, _: Uuid, _: &str) -> anyhow::Result<()> {
+        Ok(())
+    }
+    async fn unfollow(&self, _: Uuid, _: &str) -> anyhow::Result<()> {
+        Ok(())
+    }
+    async fn accept_follower(&self, _: Uuid, _: &str) -> anyhow::Result<()> {
+        Ok(())
+    }
+    async fn reject_follower(&self, _: Uuid, _: &str) -> anyhow::Result<()> {
+        Ok(())
+    }
+    async fn get_following(&self, _: Uuid) -> anyhow::Result<Vec<RemoteActor>> {
+        Ok(vec![])
+    }
+    async fn get_accepted_followers(&self, _: Uuid) -> anyhow::Result<Vec<RemoteActor>> {
+        Ok(vec![])
+    }
+    async fn remove_follower(&self, _: Uuid, _: &str) -> anyhow::Result<()> {
+        Ok(())
+    }
+}

crates/adapters/activitypub/src/remote_review_repository.rs

@@ -0,0 +1,29 @@
+use anyhow::Result;
+use async_trait::async_trait;
+use chrono::NaiveDateTime;
+use domain::models::Review;
+
+#[async_trait]
+pub trait RemoteReviewRepository: Send + Sync {
+    async fn save_remote_review(
+        &self,
+        review: &Review,
+        ap_id: &str,
+        movie_title: &str,
+        release_year: u16,
+        poster_url: Option<&str>,
+    ) -> Result<()>;
+
+    async fn delete_remote_review(&self, ap_id: &str, actor_url: &str) -> Result<()>;
+
+    async fn update_remote_review(
+        &self,
+        ap_id: &str,
+        actor_url: &str,
+        rating: u8,
+        comment: Option<&str>,
+        watched_at: NaiveDateTime,
+    ) -> Result<()>;
+
+    async fn delete_by_actor(&self, actor_url: &str) -> Result<()>;
+}

crates/adapters/activitypub/src/review_handler.rs

@@ -0,0 +1,171 @@
+use std::sync::Arc;
+
+use activitypub_base::ApObjectHandler;
+use async_trait::async_trait;
+use domain::{
+    models::{Review, ReviewSource},
+    ports::{DiaryRepository, MovieRepository},
+    value_objects::{Comment, MovieId, Rating, ReviewId, UserId},
+};
+use url::Url;
+
+use crate::objects::{ReviewObject, review_to_ap_object};
+use crate::remote_review_repository::RemoteReviewRepository;
+use crate::urls::{actor_url, review_url};
+
+pub struct ReviewObjectHandler {
+    pub movie_repository: Arc<dyn MovieRepository>,
+    pub diary_repository: Arc<dyn DiaryRepository>,
+    pub review_store: Arc<dyn RemoteReviewRepository>,
+    pub base_url: String,
+}
+
+#[async_trait]
+impl ApObjectHandler for ReviewObjectHandler {
+    async fn get_local_objects_for_user(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> anyhow::Result<Vec<(Url, serde_json::Value)>> {
+        let domain_user_id = UserId::from_uuid(user_id);
+        let history = self
+            .diary_repository
+            .get_user_history(&domain_user_id)
+            .await?;
+
+        let mut results = Vec::new();
+        for entry in history {
+            let review = entry.review();
+            if !matches!(review.source(), ReviewSource::Local) {
+                continue;
+            }
+
+            let ap_id = review_url(&self.base_url, review.id());
+            let actor_url = actor_url(&self.base_url, user_id);
+
+            let movie = self
+                .movie_repository
+                .get_movie_by_id(review.movie_id())
+                .await
+                .ok()
+                .flatten();
+            let movie_title = movie
+                .as_ref()
+                .map(|m| m.title().value().to_string())
+                .unwrap_or_else(|| "Unknown".to_string());
+            let release_year = movie
+                .as_ref()
+                .map(|m| m.release_year().value())
+                .unwrap_or(0);
+            let poster_url = movie
+                .as_ref()
+                .and_then(|m| m.poster_path())
+                .map(|p| format!("{}/posters/{}", self.base_url, p.value()));
+
+            let obj = review_to_ap_object(
+                review,
+                ap_id.clone(),
+                actor_url,
+                movie_title,
+                release_year,
+                poster_url,
+            );
+            let json = serde_json::to_value(obj)?;
+            results.push((ap_id, json));
+        }
+        Ok(results)
+    }
+
+    async fn on_create(
+        &self,
+        _ap_id: &Url,
+        _actor_url: &Url,
+        object: serde_json::Value,
+    ) -> anyhow::Result<()> {
+        let obj: ReviewObject = match serde_json::from_value(object) {
+            Ok(o) => o,
+            Err(e) => {
+                tracing::debug!("ignoring unrecognized Create object: {}", e);
+                return Ok(());
+            }
+        };
+
+        let actor_url_str = obj.attributed_to.to_string();
+        let review_id = ReviewId::generate();
+        let movie_id = MovieId::from_uuid(uuid::Uuid::new_v5(
+            &uuid::Uuid::NAMESPACE_URL,
+            obj.movie_title.as_bytes(),
+        ));
+        let user_id = UserId::from_uuid(uuid::Uuid::new_v5(
+            &uuid::Uuid::NAMESPACE_URL,
+            actor_url_str.as_bytes(),
+        ));
+        let rating = Rating::new(obj.rating.min(5))?;
+        let comment = obj.comment.map(Comment::new).transpose()?;
+
+        let review = Review::from_persistence(
+            review_id,
+            movie_id,
+            user_id,
+            rating,
+            comment,
+            obj.watched_at.naive_utc(),
+            obj.published.naive_utc(),
+            ReviewSource::Remote {
+                actor_url: actor_url_str,
+            },
+        );
+
+        self.review_store
+            .save_remote_review(
+                &review,
+                obj.id.as_str(),
+                &obj.movie_title,
+                obj.release_year,
+                obj.poster_url.as_deref(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn on_update(
+        &self,
+        ap_id: &Url,
+        actor_url: &Url,
+        object: serde_json::Value,
+    ) -> anyhow::Result<()> {
+        let obj: ReviewObject = match serde_json::from_value(object) {
+            Ok(o) => o,
+            Err(_) => {
+                tracing::debug!(actor = %actor_url, "ignoring non-review Update activity");
+                return Ok(());
+            }
+        };
+
+        if obj.attributed_to != *actor_url {
+            anyhow::bail!("update actor does not match object attributed_to");
+        }
+
+        self.review_store
+            .update_remote_review(
+                ap_id.as_str(),
+                actor_url.as_str(),
+                obj.rating.min(5),
+                obj.comment.as_deref(),
+                obj.watched_at.naive_utc(),
+            )
+            .await?;
+
+        Ok(())
+    }
+
+    async fn on_delete(&self, ap_id: &Url, actor_url: &Url) -> anyhow::Result<()> {
+        self.review_store
+            .delete_remote_review(ap_id.as_str(), actor_url.as_str())
+            .await
+    }
+
+    async fn on_actor_removed(&self, actor_url: &Url) -> anyhow::Result<()> {
+        self.review_store.delete_by_actor(actor_url.as_str()).await
+    }
+}

crates/adapters/activitypub/src/urls.rs

@@ -0,0 +1,14 @@
+use domain::value_objects::ReviewId;
+use url::Url;
+
+/// Builds the canonical actor URL: `{base_url}/users/{user_id}`
+pub fn actor_url(base_url: &str, user_id: uuid::Uuid) -> Url {
+    Url::parse(&format!("{}/users/{}", base_url, user_id))
+        .expect("base_url is always a valid URL prefix")
+}
+
+/// Builds the canonical review URL: `{base_url}/reviews/{review_id}`
+pub fn review_url(base_url: &str, review_id: &ReviewId) -> Url {
+    Url::parse(&format!("{}/reviews/{}", base_url, review_id.value()))
+        .expect("base_url is always a valid URL prefix")
+}

crates/adapters/activitypub/src/user_adapter.rs

@@ -0,0 +1,28 @@
+use std::sync::Arc;
+
+use activitypub_base::{ApUser, ApUserRepository};
+use async_trait::async_trait;
+use domain::{ports::UserRepository, value_objects::UserId};
+
+pub struct DomainUserRepoAdapter(pub Arc<dyn UserRepository>);
+
+#[async_trait]
+impl ApUserRepository for DomainUserRepoAdapter {
+    async fn find_by_id(&self, id: uuid::Uuid) -> anyhow::Result<Option<ApUser>> {
+        let user_id = UserId::from_uuid(id);
+        Ok(self.0.find_by_id(&user_id).await?.map(|u| ApUser {
+            id: u.id().value(),
+            username: u.username().value().to_string(),
+        }))
+    }
+
+    async fn find_by_username(&self, username: &str) -> anyhow::Result<Option<ApUser>> {
+        use domain::value_objects::Username;
+        let uname =
+            Username::new(username.to_string()).map_err(|e| anyhow::anyhow!(e.to_string()))?;
+        Ok(self.0.find_by_username(&uname).await?.map(|u| ApUser {
+            id: u.id().value(),
+            username: u.username().value().to_string(),
+        }))
+    }
+}

crates/adapters/auth/Cargo.toml

@@ -4,3 +4,12 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+async-trait = { workspace = true }
+domain = { workspace = true }
+anyhow = { workspace = true }
+chrono = { workspace = true }
+uuid = { workspace = true }
+serde = { version = "1.0", features = ["derive"] }
+jsonwebtoken = "9"
+argon2 = { version = "0.5", features = ["std"] }
+rand_core = { version = "0.6", features = ["getrandom"] }

crates/adapters/auth/src/lib.rs

@@ -1,14 +1,107 @@
-pub fn add(left: u64, right: u64) -> u64 {
-    left + right
+use argon2::{
+    Argon2,
+    password_hash::{PasswordHasher as _, PasswordVerifier, SaltString},
+};
+use async_trait::async_trait;
+use chrono::{Duration, Utc};
+use jsonwebtoken::{DecodingKey, EncodingKey, Header, Validation, decode, encode};
+use rand_core::OsRng;
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+use domain::{
+    errors::DomainError,
+    ports::{AuthService, GeneratedToken, PasswordHasher},
+    value_objects::{PasswordHash, UserId},
+};
+
+pub struct AuthConfig {
+    secret: String,
+    ttl_seconds: u64,
 }
 
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn it_works() {
-        let result = add(2, 2);
-        assert_eq!(result, 4);
+impl AuthConfig {
+    pub fn from_env() -> anyhow::Result<Self> {
+        let secret = std::env::var("JWT_SECRET")
+            .map_err(|_| anyhow::anyhow!("JWT_SECRET env var is required"))?;
+        if secret.is_empty() {
+            anyhow::bail!("JWT_SECRET must not be empty");
+        }
+        let ttl_seconds = std::env::var("JWT_TTL_SECONDS")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(86400u64);
+        Ok(Self {
+            secret,
+            ttl_seconds,
+        })
+    }
+}
+
+#[derive(Serialize, Deserialize)]
+struct Claims {
+    sub: String,
+    exp: u64,
+}
+
+pub struct JwtAuthService {
+    config: AuthConfig,
+}
+
+impl JwtAuthService {
+    pub fn new(config: AuthConfig) -> Self {
+        Self { config }
+    }
+}
+
+#[async_trait]
+impl AuthService for JwtAuthService {
+    async fn generate_token(&self, user_id: &UserId) -> Result<GeneratedToken, DomainError> {
+        let expires_at = Utc::now() + Duration::seconds(self.config.ttl_seconds as i64);
+        let claims = Claims {
+            sub: user_id.value().to_string(),
+            exp: expires_at.timestamp() as u64,
+        };
+        let token = encode(
+            &Header::default(),
+            &claims,
+            &EncodingKey::from_secret(self.config.secret.as_bytes()),
+        )
+        .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        Ok(GeneratedToken { token, expires_at })
+    }
+
+    async fn validate_token(&self, token: &str) -> Result<UserId, DomainError> {
+        let data = decode::<Claims>(
+            token,
+            &DecodingKey::from_secret(self.config.secret.as_bytes()),
+            &Validation::default(),
+        )
+        .map_err(|_| DomainError::Unauthorized("Invalid or expired token".into()))?;
+        let uuid = Uuid::parse_str(&data.claims.sub)
+            .map_err(|_| DomainError::Unauthorized("Invalid token subject".into()))?;
+        Ok(UserId::from_uuid(uuid))
+    }
+}
+
+pub struct Argon2PasswordHasher;
+
+#[async_trait]
+impl PasswordHasher for Argon2PasswordHasher {
+    async fn hash(&self, plain_password: &str) -> Result<PasswordHash, DomainError> {
+        let salt = SaltString::generate(&mut OsRng);
+        let hash = Argon2::default()
+            .hash_password(plain_password.as_bytes(), &salt)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?
+            .to_string();
+        PasswordHash::new(hash).map_err(|e| DomainError::InfrastructureError(e.to_string()))
+    }
+
+    async fn verify(&self, plain_password: &str, hash: &PasswordHash) -> Result<bool, DomainError> {
+        let parsed = argon2::password_hash::PasswordHash::new(hash.value())
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        Ok(Argon2::default()
+            .verify_password(plain_password.as_bytes(), &parsed)
+            .is_ok())
     }
 }

crates/adapters/event-publisher/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "event-publisher"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+domain      = { workspace = true }
+async-trait = { workspace = true }
+tokio       = { workspace = true }
+tracing     = { workspace = true }

