@fedify/fedify 2.2.0-pr.709.20 → 2.2.0-pr.710.24

package/dist/mod.cjs

@@ -4,11 +4,11 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 require("./chunk-DDcVe30Y.cjs");
 const require_transformers = require("./transformers-NeAONrAq.cjs");
 require("./compat/mod.cjs");
-const require_http = require("./http-B0CGWLm2.cjs");
-const require_middleware = require("./middleware-Dr7gPlVB.cjs");
-const require_proof = require("./proof-CchoRjI8.cjs");
+const require_http = require("./http-BJ7XtRRp.cjs");
+const require_middleware = require("./middleware-QpqLtpW9.cjs");
+const require_proof = require("./proof-B__J6A1_.cjs");
 const require_types = require("./types-KC4QAoxe.cjs");
-const require_kv_cache = require("./kv-cache-BzAyTibN.cjs");
+const require_kv_cache = require("./kv-cache-x4KOTSSC.cjs");
 const require_federation_mod = require("./federation/mod.cjs");
 require("./nodeinfo/mod.cjs");
 require("./runtime/mod.cjs");

package/dist/mod.js

@@ -3,11 +3,11 @@ import "urlpattern-polyfill";
 import "./chunk-nlSIicah.js";
 import { n as autoIdAssigner, r as getDefaultActivityTransformers, t as actorDehydrator } from "./transformers-ve6e2xcg.js";
 import "./compat/mod.js";
-import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "./http-cyerYP3k.js";
-import { a as createExponentialBackoffPolicy, c as buildCollectionSynchronizationHeader, d as Router, f as RouterError, i as SendActivityError, l as digest, o as respondWithObject, r as handleWebFinger, s as respondWithObjectIfAcceptable, t as createFederation, u as createFederationBuilder } from "./middleware-CmlDuNnT.js";
-import { a as verifyProof, c as attachSignature, d as hasSignatureLike, f as signJsonLd, i as verifyObject, l as createSignature, m as verifySignature, n as hasProofLike, o as doesActorOwnKey, p as verifyJsonLd, r as signObject, s as getKeyOwner, t as createProof, u as detachSignature } from "./proof-sJxm6hBB.js";
+import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "./http-B0Tu7TW-.js";
+import { a as createExponentialBackoffPolicy, c as buildCollectionSynchronizationHeader, d as Router, f as RouterError, i as SendActivityError, l as digest, o as respondWithObject, r as handleWebFinger, s as respondWithObjectIfAcceptable, t as createFederation, u as createFederationBuilder } from "./middleware-COjNuA6A.js";
+import { a as verifyProof, c as getKeyOwner, d as detachSignature, f as hasSignatureLike, h as verifySignature, i as verifyObject, l as attachSignature, m as verifyJsonLd, n as hasProofLike, p as signJsonLd, r as signObject, s as doesActorOwnKey, t as createProof, u as createSignature } from "./proof-Bfx0NdYz.js";
 import { n as getNodeInfo, r as parseNodeInfo, t as nodeInfoToJson } from "./types-hvL8ElAs.js";
-import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-BhCk5dX_.js";
+import { n as getAuthenticatedDocumentLoader, t as kvCache } from "./kv-cache-Bxbq9e39.js";
 import { InProcessMessageQueue, MemoryKvStore, ParallelMessageQueue } from "./federation/mod.js";
 import "./nodeinfo/mod.js";
 import "./runtime/mod.js";

package/dist/nodeinfo/client.test.mjs

@@ -4,7 +4,7 @@ globalThis.addEventListener = () => {};
 import { t as esm_default } from "../esm-DVILvP5e.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client-DEpOVgY1.mjs";
+import { a as parseProtocol, c as parseUsage, i as parseOutboundService, n as parseInboundService, o as parseServices, r as parseNodeInfo, s as parseSoftware, t as getNodeInfo } from "../client-DVu6Fmom.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/client.test.ts
 test("getNodeInfo()", async (t) => {

