@character-foundry/character-foundry 0.4.2-dev.1765997746 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/charx.cjs +36 -15
  2. package/dist/charx.cjs.map +1 -1
  3. package/dist/charx.d.cts +9 -18
  4. package/dist/charx.d.ts +9 -18
  5. package/dist/charx.js +36 -15
  6. package/dist/charx.js.map +1 -1
  7. package/dist/exporter.cjs +38 -34
  8. package/dist/exporter.cjs.map +1 -1
  9. package/dist/exporter.d.cts +9 -18
  10. package/dist/exporter.d.ts +9 -18
  11. package/dist/exporter.js +38 -34
  12. package/dist/exporter.js.map +1 -1
  13. package/dist/federation.cjs +36 -104
  14. package/dist/federation.cjs.map +1 -1
  15. package/dist/federation.d.cts +9 -53
  16. package/dist/federation.d.ts +9 -53
  17. package/dist/federation.js +36 -104
  18. package/dist/federation.js.map +1 -1
  19. package/dist/index.cjs +38 -34
  20. package/dist/index.cjs.map +1 -1
  21. package/dist/index.d.cts +21 -42
  22. package/dist/index.d.ts +21 -42
  23. package/dist/index.js +38 -34
  24. package/dist/index.js.map +1 -1
  25. package/dist/loader.cjs +15 -101
  26. package/dist/loader.cjs.map +1 -1
  27. package/dist/loader.d.cts +14 -42
  28. package/dist/loader.d.ts +14 -42
  29. package/dist/loader.js +15 -101
  30. package/dist/loader.js.map +1 -1
  31. package/dist/lorebook.d.cts +17 -34
  32. package/dist/lorebook.d.ts +17 -34
  33. package/dist/normalizer.cjs +2 -2
  34. package/dist/normalizer.cjs.map +1 -1
  35. package/dist/normalizer.d.cts +30 -60
  36. package/dist/normalizer.d.ts +30 -60
  37. package/dist/normalizer.js +2 -2
  38. package/dist/normalizer.js.map +1 -1
  39. package/dist/png.cjs +2 -2
  40. package/dist/png.cjs.map +1 -1
  41. package/dist/png.d.cts +16 -32
  42. package/dist/png.d.ts +16 -32
  43. package/dist/png.js +2 -2
  44. package/dist/png.js.map +1 -1
  45. package/dist/schemas.cjs +7 -7
  46. package/dist/schemas.cjs.map +1 -1
  47. package/dist/schemas.d.cts +48 -96
  48. package/dist/schemas.d.ts +48 -96
  49. package/dist/schemas.js +7 -7
  50. package/dist/schemas.js.map +1 -1
  51. package/dist/voxta.cjs +4 -21
  52. package/dist/voxta.cjs.map +1 -1
  53. package/dist/voxta.d.cts +14 -28
  54. package/dist/voxta.d.ts +14 -28
  55. package/dist/voxta.js +4 -21
  56. package/dist/voxta.js.map +1 -1
  57. package/package.json +6 -6
package/dist/federation.cjs CHANGED
@@ -50,7 +50,6 @@ __export(federation_exports, {
50
50
  createAnnounceActivity: () => createAnnounceActivity,
51
51
  createArchiveAdapter: () => createArchiveAdapter,
52
52
  createBlockActivity: () => createBlockActivity,
53
- createConsoleLogger: () => createConsoleLogger,
54
53
  createCreateActivity: () => createCreateActivity,
55
54
  createDeleteActivity: () => createDeleteActivity,
56
55
  createFlagActivity: () => createFlagActivity,
@@ -65,7 +64,6 @@ __export(federation_exports, {
65
64
  enableFederation: () => enableFederation,
66
65
  generateActivityId: () => generateActivityId,
67
66
  generateCardId: () => generateCardId,
68
- getFederationLogger: () => getLogger,
69
67
  handleActor: () => handleActor,
70
68
  handleInbox: () => handleInbox,
71
69
  handleNodeInfo: () => handleNodeInfo,
@@ -78,8 +76,6 @@ __export(federation_exports, {
78
76
  parseForkActivity: () => parseForkActivity,
79
77
  parseInstallActivity: () => parseInstallActivity,
80
78
  parseSignatureHeader: () => parseSignatureHeader,
81
- setFederationLogLevel: () => setLogLevel,
82
- setFederationLogger: () => setLogger,
83
79
  signRequest: () => signRequest,
84
80
  stCharacterToCCv3: () => stCharacterToCCv3,
85
81
  validateBlockActivityFields: () => validateBlockActivity,
@@ -137,50 +133,6 @@ function generateUUID() {
137
133
  }
138
134
 
139
135
  // ../federation/dist/index.js
140
- var LEVELS = {
141
- silent: 0,
142
- error: 1,
143
- warn: 2,
144
- info: 3,
145
- debug: 4