crates/adapters/event-publisher/src/lib.rs

@@ -0,0 +1,227 @@
+use async_trait::async_trait;
+use domain::{errors::DomainError, events::DomainEvent, ports::EventPublisher};
+use tokio::sync::mpsc;
+
+pub use domain::ports::EventHandler;
+
+pub struct EventPublisherConfig {
+    pub channel_buffer: usize,
+}
+
+impl EventPublisherConfig {
+    pub fn from_env() -> Self {
+        let channel_buffer = std::env::var("EVENT_CHANNEL_BUFFER")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(128);
+        Self { channel_buffer }
+    }
+}
+
+pub struct ChannelEventPublisher {
+    sender: mpsc::Sender<DomainEvent>,
+}
+
+#[async_trait]
+impl EventPublisher for ChannelEventPublisher {
+    async fn publish(&self, event: &DomainEvent) -> Result<(), DomainError> {
+        self.sender
+            .send(event.clone())
+            .await
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))
+    }
+}
+
+pub struct EventWorker {
+    receiver: mpsc::Receiver<DomainEvent>,
+    handlers: Vec<Box<dyn EventHandler>>,
+}
+
+impl EventWorker {
+    pub async fn run(mut self) {
+        while let Some(event) = self.receiver.recv().await {
+            match &event {
+                DomainEvent::ReviewLogged {
+                    review_id,
+                    movie_id,
+                    user_id,
+                    rating,
+                    watched_at,
+                } => {
+                    tracing::info!(
+                        review_id  = %review_id.value(),
+                        movie_id   = %movie_id.value(),
+                        user_id    = %user_id.value(),
+                        rating     = rating.value(),
+                        watched_at = %watched_at,
+                        "event: review_logged"
+                    );
+                }
+                DomainEvent::ReviewUpdated {
+                    review_id,
+                    movie_id,
+                    user_id,
+                    rating,
+                    watched_at,
+                } => {
+                    tracing::info!(
+                        review_id  = %review_id.value(),
+                        movie_id   = %movie_id.value(),
+                        user_id    = %user_id.value(),
+                        rating     = rating.value(),
+                        watched_at = %watched_at,
+                        "event: review_updated"
+                    );
+                }
+                DomainEvent::MovieDiscovered {
+                    movie_id,
+                    external_metadata_id,
+                } => {
+                    tracing::info!(
+                        movie_id    = %movie_id.value(),
+                        external_id = external_metadata_id.value(),
+                        "event: movie_discovered"
+                    );
+                }
+            }
+            for handler in &self.handlers {
+                if let Err(e) = handler.handle(&event).await {
+                    tracing::error!("event handler error: {e}");
+                }
+            }
+        }
+        tracing::info!("event worker shut down");
+    }
+}
+
+pub struct NoopEventPublisher;
+
+#[async_trait]
+impl EventPublisher for NoopEventPublisher {
+    async fn publish(&self, _event: &DomainEvent) -> Result<(), DomainError> {
+        Ok(())
+    }
+}
+
+pub fn create_event_channel(
+    config: EventPublisherConfig,
+    handlers: Vec<Box<dyn EventHandler>>,
+) -> (ChannelEventPublisher, EventWorker) {
+    let (tx, rx) = mpsc::channel(config.channel_buffer);
+    (
+        ChannelEventPublisher { sender: tx },
+        EventWorker {
+            receiver: rx,
+            handlers,
+        },
+    )
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use domain::{
+        errors::DomainError,
+        events::DomainEvent,
+        value_objects::{ExternalMetadataId, MovieId},
+    };
+    use std::sync::{Arc, Mutex};
+
+    struct RecordingHandler {
+        calls: Arc<Mutex<Vec<String>>>,
+    }
+
+    #[async_trait]
+    impl EventHandler for RecordingHandler {
+        async fn handle(&self, event: &DomainEvent) -> Result<(), DomainError> {
+            let label = match event {
+                DomainEvent::ReviewLogged { .. } => "review_logged",
+                DomainEvent::ReviewUpdated { .. } => "review_updated",
+                DomainEvent::MovieDiscovered { .. } => "movie_discovered",
+            };
+            self.calls.lock().unwrap().push(label.to_string());
+            Ok(())
+        }
+    }
+
+    #[tokio::test]
+    async fn single_handler_receives_event() {
+        let calls = Arc::new(Mutex::new(vec![]));
+        let handler = RecordingHandler {
+            calls: Arc::clone(&calls),
+        };
+        let config = EventPublisherConfig { channel_buffer: 8 };
+        let (publisher, worker) = create_event_channel(config, vec![Box::new(handler)]);
+
+        let handle = tokio::spawn(worker.run());
+
+        let event = DomainEvent::MovieDiscovered {
+            movie_id: MovieId::generate(),
+            external_metadata_id: ExternalMetadataId::new("tt1234567".into()).unwrap(),
+        };
+        publisher.publish(&event).await.unwrap();
+        drop(publisher);
+        handle.await.unwrap();
+
+        assert_eq!(*calls.lock().unwrap(), vec!["movie_discovered"]);
+    }
+
+    #[tokio::test]
+    async fn multiple_handlers_all_receive_event() {
+        let calls1 = Arc::new(Mutex::new(vec![]));
+        let calls2 = Arc::new(Mutex::new(vec![]));
+        let handler1 = RecordingHandler {
+            calls: Arc::clone(&calls1),
+        };
+        let handler2 = RecordingHandler {
+            calls: Arc::clone(&calls2),
+        };
+        let config = EventPublisherConfig { channel_buffer: 8 };
+        let (publisher, worker) =
+            create_event_channel(config, vec![Box::new(handler1), Box::new(handler2)]);
+
+        let handle = tokio::spawn(worker.run());
+
+        let event = DomainEvent::MovieDiscovered {
+            movie_id: MovieId::generate(),
+            external_metadata_id: ExternalMetadataId::new("tt9999999".into()).unwrap(),
+        };
+        publisher.publish(&event).await.unwrap();
+        drop(publisher);
+        handle.await.unwrap();
+
+        assert_eq!(calls1.lock().unwrap().len(), 1);
+        assert_eq!(calls2.lock().unwrap().len(), 1);
+    }
+
+    #[tokio::test]
+    async fn handler_error_does_not_stop_worker() {
+        struct FailingHandler;
+        #[async_trait]
+        impl EventHandler for FailingHandler {
+            async fn handle(&self, _: &DomainEvent) -> Result<(), DomainError> {
+                Err(DomainError::InfrastructureError("boom".into()))
+            }
+        }
+
+        let calls = Arc::new(Mutex::new(vec![]));
+        let good = RecordingHandler {
+            calls: Arc::clone(&calls),
+        };
+        let config = EventPublisherConfig { channel_buffer: 8 };
+        let (publisher, worker) =
+            create_event_channel(config, vec![Box::new(FailingHandler), Box::new(good)]);
+
+        let handle = tokio::spawn(worker.run());
+
+        let event = DomainEvent::MovieDiscovered {
+            movie_id: MovieId::generate(),
+            external_metadata_id: ExternalMetadataId::new("tt0000001".into()).unwrap(),
+        };
+        publisher.publish(&event).await.unwrap();
+        drop(publisher);
+        handle.await.unwrap();
+
+        assert_eq!(calls.lock().unwrap().len(), 1);
+    }
+}

crates/adapters/export/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "export"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+domain = { workspace = true }
+async-trait = { workspace = true }
+serde_json = { workspace = true }
+chrono = { workspace = true }
+
+[dev-dependencies]
+uuid = { workspace = true }
+tokio = { workspace = true }

crates/adapters/export/src/lib.rs

@@ -0,0 +1,225 @@
+use async_trait::async_trait;
+use domain::{
+    errors::DomainError,
+    models::{DiaryEntry, ExportFormat},
+    ports::DiaryExporter,
+};
+
+pub struct ExportAdapter;
+
+#[async_trait]
+impl DiaryExporter for ExportAdapter {
+    async fn serialize_entries(
+        &self,
+        entries: &[DiaryEntry],
+        format: ExportFormat,
+    ) -> Result<Vec<u8>, DomainError> {
+        match format {
+            ExportFormat::Csv => serialize_csv(entries),
+            ExportFormat::Json => serialize_json(entries),
+        }
+    }
+}
+
+fn serialize_csv(entries: &[DiaryEntry]) -> Result<Vec<u8>, DomainError> {
+    let mut out =
+        String::from("title,year,director,rating,comment,watched_at,external_metadata_id\n");
+    for e in entries {
+        let title = csv_escape(e.movie().title().value());
+        let year = e.movie().release_year().value();
+        let director = e.movie().director().map(csv_escape).unwrap_or_default();
+        let rating = e.review().rating().value();
+        let comment = e
+            .review()
+            .comment()
+            .map(|c| csv_escape(c.value()))
+            .unwrap_or_default();
+        let watched_at = e.review().watched_at().format("%Y-%m-%d");
+        let ext_id = e
+            .movie()
+            .external_metadata_id()
+            .map(|id| id.value().to_string())
+            .unwrap_or_default();
+        out.push_str(&format!(
+            "{},{},{},{},{},{},{}\n",
+            title, year, director, rating, comment, watched_at, ext_id
+        ));
+    }
+    Ok(out.into_bytes())
+}
+
+fn csv_escape(s: &str) -> String {
+    if s.contains(',') || s.contains('"') || s.contains('\n') {
+        format!("\"{}\"", s.replace('"', "\"\""))
+    } else {
+        s.to_string()
+    }
+}
+
+fn serialize_json(entries: &[DiaryEntry]) -> Result<Vec<u8>, DomainError> {
+    let arr: Vec<serde_json::Value> = entries
+        .iter()
+        .map(|e| {
+            serde_json::json!({
+                "title": e.movie().title().value(),
+                "year": e.movie().release_year().value(),
+                "director": e.movie().director(),
+                "rating": e.review().rating().value(),
+                "comment": e.review().comment().map(|c| c.value()),
+                "watched_at": e.review().watched_at().format("%Y-%m-%d").to_string(),
+                "external_metadata_id": e.movie().external_metadata_id().map(|id| id.value()),
+            })
+        })
+        .collect();
+    serde_json::to_vec_pretty(&arr).map_err(|e| DomainError::InfrastructureError(e.to_string()))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::ExportAdapter;
+    use domain::{
+        models::{DiaryEntry, ExportFormat, Movie, Review},
+        ports::DiaryExporter,
+        value_objects::{ExternalMetadataId, MovieTitle, Rating, ReleaseYear},
+    };
+
+    fn make_entry(
+        title: &str,
+        year: u16,
+        director: Option<&str>,
+        rating: u8,
+        comment: Option<&str>,
+    ) -> DiaryEntry {
+        make_entry_full(title, year, director, rating, comment, None)
+    }
+
+    fn make_entry_full(
+        title: &str,
+        year: u16,
+        director: Option<&str>,
+        rating: u8,
+        comment: Option<&str>,
+        external_id: Option<&str>,
+    ) -> DiaryEntry {
+        let movie = Movie::new(
+            external_id.map(|id| ExternalMetadataId::new(id.to_string()).unwrap()),
+            MovieTitle::new(title.to_string()).unwrap(),
+            ReleaseYear::new(year).unwrap(),
+            director.map(str::to_string),
+            None,
+        );
+        let user_id = domain::value_objects::UserId::from_uuid(uuid::Uuid::new_v4());
+        let review = Review::new(
+            movie.id().clone(),
+            user_id,
+            Rating::new(rating).unwrap(),
+            comment.map(|c| domain::value_objects::Comment::new(c.to_string()).unwrap()),
+            chrono::NaiveDate::from_ymd_opt(2024, 3, 15)
+                .unwrap()
+                .and_hms_opt(0, 0, 0)
+                .unwrap(),
+        )
+        .unwrap();
+        DiaryEntry::new(movie, review)
+    }
+
+    #[tokio::test]
+    async fn csv_has_header_and_one_row() {
+        let adapter = ExportAdapter;
+        let entry = make_entry(
+            "Inception",
+            2010,
+            Some("Christopher Nolan"),
+            5,
+            Some("great"),
+        );
+        let bytes = adapter
+            .serialize_entries(&[entry], ExportFormat::Csv)
+            .await
+            .unwrap();
+        let text = String::from_utf8(bytes).unwrap();
+        assert!(
+            text.starts_with(
+                "title,year,director,rating,comment,watched_at,external_metadata_id\n"
+            )
+        );
+        assert!(text.contains("Inception"));
+        assert!(text.contains("2010"));
+        assert!(text.contains("Christopher Nolan"));
+        assert!(text.contains("5"));
+        assert!(text.contains("great"));
+        assert!(text.contains("2024-03-15"));
+    }
+
+    #[tokio::test]
+    async fn csv_escapes_commas_in_title() {
+        let adapter = ExportAdapter;
+        let entry = make_entry("Tár, A Film", 2022, None, 4, None);
+        let bytes = adapter
+            .serialize_entries(&[entry], ExportFormat::Csv)
+            .await
+            .unwrap();
+        let text = String::from_utf8(bytes).unwrap();
+        assert!(text.contains("\"Tár, A Film\""));
+    }
+
+    #[tokio::test]
+    async fn json_is_valid_array() {
+        let adapter = ExportAdapter;
+        let entry = make_entry("Dune", 2021, Some("Denis Villeneuve"), 5, None);
+        let bytes = adapter
+            .serialize_entries(&[entry], ExportFormat::Json)
+            .await
+            .unwrap();
+        let arr: Vec<serde_json::Value> = serde_json::from_slice(&bytes).unwrap();
+        assert_eq!(arr.len(), 1);
+        assert_eq!(arr[0]["title"], "Dune");
+        assert_eq!(arr[0]["year"], 2021);
+        assert_eq!(arr[0]["rating"], 5);
+        assert_eq!(arr[0]["comment"], serde_json::Value::Null);
+        assert_eq!(arr[0]["external_metadata_id"], serde_json::Value::Null);
+    }
+
+    #[tokio::test]
+    async fn external_metadata_id_included_when_present() {
+        let adapter = ExportAdapter;
+        let entry = make_entry_full("Alien", 1979, None, 5, None, Some("tt0078748"));
+        let bytes = adapter
+            .serialize_entries(&[entry], ExportFormat::Json)
+            .await
+            .unwrap();
+        let arr: Vec<serde_json::Value> = serde_json::from_slice(&bytes).unwrap();
+        assert_eq!(arr[0]["external_metadata_id"], "tt0078748");
+
+        let bytes = adapter
+            .serialize_entries(
+                &[make_entry_full(
+                    "Alien",
+                    1979,
+                    None,
+                    5,
+                    None,
+                    Some("tt0078748"),
+                )],
+                ExportFormat::Csv,
+            )
+            .await
+            .unwrap();
+        let text = String::from_utf8(bytes).unwrap();
+        assert!(text.contains("tt0078748"));
+    }
+
+    #[tokio::test]
+    async fn empty_entries_returns_csv_header_only() {
+        let adapter = ExportAdapter;
+        let bytes = adapter
+            .serialize_entries(&[], ExportFormat::Csv)
+            .await
+            .unwrap();
+        let text = String::from_utf8(bytes).unwrap();
+        assert_eq!(
+            text,
+            "title,year,director,rating,comment,watched_at,external_metadata_id\n"
+        );
+    }
+}

crates/adapters/metadata/Cargo.toml

@@ -4,3 +4,7 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+async-trait = { workspace = true }
+reqwest = { workspace = true }
+serde = { workspace = true }
+domain = { workspace = true }

crates/adapters/metadata/src/lib.rs

@@ -1,14 +1,60 @@
-pub fn add(left: u64, right: u64) -> u64 {
-    left + right
+use async_trait::async_trait;
+use domain::{
+    errors::DomainError,
+    models::Movie,
+    ports::{MetadataClient, MetadataSearchCriteria},
+    value_objects::{ExternalMetadataId, MovieTitle, PosterUrl, ReleaseYear},
+};
+
+mod omdb;
+
+pub(crate) struct ProviderMovie {
+    pub imdb_id: ExternalMetadataId,
+    pub title: MovieTitle,
+    pub release_year: ReleaseYear,
+    pub director: Option<String>,
+    pub poster_url: Option<PosterUrl>,
 }
 
-#[cfg(test)]
-mod tests {
-    use super::*;
+#[async_trait]
+pub(crate) trait MetadataProvider: Send + Sync {
+    async fn fetch(&self, criteria: &MetadataSearchCriteria) -> Result<ProviderMovie, DomainError>;
+}
 
