@atproto/bsky 0.0.234 → 0.0.236

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.234",
+  "version": "0.0.236",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -48,14 +48,14 @@
     "uint8arrays": "^5.0.0",
     "undici": "^6.19.8",
     "zod": "3.23.8",
-    "@atproto-labs/fetch-node": "^0.3.0",
     "@atproto-labs/xrpc-utils": "^0.1.0",
-    "@atproto/api": "^0.20.5",
+    "@atproto-labs/fetch-node": "^0.3.0",
+    "@atproto/api": "^0.20.7",
     "@atproto/common": "^0.6.1",
     "@atproto/crypto": "^0.5.0",
-    "@atproto/did": "^0.4.0",
+    "@atproto/did": "^0.5.0",
     "@atproto/identity": "^0.5.0",
-    "@atproto/lex": "^0.1.2",
+    "@atproto/lex": "^0.1.3",
     "@atproto/repo": "^0.10.0",
     "@atproto/sync": "^0.3.1",
     "@atproto/syntax": "^0.6.1",
@@ -74,7 +74,7 @@
     "ts-node": "^10.8.2",
     "typescript": "^6.0.3",
     "vitest": "^4.0.16",
-    "@atproto/pds": "^0.5.0"
+    "@atproto/pds": "^0.5.1"
   },
   "type": "module",
   "exports": {

package/src/hydration/external.ts

@@ -1,6 +1,7 @@
 import { AtUriString } from '@atproto/syntax'
 import { DataPlaneClient } from '../data-plane/client/index.js'
 import { site } from '../lexicons/index.js'
+import { hydrationLogger } from '../logger.js'
 import {
   GetSiteStandardRecordsByRefResponse,
   GetSiteStandardRecordsByURIResponse,
@@ -162,6 +163,14 @@ export const getSiteStandardRecordsFromHydrationMapsByRefs = (
   // (or tampered with), so reject the whole pairing.
   if (document && publication) {
     if (document.info.record.site !== publication.ref.uri) {
+      hydrationLogger.warn(
+        {
+          documentUri: document.ref.uri,
+          documentSite: document.info.record.site,
+          publicationUri: publication.ref.uri,
+        },
+        'site.standard byRefs lookup failed: doc.site does not match hydrated publication.uri',
+      )
       return { document: undefined, publication: undefined }
     }
   }
@@ -172,6 +181,10 @@ export const getSiteStandardRecordsFromHydrationMapsByRefs = (
   if (document && !publication) {
     const site = document.info.record.site
     if (site && site.startsWith('at://')) {
+      hydrationLogger.warn(
+        { documentUri: document.ref.uri, documentSite: site },
+        'site.standard byRefs lookup failed: document.site is AT URI but no matching publication was hydrated',
+      )
       return { document: undefined, publication: undefined }
     }
   }
@@ -234,6 +247,10 @@ export const getSiteStandardRecordsFromHydrationMapsByDocumentUri = (
         }
       }
       if (!publication) {
+        hydrationLogger.warn(
+          { documentUri: document.ref.uri, documentSite: site },
+          'site.standard byDocumentUri lookup failed: document.site is AT URI but no matching publication was hydrated',
+        )
         return { document: undefined, publication: undefined }
       }
     }

package/src/hydration/hydrator.ts

@@ -277,6 +277,30 @@ export class Hydrator {
       this.label.getLabelsForSubjects(labelSubjectsForDid(dids), ctx.labelers),
       this.hydrateProfileViewers(dids, ctx),
     ])
+    // Hydrate verification issuer actors so the verification view can expose
+    // the issuer's current handle and displayName. Skipped when no hydrated
+    // actor has any verifications, which is the common case.
+    const issuerDids: DidString[] = []
+    const issuerDidSet = new Set<DidString>()
+    for (const actor of actors.values()) {
+      if (!actor) continue
+      for (const verification of actor.verifications) {
+        const issuer = verification.issuer
+        if (actors.has(issuer) || issuerDidSet.has(issuer)) continue
+        issuerDidSet.add(issuer)
+        issuerDids.push(issuer)
+      }
+    }
+    if (issuerDids.length > 0) {
+      const issuerActors = await this.actor.getActors(issuerDids, {
+        includeTakedowns,
+      })
+      // Merge into actors without overwriting existing entries (the original
+      // dids may have been fetched with skipCacheForDids, etc.).
+      for (const [did, actor] of issuerActors) {
+        if (!actors.has(did)) actors.set(did, actor)
+      }
+    }
     if (!includeTakedowns) {
       actionTakedownLabels(dids, actors, labels)
     }

