@fedify/fedify 2.2.0-pr.709.20 → 2.2.0-pr.710.24

package/dist/{proof-sJxm6hBB.js → proof-Bfx0NdYz.js}

@@ -1,16 +1,16 @@
 import { Temporal } from "@js-temporal/polyfill";
 import "urlpattern-polyfill";
-import { _ as version, d as validateCryptoKey, g as name, s as fetchKey } from "./http-cyerYP3k.js";
+import { _ as version, d as validateCryptoKey, g as name, s as fetchKey } from "./http-B0Tu7TW-.js";
 import { getLogger } from "@logtape/logtape";
-import { Activity, CryptographicKey, DataIntegrityProof, Multikey, Object as Object$1, getTypeId, isActor } from "@fedify/vocab";
+import { Activity, CryptographicKey, DataIntegrityProof, Multikey, Object as Object$1, PUBLIC_COLLECTION, getTypeId, isActor } from "@fedify/vocab";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { encodeHex } from "byte-encodings/hex";
-import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { getDocumentLoader, preloadedContexts } from "@fedify/vocab-runtime";
 import { decodeBase64, encodeBase64 } from "byte-encodings/base64";
 import jsonld from "@fedify/vocab-runtime/jsonld";
 import serialize from "json-canon";
 //#region src/sig/ld.ts
-const logger$1 = getLogger([
+const logger$2 = getLogger([
 	"fedify",
 	"sig",
 	"ld"
@@ -158,7 +158,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		signature = decodeBase64(sig.signatureValue);
 	} catch (error) {
-		logger$1.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
+		logger$2.debug("Failed to verify; invalid base64 signatureValue: {signatureValue}", {
 			...sig,
 			error
 		});
@@ -177,7 +177,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader);
 	} catch (error) {
-		logger$1.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
+		logger$2.warn("Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}", {
 			signatureOptions: sigOpts,
 			error
 		});
@@ -189,7 +189,7 @@ async function verifySignature(jsonLd, options = {}) {
 	try {
 		docHash = await hashJsonLd(document, options.contextLoader);
 	} catch (error) {
-		logger$1.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
+		logger$2.warn("Failed to verify; failed to hash the document: {document}\n{error}", {
 			document,
 			error
 		});
@@ -200,7 +200,7 @@ async function verifySignature(jsonLd, options = {}) {
 	const messageBytes = encoder.encode(message);
 	if (await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes)) return key;
 	if (cached) {
-		logger$1.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
+		logger$2.debug("Failed to verify with the cached key {keyId}; signature {signatureValue} is invalid.  Retrying with the freshly fetched key...", {
 			keyId: sig.creator,
 			...sig
 		});
@@ -214,7 +214,7 @@ async function verifySignature(jsonLd, options = {}) {
 		if (key == null) return null;
 		return await crypto.subtle.verify("RSASSA-PKCS1-v1_5", key.publicKey, signature.slice(), messageBytes) ? key : null;
 	}
-	logger$1.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
+	logger$2.debug("Failed to verify with the fetched key {keyId}; signature {signatureValue} is invalid.  Check if the key is correct or if the signed message is correct.  The message to sign is:\n{message}", {
 		keyId: sig.creator,
 		...sig,
 		message
@@ -246,12 +246,12 @@ async function verifyJsonLd(jsonLd, options = {}) {
 			const key = await verifySignature(jsonLd, options);
 			if (key == null) return false;
 			if (key.ownerId == null) {
-				logger$1.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
+				logger$2.debug("Key {keyId} has no owner.", { keyId: key.id?.href });
 				return false;
 			}
 			attributions.delete(key.ownerId.href);
 			if (attributions.size > 0) {
-				logger$1.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
+				logger$2.debug("Some attributions are not authenticated by the Linked Data Signatures: {attributions}.", { attributions: [...attributions] });
 				return false;
 			}
 			return true;
@@ -386,6 +386,179 @@ async function getKeyOwner(keyId, options) {
 	return null;
 }
 //#endregion
+//#region src/compat/public-audience.ts
+const logger$1 = getLogger([
+	"fedify",
+	"compat",
+	"public-audience"
+]);