package/dist/nodeinfo/handler.test.mjs

@@ -4,8 +4,8 @@ globalThis.addEventListener = () => {};
 import { r as createRequestContext } from "../context-Dk_tacqz.mjs";
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
-import { _ as handleNodeInfoJrd, g as handleNodeInfo, o as createFederation } from "../middleware-Dlfri269.mjs";
+import { t as MemoryKvStore } from "../kv-C-TG81Sv.mjs";
+import { _ as handleNodeInfoJrd, g as handleNodeInfo, o as createFederation } from "../middleware-Bu0zxHoX.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/handler.test.ts
 test("handleNodeInfo()", async () => {

package/dist/nodeinfo/types.test.mjs

@@ -4,7 +4,7 @@ globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
-import { t as nodeInfoToJson } from "../types-DCP0WLdt.mjs";
+import { t as nodeInfoToJson } from "../types-CGUnLkU3.mjs";
 import { test } from "@fedify/fixture";
 //#region src/nodeinfo/types.test.ts
 test("nodeInfoToJson()", () => {

package/dist/otel/exporter.test.mjs

@@ -3,7 +3,7 @@ import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
 import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
-import { t as MemoryKvStore } from "../kv-tL2TOE9X.mjs";
+import { t as MemoryKvStore } from "../kv-C-TG81Sv.mjs";
 import { test } from "@fedify/fixture";
 import { SpanKind, SpanStatusCode, TraceFlags } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";

package/dist/{owner-CBLQ-vDw.mjs → owner-CBdNJRwZ.mjs}

@@ -1,8 +1,8 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-CWoVKoBl.mjs";
-import "./key-DgOxeSHC.mjs";
+import { n as version, t as name } from "./deno-cvysscWX.mjs";
+import "./key-DXBoO6CC.mjs";
 import { CryptographicKey, Object as Object$1, isActor } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { getDocumentLoader } from "@fedify/vocab-runtime";