package/src/util/standard-site.test.ts

@@ -101,6 +101,13 @@ describe(validateStandardSiteForUrl, () => {
         validateStandardSiteForUrl(undefined, pub, 'https://other.com'),
       ).toBe(false)
     })
+
+    it('accepts when assumedUrl has a trailing slash and publication.url does not', () => {
+      const pub = makePub({ url: 'https://atproto.com/blog' })
+      expect(
+        validateStandardSiteForUrl(undefined, pub, 'https://atproto.com/blog/'),
+      ).toBe(true)
+    })
   })
 
   describe('neither', () => {
@@ -268,4 +275,149 @@ describe(validateStandardSiteForUrl, () => {
       })
     }
   })
+
+  describe('subpath-friendly hosts', () => {
+    // Allowlist of hosts where each record's author owns the full subpath
+    // space under their canonical record URL. These platforms typically
+    // serve dynamic per-record subpaths (page numbers, revision ids,
+    // comment threads, etc.) under the same slug, so an `assumedUrl` with
+    // extra path segments past the record URL is still authentic content.
+    for (const { note, baseUrl, path, assumedUrl, expected } of [
+      // Allowlisted apex domain (subdomain) — extra path segments accepted.
+      {
+        note: 'pckt.blog subdomain accepts extra path segments past the record URL',
+        baseUrl: 'https://waow-tech.pckt.blog',
+        path: '/typeahead-more-like-typebehind-amirite-tzgmqge',
+        assumedUrl:
+          'https://waow-tech.pckt.blog/typeahead-more-like-typebehind-amirite-tzgmqge/589/621',
+        expected: true,
+      },
+      {
+        note: 'leaflet.pub subdomain with one extra segment',
+        baseUrl: 'https://author.leaflet.pub',
+        path: '/post-slug',
+        assumedUrl: 'https://author.leaflet.pub/post-slug/v2',
+        expected: true,
+      },
+      {
+        note: 'offprint.app at apex with multi-segment extension',
+        baseUrl: 'https://offprint.app',
+        path: '/story/abc',
+        assumedUrl: 'https://offprint.app/story/abc/chapter/3',
+        expected: true,
+      },
+      // Allowlisted host but the assumed URL diverges from the path —
+      // still rejected; subpath is "extends with extra segments after a
+      // path-segment boundary," not "any URL on the same host."
+      {
+        note: 'pckt.blog rejects assumed URLs that diverge before the boundary',
+        baseUrl: 'https://blog.pckt.blog',
+        path: '/post-slug',
+        assumedUrl: 'https://blog.pckt.blog/different-post',
+        expected: false,
+      },
+      {
+        note: 'pckt.blog rejects partial-segment matches (no slash boundary)',
+        baseUrl: 'https://blog.pckt.blog',
+        path: '/foo',
+        assumedUrl: 'https://blog.pckt.blog/foobar',
+        expected: false,
+      },
+      // Non-allowlisted hosts — exact match still required.
+      {
+        note: 'arbitrary host rejects extra path segments',
+        baseUrl: 'https://example.com',
+        path: '/article',
+        assumedUrl: 'https://example.com/article/extra',
+        expected: false,
+      },
+      {
+        note: 'lookalike host (pckt.blog.evil.com) is NOT allowlisted',
+        baseUrl: 'https://pckt.blog.evil.com',
+        path: '/post',
+        assumedUrl: 'https://pckt.blog.evil.com/post/extra',
+        expected: false,
+      },
+      {
+        note: 'evilpckt.blog is NOT allowlisted (no subdomain dot before pckt.blog)',
+        baseUrl: 'https://evilpckt.blog',
+        path: '/post',
+        assumedUrl: 'https://evilpckt.blog/post/extra',
+        expected: false,
+      },
+      // Allowlist host with exact match still works (no regression).
+      {
+        note: 'pckt.blog still accepts exact match without subpath',
+        baseUrl: 'https://author.pckt.blog',
+        path: '/post-slug',
+        assumedUrl: 'https://author.pckt.blog/post-slug',
+        expected: true,
+      },
+      // Allowlist host with cross-host mismatch — still rejected.
+      {
+        note: 'allowlisted record host vs different host on assumed URL is rejected',
+        baseUrl: 'https://author.pckt.blog',
+        path: '/post',
+        assumedUrl: 'https://example.com/author.pckt.blog/post/extra',
+        expected: false,
+      },
+    ]) {
+      it(`doc + pub: ${note}`, () => {
+        const doc = makeDoc(
+          path === undefined ? { site: pubUri } : { site: pubUri, path },
+        )
+        const pub = makePub({ url: baseUrl })
+        expect(validateStandardSiteForUrl(doc, pub, assumedUrl)).toBe(expected)
+      })
+      it(`loose doc: ${note}`, () => {
+        const doc = makeDoc(
+          path === undefined ? { site: baseUrl } : { site: baseUrl, path },
+        )
+        expect(validateStandardSiteForUrl(doc, undefined, assumedUrl)).toBe(
+          expected,
+        )
+      })
+    }
+
+    // Publication-only validation never accepts subpaths — `assumedUrl`
+    // for a publication is the home-page URL, not an article underneath
+    // it. Subpath relaxation belongs to documents.
+    it('publication-only: allowlisted host still requires exact match', () => {
+      const pub = makePub({ url: 'https://author.pckt.blog' })
+      expect(
+        validateStandardSiteForUrl(
+          undefined,
+          pub,
+          'https://author.pckt.blog/some/sub/path',
+        ),
+      ).toBe(false)
+    })
+
+    it('publication-only: non-allowlisted host rejects subpath', () => {
+      const pub = makePub({ url: 'https://example.com' })
+      expect(
+        validateStandardSiteForUrl(
+          undefined,
+          pub,
+          'https://example.com/some/sub/path',
+        ),
+      ).toBe(false)
+    })
+
+    // Case-insensitivity on the host.
+    it('host comparison is case-insensitive', () => {
+      const doc = makeDoc({
+        site: pubUri,
+        path: '/post',
+      })
+      const pub = makePub({ url: 'https://Author.PCKT.blog' })
+      expect(
+        validateStandardSiteForUrl(
+          doc,
+          pub,
+          'https://author.pckt.BLOG/post/extra',
+        ),
+      ).toBe(true)
+    })
+  })
 })

