contentauth · github-actions · Dec 23, 2025
diff --git a/static/schemas/Builder.schema.json b/static/schemas/Builder.schema.json
@@ -1,7 +1,7 @@
 {
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "title": "Builder",
-  "description": "Use a Builder to add a signed manifest to an asset.\n\n# Example: Building and signing a manifest\n\n```ignore-wasm32\nuse c2pa::Result;\nuse std::path::PathBuf;\n\nuse c2pa::{create_signer, Builder, SigningAlg};\nuse serde::Serialize;\nuse serde_json::json;\nuse tempfile::tempdir;\n\n#[derive(Serialize)]\nstruct Test {\n    my_tag: usize,\n}\n\n# fn main() -> Result<()> {\n#[cfg(feature = \"file_io\")]\n{\n    let manifest_json = json!({\n       \"claim_generator_info\": [\n          {\n              \"name\": \"c2pa_test\",\n              \"version\": \"1.0.0\"\n          }\n       ],\n       \"title\": \"Test_Manifest\"\n    }).to_string();\n\n    let mut builder = Builder::from_json(&manifest_json)?;\n    builder.add_assertion(\"org.contentauth.test\", &Test { my_tag: 42 })?;\n\n    let source = PathBuf::from(\"tests/fixtures/C.jpg\");\n    let dir = tempdir()?;\n    let dest = dir.path().join(\"test_file.jpg\");\n\n    // Create a ps256 signer using certs and key files. TO DO: Update example.\n    let signcert_path = \"tests/fixtures/certs/ps256.pub\";\n    let pkey_path = \"tests/fixtures/certs/ps256.pem\";\n    let signer = create_signer::from_files(signcert_path, pkey_path, SigningAlg::Ps256, None)?;\n\n    // embed a manifest using the signer\n    builder.sign_file(\n        signer.as_ref(),\n        &source,\n        &dest)?;\n    }\n# Ok(())\n# }\n```",
+  "description": "Use a Builder to add a signed manifest to an asset.\n\n## Example: Adding a signed manifest to an asset\n\n```\n# use c2pa::Result;\nuse std::io::Cursor;\n\nuse c2pa::{settings::Settings, Builder, SigningAlg};\nuse serde::Serialize;\n\n#[derive(Serialize)]\nstruct Test {\n    my_tag: usize,\n}\n\n# fn main() -> Result<()> {\n{\n    Settings::from_toml(include_str!(\"../tests/fixtures/test_settings.toml\"))?;\n    let mut builder = Builder::from_json(r#\"{\"title\": \"Test\"}\"#)?;\n    builder.add_assertion(\"org.contentauth.test\", &Test { my_tag: 42 })?;\n\n    // embed a manifest using the signer\n    let mut source = std::fs::File::open(\"tests/fixtures/C.jpg\")?;\n    let mut dest = Cursor::new(Vec::new());\n    let signer = Settings::signer()?;\n    let _c2pa_data = builder.sign(&signer, \"image/jpeg\", &mut source, &mut dest)?;\n}\n# Ok(())\n# }\n```",
   "type": "object",
   "properties": {
     "claim_version": {
@@ -30,7 +30,7 @@
       "default": [
         {
           "name": "c2pa-rs",
-          "version": "0.71.0"
+          "version": "0.73.1"
         }
       ]
     },
@@ -59,7 +59,7 @@
     "instance_id": {
       "description": "Instance ID from `xmpMM:InstanceID` in XMP metadata.",
       "type": "string",
-      "default": "xmp:iid:39eca742-ca60-4688-bb43-825b0b208632"
+      "default": "xmp:iid:e84ef606-462e-48b4-b61a-306555a1b7f6"
     },
     "thumbnail": {
       "description": "An optional ResourceRef to a thumbnail image that represents the asset that was signed.\nMust be available when the manifest is signed.",
@@ -133,7 +133,8 @@
         {
           "type": "null"
         }
-      ]
+      ],
+      "deprecated": true
     }
   },
   "required": [

diff --git a/static/schemas/ManifestDefinition.schema.json b/static/schemas/ManifestDefinition.schema.json
@@ -30,7 +30,7 @@
       "default": [
         {
           "name": "c2pa-rs",
-          "version": "0.71.0"
+          "version": "0.73.1"
         }
       ]
     },
@@ -59,7 +59,7 @@
     "instance_id": {
       "description": "Instance ID from `xmpMM:InstanceID` in XMP metadata.",
       "type": "string",
-      "default": "xmp:iid:9bb6a8ae-221e-48a4-90c0-7d690b389b02"
+      "default": "xmp:iid:5104eb80-8e40-40d7-a95b-0334fe68ca07"
     },
     "thumbnail": {
       "description": "An optional ResourceRef to a thumbnail image that represents the asset that was signed.\nMust be available when the manifest is signed.",