146
- };
147
- var noop = () => {
148
- };
149
- function createConsoleLogger(level = "warn") {
150
- const severity = LEVELS[level] ?? LEVELS.warn;
151
- const hasConsole = typeof console !== "undefined";
152
- const c = hasConsole ? console : void 0;
153
- const debugImpl = c?.debug ? c.debug.bind(c) : c?.log ? c.log.bind(c) : noop;
154
- const infoImpl = c?.info ? c.info.bind(c) : c?.log ? c.log.bind(c) : noop;
155
- const warnImpl = c?.warn ? c.warn.bind(c) : c?.log ? c.log.bind(c) : noop;
156
- const errorImpl = c?.error ? c.error.bind(c) : c?.log ? c.log.bind(c) : noop;
157
- return {
158
- debug: severity >= LEVELS.debug ? debugImpl : noop,
159
- info: severity >= LEVELS.info ? infoImpl : noop,
160
- warn: severity >= LEVELS.warn ? warnImpl : noop,
161
- error: severity >= LEVELS.error ? errorImpl : noop
162
- };
163
- }
164
- var federationLogger = createConsoleLogger("warn");
165
- function getLogger() {
166
- return federationLogger;
167
- }
168
- function setLogger(logger) {
169
- federationLogger = logger;
170
- }
171
- function setLogLevel(level) {
172
- federationLogger = createConsoleLogger(level);
173
- }
174
- function configureLogger(options) {
175
- if (!options) return;
176
- if (options.logger) {
177
- setLogger(options.logger);
178
- return;
179
- }
180
- if (options.logLevel) {
181
- setLogLevel(options.logLevel);
182
- }
183
- }
184
136
  var ACTIVITY_CONTEXT = [
185
137
  "https://www.w3.org/ns/activitystreams",
186
138
  {
@@ -539,7 +491,7 @@ var SyncEngine = class {
539
491
  try {
540
492
  listener(event);
541
493
  } catch (err) {
542
- getLogger().error("[federation] Event listener error:", err);
494
+ console.error(`Event listener error:`, err);
543
495
  }
544
496
  }
545
497
  }
@@ -1668,7 +1620,7 @@ var HttpPlatformAdapter = class extends BasePlatformAdapter {
1668
1620
  const data = await response.json();
1669
1621
  return this.config.transformers?.get ? this.config.transformers.get(data) : data;
1670
1622
  } catch (err) {
1671
- getLogger().error(`[federation] Failed to get card ${localId}:`, err);
1623
+ console.error(`Failed to get card ${localId}:`, err);
1672
1624
  return null;
1673
1625
  }
1674
1626
  }
@@ -2220,14 +2172,27 @@ function parseSignatureHeader(header) {
2220
2172
  return {
2221
2173
  keyId: params.keyId,
2222
2174
  algorithm: params.algorithm || "rsa-sha256",
2223
- headers: (params.headers || "(request-target) host date").trim().split(/\s+/).filter(Boolean).map((h) => h.toLowerCase()),
2175
+ headers: (params.headers || "(request-target) host date").split(" "),
2224
2176
  signature: params.signature
2225
2177
  };
2226
2178
  }
2227
2179
  function buildSigningString(method, path, headers, headerNames) {
2228
2180
  const result = buildSigningStringStrict(method, path, headers, headerNames);
2229
2181
  if (!result.success) {
2230
- throw new Error(result.error);
2182
+ console.warn(`[federation] Signature verification may fail: ${result.error}`);
2183
+ const lines = [];
2184
+ for (const name of headerNames) {
2185
+ if (name === "(request-target)") {
2186
+ lines.push(`(request-target): ${method.toLowerCase()} ${path}`);
2187
+ } else if (name === "(created)" || name === "(expires)") {
2188
+ } else {
2189
+ const value = headers.get(name);
2190
+ if (value !== null) {
2191
+ lines.push(`${name.toLowerCase()}: ${value}`);
2192
+ }
2193
+ }
2194
+ }
2195
+ return lines.join("\n");
2231
2196
  }
2232
2197
  return result.signingString;
2233
2198
  }
@@ -2236,17 +2201,16 @@ function buildSigningStringStrict(method, path, headers, headerNames) {
2236
2201
  const missingHeaders = [];
2237
2202
  const syntheticHeaders = /* @__PURE__ */ new Set(["(request-target)", "(created)", "(expires)"]);
2238
2203
  for (const name of headerNames) {
2239
- const normalizedName = name.toLowerCase();
2240
