diff --git a/CHANGES.md b/CHANGES.md
index 48bd44f6..25e2be18 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -139,6 +139,12 @@ To be released.
     code, the inbox URL, and the response body, making it easier to
     programmatically handle delivery errors.  [[#548], [#559]]
 
+ -  Added `traceId` and `spanId` to LogTape context in federation middleware
+    so that log records emitted during request handling and queue processing
+    include the OpenTelemetry trace and span IDs in their properties.  This
+    enables the `@fedify/debugger` dashboard to display per-trace logs.
+    [[#561], [#564]]
+
 [#280]: https://github.com/fedify-dev/fedify/issues/280
 [#366]: https://github.com/fedify-dev/fedify/issues/366
 [#376]: https://github.com/fedify-dev/fedify/issues/376
@@ -163,6 +169,8 @@ To be released.
 [#548]: https://github.com/fedify-dev/fedify/issues/548
 [#559]: https://github.com/fedify-dev/fedify/pull/559
 [#560]: https://github.com/fedify-dev/fedify/issues/560
+[#561]: https://github.com/fedify-dev/fedify/issues/561
+[#564]: https://github.com/fedify-dev/fedify/pull/564
 
 ### @fedify/cli
 
@@ -231,6 +239,38 @@ To be released.
 [#529]: https://github.com/fedify-dev/fedify/pull/529
 [#531]: https://github.com/fedify-dev/fedify/pull/531
 
+### @fedify/debugger
+
+ -  Created the *@fedify/debugger* package, an embedded real-time ActivityPub
+    debug dashboard for Fedify.  It wraps an existing `Federation` object as
+    a proxy, intercepting requests to a configurable path prefix (default
+    `/__debug__`) and serving an SSR-based web UI.  [[#561], [#564]]
+
+     -  Added `createFederationDebugger()` function that returns a
+        `Federation` proxy with a built-in debug dashboard.  When called
+        without an `exporter` option, it automatically sets up OpenTelemetry
+        tracing (creating `MemoryKvStore`, `FedifySpanExporter`,
+        `BasicTracerProvider`) and registers it as the global tracer
+        provider—no manual OTel configuration needed.
+     -  Traces list page showing trace IDs, activity types, activity counts,
+        and timestamps, with auto-polling for real-time updates.
+     -  Trace detail page showing activity direction, type, actor, signature
+        verification details, inbox URL, and expandable activity JSON.
+     -  JSON API endpoint at `/__debug__/api/traces` for programmatic access.
+     -  Added per-trace log collection using LogTape.  The returned federation
+        object now includes a `sink` property (a LogTape `Sink` function)
+        that captures log records grouped by trace ID.  In the simplified
+        overload (without `exporter`), LogTape is auto-configured.
+     -  Trace detail page now shows a “Logs” section with log level, timestamp,
+        logger category, and message for each log record in the trace.
+     -  JSON API endpoint at `/__debug__/api/logs/:traceId` for retrieving
+        log records for a specific trace.
+     -  Added optional `auth` configuration for protecting the debug dashboard
+        with authentication.  Supports three modes: password-only,
+        username + password, and request-based (e.g., IP filtering).
+        Each mode supports both static credentials and callback functions.
+        Uses cookie-based sessions with HMAC-signed tokens.
+
 ### @fedify/relay
 