+const PUBLIC_ADDRESSING_FIELDS = new Set([
+	"to",
+	"cc",
+	"bto",
+	"bcc",
+	"audience"
+]);
+const preloadedOnlyDocumentLoader = (url) => {
+	if (url in preloadedContexts) return Promise.resolve({
+		contextUrl: null,
+		documentUrl: url,
+		document: preloadedContexts[url]
+	});
+	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
+};
+const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
+const MAX_TRAVERSAL_DEPTH = 64;
+const KNOWN_SAFE_CONTEXT_URLS = new Set(Object.keys(preloadedContexts));
+function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
+	if (typeof value === "string") return parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public");
+	if (depth >= MAX_TRAVERSAL_DEPTH) return false;
+	if (Array.isArray(value)) return value.some((item) => hasPublicCurieInAddressing(item, parentKey, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasPublicCurieInAddressing(record[key], key, depth + 1)) return true;
+	}
+	return false;
+}
+function rewritePublicAudience(value, parentKey, depth = 0) {
+	if (typeof value === "string" && parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public")) return PUBLIC_COLLECTION.href;
+	if (depth >= MAX_TRAVERSAL_DEPTH) return value;
+	if (Array.isArray(value)) {
+		let changed = false;
+		const mapped = value.map((item) => {
+			const rewritten = rewritePublicAudience(item, parentKey, depth + 1);
+			if (rewritten !== item) changed = true;
+			return rewritten;
+		});
+		return changed ? mapped : value;
+	}
+	if (typeof value !== "object" || value == null) return value;
+	const record = value;
+	let changed = false;
+	const normalized = {};
+	for (const key of Object.keys(record)) {
+		const rewritten = key === "@context" ? record[key] : rewritePublicAudience(record[key], key, depth + 1);
+		if (rewritten !== record[key]) changed = true;
+		normalized[key] = rewritten;
+	}
+	return changed ? normalized : value;
+}
+/**
+* Reports whether `value` carries an `@context` property anywhere inside
+* its subtree (not counting the value itself).  A nested `@context` can
+* introduce a local term-definition scope that redefines `as:` or `Public`
+* even when the top-level `@context` is safe, so the fast path must defer
+* to the URDNA2015 equivalence check whenever one is present.
+*/
+function hasNestedContext(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") return true;
+		if (hasNestedContext(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+/**
+* Checks whether the `@context` of a JSON-LD document is guaranteed not
+* to redefine the `as:` prefix or the bare `Public` term.  Only documents
+* whose `@context` is a string, or an array of strings, drawn from Fedify's
+* preloaded context set AND including the ActivityStreams URL qualify,
+* AND no nested subtree carries its own `@context` that might redefine
+* those terms within a local scope.  When all of that holds the rewrite
+* is provably semantics-preserving and the URDNA2015 equivalence check
+* can be skipped.  Any other shape (unknown external URLs, inline
+* objects at the top level, nested `@context` blocks) is treated as
+* potentially unsafe.
+*/
+function hasKnownSafeContext(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return false;
+	const record = jsonLd;
+	if (!Object.hasOwn(record, "@context")) return false;
+	const ctx = record["@context"];
+	const entries = typeof ctx === "string" ? [ctx] : Array.isArray(ctx) ? ctx : null;
+	if (entries == null || entries.length === 0) return false;
+	let hasAs = false;
+	for (const entry of entries) {
+		if (typeof entry !== "string") return false;
+		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL) hasAs = true;
+	}
+	if (!hasAs) return false;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasNestedContext(record[key])) return false;
+	}
+	return true;
+}
+/**
+* Rewrites the compact `as:Public` / `Public` CURIE appearing in activity
+* addressing fields (`to`, `cc`, `bto`, `bcc`, `audience`) to the fully
+* expanded `https://www.w3.org/ns/activitystreams#Public` URI.
+*
+* Several ActivityPub implementations, Lemmy among them, match these