- if (normalizedName === "(request-target)") {
2204
+ if (name === "(request-target)") {
2241
2205
  lines.push(`(request-target): ${method.toLowerCase()} ${path}`);
2242
- } else if (normalizedName === "(created)") {
2243
- } else if (normalizedName === "(expires)") {
2206
+ } else if (name === "(created)") {
2207
+ } else if (name === "(expires)") {
2244
2208
  } else {
2245
- const value = headers.get(normalizedName);
2209
+ const value = headers.get(name);
2246
2210
  if (value !== null) {
2247
- lines.push(`${normalizedName}: ${value}`);
2248
- } else if (!syntheticHeaders.has(normalizedName)) {
2249
- missingHeaders.push(normalizedName);
2211
+ lines.push(`${name.toLowerCase()}: ${value}`);
2212
+ } else if (!syntheticHeaders.has(name)) {
2213
+ missingHeaders.push(name);
2250
2214
  }
2251
2215
  }
2252
2216
  }
@@ -2267,7 +2231,7 @@ async function verifyHttpSignature(parsed, publicKeyPem, method, path, headers,
2267
2231
  if (options.strictHeaders) {
2268
2232
  const strictResult = buildSigningStringStrict(method, path, headers, parsed.headers);
2269
2233
  if (!strictResult.success) {
2270
- getLogger().warn(`[federation] Strict header verification failed: ${strictResult.error}`);
2234
+ console.warn(`[federation] Strict header verification failed: ${strictResult.error}`);
2271
2235
  return false;
2272
2236
  }
2273
2237
  }
@@ -2287,7 +2251,7 @@ async function verifyHttpSignature(parsed, publicKeyPem, method, path, headers,
2287
2251
  data
2288
2252
  );
2289
2253
  } catch (error) {
2290
- getLogger().error("[federation] Signature verification failed:", error);
2254
+ console.error("Signature verification failed:", error);
2291
2255
  return false;
2292
2256
  }
2293
2257
  }
@@ -2425,7 +2389,7 @@ async function importPublicKey(pem) {
2425
2389
  ["verify"]
2426
2390
  );
2427
2391
  } catch (error) {
2428
- getLogger().error("[federation] Failed to import public key:", error);
2392
+ console.error("Failed to import public key:", error);
2429
2393
  return null;
2430
2394
  }
2431
2395
  }
@@ -2441,7 +2405,7 @@ async function importPrivateKey(pem) {
2441
2405
  ["sign"]
2442
2406
  );
2443
2407
  } catch (error) {
2444
- getLogger().error("[federation] Failed to import private key:", error);
2408
+ console.error("Failed to import private key:", error);
2445
2409
  return null;
2446
2410
  }
2447
2411
  }
@@ -2470,31 +2434,9 @@ function extractHostFromActorId(actorId) {
2470
2434
  return null;
2471
2435
  }
2472
2436
  }
2473
- function timingSafeEqualString(a, b) {
2474
- let mismatch = a.length === b.length ? 0 : 1;
2475
- const maxLen = Math.max(a.length, b.length);
2476
- for (let i = 0; i < maxLen; i++) {
2477
- const aCode = a.charCodeAt(i) || 0;
2478
- const bCode = b.charCodeAt(i) || 0;
2479
- mismatch |= aCode ^ bCode;
2480
- }
2481
- return mismatch === 0;
2482
- }
2483
2437
  async function handleInbox(body, headers, options) {
2484
2438
  assertFederationEnabled("handleInbox");
2485
2439
  try {
2486
- const normalizedHeaders = headers instanceof Headers ? headers : new Headers(headers);
2487
- const networkKey = typeof options.networkKey === "string" ? options.networkKey : void 0;
2488
- const networkKeyHeader = options.networkKeyHeader ?? "X-Foundry-Network-Key";
2489
- if (networkKey && networkKey.length > 0) {
2490
- const provided = normalizedHeaders.get(networkKeyHeader);
2491
- if (!provided || !timingSafeEqualString(provided, networkKey)) {
2492
- return {
2493
- accepted: false,
2494
- error: "Unauthorized: invalid or missing network key"
2495
- };
2496
- }
2497
- }
2498
2440
  if (options.moderationStore) {
2499
2441
  const actorId = typeof body === "object" && body !== null && "actor" in body ? String(body.actor) : null;
2500
2442
  if (actorId) {
@@ -2517,7 +2459,7 @@ async function handleInbox(body, headers, options) {
2517
2459
  };