  -  Created ActivityPub relay integration as the *@fedify/relay* package.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 82c6266c..9d643c4a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -335,6 +335,8 @@ The repository is organized as a monorepo with the following packages:
  -  *packages/amqp/*: AMQP/RabbitMQ driver (@fedify/amqp) for Fedify.
  -  *packages/cfworkers/*: Cloudflare Workers integration (@fedify/cfworkers) for
     Fedify.
+ -  *packages/debugger/*: Embedded ActivityPub debug dashboard (@fedify/debugger)
+    for Fedify.
  -  *packages/denokv/*: Deno KV integration (@fedify/denokv) for Fedify.
  -  *packages/elysia/*: Elysia integration (@fedify/elysia) for Fedify.
  -  *packages/express/*: Express integration (@fedify/express) for Fedify.
diff --git a/deno.json b/deno.json
index 273d96dd..bff4e5b3 100644
--- a/deno.json
+++ b/deno.json
@@ -3,6 +3,7 @@
     "./packages/amqp",
     "./packages/cfworkers",
     "./packages/cli",
+    "./packages/debugger",
     "./packages/denokv",
     "./packages/express",
     "./packages/fastify",
@@ -35,8 +36,10 @@
     "@logtape/logtape": "jsr:@logtape/logtape@^2.0.0",
     "@nestjs/common": "npm:@nestjs/common@^11.0.1",
     "@opentelemetry/api": "npm:@opentelemetry/api@^1.9.0",
-    "@opentelemetry/core": "npm:@opentelemetry/core@^2.0.0",
-    "@opentelemetry/sdk-trace-base": "npm:@opentelemetry/sdk-trace-base@^2.0.0",
+    "@opentelemetry/context-async-hooks": "npm:@opentelemetry/context-async-hooks@^2.5.0",
+    "@opentelemetry/core": "npm:@opentelemetry/core@^2.5.0",
+    "@opentelemetry/sdk-trace-base": "npm:@opentelemetry/sdk-trace-base@^2.5.0",
+    "@opentelemetry/semantic-conventions": "npm:@opentelemetry/semantic-conventions@^1.39.0",
     "@std/assert": "jsr:@std/assert@^1.0.13",
     "@std/async": "jsr:@std/async@^1.0.13",
     "@std/encoding": "jsr:@std/encoding@^1.0.10",
@@ -49,6 +52,7 @@
     "byte-encodings": "npm:byte-encodings@^1.0.11",
     "es-toolkit": "npm:es-toolkit@^1.43.0",
     "h3": "npm:h3@^1.15.0",
+    "hono": "jsr:@hono/hono@^4.8.3",
     "ioredis": "npm:ioredis@^5.8.2",
     "json-preserve-indent": "npm:json-preserve-indent@^1.1.3",
     "postgres": "npm:postgres@^3.4.7",
diff --git a/deno.lock b/deno.lock
index 9d2895d6..84cd2ac4 100644
--- a/deno.lock
+++ b/deno.lock
@@ -73,10 +73,15 @@
     "npm:@mjackson/node-fetch-server@0.7": "0.7.0",
     "npm:@multiformats/base-x@^4.0.1": "4.0.1",
     "npm:@nestjs/common@^11.0.1": "11.1.11_reflect-metadata@0.2.2_rxjs@7.8.2",
+    "npm:@opentelemetry/api@1.9.0": "1.9.0",
     "npm:@opentelemetry/api@^1.9.0": "1.9.0",
-    "npm:@opentelemetry/core@2": "2.3.0_@opentelemetry+api@1.9.0",
-    "npm:@opentelemetry/sdk-trace-base@2": "2.3.0_@opentelemetry+api@1.9.0",
-    "npm:@opentelemetry/semantic-conventions@^1.27.0": "1.38.0",
+    "npm:@opentelemetry/context-async-hooks@1.30.1": "1.30.1_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/context-async-hooks@^2.5.0": "2.5.0_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/core@1.30.1": "1.30.1_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/core@^2.5.0": "2.5.0_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/sdk-trace-base@1.30.1": "1.30.1_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/sdk-trace-base@^2.5.0": "2.5.0_@opentelemetry+api@1.9.0",
+    "npm:@opentelemetry/semantic-conventions@^1.39.0": "1.39.0",
     "npm:@optique/core@0.9": "0.9.0",
     "npm:@optique/run@0.9": "0.9.0",
     "npm:@poppanator/http-constants@^1.1.1": "1.1.1",
@@ -213,7 +218,7 @@
         "jsr:@std/path@^1.1.2",
         "jsr:@std/semver",
         "jsr:@std/uuid",
-        "npm:@opentelemetry/api",
+        "npm:@opentelemetry/api@^1.9.0",
         "npm:@preact/signals@^2.2.1",
         "npm:esbuild-wasm",
         "npm:esbuild@0.25.7",
@@ -2014,32 +2019,71 @@
     "@opentelemetry/api@1.9.0": {
       "integrity": "sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg=="
     },
-    "@opentelemetry/core@2.3.0_@opentelemetry+api@1.9.0": {
-      "integrity": "sha512-PcmxJQzs31cfD0R2dE91YGFcLxOSN4Bxz7gez5UwSUjCai8BwH/GI5HchfVshHkWdTkUs0qcaPJgVHKXUp7I3A==",
+    "@opentelemetry/context-async-hooks@1.30.1_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-s5vvxXPVdjqS3kTLKMeBMvop9hbWkwzBpu+mUO2M7sZtlkyDJGwFe33wRKnbaYDo8ExRVBIIdwIGrqpxHuKttA==",
+      "dependencies": [
+        "@opentelemetry/api"
+      ]
+    },
+    "@opentelemetry/context-async-hooks@2.5.0_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-uOXpVX0ZjO7heSVjhheW2XEPrhQAWr2BScDPoZ9UDycl5iuHG+Usyc3AIfG6kZeC1GyLpMInpQ6X5+9n69yOFw==",
+      "dependencies": [
+        "@opentelemetry/api"
+      ]
+    },
+    "@opentelemetry/core@1.30.1_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-OOCM2C/QIURhJMuKaekP3TRBxBKxG/TWWA0TL2J6nXUtDnuCtccy49LUJF8xPFXMX+0LMcxFpCo8M9cGY1W6rQ==",
+      "dependencies": [
+        "@opentelemetry/api",
+        "@opentelemetry/semantic-conventions@1.28.0"
+      ]
+    },
+    "@opentelemetry/core@2.5.0_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-ka4H8OM6+DlUhSAZpONu0cPBtPPTQKxbxVzC4CzVx5+K4JnroJVBtDzLAMx4/3CDTJXRvVFhpFjtl4SaiTNoyQ==",
       "dependencies": [
         "@opentelemetry/api",
-        "@opentelemetry/semantic-conventions"
+        "@opentelemetry/semantic-conventions@1.39.0"
       ]
     },
-    "@opentelemetry/resources@2.3.0_@opentelemetry+api@1.9.0": {
-      "integrity": "sha512-shlr2l5g+87J8wqYlsLyaUsgKVRO7RtX70Ckd5CtDOWtImZgaUDmf4Z2ozuSKQLM2wPDR0TE/3bPVBNJtRm/cQ==",
+    "@opentelemetry/resources@1.30.1_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-5UxZqiAgLYGFjS4s9qm5mBVo433u+dSPUFWVWXmLAD4wB65oMCoXaJP1KJa9DIYYMeHu3z4BZcStG3LC593cWA==",
       "dependencies": [
         "@opentelemetry/api",
-        "@opentelemetry/core",
-        "@opentelemetry/semantic-conventions"
+        "@opentelemetry/core@1.30.1_@opentelemetry+api@1.9.0",
+        "@opentelemetry/semantic-conventions@1.28.0"
       ]
     },
-    "@opentelemetry/sdk-trace-base@2.3.0_@opentelemetry+api@1.9.0": {
-      "integrity": "sha512-B0TQ2e9h0ETjpI+eGmCz8Ojb+lnYms0SE3jFwEKrN/PK4aSVHU28AAmnOoBmfub+I3jfgPwvDJgomBA5a7QehQ==",
+    "@opentelemetry/resources@2.5.0_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-F8W52ApePshpoSrfsSk1H2yJn9aKjCrbpQF1M9Qii0GHzbfVeFUB+rc3X4aggyZD8x9Gu3Slua+s6krmq6Dt8g==",
       "dependencies": [
         "@opentelemetry/api",
-        "@opentelemetry/core",
-        "@opentelemetry/resources",
-        "@opentelemetry/semantic-conventions"
+        "@opentelemetry/core@2.5.0_@opentelemetry+api@1.9.0",
+        "@opentelemetry/semantic-conventions@1.39.0"
       ]
     },
-    "@opentelemetry/semantic-conventions@1.38.0": {
-      "integrity": "sha512-kocjix+/sSggfJhwXqClZ3i9Y/MI0fp7b+g7kCRm6psy2dsf8uApTRclwG18h8Avm7C9+fnt+O36PspJ/OzoWg=="
+    "@opentelemetry/sdk-trace-base@1.30.1_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-jVPgBbH1gCy2Lb7X0AVQ8XAfgg0pJ4nvl8/IiQA6nxOsPvS+0zMJaFSs2ltXe0J6C8dqjcnpyqINDJmU30+uOg==",
+      "dependencies": [
+        "@opentelemetry/api",
+        "@opentelemetry/core@1.30.1_@opentelemetry+api@1.9.0",
+        "@opentelemetry/resources@1.30.1_@opentelemetry+api@1.9.0",
+        "@opentelemetry/semantic-conventions@1.28.0"
+      ]
+    },
+    "@opentelemetry/sdk-trace-base@2.5.0_@opentelemetry+api@1.9.0": {
+      "integrity": "sha512-VzRf8LzotASEyNDUxTdaJ9IRJ1/h692WyArDBInf5puLCjxbICD6XkHgpuudis56EndyS7LYFmtTMny6UABNdQ==",
+      "dependencies": [
+        "@opentelemetry/api",
+        "@opentelemetry/core@2.5.0_@opentelemetry+api@1.9.0",
+        "@opentelemetry/resources@2.5.0_@opentelemetry+api@1.9.0",
+        "@opentelemetry/semantic-conventions@1.39.0"
+      ]
+    },
+    "@opentelemetry/semantic-conventions@1.28.0": {
+      "integrity": "sha512-lp4qAiMTD4sNWW4DbKLBkfiMZ4jbAboJIGOQr5DvciMRI494OapieI9qiODpOt0XBr1LjIDy1xAGAnVs5supTA=="
+    },
+    "@opentelemetry/semantic-conventions@1.39.0": {
+      "integrity": "sha512-R5R9tb2AXs2IRLNKLBJDynhkfmx7mX0vi8NkhZb3gUkPWHn6HXk5J8iQ/dql0U3ApfWym4kXXmBDRGO+oeOfjg=="
     },
     "@optique/core@0.9.0": {
       "integrity": "sha512-PN5SwVRK9BPmFUKzcdNYDCV4Q18HGfR4H/1MG1yQYmA1RDNVKTuCV146dTIqI2H8F4lD/WMTiNsTl2wbGr9u1Q=="
@@ -4194,8 +4238,7 @@
       "integrity": "sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==",
       "dependencies": [
         "tsscmp"
-      ],
-      "deprecated": true
+      ]
     },
     "keyv@4.5.4": {
       "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==",
@@ -5843,6 +5886,7 @@
   "workspace": {
     "dependencies": [
       "jsr:@david/dax@~0.43.2",
+      "jsr:@hono/hono@^4.8.3",
       "jsr:@logtape/file@2",
       "jsr:@logtape/logtape@2",
       "jsr:@std/assert@^1.0.13",
@@ -5857,8 +5901,10 @@
       "npm:@js-temporal/polyfill@~0.5.1",
       "npm:@nestjs/common@^11.0.1",
       "npm:@opentelemetry/api@^1.9.0",
-      "npm:@opentelemetry/core@2",
-      "npm:@opentelemetry/sdk-trace-base@2",
+      "npm:@opentelemetry/context-async-hooks@^2.5.0",
+      "npm:@opentelemetry/core@^2.5.0",
+      "npm:@opentelemetry/sdk-trace-base@^2.5.0",
+      "npm:@opentelemetry/semantic-conventions@^1.39.0",
       "npm:@types/node@^22.16.0",
       "npm:amqplib@~0.10.9",
       "npm:byte-encodings@^1.0.11",
@@ -5974,9 +6020,6 @@
           "jsr:@std/assert@0.226",
           "jsr:@std/url@~0.225.1",
           "npm:@multiformats/base-x@^4.0.1",
-          "npm:@opentelemetry/core@2",
-          "npm:@opentelemetry/sdk-trace-base@2",
-          "npm:@opentelemetry/semantic-conventions@^1.27.0",
           "npm:asn1js@^3.0.7",
           "npm:fast-check@^3.22.0",
           "npm:fetch-mock@^12.5.2",
@@ -5991,7 +6034,6 @@
         "packageJson": {
           "dependencies": [
             "npm:@js-temporal/polyfill@~0.5.1",
-            "npm:@opentelemetry/semantic-conventions@^1.27.0",
             "npm:@types/node@^24.2.1",
             "npm:json-canon@^1.0.1",
             "npm:jsonld@9",
@@ -6055,7 +6097,6 @@
       },
       "packages/vocab": {
         "dependencies": [
-          "npm:@opentelemetry/api@^1.9.0",
           "npm:fast-check@^3.22.0",
           "npm:fetch-mock@^12.5.2",
           "npm:jsonld@9"
diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts
index e0a626df..dffe60f0 100644
--- a/docs/.vitepress/config.mts
+++ b/docs/.vitepress/config.mts
@@ -77,6 +77,7 @@ const MANUAL = {
     { text: "Integration", link: "/manual/integration.md" },
     { text: "Relay", link: "/manual/relay.md" },
     { text: "Testing", link: "/manual/test.md" },
+    { text: "Debugging", link: "/manual/debug.md" },
     { text: "Linting", link: "/manual/lint.md" },
     { text: "Logging", link: "/manual/log.md" },
     { text: "OpenTelemetry", link: "/manual/opentelemetry.md" },
@@ -92,6 +93,7 @@ const REFERENCES = {
     { text: "@fedify/fedify", link: "https://jsr.io/@fedify/fedify/doc" },
     { text: "@fedify/amqp", link: "https://jsr.io/@fedify/amqp/doc" },
     { text: "@fedify/cfworkers", link: "https://jsr.io/@fedify/cfworkers/doc" },
+    { text: "@fedify/debugger", link: "https://jsr.io/@fedify/debugger/doc" },
     { text: "@fedify/denokv", link: "https://jsr.io/@fedify/denokv/doc" },
     { text: "@fedify/express", link: "https://jsr.io/@fedify/express/doc" },
     { text: "@fedify/fastify", link: "https://jsr.io/@fedify/fastify/doc" },
diff --git a/docs/manual/debug.md b/docs/manual/debug.md
new file mode 100644
index 00000000..7c219c66
--- /dev/null
+++ b/docs/manual/debug.md
@@ -0,0 +1,452 @@
+---
+description: >-
+  The @fedify/debugger package provides an embedded real-time debug dashboard
+  for inspecting ActivityPub traces and activities in your federated server app.
+---
+
+Debugging
+=========
+
+*This API is available since Fedify 2.0.0.*
+
+When developing a federated server app, it can be difficult to understand what
+activities are being sent and received, and whether signatures are being
+verified correctly.  The `@fedify/debugger` package provides an embedded
+real-time debug dashboard that you can add to your app to inspect ActivityPub
+traces and activities without leaving your browser.
+
+
+Installation
+------------
+
+::: code-group
+
+~~~~ bash [Deno]
+deno add jsr:@fedify/debugger
+~~~~
+
+~~~~ bash [npm]
+npm install @fedify/debugger
+~~~~
+
+~~~~ bash [pnpm]
+pnpm add @fedify/debugger
+~~~~
+
+~~~~ bash [Yarn]
+yarn add @fedify/debugger
+~~~~
+
+~~~~ bash [Bun]
+bun add @fedify/debugger
+~~~~
+
+:::
+
+
+Setup
+-----
+
+The debugger works as a proxy that wraps your existing `Federation` object.
+It intercepts HTTP requests matching a configurable path prefix and serves
+the debug dashboard, while delegating everything else to the inner federation.
+
+The simplest way to set it up is to call `createFederationDebugger()` with
+your federation object:
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+  // ... other federation options
+});
+
+const federation = createFederationDebugger(innerFederation);
+~~~~
+
+When called without an `exporter` option, `createFederationDebugger()`
+automatically:
+
+ -  Creates a `MemoryKvStore` and `FedifySpanExporter` for trace data storage
+ -  Creates a `BasicTracerProvider` with a `SimpleSpanProcessor`
+ -  Registers it as the global [OpenTelemetry] tracer provider
+ -  Registers an `AsyncLocalStorageContextManager` as the global OpenTelemetry
+    context manager (required for parent–child span propagation)
+ -  Registers a `W3CTraceContextPropagator` as the global OpenTelemetry
+    propagator (required for trace context to propagate across message queue
+    boundaries)
+ -  Configures [LogTape] to collect logs per trace (using `getConfig()` to
+    merge with any existing configuration)
+
+This means `createFederation()` will automatically use the tracer provider
+without needing an explicit `tracerProvider` option, and logs emitted by
+Fedify will be captured and displayed alongside traces in the dashboard.
+
+The `federation` object returned by `createFederationDebugger()` is a drop-in
+replacement for the original.  You can use it everywhere you would normally use
+the inner federation object (e.g., passing it to framework integrations).
+
+> [!WARNING]
+> The debug dashboard is intended for development use only.  It is strongly
+> recommended to enable [authentication](#auth) if the dashboard is accessible
+> over a network, as it exposes internal trace data.
+
+[OpenTelemetry]: ./opentelemetry.md
+[LogTape]: https://logtape.org/
+
+
+Configuration
+-------------
+
+The `createFederationDebugger()` function accepts the following options:
+
+### `path`
+
+The path prefix for the debug dashboard.  Defaults to `"/__debug__"`.
+All dashboard routes are served under this prefix.
+
+For example, if you set `path` to `"/_debug"`, the dashboard will be available
+at `/_debug/` and traces at `/_debug/traces/:traceId`.
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+const federation = createFederationDebugger(innerFederation, {
+  path: "/_debug",
+});
+~~~~
+
+### `auth`
+
+*Optional.*  Authentication configuration for the debug dashboard.  When
+omitted, the dashboard is accessible without authentication.
+
+The `auth` option accepts a discriminated union with three modes:
+
+#### Password-only authentication
+
+Shows a login form with a single password field.  You can provide a static
+password string or an `authenticate()` callback:
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+// Static password:
+const federation = createFederationDebugger(innerFederation, {
+  auth: {
+    type: "password",
+    password: Deno.env.get("DEBUG_PASSWORD")!,
+  },
+});
+~~~~
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+// Callback:
+const federation = createFederationDebugger(innerFederation, {
+  auth: {
+    type: "password",
+    authenticate: (password) => password === "my-secret",
+  },
+});
+~~~~
+
+#### Username + password authentication
+
+Shows a login form with both username and password fields:
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+// Static credentials:
+const federation = createFederationDebugger(innerFederation, {
+  auth: {
+    type: "usernamePassword",
+    username: "admin",
+    password: Deno.env.get("DEBUG_PASSWORD")!,
+  },
+});
+~~~~
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+// Callback:
+const federation = createFederationDebugger(innerFederation, {
+  auth: {
+    type: "usernamePassword",
+    authenticate: (username, password) =>
+      username === "admin" && password === "secret",
+  },
+});
+~~~~
+
+#### Request-based authentication
+
+Authenticates based on the incoming `Request` object, without showing a login
+form.  Useful for IP-based access control.  Rejected requests receive a 403
+Forbidden response.
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+// ---cut-before---
+const federation = createFederationDebugger(innerFederation, {
+  auth: {
+    type: "request",
+    authenticate: (request) => {
+      // Only allow requests from localhost
+      const url = new URL(request.url);
+      return url.hostname === "127.0.0.1" || url.hostname === "::1";
+    },
+  },
+});
+~~~~
+
+> [!NOTE]
+> Authentication only applies to the debug dashboard routes.  All other
+> requests (e.g., ActivityPub endpoints) are passed through to the inner
+> federation without any authentication check.
+
+### `exporter`
+
+*Optional.*  A `FedifySpanExporter` instance that the dashboard queries for
+trace data.
+
+When omitted (the recommended approach), the debugger automatically creates
+an exporter and sets up OpenTelemetry tracing for you.
+
+When provided, you are responsible for setting up the `BasicTracerProvider`
+and passing it to `createFederation()`.  See the
+[Advanced setup](#advanced-setup) section below.
+
+### `kv`
+
+*Required when `exporter` is provided.*  A `KvStore` instance used to persist
+log records collected by the debug dashboard's LogTape sink.
+
+When using the simplified overload (without `exporter`), the debugger
+automatically creates a `MemoryKvStore` for log storage.
+
+When using the advanced overload (with `exporter`), you must pass the same
+`KvStore` instance so that log records written by worker processes are visible
+in the web dashboard.
+
+
+Dashboard pages
+---------------
+
+Once set up, the debug dashboard is accessible at the configured path prefix
+(default: `/__debug__/`).
+
+### Traces list
+
+The root page (`/__debug__/`) shows a list of all captured traces.  For each
+trace, it displays:
+
+ -  **Trace ID** (first 8 characters, linked to the detail page)
+ -  **Activity types** present in the trace (e.g., Create, Follow, Like)
+ -  **Activity count**
+ -  **Timestamp**
+
+![Traces list page of the debug dashboard](debug/traces-list.png)
+
+The page automatically polls the JSON API every 3 seconds and refreshes when
+new traces are detected.
+
+### Trace detail
+
+The trace detail page (`/__debug__/traces/:traceId`) shows all activities
+belonging to a specific trace.  For each activity, it displays:
+
+ -  **Direction** (inbound or outbound)
+ -  **Activity type** (e.g., Create, Accept, Follow)
+ -  **Span ID** and optional parent span ID
+ -  **Activity ID** (if present)
+ -  **Actor ID**
+ -  **Timestamp**
+ -  **Inbox URL** (for outbound activities)
+ -  **Signature verification** details (for inbound activities):
+     -  Whether HTTP Signatures were verified
+     -  The key ID used for verification
+     -  Whether Linked Data Signatures were verified
+ -  **Activity JSON** (expandable, pretty-printed)
+
+Below the activities section, a **Logs** section shows all [LogTape] log
+records captured during the trace.  Each log entry displays:
+
+ -  **Timestamp** (time portion only)
+ -  **Log level** (color-coded: debug, info, warning, error, fatal)
+ -  **Logger category** (e.g., `fedify.federation.http`)
+ -  **Message** with expandable properties
+
+![Trace detail page of the debug dashboard](debug/trace-detail.png)
+
+### JSON API
+
+A JSON API endpoint is available at `/__debug__/api/traces` which returns
+the list of recent traces in JSON format.  This is used by the auto-polling
+mechanism on the traces list page, but you can also query it directly for
+programmatic access.
+
+A separate endpoint at `/__debug__/api/logs/:traceId` returns the log records
+for a specific trace in JSON format.
+
+
+Using with framework integrations
+---------------------------------
+
+The debugger works with any framework integration that accepts a `Federation`
+object.  Simply wrap the federation before passing it to your integration:
+
+### Hono
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+import { federation as honoFederation } from "@fedify/hono";
+import { Hono } from "hono";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+const federation = createFederationDebugger(innerFederation);
+
+const app = new Hono();
+app.use(honoFederation(federation, (_) => undefined));
+~~~~
+
+### Express
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { createFederationDebugger } from "@fedify/debugger";
+import { integrateFederation } from "@fedify/express";
+import express from "express";
+
+const innerFederation = createFederation<void>({
+  kv: new MemoryKvStore(),
+});
+const federation = createFederationDebugger(innerFederation);
+
+const app = express();
+app.use(integrateFederation(federation, (req) => undefined));
+~~~~
+
+
+Advanced setup
+--------------
+
+If you need full control over the OpenTelemetry setup (for example, to use
+a custom `KvStore` or to add additional span processors), you can pass an
+explicit `exporter` option:
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { createFederation, MemoryKvStore } from "@fedify/fedify";
+import { FedifySpanExporter } from "@fedify/fedify/otel";
+import { createFederationDebugger } from "@fedify/debugger";
+import { context, propagation } from "@opentelemetry/api";
+import { AsyncLocalStorageContextManager } from "@opentelemetry/context-async-hooks";
+import { W3CTraceContextPropagator } from "@opentelemetry/core";
+import {
+  BasicTracerProvider,
+  SimpleSpanProcessor,
+} from "@opentelemetry/sdk-trace-base";
+
+// Register context manager and propagator (required for trace
+// propagation across async boundaries and message queues):
+context.setGlobalContextManager(new AsyncLocalStorageContextManager());
+propagation.setGlobalPropagator(new W3CTraceContextPropagator());
+
+// Create a KV store and a span exporter that captures trace data:
+const kv = new MemoryKvStore();
+const exporter = new FedifySpanExporter(kv);
+const tracerProvider = new BasicTracerProvider({
+  spanProcessors: [new SimpleSpanProcessor(exporter)],
+});
+
+const innerFederation = createFederation({
+  kv,
+  tracerProvider,
+  // ... other federation options
+});
+
+// Wrap the federation with the debugger:
+const federation = createFederationDebugger(innerFederation, {
+  exporter,
+  kv,
+});
+~~~~
+
+In this mode, the returned `federation` object has a `sink` property that is
+a [LogTape] `Sink` function.  You should include it in your LogTape
+configuration to enable per-trace log collection:
+
+~~~~ typescript twoslash
+// @noErrors: 2345
+import { configure } from "@logtape/logtape";
+declare const federation: { sink: (record: any) => void };
+// ---cut-before---
+await configure({
+  sinks: {
+    debugger: federation.sink,
+    // ... other sinks
+  },
+  loggers: [
+    { category: "fedify", sinks: ["debugger"] },
+    // ... other loggers
+  ],
+});
+~~~~
+
+In this mode, you are responsible for:
+
+ -  Registering an `AsyncLocalStorageContextManager` as the global context
+    manager
+ -  Registering a `W3CTraceContextPropagator` as the global propagator
+ -  Creating and configuring the `BasicTracerProvider`
+ -  Passing `tracerProvider` to `createFederation()`
+ -  Passing the same `exporter` and `kv` to `createFederationDebugger()`
+ -  Configuring LogTape with `federation.sink` to collect logs per trace
diff --git a/docs/manual/debug/trace-detail.png b/docs/manual/debug/trace-detail.png
new file mode 100644
index 00000000..9b33f0c3
Binary files /dev/null and b/docs/manual/debug/trace-detail.png differ
diff --git a/docs/manual/debug/traces-list.png b/docs/manual/debug/traces-list.png
new file mode 100644
index 00000000..71d8ca05
Binary files /dev/null and b/docs/manual/debug/traces-list.png differ
diff --git a/docs/package.json b/docs/package.json
index 11e2f850..2f41235f 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -5,6 +5,7 @@
     "@deno/kv": "^0.8.4",
     "@fedify/amqp": "workspace:^",
     "@fedify/cfworkers": "workspace:^",
+    "@fedify/debugger": "workspace:^",
     "@fedify/express": "workspace:^",
     "@fedify/fastify": "workspace:^",
     "@fedify/fedify": "workspace:^",
@@ -27,8 +28,9 @@
     "@logtape/file": "catalog:",
     "@logtape/logtape": "catalog:",
     "@nestjs/common": "catalog:",
-    "@opentelemetry/exporter-trace-otlp-proto": "^0.208.0",
-    "@opentelemetry/sdk-node": "^0.208.0",
+    "@opentelemetry/api": "catalog:",
+    "@opentelemetry/exporter-trace-otlp-proto": "catalog:",
+    "@opentelemetry/sdk-node": "catalog:",
     "@opentelemetry/sdk-trace-base": "catalog:",
     "@sentry/node": "^8.47.0",
     "@shikijs/vitepress-twoslash": "^1.24.4",
diff --git a/packages/debugger/deno.json b/packages/debugger/deno.json
new file mode 100644
index 00000000..130692b5
--- /dev/null
+++ b/packages/debugger/deno.json
@@ -0,0 +1,16 @@
+{
+  "name": "@fedify/debugger",
+  "version": "2.0.0",
+  "license": "MIT",
+  "exports": {
+    ".": "./src/mod.tsx"
+  },
+  "exclude": ["dist/", "node_modules/"],
+  "publish": {
+    "exclude": ["**/*.test.ts", "tsdown.config.ts"]
+  },
+  "tasks": {
+    "check": "deno fmt --check && deno lint && deno check src/**/*.ts src/**/*.tsx",
+    "test": "deno test --allow-env"
+  }
+}
diff --git a/packages/debugger/package.json b/packages/debugger/package.json
new file mode 100644
index 00000000..2a0520c6
--- /dev/null
+++ b/packages/debugger/package.json
@@ -0,0 +1,55 @@
+{
+  "name": "@fedify/debugger",
+  "version": "2.0.0",
+  "description": "Embedded ActivityPub debug dashboard for Fedify",
+  "type": "module",
+  "main": "./dist/mod.cjs",
+  "module": "./dist/mod.js",
+  "types": "./dist/mod.d.ts",
+  "exports": {
+    ".": {
+      "types": {
+        "import": "./dist/mod.d.ts",
+        "require": "./dist/mod.d.cts",
+        "default": "./dist/mod.d.ts"
+      },
+      "import": "./dist/mod.js",
+      "require": "./dist/mod.cjs",
+      "default": "./dist/mod.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "files": [
+    "dist/",
+    "package.json"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/fedify-dev/fedify.git",
+    "directory": "packages/debugger"
+  },
+  "peerDependencies": {
+    "@fedify/fedify": "workspace:^"
+  },
+  "dependencies": {
+    "@js-temporal/polyfill": "catalog:",
+    "@logtape/logtape": "catalog:",
+    "@opentelemetry/api": "catalog:",
+    "@opentelemetry/context-async-hooks": "catalog:",
+    "@opentelemetry/core": "catalog:",
+    "@opentelemetry/sdk-trace-base": "catalog:",
+    "hono": "catalog:"
+  },
+  "devDependencies": {
+    "tsdown": "catalog:",
+    "typescript": "catalog:"
+  },
+  "scripts": {
+    "build:self": "tsdown",
+    "build": "pnpm --filter @fedify/debugger... run build:self",
+    "prepack": "pnpm build",
+    "prepublish": "pnpm build",
+    "test": "node --experimental-transform-types --test",
+    "test:bun": "bun test"
+  }
+}
diff --git a/packages/debugger/src/auth.ts b/packages/debugger/src/auth.ts
new file mode 100644
index 00000000..1104c2e1
--- /dev/null
+++ b/packages/debugger/src/auth.ts
@@ -0,0 +1,142 @@
+/**
+ * Authentication types and helpers for the debug dashboard.
+ *
+ * @module
+ */
+import { timingSafeEqual } from "node:crypto";
+
+/**
+ * Authentication configuration for the debug dashboard.
+ *
+ * The debug dashboard can be protected using one of three authentication modes:
+ *
+ * - `"password"` — Shows a password-only login form.
+ * - `"usernamePassword"` — Shows a username + password login form.
+ * - `"request"` — Authenticates based on the incoming request (e.g., IP
+ *   address).  No login form is shown; unauthenticated requests receive a
+ *   403 response.
+ *
+ * Each mode supports either a static credential check or a callback function.
+ */
+export type FederationDebuggerAuth =
+  | {
+    readonly type: "password";
+    authenticate(password: string): boolean | Promise<boolean>;
+  }
+  | {
+    readonly type: "password";
+    readonly password: string;
+  }
+  | {
+    readonly type: "usernamePassword";
+    authenticate(
+      username: string,
+      password: string,
+    ): boolean | Promise<boolean>;
+  }
+  | {
+    readonly type: "usernamePassword";
+    readonly username: string;
+    readonly password: string;
+  }
+  | {
+    readonly type: "request";
+    authenticate(request: Request): boolean | Promise<boolean>;
+  };
+
+export const SESSION_COOKIE_NAME = "__fedify_debug_session";
+const SESSION_TOKEN = "authenticated";
+
+export async function generateHmacKey(): Promise<CryptoKey> {
+  return await crypto.subtle.generateKey(
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign", "verify"],
+  );
+}
+
+function toHex(buffer: ArrayBuffer): string {
+  return [...new Uint8Array(buffer)]
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+
+function fromHex(hex: string): ArrayBuffer {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes.buffer as ArrayBuffer;
+}
+
+export async function signSession(key: CryptoKey): Promise<string> {
+  const encoder = new TextEncoder();
+  const signature = await crypto.subtle.sign(
+    "HMAC",
+    key,
+    encoder.encode(SESSION_TOKEN),
+  );
+  return toHex(signature);
+}
+
+export async function verifySession(
+  key: CryptoKey,
+  signature: string,
+): Promise<boolean> {
+  try {
+    const encoder = new TextEncoder();
+    return await crypto.subtle.verify(
+      "HMAC",
+      key,
+      fromHex(signature),
+      encoder.encode(SESSION_TOKEN),
+    );
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Constant-time string comparison to prevent timing attacks on credential
+ * checks.  Uses {@link timingSafeEqual} from `node:crypto` under the hood.
+ */
+function constantTimeEqual(a: string, b: string): boolean {
+  const encoder = new TextEncoder();
+  const bufA = encoder.encode(a);
+  const bufB = encoder.encode(b);
+  if (bufA.byteLength !== bufB.byteLength) {
+    // Still compare to burn the same amount of time regardless, but
+    // the result is always false when lengths differ.
+    timingSafeEqual(bufA, new Uint8Array(bufA.byteLength));
+    return false;
+  }
+  return timingSafeEqual(bufA, bufB);
+}
+
+export async function checkAuth(
+  auth: FederationDebuggerAuth,
+  formData: { username?: string; password: string },
+): Promise<boolean> {
+  if (auth.type === "password") {
+    if ("authenticate" in auth) {
+      return await auth.authenticate(formData.password);
+    }
+    return constantTimeEqual(formData.password, auth.password);
+  }
+  if (auth.type === "usernamePassword") {
+    if ("authenticate" in auth) {
+      return await auth.authenticate(
+        formData.username ?? "",
+        formData.password,
+      );
+    }
+    // Check both fields in constant time (don't short-circuit)
+    const usernameMatch = constantTimeEqual(
+      formData.username ?? "",
+      auth.username,
+    );
+    const passwordMatch = constantTimeEqual(formData.password, auth.password);
+    return usernameMatch && passwordMatch;
+  }
+  return false;
+}
diff --git a/packages/debugger/src/log-store.ts b/packages/debugger/src/log-store.ts
new file mode 100644
index 00000000..62ae60d9
--- /dev/null
+++ b/packages/debugger/src/log-store.ts
@@ -0,0 +1,127 @@
+/**
+ * Log record storage for the debug dashboard, backed by a {@link KvStore}.
+ *
+ * @module
+ */
+import type { KvKey, KvStore } from "@fedify/fedify/federation";
+import type { LogRecord, Sink } from "@logtape/logtape";
+
+/**
+ * A serialized log record for the debug dashboard.
+ */
+export interface SerializedLogRecord {
+  /**
+   * The logger category.
+   */
+  readonly category: readonly string[];
+
+  /**
+   * The log level.
+   */
+  readonly level: string;
+
+  /**
+   * The rendered log message.
+   */
+  readonly message: string;
+
+  /**
+   * The timestamp in milliseconds since the Unix epoch.
+   */
+  readonly timestamp: number;
+
+  /**
+   * The extra properties of the log record (excluding traceId and spanId).
+   */
+  readonly properties: Record<string, unknown>;
+}
+
+/**
+ * Persistent storage for log records grouped by trace ID, backed by a
+ * {@link KvStore}.  When the same `KvStore` is shared across web and worker
+ * processes the dashboard can display logs produced by background tasks.
+ */
+export class LogStore {
+  readonly #kv: KvStore;
+  readonly #keyPrefix: KvKey;
+  /** Chain of pending write promises for flush(). */
+  #pending: Promise<void> = Promise.resolve();
+
+  constructor(kv: KvStore, keyPrefix: KvKey = ["fedify", "debugger", "logs"]) {
+    this.#kv = kv;
+    this.#keyPrefix = keyPrefix;
+  }
+
+  /**
+   * Enqueue a log record for writing.  The write happens asynchronously;
+   * call {@link flush} to wait for all pending writes to complete.
+   *
+   * Keys use a timestamp + random suffix so that entries sort
+   * chronologically and never collide, even across multiple processes
+   * sharing the same {@link KvStore}.
+   */
+  add(traceId: string, record: SerializedLogRecord): void {
+    const key: KvKey = [
+      ...this.#keyPrefix,
+      traceId,
+      `${Date.now().toString(36).padStart(10, "0")}-${
+        Math.random().toString(36).slice(2)
+      }`,
+    ] as unknown as KvKey;
+    // Errors are swallowed so a single failed write cannot poison the
+    // chain or cause an unhandled rejection — logging is best-effort.
+    this.#pending = this.#pending.then(
+      () => this.#kv.set(key, record),
+    ).catch(() => {});
+  }
+
+  /** Wait for all pending writes to complete. */
+  flush(): Promise<void> {
+    return this.#pending;
+  }
+
+  async get(traceId: string): Promise<readonly SerializedLogRecord[]> {
+    const prefix: KvKey = [...this.#keyPrefix, traceId] as unknown as KvKey;
+    const logs: SerializedLogRecord[] = [];
+    for await (const entry of this.#kv.list(prefix)) {
+      logs.push(entry.value as SerializedLogRecord);
+    }
+    return logs;
+  }
+}
+
+/**
+ * Converts a {@link LogRecord} into a plain serializable object suitable
+ * for storage in a {@link KvStore}.
+ */
+export function serializeLogRecord(record: LogRecord): SerializedLogRecord {
+  // Render message to string
+  const messageParts: string[] = [];
+  for (const part of record.message) {
+    if (typeof part === "string") messageParts.push(part);
+    else if (part == null) messageParts.push("");
+    else messageParts.push(String(part));
+  }
+  // Exclude traceId and spanId from properties
+  const { traceId: _t, spanId: _s, ...properties } = record.properties;
+  return {
+    category: record.category,
+    level: record.level,
+    message: messageParts.join(""),
+    timestamp: record.timestamp,
+    properties,
+  };
+}
+
+/**
+ * Creates a LogTape {@link Sink} that writes log records into the given
+ * {@link LogStore}, grouped by their `traceId` property.  Records without
+ * a `traceId` are silently discarded.
+ */
+export function createLogSink(store: LogStore): Sink {
+  return (record: LogRecord): void => {
+    const traceId = record.properties.traceId;
+    if (typeof traceId !== "string" || traceId.length === 0) return;
+    store.add(traceId, serializeLogRecord(record));
+  };
+}
diff --git a/packages/debugger/src/mod.test.ts b/packages/debugger/src/mod.test.ts
new file mode 100644
index 00000000..5e595ef1
--- /dev/null
+++ b/packages/debugger/src/mod.test.ts
@@ -0,0 +1,1253 @@
+import { notStrictEqual, ok, strictEqual, throws } from "node:assert/strict";
+import { test } from "node:test";
+import { createFederationDebugger, resetAutoSetup } from "@fedify/debugger";
+import type {
+  FederationDebuggerAuth,
+  SerializedLogRecord,
+} from "@fedify/debugger";
+import type {
+  Federation,
+  FederationFetchOptions,
+  FederationStartQueueOptions,
+  KvStore,
+} from "@fedify/fedify/federation";
+import { MemoryKvStore } from "@fedify/fedify/federation";
+import type {
+  FedifySpanExporter,
+  TraceActivityRecord,
+  TraceSummary,
+} from "@fedify/fedify/otel";
+import { trace } from "@opentelemetry/api";
+
+function createMockExporter(
+  traces: TraceSummary[] = [],
+  activities: TraceActivityRecord[] = [],
+): { exporter: FedifySpanExporter; kv: KvStore } {
+  const kv = new MemoryKvStore();
+  const exporter = {
+    export(_spans: unknown, resultCallback: (result: unknown) => void) {
+      resultCallback({ code: 0 });
+    },
+    forceFlush() {
+      return Promise.resolve();
+    },
+    shutdown() {
+      return Promise.resolve();
+    },
+    getRecentTraces() {
+      return Promise.resolve(traces);
+    },
+    getActivitiesByTraceId(_traceId: string) {
+      return Promise.resolve(activities);
+    },
+  } as unknown as FedifySpanExporter;
+  return { exporter, kv };
+}
+
+function createMockFederation(): {
+  federation: Federation<void>;
+  calls: Record<string, unknown[][]>;
+} {
+  const calls: Record<string, unknown[][]> = {};
+
+  function track(name: string) {
+    if (!calls[name]) calls[name] = [];
+    // deno-lint-ignore no-explicit-any
+    return (...args: any[]) => {
+      calls[name].push(args);
+      if (name === "fetch") {
+        const request = args[0] as Request;
+        const options = args[1] as FederationFetchOptions<void>;
+        if (options.onNotFound) {
+          return options.onNotFound(request);
+        }
+        return new Response("Federation response", { status: 200 });
+      }
+      if (name === "startQueue") return Promise.resolve();
+      if (name === "processQueuedTask") return Promise.resolve();
+      if (name === "createContext") return { data: "mock-context" };
+      return { setCounter: () => ({}) };
+    };
+  }
+
+  const federation = {
+    setNodeInfoDispatcher: track("setNodeInfoDispatcher"),
+    setWebFingerLinksDispatcher: track("setWebFingerLinksDispatcher"),
+    setActorDispatcher: track("setActorDispatcher"),
+    setObjectDispatcher: track("setObjectDispatcher"),
+    setInboxDispatcher: track("setInboxDispatcher"),
+    setOutboxDispatcher: track("setOutboxDispatcher"),
+    setFollowingDispatcher: track("setFollowingDispatcher"),
+    setFollowersDispatcher: track("setFollowersDispatcher"),
+    setLikedDispatcher: track("setLikedDispatcher"),
+    setFeaturedDispatcher: track("setFeaturedDispatcher"),
+    setFeaturedTagsDispatcher: track("setFeaturedTagsDispatcher"),
+    setInboxListeners: track("setInboxListeners"),
+    setCollectionDispatcher: track("setCollectionDispatcher"),
+    setOrderedCollectionDispatcher: track("setOrderedCollectionDispatcher"),
+    setOutboxPermanentFailureHandler: track(
+      "setOutboxPermanentFailureHandler",
+    ),
+    startQueue: track("startQueue"),
+    processQueuedTask: track("processQueuedTask"),
+    createContext: track("createContext"),
+    fetch: track("fetch"),
+  } as unknown as Federation<void>;
+
+  return { federation, calls };
+}
+
+test("createFederationDebugger returns a Federation object", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  notStrictEqual(dbg, null);
+  notStrictEqual(dbg, undefined);
+  strictEqual(typeof dbg.fetch, "function");
+  strictEqual(typeof dbg.startQueue, "function");
+  strictEqual(typeof dbg.processQueuedTask, "function");
+  strictEqual(typeof dbg.createContext, "function");
+});
+
+test("createFederationDebugger delegates startQueue", async () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const options: FederationStartQueueOptions = { signal: undefined };
+  await dbg.startQueue(undefined, options);
+  strictEqual(calls["startQueue"]?.length, 1);
+  strictEqual(calls["startQueue"]![0]![0], undefined);
+  strictEqual(calls["startQueue"]![0]![1], options);
+});
+
+test("createFederationDebugger delegates processQueuedTask", async () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const message = { type: "test" };
+  await dbg.processQueuedTask(
+    undefined,
+    message as unknown as import("@fedify/fedify/federation").Message,
+  );
+  strictEqual(calls["processQueuedTask"]?.length, 1);
+  strictEqual(calls["processQueuedTask"]![0]![1], message);
+});
+
+test("createFederationDebugger delegates createContext", () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const url = new URL("https://example.com");