+* fields as plain URLs without running JSON-LD expansion, and silently
+* drop activities whose public addressing appears in CURIE form.  This
+* helper works around that gap.
+*
+* For documents whose `@context` is drawn entirely from Fedify's
+* preloaded context set and includes the ActivityStreams URL, the
+* rewrite is applied directly: the content of every preloaded non-AS
+* context is known not to redefine the `as:` prefix or the bare `Public`
+* term, so the semantics are preserved by construction.  Any other
+* shape (an inline object, an unknown external URL, and so on) is
+* treated as potentially unsafe and gated on a JSON-LD equivalence
+* check; both forms are canonicalized with URDNA2015 and the resulting
+* N-Quads are compared.  When they differ, the original document is
+* returned unchanged.  Canonicalization failures also fall back to the
+* original document.
+*
+* When no `contextLoader` is supplied the helper falls back to an
+* internal loader that resolves only the URLs in Fedify's
+* preloaded-contexts set and rejects every other URL without issuing a
+* network request.  That behaviour is deliberately narrower than
+* `@fedify/vocab-runtime`'s `getDocumentLoader()`, which after its
+* `validatePublicUrl` check will happily fetch non-preloaded URLs: the
+* helper is reached from verification paths (`verifyProof()` /
+* `verifyObject()`) that operate on inbound, potentially adversarial
+* JSON-LD, and a default loader that fetches attacker-supplied
+* `@context` URLs on the caller's behalf would be an SSRF vector.
+* Canonicalization failures against the restricted loader fall back to
+* the original document, same as any other canonicalization error.
+* Callers that genuinely need the remote-fetch loader (for example
+* applications that sign local JSON-LD against a custom vocabulary)
+* should pass a `contextLoader` explicitly.
+*
+* Must be called before any signing step that canonicalizes the
+* compact form byte-for-byte (for example, Object Integrity Proofs
+* using the `eddsa-jcs-2022` cryptosuite), so the signed payload
+* matches what is sent on the wire.
+*/
+async function normalizePublicAudience(jsonLd, contextLoader) {
+	if (!hasPublicCurieInAddressing(jsonLd)) return jsonLd;
+	const normalized = rewritePublicAudience(jsonLd);
+	if (hasKnownSafeContext(jsonLd)) return normalized;
+	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
+	try {
+		const [before, after] = await Promise.all([jsonld.canonize(jsonLd, {
+			format: "application/n-quads",
+			documentLoader: loader
+		}), jsonld.canonize(normalized, {
+			format: "application/n-quads",
+			documentLoader: loader
+		})]);
+		if (before === after) return normalized;
+		logger$1.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+	} catch (error) {
+		logger$1.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+	}
+	return jsonLd;
+}
+//#endregion
 //#region src/sig/proof.ts
 const logger = getLogger([
 	"fedify",
@@ -434,11 +607,12 @@ function hasProofLike(jsonLd) {
 async function createProof(object, privateKey, keyId, { contextLoader, context, created } = {}) {
 	validateCryptoKey(privateKey, "private");
 	if (privateKey.algorithm.name !== "Ed25519") throw new TypeError("Unsupported algorithm: " + privateKey.algorithm.name);
-	const compactMsg = await object.clone({ proofs: [] }).toJsonLd({
+	let compactMsg = await object.clone({ proofs: [] }).toJsonLd({
 		format: "compact",
 		contextLoader,
 		context
 	});
+	compactMsg = await normalizePublicAudience(compactMsg, contextLoader);
 	const msgCanon = serialize(compactMsg);
 	const encoder = new TextEncoder();
 	const msgBytes = encoder.encode(msgCanon);
@@ -533,27 +707,25 @@ async function verifyProof(jsonLd, proof, options = {}) {
 	});
 }
 async function verifyProofInternal(jsonLd, proof, options) {
-	if (typeof jsonLd !== "object" || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
+	if (typeof jsonLd !== "object" || jsonLd == null || Array.isArray(jsonLd) || proof.cryptosuite !== "eddsa-jcs-2022" || proof.verificationMethodId == null || proof.proofPurpose !== "assertionMethod" || proof.proofValue == null || proof.created == null) return null;