diff --git a/static/schemas/Reader.schema.json b/static/schemas/Reader.schema.json
@@ -110,7 +110,7 @@
         "instance_id": {
           "description": "Instance ID from `xmpMM:InstanceID` in XMP metadata.",
           "type": "string",
-          "default": "xmp:iid:06e3ef15-797a-48b5-af91-4cb9f9a307a7"
+          "default": "xmp:iid:4b23430b-944c-4f4a-9cf4-fb99ae5bcdeb"
         },
         "thumbnail": {
           "anyOf": [
@@ -1388,7 +1388,7 @@
       "description": "Represents the levels of assurance a manifest store achives when evaluated against the C2PA\nspecifications structural, cryptographic, and trust requirements.\n\nSee [§14.3. Validation states].\n\n[§14.3. Validation states]: https://spec.c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_validation_states",
       "oneOf": [
         {
-          "description": "The manifest store fails to meet [ValidationState::WellFormed] requirements, meaning it cannot\neven be parsed or its basic structure is non-compliant.\n\nThis case may also occur if validation is disabled in the SDK.",
+          "description": "The manifest store fails to meet ValidationState::WellFormed requirements, meaning it cannot\neven be parsed or its basic structure is non-compliant.\n\nThis case may also occur if validation is disabled in the SDK.",
           "type": "string",
           "const": "Invalid"
         },

diff --git a/static/schemas/Settings.schema.json b/static/schemas/Settings.schema.json
@@ -131,6 +131,16 @@
         "decode_identity_assertions": {
           "description": "Whether to decode CAWG [`IdentityAssertion`]s during reading in the [`Reader`].\n\nThis option defaults to true.\n\n[`IdentityAssertion`]: crate::identity::IdentityAssertion\n[`Reader`]: crate::Reader",
           "type": "boolean"
+        },
+        "allowed_network_hosts": {
+          "description": "<div class=\"warning\">\nThe CAWG identity assertion does not currently respect this setting.\nSee <a href=\"https://github.com/contentauth/c2pa-rs/issues/1645\">issue #1645</a>.\n</div>\n\nList of host patterns that are allowed for network requests.\n\nEach pattern may include:\n- A scheme (e.g. `https://` or `http://`)\n- A hostname or IP address (e.g. `contentauthenticity.org` or `192.0.2.1`)\n    - The hostname may contain a single leading wildcard (e.g. `*.contentauthenticity.org`)\n- An optional port (e.g. `contentauthenticity.org:443` or `192.0.2.1:8080`)\n\nMatching is case-insensitive. A wildcard pattern such as `*.contentauthenticity.org` matches\n`sub.contentauthenticity.org`, but does not match `contentauthenticity.org` or `fakecontentauthenticity.org`.\nIf a scheme is present in the pattern, only URIs using the same scheme are considered a match. If the scheme\nis omitted, any scheme is allowed as long as the host matches.\n\nThe behavior is as follows:\n- `None` (default) no filtering enabled.\n- `Some(vec)` where `vec` is empty, all traffic is blocked.\n- `Some(vec)` with at least one pattern, filtering enabled for only those patterns.\n\n# Examples\n\nPattern: `*.contentauthenticity.org`\n- Does match:\n  - `https://sub.contentauthenticity.org`\n  - `http://api.contentauthenticity.org`\n- Does **not** match:\n  - `https://contentauthenticity.org` (no subdomain)\n  - `https://sub.fakecontentauthenticity.org` (different host)\n\nPattern: `http://192.0.2.1:8080`\n- Does match:\n  - `http://192.0.2.1:8080`\n- Does **not** match:\n  - `https://192.0.2.1:8080` (scheme mismatch)\n  - `http://192.0.2.1` (port omitted)\n  - `http://192.0.2.2:8080` (different IP address)\n\nThese settings are consumed by [`RestrictedResolver`]. For information on when the SDK might perform a\nnetwork requests, see [\"When do network requests occur?\"]\n\n[\"When do network requests occur?\"]: crate::http#when-do-network-requests-occur\n[`HostPattern`]: crate::http::restricted::HostPattern\n[`RestrictedResolver`]: crate::http::restricted::RestrictedResolver",
+          "type": [
+            "array",