-    #[test]
-    fn it_works() {
-        let result = add(2, 2);
-        assert_eq!(result, 4);
+pub struct MetadataClientImpl {
+    provider: Box<dyn MetadataProvider>,
+}
+
+impl MetadataClientImpl {
+    pub fn new_omdb(api_key: String) -> Self {
+        Self {
+            provider: Box::new(omdb::OmdbProvider::new(api_key)),
+        }
+    }
+}
+
+#[async_trait]
+impl MetadataClient for MetadataClientImpl {
+    async fn fetch_movie_metadata(
+        &self,
+        criteria: &MetadataSearchCriteria,
+    ) -> Result<Movie, DomainError> {
+        let pm = self.provider.fetch(criteria).await?;
+        Ok(Movie::new(
+            Some(pm.imdb_id),
+            pm.title,
+            pm.release_year,
+            pm.director,
+            None,
+        ))
+    }
+
+    async fn get_poster_url(
+        &self,
+        external_metadata_id: &ExternalMetadataId,
+    ) -> Result<Option<PosterUrl>, DomainError> {
+        let criteria = MetadataSearchCriteria::ImdbId(external_metadata_id.clone());
+        let pm = self.provider.fetch(&criteria).await?;
+        Ok(pm.poster_url)
     }
 }

crates/adapters/metadata/src/omdb.rs

@@ -0,0 +1,125 @@
+use async_trait::async_trait;
+use domain::{
+    errors::DomainError,
+    ports::MetadataSearchCriteria,
+    value_objects::{ExternalMetadataId, MovieTitle, PosterUrl, ReleaseYear},
+};
+use serde::Deserialize;
+
+use crate::{MetadataProvider, ProviderMovie};
+
+pub(crate) struct OmdbProvider {
+    client: reqwest::Client,
+    api_key: String,
+    base_url: String,
+}
+
+impl OmdbProvider {
+    pub(crate) fn new(api_key: String) -> Self {
+        Self {
+            client: reqwest::Client::new(),
+            api_key,
+            base_url: "http://www.omdbapi.com/".to_string(),
+        }
+    }
+}
+
+#[derive(Deserialize)]
+struct OmdbResponse {
+    #[serde(rename = "Title")]
+    title: String,
+    #[serde(rename = "Year")]
+    year: String,
+    #[serde(rename = "Director")]
+    director: String,
+    #[serde(rename = "Poster")]
+    poster: String,
+    #[serde(rename = "imdbID")]
+    imdb_id: String,
+    #[serde(rename = "Response")]
+    response: String,
+    #[serde(rename = "Error")]
+    error: Option<String>,
+}
+
+#[async_trait]
+impl MetadataProvider for OmdbProvider {
+    async fn fetch(&self, criteria: &MetadataSearchCriteria) -> Result<ProviderMovie, DomainError> {
+        let mut url = reqwest::Url::parse(&self.base_url)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+
+        {
+            let mut params = url.query_pairs_mut();
+            params.append_pair("apikey", &self.api_key);
+            match criteria {
+                MetadataSearchCriteria::ImdbId(id) => {
+                    params.append_pair("i", id.value());
+                }
+                MetadataSearchCriteria::Title { title, year } => {
+                    params.append_pair("t", title.value());
+                    if let Some(y) = year {
+                        params.append_pair("y", &y.value().to_string());
+                    }
+                }
+            }
+        }
+
+        let http_resp = self
+            .client
+            .get(url)
+            .send()
+            .await
+            .map_err(|e: reqwest::Error| DomainError::InfrastructureError(e.to_string()))?
+            .error_for_status()
+            .map_err(|e: reqwest::Error| DomainError::InfrastructureError(e.to_string()))?;
+
+        let resp: OmdbResponse = http_resp
+            .json()
+            .await
+            .map_err(|e: reqwest::Error| DomainError::InfrastructureError(e.to_string()))?;
+
+        if resp.response != "True" {
+            let msg = resp.error.unwrap_or_default();
+            return if msg.to_lowercase().contains("not found") {
+                Err(DomainError::NotFound(msg))
+            } else {
+                Err(DomainError::InfrastructureError(msg))
+            };
+        }
+
+        let year: u16 = resp
+            .year
+            .chars()
+            .take(4)
+            .collect::<String>()
+            .parse()
+            .map_err(|_| {
+                DomainError::InfrastructureError(format!("Unparseable year: {}", resp.year))
+            })?;
+
+        let imdb_id = ExternalMetadataId::new(resp.imdb_id)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        let title = MovieTitle::new(resp.title)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        let release_year =
+            ReleaseYear::new(year).map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+
+        let director = match resp.director.as_str() {
+            "N/A" | "" => None,
+            d => Some(d.to_string()),
+        };
+
+        let poster_url = match resp.poster.as_str() {
+            "N/A" | "" => None,
+            url => PosterUrl::new(url.to_string()).ok(),
+        };
+
+        Ok(ProviderMovie {
+            imdb_id,
+            title,
+            release_year,
+            director,
+            poster_url,
+        })
+    }
+}

crates/adapters/poster-fetcher/Cargo.toml

@@ -0,0 +1,10 @@
+[package]
+name = "poster-fetcher"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+domain = { workspace = true }
+async-trait = { workspace = true }
+reqwest = { workspace = true }
+anyhow = { workspace = true }

crates/adapters/poster-fetcher/src/config.rs

@@ -0,0 +1,13 @@
+pub struct PosterFetcherConfig {
+    pub timeout_seconds: u64,
+}
+
+impl PosterFetcherConfig {
+    pub fn from_env() -> Self {
+        let timeout_seconds = std::env::var("POSTER_FETCH_TIMEOUT_SECONDS")
+            .ok()
+            .and_then(|v| v.parse().ok())
+            .unwrap_or(30);
+        Self { timeout_seconds }
+    }
+}

crates/adapters/poster-fetcher/src/lib.rs

@@ -0,0 +1,38 @@
+mod config;
+pub use config::PosterFetcherConfig;
+
+use std::time::Duration;
+
+use async_trait::async_trait;
+use domain::{errors::DomainError, ports::PosterFetcherClient, value_objects::PosterUrl};
+
+pub struct ReqwestPosterFetcher {
+    client: reqwest::Client,
+}
+
+impl ReqwestPosterFetcher {
+    pub fn new(config: PosterFetcherConfig) -> anyhow::Result<Self> {
+        let client = reqwest::Client::builder()
+            .timeout(Duration::from_secs(config.timeout_seconds))
+            .build()?;
+        Ok(Self { client })
+    }
+}
+
+#[async_trait]
+impl PosterFetcherClient for ReqwestPosterFetcher {
+    async fn fetch_poster_bytes(&self, poster_url: &PosterUrl) -> Result<Vec<u8>, DomainError> {
+        let bytes = self
+            .client
+            .get(poster_url.value())
+            .send()
+            .await
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?
+            .error_for_status()
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?
+            .bytes()
+            .await
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        Ok(bytes.to_vec())
+    }
+}

crates/adapters/poster-storage/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "poster-storage"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+domain = { workspace = true }
+anyhow = { workspace = true }
+async-trait = { workspace = true }
+tracing = { workspace = true }
+object_store = { workspace = true }
+infer = "0.19.0"
+
+[dev-dependencies]
+tokio = { workspace = true }
+uuid = { workspace = true }

crates/adapters/poster-storage/src/config.rs

@@ -0,0 +1,83 @@
+use anyhow::Context;
+use object_store::{ObjectStore, aws::AmazonS3Builder, local::LocalFileSystem};
+use std::sync::Arc;
+
+pub struct StorageConfig(Arc<dyn ObjectStore>);
+
+impl StorageConfig {
+    pub fn from_env() -> anyhow::Result<Self> {
+        let backend = std::env::var("POSTER_STORAGE_BACKEND")
+            .context("POSTER_STORAGE_BACKEND required (valid values: s3, local)")?;
+
+        let store: Arc<dyn ObjectStore> = match backend.as_str() {
+            "s3" => build_s3_store(
+                &std::env::var("MINIO_ENDPOINT").context("MINIO_ENDPOINT required")?,
+                &std::env::var("MINIO_ACCESS_KEY_ID").context("MINIO_ACCESS_KEY_ID required")?,
+                &std::env::var("MINIO_SECRET_ACCESS_KEY")
+                    .context("MINIO_SECRET_ACCESS_KEY required")?,
+                &std::env::var("MINIO_BUCKET").context("MINIO_BUCKET required")?,
+                &std::env::var("MINIO_REGION").unwrap_or_else(|_| "minio".to_string()),
+            )?,
+            "local" => build_local_store(
+                &std::env::var("POSTER_STORAGE_PATH")
+                    .context("POSTER_STORAGE_PATH required when POSTER_STORAGE_BACKEND=local")?,
+            )?,
+            other => {
+                anyhow::bail!("Unknown POSTER_STORAGE_BACKEND: {other:?}. Valid values: s3, local")
+            }
+        };
+
+        Ok(Self(store))
+    }
+
+    pub fn build_store(self) -> Arc<dyn ObjectStore> {
+        self.0
+    }
+}
+
+fn build_s3_store(
+    endpoint: &str,
+    access_key_id: &str,
+    secret_access_key: &str,
+    bucket: &str,
+    region: &str,
+) -> anyhow::Result<Arc<dyn ObjectStore>> {
+    let store = AmazonS3Builder::new()
+        .with_endpoint(endpoint)
+        .with_access_key_id(access_key_id)
+        .with_secret_access_key(secret_access_key)
+        .with_bucket_name(bucket)
+        .with_region(region)
+        .with_allow_http(true)
+        .build()
+        .context("Failed to build S3/Minio store")?;
+    Ok(Arc::new(store))
+}
+
+fn build_local_store(path: &str) -> anyhow::Result<Arc<dyn ObjectStore>> {
+    std::fs::create_dir_all(path).context("Failed to create poster storage directory")?;
+    let store = LocalFileSystem::new_with_prefix(path)
+        .context("Failed to initialise local file system store")?;
+    Ok(Arc::new(store))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn local_store_creates_dir_and_succeeds() {
+        let dir = std::env::temp_dir().join(format!("poster_test_{}", uuid::Uuid::new_v4()));
+        let result = build_local_store(dir.to_str().unwrap());
+        assert!(result.is_ok(), "expected Ok, got: {:?}", result.err());
+        assert!(dir.exists(), "directory should have been created");
+    }
+
+    #[test]
+    fn local_store_succeeds_if_dir_already_exists() {
+        let dir = std::env::temp_dir().join(format!("poster_test_{}", uuid::Uuid::new_v4()));
+        std::fs::create_dir_all(&dir).unwrap();
+        let result = build_local_store(dir.to_str().unwrap());
+        assert!(result.is_ok());
+    }
+}

crates/adapters/poster-storage/src/lib.rs

@@ -0,0 +1,100 @@
+mod config;
+pub use config::StorageConfig;
+
+use async_trait::async_trait;
+use domain::{
+    errors::DomainError,
+    ports::PosterStorage,
+    value_objects::{MovieId, PosterPath},
+};
+use object_store::{Attribute, Attributes, ObjectStore, PutOptions, path::Path};
+use std::sync::Arc;
+
+fn detect_mime(bytes: &[u8]) -> &'static str {
+    infer::get(bytes)
+        .map(|t| t.mime_type())
+        .unwrap_or("application/octet-stream")
+}
+
+pub struct PosterStorageAdapter {
+    store: Arc<dyn ObjectStore>,
+}
+
+impl PosterStorageAdapter {
+    pub fn new(store: Arc<dyn ObjectStore>) -> Self {
+        Self { store }
+    }
+
+    pub fn from_config(config: StorageConfig) -> Self {
+        Self::new(config.build_store())
+    }
+}
+
+#[async_trait]
+impl PosterStorage for PosterStorageAdapter {
+    async fn store_poster(
+        &self,
+        movie_id: &MovieId,
+        image_bytes: &[u8],
+    ) -> Result<PosterPath, DomainError> {
+        let path = Path::from(movie_id.value().to_string());
+        let mime = detect_mime(image_bytes);
+        let mut attributes = Attributes::new();
+        attributes.insert(Attribute::ContentType, mime.into());
+        let opts = PutOptions {
+            attributes,
+            ..Default::default()
+        };
+        self.store
+            .put_opts(&path, image_bytes.to_vec().into(), opts)
+            .await
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        PosterPath::new(path.to_string())
+    }
+
+    async fn get_poster(&self, poster_path: &PosterPath) -> Result<Vec<u8>, DomainError> {
+        let path = Path::from(poster_path.value().to_string());
+        let result = self.store.get(&path).await.map_err(|e| match e {
+            object_store::Error::NotFound { .. } => {
+                DomainError::NotFound("Poster not found".into())
+            }
+            _ => DomainError::InfrastructureError(e.to_string()),
+        })?;
+        result
+            .bytes()
+            .await
+            .map(|b| b.to_vec())
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use object_store::memory::InMemory;
+    use uuid::Uuid;
+
+    fn adapter() -> PosterStorageAdapter {
+        PosterStorageAdapter::new(Arc::new(InMemory::new()))
+    }
+
+    #[tokio::test]
+    async fn store_and_retrieve_round_trip() {
+        let adapter = adapter();
+        let movie_id = MovieId::from_uuid(Uuid::new_v4());
+        let bytes = b"fake-image-bytes";
+
+        let path = adapter.store_poster(&movie_id, bytes).await.unwrap();
+        let retrieved = adapter.get_poster(&path).await.unwrap();
+
+        assert_eq!(retrieved, bytes);
+    }
+
+    #[tokio::test]
+    async fn get_missing_returns_not_found() {
+        let adapter = adapter();
+        let path = PosterPath::new("nonexistent".into()).unwrap();
+        let result = adapter.get_poster(&path).await;
+        assert!(matches!(result, Err(DomainError::NotFound(_))));
+    }
+}

crates/adapters/postgres-federation/Cargo.toml

@@ -0,0 +1,24 @@
+[package]
+name = "postgres-federation"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+sqlx = { version = "0.8.6", features = [
+    "runtime-tokio-rustls",
+    "postgres",
+    "uuid",
+    "macros",
+    "chrono",
+] }
+activitypub      = { workspace = true }
+activitypub-base = { workspace = true }
+domain           = { workspace = true }
+uuid             = { workspace = true }
+chrono           = { workspace = true }
+tracing          = { workspace = true }
+async-trait      = { workspace = true }
+anyhow           = { workspace = true }
+
+[dev-dependencies]
+tokio = { workspace = true }