 	const publicKeyPromise = fetchKey(proof.verificationMethodId, Multikey, options);
-	const proofCanon = serialize({
+	const proofConfig = {
 		"@context": jsonLd["@context"],
 		type: "DataIntegrityProof",
 		cryptosuite: proof.cryptosuite,
 		verificationMethod: proof.verificationMethodId.href,
 		proofPurpose: proof.proofPurpose,
 		created: proof.created.toString()
-	});
+	};
 	const encoder = new TextEncoder();
-	const proofBytes = encoder.encode(proofCanon);
+	const proofBytes = encoder.encode(serialize(proofConfig));
 	const proofDigest = await crypto.subtle.digest("SHA-256", proofBytes);
 	const msg = { ...jsonLd };
 	if ("proof" in msg) delete msg.proof;
-	const msgCanon = serialize(msg);
-	const msgBytes = encoder.encode(msgCanon);
-	const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
-	const digest = new Uint8Array(proofDigest.byteLength + msgDigest.byteLength);
-	digest.set(new Uint8Array(proofDigest), 0);
-	digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+	if ("https://w3id.org/security#proof" in msg) delete msg["https://w3id.org/security#proof"];
+	const candidates = [msg];
+	const normalized = await normalizePublicAudience(msg, options.contextLoader);
+	if (normalized !== msg) candidates.push(normalized);
 	let fetchedKey;
 	try {
 		fetchedKey = await publicKeyPromise;
@@ -582,7 +754,7 @@ async function verifyProofInternal(jsonLd, proof, options) {
 			return await verifyProof(jsonLd, proof, {
 				...options,
 				keyCache: {
-					get: () => Promise.resolve(null),
+					get: () => Promise.resolve(void 0),
 					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
 				}
 			});
@@ -593,27 +765,32 @@ async function verifyProofInternal(jsonLd, proof, options) {
 		});
 		return null;
 	}
-	if (!await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) {
-		if (fetchedKey.cached) {
-			logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
-				keyId: proof.verificationMethodId.href,
-				proof
-			});
-			return await verifyProof(jsonLd, proof, {
-				...options,
-				keyCache: {
-					get: () => Promise.resolve(void 0),
-					set: async (keyId, key) => await options.keyCache?.set(keyId, key)
-				}
-			});
-		}
-		logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+	const digest = new Uint8Array(proofDigest.byteLength + 32);
+	digest.set(new Uint8Array(proofDigest), 0);
+	for (const candidate of candidates) {
+		const msgBytes = encoder.encode(serialize(candidate));
+		const msgDigest = await crypto.subtle.digest("SHA-256", msgBytes);
+		digest.set(new Uint8Array(msgDigest), proofDigest.byteLength);
+		if (await crypto.subtle.verify("Ed25519", publicKey.publicKey, proof.proofValue.slice(), digest)) return publicKey;
+	}
+	if (fetchedKey.cached) {
+		logger.debug("Failed to verify the proof with the cached key {keyId}; retrying with the freshly fetched key...", {
 			keyId: proof.verificationMethodId.href,
 			proof
 		});
-		return null;
+		return await verifyProof(jsonLd, proof, {
+			...options,
+			keyCache: {
+				get: () => Promise.resolve(void 0),
+				set: async (keyId, key) => await options.keyCache?.set(keyId, key)
+			}
+		});
 	}
-	return publicKey;
+	logger.debug("Failed to verify the proof with the fetched key {keyId}:\n{proof}", {
+		keyId: proof.verificationMethodId.href,
+		proof
+	});
+	return null;
 }
 /**
 * Verifies the given object.  It will verify all the proofs in the object,
@@ -654,4 +831,4 @@ async function verifyObject(cls, jsonLd, options = {}) {
 	return object;
 }
 //#endregion
-export { verifyProof as a, attachSignature as c, hasSignatureLike as d, signJsonLd as f, verifyObject as i, createSignature as l, verifySignature as m, hasProofLike as n, doesActorOwnKey as o, verifyJsonLd as p, signObject as r, getKeyOwner as s, createProof as t, detachSignature as u };
+export { verifyProof as a, getKeyOwner as c, detachSignature as d, hasSignatureLike as f, verifySignature as h, verifyObject as i, attachSignature as l, verifyJsonLd as m, hasProofLike as n, normalizePublicAudience as o, signJsonLd as p, signObject as r, doesActorOwnKey as s, createProof as t, createSignature as u };