package/dist/{proof-DZpF7E4g.mjs → proof-7MA0dp2c.mjs}

@@ -1,8 +1,9 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-CWoVKoBl.mjs";
-import { n as fetchKey, o as validateCryptoKey } from "./key-DgOxeSHC.mjs";
+import { n as version, t as name } from "./deno-cvysscWX.mjs";
+import { n as fetchKey, o as validateCryptoKey } from "./key-DXBoO6CC.mjs";
+import { t as normalizePublicAudience } from "./public-audience-5WWE-JTr.mjs";
 import { Activity, DataIntegrityProof, Multikey, getTypeId } from "@fedify/vocab";
 import { SpanStatusCode, trace } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";
@@ -56,11 +57,12 @@ function hasProofLike(jsonLd) {
 async function createProof(object, privateKey, keyId, { contextLoader, context, created } = {}) {
 	validateCryptoKey(privateKey, "private");
 	if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
-	const compactMsg = await object.clone({ proofs: [] }).toJsonLd({
+	let compactMsg = await object.clone({ proofs: [] }).toJsonLd({
 		format: "compact",
 		contextLoader,
 		context
 	});
+	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
 	const msgCanon = serialize(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -155,27 +157,25 @@ async function verifyProof(jsonLd, proof, options = {}) {
 	});
 }
 async function verifyProofInternal(jsonLd, proof, options) {
-	if (typeof jsonLd !== "object" || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
+	if (typeof jsonLd !== "object" || jsonLd == null || Array.isArray(jsonLd) || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
 	const publicKeyPromise = fetchKey(proof.verificationMethodId, Multikey, options);
-	const proofCanon = serialize({
+	const proofConfig = {
 		"@context": jsonLd["@context"],
 		type: "DataIntegrityProof",
 		cryptosuite: proof.cryptosuite,
 		verificationMethod: proof.verificationMethodId.href,
 		proofPurpose: proof.proofPurpose,
 		created: proof.created.toString()
-	});
+	};
 	const encoder = new TextEncoder();
-	const proofBytes = encoder.encode(proofCanon);
+	const proofBytes = encoder.encode(serialize(proofConfig));
 	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
-	const msgCanon = serialize(msg);
-	const msgBytes = encoder.encode(msgCanon);
-	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
-	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
-	digest.set(new Uint8Array(proofDigest), 0);
-	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
+	const candidates = [msg];
+	const normalized = await normalizePublicAudience(msg, options.contextLoader);
+	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -204,7 +204,7 @@ async function verifyProofInternal(jsonLd, proof, options) {
 			return await verifyProof(jsonLd, proof, {
 				...options,
 				keyCache: {
-					get: () => Promise.resolve(null),
+					get: () => Promise.resolve(void 0),
 					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
 				}
 			});
@@ -215,27 +215,32 @@ async function verifyProofInternal(jsonLd, proof, options) {
 		});
 		return null;
 	}
-	if (!await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) {
-		if (fetchedKey.cached) {
-			logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
-				keyId: proof.verificationMethodId.href,
-				proof
-			});
-			return await verifyProof(jsonLd, proof, {
-				...options,
-				keyCache: {
-					get: () => Promise.resolve(void 0),
-					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
-				}
-			});
-		}
-		logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+	const digest = new Uint8Array(proofDigest.byteLength + 32);
+	digest.set(new Uint8Array(proofDigest), 0);
+	for (const candidate of candidates) {
+		const msgBytes = encoder.encode(serialize(candidate));
+		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
+	}
+	if (fetchedKey.cached) {
+		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,
 			proof
 		});
-		return null;
+		return await verifyProof(jsonLd, proof, {
+			...options,
+			keyCache: {
+				get: () => Promise.resolve(void 0),
+				set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+			}
+		});
 	}
-	return publicKey;
+	logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+		keyId: proof.verificationMethodId.href,
+		proof
+	});
+	return null;
 }
 /**
 * Verifies the given object.  It will verify all the proofs in the object,