package/src/util/standard-site.ts

@@ -53,6 +53,52 @@ const joinPath = (base: string, path: string): string => {
   return `${baseTrimmed}/${pathTrimmed}`
 }
 
+/**
+ * Apex domains whose authors own the full subpath space under their
+ * record-claimed URL. Each entry matches itself and any subdomain; e.g.
+ * `pckt.blog` matches `pckt.blog` and `waow-tech.pckt.blog`.
+ *
+ * On these domains, an `assumedUrl` whose pathname extends the canonical
+ * record URL with extra segments is treated as valid. Adding to this list
+ * is a trust call — only platforms where each record's URL space is
+ * authoritatively owned by its author belong here.
+ */
+const SUBPATH_FRIENDLY_DOMAINS = ['pckt.blog', 'leaflet.pub', 'offprint.app']
+
+const isSubpathFriendlyHost = (host: string): boolean => {
+  const lower = host.toLowerCase()
+  return SUBPATH_FRIENDLY_DOMAINS.some(
+    (domain) => lower === domain || lower.endsWith(`.${domain}`),
+  )
+}
+
+/**
+ * Return whether `recordUrl` and `assumedUrl` should validate as the same
+ * canonical content. Strictly equal canonical forms always match. On
+ * subpath-friendly hosts (see `SUBPATH_FRIENDLY_DOMAINS`), an `assumedUrl`
+ * whose path extends `recordUrl`'s with extra segments is also accepted.
+ *
+ * Both inputs are pre-canonicalized strings (`canonicalizeHttpUrl` output)
+ * with no trailing slash and no query/fragment.
+ */
+const canonicalUrlMatchesAssumed = (
+  canonicalRecordUrl: string,
+  canonicalAssumedUrl: string,
+): boolean => {
+  if (canonicalRecordUrl === canonicalAssumedUrl) return true
+  // Subpath fallback. Both strings are canonicalized, so a real
+  // path-segment boundary at `recordUrl + '/'` (e.g. `/foo` vs `/foo-bar`
+  // never matches; `/foo` vs `/foo/bar` does).
+  if (!canonicalAssumedUrl.startsWith(`${canonicalRecordUrl}/`)) return false
+  let host: string
+  try {
+    host = new URL(canonicalAssumedUrl).host
+  } catch {
+    return false
+  }
+  return isSubpathFriendlyHost(host)
+}
+
 /**
  * Confirm that the supplied SS records actually back `assumedUrl`. The
  * record-side URL is built by concatenating the publication URL (or the
@@ -74,13 +120,21 @@ const joinPath = (base: string, path: string): string => {
  * function runs the pair is already known to be structurally consistent,
  * so we only check whether the records back the URL.
  *
+ * For document validation, `SUBPATH_FRIENDLY_DOMAINS` (and their
+ * subdomains) accept an assumed URL whose path extends the canonical
+ * record URL with additional segments — these are platforms where each
+ * record's author owns the full subpath space under their claimed URL.
+ * Publication-only validation always requires exact match: there's no
+ * coherent "subpath" of a publication's home page.
+ *
  * Cases:
  * - Document + publication: `publication.url + document.path` must
- *   canonicalize to `assumedUrl`.
+ *   canonicalize to `assumedUrl` (or be a subpath-friendly prefix of it).
  * - Loose document (web-URL `site`): `document.site + document.path`
- *   must canonicalize to `assumedUrl`. (Doc with at-uri `site` but no
- *   publication can't reach this function — the lookups reject it.)
- * - Publication only: `publication.url` must canonicalize to
+ *   must canonicalize to `assumedUrl` (or be a subpath-friendly prefix).
+ *   (Doc with at-uri `site` but no publication can't reach this function
+ *   — the lookups reject it.)
+ * - Publication only: `publication.url` must canonicalize exactly to
  *   `assumedUrl`.
  * - Neither: vacuously valid; the caller short-circuits before we get