package/dist/public-audience-5WWE-JTr.mjs

@@ -0,0 +1,181 @@
+import "@js-temporal/polyfill";
+import "urlpattern-polyfill";
+globalThis.addEventListener = () => {};
+import { PUBLIC_COLLECTION } from "@fedify/vocab";
+import { preloadedContexts } from "@fedify/vocab-runtime";
+import { getLogger } from "@logtape/logtape";
+import jsonld from "@fedify/vocab-runtime/jsonld";
+//#region src/compat/public-audience.ts
+const logger = getLogger([
+	"fedify",
+	"compat",
+	"public-audience"
+]);
+const PUBLIC_ADDRESSING_FIELDS = new Set([
+	"to",
+	"cc",
+	"bto",
+	"bcc",
+	"audience"
+]);
+const preloadedOnlyDocumentLoader = (url) => {
+	if (url in preloadedContexts) return Promise.resolve({
+		contextUrl: null,
+		documentUrl: url,
+		document: preloadedContexts[url]
+	});
+	return Promise.reject(/* @__PURE__ */ new Error("Refusing to fetch a non-preloaded JSON-LD context: " + url));
+};
+const AS_CONTEXT_URL = "https://www.w3.org/ns/activitystreams";
+const MAX_TRAVERSAL_DEPTH = 64;
+const KNOWN_SAFE_CONTEXT_URLS = new Set(Object.keys(preloadedContexts));
+function hasPublicCurieInAddressing(value, parentKey, depth = 0) {
+	if (typeof value === "string") return parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public");
+	if (depth >= MAX_TRAVERSAL_DEPTH) return false;
+	if (Array.isArray(value)) return value.some((item) => hasPublicCurieInAddressing(item, parentKey, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasPublicCurieInAddressing(record[key], key, depth + 1)) return true;
+	}
+	return false;
+}
+function rewritePublicAudience(value, parentKey, depth = 0) {
+	if (typeof value === "string" && parentKey != null && PUBLIC_ADDRESSING_FIELDS.has(parentKey) && (value === "as:Public" || value === "Public")) return PUBLIC_COLLECTION.href;
+	if (depth >= MAX_TRAVERSAL_DEPTH) return value;
+	if (Array.isArray(value)) {
+		let changed = false;
+		const mapped = value.map((item) => {
+			const rewritten = rewritePublicAudience(item, parentKey, depth + 1);
+			if (rewritten !== item) changed = true;
+			return rewritten;
+		});
+		return changed ? mapped : value;
+	}
+	if (typeof value !== "object" || value == null) return value;
+	const record = value;
+	let changed = false;
+	const normalized = {};
+	for (const key of Object.keys(record)) {
+		const rewritten = key === "@context" ? record[key] : rewritePublicAudience(record[key], key, depth + 1);
+		if (rewritten !== record[key]) changed = true;
+		normalized[key] = rewritten;
+	}
+	return changed ? normalized : value;
+}
+/**
+* Reports whether `value` carries an `@context` property anywhere inside
+* its subtree (not counting the value itself).  A nested `@context` can
+* introduce a local term-definition scope that redefines `as:` or `Public`
+* even when the top-level `@context` is safe, so the fast path must defer
+* to the URDNA2015 equivalence check whenever one is present.
+*/
+function hasNestedContext(value, depth = 0) {
+	if (depth >= MAX_TRAVERSAL_DEPTH) return true;
+	if (Array.isArray(value)) return value.some((item) => hasNestedContext(item, depth + 1));
+	if (typeof value !== "object" || value == null) return false;
+	const record = value;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") return true;
+		if (hasNestedContext(record[key], depth + 1)) return true;
+	}
+	return false;
+}
+/**
+* Checks whether the `@context` of a JSON-LD document is guaranteed not
+* to redefine the `as:` prefix or the bare `Public` term.  Only documents
+* whose `@context` is a string, or an array of strings, drawn from Fedify's
+* preloaded context set AND including the ActivityStreams URL qualify,
+* AND no nested subtree carries its own `@context` that might redefine
+* those terms within a local scope.  When all of that holds the rewrite
+* is provably semantics-preserving and the URDNA2015 equivalence check
+* can be skipped.  Any other shape (unknown external URLs, inline
+* objects at the top level, nested `@context` blocks) is treated as
+* potentially unsafe.
+*/
+function hasKnownSafeContext(jsonLd) {
+	if (typeof jsonLd !== "object" || jsonLd == null) return false;
+	const record = jsonLd;