crates/adapters/postgres-federation/src/lib.rs

@@ -0,0 +1,476 @@
+use anyhow::{Result, anyhow};
+use async_trait::async_trait;
+use chrono::{NaiveDateTime, Utc};
+use sqlx::{PgPool, Row};
+
+use activitypub::RemoteReviewRepository;
+use activitypub_base::{
+    FederationRepository, Follower, FollowerStatus, FollowingStatus, RemoteActor,
+};
+use domain::models::{Review, ReviewSource};
+
+fn datetime_to_str(dt: &NaiveDateTime) -> String {
+    dt.format("%Y-%m-%d %H:%M:%S").to_string()
+}
+
+pub struct PostgresFederationRepository {
+    pool: PgPool,
+}
+
+impl PostgresFederationRepository {
+    pub fn new(pool: PgPool) -> Self {
+        Self { pool }
+    }
+}
+
+fn status_to_str(status: &FollowerStatus) -> &'static str {
+    match status {
+        FollowerStatus::Pending => "pending",
+        FollowerStatus::Accepted => "accepted",
+        FollowerStatus::Rejected => "rejected",
+    }
+}
+
+fn str_to_status(s: &str) -> FollowerStatus {
+    match s {
+        "accepted" => FollowerStatus::Accepted,
+        "rejected" => FollowerStatus::Rejected,
+        _ => FollowerStatus::Pending,
+    }
+}
+
+#[async_trait]
+impl FederationRepository for PostgresFederationRepository {
+    async fn add_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+        follow_activity_id: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = status_to_str(&status);
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+        sqlx::query(
+            "INSERT INTO ap_followers (local_user_id, remote_actor_url, status, created_at, follow_activity_id)
+             VALUES ($1, $2, $3, $4::timestamptz, $5)
+             ON CONFLICT(local_user_id, remote_actor_url) DO UPDATE SET
+                 status = EXCLUDED.status,
+                 follow_activity_id = EXCLUDED.follow_activity_id",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .bind(status_str)
+        .bind(&created_at)
+        .bind(follow_activity_id)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn get_follower_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>> {
+        let uid = local_user_id.to_string();
+        let row: Option<String> = sqlx::query_scalar(
+            "SELECT follow_activity_id FROM ap_followers WHERE local_user_id = $1 AND remote_actor_url = $2",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(row)
+    }
+
+    async fn remove_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        sqlx::query("DELETE FROM ap_followers WHERE local_user_id = $1 AND remote_actor_url = $2")
+            .bind(&uid)
+            .bind(remote_actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn get_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<Follower>> {
+        let uid = local_user_id.to_string();
+        let rows = sqlx::query(
+            "SELECT f.remote_actor_url, f.status,
+                    a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_followers f
+             LEFT JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = $1",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows.into_iter().map(|row| {
+            let url: String = row.get("remote_actor_url");
+            let status_str: String = row.get("status");
+            let handle: String = row.try_get("handle").unwrap_or_default();
+            let inbox_url: String = row.try_get("inbox_url").unwrap_or_default();
+            let shared_inbox_url: Option<String> = row.try_get("shared_inbox_url").ok().flatten();
+            let display_name: Option<String> = row.try_get("display_name").ok().flatten();
+            Follower {
+                actor: RemoteActor { url, handle, inbox_url, shared_inbox_url, display_name },
+                status: str_to_status(&status_str),
+            }
+        }).collect())
+    }
+
+    async fn update_follower_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = status_to_str(&status);
+        let result = sqlx::query(
+            "UPDATE ap_followers SET status = $1 WHERE local_user_id = $2 AND remote_actor_url = $3",
+        )
+        .bind(status_str)
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .execute(&self.pool)
+        .await?;
+        if result.rows_affected() == 0 {
+            tracing::warn!(local_user_id = %local_user_id, remote_actor_url, "update_follower_status: no row found");
+        }
+        Ok(())
+    }
+
+    async fn add_following(
+        &self,
+        local_user_id: uuid::Uuid,
+        actor: RemoteActor,
+        follow_activity_id: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+        self.upsert_remote_actor(actor.clone()).await?;
+        sqlx::query(
+            "INSERT INTO ap_following (local_user_id, remote_actor_url, follow_activity_id, created_at)
+             VALUES ($1, $2, $3, $4::timestamptz)
+             ON CONFLICT DO NOTHING",
+        )
+        .bind(&uid)
+        .bind(&actor.url)
+        .bind(follow_activity_id)
+        .bind(&created_at)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn get_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>> {
+        let uid = local_user_id.to_string();
+        let row: Option<String> = sqlx::query_scalar(
+            "SELECT follow_activity_id FROM ap_following WHERE local_user_id = $1 AND remote_actor_url = $2",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(row)
+    }
+
+    async fn remove_following(&self, local_user_id: uuid::Uuid, actor_url: &str) -> Result<()> {
+        let uid = local_user_id.to_string();
+        sqlx::query("DELETE FROM ap_following WHERE local_user_id = $1 AND remote_actor_url = $2")
+            .bind(&uid)
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn get_following(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>> {
+        let uid = local_user_id.to_string();
+        let rows = sqlx::query(
+            "SELECT a.url, a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_following f
+             INNER JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = $1 AND f.status = 'accepted'",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows.into_iter().map(|row| RemoteActor {
+            url: row.get("url"),
+            handle: row.get("handle"),
+            inbox_url: row.get("inbox_url"),
+            shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+            display_name: row.try_get("display_name").ok().flatten(),
+        }).collect())
+    }
+
+    async fn count_following(&self, local_user_id: uuid::Uuid) -> Result<usize> {
+        let uid = local_user_id.to_string();
+        let count: i64 = sqlx::query_scalar(
+            "SELECT COUNT(*) FROM ap_following WHERE local_user_id = $1 AND status = 'accepted'",
+        )
+        .bind(&uid)
+        .fetch_one(&self.pool)
+        .await?;
+        Ok(count as usize)
+    }
+
+    async fn upsert_remote_actor(&self, actor: RemoteActor) -> Result<()> {
+        let now = Utc::now().naive_utc();
+        let fetched_at = datetime_to_str(&now);
+        sqlx::query(
+            "INSERT INTO ap_remote_actors (url, handle, inbox_url, shared_inbox_url, display_name, fetched_at)
+             VALUES ($1, $2, $3, $4, $5, $6::timestamptz)
+             ON CONFLICT(url) DO UPDATE SET
+                 handle           = EXCLUDED.handle,
+                 inbox_url        = EXCLUDED.inbox_url,
+                 shared_inbox_url = EXCLUDED.shared_inbox_url,
+                 display_name     = EXCLUDED.display_name,
+                 fetched_at       = EXCLUDED.fetched_at",
+        )
+        .bind(&actor.url)
+        .bind(&actor.handle)
+        .bind(&actor.inbox_url)
+        .bind(&actor.shared_inbox_url)
+        .bind(&actor.display_name)
+        .bind(&fetched_at)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn get_remote_actor(&self, actor_url: &str) -> Result<Option<RemoteActor>> {
+        let row = sqlx::query(
+            "SELECT url, handle, inbox_url, shared_inbox_url, display_name
+             FROM ap_remote_actors WHERE url = $1",
+        )
+        .bind(actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(row.map(|row| RemoteActor {
+            url: row.get("url"),
+            handle: row.get("handle"),
+            inbox_url: row.get("inbox_url"),
+            shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+            display_name: row.try_get("display_name").ok().flatten(),
+        }))
+    }
+
+    async fn get_local_actor_keypair(&self, user_id: uuid::Uuid) -> Result<Option<(String, String)>> {
+        let uid = user_id.to_string();
+        let row = sqlx::query("SELECT public_key, private_key FROM ap_local_actors WHERE user_id = $1")
+            .bind(&uid)
+            .fetch_optional(&self.pool)
+            .await?;
+        Ok(row.map(|r| (r.get("public_key"), r.get("private_key"))))
+    }
+
+    async fn save_local_actor_keypair(
+        &self,
+        user_id: uuid::Uuid,
+        public_key: String,
+        private_key: String,
+    ) -> Result<()> {
+        let uid = user_id.to_string();
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+        sqlx::query(
+            "INSERT INTO ap_local_actors (user_id, public_key, private_key, created_at)
+             VALUES ($1, $2, $3, $4::timestamptz)
+             ON CONFLICT(user_id) DO UPDATE SET
+                 public_key  = EXCLUDED.public_key,
+                 private_key = EXCLUDED.private_key",
+        )
+        .bind(&uid)
+        .bind(&public_key)
+        .bind(&private_key)
+        .bind(&created_at)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn get_pending_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>> {
+        let uid = local_user_id.to_string();
+        let rows = sqlx::query(
+            "SELECT f.remote_actor_url, a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_followers f
+             LEFT JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = $1 AND f.status = 'pending'",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+        Ok(rows.into_iter().map(|row| RemoteActor {
+            url: row.get("remote_actor_url"),
+            handle: row.try_get("handle").unwrap_or_default(),
+            inbox_url: row.try_get("inbox_url").unwrap_or_default(),
+            shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+            display_name: row.try_get("display_name").ok().flatten(),
+        }).collect())
+    }
+
+    async fn update_following_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowingStatus,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = match status {
+            FollowingStatus::Pending => "pending",
+            FollowingStatus::Accepted => "accepted",
+        };
+        let result = sqlx::query(
+            "UPDATE ap_following SET status = $1 WHERE local_user_id = $2 AND remote_actor_url = $3",
+        )
+        .bind(status_str)
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .execute(&self.pool)
+        .await?;
+        if result.rows_affected() == 0 {
+            tracing::warn!(local_user_id = %local_user_id, remote_actor_url, "update_following_status: no row found");
+        }
+        Ok(())
+    }
+}
+
+#[async_trait]
+impl RemoteReviewRepository for PostgresFederationRepository {
+    async fn save_remote_review(
+        &self,
+        review: &Review,
+        ap_id: &str,
+        movie_title: &str,
+        release_year: u16,
+        poster_url: Option<&str>,
+    ) -> Result<()> {
+        let actor_url = match review.source() {
+            ReviewSource::Remote { actor_url } => actor_url.clone(),
+            ReviewSource::Local => return Err(anyhow!("save_remote_review called with a local review")),
+        };
+        let movie_id = review.movie_id().value().to_string();
+        sqlx::query(
+            "INSERT INTO movies (id, external_metadata_id, title, release_year, director, poster_path)
+             VALUES ($1, NULL, $2, $3, NULL, $4)
+             ON CONFLICT(id) DO UPDATE SET
+                 poster_path = COALESCE(EXCLUDED.poster_path, movies.poster_path)",
+        )
+        .bind(&movie_id)
+        .bind(movie_title)
+        .bind(release_year.max(1888) as i64)
+        .bind(poster_url)
+        .execute(&self.pool)
+        .await?;
+
+        let id = review.id().value().to_string();
+        let user_id = review.user_id().value().to_string();
+        let rating = review.rating().value() as i64;
+        let comment = review.comment().map(|c| c.value().to_string());
+        let watched_at = datetime_to_str(review.watched_at());
+        let created_at = datetime_to_str(review.created_at());
+        sqlx::query(
+            "INSERT INTO reviews (id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url, ap_id)
+             VALUES ($1, $2, $3, $4, $5, $6::timestamptz, $7::timestamptz, $8, $9)
+             ON CONFLICT DO NOTHING",
+        )
+        .bind(&id)
+        .bind(&movie_id)
+        .bind(&user_id)
+        .bind(rating)
+        .bind(&comment)
+        .bind(&watched_at)
+        .bind(&created_at)
+        .bind(&actor_url)
+        .bind(ap_id)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn delete_remote_review(&self, ap_id: &str, actor_url: &str) -> Result<()> {
+        sqlx::query("DELETE FROM reviews WHERE ap_id = $1 AND remote_actor_url = $2")
+            .bind(ap_id)
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn update_remote_review(
+        &self,
+        ap_id: &str,
+        actor_url: &str,
+        rating: u8,
+        comment: Option<&str>,
+        watched_at: chrono::NaiveDateTime,
+    ) -> Result<()> {
+        let watched_at_str = datetime_to_str(&watched_at);
+        sqlx::query(
+            "UPDATE reviews SET rating = $1, comment = $2, watched_at = $3::timestamptz
+             WHERE ap_id = $4 AND remote_actor_url = $5",
+        )
+        .bind(rating as i64)
+        .bind(comment)
+        .bind(&watched_at_str)
+        .bind(ap_id)
+        .bind(actor_url)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn delete_by_actor(&self, actor_url: &str) -> Result<()> {
+        sqlx::query("DELETE FROM reviews WHERE remote_actor_url = $1")
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+}
+
+#[async_trait]
+impl domain::ports::SocialQueryPort for PostgresFederationRepository {
+    async fn get_accepted_following_urls(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> Result<Vec<String>, domain::errors::DomainError> {
+        let user_id_str = user_id.to_string();
+        sqlx::query_scalar::<_, String>(
+            "SELECT remote_actor_url FROM ap_following WHERE local_user_id = $1 AND status = 'accepted'",
+        )
+        .bind(&user_id_str)
+        .fetch_all(&self.pool)
+        .await
+        .map_err(|e| domain::errors::DomainError::InfrastructureError(e.to_string()))
+    }
+
+    async fn list_all_followed_remote_actors(
+        &self,
+    ) -> Result<Vec<domain::ports::RemoteActorInfo>, domain::errors::DomainError> {
+        let rows = sqlx::query_as::<_, (String, String, Option<String>)>(
+            "SELECT DISTINCT ar.url, ar.handle, ar.display_name
+             FROM ap_remote_actors ar
+             JOIN ap_following f ON f.remote_actor_url = ar.url
+             WHERE f.status = 'accepted'",
+        )
+        .fetch_all(&self.pool)
+        .await
+        .map_err(|e| domain::errors::DomainError::InfrastructureError(e.to_string()))?;
+        Ok(rows.into_iter().map(|(url, handle, display_name)| domain::ports::RemoteActorInfo { url, handle, display_name }).collect())
+    }
+}

crates/adapters/postgres/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "postgres"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+sqlx = { version = "0.8.6", features = [
+    "runtime-tokio-rustls",
+    "postgres",
+    "uuid",
+    "macros",
+    "chrono",
+] }
+domain      = { workspace = true }
+uuid        = { workspace = true }
+chrono      = { workspace = true }
+tracing     = { workspace = true }
+async-trait = { workspace = true }
+tokio       = { workspace = true }

crates/adapters/postgres/migrations/0001_initial.sql

@@ -0,0 +1,69 @@
+CREATE TABLE IF NOT EXISTS movies (
+    id                   TEXT PRIMARY KEY NOT NULL,
+    external_metadata_id TEXT UNIQUE,
+    title                TEXT NOT NULL,
+    release_year         BIGINT NOT NULL,
+    director             TEXT,
+    poster_path          TEXT
+);
+
+CREATE INDEX IF NOT EXISTS idx_movies_title_year ON movies (title, release_year);
+
+CREATE TABLE IF NOT EXISTS users (
+    id            TEXT PRIMARY KEY NOT NULL,
+    email         TEXT UNIQUE NOT NULL,
+    username      TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at    TIMESTAMPTZ NOT NULL,
+    role          TEXT NOT NULL DEFAULT 'standard'
+);
+
+CREATE TABLE IF NOT EXISTS reviews (
+    id               TEXT PRIMARY KEY NOT NULL,
+    movie_id         TEXT NOT NULL REFERENCES movies(id),
+    user_id          TEXT NOT NULL,
+    rating           BIGINT NOT NULL,
+    comment          TEXT,
+    watched_at       TIMESTAMPTZ NOT NULL,
+    created_at       TIMESTAMPTZ NOT NULL,
+    remote_actor_url TEXT,
+    ap_id            TEXT
+);
+
+CREATE UNIQUE INDEX IF NOT EXISTS idx_reviews_ap_id ON reviews (ap_id) WHERE ap_id IS NOT NULL;
+CREATE INDEX IF NOT EXISTS idx_reviews_movie_id ON reviews (movie_id);
+CREATE INDEX IF NOT EXISTS idx_reviews_watched_at ON reviews (watched_at);
+
+CREATE TABLE IF NOT EXISTS ap_followers (
+    local_user_id      TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    remote_actor_url   TEXT NOT NULL,
+    status             TEXT NOT NULL DEFAULT 'pending',
+    follow_activity_id TEXT,
+    created_at         TIMESTAMPTZ NOT NULL,
+    PRIMARY KEY (local_user_id, remote_actor_url)
+);
+
+CREATE TABLE IF NOT EXISTS ap_following (
+    local_user_id      TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    remote_actor_url   TEXT NOT NULL,
+    follow_activity_id TEXT,
+    status             TEXT NOT NULL DEFAULT 'pending',
+    created_at         TIMESTAMPTZ NOT NULL,
+    PRIMARY KEY (local_user_id, remote_actor_url)
+);
+
+CREATE TABLE IF NOT EXISTS ap_remote_actors (
+    url              TEXT PRIMARY KEY,
+    handle           TEXT NOT NULL,
+    inbox_url        TEXT NOT NULL,
+    shared_inbox_url TEXT,
+    display_name     TEXT,
+    fetched_at       TIMESTAMPTZ NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS ap_local_actors (
+    user_id     TEXT PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE,
+    public_key  TEXT NOT NULL,
+    private_key TEXT NOT NULL,
+    created_at  TIMESTAMPTZ NOT NULL
+);

