@fedify/vocab 2.0.0-dev.0

package/dist/lookup.test.js

@@ -0,0 +1,690 @@
+
+      import { Temporal } from "@js-temporal/polyfill";
+      globalThis.addEventListener = () => {};
+    
+import { Collection, Note, Object as Object$1, Person } from "./vocab-DBispxj5.js";
+import { deno_default, esm_default } from "./deno-B-ypIMwF.js";
+import { getTypeId } from "./type-CNuABalk.js";
+import { assertInstanceOf } from "./utils-BSWXlrig.js";
+import { createTestTracerProvider, mockDocumentLoader, test } from "@fedify/fixture";
+import { deepStrictEqual, equal, ok, rejects } from "node:assert/strict";
+import { lookupWebFinger } from "@fedify/webfinger";
+import { SpanStatusCode, trace } from "@opentelemetry/api";
+import { getLogger } from "@logtape/logtape";
+import { getDocumentLoader } from "@fedify/vocab-runtime";
+import { delay } from "es-toolkit";
+
+//#region src/handle.ts
+/**
+* Regular expression to match a fediverse handle in the format `@user@server`
+* or `user@server`.  The `user` part can contain alphanumeric characters and
+* some special characters except `@`.  The `server` part is all characters
+* after the `@` symbol in the middle.
+*/
+const handleRegexp = /^@?((?:[-A-Za-z0-9._~!$&'()*+,;=]|%[A-Fa-f0-9]{2})+)@([^@]+)$/;
+/**
+* Parses a fediverse handle in the format `@user@server` or `user@server`.
+* The `user` part can contain alphanumeric characters and some special
+* characters except `@`.  The `server` part is all characters after the `@`
+* symbol in the middle.
+*
+* @example
+* ```typescript
+* const handle = parseFediverseHandle("@username@example.com");
+* console.log(handle?.username); // "username"
+* console.log(handle?.host);     // "example.com"
+* ```
+*
+* @param handle - The fediverse handle string to parse.
+* @returns A {@link FediverseHandle} object with `username` and `host`
+*          if the input is valid; otherwise `null`.
+* @since 1.8.0
+*/
+function parseFediverseHandle(handle) {
+	const match = handleRegexp.exec(handle);
+	if (match) return {
+		username: match[1],
+		host: match[2]
+	};
+	return null;
+}
+/**
+* Converts a fediverse handle in the format `@user@server` or `user@server`
+* to an `acct:` URI, which is a URL-like identifier for ActivityPub actors.
+*
+* @example
+* ```typescript
+* const identifier = toAcctUrl("@username@example.com");
+* console.log(identifier?.href); // "acct:username@example.com"
+* ```
+*
+* @param handle - The fediverse handle string to convert.
+* @returns A `URL` object representing the `acct:` URI if conversion succeeds;
+*          otherwise `null`.
+* @since 1.8.0
+*/
+function toAcctUrl(handle) {
+	const parsed = parseFediverseHandle(handle);
+	if (!parsed) return null;
+	const identifier = new URL(`acct:${parsed.username}@${parsed.host}`);
+	return identifier;
+}
+
+//#endregion
+//#region src/lookup.ts
+const logger = getLogger([
+	"fedify",
+	"vocab",
+	"lookup"
+]);
+/**
+* Looks up an ActivityStreams object by its URI (including `acct:` URIs)
+* or a fediverse handle (e.g., `@user@server` or `user@server`).
+*
+* @example
+* ``` typescript
+* // Look up an actor by its fediverse handle:
+* await lookupObject("@hongminhee@fosstodon.org");
+* // returning a `Person` object.
+*
+* // A fediverse handle can omit the leading '@':
+* await lookupObject("hongminhee@fosstodon.org");
+* // returning a `Person` object.
+*
+* // A `acct:` URI can be used as well:
+* await lookupObject("acct:hongminhee@fosstodon.org");
+* // returning a `Person` object.
+*
+* // Look up an object by its URI:
+* await lookupObject("https://todon.eu/@hongminhee/112060633798771581");
+* // returning a `Note` object.
+*
+* // It can be a `URL` object as well:
+* await lookupObject(new URL("https://todon.eu/@hongminhee/112060633798771581"));
+* // returning a `Note` object.
+* ```
+*
+* @param identifier The URI or fediverse handle to look up.
+* @param options Lookup options.
+* @returns The object, or `null` if not found.