+	if (!Object.hasOwn(record, "@context")) return false;
+	const ctx = record["@context"];
+	const entries = typeof ctx === "string" ? [ctx] : Array.isArray(ctx) ? ctx : null;
+	if (entries == null || entries.length === 0) return false;
+	let hasAs = false;
+	for (const entry of entries) {
+		if (typeof entry !== "string") return false;
+		if (!KNOWN_SAFE_CONTEXT_URLS.has(entry)) return false;
+		if (entry === AS_CONTEXT_URL) hasAs = true;
+	}
+	if (!hasAs) return false;
+	for (const key of Object.keys(record)) {
+		if (key === "@context") continue;
+		if (hasNestedContext(record[key])) return false;
+	}
+	return true;
+}
+/**
+* Rewrites the compact `as:Public` / `Public` CURIE appearing in activity
+* addressing fields (`to`, `cc`, `bto`, `bcc`, `audience`) to the fully
+* expanded `https://www.w3.org/ns/activitystreams#Public` URI.
+*
+* Several ActivityPub implementations, Lemmy among them, match these
+* fields as plain URLs without running JSON-LD expansion, and silently
+* drop activities whose public addressing appears in CURIE form.  This
+* helper works around that gap.
+*
+* For documents whose `@context` is drawn entirely from Fedify's
+* preloaded context set and includes the ActivityStreams URL, the
+* rewrite is applied directly: the content of every preloaded non-AS
+* context is known not to redefine the `as:` prefix or the bare `Public`
+* term, so the semantics are preserved by construction.  Any other
+* shape (an inline object, an unknown external URL, and so on) is
+* treated as potentially unsafe and gated on a JSON-LD equivalence
+* check; both forms are canonicalized with URDNA2015 and the resulting
+* N-Quads are compared.  When they differ, the original document is
+* returned unchanged.  Canonicalization failures also fall back to the
+* original document.
+*
+* When no `contextLoader` is supplied the helper falls back to an
+* internal loader that resolves only the URLs in Fedify's
+* preloaded-contexts set and rejects every other URL without issuing a
+* network request.  That behaviour is deliberately narrower than
+* `@fedify/vocab-runtime`'s `getDocumentLoader()`, which after its
+* `validatePublicUrl` check will happily fetch non-preloaded URLs: the
+* helper is reached from verification paths (`verifyProof()` /
+* `verifyObject()`) that operate on inbound, potentially adversarial
+* JSON-LD, and a default loader that fetches attacker-supplied
+* `@context` URLs on the caller's behalf would be an SSRF vector.
+* Canonicalization failures against the restricted loader fall back to
+* the original document, same as any other canonicalization error.
+* Callers that genuinely need the remote-fetch loader (for example
+* applications that sign local JSON-LD against a custom vocabulary)
+* should pass a `contextLoader` explicitly.
+*
+* Must be called before any signing step that canonicalizes the
+* compact form byte-for-byte (for example, Object Integrity Proofs
+* using the `eddsa-jcs-2022` cryptosuite), so the signed payload
+* matches what is sent on the wire.
+*/
+async function normalizePublicAudience(jsonLd, contextLoader) {
+	if (!hasPublicCurieInAddressing(jsonLd)) return jsonLd;
+	const normalized = rewritePublicAudience(jsonLd);
+	if (hasKnownSafeContext(jsonLd)) return normalized;
+	const loader = contextLoader ?? preloadedOnlyDocumentLoader;
+	try {
+		const [before, after] = await Promise.all([jsonld.canonize(jsonLd, {
+			format: "application/n-quads",
+			documentLoader: loader
+		}), jsonld.canonize(normalized, {
+			format: "application/n-quads",
+			documentLoader: loader
+		})]);
+		if (before === after) return normalized;
+		logger.warn("Expanding the public audience CURIE to its full URI would change the canonical form of the activity; sending the activity as is.  This usually means the active JSON-LD context redefines the `as:` prefix or the bare `Public` term.");
+	} catch (error) {
+		logger.debug("Failed to verify public audience normalization equivalence via JSON-LD canonicalization; sending the activity as is.\n{error}", { error });
+	}
+	return jsonLd;
+}
+//#endregion
+export { normalizePublicAudience as t };