crates/adapters/postgres/src/lib.rs

@@ -0,0 +1,768 @@
+use async_trait::async_trait;
+use domain::{
+    errors::DomainError,
+    events::DomainEvent,
+    models::{
+        DiaryEntry, DiaryFilter, DirectorStat, FeedEntry, MonthlyRating, Movie, Review,
+        ReviewHistory, ReviewSource, SortDirection, UserStats, UserTrends,
+        collections::{PageParams, Paginated},
+    },
+    ports::{DiaryRepository, MovieRepository, ReviewRepository, StatsRepository},
+    value_objects::{ExternalMetadataId, MovieId, MovieTitle, ReleaseYear, ReviewId, UserId},
+};
+use sqlx::PgPool;
+
+mod models;
+mod users;
+
+use models::{
+    DiaryRow, DirectorCountRow, FeedRow, MonthlyRatingRow, MovieRow, ReviewRow, UserTotalsRow,
+    datetime_to_str,
+};
+
+pub use users::PostgresUserRepository;
+
+fn format_year_month(ym: &str) -> String {
+    let parts: Vec<&str> = ym.splitn(2, '-').collect();
+    if parts.len() != 2 {
+        return ym.to_string();
+    }
+    let year = parts[0].get(2..).unwrap_or(parts[0]);
+    let month = match parts[1] {
+        "01" => "Jan",
+        "02" => "Feb",
+        "03" => "Mar",
+        "04" => "Apr",
+        "05" => "May",
+        "06" => "Jun",
+        "07" => "Jul",
+        "08" => "Aug",
+        "09" => "Sep",
+        "10" => "Oct",
+        "11" => "Nov",
+        "12" => "Dec",
+        _ => parts[1],
+    };
+    format!("{} '{}", month, year)
+}
+
+pub struct PostgresRepository {
+    pool: PgPool,
+}
+
+impl PostgresRepository {
+    pub fn new(pool: PgPool) -> Self {
+        Self { pool }
+    }
+
+    pub async fn migrate(&self) -> Result<(), DomainError> {
+        sqlx::migrate!("./migrations")
+            .run(&self.pool)
+            .await
+            .map_err(|e| DomainError::InfrastructureError(format!("Migration failed: {}", e)))
+    }
+
+    fn map_err(e: sqlx::Error) -> DomainError {
+        tracing::error!("Database error: {:?}", e);
+        DomainError::InfrastructureError("Database operation failed".into())
+    }
+
+    async fn count_diary_entries(&self, movie_id: Option<&str>) -> Result<i64, DomainError> {
+        match movie_id {
+            None => sqlx::query_scalar::<_, i64>("SELECT COUNT(*) FROM reviews")
+                .fetch_one(&self.pool)
+                .await
+                .map_err(Self::map_err),
+            Some(id) => {
+                sqlx::query_scalar::<_, i64>("SELECT COUNT(*) FROM reviews WHERE movie_id = $1")
+                    .bind(id)
+                    .fetch_one(&self.pool)
+                    .await
+                    .map_err(Self::map_err)
+            }
+        }
+    }
+
+    async fn fetch_all_diary_rows(
+        &self,
+        sort: &SortDirection,
+        limit: i64,
+        offset: i64,
+    ) -> Result<Vec<DiaryRow>, DomainError> {
+        let order = match sort {
+            SortDirection::Ascending => "r.watched_at ASC",
+            _ => "r.watched_at DESC",
+        };
+        let sql = format!(
+            "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,
+                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment,
+                    to_char(r.watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(r.created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    r.remote_actor_url
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             ORDER BY {}
+             LIMIT $1 OFFSET $2",
+            order
+        );
+        sqlx::query_as::<_, DiaryRow>(&sql)
+            .bind(limit)
+            .bind(offset)
+            .fetch_all(&self.pool)
+            .await
+            .map_err(Self::map_err)
+    }
+
+    async fn fetch_movie_diary_rows(
+        &self,
+        movie_id: &str,
+        sort: &SortDirection,
+        limit: i64,
+        offset: i64,
+    ) -> Result<Vec<DiaryRow>, DomainError> {
+        let order = match sort {
+            SortDirection::Ascending => "r.watched_at ASC",
+            _ => "r.watched_at DESC",
+        };
+        let sql = format!(
+            "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,
+                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment,
+                    to_char(r.watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(r.created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    r.remote_actor_url
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.movie_id = $1
+             ORDER BY {}
+             LIMIT $2 OFFSET $3",
+            order
+        );
+        sqlx::query_as::<_, DiaryRow>(&sql)
+            .bind(movie_id)
+            .bind(limit)
+            .bind(offset)
+            .fetch_all(&self.pool)
+            .await
+            .map_err(Self::map_err)
+    }
+
+    async fn count_user_diary_entries(
+        &self,
+        user_id: &str,
+        search: Option<&str>,
+    ) -> Result<i64, DomainError> {
+        let has_search = search.map(|s| !s.is_empty()).unwrap_or(false);
+        let sql = if has_search {
+            "SELECT COUNT(*) FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.user_id = $1 AND m.title ILIKE '%' || $2 || '%'"
+                .to_string()
+        } else {
+            "SELECT COUNT(*) FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.user_id = $1"
+                .to_string()
+        };
+        let mut q = sqlx::query_scalar::<_, i64>(&sql).bind(user_id);
+        if has_search {
+            q = q.bind(search.unwrap());
+        }
+        q.fetch_one(&self.pool).await.map_err(Self::map_err)
+    }
+
+    async fn fetch_user_diary_rows(
+        &self,
+        user_id: &str,
+        sort: &SortDirection,
+        search: Option<&str>,
+        limit: i64,
+        offset: i64,
+    ) -> Result<Vec<DiaryRow>, DomainError> {
+        let has_search = search.map(|s| !s.is_empty()).unwrap_or(false);
+        let order_clause = match sort {
+            SortDirection::ByRatingDesc => "r.rating DESC, r.watched_at DESC",
+            SortDirection::ByRatingAsc => "r.rating ASC, r.watched_at ASC",
+            SortDirection::Ascending => "r.watched_at ASC",
+            SortDirection::Descending => "r.watched_at DESC",
+        };
+
+        // Build param counter: user_id=$1, optional search=$2, limit=$N-1, offset=$N
+        let mut p: i32 = 1; // $1 is user_id
+        let search_clause = if has_search {
+            p += 1;
+            format!(" AND m.title ILIKE '%' || ${} || '%'", p)
+        } else {
+            String::new()
+        };
+        p += 1;
+        let limit_param = format!("${}", p);
+        p += 1;
+        let offset_param = format!("${}", p);
+
+        let sql = format!(
+            "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,
+                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment,
+                    to_char(r.watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(r.created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    r.remote_actor_url
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.user_id = $1{}
+             ORDER BY {}
+             LIMIT {} OFFSET {}",
+            search_clause, order_clause, limit_param, offset_param
+        );
+
+        let mut q = sqlx::query_as::<_, DiaryRow>(&sql).bind(user_id);
+        if has_search {
+            q = q.bind(search.unwrap());
+        }
+        q.bind(limit)
+            .bind(offset)
+            .fetch_all(&self.pool)
+            .await
+            .map_err(Self::map_err)
+    }
+
+    async fn fetch_user_totals(&self, user_id: &str) -> Result<UserTotalsRow, DomainError> {
+        sqlx::query_as::<_, UserTotalsRow>(
+            r#"SELECT COUNT(DISTINCT movie_id) AS total,
+                      AVG(rating::float) AS avg_rating
+               FROM reviews WHERE user_id = $1"#,
+        )
+        .bind(user_id)
+        .fetch_one(&self.pool)
+        .await
+        .map_err(Self::map_err)
+    }
+
+    async fn fetch_user_favorite_director(
+        &self,
+        user_id: &str,
+    ) -> Result<Option<String>, DomainError> {
+        sqlx::query_scalar::<_, String>(
+            "SELECT m.director
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.user_id = $1 AND m.director IS NOT NULL
+             GROUP BY m.director
+             ORDER BY COUNT(*) DESC
+             LIMIT 1",
+        )
+        .bind(user_id)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)
+    }
+
+    async fn fetch_user_most_active_month(
+        &self,
+        user_id: &str,
+    ) -> Result<Option<String>, DomainError> {
+        sqlx::query_scalar::<_, String>(
+            "SELECT to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM') AS month
+             FROM reviews
+             WHERE user_id = $1
+             GROUP BY to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM')
+             ORDER BY COUNT(*) DESC
+             LIMIT 1",
+        )
+        .bind(user_id)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)
+    }
+}
+
+#[async_trait]
+impl MovieRepository for PostgresRepository {
+    async fn get_movie_by_external_id(
+        &self,
+        external_metadata_id: &ExternalMetadataId,
+    ) -> Result<Option<Movie>, DomainError> {
+        let id = external_metadata_id.value();
+        sqlx::query_as::<_, MovieRow>(
+            "SELECT id, external_metadata_id, title, release_year, director, poster_path
+             FROM movies WHERE external_metadata_id = $1",
+        )
+        .bind(id)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .map(MovieRow::to_domain)
+        .transpose()
+    }
+
+    async fn get_movie_by_id(&self, movie_id: &MovieId) -> Result<Option<Movie>, DomainError> {
+        let id = movie_id.value().to_string();
+        sqlx::query_as::<_, MovieRow>(
+            "SELECT id, external_metadata_id, title, release_year, director, poster_path
+             FROM movies WHERE id = $1",
+        )
+        .bind(&id)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .map(MovieRow::to_domain)
+        .transpose()
+    }
+
+    async fn get_movies_by_title_and_year(
+        &self,
+        title: &MovieTitle,
+        year: &ReleaseYear,
+    ) -> Result<Vec<Movie>, DomainError> {
+        let title = title.value();
+        let year = year.value() as i64;
+        sqlx::query_as::<_, MovieRow>(
+            "SELECT id, external_metadata_id, title, release_year, director, poster_path
+             FROM movies WHERE title = $1 AND release_year = $2",
+        )
+        .bind(title)
+        .bind(year)
+        .fetch_all(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .into_iter()
+        .map(MovieRow::to_domain)
+        .collect()
+    }
+
+    async fn upsert_movie(&self, movie: &Movie) -> Result<(), DomainError> {
+        let id = movie.id().value().to_string();
+        let external_metadata_id = movie.external_metadata_id().map(|e| e.value().to_string());
+        let title = movie.title().value();
+        let release_year = movie.release_year().value() as i64;
+        let director = movie.director();
+        let poster_path = movie.poster_path().map(|p| p.value().to_string());
+
+        sqlx::query(
+            "INSERT INTO movies (id, external_metadata_id, title, release_year, director, poster_path)
+             VALUES ($1, $2, $3, $4, $5, $6)
+             ON CONFLICT(id) DO UPDATE SET
+                 external_metadata_id = excluded.external_metadata_id,
+                 title                = excluded.title,
+                 release_year         = excluded.release_year,
+                 director             = excluded.director,
+                 poster_path          = excluded.poster_path",
+        )
+        .bind(&id)
+        .bind(&external_metadata_id)
+        .bind(title)
+        .bind(release_year)
+        .bind(director)
+        .bind(&poster_path)
+        .execute(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+
+        Ok(())
+    }
+
+    async fn delete_movie(&self, movie_id: &MovieId) -> Result<(), DomainError> {
+        let id = movie_id.value().to_string();
+        sqlx::query("DELETE FROM movies WHERE id = $1")
+            .bind(&id)
+            .execute(&self.pool)
+            .await
+            .map_err(Self::map_err)?;
+        Ok(())
+    }
+}
+
+#[async_trait]
+impl ReviewRepository for PostgresRepository {
+    async fn save_review(&self, review: &Review) -> Result<DomainEvent, DomainError> {
+        let id = review.id().value().to_string();
+        let movie_id = review.movie_id().value().to_string();
+        let user_id = review.user_id().value().to_string();
+        let rating = review.rating().value() as i64;
+        let comment = review.comment().map(|c| c.value().to_string());
+        let watched_at = datetime_to_str(review.watched_at());
+        let created_at = datetime_to_str(review.created_at());
+        let remote_actor_url = match review.source() {
+            ReviewSource::Local => None,
+            ReviewSource::Remote { actor_url } => Some(actor_url.clone()),
+        };
+
+        sqlx::query(
+            "INSERT INTO reviews (id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url)
+             VALUES ($1, $2, $3, $4, $5, $6::timestamptz, $7::timestamptz, $8)",
+        )
+        .bind(&id)
+        .bind(&movie_id)
+        .bind(&user_id)
+        .bind(rating)
+        .bind(&comment)
+        .bind(&watched_at)
+        .bind(&created_at)
+        .bind(&remote_actor_url)
+        .execute(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+
+        Ok(DomainEvent::ReviewLogged {
+            review_id: review.id().clone(),
+            movie_id: review.movie_id().clone(),
+            user_id: review.user_id().clone(),
+            rating: review.rating().clone(),
+            watched_at: *review.watched_at(),
+        })
+    }
+
+    async fn get_review_by_id(&self, review_id: &ReviewId) -> Result<Option<Review>, DomainError> {
+        let id = review_id.value().to_string();
+        sqlx::query_as::<_, ReviewRow>(
+            "SELECT id, movie_id, user_id, rating, comment,
+                    to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    remote_actor_url
+             FROM reviews WHERE id = $1",
+        )
+        .bind(&id)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .map(ReviewRow::to_domain)
+        .transpose()
+    }
+
+    async fn delete_review(&self, review_id: &ReviewId) -> Result<(), DomainError> {
+        let id = review_id.value().to_string();
+        sqlx::query("DELETE FROM reviews WHERE id = $1")
+            .bind(&id)
+            .execute(&self.pool)
+            .await
+            .map_err(Self::map_err)?;
+        Ok(())
+    }
+
+    async fn get_all_reviews_for_user(
+        &self,
+        _user_id: &UserId,
+    ) -> Result<Vec<Review>, DomainError> {
+        todo!()
+    }
+}
+
+#[async_trait]
+impl DiaryRepository for PostgresRepository {
+    async fn query_diary(
+        &self,
+        filter: &DiaryFilter,
+    ) -> Result<Paginated<DiaryEntry>, DomainError> {
+        let limit = filter.page.limit as i64;
+        let offset = filter.page.offset as i64;
+
+        let (total, rows) = match (&filter.movie_id, &filter.user_id) {
+            (None, None) => tokio::try_join!(
+                self.count_diary_entries(None),
+                self.fetch_all_diary_rows(&filter.sort_by, limit, offset)
+            )?,
+            (Some(id), None) => {
+                let id_str = id.value().to_string();
+                tokio::try_join!(
+                    self.count_diary_entries(Some(id_str.as_str())),
+                    self.fetch_movie_diary_rows(&id_str, &filter.sort_by, limit, offset)
+                )?
+            }
+            (None, Some(uid)) => {
+                let uid_str = uid.value().to_string();
+                let search = filter.search.as_deref();
+                tokio::try_join!(
+                    self.count_user_diary_entries(&uid_str, search),
+                    self.fetch_user_diary_rows(&uid_str, &filter.sort_by, search, limit, offset)
+                )?
+            }
+            (Some(_), Some(_)) => {
+                return Err(DomainError::ValidationError(
+                    "Combined movie_id + user_id filter not supported".into(),
+                ));
+            }
+        };
+
+        let items = rows
+            .into_iter()
+            .map(DiaryRow::to_domain)
+            .collect::<Result<Vec<_>, _>>()?;
+
+        Ok(Paginated {
+            items,
+            total_count: total as u64,
+            limit: filter.page.limit,
+            offset: filter.page.offset,
+        })
+    }
+
+    async fn query_activity_feed(
+        &self,
+        page: &PageParams,
+    ) -> Result<Paginated<FeedEntry>, DomainError> {
+        self.query_activity_feed_filtered(page, &domain::ports::FeedSortBy::Date, None, None)
+            .await
+    }
+
+    async fn query_activity_feed_filtered(
+        &self,
+        page: &PageParams,
+        sort_by: &domain::ports::FeedSortBy,
+        search: Option<&str>,
+        following: Option<&domain::ports::FollowingFilter>,
+    ) -> Result<Paginated<FeedEntry>, DomainError> {
+        use domain::ports::FeedSortBy;
+
+        let limit = page.limit as i64;
+        let offset = page.offset as i64;
+        let has_search = search.map(|s| !s.is_empty()).unwrap_or(false);
+
+        // Dynamic param counter
+        let mut p: i32 = 0;
+        let mut next_param = || {
+            p += 1;
+            format!("${}", p)
+        };
+
+        let mut where_parts = vec!["1=1".to_string()];
+
+        if has_search {
+            let pn = next_param();
+            where_parts.push(format!("m.title ILIKE '%' || {} || '%'", pn));
+        }
+
+        if let Some(f) = following {
+            let local_params: Vec<String> =
+                f.local_user_ids.iter().map(|_| next_param()).collect();
+            let remote_params: Vec<String> =
+                f.remote_actor_urls.iter().map(|_| next_param()).collect();
+
+            let local_in = if local_params.is_empty() {
+                "(SELECT NULL::text WHERE false)".to_string()
+            } else {
+                local_params.join(", ")
+            };
+            let remote_in = if remote_params.is_empty() {
+                "(SELECT NULL::text WHERE false)".to_string()
+            } else {
+                remote_params.join(", ")
+            };
+            where_parts.push(format!(
+                "(r.user_id IN ({}) OR r.remote_actor_url IN ({}))",
+                local_in, remote_in
+            ));
+        }
+
+        let limit_param = next_param();
+        let offset_param = next_param();
+
+        let order_clause = match sort_by {
+            FeedSortBy::Date => "r.watched_at DESC",
+            FeedSortBy::DateAsc => "r.watched_at ASC",
+            FeedSortBy::Rating => "r.rating DESC, r.watched_at DESC",
+            FeedSortBy::RatingAsc => "r.rating ASC, r.watched_at ASC",
+        };
+
+        let where_clause = where_parts.join(" AND ");
+
+        // Reset counter for count query (reuse same where_clause string but re-bind)
+        // We need a separate counter for count SQL — but since where_clause is already built
+        // with the right $N references, both queries share it.
+        let count_sql = format!(
+            "SELECT COUNT(*) FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE {}",
+            where_clause
+        );
+
+        let select_sql = format!(
+            "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,
+                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment,
+                    to_char(r.watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(r.created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    r.remote_actor_url,
+                    COALESCE(u.email, r.remote_actor_url) AS user_email
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             LEFT JOIN users u ON u.id = r.user_id
+             WHERE {}
+             ORDER BY {}
+             LIMIT {} OFFSET {}",
+            where_clause, order_clause, limit_param, offset_param
+        );
+
+        // Bind helper closure — binds search + following params in order
+        macro_rules! bind_filter_params {
+            ($q:expr) => {{
+                let mut q = $q;
+                if has_search {
+                    q = q.bind(search.unwrap());
+                }
+                if let Some(f) = following {
+                    for uid in &f.local_user_ids {
+                        q = q.bind(uid.to_string());
+                    }
+                    for url in &f.remote_actor_urls {
+                        q = q.bind(url.as_str());
+                    }
+                }
+                q
+            }};
+        }
+
+        let count_q = bind_filter_params!(sqlx::query_scalar::<_, i64>(&count_sql));
+        let total = count_q
+            .fetch_one(&self.pool)
+            .await
+            .map_err(Self::map_err)?;
+
+        let rows_q = bind_filter_params!(sqlx::query_as::<_, FeedRow>(&select_sql));
+        let rows = rows_q
+            .bind(limit)
+            .bind(offset)
+            .fetch_all(&self.pool)
+            .await
+            .map_err(Self::map_err)?;
+
+        let items = rows
+            .into_iter()
+            .map(FeedRow::to_domain)
+            .collect::<Result<Vec<_>, _>>()?;
+
+        Ok(Paginated {
+            items,
+            total_count: total as u64,
+            limit: page.limit,
+            offset: page.offset,
+        })
+    }
+
+    async fn get_review_history(&self, movie_id: &MovieId) -> Result<ReviewHistory, DomainError> {
+        let id_str = movie_id.value().to_string();
+
+        let movie = sqlx::query_as::<_, MovieRow>(
+            "SELECT id, external_metadata_id, title, release_year, director, poster_path
+             FROM movies WHERE id = $1",
+        )
+        .bind(&id_str)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .ok_or_else(|| DomainError::NotFound(format!("Movie {}", id_str)))?
+        .to_domain()?;
+
+        let viewings = sqlx::query_as::<_, ReviewRow>(
+            "SELECT id, movie_id, user_id, rating, comment,
+                    to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    remote_actor_url
+             FROM reviews WHERE movie_id = $1 ORDER BY watched_at ASC",
+        )
+        .bind(&id_str)
+        .fetch_all(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .into_iter()
+        .map(ReviewRow::to_domain)
+        .collect::<Result<Vec<_>, _>>()?;
+
+        Ok(ReviewHistory::new(movie, viewings))
+    }
+
+    async fn get_user_history(&self, user_id: &UserId) -> Result<Vec<DiaryEntry>, DomainError> {
+        let uid = user_id.value().to_string();
+        let rows = sqlx::query_as::<_, DiaryRow>(
+            "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,
+                    r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment,
+                    to_char(r.watched_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS watched_at,
+                    to_char(r.created_at AT TIME ZONE 'UTC', 'YYYY-MM-DD HH24:MI:SS') AS created_at,
+                    r.remote_actor_url
+             FROM reviews r
+             INNER JOIN movies m ON m.id = r.movie_id
+             WHERE r.user_id = $1
+             ORDER BY r.watched_at DESC",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+
+        rows.into_iter().map(DiaryRow::to_domain).collect()
+    }
+}
+
+#[async_trait]
+impl StatsRepository for PostgresRepository {
+    async fn get_user_stats(&self, user_id: &UserId) -> Result<UserStats, DomainError> {
+        let uid = user_id.value().to_string();
+
+        let (totals, fav_director, most_active) = tokio::try_join!(
+            self.fetch_user_totals(&uid),
+            self.fetch_user_favorite_director(&uid),
+            self.fetch_user_most_active_month(&uid)
+        )?;
+
+        let most_active_month = most_active.map(|ym| format_year_month(&ym));
+
+        Ok(UserStats {
+            total_movies: totals.total,
+            avg_rating: totals.avg_rating,
+            favorite_director: fav_director,
+            most_active_month,
+        })
+    }
+
+    async fn get_user_trends(&self, user_id: &UserId) -> Result<UserTrends, DomainError> {
+        let uid = user_id.value().to_string();
+
+        let (rating_rows, director_rows) = tokio::try_join!(
+            sqlx::query_as::<_, MonthlyRatingRow>(
+                "SELECT to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM') AS month,
+                        AVG(rating::float) AS avg_rating,
+                        COUNT(*) AS count
+                 FROM reviews
+                 WHERE user_id = $1 AND watched_at >= NOW() - INTERVAL '12 months'
+                 GROUP BY to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM')
+                 ORDER BY to_char(watched_at AT TIME ZONE 'UTC', 'YYYY-MM') ASC"
+            )
+            .bind(&uid)
+            .fetch_all(&self.pool),
+            sqlx::query_as::<_, DirectorCountRow>(
+                "SELECT m.director AS director, COUNT(*) AS count
+                 FROM reviews r
+                 INNER JOIN movies m ON m.id = r.movie_id
+                 WHERE r.user_id = $1 AND m.director IS NOT NULL
+                 GROUP BY m.director
+                 ORDER BY COUNT(*) DESC
+                 LIMIT 5"
+            )
+            .bind(&uid)
+            .fetch_all(&self.pool)
+        )
+        .map_err(Self::map_err)?;
+
+        let max_director_count = director_rows.iter().map(|d| d.count).max().unwrap_or(1);
+
+        let monthly_ratings = rating_rows
+            .into_iter()
+            .map(|r| MonthlyRating {
+                month_label: format_year_month(&r.month),
+                year_month: r.month,
+                avg_rating: r.avg_rating,
+                count: r.count,
+            })
+            .collect();
+
+        let top_directors = director_rows
+            .into_iter()
+            .map(|d| DirectorStat {
+                director: d.director,
+                count: d.count,
+            })
+            .collect();
+
+        Ok(UserTrends {
+            monthly_ratings,
+            top_directors,
+            max_director_count,
+        })
+    }
+}

