Use instanceActor predicate to keep actor endpoint public

Instead of removing .authorize() from the actor dispatcher entirely,
use a dedicated instanceActor predicate that:

- Returns true for identifier "i" (instance actor is always public)
- Delegates to authorize() for other identifiers

This approach keeps .authorize() on the actor dispatcher while ensuring
the instance actor remains publicly accessible for key fetching per the
ActivityPub HTTP Signature spec.

Reference: https://swicg.github.io/activitypub-http-signature/#instance-actor

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: sij411

packages/cli/src/inbox.tsx

@@ -153,6 +153,16 @@ export async function runInbox(
     return await ctx.getSignedKey() != null;
   };
 
+  // Instance actor must be public for key fetching per spec
+  // https://swicg.github.io/activitypub-http-signature/#instance-actor
+  const instanceActor = async (
+    ctx: RequestContext<ContextData>,
+    identifier: string,
+  ) => {
+    if (identifier === "i") return true;
+    return await authorize(ctx);
+  };
+
   const federation = createFederation<ContextData>({
     kv: new MemoryKvStore(),
     documentLoaderFactory: () => federationDocumentLoader,
@@ -199,7 +209,8 @@ export async function runInbox(
         ];
       }
       return actorKeyPairs;
-    });
+    })
+    .authorize(instanceActor);
 
   // Set up inbox listeners
   federation