+  dbg.createContext(url, undefined);
+  strictEqual(calls["createContext"]?.length, 1);
+  strictEqual(calls["createContext"]![0]![0], url);
+});
+
+test("createFederationDebugger delegates setActorDispatcher", () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const dispatcher = () => null;
+  dbg.setActorDispatcher("/users/{identifier}", dispatcher);
+  strictEqual(calls["setActorDispatcher"]?.length, 1);
+  strictEqual(calls["setActorDispatcher"]![0]![0], "/users/{identifier}");
+  strictEqual(calls["setActorDispatcher"]![0]![1], dispatcher);
+});
+
+test("fetch delegates non-debug requests to inner federation", async () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request("https://example.com/users/alice");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(calls["fetch"]?.length, 1);
+  strictEqual(response.status, 200);
+  strictEqual(await response.text(), "Federation response");
+});
+
+test("fetch intercepts debug path prefix requests", async () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  // The debug request should NOT be forwarded to inner federation
+  strictEqual(calls["fetch"]?.length ?? 0, 0);
+  strictEqual(response.status, 200);
+});
+
+test("fetch intercepts custom debug path prefix", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, {
+    exporter,
+    kv,
+    path: "/__my_debug__",
+  });
+  const request = new Request("https://example.com/__my_debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+});
+
+// ---------- Path validation tests ----------
+
+test("path validation: empty string throws TypeError", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  throws(
+    () => createFederationDebugger(federation, { exporter, kv, path: "" }),
+    TypeError,
+  );
+});
+
+test("path validation: path without leading slash throws TypeError", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  throws(
+    () => createFederationDebugger(federation, { exporter, kv, path: "debug" }),
+    TypeError,
+  );
+});
+
+test("path validation: path with control characters throws TypeError", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  throws(
+    () =>
+      createFederationDebugger(federation, {
+        exporter,
+        kv,
+        path: "/debug\x00path",
+      }),
+    TypeError,
+  );
+});
+
+test("path validation: path with semicolon throws TypeError", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  throws(
+    () =>
+      createFederationDebugger(federation, {
+        exporter,
+        kv,
+        path: "/debug;bad",
+      }),
+    TypeError,
+  );
+});
+
+test("path validation: path with comma throws TypeError", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  throws(
+    () =>
+      createFederationDebugger(federation, {
+        exporter,
+        kv,
+        path: "/debug,bad",
+      }),
+    TypeError,
+  );
+});
+
+test("path validation: trailing slash is stripped", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, {
+    exporter,
+    kv,
+    path: "/__debug__/",
+  });
+  // The trailing slash should be normalized away, so /__debug__/ still works
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+});
+
+test("path validation: valid path is accepted", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  // Should not throw
+  const dbg = createFederationDebugger(federation, {
+    exporter,
+    kv,
+    path: "/my-debug_panel",
+  });
+  notStrictEqual(dbg, null);
+});
+
+test("JSON API returns traces", async () => {
+  const traces: TraceSummary[] = [
+    {
+      traceId: "abcdef1234567890abcdef1234567890",
+      timestamp: "2026-01-01T00:00:00Z",
+      activityCount: 3,
+      activityTypes: ["Create", "Follow"],
+    },
+  ];
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter(traces);
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request("https://example.com/__debug__/api/traces");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  strictEqual(
+    response.headers.get("content-type"),
+    "application/json",
+  );
+  const body = await response.json() as TraceSummary[];
+  strictEqual(body.length, 1);
+  strictEqual(body[0].traceId, "abcdef1234567890abcdef1234567890");
+  strictEqual(body[0].activityCount, 3);
+});
+
+test("fetch passes through onNotFound for non-debug requests", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  let notFoundCalled = false;
+  const request = new Request("https://example.com/unknown");
+  const response = await dbg.fetch(request, {
+    contextData: undefined,
+    onNotFound: () => {
+      notFoundCalled = true;
+      return new Response("Custom Not Found", { status: 404 });
+    },
+  });
+  strictEqual(notFoundCalled, true);
+  strictEqual(response.status, 404);
+  strictEqual(await response.text(), "Custom Not Found");
+});
+
+test("traces list page returns HTML with trace IDs", async () => {
+  const traces: TraceSummary[] = [
+    {
+      traceId: "abcdef1234567890abcdef1234567890",
+      timestamp: "2026-01-01T00:00:00Z",
+      activityCount: 2,
+      activityTypes: ["Create", "Follow"],
+    },
+    {
+      traceId: "1234567890abcdef1234567890abcdef",
+      timestamp: "2026-01-02T00:00:00Z",
+      activityCount: 1,
+      activityTypes: ["Like"],
+    },
+  ];
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter(traces);
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const ct = response.headers.get("content-type") ?? "";
+  ok(ct.includes("text/html"), `Expected text/html, got ${ct}`);
+  const html = await response.text();
+  ok(html.includes("Fedify Debug Dashboard"));
+  // Check that truncated trace IDs appear
+  ok(html.includes("abcdef12"));
+  ok(html.includes("12345678"));
+  // Check activity types are shown
+  ok(html.includes("Create"));
+  ok(html.includes("Follow"));
+  ok(html.includes("Like"));
+  // Check trace count
+  ok(html.includes("<strong>2</strong>"));
+});
+
+test("traces list page shows empty message when no traces", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("No traces captured yet."));
+  ok(html.includes("<strong>0</strong>"));
+});
+
+test("traces list page escapes pathPrefix in inline script", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const malicious = '/__debug__"></script><img src=x onerror=alert(1)>';
+  const dbg = createFederationDebugger(federation, {
+    exporter,
+    kv,
+    path: malicious,
+  });
+  const request = new Request("https://example.com" + malicious + "/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const ct = response.headers.get("content-type") ?? "";
+  const body = await response.text();
+  if (ct.includes("text/html")) {
+    // If the dashboard is rendered, verify that the malicious pathPrefix
+    // is properly escaped so it cannot break out of the <script> tag.
+    ok(
+      body.includes("Fedify Debug Dashboard"),
+      "Response should be the debug dashboard HTML",
+    );
+    ok(
+      !body.includes("onerror=alert(1)>"),
+      "Malicious pathPrefix should be escaped in inline script",
+    );
+  } else {
+    // If the request was delegated to the inner federation instead of
+    // matching the debug route, the XSS vector is not reachable — the
+    // malicious path never appears in any rendered HTML.
+    ok(
+      !body.includes("onerror=alert(1)>"),
+      "Delegated response must not contain the malicious payload",
+    );
+  }
+});
+
+test("trace detail page returns HTML with activity details", async () => {
+  const activities: TraceActivityRecord[] = [
+    {
+      traceId: "abcdef1234567890abcdef1234567890",
+      spanId: "span123abc",
+      direction: "inbound",
+      activityType: "Create",
+      activityId: "https://remote.example/activities/1",
+      actorId: "https://remote.example/users/alice",
+      activityJson:
+        '{"type":"Create","actor":"https://remote.example/users/alice"}',
+      verified: true,
+      signatureDetails: {
+        httpSignaturesVerified: true,
+        httpSignaturesKeyId: "https://remote.example/users/alice#main-key",
+        ldSignaturesVerified: false,
+      },
+      timestamp: "2026-01-01T00:00:00Z",
+    },
+    {
+      traceId: "abcdef1234567890abcdef1234567890",
+      spanId: "span456def",
+      direction: "outbound",
+      activityType: "Accept",
+      actorId: "https://local.example/users/bob",
+      activityJson: '{"type":"Accept"}',
+      timestamp: "2026-01-01T00:00:01Z",
+      inboxUrl: "https://remote.example/inbox",
+    },
+  ];
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter([], activities);
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request(
+    "https://example.com/__debug__/traces/abcdef1234567890abcdef1234567890",
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const ct = response.headers.get("content-type") ?? "";
+  ok(ct.includes("text/html"), `Expected text/html, got ${ct}`);
+  const html = await response.text();
+  // Check page title
+  ok(html.includes("Trace abcdef12"));
+  // Check activity types shown
+  ok(html.includes("Create"));
+  ok(html.includes("Accept"));
+  // Check direction badges
+  ok(html.includes("inbound"));
+  ok(html.includes("outbound"));
+  // Check actor IDs
+  ok(html.includes("https://remote.example/users/alice"));
+  ok(html.includes("https://local.example/users/bob"));
+  // Check activity ID
+  ok(html.includes("https://remote.example/activities/1"));
+  // Check signature details
+  ok(html.includes("https://remote.example/users/alice#main-key"));
+  // Check inbox URL for outbound
+  ok(html.includes("https://remote.example/inbox"));
+  // Check back link
+  ok(html.includes("Back to traces"));
+});
+
+test("trace detail page shows empty message when no activities", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter([], []);
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  const request = new Request(
+    "https://example.com/__debug__/traces/0000000000000000",
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("No activities found for this trace."));
+});
+
+// ---------- Simplified overload tests ----------
+
+test("simplified overload returns Federation without exporter", () => {
+  // Save original global tracer provider to restore later
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    const dbg = createFederationDebugger(federation);
+    notStrictEqual(dbg, null);
+    notStrictEqual(dbg, undefined);
+    strictEqual(typeof dbg.fetch, "function");
+    strictEqual(typeof dbg.startQueue, "function");
+  } finally {
+    // Restore original provider
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+test("simplified overload registers a global TracerProvider", () => {
+  // Disable any existing global provider first
+  trace.disable();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    // Before: the global provider should return a noop tracer
+    const _noopTracer = trace.getTracer("test-before");
+    createFederationDebugger(federation);
+    // After: the global provider should return a real tracer backed by
+    // BasicTracerProvider.  We verify by checking the tracer can start spans.
+    const tracer = trace.getTracer("test-after");
+    notStrictEqual(tracer, null);
+    notStrictEqual(tracer, undefined);
+    // The tracer should be functional (not a noop)
+    const span = tracer.startSpan("test-span");
+    notStrictEqual(span, null);
+    // Span should have a valid spanContext with non-zero traceId
+    const ctx = span.spanContext();
+    notStrictEqual(ctx.traceId, "00000000000000000000000000000000");
+    span.end();
+  } finally {
+    trace.disable();
+    resetAutoSetup();
+  }
+});
+
+test("simplified overload serves debug dashboard", async () => {
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    const dbg = createFederationDebugger(federation);
+    const request = new Request("https://example.com/__debug__/");
+    const response = await dbg.fetch(request, { contextData: undefined });
+    strictEqual(response.status, 200);
+    const ct = response.headers.get("content-type") ?? "";
+    ok(ct.includes("text/html"), `Expected text/html, got ${ct}`);
+    const html = await response.text();
+    ok(html.includes("Fedify Debug Dashboard"));
+  } finally {
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+test("simplified overload with custom path", async () => {
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    const dbg = createFederationDebugger(federation, { path: "/_dbg" });
+    const request = new Request("https://example.com/_dbg/");
+    const response = await dbg.fetch(request, { contextData: undefined });
+    strictEqual(response.status, 200);
+    const ct = response.headers.get("content-type") ?? "";
+    ok(ct.includes("text/html"), `Expected text/html, got ${ct}`);
+  } finally {
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+test("simplified overload delegates non-debug requests", async () => {
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation, calls } = createMockFederation();
+    const dbg = createFederationDebugger(federation);
+    const request = new Request("https://example.com/users/alice");
+    const response = await dbg.fetch(request, { contextData: undefined });
+    strictEqual(calls["fetch"]?.length, 1);
+    strictEqual(response.status, 200);
+    strictEqual(await response.text(), "Federation response");
+  } finally {
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+test("simplified overload JSON API returns traces", async () => {
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    const dbg = createFederationDebugger(federation);
+    const request = new Request("https://example.com/__debug__/api/traces");
+    const response = await dbg.fetch(request, { contextData: undefined });
+    strictEqual(response.status, 200);
+    strictEqual(
+      response.headers.get("content-type"),
+      "application/json",
+    );
+    const body = await response.json() as TraceSummary[];
+    // Should return empty array since no spans have been exported
+    strictEqual(body.length, 0);
+  } finally {
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+// ---------- Auth: password (static) tests ----------
+
+test("auth password static: unauthenticated request shows login form", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 401);
+  const html = await response.text();
+  ok(html.includes("Login Required"));
+  ok(html.includes('name="password"'));
+  // Should NOT have a username field for password-only mode
+  ok(!html.includes('name="username"'), "Should not have username field");
+});
+
+test("auth password static: correct password sets session cookie", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({ password: "secret123" });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  const location = response.headers.get("location");
+  strictEqual(location, "/__debug__/");
+  const setCookie = response.headers.get("set-cookie");
+  ok(setCookie != null, "Should set a cookie");
+  ok(setCookie!.includes("__fedify_debug_session="));
+  ok(
+    setCookie!.includes("; Secure"),
+    "HTTPS login cookie should include Secure",
+  );
+});
+
+test("auth password static: login cookie omits Secure on HTTP", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({ password: "secret123" });
+  const request = new Request("http://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  const setCookie = response.headers.get("set-cookie");
+  ok(setCookie != null, "Should set a cookie");
+  ok(
+    !setCookie!.includes("; Secure"),
+    "HTTP login cookie should not include Secure",
+  );
+});
+
+test("auth password static: wrong password shows error", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({ password: "wrong" });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 401);
+  const html = await response.text();
+  ok(html.includes("Invalid credentials."));
+});
+
+// ---------- Auth: password (callback) tests ----------
+
+test("auth password callback: authenticate function is called", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  let receivedPassword = "";
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    authenticate(password: string) {
+      receivedPassword = password;
+      return password === "callback-pw";
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({ password: "callback-pw" });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  strictEqual(receivedPassword, "callback-pw");
+});
+
+// ---------- Auth: usernamePassword (static) tests ----------
+
+test("auth usernamePassword static: login form shows username field", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "usernamePassword",
+    username: "admin",
+    password: "secret",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 401);
+  const html = await response.text();
+  ok(html.includes('name="username"'));
+  ok(html.includes('name="password"'));
+});
+
+test("auth usernamePassword static: correct credentials set cookie", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "usernamePassword",
+    username: "admin",
+    password: "secret",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({
+    username: "admin",
+    password: "secret",
+  });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  const setCookie = response.headers.get("set-cookie");
+  ok(setCookie != null);
+  ok(setCookie!.includes("__fedify_debug_session="));
+});
+
+test("auth usernamePassword static: wrong username is rejected", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "usernamePassword",
+    username: "admin",
+    password: "secret",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({
+    username: "wrong",
+    password: "secret",
+  });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 401);
+  const html = await response.text();
+  ok(html.includes("Invalid credentials."));
+});
+
+// ---------- Auth: usernamePassword (callback) tests ----------
+
+test("auth usernamePassword callback: authenticate receives both args", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  let receivedUsername = "";
+  let receivedPassword = "";
+  const auth: FederationDebuggerAuth = {
+    type: "usernamePassword",
+    authenticate(username: string, password: string) {
+      receivedUsername = username;
+      receivedPassword = password;
+      return username === "user1" && password === "pass1";
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const body = new URLSearchParams({
+    username: "user1",
+    password: "pass1",
+  });
+  const request = new Request("https://example.com/__debug__/login", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  strictEqual(receivedUsername, "user1");
+  strictEqual(receivedPassword, "pass1");
+});
+
+// ---------- Auth: request-based tests ----------
+
+test("auth request: allowed request passes through", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "request",
+    authenticate(_request: Request) {
+      return true;
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("Fedify Debug Dashboard"));
+});
+
+test("auth request: rejected request returns 403", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "request",
+    authenticate(_request: Request) {
+      return false;
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 403);
+  strictEqual(await response.text(), "Forbidden");
+});
+
+test("auth request: receives the actual Request object", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  let receivedHeader = "";
+  const auth: FederationDebuggerAuth = {
+    type: "request",
+    authenticate(request: Request) {
+      receivedHeader = request.headers.get("X-Test-Header") ?? "";
+      return receivedHeader === "allowed";
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/", {
+    headers: { "X-Test-Header": "allowed" },
+  });
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  strictEqual(receivedHeader, "allowed");
+});
+
+test("auth request: non-debug requests bypass auth", async () => {
+  const { federation, calls } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "request",
+    authenticate(_request: Request) {
+      return false; // reject everything
+    },
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  // Non-debug requests should go to the inner federation, not the auth layer
+  const request = new Request("https://example.com/users/alice");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  strictEqual(calls["fetch"]?.length, 1);
+});
+
+// ---------- Auth: logout tests ----------
+
+test("auth password: logout clears session cookie", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("https://example.com/__debug__/logout");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  strictEqual(response.headers.get("location"), "/__debug__/");
+  const setCookie = response.headers.get("set-cookie");
+  ok(setCookie != null);
+  ok(setCookie!.includes("Max-Age=0"));
+  ok(
+    setCookie!.includes("; Secure"),
+    "HTTPS logout cookie should include Secure",
+  );
+});
+
+test("auth password: logout cookie omits Secure on HTTP", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  const request = new Request("http://example.com/__debug__/logout");
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 303);
+  const setCookie = response.headers.get("set-cookie");
+  ok(setCookie != null);
+  ok(
+    !setCookie!.includes("; Secure"),
+    "HTTP logout cookie should not include Secure",
+  );
+});
+
+// ---------- Auth: session lifecycle tests ----------
+
+test("auth password: valid session cookie grants access", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  // Step 1: login to get a session cookie
+  const loginBody = new URLSearchParams({ password: "secret123" });
+  const loginResponse = await dbg.fetch(
+    new Request("https://example.com/__debug__/login", {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: loginBody.toString(),
+    }),
+    { contextData: undefined },
+  );
+  strictEqual(loginResponse.status, 303);
+  const setCookie = loginResponse.headers.get("set-cookie")!;
+  // Extract the cookie value
+  const cookieValue = setCookie.split(";")[0];
+
+  // Step 2: use the cookie to access a protected page
+  const dashboardResponse = await dbg.fetch(
+    new Request("https://example.com/__debug__/", {
+      headers: { Cookie: cookieValue },
+    }),
+    { contextData: undefined },
+  );
+  strictEqual(dashboardResponse.status, 200);
+  const html = await dashboardResponse.text();
+  ok(html.includes("Fedify Debug Dashboard"));
+});
+
+test("auth password: forged session cookie is rejected", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const auth: FederationDebuggerAuth = {
+    type: "password",
+    password: "secret123",
+  };
+  const dbg = createFederationDebugger(federation, { exporter, kv, auth });
+  // Use a fake/forged cookie value
+  const response = await dbg.fetch(
+    new Request("https://example.com/__debug__/", {
+      headers: {
+        Cookie: "__fedify_debug_session=deadbeefdeadbeefdeadbeefdeadbeef",
+      },
+    }),
+    { contextData: undefined },
+  );
+  // Should show login form (401), not grant access
+  strictEqual(response.status, 401);
+  const html = await response.text();
+  ok(html.includes("Login Required"));
+});
+
+// ---------- Idempotency tests ----------
+
+test("simplified overload is idempotent: repeated calls share exporter", async () => {
+  trace.disable();
+  resetAutoSetup();
+  try {
+    const { federation: fed1 } = createMockFederation();
+    const { federation: fed2 } = createMockFederation();
+    // First call: sets up global OTel + exporter
+    const dbg1 = createFederationDebugger(fed1);
+    // Second call: should reuse the same exporter, so both dashboards
+    // see the same trace data
+    const dbg2 = createFederationDebugger(fed2);
+    // Both should still be functional
+    notStrictEqual(dbg1, null);
+    notStrictEqual(dbg2, null);
+    strictEqual(typeof dbg1.fetch, "function");
+    strictEqual(typeof dbg2.fetch, "function");
+    // Both should serve the same trace data (shared exporter)
+    const r1 = await dbg1.fetch(
+      new Request("https://example.com/__debug__/api/traces"),
+      { contextData: undefined },
+    );
+    const r2 = await dbg2.fetch(
+      new Request("https://example.com/__debug__/api/traces"),
+      { contextData: undefined },
+    );
+    const t1 = await r1.json();
+    const t2 = await r2.json();
+    strictEqual(
+      JSON.stringify(t1),
+      JSON.stringify(t2),
+      "Both debugger instances should share the same exporter",
+    );
+  } finally {
+    trace.disable();
+    resetAutoSetup();
+  }
+});
+
+// ---------- Sink property tests ----------
+
+test("createFederationDebugger exposes a sink property", () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+  notStrictEqual(dbg.sink, null);
+  notStrictEqual(dbg.sink, undefined);
+  strictEqual(typeof dbg.sink, "function");
+});
+
+test("simplified overload exposes a sink property", () => {
+  const originalProvider = trace.getTracerProvider();
+  resetAutoSetup();
+  try {
+    const { federation } = createMockFederation();
+    const dbg = createFederationDebugger(federation);
+    notStrictEqual(dbg.sink, null);
+    strictEqual(typeof dbg.sink, "function");
+  } finally {
+    trace.setGlobalTracerProvider(originalProvider);
+    resetAutoSetup();
+  }
+});
+
+// ---------- Log collection tests ----------
+
+test("sink collects logs by traceId and API returns them", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  // Simulate log records with traceId in properties
+  const traceId = "aaaa1111bbbb2222cccc3333dddd4444";
+  dbg.sink({
+    category: ["fedify", "federation", "http"],
+    level: "info",
+    message: ["GET ", "/users/alice", ": ", "200"],
+    rawMessage: "{method} {path}: {status}",
+    timestamp: Date.now(),
+    properties: {
+      traceId,
+      spanId: "1234567890abcdef",
+      method: "GET",
+      path: "/users/alice",
+      status: 200,
+    },
+  });
+
+  // Check via API
+  const request = new Request(
+    `https://example.com/__debug__/api/logs/${traceId}`,
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  strictEqual(response.headers.get("content-type"), "application/json");
+  const logs = (await response.json()) as SerializedLogRecord[];
+  strictEqual(logs.length, 1);
+  strictEqual(logs[0].level, "info");
+  strictEqual(logs[0].message, "GET /users/alice: 200");
+  strictEqual(logs[0].category[0], "fedify");
+  // traceId and spanId should be excluded from properties
+  strictEqual("traceId" in logs[0].properties, false);
+  strictEqual("spanId" in logs[0].properties, false);
+  // Other properties should be preserved
+  strictEqual(logs[0].properties.method, "GET");
+});
+
+test("sink ignores log records without traceId", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  // Log without traceId — should be silently ignored
+  dbg.sink({
+    category: ["app"],
+    level: "debug",
+    message: ["some message"],
+    rawMessage: "some message",
+    timestamp: Date.now(),
+    properties: {},
+  });
+
+  // No logs should be stored for any traceId
+  const request = new Request(
+    "https://example.com/__debug__/api/logs/nonexistent",
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const logs = (await response.json()) as SerializedLogRecord[];
+  strictEqual(logs.length, 0);
+});
+
+test("multiple logs for the same trace are grouped", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  const traceId = "aaaa1111bbbb2222cccc3333dddd4444";
+  for (let i = 0; i < 5; i++) {
+    dbg.sink({
+      category: ["fedify"],
+      level: "info",
+      message: [`log ${i}`],
+      rawMessage: `log ${i}`,
+      timestamp: Date.now() + i,
+      properties: { traceId, spanId: "abcdef1234567890" },
+    });
+  }
+
+  const request = new Request(
+    `https://example.com/__debug__/api/logs/${traceId}`,
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  const logs = (await response.json()) as SerializedLogRecord[];
+  strictEqual(logs.length, 5);
+  strictEqual(logs[0].message, "log 0");
+  strictEqual(logs[4].message, "log 4");
+});
+
+test("trace detail page shows log records", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  const traceId = "aaaa1111bbbb2222cccc3333dddd4444";
+  dbg.sink({
+    category: ["fedify", "federation"],
+    level: "warning",
+    message: ["Something went wrong"],
+    rawMessage: "Something went wrong",
+    timestamp: 1700000000000,
+    properties: { traceId, spanId: "1234567890abcdef" },
+  });
+
+  const request = new Request(
+    `https://example.com/__debug__/traces/${traceId}`,
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("Logs"));
+  ok(html.includes("Something went wrong"));
+  ok(html.includes("warning"));
+  ok(html.includes("fedify.federation"));
+  // "1" and "log record" are separated by HTML tags
+  ok(html.includes("log record"));
+});
+
+test("log API returns a snapshot: mutating the array does not affect store", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  const traceId = "aaaa1111bbbb2222cccc3333dddd4444";
+  dbg.sink({
+    category: ["fedify"],
+    level: "info",
+    message: ["original"],
+    rawMessage: "original",
+    timestamp: Date.now(),
+    properties: { traceId, spanId: "1234567890abcdef" },
+  });
+
+  // First fetch: get logs
+  const r1 = await dbg.fetch(
+    new Request(`https://example.com/__debug__/api/logs/${traceId}`),
+    { contextData: undefined },
+  );
+  const logs1 = (await r1.json()) as SerializedLogRecord[];
+  strictEqual(logs1.length, 1);
+
+  // Second fetch: logs should still have 1 entry (not affected by prior read)
+  const r2 = await dbg.fetch(
+    new Request(`https://example.com/__debug__/api/logs/${traceId}`),
+    { contextData: undefined },
+  );
+  const logs2 = (await r2.json()) as SerializedLogRecord[];
+  strictEqual(logs2.length, 1);
+  strictEqual(logs2[0].message, "original");
+});
+
+test("trace detail page handles invalid log timestamp gracefully", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  const traceId = "aaaa1111bbbb2222cccc3333dddd4444";
+  // Push a log with NaN timestamp (simulates corrupted data)
+  dbg.sink({
+    category: ["fedify"],
+    level: "info",
+    message: ["test message"],
+    rawMessage: "test message",
+    timestamp: NaN,
+    properties: { traceId, spanId: "1234567890abcdef" },
+  });
+
+  const request = new Request(
+    `https://example.com/__debug__/traces/${traceId}`,
+  );
+  // Should not throw — the page must render without crashing
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("test message"));
+});
+
+test("trace detail page shows empty log message", async () => {
+  const { federation } = createMockFederation();
+  const { exporter, kv } = createMockExporter();
+  const dbg = createFederationDebugger(federation, { exporter, kv });
+
+  const request = new Request(
+    "https://example.com/__debug__/traces/0000000000000000",
+  );
+  const response = await dbg.fetch(request, { contextData: undefined });
+  strictEqual(response.status, 200);
+  const html = await response.text();
+  ok(html.includes("No logs captured for this trace."));
+});
diff --git a/packages/debugger/src/mod.tsx b/packages/debugger/src/mod.tsx
new file mode 100644
index 00000000..4d9cbe00
--- /dev/null
+++ b/packages/debugger/src/mod.tsx
@@ -0,0 +1,325 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+/**
+ * @module
+ * Embedded ActivityPub debug dashboard for Fedify.
+ *
+ * This module provides a {@link createFederationDebugger} function that wraps
+ * an existing {@link Federation} object, adding a real-time debug dashboard
+ * accessible via a configurable path prefix.
+ */
+import type {
+  Federation,
+  FederationFetchOptions,
+  KvStore,
+} from "@fedify/fedify/federation";
+import { MemoryKvStore } from "@fedify/fedify/federation";
+import { FedifySpanExporter } from "@fedify/fedify/otel";
+import type { Sink } from "@logtape/logtape";
+import { configureSync, getConfig } from "@logtape/logtape";
+import { context, propagation, trace } from "@opentelemetry/api";
+import { AsyncLocalStorageContextManager } from "@opentelemetry/context-async-hooks";
+import { W3CTraceContextPropagator } from "@opentelemetry/core";
+import {
+  BasicTracerProvider,
+  SimpleSpanProcessor,
+} from "@opentelemetry/sdk-trace-base";
+import { AsyncLocalStorage } from "node:async_hooks";
+import type { FederationDebuggerAuth } from "./auth.ts";
+import { createLogSink, LogStore } from "./log-store.ts";
+import { createDebugApp } from "./routes.tsx";
+
+export type { FederationDebuggerAuth } from "./auth.ts";
+export type { SerializedLogRecord } from "./log-store.ts";
+
+/**
+ * Cached auto-setup state so that repeated calls to
+ * `createFederationDebugger()` without an explicit exporter reuse the same
+ * global OpenTelemetry tracer provider and exporter instead of registering
+ * duplicate providers and LogTape sinks.
+ */
+let _autoSetup: { exporter: FedifySpanExporter; kv: KvStore } | undefined;
+
+/**
+ * Resets the internal auto-setup state.  This is intended **only for tests**
+ * that need to exercise the auto-setup code path more than once within the
+ * same process.
+ *
+ * @internal
+ */
+export function resetAutoSetup(): void {
+  _autoSetup = undefined;
+}
+
+/**
+ * Options for {@link createFederationDebugger} with an explicit exporter.
+ *
+ * When `exporter` is provided, the caller is responsible for setting up
+ * the OpenTelemetry tracer provider and passing it to `createFederation()`.
+ */
+export interface FederationDebuggerOptions {
+  /**
+   * The path prefix for the debug dashboard.  Defaults to `"/__debug__"`.
+   */
+  path?: string;
+
+  /**
+   * The {@link FedifySpanExporter} to query trace data from.
+   */
+  exporter: FedifySpanExporter;
+
+  /**
+   * The {@link KvStore} to persist log records to.  This should typically be
+   * the same `KvStore` instance that was passed to the `FedifySpanExporter`
+   * so that logs and traces are co-located and accessible from all processes
+   * (e.g., both web and worker nodes).
+   */
+  kv: KvStore;
+
+  /**
+   * Authentication configuration for the debug dashboard.  When omitted,
+   * the dashboard is accessible without authentication.
+   */
+  auth?: FederationDebuggerAuth;
+}
+
+/**
+ * Options for {@link createFederationDebugger} without an explicit exporter.
+ *
+ * When `exporter` is omitted, the debugger automatically creates a
+ * {@link MemoryKvStore}, {@link FedifySpanExporter},
+ * {@link BasicTracerProvider}, and registers it as the global tracer provider
+ * so that `createFederation()` picks it up automatically.
+ */
+export interface FederationDebuggerSimpleOptions {
+  /**
+   * The path prefix for the debug dashboard.  Defaults to `"/__debug__"`.
+   */
+  path?: string;
+
+  /**
+   * Authentication configuration for the debug dashboard.  When omitted,
+   * the dashboard is accessible without authentication.
+   */
+  auth?: FederationDebuggerAuth;
+}
+
+/**
+ * Validates and normalizes the path prefix for the debug dashboard.
+ *
+ * The path must start with `/`, must not end with `/` (unless it is exactly
+ * `"/"`), and must not contain control characters, semicolons, or commas
+ * (which are unsafe in HTTP headers like `Set-Cookie` and `Location`).
+ *
+ * @param path The path prefix to validate.
+ * @returns The normalized path prefix (trailing slash stripped).
+ * @throws {TypeError} If the path is invalid.
+ */
+function validatePathPrefix(path: string): string {
+  if (path === "" || !path.startsWith("/")) {
+    throw new TypeError(
+      `Invalid debug dashboard path: ${JSON.stringify(path)}. ` +
+        "The path must start with '/'.",
+    );
+  }
+  // Reject control characters, semicolons, and commas (unsafe in headers)
+  // deno-lint-ignore no-control-regex
+  if (/[\x00-\x1f\x7f;,]/.test(path)) {
+    throw new TypeError(
+      `Invalid debug dashboard path: ${JSON.stringify(path)}. ` +
+        "The path must not contain control characters, semicolons, or commas.",
+    );
+  }
+  // Strip trailing slash (unless the path is exactly "/")
+  if (path.length > 1 && path.endsWith("/")) {
+    return path.slice(0, -1);
+  }
+  return path;
+}
+
+/**
+ * Wraps a {@link Federation} object with a debug dashboard.
+ *
+ * When called without an `exporter`, the debugger automatically sets up
+ * OpenTelemetry tracing: it creates a {@link MemoryKvStore},
+ * {@link FedifySpanExporter}, and {@link BasicTracerProvider}, then registers
+ * it as the global tracer provider.  It also auto-configures LogTape to
+ * collect logs per trace.
+ *
+ * @example Simple usage (recommended)
+ * ```typescript ignore
+ * const innerFederation = createFederation({ kv: new MemoryKvStore() });
+ * const federation = createFederationDebugger(innerFederation);
+ * ```
+ *
+ * @template TContextData The context data type of the federation.
+ * @param federation The federation object to wrap.
+ * @param options Optional path configuration.
+ * @returns A new {@link Federation} object with the debug dashboard attached
+ *          and a `sink` property for LogTape integration.
+ */
+export function createFederationDebugger<TContextData>(
+  federation: Federation<TContextData>,
+  options?: FederationDebuggerSimpleOptions,
+): Federation<TContextData> & { sink: Sink };
+
+/**
+ * Wraps a {@link Federation} object with a debug dashboard.
+ *
+ * When called with an `exporter`, the caller is responsible for setting up
+ * the OpenTelemetry tracer provider and passing it to `createFederation()`.
+ * The returned object includes a `sink` property that should be added to
+ * the LogTape configuration to collect logs per trace.
+ *
+ * @example Advanced usage with explicit exporter
+ * ```typescript ignore
+ * const kv = new MemoryKvStore();
+ * const exporter = new FedifySpanExporter(kv);
+ * const tracerProvider = new BasicTracerProvider({
+ *   spanProcessors: [new SimpleSpanProcessor(exporter)],
+ * });
+ * const innerFederation = createFederation({ kv, tracerProvider });
+ * const federation = createFederationDebugger(innerFederation, {
+ *   exporter,
+ *   kv,
+ * });
+ * await configure({
+ *   sinks: { debugger: federation.sink },
+ *   loggers: [
+ *     { category: "fedify", sinks: ["debugger"] },
+ *   ],
+ * });
+ * ```
+ *
+ * @template TContextData The context data type of the federation.
+ * @param federation The federation object to wrap.
+ * @param options Options including the exporter.
+ * @returns A new {@link Federation} object with the debug dashboard attached
+ *          and a `sink` property for LogTape integration.
+ */
+export function createFederationDebugger<TContextData>(
+  federation: Federation<TContextData>,
+  options: FederationDebuggerOptions,
+): Federation<TContextData> & { sink: Sink };
+
+export function createFederationDebugger<TContextData>(
+  federation: Federation<TContextData>,
+  options?: FederationDebuggerSimpleOptions | FederationDebuggerOptions,
+): Federation<TContextData> & { sink: Sink } {
+  const pathPrefix = validatePathPrefix(options?.path ?? "/__debug__");
+
+  let exporter: FedifySpanExporter;
+  let logKv: KvStore;
+  if (options != null && "exporter" in options) {
+    exporter = options.exporter;
+    logKv = options.kv;
+  } else if (_autoSetup != null) {
+    // Reuse the exporter from a previous auto-setup call so that repeated
+    // calls without an explicit exporter share the same global state.
+    exporter = _autoSetup.exporter;
+    logKv = _autoSetup.kv;
+  } else {
+    // Auto-setup: create MemoryKvStore, FedifySpanExporter,
+    // BasicTracerProvider, and register globally
+    const kv = new MemoryKvStore();
+    logKv = kv;
+    exporter = new FedifySpanExporter(kv);
+    const tracerProvider = new BasicTracerProvider({
+      spanProcessors: [new SimpleSpanProcessor(exporter)],
+    });
+    trace.setGlobalTracerProvider(tracerProvider);
+    // Register context manager so that parent-child spans share
+    // the same traceId (required for context propagation):
+    const contextManager = new AsyncLocalStorageContextManager();
+    context.setGlobalContextManager(contextManager);
+    // Register W3C Trace Context propagator so that trace context
+    // is properly injected/extracted across queue boundaries:
+    propagation.setGlobalPropagator(new W3CTraceContextPropagator());
+
+    _autoSetup = { exporter, kv };
+  }
+
+  const logStore = new LogStore(logKv);
+  const sink = createLogSink(logStore);
+
+  // Auto-configure LogTape when using the simplified overload:
+  if (options == null || !("exporter" in options)) {
+    const existingConfig = getConfig();
+    if (existingConfig != null) {