package/dist/{proof-CchoRjI8.cjs → proof-B__J6A1_.cjs}

@@ -1,7 +1,7 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 const require_chunk = require("./chunk-DDcVe30Y.cjs");
-const require_http = require("./http-B0CGWLm2.cjs");
+const require_http = require("./http-BJ7XtRRp.cjs");
 let _logtape_logtape = require("@logtape/logtape");
 let _fedify_vocab = require("@fedify/vocab");
 let _opentelemetry_api = require("@opentelemetry/api");
@@ -13,7 +13,7 @@ _fedify_vocab_runtime_jsonld = require_chunk.__toESM(_fedify_vocab_runtime_jsonl
 let json_canon = require("json-canon");
 json_canon = require_chunk.__toESM(json_canon);
 //#region src/sig/ld.ts
-const logger$1 = (0, _logtape_logtape.getLogger)([
+const logger$2 = (0, _logtape_logtape.getLogger)([
 	"fedify",
 	"sig",
 	"ld"
@@ -161,7 +161,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		signature = (0, byte_encodings_base64.decodeBase64)(sig.signatureValue);
 	} catch (error) {
-		logger$1.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
+		logger$2.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
 			...sig,
 			error
 		});
@@ -180,7 +180,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader);
 	} catch (error) {
-		logger$1.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
+		logger$2.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
 			signatureOptions: sigOpts,
 			error
 		});
@@ -192,7 +192,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		docHash = await hashJsonLd(document, options.contextLoader);
 	} catch (error) {
-		logger$1.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
+		logger$2.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
 			document,
 			error
 		});
@@ -203,7 +203,7 @@ async function verifySignature(jsonLd, options = {}) {
 	const messageBytes = encoder.encode(message);
 	if (await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes)) return key;
 	if (cached) {
-		logger$1.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
+		logger$2.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
 			keyId: sig.creator,
 			...sig
 		});
@@ -217,7 +217,7 @@ async function verifySignature(jsonLd, options = {}) {
 		if (key == null) return null;
 		return await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes) ? key : null;
 	}
-	logger$1.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
+	logger$2.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
 		keyId: sig.creator,
 		...sig,
 		message
@@ -249,12 +249,12 @@ async function verifyJsonLd(jsonLd, options = {}) {
 			const key = await verifySignature(jsonLd, options);
 			if (key == null) return false;
 			if (key.ownerId == null) {
-				logger$1.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
+				logger$2.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
 				return false;
 			}
 			attributions.delete(key.ownerId.href);
 			if (attributions.size > 0) {
-				logger$1.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
+				logger$2.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
 				return false;
 			}
 			return true;
@@ -389,6 +389,179 @@ async function getKeyOwner(keyId, options) {
 	return null;
 }
 //#endregion
+//#region src/compat/public-audience.ts
+const logger$1 = (0, _logtape_logtape.getLogger)([
+	"fedify",
+	"compat",
+	"public-audience"
+]);
+const PUBLIC_ADDRESSING_FIELDS = new Set([
+	"to",
+	"cc",
+	"bto",
+	"bcc",
+	"audience"
+]);
+const preloadedOnlyDocumentLoader = (url) => {
+	if (url in _fedify_vocab_runtime.preloadedContexts) return Promise.resolve({
+		contextUrl: null,
+		documentUrl: url,
+		document: _fedify_vocab_runtime.preloadedContexts[url]
+	});
+	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
+};
+const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
+const MAX_TRAVERSAL_DEPTH = 64;
+const KNOWN_SAFE_CONTEXT_URLS = new Set(Object.keys(_fedify_vocab_runtime.preloadedContexts));
+function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
+	if (typeof value === "string") return parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public");
+	if (depth >= MAX_TRAVERSAL_DEPTH) return false;
+	if (Array.isArray(value)) return value.some((item) => hasPublicCurieInAddressing(item, parentKey, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasPublicCurieInAddressing(record[key], key, depth + 1)) return true;
+	}
+	return false;
+}
+function rewritePublicAudience(value, parentKey, depth = 0) {
+	if (typeof value === "string" && parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public")) return _fedify_vocab.PUBLIC_COLLECTION.href;
+	if (depth >= MAX_TRAVERSAL_DEPTH) return value;
+	if (Array.isArray(value)) {
+		let changed = false;
+		const mapped = value.map((item) => {
+			const rewritten = rewritePublicAudience(item, parentKey, depth + 1);
+			if (rewritten !== item) changed = true;
+			return rewritten;
+		});
+		return changed ? mapped : value;
+	}