crates/adapters/postgres/src/models.rs

@@ -0,0 +1,210 @@
+use chrono::NaiveDateTime;
+use domain::{
+    errors::DomainError,
+    models::{DiaryEntry, FeedEntry, Movie, Review, ReviewSource, UserSummary},
+    value_objects::{
+        Comment, Email, ExternalMetadataId, MovieId, MovieTitle, PosterPath, Rating, ReleaseYear,
+        ReviewId, UserId,
+    },
+};
+use uuid::Uuid;
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct MovieRow {
+    pub id: String,
+    pub external_metadata_id: Option<String>,
+    pub title: String,
+    pub release_year: i64,
+    pub director: Option<String>,
+    pub poster_path: Option<String>,
+}
+
+impl MovieRow {
+    pub fn to_domain(self) -> Result<Movie, DomainError> {
+        let id = MovieId::from_uuid(parse_uuid(&self.id)?);
+        let external_metadata_id = self
+            .external_metadata_id
+            .map(ExternalMetadataId::new)
+            .transpose()?;
+        let title = MovieTitle::new(self.title)?;
+        let release_year = ReleaseYear::new(self.release_year as u16)?;
+        let poster_path = self.poster_path.map(PosterPath::new).transpose()?;
+        Ok(Movie::from_persistence(
+            id,
+            external_metadata_id,
+            title,
+            release_year,
+            self.director,
+            poster_path,
+        ))
+    }
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct ReviewRow {
+    pub id: String,
+    pub movie_id: String,
+    pub user_id: String,
+    pub rating: i64,
+    pub comment: Option<String>,
+    pub watched_at: String,
+    pub created_at: String,
+    pub remote_actor_url: Option<String>,
+}
+
+impl ReviewRow {
+    pub fn to_domain(self) -> Result<Review, DomainError> {
+        let id = ReviewId::from_uuid(parse_uuid(&self.id)?);
+        let movie_id = MovieId::from_uuid(parse_uuid(&self.movie_id)?);
+        let user_id = UserId::from_uuid(parse_uuid(&self.user_id)?);
+        let rating = Rating::new(self.rating as u8)?;
+        let comment = self.comment.map(Comment::new).transpose()?;
+        let watched_at = parse_datetime(&self.watched_at)?;
+        let created_at = parse_datetime(&self.created_at)?;
+        let source = match self.remote_actor_url {
+            None => ReviewSource::Local,
+            Some(url) => ReviewSource::Remote { actor_url: url },
+        };
+        Ok(Review::from_persistence(
+            id, movie_id, user_id, rating, comment, watched_at, created_at, source,
+        ))
+    }
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct DiaryRow {
+    pub id: String,
+    pub external_metadata_id: Option<String>,
+    pub title: String,
+    pub release_year: i64,
+    pub director: Option<String>,
+    pub poster_path: Option<String>,
+    pub review_id: String,
+    pub movie_id: String,
+    pub user_id: String,
+    pub rating: i64,
+    pub comment: Option<String>,
+    pub watched_at: String,
+    pub created_at: String,
+    pub remote_actor_url: Option<String>,
+}
+
+impl DiaryRow {
+    pub fn to_domain(self) -> Result<DiaryEntry, DomainError> {
+        let movie = MovieRow {
+            id: self.id,
+            external_metadata_id: self.external_metadata_id,
+            title: self.title,
+            release_year: self.release_year,
+            director: self.director,
+            poster_path: self.poster_path,
+        }
+        .to_domain()?;
+        let review = ReviewRow {
+            id: self.review_id,
+            movie_id: self.movie_id,
+            user_id: self.user_id,
+            rating: self.rating,
+            comment: self.comment,
+            watched_at: self.watched_at,
+            created_at: self.created_at,
+            remote_actor_url: self.remote_actor_url,
+        }
+        .to_domain()?;
+        Ok(DiaryEntry::new(movie, review))
+    }
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct FeedRow {
+    pub id: String,
+    pub external_metadata_id: Option<String>,
+    pub title: String,
+    pub release_year: i64,
+    pub director: Option<String>,
+    pub poster_path: Option<String>,
+    pub review_id: String,
+    pub movie_id: String,
+    pub user_id: String,
+    pub rating: i64,
+    pub comment: Option<String>,
+    pub watched_at: String,
+    pub created_at: String,
+    pub remote_actor_url: Option<String>,
+    pub user_email: String,
+}
+
+impl FeedRow {
+    pub fn to_domain(self) -> Result<FeedEntry, DomainError> {
+        let diary = DiaryRow {
+            id: self.id,
+            external_metadata_id: self.external_metadata_id,
+            title: self.title,
+            release_year: self.release_year,
+            director: self.director,
+            poster_path: self.poster_path,
+            review_id: self.review_id,
+            movie_id: self.movie_id,
+            user_id: self.user_id,
+            rating: self.rating,
+            comment: self.comment,
+            watched_at: self.watched_at,
+            created_at: self.created_at,
+            remote_actor_url: self.remote_actor_url,
+        }
+        .to_domain()?;
+        Ok(FeedEntry::new(diary, self.user_email))
+    }
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct UserSummaryRow {
+    pub id: String,
+    pub email: String,
+    pub total_movies: i64,
+    pub avg_rating: Option<f64>,
+}
+
+impl UserSummaryRow {
+    pub fn to_domain(self) -> Result<UserSummary, DomainError> {
+        Ok(UserSummary::new(
+            UserId::from_uuid(parse_uuid(&self.id)?),
+            Email::new(self.email)?,
+            self.total_movies,
+            self.avg_rating,
+        ))
+    }
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct UserTotalsRow {
+    pub total: i64,
+    pub avg_rating: Option<f64>,
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct DirectorCountRow {
+    pub director: String,
+    pub count: i64,
+}
+
+#[derive(sqlx::FromRow)]
+pub(crate) struct MonthlyRatingRow {
+    pub month: String,
+    pub avg_rating: f64,
+    pub count: i64,
+}
+
+pub(crate) fn parse_uuid(s: &str) -> Result<Uuid, DomainError> {
+    Uuid::parse_str(s)
+        .map_err(|e| DomainError::InfrastructureError(format!("Invalid UUID '{}': {}", s, e)))
+}
+
+pub(crate) fn datetime_to_str(dt: &NaiveDateTime) -> String {
+    dt.format("%Y-%m-%d %H:%M:%S").to_string()
+}
+
+pub(crate) fn parse_datetime(s: &str) -> Result<NaiveDateTime, DomainError> {
+    NaiveDateTime::parse_from_str(s, "%Y-%m-%d %H:%M:%S")
+        .map_err(|e| DomainError::InfrastructureError(format!("Invalid datetime '{}': {}", s, e)))
+}

crates/adapters/postgres/src/users.rs

@@ -0,0 +1,204 @@
+use async_trait::async_trait;
+use chrono::Utc;
+use sqlx::PgPool;
+
+use domain::{
+    errors::DomainError,
+    models::{User, UserRole},
+    ports::UserRepository,
+    value_objects::{Email, PasswordHash, UserId, Username},
+};
+
+use super::models::UserSummaryRow;
+
+pub struct PostgresUserRepository {
+    pool: PgPool,
+}
+
+impl PostgresUserRepository {
+    pub fn new(pool: PgPool) -> Self {
+        Self { pool }
+    }
+
+    fn map_err(e: sqlx::Error) -> DomainError {
+        tracing::error!("Database error: {:?}", e);
+        DomainError::InfrastructureError("Database operation failed".into())
+    }
+
+    fn parse_role(s: &str) -> UserRole {
+        match s {
+            "admin" => UserRole::Admin,
+            _ => UserRole::Standard,
+        }
+    }
+
+    fn row_to_user(
+        id_str: String,
+        email_str: String,
+        username_str: String,
+        hash_str: String,
+        role: UserRole,
+    ) -> Result<User, DomainError> {
+        let id = uuid::Uuid::parse_str(&id_str)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        let email = Email::new(email_str)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        let username = Username::new(username_str)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        let hash = PasswordHash::new(hash_str)
+            .map_err(|e| DomainError::InfrastructureError(e.to_string()))?;
+        Ok(User::from_persistence(
+            UserId::from_uuid(id),
+            email,
+            username,
+            hash,
+            role,
+        ))
+    }
+}
+
+#[async_trait]
+impl UserRepository for PostgresUserRepository {
+    async fn find_by_email(&self, email: &Email) -> Result<Option<User>, DomainError> {
+        let email_str = email.value();
+        #[derive(sqlx::FromRow)]
+        struct Row {
+            id: String,
+            email: String,
+            username: String,
+            password_hash: String,
+            role: String,
+        }
+        let row = sqlx::query_as::<_, Row>(
+            "SELECT id, email, username, password_hash, role FROM users WHERE email = $1",
+        )
+        .bind(email_str)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+        row.map(|r| {
+            Self::row_to_user(
+                r.id,
+                r.email,
+                r.username,
+                r.password_hash,
+                Self::parse_role(&r.role),
+            )
+        })
+        .transpose()
+    }
+
+    async fn find_by_username(&self, username: &Username) -> Result<Option<User>, DomainError> {
+        let username_str = username.value();
+        #[derive(sqlx::FromRow)]
+        struct Row {
+            id: String,
+            email: String,
+            username: String,
+            password_hash: String,
+            role: String,
+        }
+        let row = sqlx::query_as::<_, Row>(
+            "SELECT id, email, username, password_hash, role FROM users WHERE username = $1",
+        )
+        .bind(username_str)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+        row.map(|r| {
+            Self::row_to_user(
+                r.id,
+                r.email,
+                r.username,
+                r.password_hash,
+                Self::parse_role(&r.role),
+            )
+        })
+        .transpose()
+    }
+
+    async fn save(&self, user: &User) -> Result<(), DomainError> {
+        if self.find_by_email(user.email()).await?.is_some() {
+            return Err(DomainError::ValidationError(
+                "Email already registered".into(),
+            ));
+        }
+        if self.find_by_username(user.username()).await?.is_some() {
+            return Err(DomainError::ValidationError(
+                "Username already taken".into(),
+            ));
+        }
+        let id = user.id().value().to_string();
+        let email = user.email().value();
+        let username = user.username().value();
+        let hash = user.password_hash().value();
+        let created_at = Utc::now()
+            .naive_utc()
+            .format("%Y-%m-%d %H:%M:%S")
+            .to_string();
+        let role = match user.role() {
+            UserRole::Admin => "admin",
+            UserRole::Standard => "standard",
+        };
+        sqlx::query(
+            "INSERT INTO users (id, email, username, password_hash, created_at, role) VALUES ($1, $2, $3, $4, $5::timestamptz, $6)",
+        )
+        .bind(&id)
+        .bind(email)
+        .bind(username)
+        .bind(hash)
+        .bind(&created_at)
+        .bind(role)
+        .execute(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+        Ok(())
+    }
+
+    async fn find_by_id(&self, id: &UserId) -> Result<Option<User>, DomainError> {
+        let id_str = id.value().to_string();
+        #[derive(sqlx::FromRow)]
+        struct Row {
+            id: String,
+            email: String,
+            username: String,
+            password_hash: String,
+            role: String,
+        }
+        let row = sqlx::query_as::<_, Row>(
+            "SELECT id, email, username, password_hash, role FROM users WHERE id = $1",
+        )
+        .bind(&id_str)
+        .fetch_optional(&self.pool)
+        .await
+        .map_err(Self::map_err)?;
+        row.map(|r| {
+            Self::row_to_user(
+                r.id,
+                r.email,
+                r.username,
+                r.password_hash,
+                Self::parse_role(&r.role),
+            )
+        })
+        .transpose()
+    }
+
+    async fn list_with_stats(&self) -> Result<Vec<domain::models::UserSummary>, DomainError> {
+        sqlx::query_as::<_, UserSummaryRow>(
+            r#"SELECT u.id, u.email,
+                      COUNT(DISTINCT r.movie_id) AS total_movies,
+                      AVG(r.rating::float) AS avg_rating
+               FROM users u
+               LEFT JOIN reviews r ON r.user_id = u.id AND r.remote_actor_url IS NULL
+               GROUP BY u.id, u.email
+               ORDER BY u.email ASC"#,
+        )
+        .fetch_all(&self.pool)
+        .await
+        .map_err(Self::map_err)?
+        .into_iter()
+        .map(UserSummaryRow::to_domain)
+        .collect()
+    }
+}