+      // Merge with existing config
+      const sinks = { ...existingConfig.sinks, __fedify_debugger__: sink };
+      const loggers = existingConfig.loggers.map((l) => ({
+        ...l,
+        sinks: Array.isArray(l.category) && l.category.length < 1
+          ? [...(l.sinks ?? []), "__fedify_debugger__"]
+          : l.sinks,
+      }));
+      if (
+        loggers.every((l) =>
+          typeof l.category === "string" ||
+          Array.isArray(l.category) && l.category.length > 0
+        )
+      ) {
+        loggers.push({ category: [], sinks: ["__fedify_debugger__"] });
+      }
+      configureSync(
+        {
+          ...existingConfig,
+          contextLocalStorage: existingConfig.contextLocalStorage ??
+            new AsyncLocalStorage(),
+          reset: true,
+          sinks,
+          loggers,
+          // deno-lint-ignore no-explicit-any
+        } as any,
+      );
+    } else {
+      configureSync({
+        sinks: { __fedify_debugger__: sink },
+        loggers: [
+          { category: [], sinks: ["__fedify_debugger__"] },
+        ],
+        contextLocalStorage: new AsyncLocalStorage(),
+      });
+    }
+  }
+
+  const auth = options?.auth;
+  const app = createDebugApp(pathPrefix, exporter, logStore, auth);
+
+  // Override fetch to intercept debug path prefix:
+  const debugFetch = async (
+    request: Request,
+    fetchOptions: FederationFetchOptions<TContextData>,
+  ): Promise<Response> => {
+    const url = new URL(request.url);
+    if (
+      url.pathname === pathPrefix ||
+      url.pathname.startsWith(pathPrefix + "/")
+    ) {
+      return await app.fetch(request);
+    }
+    return await federation.fetch(request, fetchOptions);
+  };
+
+  // Use a Proxy to dynamically delegate all methods from the inner
+  // federation, overriding only `fetch` and adding `sink`.  This avoids
+  // a hardcoded method list that could silently become stale when the
+  // Federation interface gains new methods.
+  const overrides: Record<string | symbol, unknown> = {
+    fetch: debugFetch,
+    sink,
+  };
+  return new Proxy(federation as Federation<TContextData> & { sink: Sink }, {
+    get(target, prop, receiver) {
+      if (prop in overrides) return overrides[prop];
+      const value = Reflect.get(target, prop, receiver);
+      if (typeof value === "function") return value.bind(target);
+      return value;
+    },
+    has(target, prop) {
+      if (prop in overrides) return true;
+      return Reflect.has(target, prop);
+    },
+  });
+}
diff --git a/packages/debugger/src/routes.tsx b/packages/debugger/src/routes.tsx
new file mode 100644
index 00000000..15e196df
--- /dev/null
+++ b/packages/debugger/src/routes.tsx
@@ -0,0 +1,169 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+/**
+ * Hono route definitions for the debug dashboard.
+ *
+ * @module
+ */
+import type { FedifySpanExporter } from "@fedify/fedify/otel";
+import { Hono } from "hono";
+import { getCookie } from "hono/cookie";
+import {
+  checkAuth,
+  type FederationDebuggerAuth,
+  generateHmacKey,
+  SESSION_COOKIE_NAME,
+  signSession,
+  verifySession,
+} from "./auth.ts";
+import type { LogStore } from "./log-store.ts";
+import { LoginPage } from "./views/login.tsx";
+import { TraceDetailPage } from "./views/trace-detail.tsx";
+import { TracesListPage } from "./views/traces-list.tsx";
+
+export function createDebugApp(
+  pathPrefix: string,
+  exporter: FedifySpanExporter,
+  logStore: LogStore,
+  auth?: FederationDebuggerAuth,
+): Hono {
+  const app = new Hono({ strict: false }).basePath(pathPrefix);
+
+  // For "password" and "usernamePassword" modes, we need an HMAC key
+  // for signing session cookies.
+  let hmacKeyPromise: Promise<CryptoKey> | undefined;
+  if (auth != null && auth.type !== "request") {
+    hmacKeyPromise = generateHmacKey();
+  }
+
+  // Auth middleware
+  if (auth != null) {
+    if (auth.type === "request") {
+      // Request-based auth: check every request, return 403 on failure
+      app.use("*", async (c, next) => {
+        const allowed = await auth.authenticate(c.req.raw);
+        if (!allowed) {
+          return c.text("Forbidden", 403);
+        }
+        await next();
+      });
+    } else {
+      // Cookie-based auth for "password" and "usernamePassword" modes
+      const showUsername = auth.type === "usernamePassword";
+
+      // POST /login handler
+      app.post("/login", async (c) => {
+        const body = await c.req.parseBody();
+        const password = typeof body.password === "string" ? body.password : "";
+        const username = typeof body.username === "string"
+          ? body.username
+          : undefined;
+        const ok = await checkAuth(auth, { username, password });
+        if (!ok) {
+          return c.html(
+            <LoginPage
+              pathPrefix={pathPrefix}
+              showUsername={showUsername}
+              error="Invalid credentials."
+            />,
+            401,
+          );
+        }
+        const key = await hmacKeyPromise!;
+        const sig = await signSession(key);
+        const secure = new URL(c.req.url).protocol === "https:";
+        return new Response(null, {
+          status: 303,
+          headers: {
+            "Location": pathPrefix + "/",
+            "Set-Cookie":
+              `${SESSION_COOKIE_NAME}=${sig}; Path=${pathPrefix}; HttpOnly; SameSite=Strict${
+                secure ? "; Secure" : ""
+              }`,
+          },
+        });
+      });
+
+      // GET /logout handler
+      app.get("/logout", (c) => {
+        const secure = new URL(c.req.url).protocol === "https:";
+        return new Response(null, {
+          status: 303,
+          headers: {
+            "Location": pathPrefix + "/",
+            "Set-Cookie":
+              `${SESSION_COOKIE_NAME}=; Path=${pathPrefix}; HttpOnly; SameSite=Strict${
+                secure ? "; Secure" : ""
+              }; Max-Age=0`,
+          },
+        });
+      });
+
+      // Auth check middleware (skip for /login and /logout)
+      app.use("*", async (c, next) => {
+        const path = new URL(c.req.url).pathname;
+        const loginPath = pathPrefix + "/login";
+        const logoutPath = pathPrefix + "/logout";
+        if (path === loginPath || path === logoutPath) {
+          await next();
+          return;
+        }
+
+        const sessionValue = getCookie(c, SESSION_COOKIE_NAME);
+        if (sessionValue) {
+          const key = await hmacKeyPromise!;
+          const valid = await verifySession(key, sessionValue);
+          if (valid) {
+            await next();
+            return;
+          }
+        }
+
+        // Not authenticated — show login form
+        return c.html(
+          <LoginPage
+            pathPrefix={pathPrefix}
+            showUsername={showUsername}
+          />,
+          401,
+        );
+      });
+    }
+  }
+
+  app.get("/api/traces", async (c) => {
+    const traces = await exporter.getRecentTraces();
+    return c.json(traces);
+  });
+
+  app.get("/api/logs/:traceId", async (c) => {
+    const traceId = c.req.param("traceId");
+    await logStore.flush();
+    const logs = await logStore.get(traceId);
+    return c.json(logs);
+  });
+
+  app.get("/traces/:traceId", async (c) => {
+    const traceId = c.req.param("traceId");
+    await logStore.flush();
+    const activities = await exporter.getActivitiesByTraceId(traceId);
+    const logs = await logStore.get(traceId);
+    return c.html(
+      <TraceDetailPage
+        traceId={traceId}
+        activities={activities}
+        logs={logs}
+        pathPrefix={pathPrefix}
+      />,
+    );
+  });
+
+  app.get("/", async (c) => {
+    const traces = await exporter.getRecentTraces();
+    return c.html(
+      <TracesListPage traces={traces} pathPrefix={pathPrefix} />,
+    );
+  });
+
+  return app;
+}
diff --git a/packages/debugger/src/views/layout.tsx b/packages/debugger/src/views/layout.tsx
new file mode 100644
index 00000000..038c07c9
--- /dev/null
+++ b/packages/debugger/src/views/layout.tsx
@@ -0,0 +1,109 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+import type { FC, PropsWithChildren } from "hono/jsx";
+import { FedifyLogo } from "./logo.tsx";
+
+/**
+ * Props for the {@link Layout} component.
+ */
+export interface LayoutProps {
+  /**
+   * The page title.  Appended to "Fedify Debug Dashboard".
+   */
+  title?: string;
+
+  /**
+   * The path prefix for the debug dashboard (used for linking).
+   */
+  pathPrefix: string;
+}
+
+/**
+ * Root HTML layout for the debug dashboard.
+ */
+export const Layout: FC<PropsWithChildren<LayoutProps>> = (
+  { title, pathPrefix, children },
+) => {
+  return (
+    <html>
+      <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1" />
+        <title>
+          {title != null ? `${title} — ` : ""}Fedify Debug Dashboard
+        </title>
+        <style>
+          {`
+          body {
+            font-family: system-ui, -apple-system, sans-serif;
+            max-width: 960px;
+            margin: 0 auto;
+            padding: 1rem;
+            color: #333;
+          }
+          header { border-bottom: 1px solid #ddd; padding-bottom: 0.5rem; margin-bottom: 1rem; }
+          header h1 { margin: 0; font-size: 1.25rem; }
+          header h1 a { color: inherit; text-decoration: none; display: inline-flex; align-items: center; gap: 0.5rem; }
+          table { width: 100%; border-collapse: collapse; }
+          th, td { text-align: left; padding: 0.5rem; border-bottom: 1px solid #eee; }
+          th { font-weight: 600; font-size: 0.875rem; color: #666; }
+          a { color: #0969da; }
+          code { background: #f0f0f0; padding: 0.15em 0.3em; border-radius: 3px; font-size: 0.875em; }
+          .badge { display: inline-block; background: #e0e0e0; color: #333; padding: 0.15em 0.5em; border-radius: 3px; font-size: 0.75rem; }
+          .badge-inbound { background: #ddf4ff; color: #0969da; }
+          .badge-outbound { background: #fff8c5; color: #9a6700; }
+          .detail-section { margin-bottom: 1.5rem; }
+          .detail-section h2 { font-size: 1rem; margin-bottom: 0.5rem; border-bottom: 1px solid #eee; padding-bottom: 0.25rem; }
+          pre { background: #f6f8fa; padding: 1rem; overflow-x: auto; border-radius: 6px; font-size: 0.8125rem; }
+          .empty { color: #888; font-style: italic; }
+          nav a { margin-right: 0.5rem; }
+          .log-table td { font-size: 0.8125rem; vertical-align: top; }
+          .log-table time { font-family: monospace; white-space: nowrap; }
+          .badge-debug { background: #e8e8e8; color: #666; }
+          .badge-info { background: #ddf4ff; color: #0969da; }
+          .badge-warning { background: #fff8c5; color: #9a6700; }
+          .badge-error { background: #ffebe9; color: #cf222e; }
+          .badge-fatal { background: #cf222e; color: #fff; }
+          .log-error td { background: #fff5f5; }
+          .log-fatal td { background: #ffebe9; }
+
+          @media (prefers-color-scheme: dark) {
+            body { background: #0d1117; color: #e6edf3; }
+            header { border-bottom-color: #30363d; }
+            th { color: #9198a1; }
+            th, td { border-bottom-color: #21262d; }
+            a { color: #58a6ff; }
+            code { background: #161b22; }
+            .badge { background: #30363d; color: #e6edf3; }
+            .badge-inbound { background: #122d42; color: #58a6ff; }
+            .badge-outbound { background: #2e2a1f; color: #d29922; }
+            .detail-section h2 { border-bottom-color: #21262d; }
+            pre { background: #161b22; }
+            .empty { color: #9198a1; }
+            .badge-debug { background: #21262d; color: #9198a1; }
+            .badge-info { background: #122d42; color: #58a6ff; }
+            .badge-warning { background: #2e2a1f; color: #d29922; }
+            .badge-error { background: #3d1f20; color: #f85149; }
+            .badge-fatal { background: #da3633; color: #fff; }
+            .log-error td { background: #2d1215; }
+            .log-fatal td { background: #3d1f20; }
+          }
+        `}
+        </style>
+      </head>
+      <body>
+        <header>
+          <h1>
+            <a href={pathPrefix + "/"}>
+              <FedifyLogo size={24} />
+              Fedify Debug Dashboard
+            </a>
+          </h1>
+        </header>
+        <main>
+          {children}
+        </main>
+      </body>
+    </html>
+  );
+};
diff --git a/packages/debugger/src/views/login.tsx b/packages/debugger/src/views/login.tsx
new file mode 100644
index 00000000..72e1c847
--- /dev/null
+++ b/packages/debugger/src/views/login.tsx
@@ -0,0 +1,134 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+import type { FC } from "hono/jsx";
+import { Layout } from "./layout.tsx";
+
+/**
+ * Props for the {@link LoginPage} component.
+ */
+export interface LoginPageProps {
+  /**
+   * The path prefix for the debug dashboard.
+   */
+  pathPrefix: string;
+
+  /**
+   * Whether to show a username field in addition to the password field.
+   */
+  showUsername: boolean;
+
+  /**
+   * An optional error message to display (e.g., "Invalid credentials").
+   */
+  error?: string;
+}
+
+/**
+ * Login page for the debug dashboard.
+ */
+export const LoginPage: FC<LoginPageProps> = (
+  { pathPrefix, showUsername, error },
+) => {
+  return (
+    <Layout title="Login" pathPrefix={pathPrefix}>
+      <h2>Login Required</h2>
+      <p class="login-description">
+        The debug dashboard requires authentication to access.
+      </p>
+      {error && <p class="login-error">{error}</p>}
+      <form method="post" action={pathPrefix + "/login"} class="login-form">
+        {showUsername && (
+          <div class="login-field">
+            <label for="username">Username</label>
+            <input
+              type="text"
+              id="username"
+              name="username"
+              required
+              autocomplete="username"
+            />
+          </div>
+        )}
+        <div class="login-field">
+          <label for="password">Password</label>
+          <input
+            type="password"
+            id="password"
+            name="password"
+            required
+            autocomplete="current-password"
+          />
+        </div>
+        <button type="submit">Log in</button>
+      </form>
+      <style>
+        {`
+        .login-form {
+          max-width: 320px;
+        }
+        .login-field {
+          margin-bottom: 0.75rem;
+        }
+        .login-field label {
+          display: block;
+          margin-bottom: 0.25rem;
+          font-weight: 600;
+          font-size: 0.875rem;
+        }
+        .login-field input {
+          width: 100%;
+          padding: 0.5rem;
+          border: 1px solid #ccc;
+          border-radius: 4px;
+          font-size: 0.875rem;
+          box-sizing: border-box;
+        }
+        .login-form button {
+          padding: 0.5rem 1.5rem;
+          background: #0969da;
+          color: #fff;
+          border: none;
+          border-radius: 4px;
+          font-size: 0.875rem;
+          cursor: pointer;
+        }
+        .login-form button:hover {
+          background: #0860c5;
+        }
+        .login-error {
+          color: #d1242f;
+          background: #ffebe9;
+          padding: 0.5rem 0.75rem;
+          border-radius: 4px;
+          font-size: 0.875rem;
+        }
+        .login-description {
+          color: #666;
+          font-size: 0.875rem;
+        }
+
+        @media (prefers-color-scheme: dark) {
+          .login-field input {
+            background: #0d1117;
+            color: #e6edf3;
+            border-color: #30363d;
+          }
+          .login-form button {
+            background: #1f6feb;
+          }
+          .login-form button:hover {
+            background: #388bfd;
+          }
+          .login-error {
+            color: #f85149;
+            background: #3d1f20;
+          }
+          .login-description {
+            color: #9198a1;
+          }
+        }
+        `}
+      </style>
+    </Layout>
+  );
+};
diff --git a/packages/debugger/src/views/logo.tsx b/packages/debugger/src/views/logo.tsx
new file mode 100644
index 00000000..150b18d9
--- /dev/null
+++ b/packages/debugger/src/views/logo.tsx
@@ -0,0 +1,190 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+import type { FC } from "hono/jsx";
+
+/**
+ * Props for the {@link FedifyLogo} component.
+ */
+export interface FedifyLogoProps {
+  /**
+   * The width and height of the logo in pixels.
+   * @default 24
+   */
+  size?: number;
+}
+
+/**
+ * Inline SVG of the Fedify logo (mascot bird with fediverse connection nodes).
+ */
+export const FedifyLogo: FC<FedifyLogoProps> = ({ size = 24 }) => {
+  return (
+    <svg
+      width={size}
+      height={size}
+      viewBox="0 0 112 112"
+      role="img"
+      aria-label="Fedify logo"
+    >
+      <defs>
+        <clipPath
+          clipPathUnits="userSpaceOnUse"
+          id="fedify-logo-clip"
+        >
+          <ellipse
+            style="fill: #000; stroke: #000; stroke-width: 3.02635; stroke-linejoin: miter; stroke-dasharray: none; stroke-dashoffset: 0; stroke-opacity: 1; paint-order: normal"
+            cx="55.92646"
+            cy="56.073448"
+            transform="rotate(-0.07519647)"
+            rx="54.486828"
+            ry="54.486824"
+          />
+        </clipPath>
+      </defs>
+      <ellipse
+        style="fill: #ffffff; stroke: none; stroke-width: 3.02635; stroke-linejoin: miter; stroke-dasharray: none; stroke-dashoffset: 0; stroke-opacity: 1; paint-order: normal"
+        cx="55.92646"
+        cy="56.073448"
+        transform="rotate(-0.07519647)"
+        rx="54.486828"
+        ry="54.486824"
+      />
+      <g clip-path="url(#fedify-logo-clip)">
+        <g>
+          <path
+            d="M 77.4624,78.9593 C 78.2802,68.3428 73.7143,58.8833 71.3291,55.4806 L 87.6847,48.335 c 4.9066,1.6333 6.474,17.3537 6.6444,25.0098 0,0 -3.5778,0.5104 -5.6222,2.0416 -2.085,1.5616 -5.6222,5.1041 -11.2445,3.5729 z"
+            fill="#ffffff"
+            stroke="#84b5d9"
+            stroke-width="3"
+            stroke-linecap="round"
+          />
+          <path
+            d="M 7.06239,52.159 C -5.55748,54.1782 -12.682,66.0659 -17.661,73.2769 c -0.8584,13.3918 -0.6181,41.1021 7.211,44.8111 7.82906,3.709 26.9553,1.545 35.5398,0 v 4.121 c 1.3736,0.515 5.0477,1.648 8.7562,2.06 3.7085,0.412 6.696,-1.202 7.7261,-2.06 v -9.787 c 0.5151,-0.343 2.9874,-1.957 8.7562,-5.666 7.211,-4.635 11.3315,-16.482 9.7863,-24.7229 -1.1589,-6.181 3.6055,-18.5427 6.1809,-26.7838 9.7863,2.0601 22.148,-1.0301 23.1781,-14.9369 C 90.1205,31.5801 80.7174,19.9868 63.2051,25.3752 45.6927,30.7636 48.268,52.159 41.5721,59.37 35.3913,53.1891 23.5446,49.5219 7.06239,52.159 Z"
+            fill="#bae6fd"
+            stroke="#0c4a6e"
+            stroke-width="3"
+            stroke-linecap="round"
+          />
+          <path
+            d="M 66.2955,55.2493 C 64.5786,54.7342 60.9387,53.6011 60.1146,53.189"
+            stroke="#0284c7"
+            stroke-opacity="0.37"
+            stroke-width="3"
+            stroke-linecap="round"
+            style="opacity: 1; fill: none; stroke-width: 3; stroke-linejoin: miter; stroke-dasharray: none; paint-order: normal"
+          />
+          <path
+            d="m 41.5721,59.3698 c -0.6868,0.8585 -2.6784,2.7814 -5.1507,3.6055"
+            stroke="#0284c7"
+            stroke-opacity="0.37"
+            stroke-width="3"
+            stroke-linecap="round"
+            style="fill: none"
+          />
+          <circle
+            cx="68.870796"
+            cy="42.8876"
+            r="2.0602801"
+            fill="#000000"
+          />
+        </g>
+        <g
+          transform="matrix(0.08160718,0,0,0.08160718,76.994732,53.205469)"
+          style="display: inline"
+        >
+          <path
+            style="fill: #a730b8; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 181.13086,275.13672 a 68.892408,68.892408 0 0 1 -29.46484,29.32812 l 161.75781,162.38868 38.99805,-19.76368 z m 213.36328,214.1875 -38.99805,19.76367 81.96289,82.2832 a 68.892409,68.892409 0 0 1 29.47071,-29.33203 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #5496be; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 581.64648,339.39062 -91.57617,46.41016 6.75196,43.18945 103.61523,-52.51367 A 68.892409,68.892409 0 0 1 581.64648,339.39062 Z M 436.9082,412.74219 220.38281,522.47656 a 68.892408,68.892408 0 0 1 18.79492,37.08985 L 443.66016,455.93359 Z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #ce3d1a; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="M 367.27539,142.4375 262.79492,346.4082 293.64258,377.375 404.26562,161.41797 A 68.892408,68.892408 0 0 1 367.27539,142.4375 Z m -131.6543,257.02148 -52.92187,103.31446 a 68.892409,68.892409 0 0 1 36.98633,18.97851 l 46.78125,-91.32812 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #d0188f; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 150.76758,304.91797 a 68.892408,68.892408 0 0 1 -34.41602,7.19531 68.892408,68.892408 0 0 1 -6.65039,-0.69531 l 30.90235,197.66211 a 68.892409,68.892409 0 0 1 34.41601,-7.19531 68.892409,68.892409 0 0 1 6.64649,0.69531 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #5b36e9; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 239.3418,560.54492 a 68.892408,68.892408 0 0 1 0.7207,13.87696 68.892408,68.892408 0 0 1 -7.26758,27.17968 l 197.62891,31.71289 a 68.892409,68.892409 0 0 1 -0.72266,-13.8789 68.892409,68.892409 0 0 1 7.26953,-27.17774 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #30b873; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 601.13281,377.19922 -91.21875,178.08203 a 68.892408,68.892408 0 0 1 36.99414,18.98242 L 638.125,396.18359 a 68.892409,68.892409 0 0 1 -36.99219,-18.98437 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #ebe305; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 476.72266,125.33008 a 68.892408,68.892408 0 0 1 -29.47071,29.33203 l 141.26563,141.81055 a 68.892409,68.892409 0 0 1 29.46875,-29.33204 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #f47601; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 347.78711,104.63086 -178.57617,90.49805 a 68.892409,68.892409 0 0 1 18.79297,37.08593 l 178.57421,-90.50195 a 68.892408,68.892408 0 0 1 -18.79101,-37.08203 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #57c115; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 446.92578,154.82617 a 68.892408,68.892408 0 0 1 -34.98242,7.48242 68.892408,68.892408 0 0 1 -6.0293,-0.63281 l 15.81836,101.29102 43.16211,6.92578 z m -16,167.02735 37.40039,239.48242 a 68.892409,68.892409 0 0 1 33.91406,-6.94336 68.892409,68.892409 0 0 1 7.20704,0.79101 L 474.08984,328.77734 Z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <path
+            style="fill: #dbb210; fill-opacity: 1; fill-rule: nonzero; stroke: none; stroke-width: 41.5748"
+            d="m 188.13086,232.97461 a 68.892408,68.892408 0 0 1 0.75781,14.0957 68.892408,68.892408 0 0 1 -7.16015,26.98242 l 101.36914,16.28125 19.92382,-38.9082 z m 173.73633,27.90039 -19.92578,38.91211 239.51367,38.4668 a 68.892409,68.892409 0 0 1 -0.69531,-13.71875 68.892409,68.892409 0 0 1 7.34961,-27.32422 z"
+            transform="matrix(0.26458333,0,0,0.26458333,-6.6789703,32.495842)"
+          />
+          <circle
+            style="fill: #ffca00; fill-opacity: 0.995968; stroke: none; stroke-width: 0.264583; stroke-opacity: 0.960784"
+            cx="106.26596"
+            cy="51.535553"
+            r="16.570711"
+            transform="rotate(3.1178174)"
+          />
+          <circle
+            style="fill: #64ff00; fill-opacity: 0.995968; stroke: none; stroke-width: 0.264583; stroke-opacity: 0.960784"
+            cx="171.42836"
+            cy="110.19328"
+            r="16.570711"
+            transform="rotate(3.1178174)"
+          />
+          <circle
+            style="fill: #00a3ff; fill-opacity: 0.995968; stroke: none; stroke-width: 0.264583; stroke-opacity: 0.960784"
+            cx="135.76379"
+            cy="190.27704"
+            r="16.570711"
+            transform="rotate(3.1178174)"
+          />
+          <circle
+            style="fill: #9500ff; fill-opacity: 0.995968; stroke: none; stroke-width: 0.264583; stroke-opacity: 0.960784"
+            cx="48.559471"
+            cy="181.1138"
+            r="16.570711"
+            transform="rotate(3.1178174)"
+          />
+          <circle
+            style="fill: #ff0000; fill-opacity: 0.995968; stroke: none; stroke-width: 0.264583; stroke-opacity: 0.960784"
+            cx="30.328812"
+            cy="95.366837"
+            r="16.570711"
+            transform="rotate(3.1178174)"
+          />
+        </g>
+      </g>
+      <circle
+        style="opacity: 1; fill: none; stroke: #84b5d9; stroke-width: 4.91342; stroke-linejoin: miter; stroke-dasharray: none; stroke-dashoffset: 0; stroke-opacity: 1; paint-order: normal"
+        cx="55.926456"
+        cy="56.073448"
+        transform="rotate(-0.07519625)"
+        r="53.543289"
+      />
+    </svg>
+  );
+};
diff --git a/packages/debugger/src/views/trace-detail.tsx b/packages/debugger/src/views/trace-detail.tsx
new file mode 100644
index 00000000..22f2899b
--- /dev/null
+++ b/packages/debugger/src/views/trace-detail.tsx
@@ -0,0 +1,235 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+import type { FC } from "hono/jsx";
+import type { TraceActivityRecord } from "@fedify/fedify/otel";
+import type { SerializedLogRecord } from "../mod.tsx";
+import { Layout } from "./layout.tsx";
+
+/**
+ * Safely formats a timestamp (milliseconds since epoch) as an ISO string.
+ * Returns `"(invalid)"` if the timestamp is not a finite number or produces
+ * an invalid `Date`.
+ */
+function safeISOString(timestamp: number): string {
+  if (!Number.isFinite(timestamp)) return "(invalid)";
+  try {
+    return new Date(timestamp).toISOString();
+  } catch {
+    return "(invalid)";
+  }
+}
+
+/**
+ * Props for the {@link TraceDetailPage} component.
+ */
+export interface TraceDetailPageProps {
+  /**
+   * The trace ID being displayed.
+   */
+  traceId: string;
+
+  /**
+   * The list of activity records for this trace.
+   */
+  activities: TraceActivityRecord[];
+
+  /**
+   * The list of log records for this trace.
+   */
+  logs: readonly SerializedLogRecord[];
+
+  /**
+   * The path prefix for the debug dashboard.
+   */
+  pathPrefix: string;
+}
+
+/**
+ * The trace detail page of the debug dashboard.
+ */
+export const TraceDetailPage: FC<TraceDetailPageProps> = (
+  { traceId, activities, logs, pathPrefix },
+) => {
+  return (
+    <Layout pathPrefix={pathPrefix} title={`Trace ${traceId.slice(0, 8)}`}>
+      <nav>
+        <a href={`${pathPrefix}/`}>&larr; Back to traces</a>
+      </nav>
+
+      <h2>
+        Trace <code>{traceId.slice(0, 8)}</code>
+      </h2>
+      <p>
+        Full ID: <code>{traceId}</code> &mdash;{" "}
+        <strong>{activities.length}</strong>{" "}
+        activit{activities.length !== 1 ? "ies" : "y"},{" "}
+        <strong>{logs.length}</strong> log record{logs.length !== 1 ? "s" : ""}
+      </p>
+
+      {activities.length === 0
+        ? <p class="empty">No activities found for this trace.</p>
+        : (
+          activities.map((activity) => (
+            <div key={activity.spanId} class="detail-section">
+              <h2>
+                <span
+                  class={`badge ${
+                    activity.direction === "inbound"
+                      ? "badge-inbound"
+                      : "badge-outbound"
+                  }`}
+                >
+                  {activity.direction}
+                </span>{" "}
+                {activity.activityType}
+              </h2>
+
+              <table>
+                <tbody>
+                  <tr>
+                    <th>Span ID</th>
+                    <td>
+                      <code>{activity.spanId}</code>
+                    </td>
+                  </tr>
+                  {activity.parentSpanId != null && (
+                    <tr>
+                      <th>Parent Span</th>
+                      <td>
+                        <code>{activity.parentSpanId}</code>
+                      </td>
+                    </tr>
+                  )}
+                  {activity.activityId != null && (
+                    <tr>
+                      <th>Activity ID</th>
+                      <td>
+                        <code>{activity.activityId}</code>
+                      </td>
+                    </tr>
+                  )}
+                  {activity.actorId != null && (
+                    <tr>
+                      <th>Actor</th>
+                      <td>
+                        <code>{activity.actorId}</code>
+                      </td>
+                    </tr>
+                  )}
+                  <tr>
+                    <th>Timestamp</th>
+                    <td>
+                      <time datetime={activity.timestamp}>
+                        {activity.timestamp}
+                      </time>
+                    </td>
+                  </tr>
+                  {activity.direction === "outbound" &&
+                    activity.inboxUrl != null && (
+                    <tr>
+                      <th>Inbox URL</th>
+                      <td>
+                        <code>{activity.inboxUrl}</code>
+                      </td>
+                    </tr>
+                  )}
+                  {activity.direction === "inbound" && (
+                    <tr>
+                      <th>Verified</th>
+                      <td>{activity.verified ? "Yes" : "No"}</td>
+                    </tr>
+                  )}
+                  {activity.signatureDetails != null && (
+                    <tr>
+                      <th>Signature Details</th>
+                      <td>
+                        HTTP Signatures:{" "}
+                        {activity.signatureDetails.httpSignaturesVerified
+                          ? "verified"
+                          : "not verified"}
+                        {activity.signatureDetails.httpSignaturesKeyId !=
+                            null &&
+                          (
+                            <span>
+                              &nbsp;(key:&nbsp;
+                              <code>
+                                {activity.signatureDetails.httpSignaturesKeyId}
+                              </code>)
+                            </span>
+                          )}
+                        <br />
+                        LD Signatures:{" "}
+                        {activity.signatureDetails.ldSignaturesVerified
+                          ? "verified"
+                          : "not verified"}
+                      </td>
+                    </tr>
+                  )}
+                </tbody>
+              </table>
+
+              <details>
+                <summary>Activity JSON</summary>
+                <pre>{formatJson(activity.activityJson)}</pre>
+              </details>
+            </div>
+          ))
+        )}
+
+      <h2>Logs</h2>
+      {logs.length === 0
+        ? <p class="empty">No logs captured for this trace.</p>
+        : (
+          <table class="log-table">
+            <thead>
+              <tr>
+                <th>Time</th>
+                <th>Level</th>
+                <th>Category</th>
+                <th>Message</th>
+              </tr>
+            </thead>
+            <tbody>
+              {logs.map((log, i) => (
+                <tr key={i} class={`log-${log.level}`}>
+                  <td>
+                    <time datetime={safeISOString(log.timestamp)}>
+                      {(() => {
+                        const iso = safeISOString(log.timestamp);
+                        return iso === "(invalid)" ? iso : iso.slice(11, 23);
+                      })()}
+                    </time>
+                  </td>
+                  <td>
+                    <span class={`badge badge-${log.level}`}>{log.level}</span>
+                  </td>
+                  <td>
+                    <code>{log.category.join(".")}</code>
+                  </td>
+                  <td>
+                    {log.message}
+                    {Object.keys(log.properties).length > 0 && (
+                      <details>
+                        <summary>Properties</summary>
+                        <pre>
+                          {JSON.stringify(log.properties, null, 2)}
+                        </pre>
+                      </details>
+                    )}
+                  </td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        )}
+    </Layout>
+  );
+};
+
+function formatJson(json: string): string {
+  try {
+    return JSON.stringify(JSON.parse(json), null, 2);
+  } catch {
+    return json;
+  }
+}
diff --git a/packages/debugger/src/views/traces-list.tsx b/packages/debugger/src/views/traces-list.tsx
new file mode 100644
index 00000000..2bf6eb53
--- /dev/null
+++ b/packages/debugger/src/views/traces-list.tsx
@@ -0,0 +1,104 @@
+/** @jsx react-jsx */
+/** @jsxImportSource hono/jsx */
+import type { FC } from "hono/jsx";
+import type { TraceSummary } from "@fedify/fedify/otel";
+import { Layout } from "./layout.tsx";
+
+/**
+ * Props for the {@link TracesListPage} component.
+ */
+export interface TracesListPageProps {
+  /**
+   * The list of trace summaries to display.
+   */
+  traces: TraceSummary[];
+
+  /**
+   * The path prefix for the debug dashboard.
+   */
+  pathPrefix: string;
+}
+
+/**
+ * The traces list page of the debug dashboard.
+ */
+export const TracesListPage: FC<TracesListPageProps> = (
+  { traces, pathPrefix },
+) => {
+  return (
+    <Layout pathPrefix={pathPrefix}>
+      <p>
+        Showing <strong>{traces.length}</strong>{" "}
+        trace{traces.length !== 1 ? "s" : ""}.
+      </p>
+      {traces.length === 0
+        ? <p class="empty">No traces captured yet.</p>
+        : (
+          <table>
+            <thead>
+              <tr>
+                <th>Trace ID</th>
+                <th>Activity Types</th>
+                <th>Activities</th>
+                <th>Timestamp</th>
+              </tr>
+            </thead>
+            <tbody>
+              {traces.map((trace) => (
+                <tr key={trace.traceId}>
+                  <td>
+                    <a href={`${pathPrefix}/traces/${trace.traceId}`}>
+                      <code>{trace.traceId.slice(0, 8)}</code>
+                    </a>
+                  </td>
+                  <td>
+                    {trace.activityTypes.map((t) => (
+                      <span key={t} class="badge">
+                        {t}
+                      </span>
+                    ))}
+                    {trace.activityTypes.length === 0 && (
+                      <span class="empty">none</span>
+                    )}
+                  </td>
+                  <td>{trace.activityCount}</td>
+                  <td>
+                    <time datetime={trace.timestamp}>
+                      {trace.timestamp}
+                    </time>
+                  </td>
+                </tr>
+              ))}
+            </tbody>
+          </table>
+        )}
+      <script
+        dangerouslySetInnerHTML={{
+          __html: `
+(function() {
+  var interval = setInterval(function() {
+    fetch(${
+            JSON.stringify(pathPrefix).replace(/</g, "\\u003c")
+          } + "/api/traces")
+      .then(function(r) { return r.json(); })
+      .then(function(data) {
+        var countEl = document.querySelector("strong");
+        if (countEl) {
+          var current = parseInt(countEl.textContent, 10);
+          if (data.length !== current) {
+            location.reload();
+          }
+        }
+      })
+      .catch(function() {});
+  }, 3000);
+  window.addEventListener("beforeunload", function() {
+    clearInterval(interval);
+  });
+})();
+`,
+        }}
+      />
+    </Layout>
+  );
+};
diff --git a/packages/debugger/tsdown.config.ts b/packages/debugger/tsdown.config.ts
new file mode 100644
index 00000000..6fb19149
--- /dev/null
+++ b/packages/debugger/tsdown.config.ts
@@ -0,0 +1,30 @@
+import { defineConfig } from "tsdown";
+
+export default defineConfig({
+  entry: ["src/mod.tsx"],
+  dts: true,
+  format: ["esm", "cjs"],
+  platform: "node",
+  external: [
+    "@fedify/fedify",
+    "@fedify/fedify/federation",
+    "@fedify/fedify/otel",
+    "@logtape/logtape",
+    /^@logtape\//,
+    /^@opentelemetry\//,
+    "hono",
+    /^hono\//,
+  ],
+  outputOptions(outputOptions, format) {
+    if (format === "cjs") {
+      outputOptions.intro = `
+        const { Temporal } = require("@js-temporal/polyfill");
+      `;
+    } else {
+      outputOptions.intro = `
+        import { Temporal } from "@js-temporal/polyfill";
+      `;
+    }
+    return outputOptions;
+  },
+});
diff --git a/packages/fedify/README.md b/packages/fedify/README.md
index 76155c72..fcbacb8f 100644
--- a/packages/fedify/README.md
+++ b/packages/fedify/README.md
@@ -100,6 +100,7 @@ Here is the list of packages:
 | [@fedify/cli](/packages/cli/)                     | [JSR][jsr:@fedify/cli]           | [npm][npm:@fedify/cli]           | CLI toolchain for testing and debugging  |
 | [@fedify/amqp](/packages/amqp/)                   | [JSR][jsr:@fedify/amqp]          | [npm][npm:@fedify/amqp]          | AMQP/RabbitMQ driver                     |
 | [@fedify/cfworkers](/packages/cfworkers/)         | [JSR][jsr:@fedify/cfworkers]     | [npm][npm:@fedify/cfworkers]     | Cloudflare Workers integration           |
+| [@fedify/debugger](/packages/debugger/)           | [JSR][jsr:@fedify/debugger]      | [npm][npm:@fedify/debugger]      | Embedded ActivityPub debug dashboard     |
 | [@fedify/denokv](/packages/denokv/)               | [JSR][jsr:@fedify/denokv]        |                                  | Deno KV integration                      |
 | [@fedify/elysia](/packages/elysia/)               |                                  | [npm][npm:@fedify/elysia]        | Elysia integration                       |
 | [@fedify/express](/packages/express/)             | [JSR][jsr:@fedify/express]       | [npm][npm:@fedify/express]       | Express integration                      |
@@ -128,6 +129,8 @@ Here is the list of packages:
 [npm:@fedify/amqp]: https://www.npmjs.com/package/@fedify/amqp
 [jsr:@fedify/cfworkers]: https://jsr.io/@fedify/cfworkers
 [npm:@fedify/cfworkers]: https://www.npmjs.com/package/@fedify/cfworkers
+[jsr:@fedify/debugger]: https://jsr.io/@fedify/debugger
+[npm:@fedify/debugger]: https://www.npmjs.com/package/@fedify/debugger
 [jsr:@fedify/denokv]: https://jsr.io/@fedify/denokv
 [npm:@fedify/elysia]: https://www.npmjs.com/package/@fedify/elysia
 [jsr:@fedify/express]: https://jsr.io/@fedify/express
diff --git a/packages/fedify/deno.json b/packages/fedify/deno.json
index a1ec515c..86a7d7a8 100644
--- a/packages/fedify/deno.json
+++ b/packages/fedify/deno.json
@@ -15,9 +15,6 @@
   },
   "imports": {
     "@multiformats/base-x": "npm:@multiformats/base-x@^4.0.1",
-    "@opentelemetry/core": "npm:@opentelemetry/core@^2.0.0",
-    "@opentelemetry/sdk-trace-base": "npm:@opentelemetry/sdk-trace-base@^2.0.0",
-    "@opentelemetry/semantic-conventions": "npm:@opentelemetry/semantic-conventions@^1.27.0",
     "@std/assert": "jsr:@std/assert@^0.226.0",
     "@std/url": "jsr:@std/url@^0.225.1",
     "asn1js": "npm:asn1js@^3.0.7",
diff --git a/packages/fedify/package.json b/packages/fedify/package.json
index 98cf2781..2d51d7ad 100644
--- a/packages/fedify/package.json
+++ b/packages/fedify/package.json
@@ -138,7 +138,7 @@
     "@opentelemetry/api": "catalog:",
     "@opentelemetry/core": "catalog:",
     "@opentelemetry/sdk-trace-base": "catalog:",
-    "@opentelemetry/semantic-conventions": "^1.27.0",
+    "@opentelemetry/semantic-conventions": "catalog:",
     "byte-encodings": "catalog:",
     "es-toolkit": "catalog:",
     "json-canon": "^1.0.1",
diff --git a/packages/fedify/src/federation/middleware.ts b/packages/fedify/src/federation/middleware.ts
index 826b546f..a154e4e5 100644
--- a/packages/fedify/src/federation/middleware.ts
+++ b/packages/fedify/src/federation/middleware.ts
@@ -241,7 +241,7 @@ export class FederationImpl<TContextData>
   outboxRetryPolicy: RetryPolicy;
   inboxRetryPolicy: RetryPolicy;
   activityTransformers: readonly ActivityTransformer<TContextData>[];
-  tracerProvider: TracerProvider;
+  _tracerProvider: TracerProvider | undefined;
   firstKnock?: HttpMessageSignaturesSpec;
 