+	if (typeof value !== "object" || value == null) return value;
+	const record = value;
+	let changed = false;
+	const normalized = {};
+	for (const key of Object.keys(record)) {
+		const rewritten = key === "@context" ? record[key] : rewritePublicAudience(record[key], key, depth + 1);
+		if (rewritten !== record[key]) changed = true;
+		normalized[key] = rewritten;
+	}
+	return changed ? normalized : value;
+}
+/**
+* Reports whether `value` carries an `@context` property anywhere inside
+* its subtree (not counting the value itself).  A nested `@context` can
+* introduce a local term-definition scope that redefines `as:` or `Public`
+* even when the top-level `@context` is safe, so the fast path must defer
+* to the URDNA2015 equivalence check whenever one is present.
+*/
+function hasNestedContext(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") return true;
+		if (hasNestedContext(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+/**
+* Checks whether the `@context` of a JSON-LD document is guaranteed not
+* to redefine the `as:` prefix or the bare `Public` term.  Only documents
+* whose `@context` is a string, or an array of strings, drawn from Fedify's
+* preloaded context set AND including the ActivityStreams URL qualify,
+* AND no nested subtree carries its own `@context` that might redefine
+* those terms within a local scope.  When all of that holds the rewrite
+* is provably semantics-preserving and the URDNA2015 equivalence check
+* can be skipped.  Any other shape (unknown external URLs, inline
+* objects at the top level, nested `@context` blocks) is treated as
+* potentially unsafe.
+*/
+function hasKnownSafeContext(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return false;
+	const record = jsonLd;
+	if (!Object.hasOwn(record, "@context")) return false;
+	const ctx = record["@context"];
+	const entries = typeof ctx === "string" ? [ctx] : Array.isArray(ctx) ? ctx : null;
+	if (entries == null || entries.length === 0) return false;
+	let hasAs = false;
+	for (const entry of entries) {
+		if (typeof entry !== "string") return false;
+		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL) hasAs = true;
+	}
+	if (!hasAs) return false;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasNestedContext(record[key])) return false;
+	}
+	return true;
+}
+/**
+* Rewrites the compact `as:Public` / `Public` CURIE appearing in activity
+* addressing fields (`to`, `cc`, `bto`, `bcc`, `audience`) to the fully
+* expanded `https://www.w3.org/ns/activitystreams#Public` URI.
+*
+* Several ActivityPub implementations, Lemmy among them, match these
+* fields as plain URLs without running JSON-LD expansion, and silently
+* drop activities whose public addressing appears in CURIE form.  This
+* helper works around that gap.
+*
+* For documents whose `@context` is drawn entirely from Fedify's
+* preloaded context set and includes the ActivityStreams URL, the
+* rewrite is applied directly: the content of every preloaded non-AS
+* context is known not to redefine the `as:` prefix or the bare `Public`
+* term, so the semantics are preserved by construction.  Any other
+* shape (an inline object, an unknown external URL, and so on) is
+* treated as potentially unsafe and gated on a JSON-LD equivalence
+* check; both forms are canonicalized with URDNA2015 and the resulting
+* N-Quads are compared.  When they differ, the original document is
+* returned unchanged.  Canonicalization failures also fall back to the
+* original document.
+*
+* When no `contextLoader` is supplied the helper falls back to an
+* internal loader that resolves only the URLs in Fedify's
+* preloaded-contexts set and rejects every other URL without issuing a
+* network request.  That behaviour is deliberately narrower than
+* `@fedify/vocab-runtime`'s `getDocumentLoader()`, which after its
+* `validatePublicUrl` check will happily fetch non-preloaded URLs: the
+* helper is reached from verification paths (`verifyProof()` /
+* `verifyObject()`) that operate on inbound, potentially adversarial
+* JSON-LD, and a default loader that fetches attacker-supplied
+* `@context` URLs on the caller's behalf would be an SSRF vector.
+* Canonicalization failures against the restricted loader fall back to
+* the original document, same as any other canonicalization error.
+* Callers that genuinely need the remote-fetch loader (for example
+* applications that sign local JSON-LD against a custom vocabulary)
+* should pass a `contextLoader` explicitly.
+*
+* Must be called before any signing step that canonicalizes the
+* compact form byte-for-byte (for example, Object Integrity Proofs
+* using the `eddsa-jcs-2022` cryptosuite), so the signed payload
+* matches what is sent on the wire.
+*/
+async function normalizePublicAudience(jsonLd, contextLoader) {
+	if (!hasPublicCurieInAddressing(jsonLd)) return jsonLd;
+	const normalized = rewritePublicAudience(jsonLd);