crates/adapters/rss/Cargo.toml

@@ -4,3 +4,7 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+rss-feed = { package = "rss", version = "2" }
+chrono = { workspace = true }
+domain = { workspace = true }
+application = { workspace = true }

crates/adapters/rss/src/lib.rs

@@ -1,5 +1,59 @@
-pub fn add(left: u64, right: u64) -> u64 {
-    left + right
+use application::ports::RssFeedRenderer;
+use domain::models::DiaryEntry;
+use rss_feed::{ChannelBuilder, GuidBuilder, ItemBuilder};
+
+pub struct RssAdapter {
+    feed_link: String,
+}
+
+impl RssAdapter {
+    pub fn new(feed_link: String) -> Self {
+        Self { feed_link }
+    }
+}
+
+impl RssFeedRenderer for RssAdapter {
+    fn render_feed(&self, entries: &[DiaryEntry], title: &str) -> Result<String, String> {
+        let items = entries
+            .iter()
+            .map(|e| {
+                let item_title = format!(
+                    "{} ({})",
+                    e.movie().title().value(),
+                    e.movie().release_year().value()
+                );
+                let description = match e.review().comment() {
+                    Some(c) => format!("{}/5 — {}", e.review().rating().value(), c.value()),
+                    None => format!("{}/5", e.review().rating().value()),
+                };
+                let pub_date = e
+                    .review()
+                    .watched_at()
+                    .and_utc()
+                    .format("%a, %d %b %Y %H:%M:%S +0000")
+                    .to_string();
+                let guid = GuidBuilder::default()
+                    .value(e.review().id().value().to_string())
+                    .permalink(false)
+                    .build();
+                ItemBuilder::default()
+                    .title(Some(item_title))
+                    .description(Some(description))
+                    .pub_date(Some(pub_date))
+                    .guid(Some(guid))
+                    .build()
+            })
+            .collect::<Vec<_>>();
+
+        let channel = ChannelBuilder::default()
+            .title(title.to_string())
+            .link(self.feed_link.clone())
+            .description(title.to_string())
+            .items(items)
+            .build();
+
+        Ok(channel.to_string())
+    }
 }
 
 #[cfg(test)]
@@ -7,8 +61,16 @@ mod tests {
     use super::*;
 
     #[test]
-    fn it_works() {
-        let result = add(2, 2);
-        assert_eq!(result, 4);
+    fn render_feed_uses_provided_title() {
+        let adapter = RssAdapter::new("http://example.com".into());
+        let xml = adapter.render_feed(&[], "Custom Title").unwrap();
+        assert!(xml.contains("<title>Custom Title</title>"));
+    }
+
+    #[test]
+    fn render_feed_empty_entries_produces_valid_xml() {
+        let adapter = RssAdapter::new("http://example.com".into());
+        let xml = adapter.render_feed(&[], "My Feed").unwrap();
+        assert!(xml.starts_with("<?xml") || xml.starts_with("<rss"));
     }
 }

crates/adapters/sqlite-federation/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "sqlite-federation"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+sqlx = { workspace = true }
+activitypub = { workspace = true }
+activitypub-base = { workspace = true }
+domain = { workspace = true }
+anyhow = { workspace = true }
+uuid = { workspace = true }
+chrono = { workspace = true }
+tracing = { workspace = true }
+async-trait = { workspace = true }
+
+[dev-dependencies]
+tokio = { workspace = true }
+uuid = { workspace = true }

crates/adapters/sqlite-federation/src/lib.rs

@@ -0,0 +1,629 @@
+use anyhow::{Result, anyhow};
+use async_trait::async_trait;
+use chrono::{NaiveDateTime, Utc};
+use sqlx::{Row, SqlitePool};
+
+use activitypub::RemoteReviewRepository;
+use activitypub_base::{
+    FederationRepository, Follower, FollowerStatus, FollowingStatus, RemoteActor,
+};
+use domain::models::{Review, ReviewSource};
+
+fn datetime_to_str(dt: &NaiveDateTime) -> String {
+    dt.format("%Y-%m-%d %H:%M:%S").to_string()
+}
+
+pub struct SqliteFederationRepository {
+    pool: SqlitePool,
+}
+
+impl SqliteFederationRepository {
+    pub fn new(pool: SqlitePool) -> Self {
+        Self { pool }
+    }
+}
+
+fn status_to_str(status: &FollowerStatus) -> &'static str {
+    match status {
+        FollowerStatus::Pending => "pending",
+        FollowerStatus::Accepted => "accepted",
+        FollowerStatus::Rejected => "rejected",
+    }
+}
+
+fn str_to_status(s: &str) -> FollowerStatus {
+    match s {
+        "accepted" => FollowerStatus::Accepted,
+        "rejected" => FollowerStatus::Rejected,
+        _ => FollowerStatus::Pending,
+    }
+}
+
+#[async_trait]
+impl FederationRepository for SqliteFederationRepository {
+    async fn add_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+        follow_activity_id: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = status_to_str(&status);
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+
+        sqlx::query(
+            "INSERT INTO ap_followers (local_user_id, remote_actor_url, status, created_at, follow_activity_id)
+             VALUES (?1, ?2, ?3, ?4, ?5)
+             ON CONFLICT(local_user_id, remote_actor_url) DO UPDATE SET
+                 status = excluded.status,
+                 follow_activity_id = excluded.follow_activity_id",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .bind(status_str)
+        .bind(&created_at)
+        .bind(follow_activity_id)
+        .execute(&self.pool)
+        .await?;
+
+        Ok(())
+    }
+
+    async fn get_follower_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>> {
+        let uid = local_user_id.to_string();
+        let row: Option<Option<String>> = sqlx::query_scalar(
+            "SELECT follow_activity_id FROM ap_followers WHERE local_user_id = ? AND remote_actor_url = ?",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(row.flatten())
+    }
+
+    async fn remove_follower(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        sqlx::query("DELETE FROM ap_followers WHERE local_user_id = ? AND remote_actor_url = ?")
+            .bind(&uid)
+            .bind(remote_actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn get_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<Follower>> {
+        let uid = local_user_id.to_string();
+
+        let rows = sqlx::query(
+            "SELECT f.remote_actor_url, f.status,
+                    a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_followers f
+             LEFT JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = ?",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+
+        let followers = rows
+            .into_iter()
+            .map(|row| {
+                let url: String = row.get("remote_actor_url");
+                let status_str: String = row.get("status");
+                let handle: String = row.try_get("handle").unwrap_or_default();
+                let inbox_url: String = row.try_get("inbox_url").unwrap_or_default();
+                let shared_inbox_url: Option<String> =
+                    row.try_get("shared_inbox_url").ok().flatten();
+                let display_name: Option<String> = row.try_get("display_name").ok().flatten();
+
+                Follower {
+                    actor: RemoteActor {
+                        url,
+                        handle,
+                        inbox_url,
+                        shared_inbox_url,
+                        display_name,
+                    },
+                    status: str_to_status(&status_str),
+                }
+            })
+            .collect();
+
+        Ok(followers)
+    }
+
+    async fn update_follower_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowerStatus,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = status_to_str(&status);
+
+        let result = sqlx::query(
+            "UPDATE ap_followers SET status = ? WHERE local_user_id = ? AND remote_actor_url = ?",
+        )
+        .bind(status_str)
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .execute(&self.pool)
+        .await?;
+
+        if result.rows_affected() == 0 {
+            tracing::warn!(local_user_id = %local_user_id, remote_actor_url, "update_follower_status: no row found");
+        }
+
+        Ok(())
+    }
+
+    async fn add_following(
+        &self,
+        local_user_id: uuid::Uuid,
+        actor: RemoteActor,
+        follow_activity_id: &str,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+
+        self.upsert_remote_actor(actor.clone()).await?;
+
+        sqlx::query(
+            "INSERT OR IGNORE INTO ap_following (local_user_id, remote_actor_url, follow_activity_id, created_at)
+             VALUES (?, ?, ?, ?)",
+        )
+        .bind(&uid)
+        .bind(&actor.url)
+        .bind(follow_activity_id)
+        .bind(&created_at)
+        .execute(&self.pool)
+        .await?;
+
+        Ok(())
+    }
+
+    async fn get_follow_activity_id(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+    ) -> Result<Option<String>> {
+        let uid = local_user_id.to_string();
+        let row: Option<Option<String>> = sqlx::query_scalar(
+            "SELECT follow_activity_id FROM ap_following WHERE local_user_id = ? AND remote_actor_url = ?",
+        )
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+        Ok(row.flatten())
+    }
+
+    async fn remove_following(&self, local_user_id: uuid::Uuid, actor_url: &str) -> Result<()> {
+        let uid = local_user_id.to_string();
+        sqlx::query("DELETE FROM ap_following WHERE local_user_id = ? AND remote_actor_url = ?")
+            .bind(&uid)
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn get_following(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>> {
+        let uid = local_user_id.to_string();
+
+        let rows = sqlx::query(
+            "SELECT a.url, a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_following f
+             INNER JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = ? AND f.status = 'accepted'",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+
+        Ok(rows
+            .into_iter()
+            .map(|row| RemoteActor {
+                url: row.get("url"),
+                handle: row.get("handle"),
+                inbox_url: row.get("inbox_url"),
+                shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+                display_name: row.try_get("display_name").ok().flatten(),
+            })
+            .collect())
+    }
+
+    async fn count_following(&self, local_user_id: uuid::Uuid) -> Result<usize> {
+        let uid = local_user_id.to_string();
+        let count: i64 = sqlx::query_scalar(
+            "SELECT COUNT(*) FROM ap_following WHERE local_user_id = ? AND status = 'accepted'",
+        )
+        .bind(&uid)
+        .fetch_one(&self.pool)
+        .await?;
+        Ok(count as usize)
+    }
+
+    async fn upsert_remote_actor(&self, actor: RemoteActor) -> Result<()> {
+        let now = Utc::now().naive_utc();
+        let fetched_at = datetime_to_str(&now);
+
+        sqlx::query(
+            "INSERT INTO ap_remote_actors (url, handle, inbox_url, shared_inbox_url, display_name, fetched_at)
+             VALUES (?, ?, ?, ?, ?, ?)
+             ON CONFLICT(url) DO UPDATE SET
+                 handle           = excluded.handle,
+                 inbox_url        = excluded.inbox_url,
+                 shared_inbox_url = excluded.shared_inbox_url,
+                 display_name     = excluded.display_name,
+                 fetched_at       = excluded.fetched_at",
+        )
+        .bind(&actor.url)
+        .bind(&actor.handle)
+        .bind(&actor.inbox_url)
+        .bind(&actor.shared_inbox_url)
+        .bind(&actor.display_name)
+        .bind(&fetched_at)
+        .execute(&self.pool)
+        .await?;
+
+        Ok(())
+    }
+
+    async fn get_remote_actor(&self, actor_url: &str) -> Result<Option<RemoteActor>> {
+        let row = sqlx::query(
+            "SELECT url, handle, inbox_url, shared_inbox_url, display_name
+             FROM ap_remote_actors WHERE url = ?",
+        )
+        .bind(actor_url)
+        .fetch_optional(&self.pool)
+        .await?;
+
+        Ok(row.map(|row| RemoteActor {
+            url: row.get("url"),
+            handle: row.get("handle"),
+            inbox_url: row.get("inbox_url"),
+            shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+            display_name: row.try_get("display_name").ok().flatten(),
+        }))
+    }
+
+    async fn get_local_actor_keypair(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> Result<Option<(String, String)>> {
+        let uid = user_id.to_string();
+        let row =
+            sqlx::query("SELECT public_key, private_key FROM ap_local_actors WHERE user_id = ?")
+                .bind(&uid)
+                .fetch_optional(&self.pool)
+                .await?;
+        Ok(row.map(|r| (r.get("public_key"), r.get("private_key"))))
+    }
+
+    async fn save_local_actor_keypair(
+        &self,
+        user_id: uuid::Uuid,
+        public_key: String,
+        private_key: String,
+    ) -> Result<()> {
+        let uid = user_id.to_string();
+        let now = Utc::now().naive_utc();
+        let created_at = datetime_to_str(&now);
+
+        sqlx::query(
+            "INSERT INTO ap_local_actors (user_id, public_key, private_key, created_at)
+             VALUES (?, ?, ?, ?)
+             ON CONFLICT(user_id) DO UPDATE SET
+                 public_key  = excluded.public_key,
+                 private_key = excluded.private_key",
+        )
+        .bind(&uid)
+        .bind(&public_key)
+        .bind(&private_key)
+        .bind(&created_at)
+        .execute(&self.pool)
+        .await?;
+
+        Ok(())
+    }
+
+    async fn get_pending_followers(&self, local_user_id: uuid::Uuid) -> Result<Vec<RemoteActor>> {
+        let uid = local_user_id.to_string();
+
+        let rows = sqlx::query(
+            "SELECT f.remote_actor_url,
+                    a.handle, a.inbox_url, a.shared_inbox_url, a.display_name
+             FROM ap_followers f
+             LEFT JOIN ap_remote_actors a ON a.url = f.remote_actor_url
+             WHERE f.local_user_id = ? AND f.status = 'pending'",
+        )
+        .bind(&uid)
+        .fetch_all(&self.pool)
+        .await?;
+
+        Ok(rows
+            .into_iter()
+            .map(|row| RemoteActor {
+                url: row.get("remote_actor_url"),
+                handle: row.try_get("handle").unwrap_or_default(),
+                inbox_url: row.try_get("inbox_url").unwrap_or_default(),
+                shared_inbox_url: row.try_get("shared_inbox_url").ok().flatten(),
+                display_name: row.try_get("display_name").ok().flatten(),
+            })
+            .collect())
+    }
+
+    async fn update_following_status(
+        &self,
+        local_user_id: uuid::Uuid,
+        remote_actor_url: &str,
+        status: FollowingStatus,
+    ) -> Result<()> {
+        let uid = local_user_id.to_string();
+        let status_str = match status {
+            FollowingStatus::Pending => "pending",
+            FollowingStatus::Accepted => "accepted",
+        };
+
+        let result = sqlx::query(
+            "UPDATE ap_following SET status = ? WHERE local_user_id = ? AND remote_actor_url = ?",
+        )
+        .bind(status_str)
+        .bind(&uid)
+        .bind(remote_actor_url)
+        .execute(&self.pool)
+        .await?;
+
+        if result.rows_affected() == 0 {
+            tracing::warn!(local_user_id = %local_user_id, remote_actor_url, "update_following_status: no row found");
+        }
+
+        Ok(())
+    }
+}
+
+// --- Content-specific repository (movies-diary) ---
+
+#[async_trait]
+impl RemoteReviewRepository for SqliteFederationRepository {
+    async fn save_remote_review(
+        &self,
+        review: &Review,
+        ap_id: &str,
+        movie_title: &str,
+        release_year: u16,
+        poster_url: Option<&str>,
+    ) -> Result<()> {
+        let actor_url = match review.source() {
+            ReviewSource::Remote { actor_url } => actor_url.clone(),
+            ReviewSource::Local => {
+                return Err(anyhow!("save_remote_review called with a local review"));
+            }
+        };
+
+        let movie_id = review.movie_id().value().to_string();
+
+        let _ = sqlx::query(
+            "INSERT INTO movies (id, external_metadata_id, title, release_year, director, poster_path)
+             VALUES (?, NULL, ?, ?, NULL, ?)
+             ON CONFLICT(id) DO UPDATE SET
+                 poster_path = COALESCE(excluded.poster_path, movies.poster_path)",
+        )
+        .bind(&movie_id)
+        .bind(movie_title)
+        .bind(release_year.max(1888) as i64)
+        .bind(poster_url)
+        .execute(&self.pool)
+        .await?;
+
+        let id = review.id().value().to_string();
+        let user_id = review.user_id().value().to_string();
+        let rating = review.rating().value() as i64;
+        let comment = review.comment().map(|c| c.value().to_string());
+        let watched_at = datetime_to_str(review.watched_at());
+        let created_at = datetime_to_str(review.created_at());
+
+        sqlx::query(
+            "INSERT OR IGNORE INTO reviews (id, movie_id, user_id, rating, comment, watched_at, created_at, remote_actor_url, ap_id)
+             VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)",
+        )
+        .bind(&id)
+        .bind(&movie_id)
+        .bind(&user_id)
+        .bind(rating)
+        .bind(&comment)
+        .bind(&watched_at)
+        .bind(&created_at)
+        .bind(&actor_url)
+        .bind(ap_id)
+        .execute(&self.pool)
+        .await?;
+
+        Ok(())
+    }
+
+    async fn delete_remote_review(&self, ap_id: &str, actor_url: &str) -> Result<()> {
+        sqlx::query("DELETE FROM reviews WHERE ap_id = ? AND remote_actor_url = ?")
+            .bind(ap_id)
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+
+    async fn update_remote_review(
+        &self,
+        ap_id: &str,
+        actor_url: &str,
+        rating: u8,
+        comment: Option<&str>,
+        watched_at: chrono::NaiveDateTime,
+    ) -> Result<()> {
+        let watched_at_str = datetime_to_str(&watched_at);
+        sqlx::query(
+            "UPDATE reviews SET rating = ?, comment = ?, watched_at = ?
+             WHERE ap_id = ? AND remote_actor_url = ?",
+        )
+        .bind(rating as i64)
+        .bind(comment)
+        .bind(&watched_at_str)
+        .bind(ap_id)
+        .bind(actor_url)
+        .execute(&self.pool)
+        .await?;
+        Ok(())
+    }
+
+    async fn delete_by_actor(&self, actor_url: &str) -> Result<()> {
+        sqlx::query("DELETE FROM reviews WHERE remote_actor_url = ?")
+            .bind(actor_url)
+            .execute(&self.pool)
+            .await?;
+        Ok(())
+    }
+}
+
+#[async_trait]
+impl domain::ports::SocialQueryPort for SqliteFederationRepository {
+    async fn get_accepted_following_urls(
+        &self,
+        user_id: uuid::Uuid,
+    ) -> Result<Vec<String>, domain::errors::DomainError> {
+        let user_id_str = user_id.to_string();
+        let rows = sqlx::query_scalar::<_, String>(
+            "SELECT remote_actor_url FROM ap_following
+             WHERE local_user_id = ? AND status = 'accepted'",
+        )
+        .bind(&user_id_str)
+        .fetch_all(&self.pool)
+        .await
+        .map_err(|e| domain::errors::DomainError::InfrastructureError(e.to_string()))?;
+        Ok(rows)
+    }
+
+    async fn list_all_followed_remote_actors(
+        &self,
+    ) -> Result<Vec<domain::ports::RemoteActorInfo>, domain::errors::DomainError> {
+        let rows = sqlx::query_as::<_, (String, String, Option<String>)>(
+            "SELECT DISTINCT ar.url, ar.handle, ar.display_name
+             FROM ap_remote_actors ar
+             JOIN ap_following f ON f.remote_actor_url = ar.url
+             WHERE f.status = 'accepted'",
+        )
+        .fetch_all(&self.pool)
+        .await
+        .map_err(|e| domain::errors::DomainError::InfrastructureError(e.to_string()))?;
+
+        Ok(rows
+            .into_iter()
+            .map(|(url, handle, display_name)| domain::ports::RemoteActorInfo {
+                url,
+                handle,
+                display_name,
+            })
+            .collect())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use domain::ports::SocialQueryPort;
+    use sqlx::SqlitePool;
+
+    async fn setup_db(pool: &SqlitePool) {
+        sqlx::query(
+            "CREATE TABLE IF NOT EXISTS ap_remote_actors (
+                url TEXT PRIMARY KEY,
+                handle TEXT NOT NULL,
+                inbox_url TEXT NOT NULL,
+                shared_inbox_url TEXT,
+                display_name TEXT,
+                fetched_at TEXT NOT NULL
+            )",
+        )
+        .execute(pool)
+        .await
+        .unwrap();
+
+        sqlx::query(
+            "CREATE TABLE IF NOT EXISTS ap_following (
+                local_user_id TEXT NOT NULL,
+                remote_actor_url TEXT NOT NULL,
+                follow_activity_id TEXT NOT NULL,
+                status TEXT NOT NULL,
+                PRIMARY KEY (local_user_id, remote_actor_url)
+            )",
+        )
+        .execute(pool)
+        .await
+        .unwrap();
+    }
+
+    #[tokio::test]
+    async fn test_get_accepted_following_urls_returns_only_accepted() {
+        let pool = SqlitePool::connect(":memory:").await.unwrap();
+        setup_db(&pool).await;
+        let repo = SqliteFederationRepository::new(pool.clone());
+        let user_id = uuid::Uuid::new_v4();
+
+        sqlx::query(
+            "INSERT INTO ap_following (local_user_id, remote_actor_url, follow_activity_id, status)
+             VALUES (?, 'https://other.social/users/alice', 'act1', 'accepted'),
+                    (?, 'https://other.social/users/bob', 'act2', 'pending')",
+        )
+        .bind(user_id.to_string())
+        .bind(user_id.to_string())
+        .execute(&pool)
+        .await
+        .unwrap();
+
+        let urls = repo.get_accepted_following_urls(user_id).await.unwrap();
+        assert_eq!(urls.len(), 1);
+        assert_eq!(urls[0], "https://other.social/users/alice");
+    }
+
+    #[tokio::test]
+    async fn test_list_all_followed_remote_actors_deduplicates() {
+        let pool = SqlitePool::connect(":memory:").await.unwrap();
+        setup_db(&pool).await;
+        let repo = SqliteFederationRepository::new(pool.clone());
+        let user1 = uuid::Uuid::new_v4();
+        let user2 = uuid::Uuid::new_v4();
+
+        sqlx::query(
+            "INSERT INTO ap_remote_actors (url, handle, inbox_url, fetched_at, display_name)
+             VALUES ('https://other.social/users/alice', 'alice@other.social', 'https://other.social/inbox', '2024-01-01', 'Alice')",
+        )
+        .execute(&pool)
+        .await
+        .unwrap();
+
+        sqlx::query(
+            "INSERT INTO ap_following (local_user_id, remote_actor_url, follow_activity_id, status)
+             VALUES (?, 'https://other.social/users/alice', 'act1', 'accepted'),
+                    (?, 'https://other.social/users/alice', 'act2', 'accepted')",
+        )
+        .bind(user1.to_string())
+        .bind(user2.to_string())
+        .execute(&pool)
+        .await
+        .unwrap();
+
+        let actors = repo.list_all_followed_remote_actors().await.unwrap();
+        assert_eq!(actors.len(), 1);
+        assert_eq!(actors[0].handle, "alice@other.social");
+    }
+}