   constructor(options: FederationOptions<TContextData>) {
@@ -385,10 +385,14 @@ export class FederationImpl<TContextData>
       createExponentialBackoffPolicy();
     this.activityTransformers = options.activityTransformers ??
       getDefaultActivityTransformers<TContextData>();
-    this.tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+    this._tracerProvider = options.tracerProvider;
     this.firstKnock = options.firstKnock;
   }
 
+  get tracerProvider(): TracerProvider {
+    return this._tracerProvider ?? trace.getTracerProvider();
+  }
+
   _initializeRouter() {
     this.router.add("/.well-known/webfinger", "webfinger");
     this.router.add("/.well-known/nodeinfo", "nodeInfoJrd");
@@ -474,20 +478,29 @@ export class FederationImpl<TContextData>
           },
           extractedContext,
           async (span) => {
-            if (message.activityId != null) {
-              span.setAttribute("activitypub.activity.id", message.activityId);
-            }
-            try {
-              await this.#listenFanoutMessage(contextData, message);
-            } catch (e) {
-              span.setStatus({
-                code: SpanStatusCode.ERROR,
-                message: String(e),
-              });
-              throw e;
-            } finally {
-              span.end();
-            }
+            const spanCtx = span.spanContext();
+            return await withContext(
+              { traceId: spanCtx.traceId, spanId: spanCtx.spanId },
+              async () => {
+                if (message.activityId != null) {
+                  span.setAttribute(
+                    "activitypub.activity.id",
+                    message.activityId,
+                  );
+                }
+                try {
+                  await this.#listenFanoutMessage(contextData, message);
+                } catch (e) {
+                  span.setStatus({
+                    code: SpanStatusCode.ERROR,
+                    message: String(e),
+                  });
+                  throw e;
+                } finally {
+                  span.end();
+                }
+              },
+            );
           },
         );
       } else if (message.type === "outbox") {
@@ -502,20 +515,29 @@ export class FederationImpl<TContextData>
           },
           extractedContext,
           async (span) => {
-            if (message.activityId != null) {
-              span.setAttribute("activitypub.activity.id", message.activityId);
-            }
-            try {
-              await this.#listenOutboxMessage(contextData, message, span);
-            } catch (e) {
-              span.setStatus({
-                code: SpanStatusCode.ERROR,
-                message: String(e),
-              });
-              throw e;
-            } finally {
-              span.end();
-            }
+            const spanCtx = span.spanContext();
+            return await withContext(
+              { traceId: spanCtx.traceId, spanId: spanCtx.spanId },
+              async () => {
+                if (message.activityId != null) {
+                  span.setAttribute(
+                    "activitypub.activity.id",
+                    message.activityId,
+                  );
+                }
+                try {
+                  await this.#listenOutboxMessage(contextData, message, span);
+                } catch (e) {
+                  span.setStatus({
+                    code: SpanStatusCode.ERROR,
+                    message: String(e),
+                  });
+                  throw e;
+                } finally {
+                  span.end();
+                }
+              },
+            );
           },
         );
       } else if (message.type === "inbox") {
@@ -529,17 +551,23 @@ export class FederationImpl<TContextData>
           },
           extractedContext,
           async (span) => {
-            try {
-              await this.#listenInboxMessage(contextData, message, span);
-            } catch (e) {
-              span.setStatus({
-                code: SpanStatusCode.ERROR,
-                message: String(e),
-              });
-              throw e;
-            } finally {
-              span.end();
-            }
+            const spanCtx = span.spanContext();
+            return await withContext(
+              { traceId: spanCtx.traceId, spanId: spanCtx.spanId },
+              async () => {
+                try {
+                  await this.#listenInboxMessage(contextData, message, span);
+                } catch (e) {
+                  span.setStatus({
+                    code: SpanStatusCode.ERROR,
+                    message: String(e),
+                  });
+                  throw e;
+                } finally {
+                  span.end();
+                }
+              },
+            );
           },
         );
       }
@@ -1266,55 +1294,69 @@ export class FederationImpl<TContextData>
           },
         },
         async (span) => {
-          const logger = getLogger(["fedify", "federation", "http"]);
-          if (span.isRecording()) {
-            for (const [k, v] of request.headers) {
-              span.setAttribute(ATTR_HTTP_REQUEST_HEADER(k), [v]);
-            }
-          }
-          let response: Response;
-          try {
-            response = await this.#fetch(request, { ...options, span, tracer });
-            if (acceptsJsonLd(request)) {
-              response.headers.set("Vary", "Accept");
-            }
-          } catch (error) {
-            span.setStatus({
-              code: SpanStatusCode.ERROR,
-              message: `${error}`,
-            });
-            span.end();
-            logger.error(
-              "An error occurred while serving request {method} {url}: {error}",
-              { method: request.method, url: request.url, error },
-            );
-            throw error;
-          }
-          if (span.isRecording()) {
-            span.setAttribute(ATTR_HTTP_RESPONSE_STATUS_CODE, response.status);
-            for (const [k, v] of response.headers) {
-              span.setAttribute(ATTR_HTTP_RESPONSE_HEADER(k), [v]);
-            }
-            span.setStatus({
-              code: response.status >= 500
-                ? SpanStatusCode.ERROR
-                : SpanStatusCode.UNSET,
-              message: response.statusText,
-            });
-          }
-          span.end();
-          const url = new URL(request.url);
-          const logTpl = "{method} {path}: {status}";
-          const values = {
-            method: request.method,
-            path: `${url.pathname}${url.search}`,
-            url: request.url,
-            status: response.status,
-          };
-          if (response.status >= 500) logger.error(logTpl, values);
-          else if (response.status >= 400) logger.warn(logTpl, values);
-          else logger.info(logTpl, values);
-          return response;
+          const spanCtx = span.spanContext();
+          return await withContext(
+            { traceId: spanCtx.traceId, spanId: spanCtx.spanId },
+            async () => {
+              const logger = getLogger(["fedify", "federation", "http"]);
+              if (span.isRecording()) {
+                for (const [k, v] of request.headers) {
+                  span.setAttribute(ATTR_HTTP_REQUEST_HEADER(k), [v]);
+                }
+              }
+              let response: Response;
+              try {
+                response = await this.#fetch(request, {
+                  ...options,
+                  span,
+                  tracer,
+                });
+                if (acceptsJsonLd(request)) {
+                  response.headers.set("Vary", "Accept");
+                }
+              } catch (error) {
+                span.setStatus({
+                  code: SpanStatusCode.ERROR,
+                  message: `${error}`,
+                });
+                span.end();
+                logger.error(
+                  "An error occurred while serving request " +
+                    "{method} {url}: {error}",
+                  { method: request.method, url: request.url, error },
+                );
+                throw error;
+              }
+              if (span.isRecording()) {
+                span.setAttribute(
+                  ATTR_HTTP_RESPONSE_STATUS_CODE,
+                  response.status,
+                );
+                for (const [k, v] of response.headers) {
+                  span.setAttribute(ATTR_HTTP_RESPONSE_HEADER(k), [v]);
+                }
+                span.setStatus({
+                  code: response.status >= 500
+                    ? SpanStatusCode.ERROR
+                    : SpanStatusCode.UNSET,
+                  message: response.statusText,
+                });
+              }
+              span.end();
+              const url = new URL(request.url);
+              const logTpl = "{method} {path}: {status}";
+              const values = {
+                method: request.method,
+                path: `${url.pathname}${url.search}`,
+                url: request.url,
+                status: response.status,
+              };
+              if (response.status >= 500) logger.error(logTpl, values);
+              else if (response.status >= 400) logger.warn(logTpl, values);
+              else logger.info(logTpl, values);
+              return response;
+            },
+          );
         },
       );
     });
diff --git a/packages/vocab/deno.json b/packages/vocab/deno.json
index 2659d9b5..bfa9d717 100644
--- a/packages/vocab/deno.json
+++ b/packages/vocab/deno.json
@@ -12,7 +12,6 @@
     "url": "https://hongminhee.org/"
   },
   "imports": {
-    "@opentelemetry/api": "npm:@opentelemetry/api@^1.9.0",
     "fast-check": "npm:fast-check@^3.22.0",
     "fetch-mock": "npm:fetch-mock@^12.5.2",
     "jsonld": "npm:jsonld@^9.0.0"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 32f3724c..7e6d02af 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -30,12 +30,24 @@ catalogs:
     '@opentelemetry/api':
       specifier: ^1.9.0
       version: 1.9.0
+    '@opentelemetry/context-async-hooks':
+      specifier: ^2.5.0
+      version: 2.5.0
     '@opentelemetry/core':
-      specifier: ^2.0.0
-      version: 2.2.0
+      specifier: ^2.5.0
+      version: 2.5.0
+    '@opentelemetry/exporter-trace-otlp-proto':
+      specifier: ^0.211.0
+      version: 0.211.0
+    '@opentelemetry/sdk-node':
+      specifier: ^0.211.0
+      version: 0.211.0
     '@opentelemetry/sdk-trace-base':
-      specifier: ^2.0.0
-      version: 2.2.0
+      specifier: ^2.5.0
+      version: 2.5.0
+    '@opentelemetry/semantic-conventions':
+      specifier: ^1.39.0
+      version: 1.39.0
     '@std/assert':
       specifier: jsr:^1.0.13
       version: 1.0.13
@@ -145,6 +157,9 @@ importers:
       '@fedify/cfworkers':
         specifier: workspace:^
         version: link:../packages/cfworkers
+      '@fedify/debugger':
+        specifier: workspace:^
+        version: link:../packages/debugger
       '@fedify/express':
         specifier: workspace:^
         version: link:../packages/express
@@ -211,15 +226,18 @@ importers:
       '@nestjs/common':
         specifier: 'catalog:'
         version: 11.1.4(reflect-metadata@0.2.2)(rxjs@7.8.2)
+      '@opentelemetry/api':
+        specifier: 'catalog:'
+        version: 1.9.0
       '@opentelemetry/exporter-trace-otlp-proto':
-        specifier: ^0.208.0
-        version: 0.208.0(@opentelemetry/api@1.9.0)
+        specifier: 'catalog:'
+        version: 0.211.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/sdk-node':
-        specifier: ^0.208.0
-        version: 0.208.0(@opentelemetry/api@1.9.0)
+        specifier: 'catalog:'
+        version: 0.211.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/sdk-trace-base':
         specifier: 'catalog:'
-        version: 2.2.0(@opentelemetry/api@1.9.0)
+        version: 2.5.0(@opentelemetry/api@1.9.0)
       '@sentry/node':
         specifier: ^8.47.0
         version: 8.55.0
@@ -833,6 +851,40 @@ importers:
         specifier: 'catalog:'
         version: 5.9.3
 