package/dist/{send-Ckd6J9RF.mjs → send-9BckNAN-.mjs}

@@ -1,8 +1,8 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
 globalThis.addEventListener = () => {};
-import { n as version, t as name } from "./deno-CWoVKoBl.mjs";
-import { n as doubleKnock } from "./http-Cl7YijGX.mjs";
+import { n as version, t as name } from "./deno-cvysscWX.mjs";
+import { n as doubleKnock } from "./http-Dy22pK-t.mjs";
 import { SpanKind, SpanStatusCode, trace } from "@opentelemetry/api";
 import { getLogger } from "@logtape/logtape";
 //#region src/federation/send.ts

package/dist/sig/http.test.mjs

@@ -7,8 +7,8 @@ import { a as assertExists, t as assertStringIncludes } from "../std__assert-Dui
 import { n as assertFalse, t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
-import { t as exportJwk } from "../key-DgOxeSHC.mjs";
-import { a as parseRfc9421Signature, c as timingSafeEqual, i as formatRfc9421SignatureParameters, l as verifyRequest, n as doubleKnock, o as parseRfc9421SignatureInput, r as formatRfc9421Signature, s as signRequest, t as createRfc9421SignatureBase, u as verifyRequestDetailed } from "../http-Cl7YijGX.mjs";
+import { t as exportJwk } from "../key-DXBoO6CC.mjs";
+import { a as parseRfc9421Signature, c as timingSafeEqual, i as formatRfc9421SignatureParameters, l as verifyRequest, n as doubleKnock, o as parseRfc9421SignatureInput, r as formatRfc9421Signature, s as signRequest, t as createRfc9421SignatureBase, u as verifyRequestDetailed } from "../http-Dy22pK-t.mjs";
 import { i as rsaPrivateKey2, l as rsaPublicKey5, o as rsaPublicKey1, s as rsaPublicKey2 } from "../keys-BAK-tUlf.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { FetchError, exportSpki } from "@fedify/vocab-runtime";

package/dist/sig/key.test.mjs

@@ -5,7 +5,7 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import "../std__assert-Duiq_YC9.mjs";
 import { t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
-import { a as importJwk, i as generateCryptoKeyPair, n as fetchKey, o as validateCryptoKey, r as fetchKeyDetailed, t as exportJwk } from "../key-DgOxeSHC.mjs";
+import { a as importJwk, i as generateCryptoKeyPair, n as fetchKey, o as validateCryptoKey, r as fetchKeyDetailed, t as exportJwk } from "../key-DXBoO6CC.mjs";
 import { c as rsaPublicKey3, i as rsaPrivateKey2, o as rsaPublicKey1, s as rsaPublicKey2, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey, Multikey } from "@fedify/vocab";