2518
2460
  }
2519
2461
  if (options.strictMode) {
2520
- const signatureHeader = normalizedHeaders.get("signature");
2462
+ const signatureHeader = headers instanceof Headers ? headers.get("signature") : headers["signature"] || headers["Signature"];
2521
2463
  if (!signatureHeader) {
2522
2464
  return {
2523
2465
  accepted: false,
@@ -2531,15 +2473,6 @@ async function handleInbox(body, headers, options) {
2531
2473
  error: "Invalid Signature header format"
2532
2474
  };
2533
2475
  }
2534
- if (networkKey && networkKey.length > 0) {
2535
- const requiredSigned = networkKeyHeader.toLowerCase();
2536
- if (!parsedSig.headers.includes(requiredSigned)) {
2537
- return {
2538
- accepted: false,
2539
- error: `Strict mode: signature missing required header: ${requiredSigned}`
2540
- };
2541
- }
2542
- }
2543
2476
  const missingSignedHeaders = REQUIRED_SIGNED_HEADERS.filter(
2544
2477
  (h) => !parsedSig.headers.includes(h)
2545
2478
  );
@@ -2549,14 +2482,14 @@ async function handleInbox(body, headers, options) {
2549
2482
  error: `Strict mode: signature missing required headers: ${missingSignedHeaders.join(", ")}`
2550
2483
  };
2551
2484
  }
2552
- const dateHeader = normalizedHeaders.get("date");
2485
+ const dateHeader = headers instanceof Headers ? headers.get("date") : headers["date"] || headers["Date"];
2553
2486
  if (!dateHeader) {
2554
2487
  return {
2555
2488
  accepted: false,
2556
2489
  error: "Strict mode: Date header required"
2557
2490
  };
2558
2491
  }
2559
- const hostHeader = normalizedHeaders.get("host");
2492
+ const hostHeader = headers instanceof Headers ? headers.get("host") : headers["host"] || headers["Host"];
2560
2493
  if (!hostHeader) {
2561
2494
  return {
2562
2495
  accepted: false,
@@ -2599,7 +2532,7 @@ async function handleInbox(body, headers, options) {
2599
2532
  error: `Invalid key ID or actor URL`
2600
2533
  };
2601
2534
  }
2602
- const digestHeader = normalizedHeaders.get("digest");
2535
+ const digestHeader = headers instanceof Headers ? headers.get("digest") : headers["digest"] || headers["Digest"];
2603
2536
  if (digestHeader) {
2604
2537
  if (!options.rawBody) {
2605
2538
  return {
@@ -2630,13 +2563,13 @@ async function handleInbox(body, headers, options) {
2630
2563
  }
2631
2564
  const method = options.method || "POST";
2632
2565
  const path = options.path || "/inbox";
2566
+ const normalizedHeaders = headers instanceof Headers ? headers : new Headers(headers);
2633
2567
  const isValid = await verifyHttpSignature(
2634
2568
  parsedSig,
2635
2569
  actor.publicKey.publicKeyPem,
2636
2570
  method,
2637
2571
  path,
2638
- normalizedHeaders,
2639
- { strictHeaders: true }
2572
+ normalizedHeaders
2640
2573
  );
2641
2574
  if (!isValid) {
2642
2575
  return {
@@ -3715,7 +3648,7 @@ var PolicyEngine = class {
3715
3648
  if (!regex) {
3716
3649
  const safetyWarning = checkRegexSafety(rule.pattern);
3717
3650
  if (safetyWarning) {
3718
- getLogger().warn(`[moderation] Rule "${rule.name}": ${safetyWarning}`);
3651
+ console.warn(`[moderation] Rule "${rule.name}": ${safetyWarning}`);
3719
3652
  }
3720
3653
  try {
3721
3654
  regex = new RegExp(rule.pattern, "i");
@@ -3955,12 +3888,11 @@ function getEnvVar(name) {
3955
3888
  return void 0;
3956
3889
  }
3957
3890
  function enableFederation(options) {
3958
- configureLogger(options);
3959
3891
  explicitlyEnabled = true;
3960
3892
  envCheckSkipped = options?.skipEnvCheck ?? false;
3961
3893
  const nodeEnv = getEnvVar("NODE_ENV");
3962
3894
  if (nodeEnv === "development" || nodeEnv === "test") {
3963
- getLogger().warn(
3895
+ console.warn(
3964
3896
  "[character-foundry/federation] Federation enabled. WARNING: Verify HTTP signatures in production. Do NOT use in production with untrusted inputs without signature validation."
3965
3897
  );
3966
3898
  }