+  packages/debugger:
+    dependencies:
+      '@fedify/fedify':
+        specifier: workspace:^
+        version: link:../fedify
+      '@js-temporal/polyfill':
+        specifier: 'catalog:'
+        version: 0.5.1
+      '@logtape/logtape':
+        specifier: 'catalog:'
+        version: 2.0.0
+      '@opentelemetry/api':
+        specifier: 'catalog:'
+        version: 1.9.0
+      '@opentelemetry/context-async-hooks':
+        specifier: 'catalog:'
+        version: 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core':
+        specifier: 'catalog:'
+        version: 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base':
+        specifier: 'catalog:'
+        version: 2.5.0(@opentelemetry/api@1.9.0)
+      hono:
+        specifier: 'catalog:'
+        version: 4.8.3
+    devDependencies:
+      tsdown:
+        specifier: 'catalog:'
+        version: 0.12.9(typescript@5.9.3)
+      typescript:
+        specifier: 'catalog:'
+        version: 5.9.3
+
   packages/elysia:
     dependencies:
       '@fedify/fedify':
@@ -918,13 +970,13 @@ importers:
         version: 1.9.0
       '@opentelemetry/core':
         specifier: 'catalog:'
-        version: 2.2.0(@opentelemetry/api@1.9.0)
+        version: 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/sdk-trace-base':
         specifier: 'catalog:'
-        version: 2.2.0(@opentelemetry/api@1.9.0)
+        version: 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions':
-        specifier: ^1.27.0
-        version: 1.34.0
+        specifier: 'catalog:'
+        version: 1.39.0
       byte-encodings:
         specifier: 'catalog:'
         version: 1.0.11
@@ -997,10 +1049,10 @@ importers:
         version: 2.0.0
       '@opentelemetry/core':
         specifier: 'catalog:'
-        version: 2.2.0(@opentelemetry/api@1.9.0)
+        version: 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/sdk-trace-base':
         specifier: 'catalog:'
-        version: 2.2.0(@opentelemetry/api@1.9.0)
+        version: 2.5.0(@opentelemetry/api@1.9.0)
     devDependencies:
       '@js-temporal/polyfill':
         specifier: 'catalog:'
@@ -3145,8 +3197,8 @@ packages:
     resolution: {integrity: sha512-nn5ozdjYQpUCZlWGuxcJY/KpxkWQs4DcbMCmKojjyrYDEAGy4Ce19NN4v5MduafTwJlbKc99UA8YhSVqq9yPZA==}
     engines: {node: '>=12.4.0'}
 