+* @since 0.2.0
+*/
+async function lookupObject(identifier, options = {}) {
+	const tracerProvider = options.tracerProvider ?? trace.getTracerProvider();
+	const tracer = tracerProvider.getTracer(deno_default.name, deno_default.version);
+	return await tracer.startActiveSpan("activitypub.lookup_object", async (span) => {
+		try {
+			const result = await lookupObjectInternal(identifier, options);
+			if (result == null) span.setStatus({ code: SpanStatusCode.ERROR });
+			else {
+				if (result.id != null) span.setAttribute("activitypub.object.id", result.id.href);
+				span.setAttribute("activitypub.object.type", getTypeId(result).href);
+				if (result.replyTargetIds.length > 0) span.setAttribute("activitypub.object.in_reply_to", result.replyTargetIds.map((id) => id.href));
+				span.addEvent("activitypub.object.fetched", {
+					"activitypub.object.type": getTypeId(result).href,
+					"activitypub.object.json": JSON.stringify(await result.toJsonLd(options))
+				});
+			}
+			return result;
+		} catch (error) {
+			span.recordException(error);
+			span.setStatus({
+				code: SpanStatusCode.ERROR,
+				message: String(error)
+			});
+			throw error;
+		} finally {
+			span.end();
+		}
+	});
+}
+async function lookupObjectInternal(identifier, options = {}) {
+	const documentLoader = options.documentLoader ?? getDocumentLoader({ userAgent: options.userAgent });
+	if (typeof identifier === "string") identifier = toAcctUrl(identifier) ?? new URL(identifier);
+	let remoteDoc = null;
+	if (identifier.protocol === "http:" || identifier.protocol === "https:") try {
+		remoteDoc = await documentLoader(identifier.href, { signal: options.signal });
+	} catch (error) {
+		logger.debug("Failed to fetch remote document:\n{error}", { error });
+	}
+	if (remoteDoc == null) {
+		const jrd = await lookupWebFinger(identifier, {
+			userAgent: options.userAgent,
+			tracerProvider: options.tracerProvider,
+			allowPrivateAddress: "allowPrivateAddress" in options && options.allowPrivateAddress === true,
+			signal: options.signal
+		});
+		if (jrd?.links == null) return null;
+		for (const l of jrd.links) {
+			if (l.type !== "application/activity+json" && !l.type?.match(/application\/ld\+json;\s*profile="https:\/\/www.w3.org\/ns\/activitystreams"/) || l.rel !== "self" || l.href == null) continue;
+			try {
+				remoteDoc = await documentLoader(l.href, { signal: options.signal });
+				break;
+			} catch (error) {
+				logger.debug("Failed to fetch remote document:\n{error}", { error });
+				continue;
+			}
+		}
+	}
+	if (remoteDoc == null) return null;
+	let object;
+	try {
+		object = await Object$1.fromJsonLd(remoteDoc.document, {
+			documentLoader,
+			contextLoader: options.contextLoader,
+			tracerProvider: options.tracerProvider,
+			baseUrl: new URL(remoteDoc.documentUrl)
+		});
+	} catch (error) {
+		if (error instanceof TypeError) {
+			logger.debug("Failed to parse JSON-LD document: {error}\n{document}", {
+				...remoteDoc,
+				error
+			});
+			return null;
+		}
+		throw error;
+	}
+	if (options.crossOrigin !== "trust" && object.id != null && object.id.origin !== new URL(remoteDoc.documentUrl).origin) {
+		if (options.crossOrigin === "throw") throw new Error(`The object's @id (${object.id.href}) has a different origin than the document URL (${remoteDoc.documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to "trust".`);
+		logger.warn("The object's @id ({objectId}) has a different origin than the document URL ({documentUrl}); refusing to return the object.  If you want to bypass this check and are aware of the security implications, set the crossOrigin option to \"trust\".", {
+			...remoteDoc,
+			objectId: object.id.href
+		});
+		return null;
+	}
+	return object;
+}
+/**
+* Traverses a collection, yielding each item in the collection.
+* If the collection is paginated, it will fetch the next page
+* automatically.
+*
+* @example
+* ``` typescript
+* const collection = await lookupObject(collectionUrl);
+* if (collection instanceof Collection) {
+*   for await (const item of traverseCollection(collection)) {
+*     console.log(item.id?.href);
+*   }
+* }
+* ```
+*
+* @param collection The collection to traverse.
+* @param options Options for traversing the collection.
+* @returns An async iterable of each item in the collection.