  *   here.
@@ -104,15 +158,22 @@ export const validateStandardSiteForUrl = (
     const joined = canonicalizeHttpUrl(
       joinPath(publication.info.record.url, document.info.record.path ?? ''),
     )
-    return joined === canonicalAssumed
+    return (
+      joined !== null && canonicalUrlMatchesAssumed(joined, canonicalAssumed)
+    )
   }
   if (document) {
     const joined = canonicalizeHttpUrl(
       joinPath(document.info.record.site, document.info.record.path ?? ''),
     )
-    return joined === canonicalAssumed
+    return (
+      joined !== null && canonicalUrlMatchesAssumed(joined, canonicalAssumed)
+    )
   }
   if (publication) {
+    // Publication-only matches are exact: `assumedUrl` represents the
+    // publication's home page, not an article underneath it. Subpath
+    // extensions belong to document validation.
     return canonicalizeHttpUrl(publication.info.record.url) === canonicalAssumed
   }
   return true

package/src/views/index.ts

@@ -1,4 +1,4 @@
-import { HOUR, MINUTE, mapDefined } from '@atproto/common'
+import { HOUR, MINUTE, dedupeStrs, mapDefined } from '@atproto/common'
 import {
   $Typed,
   Un$Typed,
@@ -535,14 +535,22 @@ export class Views {
       ({ issuer, uri, displayName, handle, createdAt }): VerificationView => {
         // @NOTE: We don't factor-in impersonation when evaluating the validity of each verification,
         // only in the overall profile verification validity.
+        // The verification record's `displayName`/`handle` are the *subject's* snapshot at
+        // verification time; we compare them to the subject's current values to determine validity.
         const isValid =
           !!displayName &&
           displayName === actor.profile?.displayName &&
           !!handle &&
           handle === actor.handle
 
+        // Expose the *issuer's* current handle/displayName, sourced from the
+        // issuer's hydrated actor record (see `Hydrator.hydrateProfiles`).
+        const issuerActor = state.actors?.get(issuer)
+
         return {
           issuer,
+          issuerDisplayName: issuerActor?.profile?.displayName,
+          issuerHandle: issuerActor?.handle,
           uri,
           isValid,
           createdAt,
@@ -2141,14 +2149,6 @@ export class Views {
       state,
       assumedUrl: embed.external.uri,
     })
-    // Profiles of the owners of pinned `associatedRefs`. Hydrator covers
-    // these DIDs alongside post-author profiles, so misses here only
-    // happen when an actor is unavailable (suspended, deleted, etc.) —
-    // drop those rather than emit `undefined` slots.
-    const associatedProfiles = mapDefined(
-      embed.external.associatedRefs ?? [],
-      (ref) => this.profileBasic(uriToDid(ref.uri), state),
-    ) as ProfileViewBasic[]
     return app.bsky.embed.external.view.$build({
       external: {
         uri: embed.external.uri,
@@ -2163,9 +2163,6 @@ export class Views {
           : undefined,
         ...ssView,
         associatedRefs: embed.external.associatedRefs,
-        associatedProfiles: associatedProfiles.length
-          ? associatedProfiles
-          : undefined,
       },
     })
   }
@@ -2263,7 +2260,7 @@ export class Views {
           documentUri: document?.ref.uri,
           publicationUri: publication?.ref.uri,
         },
-        'SS record(s) failed URL validation for external embed',
+        'site.standard URL validation failed',
       )
       return undefined
     }
@@ -2333,6 +2330,21 @@ export class Views {
       overlay.source = this.externalEmbedSource(publication)
     }
 