-  '@opentelemetry/api-logs@0.208.0':
-    resolution: {integrity: sha512-CjruKY9V6NMssL/T1kAFgzosF1v9o6oeN+aX5JB/C/xPNtmgIJqcXHG7fA82Ou1zCpWGl4lROQUKwUNE1pMCyg==}
+  '@opentelemetry/api-logs@0.211.0':
+    resolution: {integrity: sha512-swFdZq8MCdmdR22jTVGQDhwqDzcI4M10nhjXkLr1EsIzXgZBqm4ZlmmcWsg3TSNf+3mzgOiqveXmBLZuDi2Lgg==}
     engines: {node: '>=8.0.0'}
 
   '@opentelemetry/api-logs@0.53.0':
@@ -3165,14 +3217,20 @@ packages:
     resolution: {integrity: sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==}
     engines: {node: '>=8.0.0'}
 
+  '@opentelemetry/configuration@0.211.0':
+    resolution: {integrity: sha512-PNsCkzsYQKyv8wiUIsH+loC4RYyblOaDnVASBtKS22hK55ToWs2UP6IsrcfSWWn54wWTvVe2gnfwz67Pvrxf2Q==}
+    engines: {node: ^18.19.0 || >=20.6.0}
+    peerDependencies:
+      '@opentelemetry/api': ^1.9.0
+
   '@opentelemetry/context-async-hooks@1.30.1':
     resolution: {integrity: sha512-s5vvxXPVdjqS3kTLKMeBMvop9hbWkwzBpu+mUO2M7sZtlkyDJGwFe33wRKnbaYDo8ExRVBIIdwIGrqpxHuKttA==}
     engines: {node: '>=14'}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/context-async-hooks@2.2.0':
-    resolution: {integrity: sha512-qRkLWiUEZNAmYapZ7KGS5C4OmBLcP/H2foXeOEaowYCR0wi89fHejrfYfbuLVCMLp/dWZXKvQusdbUEZjERfwQ==}
+  '@opentelemetry/context-async-hooks@2.5.0':
+    resolution: {integrity: sha512-uOXpVX0ZjO7heSVjhheW2XEPrhQAWr2BScDPoZ9UDycl5iuHG+Usyc3AIfG6kZeC1GyLpMInpQ6X5+9n69yOFw==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
@@ -3183,74 +3241,74 @@ packages:
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/core@2.2.0':
-    resolution: {integrity: sha512-FuabnnUm8LflnieVxs6eP7Z383hgQU4W1e3KJS6aOG3RxWxcHyBxH8fDMHNgu/gFx/M2jvTOW/4/PHhLz6bjWw==}
+  '@opentelemetry/core@2.5.0':
+    resolution: {integrity: sha512-ka4H8OM6+DlUhSAZpONu0cPBtPPTQKxbxVzC4CzVx5+K4JnroJVBtDzLAMx4/3CDTJXRvVFhpFjtl4SaiTNoyQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/exporter-logs-otlp-grpc@0.208.0':
-    resolution: {integrity: sha512-AmZDKFzbq/idME/yq68M155CJW1y056MNBekH9OZewiZKaqgwYN4VYfn3mXVPftYsfrCM2r4V6tS8H2LmfiDCg==}
+  '@opentelemetry/exporter-logs-otlp-grpc@0.211.0':
+    resolution: {integrity: sha512-UhOoWENNqyaAMP/dL1YXLkXt6ZBtovkDDs1p4rxto9YwJX1+wMjwg+Obfyg2kwpcMoaiIFT3KQIcLNW8nNGNfQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-logs-otlp-http@0.208.0':
-    resolution: {integrity: sha512-jOv40Bs9jy9bZVLo/i8FwUiuCvbjWDI+ZW13wimJm4LjnlwJxGgB+N/VWOZUTpM+ah/awXeQqKdNlpLf2EjvYg==}
+  '@opentelemetry/exporter-logs-otlp-http@0.211.0':
+    resolution: {integrity: sha512-c118Awf1kZirHkqxdcF+rF5qqWwNjJh+BB1CmQvN9AQHC/DUIldy6dIkJn3EKlQnQ3HmuNRKc/nHHt5IusN7mA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-logs-otlp-proto@0.208.0':
-    resolution: {integrity: sha512-Wy8dZm16AOfM7yddEzSFzutHZDZ6HspKUODSUJVjyhnZFMBojWDjSNgduyCMlw6qaxJYz0dlb0OEcb4Eme+BfQ==}
+  '@opentelemetry/exporter-logs-otlp-proto@0.211.0':
+    resolution: {integrity: sha512-kMvfKMtY5vJDXeLnwhrZMEwhZ2PN8sROXmzacFU/Fnl4Z79CMrOaL7OE+5X3SObRYlDUa7zVqaXp9ZetYCxfDQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-metrics-otlp-grpc@0.208.0':
-    resolution: {integrity: sha512-YbEnk7jjYmvhIwp2xJGkEvdgnayrA2QSr28R1LR1klDPvCxsoQPxE6TokDbQpoCEhD3+KmJVEXfb4EeEQxjymg==}
+  '@opentelemetry/exporter-metrics-otlp-grpc@0.211.0':
+    resolution: {integrity: sha512-D/U3G8L4PzZp8ot5hX9wpgbTymgtLZCiwR7heMe4LsbGV4OdctS1nfyvaQHLT6CiGZ6FjKc1Vk9s6kbo9SWLXQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-metrics-otlp-http@0.208.0':
-    resolution: {integrity: sha512-QZ3TrI90Y0i1ezWQdvreryjY0a5TK4J9gyDLIyhLBwV+EQUvyp5wR7TFPKCAexD4TDSWM0t3ulQDbYYjVtzTyA==}
+  '@opentelemetry/exporter-metrics-otlp-http@0.211.0':
+    resolution: {integrity: sha512-lfHXElPAoDSPpPO59DJdN5FLUnwi1wxluLTWQDayqrSPfWRnluzxRhD+g7rF8wbj1qCz0sdqABl//ug1IZyWvA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-metrics-otlp-proto@0.208.0':
-    resolution: {integrity: sha512-CvvVD5kRDmRB/uSMalvEF6kiamY02pB46YAqclHtfjJccNZFxbkkXkMMmcJ7NgBFa5THmQBNVQ2AHyX29nRxOw==}
+  '@opentelemetry/exporter-metrics-otlp-proto@0.211.0':
+    resolution: {integrity: sha512-61iNbffEpyZv/abHaz3BQM3zUtA2kVIDBM+0dS9RK68ML0QFLRGYa50xVMn2PYMToyfszEPEgFC3ypGae2z8FA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-prometheus@0.208.0':
-    resolution: {integrity: sha512-Rgws8GfIfq2iNWCD3G1dTD9xwYsCof1+tc5S5X0Ahdb5CrAPE+k5P70XCWHqrFFurVCcKaHLJ/6DjIBHWVfLiw==}
+  '@opentelemetry/exporter-prometheus@0.211.0':
+    resolution: {integrity: sha512-cD0WleEL3TPqJbvxwz5MVdVJ82H8jl8mvMad4bNU24cB5SH2mRW5aMLDTuV4614ll46R//R3RMmci26mc2L99g==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-trace-otlp-grpc@0.208.0':
-    resolution: {integrity: sha512-E/eNdcqVUTAT7BC+e8VOw/krqb+5rjzYkztMZ/o+eyJl+iEY6PfczPXpwWuICwvsm0SIhBoh9hmYED5Vh5RwIw==}
+  '@opentelemetry/exporter-trace-otlp-grpc@0.211.0':
+    resolution: {integrity: sha512-eFwx4Gvu6LaEiE1rOd4ypgAiWEdZu7Qzm2QNN2nJqPW1XDeAVH1eNwVcVQl+QK9HR/JCDZ78PZgD7xD/DBDqbw==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-trace-otlp-http@0.208.0':
-    resolution: {integrity: sha512-jbzDw1q+BkwKFq9yxhjAJ9rjKldbt5AgIy1gmEIJjEV/WRxQ3B6HcLVkwbjJ3RcMif86BDNKR846KJ0tY0aOJA==}
+  '@opentelemetry/exporter-trace-otlp-http@0.211.0':
+    resolution: {integrity: sha512-F1Rv3JeMkgS//xdVjbQMrI3+26e5SXC7vXA6trx8SWEA0OUhw4JHB+qeHtH0fJn46eFItrYbL5m8j4qi9Sfaxw==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-trace-otlp-proto@0.208.0':
-    resolution: {integrity: sha512-q844Jc3ApkZVdWYd5OAl+an3n1XXf3RWHa3Zgmnhw3HpsM3VluEKHckUUEqHPzbwDUx2lhPRVkqK7LsJ/CbDzA==}
+  '@opentelemetry/exporter-trace-otlp-proto@0.211.0':
+    resolution: {integrity: sha512-DkjXwbPiqpcPlycUojzG2RmR0/SIK8Gi9qWO9znNvSqgzrnAIE9x2n6yPfpZ+kWHZGafvsvA1lVXucTyyQa5Kg==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/exporter-zipkin@2.2.0':
-    resolution: {integrity: sha512-VV4QzhGCT7cWrGasBWxelBjqbNBbyHicWWS/66KoZoe9BzYwFB72SH2/kkc4uAviQlO8iwv2okIJy+/jqqEHTg==}
+  '@opentelemetry/exporter-zipkin@2.5.0':
+    resolution: {integrity: sha512-bk9VJgFgUAzkZzU8ZyXBSWiUGLOM3mZEgKJ1+jsZclhRnAoDNf+YBdq+G9R3cP0+TKjjWad+vVrY/bE/vRR9lA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.0.0
@@ -3399,8 +3457,8 @@ packages:
     peerDependencies:
       '@opentelemetry/api': ^1.7.0
 