+* @since 1.1.0
+*/
+async function* traverseCollection(collection, options = {}) {
+	if (collection.firstId == null) for await (const item of collection.getItems(options)) yield item;
+	else {
+		const interval = Temporal.Duration.from(options.interval ?? { seconds: 0 }).total("millisecond");
+		let page = await collection.getFirst(options);
+		while (page != null) {
+			for await (const item of page.getItems(options)) yield item;
+			if (interval > 0) await delay(interval);
+			page = await page.getNext(options);
+		}
+	}
+}
+
+//#endregion
+//#region src/lookup.test.ts
+test("lookupObject()", {
+	sanitizeResources: false,
+	sanitizeOps: false
+}, async (t) => {
+	esm_default.spyGlobal();
+	esm_default.get("begin:https://example.com/.well-known/webfinger", {
+		subject: "acct:johndoe@example.com",
+		links: [
+			{
+				rel: "alternate",
+				href: "https://example.com/object",
+				type: "application/activity+json"
+			},
+			{
+				rel: "self",
+				href: "https://example.com/html/person",
+				type: "text/html"
+			},
+			{
+				rel: "self",
+				href: "https://example.com/person",
+				type: "application/activity+json"
+			}
+		]
+	});
+	const options = {
+		documentLoader: mockDocumentLoader,
+		contextLoader: mockDocumentLoader
+	};
+	await t.step("actor", async () => {
+		const person = await lookupObject("@johndoe@example.com", options);
+		assertInstanceOf(person, Person);
+		deepStrictEqual(person.id, new URL("https://example.com/person"));
+		equal(person.name, "John Doe");
+		const person2 = await lookupObject("johndoe@example.com", options);
+		deepStrictEqual(person2, person);
+		const person3 = await lookupObject("acct:johndoe@example.com", options);
+		deepStrictEqual(person3, person);
+	});
+	await t.step("object", async () => {
+		const object = await lookupObject("https://example.com/object", options);
+		assertInstanceOf(object, Object$1);
+		deepStrictEqual(object, new Object$1({
+			id: new URL("https://example.com/object"),
+			name: "Fetched object"
+		}));
+		const person = await lookupObject("https://example.com/hong-gildong", options);
+		assertInstanceOf(person, Person);
+		deepStrictEqual(person, new Person({
+			id: new URL("https://example.com/hong-gildong"),
+			name: "Hong Gildong"
+		}));
+	});
+	esm_default.removeRoutes();
+	esm_default.get("begin:https://example.com/.well-known/webfinger", {
+		subject: "acct:janedoe@example.com",
+		links: [{
+			rel: "self",
+			href: "https://example.com/404",
+			type: "application/activity+json"
+		}]
+	});
+	await t.step("not found", async () => {
+		deepStrictEqual(await lookupObject("janedoe@example.com", options), null);
+		deepStrictEqual(await lookupObject("https://example.com/404", options), null);
+	});
+	esm_default.removeRoutes();
+	esm_default.get("begin:https://example.com/.well-known/webfinger", () => new Promise((resolve) => {
+		setTimeout(() => {
+			resolve({
+				subject: "acct:johndoe@example.com",
+				links: [{
+					rel: "self",
+					href: "https://example.com/person",
+					type: "application/activity+json"
+				}]
+			});
+		}, 1e3);
+	}));
+	await t.step("request cancellation", async () => {
+		const controller = new AbortController();
+		const promise = lookupObject("johndoe@example.com", {
+			...options,
+			signal: controller.signal
+		});
+		controller.abort();
+		deepStrictEqual(await promise, null);
+	});
+	esm_default.removeRoutes();
+	esm_default.get("begin:https://example.com/.well-known/webfinger", {
+		subject: "acct:johndoe@example.com",
+		links: [{
+			rel: "self",
+			href: "https://example.com/person",
+			type: "application/activity+json"
+		}]
+	});
+	await t.step("successful request with signal", async () => {
+		const controller = new AbortController();
+		const person = await lookupObject("johndoe@example.com", {
+			...options,
+			signal: controller.signal
+		});
+		assertInstanceOf(person, Person);
+		deepStrictEqual(person.id, new URL("https://example.com/person"));
+	});
+	esm_default.removeRoutes();
+	esm_default.get("begin:https://example.com/.well-known/webfinger", () => new Promise((resolve) => {
+		setTimeout(() => {
+			resolve({
+				subject: "acct:johndoe@example.com",
+				links: [{
+					rel: "self",
+					href: "https://example.com/person",
+					type: "application/activity+json"
+				}]
+			});
+		}, 500);
+	}));
+	await t.step("cancellation with immediate abort", async () => {
+		const controller = new AbortController();
+		controller.abort();
+		const result = await lookupObject("johndoe@example.com", {
+			...options,
+			signal: controller.signal
+		});
+		deepStrictEqual(result, null);
+	});
+	esm_default.removeRoutes();
+	esm_default.get("https://example.com/slow-object", () => new Promise((resolve) => {
+		setTimeout(() => {
+			resolve({
+				status: 200,
+				headers: { "Content-Type": "application/activity+json" },
+				body: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					content: "Slow response"
+				}
+			});
+		}, 1e3);
+	}));