+	if (hasKnownSafeContext(jsonLd)) return normalized;
+	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
+	try {
+		const [before, after] = await Promise.all([_fedify_vocab_runtime_jsonld.default.canonize(jsonLd, {
+			format: "application/n-quads",
+			documentLoader: loader
+		}), _fedify_vocab_runtime_jsonld.default.canonize(normalized, {
+			format: "application/n-quads",
+			documentLoader: loader
+		})]);
+		if (before === after) return normalized;
+		logger$1.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+	} catch (error) {
+		logger$1.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+	}
+	return jsonLd;
+}
+//#endregion
 //#region src/sig/proof.ts
 const logger = (0, _logtape_logtape.getLogger)([
 	"fedify",
@@ -437,11 +610,12 @@ function hasProofLike(jsonLd) {
 async function createProof(object, privateKey, keyId, { contextLoader, context, created } = {}) {
 	require_http.validateCryptoKey(privateKey, "private");
 	if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
-	const compactMsg = await object.clone({ proofs: [] }).toJsonLd({
+	let compactMsg = await object.clone({ proofs: [] }).toJsonLd({
 		format: "compact",
 		contextLoader,
 		context
 	});
+	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
 	const msgCanon = (0, json_canon.default)(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -536,27 +710,25 @@ async function verifyProof(jsonLd, proof, options = {}) {
 	});
 }
 async function verifyProofInternal(jsonLd, proof, options) {
-	if (typeof jsonLd !== "object" || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
+	if (typeof jsonLd !== "object" || jsonLd == null || Array.isArray(jsonLd) || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
 	const publicKeyPromise = require_http.fetchKey(proof.verificationMethodId, _fedify_vocab.Multikey, options);
-	const proofCanon = (0, json_canon.default)({
+	const proofConfig = {
 		"@context": jsonLd["@context"],
 		type: "DataIntegrityProof",
 		cryptosuite: proof.cryptosuite,
 		verificationMethod: proof.verificationMethodId.href,
 		proofPurpose: proof.proofPurpose,
 		created: proof.created.toString()
-	});
+	};
 	const encoder = new TextEncoder();
-	const proofBytes = encoder.encode(proofCanon);
+	const proofBytes = encoder.encode((0, json_canon.default)(proofConfig));
 	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
-	const msgCanon = (0, json_canon.default)(msg);
-	const msgBytes = encoder.encode(msgCanon);
-	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
-	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
-	digest.set(new Uint8Array(proofDigest), 0);
-	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
+	const candidates = [msg];
+	const normalized = await normalizePublicAudience(msg, options.contextLoader);
+	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -585,7 +757,7 @@ async function verifyProofInternal(jsonLd, proof, options) {
 			return await verifyProof(jsonLd, proof, {
 				...options,
 				keyCache: {
-					get: () => Promise.resolve(null),
+					get: () => Promise.resolve(void 0),
 					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
 				}
 			});
@@ -596,27 +768,32 @@ async function verifyProofInternal(jsonLd, proof, options) {
 		});
 		return null;
 	}
-	if (!await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) {
-		if (fetchedKey.cached) {
-			logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
-				keyId: proof.verificationMethodId.href,
-				proof
-			});
-			return await verifyProof(jsonLd, proof, {
-				...options,
-				keyCache: {
-					get: () => Promise.resolve(void 0),
-					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
-				}
-			});
-		}
-		logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+	const digest = new Uint8Array(proofDigest.byteLength + 32);
+	digest.set(new Uint8Array(proofDigest), 0);
+	for (const candidate of candidates) {
+		const msgBytes = encoder.encode((0, json_canon.default)(candidate));
+		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
+	}
+	if (fetchedKey.cached) {
+		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,
 			proof
 		});
-		return null;
+		return await verifyProof(jsonLd, proof, {
+			...options,
+			keyCache: {
+				get: () => Promise.resolve(void 0),
+				set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+			}
+		});
 	}
-	return publicKey;
+	logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+		keyId: proof.verificationMethodId.href,
+		proof
+	});
+	return null;
 }
 /**
 * Verifies the given object.  It will verify all the proofs in the object,
@@ -705,6 +882,12 @@ Object.defineProperty(exports, "hasSignatureLike", {
 		return hasSignatureLike;
 	}
 });
+Object.defineProperty(exports, "normalizePublicAudience", {
+	enumerable: true,
+	get: function() {
+		return normalizePublicAudience;
+	}
+});
 Object.defineProperty(exports, "signJsonLd", {
 	enumerable: true,
 	get: function() {