+            "null"
+          ],
+          "items": {
+            "$ref": "#/$defs/HostPattern"
+          }
         }
       },
       "required": [
@@ -139,6 +149,10 @@
         "decode_identity_assertions"
       ]
     },
+    "HostPattern": {
+      "description": "A host/scheme pattern used to restrict network requests.\n\nEach pattern may include:\n- A scheme (e.g. `https://` or `http://`)\n- A hostname or IP address (e.g. `contentauthenticity.org` or `192.0.2.1`)\n    - The hostname may contain a single leading wildcard (e.g. `*.contentauthenticity.org`)\n- An optional port (e.g. `contentauthenticity.org:443` or `192.0.2.1:8080`)\n\nMatching is case-insensitive. A wildcard pattern such as `*.contentauthenticity.org` matches\n`sub.contentauthenticity.org`, but does not match `contentauthenticity.org` or `fakecontentauthenticity.org`.\nIf a scheme is present in the pattern, only URIs using the same scheme are considered a match. If the scheme\nis omitted, any scheme is allowed as long as the host matches.\n\n# Examples\n\nPattern: `*.contentauthenticity.org`\n- Does match:\n  - `https://sub.contentauthenticity.org`\n  - `http://api.contentauthenticity.org`\n- Does **not** match:\n  - `https://contentauthenticity.org` (no subdomain)\n  - `https://sub.fakecontentauthenticity.org` (different host)\n\nPattern: `http://192.0.2.1:8080`\n- Does match:\n  - `http://192.0.2.1:8080`\n- Does **not** match:\n  - `https://192.0.2.1:8080` (scheme mismatch)\n  - `http://192.0.2.1` (port omitted)\n  - `http://192.0.2.2:8080` (different IP address)",
+      "type": "string"
+    },
     "Verify": {
       "description": "Settings to configure the verification process.",
       "type": "object",
@@ -167,10 +181,6 @@
           "description": "Whether to fetch remote manifests in the following scenarios:\n- Constructing a [`Reader`]\n- Constructing an [`Ingredient`]\n- Adding an [`Ingredient`] to the [`Builder`]\n\nThe default value is true.\n\n<div class=\"warning\">\nThis setting is only applicable if the crate is compiled with the `fetch_remote_manifests` feature.\n</div>\n\n[`Reader`]: crate::Reader\n[`Ingredient`]: crate::Ingredient\n[`Builder`]: crate::Builder",
           "type": "boolean"
         },
-        "check_ingredient_trust": {
-          "description": "Whether to verify ingredient certificates against the trust lists specific in [`Trust`].\n\nThe default value is true.",
-          "type": "boolean"
-        },
         "skip_ingredient_conflict_resolution": {
           "description": "Whether to skip ingredient conflict resolution when multiple ingredients have the same\nmanifest identifier. This settings is only applicable for C2PA v2 validation.\n\nThe default value is false.\n\nSee more information in the spec here:\n<https://spec.c2pa.org/specifications/specifications/2.2/specs/C2PA_Specification.html#_versioning_manifests_due_to_conflicts>",
           "type": "boolean"
@@ -187,7 +197,6 @@
         "verify_timestamp_trust",
         "ocsp_fetch",
         "remote_manifest_fetch",
-        "check_ingredient_trust",
         "skip_ingredient_conflict_resolution",
         "strict_v1_validation"
       ]
@@ -800,6 +809,15 @@
                     "string",
                     "null"
                   ]
+                },
+                "referenced_assertions": {
+                  "type": [
+                    "array",
+                    "null"
+                  ],
+                  "items": {
+                    "type": "string"
+                  }
                 }
               },
               "required": [
@@ -835,6 +853,15 @@
                     "string",
                     "null"
                   ]
+                },
+                "referenced_assertions": {
+                  "type": [
+                    "array",
+                    "null"
+                  ],
+                  "items": {
+                    "type": "string"
+                  }
                 }
               },
               "required": [