+    // Profiles of the owners of the records backing this embed. Hydrator
+    // covers these DIDs alongside post-author profiles, so misses here
+    // only happen when an actor is unavailable (suspended, deleted, etc.)
+    // — drop those rather than emit `undefined` slots.
+    const uniqueDids = dedupeStrs(
+      mapDefined([document?.ref.uri, publication?.ref.uri], (uri) =>
+        uri ? uriToDid(uri) : undefined,
+      ) as DidString[],
+    )
+    const associatedProfiles = mapDefined(uniqueDids, (did) =>
+      this.profileBasic(did, state),
+    ) as ProfileViewBasic[]
+    if (associatedProfiles.length)
+      overlay.associatedProfiles = associatedProfiles
+
     return overlay
   }
 

package/tests/views/profile.test.ts

@@ -724,18 +724,14 @@ describe('pds profile views', () => {
   })
 
   it('filters out Go zero-value dates from dataplane', async () => {
-    // Spy on the dataplane getActors method
-    const getActorsSpy = vi.spyOn(network.bsky.ctx.dataplane, 'getActors')
+    using getActorsSpy = vi.spyOn(network.bsky.ctx.dataplane, 'getActors')
 
-    // Call the original implementation but modify the result
     getActorsSpy.mockImplementationOnce(async (req) => {
-      // Call the real method
       const result = await network.bsky.ctx.dataplane.getActors(req)
 
-      // Modify the result to inject a Go zero-value date
+      // Inject a Go zero-value date (0001-01-01 00:00:00 UTC)
       if (result.actors.length > 0 && result.actors[0]) {
         const actor = result.actors[0]
-        // Create a Timestamp with Go zero-value (0001-01-01 00:00:00 UTC)
         const goZeroDate = new Date(-62135596800000)
         actor.createdAt = Timestamp.fromDate(goZeroDate)
       }
@@ -750,11 +746,8 @@ describe('pds profile views', () => {
       },
     )
 
-    // The createdAt should be undefined because the hydration layer filters it out
+    // The hydration layer filters Go zero-values out
     expect(data.createdAt).toBeUndefined()
-
-    // Clean up
-    getActorsSpy.mockRestore()
   })
 
   async function updateProfile(did: string, record: Record<string, unknown>) {

package/tests/views/verification.test.ts

@@ -78,6 +78,8 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier2',
+              issuerHandle: 'verifier2.test',
               isValid: true,
               issuer: verifier2,
               uri: expect.any(String),
@@ -115,12 +117,16 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier1',
+              issuerHandle: 'verifier1.test',
               isValid: true,
               issuer: verifier1,
               uri: expect.any(String),
             },
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier2',
+              issuerHandle: 'verifier2.test',
               isValid: true,
               issuer: verifier2,
               uri: expect.any(String),
@@ -141,12 +147,16 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier1',
+              issuerHandle: 'verifier1.test',
               isValid: true,
               issuer: verifier1,
               uri: expect.any(String),
             },
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier2',
+              issuerHandle: 'verifier2.test',
               isValid: false,
               issuer: verifier2,
               uri: expect.any(String),
@@ -167,6 +177,8 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier1',
+              issuerHandle: 'verifier1.test',
               isValid: true,
               issuer: verifier1,
               uri: expect.any(String),
@@ -193,6 +205,8 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier2',
+              issuerHandle: 'verifier2.test',
               isValid: false,
               issuer: verifier2,
               uri: expect.any(String),
@@ -219,6 +233,8 @@ describe('verification views', () => {
           verifications: [
             {
               createdAt: expect.any(String),
+              issuerDisplayName: 'display-verifier1',
+              issuerHandle: 'verifier1.test',
               isValid: true,
               issuer: verifier1,
               uri: expect.any(String),