+	await t.step("direct object fetch cancellation", async () => {
+		const controller = new AbortController();
+		const promise = lookupObject("https://example.com/slow-object", {
+			contextLoader: mockDocumentLoader,
+			signal: controller.signal
+		});
+		controller.abort();
+		deepStrictEqual(await promise, null);
+	});
+	esm_default.hardReset();
+	esm_default.removeRoutes();
+});
+test("traverseCollection()", {
+	sanitizeResources: false,
+	sanitizeOps: false
+}, async () => {
+	const options = {
+		documentLoader: mockDocumentLoader,
+		contextLoader: mockDocumentLoader
+	};
+	const collection = await lookupObject("https://example.com/collection", options);
+	assertInstanceOf(collection, Collection);
+	deepStrictEqual(await Array.fromAsync(traverseCollection(collection, options)), [
+		new Note({ content: "This is a simple note" }),
+		new Note({ content: "This is another simple note" }),
+		new Note({ content: "This is a third simple note" })
+	]);
+	const pagedCollection = await lookupObject("https://example.com/paged-collection", options);
+	assertInstanceOf(pagedCollection, Collection);
+	deepStrictEqual(await Array.fromAsync(traverseCollection(pagedCollection, options)), [
+		new Note({ content: "This is a simple note" }),
+		new Note({ content: "This is another simple note" }),
+		new Note({ content: "This is a third simple note" })
+	]);
+	deepStrictEqual(await Array.fromAsync(traverseCollection(pagedCollection, {
+		...options,
+		interval: { milliseconds: 250 }
+	})), [
+		new Note({ content: "This is a simple note" }),
+		new Note({ content: "This is another simple note" }),
+		new Note({ content: "This is a third simple note" })
+	]);
+});
+test("FEP-fe34: lookupObject() cross-origin security", {
+	sanitizeResources: false,
+	sanitizeOps: false
+}, async (t) => {
+	await t.step("crossOrigin: ignore (default) - returns null for cross-origin objects", async () => {
+		const crossOriginDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://malicious.com/fake-note",
+					content: "This is a spoofed note from a different origin"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: crossOriginDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		deepStrictEqual(result, null);
+	});
+	await t.step("crossOrigin: throw - throws error for cross-origin objects", async () => {
+		const crossOriginDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://malicious.com/fake-note",
+					content: "This is a spoofed note from a different origin"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		await rejects(() => lookupObject("https://example.com/note", {
+			documentLoader: crossOriginDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "throw"
+		}), Error, "The object's @id (https://malicious.com/fake-note) has a different origin than the document URL (https://example.com/note)");
+	});
+	await t.step("crossOrigin: trust - allows cross-origin objects", async () => {
+		const crossOriginDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://malicious.com/fake-note",
+					content: "This is a spoofed note from a different origin"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: crossOriginDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "trust"
+		});
+		assertInstanceOf(result, Note);
+		deepStrictEqual(result.id, new URL("https://malicious.com/fake-note"));
+		deepStrictEqual(result.content, "This is a spoofed note from a different origin");
+	});
+	await t.step("same-origin objects are always trusted", async () => {
+		const sameOriginDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://example.com/note",
+					content: "This is a legitimate note from the same origin"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: sameOriginDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		assertInstanceOf(result, Note);
+		deepStrictEqual(result.id, new URL("https://example.com/note"));
+		deepStrictEqual(result.content, "This is a legitimate note from the same origin");
+	});
+	await t.step("objects without @id are trusted", async () => {
+		const noIdDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					content: "This is a note without an ID"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: noIdDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		assertInstanceOf(result, Note);
+		deepStrictEqual(result.id, null);
+		deepStrictEqual(result.content, "This is a note without an ID");
+	});
+	await t.step("WebFinger lookup with cross-origin actor URL", async () => {
+		esm_default.spyGlobal();
+		esm_default.get("begin:https://example.com/.well-known/webfinger", {
+			subject: "acct:user@example.com",
+			links: [{
+				rel: "self",
+				href: "https://different-origin.com/actor",
+				type: "application/activity+json"
+			}]
+		});
+		const webfingerDocumentLoader = async (url) => {
+			if (url === "https://different-origin.com/actor") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Person",
+					id: "https://malicious.com/fake-actor",