package/dist/sig/ld.test.mjs

@@ -5,9 +5,9 @@ import { t as assertEquals } from "../assert_equals-Ew3jOFa3.mjs";
 import { n as assertFalse, t as assertRejects } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assertThrows } from "../assert_throws-4NwKEy2q.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
-import { i as generateCryptoKeyPair } from "../key-DgOxeSHC.mjs";
+import { i as generateCryptoKeyPair } from "../key-DXBoO6CC.mjs";
 import { a as rsaPrivateKey3, c as rsaPublicKey3, i as rsaPrivateKey2, n as ed25519PrivateKey, s as rsaPublicKey2, t as ed25519Multikey } from "../keys-BAK-tUlf.mjs";
-import { a as signJsonLd, i as hasSignatureLike, n as createSignature, o as verifyJsonLd, r as detachSignature, s as verifySignature, t as attachSignature } from "../ld-BqJAwT8x.mjs";
+import { a as signJsonLd, i as hasSignatureLike, n as createSignature, o as verifyJsonLd, r as detachSignature, s as verifySignature, t as attachSignature } from "../ld-BW_1mHgq.mjs";
 import { mockDocumentLoader, test } from "@fedify/fixture";
 import { CryptographicKey } from "@fedify/vocab";
 import { encodeBase64 } from "byte-encodings/base64";

package/dist/sig/mod.cjs

@@ -1,8 +1,8 @@
 const { Temporal } = require("@js-temporal/polyfill");
 const { URLPattern } = require("urlpattern-polyfill");
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const require_http = require("../http-B0CGWLm2.cjs");
-const require_proof = require("../proof-CchoRjI8.cjs");
+const require_http = require("../http-BJ7XtRRp.cjs");
+const require_proof = require("../proof-B__J6A1_.cjs");
 exports.attachSignature = require_proof.attachSignature;
 exports.createProof = require_proof.createProof;
 exports.createSignature = require_proof.createSignature;

package/dist/sig/mod.js

@@ -1,5 +1,5 @@
 import "@js-temporal/polyfill";
 import "urlpattern-polyfill";
-import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "../http-cyerYP3k.js";
-import { a as verifyProof, c as attachSignature, d as hasSignatureLike, f as signJsonLd, i as verifyObject, l as createSignature, m as verifySignature, n as hasProofLike, o as doesActorOwnKey, p as verifyJsonLd, r as signObject, s as getKeyOwner, t as createProof, u as detachSignature } from "../proof-sJxm6hBB.js";
+import { a as verifyRequestDetailed, c as fetchKeyDetailed, f as formatAcceptSignature, h as validateAcceptSignature, i as verifyRequest, l as generateCryptoKeyPair, m as parseAcceptSignature, o as exportJwk, p as fulfillAcceptSignature, r as signRequest, s as fetchKey, u as importJwk } from "../http-B0Tu7TW-.js";
+import { a as verifyProof, c as getKeyOwner, d as detachSignature, f as hasSignatureLike, h as verifySignature, i as verifyObject, l as attachSignature, m as verifyJsonLd, n as hasProofLike, p as signJsonLd, r as signObject, s as doesActorOwnKey, t as createProof, u as createSignature } from "../proof-Bfx0NdYz.js";
 export { attachSignature, createProof, createSignature, detachSignature, doesActorOwnKey, exportJwk, fetchKey, fetchKeyDetailed, formatAcceptSignature, fulfillAcceptSignature, generateCryptoKeyPair, getKeyOwner, hasProofLike, hasSignatureLike, importJwk, parseAcceptSignature, signJsonLd, signObject, signRequest, validateAcceptSignature, verifyJsonLd, verifyObject, verifyProof, verifyRequest, verifyRequestDetailed, verifySignature };

package/dist/sig/owner.test.mjs

@@ -6,7 +6,7 @@ import "../std__assert-Duiq_YC9.mjs";
 import { n as assertFalse } from "../assert_rejects-B-qJtC9Z.mjs";
 import { t as assert } from "../assert-ddO5KLpe.mjs";
 import { o as rsaPublicKey1, s as rsaPublicKey2 } from "../keys-BAK-tUlf.mjs";
-import { n as getKeyOwner, t as doesActorOwnKey } from "../owner-CBLQ-vDw.mjs";
+import { n as getKeyOwner, t as doesActorOwnKey } from "../owner-CBdNJRwZ.mjs";
 import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
 import { Create, CryptographicKey, lookupObject } from "@fedify/vocab";
 //#region src/sig/owner.test.ts