crates/adapters/sqlite/.sqlx/query-01a08873b7fa815ad98a56a0902b60414cfcdc2c7a8570351320c4bc425347c6.json

@@ -0,0 +1,92 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 WHERE r.movie_id = ?\n                 ORDER BY r.watched_at ASC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "01a08873b7fa815ad98a56a0902b60414cfcdc2c7a8570351320c4bc425347c6"
+}

crates/adapters/sqlite/.sqlx/query-026e2afeb573707cb360fcdab8f6137aabfaf603b5ed57b98ac2888b4a0389ff.json

@@ -0,0 +1,92 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 ORDER BY r.watched_at DESC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "026e2afeb573707cb360fcdab8f6137aabfaf603b5ed57b98ac2888b4a0389ff"
+}

crates/adapters/sqlite/.sqlx/query-0963b9661182e139cd760bbabb0d6ea3a301a2a3adbdfdda4a88f333a1144c77.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM reviews",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 0
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "0963b9661182e139cd760bbabb0d6ea3a301a2a3adbdfdda4a88f333a1144c77"
+}

crates/adapters/sqlite/.sqlx/query-167481bb1692cc81531d9a5cd85425e43d09a6df97c335ac347f7cfd61acd171.json

@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, email, password_hash FROM users WHERE email = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 2,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "167481bb1692cc81531d9a5cd85425e43d09a6df97c335ac347f7cfd61acd171"
+}

crates/adapters/sqlite/.sqlx/query-18de90feb13b9f467f06d0ce25332d9ea7eabc99d9f1a44694e5d10762606f82.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT OR IGNORE INTO users (id, email, password_hash, created_at) VALUES (?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 4
+    },
+    "nullable": []
+  },
+  "hash": "18de90feb13b9f467f06d0ce25332d9ea7eabc99d9f1a44694e5d10762606f82"
+}

crates/adapters/sqlite/.sqlx/query-1bc5a51762717e45292626052f0a65ac0b8a001798a2476ea86143c5565df399.json

@@ -0,0 +1,32 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, email, password_hash FROM users WHERE id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "email",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "password_hash",
+        "ordinal": 2,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      false,
+      false
+    ]
+  },
+  "hash": "1bc5a51762717e45292626052f0a65ac0b8a001798a2476ea86143c5565df399"
+}

crates/adapters/sqlite/.sqlx/query-3047579c6ed13ce87aad9b9ce6300c02f0df3516979518976e13f9d9abc6a403.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE title = ? AND release_year = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 2
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "3047579c6ed13ce87aad9b9ce6300c02f0df3516979518976e13f9d9abc6a403"
+}

crates/adapters/sqlite/.sqlx/query-33d0dae7d16b0635c1c7eb5afd10824bb55af7cc7a854f590d326622863759d1.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "33d0dae7d16b0635c1c7eb5afd10824bb55af7cc7a854f590d326622863759d1"
+}

crates/adapters/sqlite/.sqlx/query-47f7cf95ce3450635b643ab710cadba96f40319140834d510bc5207b2552e055.json

@@ -0,0 +1,92 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT m.id, m.external_metadata_id, m.title, m.release_year, m.director, m.poster_path,\n                        r.id AS review_id, r.movie_id, r.user_id, r.rating, r.comment, r.watched_at, r.created_at\n                 FROM reviews r\n                 INNER JOIN movies m ON m.id = r.movie_id\n                 WHERE r.movie_id = ?\n                 ORDER BY r.watched_at DESC\n                 LIMIT ? OFFSET ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      },
+      {
+        "name": "review_id",
+        "ordinal": 6,
+        "type_info": "Text"
+      },
+      {
+        "name": "movie_id",
+        "ordinal": 7,
+        "type_info": "Text"
+      },
+      {
+        "name": "user_id",
+        "ordinal": 8,
+        "type_info": "Text"
+      },
+      {
+        "name": "rating",
+        "ordinal": 9,
+        "type_info": "Integer"
+      },
+      {
+        "name": "comment",
+        "ordinal": 10,
+        "type_info": "Text"
+      },
+      {
+        "name": "watched_at",
+        "ordinal": 11,
+        "type_info": "Text"
+      },
+      {
+        "name": "created_at",
+        "ordinal": 12,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 3
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true,
+      false,
+      false,
+      false,
+      false,
+      true,
+      false,
+      false
+    ]
+  },
+  "hash": "47f7cf95ce3450635b643ab710cadba96f40319140834d510bc5207b2552e055"
+}

crates/adapters/sqlite/.sqlx/query-4b3074b532342c6356ee0e8e4d8c4a830f016234bb690e1f6240f02824d6d84f.json

@@ -0,0 +1,20 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT COUNT(*) FROM reviews WHERE movie_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "COUNT(*)",
+        "ordinal": 0,
+        "type_info": "Integer"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false
+    ]
+  },
+  "hash": "4b3074b532342c6356ee0e8e4d8c4a830f016234bb690e1f6240f02824d6d84f"
+}

crates/adapters/sqlite/.sqlx/query-630e092fcd33bc312befef352a98225e6e18e6079644b949258a39bf4b0fe3e5.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO reviews (id, movie_id, user_id, rating, comment, watched_at, created_at)\n             VALUES (?, ?, ?, ?, ?, ?, ?)",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 7
+    },
+    "nullable": []
+  },
+  "hash": "630e092fcd33bc312befef352a98225e6e18e6079644b949258a39bf4b0fe3e5"
+}

crates/adapters/sqlite/.sqlx/query-7bc4aebcb94547976d3d7e063e4e908fc22b977b3cbf063ee93ffe4648c42011.json

@@ -0,0 +1,50 @@
+{
+  "db_name": "SQLite",
+  "query": "SELECT id, external_metadata_id, title, release_year, director, poster_path\n             FROM movies WHERE external_metadata_id = ?",
+  "describe": {
+    "columns": [
+      {
+        "name": "id",
+        "ordinal": 0,
+        "type_info": "Text"
+      },
+      {
+        "name": "external_metadata_id",
+        "ordinal": 1,
+        "type_info": "Text"
+      },
+      {
+        "name": "title",
+        "ordinal": 2,
+        "type_info": "Text"
+      },
+      {
+        "name": "release_year",
+        "ordinal": 3,
+        "type_info": "Integer"
+      },
+      {
+        "name": "director",
+        "ordinal": 4,
+        "type_info": "Text"
+      },
+      {
+        "name": "poster_path",
+        "ordinal": 5,
+        "type_info": "Text"
+      }
+    ],
+    "parameters": {
+      "Right": 1
+    },
+    "nullable": [
+      false,
+      true,
+      false,
+      false,
+      true,
+      true
+    ]
+  },
+  "hash": "7bc4aebcb94547976d3d7e063e4e908fc22b977b3cbf063ee93ffe4648c42011"
+}

crates/adapters/sqlite/.sqlx/query-7d7e23355ee0e442f2aa27e898dcfa40bdc4b09391afe04325f076157d9d84aa.json

@@ -0,0 +1,12 @@
+{
+  "db_name": "SQLite",
+  "query": "INSERT INTO movies (id, external_metadata_id, title, release_year, director, poster_path)\n             VALUES (?, ?, ?, ?, ?, ?)\n             ON CONFLICT(id) DO UPDATE SET\n                 external_metadata_id = excluded.external_metadata_id,\n                 title                = excluded.title,\n                 release_year         = excluded.release_year,\n                 director             = excluded.director,\n                 poster_path          = excluded.poster_path",
+  "describe": {
+    "columns": [],
+    "parameters": {
+      "Right": 6
+    },
+    "nullable": []
+  },
+  "hash": "7d7e23355ee0e442f2aa27e898dcfa40bdc4b09391afe04325f076157d9d84aa"
+}