+					name: "Fake Actor"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result1 = await lookupObject("@user@example.com", {
+			documentLoader: webfingerDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		deepStrictEqual(result1, null);
+		await rejects(() => lookupObject("@user@example.com", {
+			documentLoader: webfingerDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "throw"
+		}), Error, "The object's @id (https://malicious.com/fake-actor) has a different origin than the document URL (https://different-origin.com/actor)");
+		const result2 = await lookupObject("@user@example.com", {
+			documentLoader: webfingerDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "trust"
+		});
+		assertInstanceOf(result2, Person);
+		deepStrictEqual(result2.id, new URL("https://malicious.com/fake-actor"));
+		esm_default.removeRoutes();
+		esm_default.hardReset();
+	});
+	await t.step("subdomain same-origin check", async () => {
+		const subdomainDocumentLoader = async (url) => {
+			if (url === "https://api.example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://www.example.com/note",
+					content: "Cross-subdomain note"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://api.example.com/note", {
+			documentLoader: subdomainDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		deepStrictEqual(result, null);
+	});
+	await t.step("different port same-origin check", async () => {
+		const differentPortDocumentLoader = async (url) => {
+			if (url === "https://example.com:8080/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "https://example.com:9090/note",
+					content: "Cross-port note"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com:8080/note", {
+			documentLoader: differentPortDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		deepStrictEqual(result, null);
+	});
+	await t.step("protocol difference same-origin check", async () => {
+		const differentProtocolDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: {
+					"@context": "https://www.w3.org/ns/activitystreams",
+					type: "Note",
+					id: "http://example.com/note",
+					content: "Cross-protocol note"
+				}
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: differentProtocolDocumentLoader,
+			contextLoader: mockDocumentLoader
+		});
+		deepStrictEqual(result, null);
+	});
+	await t.step("error handling with crossOrigin throw option", async () => {
+		const errorDocumentLoader = async (_url) => {
+			throw new Error("Network error");
+		};
+		const result = await lookupObject("https://example.com/note", {
+			documentLoader: errorDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "throw"
+		});
+		deepStrictEqual(result, null);
+	});
+	await t.step("malformed JSON handling with cross-origin policy", async () => {
+		const malformedJsonDocumentLoader = async (url) => {
+			if (url === "https://example.com/note") return {
+				documentUrl: url,
+				contextUrl: null,
+				document: "invalid json"
+			};
+			throw new Error(`Unexpected URL: ${url}`);
+		};
+		deepStrictEqual(await lookupObject("https://example.com/note", {
+			documentLoader: malformedJsonDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "ignore"
+		}), null);
+		deepStrictEqual(await lookupObject("https://example.com/note", {
+			documentLoader: malformedJsonDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "throw"
+		}), null);
+		deepStrictEqual(await lookupObject("https://example.com/note", {
+			documentLoader: malformedJsonDocumentLoader,
+			contextLoader: mockDocumentLoader,
+			crossOrigin: "trust"
+		}), null);
+	});
+});
+test("lookupObject() records OpenTelemetry span events", async () => {
+	const [tracerProvider, exporter] = createTestTracerProvider();
+	const object = await lookupObject("https://example.com/object", {
+		documentLoader: mockDocumentLoader,
+		contextLoader: mockDocumentLoader,
+		tracerProvider
+	});
+	assertInstanceOf(object, Object$1);
+	const spans = exporter.getSpans("activitypub.lookup_object");
+	deepStrictEqual(spans.length, 1);
+	const span = spans[0];
+	deepStrictEqual(span.attributes["activitypub.object.id"], "https://example.com/object");
+	const events = exporter.getEvents("activitypub.lookup_object", "activitypub.object.fetched");
+	deepStrictEqual(events.length, 1);
+	const event = events[0];
+	ok(event.attributes != null);
+	ok(typeof event.attributes["activitypub.object.type"] === "string");
+	ok(typeof event.attributes["activitypub.object.json"] === "string");
+	const recordedObject = JSON.parse(event.attributes["activitypub.object.json"]);
+	deepStrictEqual(recordedObject.id, "https://example.com/object");
+});
+
+//#endregion

package/dist/mention.yaml

@@ -0,0 +1,9 @@
+$schema: ../../vocab-tools/schema.yaml
+name: Mention
+compactName: Mention
+uri: "https://www.w3.org/ns/activitystreams#Mention"
+extends: "https://www.w3.org/ns/activitystreams#Link"
+entity: false
+description:  A specialized {@link Link} that represents an @mention.
+defaultContext: "https://www.w3.org/ns/activitystreams"
+properties: []