diff --git a/models/activitypub/actor.go b/models/activitypub/actor.go
index 3c8f497ff4..9a950cb362 100644
--- a/models/activitypub/actor.go
+++ b/models/activitypub/actor.go
@@ -123,7 +123,7 @@ func removeEmptyStrings(ls []string) []string {
 	return rs
 }
 
-func ValidateAndParseIRI(unvalidatedIRI string) (url.URL, error) {
+func ValidateAndParseIRI(unvalidatedIRI string) (url.URL, error) { // ToDo: Validate that it is not the same host as ours.
 	err := validate_is_not_empty(unvalidatedIRI) // url.Parse seems to accept empty strings?
 	if err != nil {
 		return url.URL{}, err
@@ -142,7 +142,7 @@ func ValidateAndParseIRI(unvalidatedIRI string) (url.URL, error) {
 }
 
 // TODO: This parsing is very Person-Specific. We should adjust the name & move to a better location (maybe forgefed package?)
-func ParseActorID(validatedURL url.URL, source string) ActorID {
+func ParseActorID(validatedURL url.URL, source string) ActorID { // ToDo: Turn this into a factory function and do not split parsing and validation rigurously
 
 	pathWithUserID := strings.Split(validatedURL.Path, "/")
 
diff --git a/modules/activitypub/client.go b/modules/activitypub/client.go
index f95b5e9a7e..b8fbb8e4de 100644
--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@@ -125,7 +125,7 @@ func (c *Client) Post(b []byte, to string) (resp *http.Response, err error) {
 }
 
 // Create an http GET request with forgejo/gitea specific headers
-func (c *Client) Get(b []byte, to string) (resp *http.Response, err error) {
+func (c *Client) Get(b []byte, to string) (resp *http.Response, err error) { // ToDo: we might not need the b parameter
 	var req *http.Request
 	if req, err = c.NewRequest(http.MethodGet, b, to); err != nil {
 		return nil, err
diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go
index 6bc8762ffb..419374c6f7 100644
--- a/routers/api/v1/activitypub/repository.go
+++ b/routers/api/v1/activitypub/repository.go
@@ -93,7 +93,7 @@ func searchUsersByPerson(actorId string) ([]*user_model.User, error) {
 
 }
 
-func getBody(remoteStargazer, starReceiver string, ctx *context.APIContext) ([]byte, error) {
+func getBody(remoteStargazer, starReceiver string, ctx *context.APIContext) ([]byte, error) { // ToDo: We could split this: move body reading to unmarshall
 
 	// TODO: The star receiver signs the http get request will maybe not work.
 	// The remote repo has probably diferent keys as the local one.
@@ -101,7 +101,7 @@ func getBody(remoteStargazer, starReceiver string, ctx *context.APIContext) ([]b
 	// Why should we use a signed request here at all?
 	// > To provide an extra layer of security against in flight tampering: https://github.com/go-fed/httpsig/blob/55836744818e/httpsig.go#L116
 
-	client, err := api.NewClient(ctx, actionsUser, starReceiver)
+	client, err := api.NewClient(ctx, actionsUser, starReceiver) // ToDo: Do we get a publicKeyId of owner or repo?
 	if err != nil {
 		return []byte{0}, err
 	}
diff --git a/routers/api/v1/activitypub/repository_test.go b/routers/api/v1/activitypub/repository_test.go
new file mode 100644
index 0000000000..b9349029c4
--- /dev/null
+++ b/routers/api/v1/activitypub/repository_test.go
@@ -0,0 +1,3 @@
+package activitypub
+
+// ToDo: maybe some unit tests for the functions written in repository.go