I have it in a private repo for now. I’m still working out how to package it in a modular way (core server-independent test suite and the server-specific drivers).
Bovine has a nice test suite although it’s server-specific (which is perfectly ok). I used Bovine as a PoC for my suite because it’s written in Python and has minimal dependencies on external services. ActivityPub Express has a very nice, server-specific unit test suite too.
I’m also still deciding how to handle the fuzzy edges of AP. There are many ways to implement an AP server that will not interoperate with other compliant AP servers. One example is the use of object references versus embedded objects in messages. Servers should be able to process any message with object references instead of embedded objects (as @Natureshadow has previously discussed), but it’s rare that they can. Another example is that most servers cannot handle multi-typed Activity (or other Object) messages (important for vocabulary extensibility). Few can handle multi-object Activity messages although my understanding is that this is AP/AS2-compliant if they did since object is not a functional AS2 predicate.
I’m not sure how to effectively test the vague authorization requirements in the specification other than having the server-specific driver identify a case where its specific authz implementation would not authorize the operation being tested. Absent that, m,y tests currently make some assumptions based on as:Public visibility, recipient fields, and object attribution.
Many developers decide to do whatever is roughly compatible with Mastodon microblogging and assume other servers will do the same. It’s theoretically possible to extend my test suite with an optional category of tests for Mastodon interop, but that’s not my focus at the moment.