-  '@opentelemetry/instrumentation@0.208.0':
-    resolution: {integrity: sha512-Eju0L4qWcQS+oXxi6pgh7zvE2byogAkcsVv0OjHF/97iOz1N/aKE6etSGowYkie+YA1uo6DNwdSxaaNnLvcRlA==}
+  '@opentelemetry/instrumentation@0.211.0':
+    resolution: {integrity: sha512-h0nrZEC/zvI994nhg7EgQ8URIHt0uDTwN90r3qQUdZORS455bbx+YebnGeEuFghUT0HlJSrLF4iHw67f+odY+Q==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
@@ -3423,32 +3481,32 @@ packages:
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/otlp-exporter-base@0.208.0':
-    resolution: {integrity: sha512-gMd39gIfVb2OgxldxUtOwGJYSH8P1kVFFlJLuut32L6KgUC4gl1dMhn+YC2mGn0bDOiQYSk/uHOdSjuKp58vvA==}
+  '@opentelemetry/otlp-exporter-base@0.211.0':
+    resolution: {integrity: sha512-bp1+63V8WPV+bRI9EQG6E9YID1LIHYSZVbp7f+44g9tRzCq+rtw/o4fpL5PC31adcUsFiz/oN0MdLISSrZDdrg==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/otlp-grpc-exporter-base@0.208.0':
-    resolution: {integrity: sha512-fGvAg3zb8fC0oJAzfz7PQppADI2HYB7TSt/XoCaBJFi1mSquNUjtHXEoviMgObLAa1NRIgOC1lsV1OUKi+9+lQ==}
+  '@opentelemetry/otlp-grpc-exporter-base@0.211.0':
+    resolution: {integrity: sha512-mR5X+N4SuphJeb7/K7y0JNMC8N1mB6gEtjyTLv+TSAhl0ZxNQzpSKP8S5Opk90fhAqVYD4R0SQSAirEBlH1KSA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/otlp-transformer@0.208.0':
-    resolution: {integrity: sha512-DCFPY8C6lAQHUNkzcNT9R+qYExvsk6C5Bto2pbNxgicpcSWbe2WHShLxkOxIdNcBiYPdVHv/e7vH7K6TI+C+fQ==}
+  '@opentelemetry/otlp-transformer@0.211.0':
+    resolution: {integrity: sha512-julhCJ9dXwkOg9svuuYqqjXLhVaUgyUvO2hWbTxwjvLXX2rG3VtAaB0SzxMnGTuoCZizBT7Xqqm2V7+ggrfCXA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': ^1.3.0
 
-  '@opentelemetry/propagator-b3@2.2.0':
-    resolution: {integrity: sha512-9CrbTLFi5Ee4uepxg2qlpQIozoJuoAZU5sKMx0Mn7Oh+p7UrgCiEV6C02FOxxdYVRRFQVCinYR8Kf6eMSQsIsw==}
+  '@opentelemetry/propagator-b3@2.5.0':
+    resolution: {integrity: sha512-g10m4KD73RjHrSvUge+sUxUl8m4VlgnGc6OKvo68a4uMfaLjdFU+AULfvMQE/APq38k92oGUxEzBsAZ8RN/YHg==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/propagator-jaeger@2.2.0':
-    resolution: {integrity: sha512-FfeOHOrdhiNzecoB1jZKp2fybqmqMPJUXe2ZOydP7QzmTPYcfPeuaclTLYVhK3HyJf71kt8sTl92nV4YIaLaKA==}
+  '@opentelemetry/propagator-jaeger@2.5.0':
+    resolution: {integrity: sha512-t70ErZCncAR/zz5AcGkL0TF25mJiK1FfDPEQCgreyAHZ+mRJ/bNUiCnImIBDlP3mSDXy6N09DbUEKq0ktW98Hg==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
@@ -3463,26 +3521,26 @@ packages:
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/resources@2.2.0':
-    resolution: {integrity: sha512-1pNQf/JazQTMA0BiO5NINUzH0cbLbbl7mntLa4aJNmCCXSj0q03T5ZXXL0zw4G55TjdL9Tz32cznGClf+8zr5A==}
+  '@opentelemetry/resources@2.5.0':
+    resolution: {integrity: sha512-F8W52ApePshpoSrfsSk1H2yJn9aKjCrbpQF1M9Qii0GHzbfVeFUB+rc3X4aggyZD8x9Gu3Slua+s6krmq6Dt8g==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.3.0 <1.10.0'
 
-  '@opentelemetry/sdk-logs@0.208.0':
-    resolution: {integrity: sha512-QlAyL1jRpOeaqx7/leG1vJMp84g0xKP6gJmfELBpnI4O/9xPX+Hu5m1POk9Kl+veNkyth5t19hRlN6tNY1sjbA==}
+  '@opentelemetry/sdk-logs@0.211.0':
+    resolution: {integrity: sha512-O5nPwzgg2JHzo59kpQTPUOTzFi0Nv5LxryG27QoXBciX3zWM3z83g+SNOHhiQVYRWFSxoWn1JM2TGD5iNjOwdA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.4.0 <1.10.0'
 
-  '@opentelemetry/sdk-metrics@2.2.0':
-    resolution: {integrity: sha512-G5KYP6+VJMZzpGipQw7Giif48h6SGQ2PFKEYCybeXJsOCB4fp8azqMAAzE5lnnHK3ZVwYQrgmFbsUJO/zOnwGw==}
+  '@opentelemetry/sdk-metrics@2.5.0':
+    resolution: {integrity: sha512-BeJLtU+f5Gf905cJX9vXFQorAr6TAfK3SPvTFqP+scfIpDQEJfRaGJWta7sJgP+m4dNtBf9y3yvBKVAZZtJQVA==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.9.0 <1.10.0'
 
-  '@opentelemetry/sdk-node@0.208.0':
-    resolution: {integrity: sha512-pbAqpZ7zTMFuTf3YecYsecsto/mheuvnK2a/jgstsE5ynWotBjgF5bnz5500W9Xl2LeUfg04WMt63TWtAgzRMw==}
+  '@opentelemetry/sdk-node@0.211.0':
+    resolution: {integrity: sha512-+s1eGjoqmPCMptNxcJJD4IxbWJKNLOQFNKhpwkzi2gLkEbCj6LzSHJNhPcLeBrBlBLtlSpibM+FuS7fjZ8SSFQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.3.0 <1.10.0'
@@ -3493,14 +3551,14 @@ packages:
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
 
-  '@opentelemetry/sdk-trace-base@2.2.0':
-    resolution: {integrity: sha512-xWQgL0Bmctsalg6PaXExmzdedSp3gyKV8mQBwK/j9VGdCDu2fmXIb2gAehBKbkXCpJ4HPkgv3QfoJWRT4dHWbw==}
+  '@opentelemetry/sdk-trace-base@2.5.0':
+    resolution: {integrity: sha512-VzRf8LzotASEyNDUxTdaJ9IRJ1/h692WyArDBInf5puLCjxbICD6XkHgpuudis56EndyS7LYFmtTMny6UABNdQ==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.3.0 <1.10.0'
 
-  '@opentelemetry/sdk-trace-node@2.2.0':
-    resolution: {integrity: sha512-+OaRja3f0IqGG2kptVeYsrZQK9nKRSpfFrKtRBq4uh6nIB8bTBgaGvYQrQoRrQWQMA5dK5yLhDMDc0dvYvCOIQ==}
+  '@opentelemetry/sdk-trace-node@2.5.0':
+    resolution: {integrity: sha512-O6N/ejzburFm2C84aKNrwJVPpt6HSTSq8T0ZUMq3xT2XmqT4cwxUItcL5UWGThYuq8RTcbH8u1sfj6dmRci0Ow==}
     engines: {node: ^18.19.0 || >=20.6.0}
     peerDependencies:
       '@opentelemetry/api': '>=1.0.0 <1.10.0'
@@ -3517,6 +3575,10 @@ packages:
     resolution: {integrity: sha512-aKcOkyrorBGlajjRdVoJWHTxfxO1vCNHLJVlSDaRHDIdjU+pX8IYQPvPDkYiujKLbRnWU+1TBwEt0QRgSm4SGA==}
     engines: {node: '>=14'}
 
+  '@opentelemetry/semantic-conventions@1.39.0':
+    resolution: {integrity: sha512-R5R9tb2AXs2IRLNKLBJDynhkfmx7mX0vi8NkhZb3gUkPWHn6HXk5J8iQ/dql0U3ApfWym4kXXmBDRGO+oeOfjg==}
+    engines: {node: '>=14'}
+
   '@opentelemetry/sql-common@0.40.1':
     resolution: {integrity: sha512-nSDlnHSqzC3pXn/wZEZVLuAuJ1MYMXPBwtv2qAbCa3847SaHItdE7SzUq/Jtb0KZmh1zfAbNi3AAMjztTT4Ugg==}
     engines: {node: '>=14'}
@@ -7713,6 +7775,10 @@ packages:
     resolution: {integrity: sha512-sildjKwVqOI2kmFDiXQ6aEB0fjYTafpEvIBs8tOR8qI4spuL9OPROLVu2qZqi/xgCfsHIwVqlaF8JBjWFHnKbw==}
     engines: {node: '>=12.0.0'}
 
+  protobufjs@8.0.0:
+    resolution: {integrity: sha512-jx6+sE9h/UryaCZhsJWbJtTEy47yXoGNYI4z8ZaRncM0zBKeRqjO2JEcOUYwrYGb1WLhXM1FfMzW3annvFv0rw==}
+    engines: {node: '>=12.0.0'}
+
   proxy-addr@2.0.7:
     resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==}
     engines: {node: '>= 0.10'}
@@ -10527,7 +10593,7 @@ snapshots:
 
   '@nolyfill/is-core-module@1.0.39': {}
 
-  '@opentelemetry/api-logs@0.208.0':
+  '@opentelemetry/api-logs@0.211.0':
     dependencies:
       '@opentelemetry/api': 1.9.0
 
@@ -10545,11 +10611,17 @@ snapshots:
 
   '@opentelemetry/api@1.9.0': {}
 
+  '@opentelemetry/configuration@0.211.0(@opentelemetry/api@1.9.0)':
+    dependencies:
+      '@opentelemetry/api': 1.9.0
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      yaml: 2.8.1
+
   '@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
 
-  '@opentelemetry/context-async-hooks@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/context-async-hooks@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
 
@@ -10558,114 +10630,114 @@ snapshots:
       '@opentelemetry/api': 1.9.0
       '@opentelemetry/semantic-conventions': 1.28.0
 
-  '@opentelemetry/core@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/core@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
       '@opentelemetry/semantic-conventions': 1.34.0
 
-  '@opentelemetry/exporter-logs-otlp-grpc@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-logs-otlp-grpc@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@grpc/grpc-js': 1.13.4
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-grpc-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-grpc-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-logs': 0.211.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-logs-otlp-http@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-logs-otlp-http@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/api-logs': 0.211.0
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-logs': 0.211.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-logs-otlp-proto@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-logs-otlp-proto@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/api-logs': 0.211.0
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-logs': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-metrics-otlp-grpc@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-metrics-otlp-grpc@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@grpc/grpc-js': 1.13.4
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-metrics-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-grpc-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-metrics-otlp-http': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-grpc-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-metrics-otlp-http@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-metrics-otlp-http@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-metrics-otlp-proto@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-metrics-otlp-proto@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-metrics-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-metrics-otlp-http': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-prometheus@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-prometheus@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-trace-otlp-grpc@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-trace-otlp-grpc@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@grpc/grpc-js': 1.13.4
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-grpc-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-grpc-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-trace-otlp-http@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-trace-otlp-http@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-trace-otlp-proto@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-trace-otlp-proto@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/exporter-zipkin@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/exporter-zipkin@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.34.0
 
   '@opentelemetry/instrumentation-amqplib@0.46.1(@opentelemetry/api@1.9.0)':
@@ -10876,10 +10948,10 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@opentelemetry/instrumentation@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/instrumentation@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
+      '@opentelemetry/api-logs': 0.211.0
       import-in-the-middle: 2.0.1
       require-in-the-middle: 8.0.1
     transitivePeerDependencies:
@@ -10921,40 +10993,40 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@opentelemetry/otlp-exporter-base@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/otlp-exporter-base@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/otlp-grpc-exporter-base@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/otlp-grpc-exporter-base@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@grpc/grpc-js': 1.13.4
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-exporter-base': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/otlp-transformer': 0.208.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-exporter-base': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/otlp-transformer': 0.211.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/otlp-transformer@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/otlp-transformer@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
-      protobufjs: 7.5.3
+      '@opentelemetry/api-logs': 0.211.0
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-logs': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
+      protobufjs: 8.0.0
 
-  '@opentelemetry/propagator-b3@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/propagator-b3@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/propagator-jaeger@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/propagator-jaeger@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
 
   '@opentelemetry/redis-common@0.36.2': {}
 
@@ -10964,49 +11036,51 @@ snapshots:
       '@opentelemetry/core': 1.30.1(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.28.0
 
-  '@opentelemetry/resources@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/resources@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.34.0
 
-  '@opentelemetry/sdk-logs@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/sdk-logs@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/api-logs': 0.211.0
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/sdk-metrics@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/sdk-metrics@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
 
-  '@opentelemetry/sdk-node@0.208.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/sdk-node@0.211.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/api-logs': 0.208.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-logs-otlp-grpc': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-logs-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-logs-otlp-proto': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-metrics-otlp-grpc': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-metrics-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-metrics-otlp-proto': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-prometheus': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-trace-otlp-grpc': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-trace-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-trace-otlp-proto': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/exporter-zipkin': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/instrumentation': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/propagator-b3': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/propagator-jaeger': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-metrics': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-node': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/api-logs': 0.211.0
+      '@opentelemetry/configuration': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/context-async-hooks': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-logs-otlp-grpc': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-logs-otlp-http': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-logs-otlp-proto': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-metrics-otlp-grpc': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-metrics-otlp-http': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-metrics-otlp-proto': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-prometheus': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-trace-otlp-grpc': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-trace-otlp-http': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-trace-otlp-proto': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/exporter-zipkin': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/instrumentation': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/propagator-b3': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/propagator-jaeger': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-logs': 0.211.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-metrics': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-node': 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.34.0
     transitivePeerDependencies:
       - supports-color
@@ -11018,19 +11092,19 @@ snapshots:
       '@opentelemetry/resources': 1.30.1(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.28.0
 
-  '@opentelemetry/sdk-trace-base@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/sdk-trace-base@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/resources': 2.5.0(@opentelemetry/api@1.9.0)
       '@opentelemetry/semantic-conventions': 1.34.0
 
-  '@opentelemetry/sdk-trace-node@2.2.0(@opentelemetry/api@1.9.0)':
+  '@opentelemetry/sdk-trace-node@2.5.0(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
-      '@opentelemetry/context-async-hooks': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
-      '@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/context-async-hooks': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/core': 2.5.0(@opentelemetry/api@1.9.0)
+      '@opentelemetry/sdk-trace-base': 2.5.0(@opentelemetry/api@1.9.0)
 
   '@opentelemetry/semantic-conventions@1.27.0': {}
 
@@ -11038,6 +11112,8 @@ snapshots:
 
   '@opentelemetry/semantic-conventions@1.34.0': {}
 
+  '@opentelemetry/semantic-conventions@1.39.0': {}
+
   '@opentelemetry/sql-common@0.40.1(@opentelemetry/api@1.9.0)':
     dependencies:
       '@opentelemetry/api': 1.9.0
@@ -16139,6 +16215,21 @@ snapshots:
       '@types/node': 24.3.0
       long: 5.3.2
 
+  protobufjs@8.0.0:
+    dependencies:
+      '@protobufjs/aspromise': 1.1.2
+      '@protobufjs/base64': 1.1.2
+      '@protobufjs/codegen': 2.0.4
+      '@protobufjs/eventemitter': 1.1.0
+      '@protobufjs/fetch': 1.1.0
+      '@protobufjs/float': 1.0.2
+      '@protobufjs/inquire': 1.1.0
+      '@protobufjs/path': 1.1.2
+      '@protobufjs/pool': 1.1.0
+      '@protobufjs/utf8': 1.1.0
+      '@types/node': 24.3.0
+      long: 5.3.2
+
   proxy-addr@2.0.7:
     dependencies:
       forwarded: 0.2.0
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 7577ca83..cc1cd4cf 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -2,6 +2,7 @@ packages:
 - packages/amqp
 - packages/cfworkers
 - packages/cli
+- packages/debugger
 - packages/elysia
 - packages/express
 - packages/fastify
@@ -42,8 +43,12 @@ catalog:
   "@logtape/logtape": ^2.0.0
   "@multiformats/base-x": ^4.0.1
   "@opentelemetry/api": ^1.9.0
-  "@opentelemetry/core": ^2.0.0
-  "@opentelemetry/sdk-trace-base": ^2.0.0
+  "@opentelemetry/exporter-trace-otlp-proto": ^0.211.0
+  "@opentelemetry/context-async-hooks": ^2.5.0
+  "@opentelemetry/core": ^2.5.0
+  "@opentelemetry/sdk-node": ^0.211.0
+  "@opentelemetry/sdk-trace-base": ^2.5.0
+  "@opentelemetry/semantic-conventions": ^1.39.0
   "@std/assert": "jsr:^1.0.13"
   "@std/async": "jsr:^1.0.13"
   "@std/path": "jsr:^1.0.6"