@peac/kernel 0.10.8 → 0.10.10

package/dist/index.cjs

@@ -0,0 +1,1690 @@
+'use strict';
+
+// src/error-categories.generated.ts
+var ERROR_CATEGORIES = [
+  "attribution",
+  "bundle",
+  "control",
+  "dispute",
+  "identity",
+  "infrastructure",
+  "interaction",
+  "ucp",
+  "validation",
+  "verification",
+  "verifier",
+  "workflow"
+];
+
+// src/constants.ts
+var WIRE_TYPE = "peac-receipt/0.1";
+var WIRE_VERSION = "0.1";
+var ALGORITHMS = {
+  supported: ["EdDSA"],
+  default: "EdDSA"
+};
+var HEADERS = {
+  receipt: "PEAC-Receipt",
+  receiptPointer: "PEAC-Receipt-Pointer",
+  dpop: "DPoP",
+  // Purpose headers (v0.9.24+)
+  purpose: "PEAC-Purpose",
+  purposeApplied: "PEAC-Purpose-Applied",
+  purposeReason: "PEAC-Purpose-Reason"
+};
+var POLICY = {
+  manifestPath: "/.well-known/peac.txt",
+  fallbackPath: "/peac.txt",
+  manifestVersion: "peac-policy/0.1",
+  cacheTtlSeconds: 3600,
+  maxBytes: 262144,
+  // 256 KiB
+  maxDepth: 8
+};
+var ISSUER_CONFIG = {
+  configPath: "/.well-known/peac-issuer.json",
+  configVersion: "peac-issuer/0.1",
+  cacheTtlSeconds: 3600,
+  maxBytes: 65536,
+  // 64 KiB
+  maxDepth: 4,
+  fetchTimeoutMs: 1e4
+};
+var DISCOVERY = {
+  manifestPath: POLICY.manifestPath,
+  manifestVersion: "peac/0.9",
+  cacheTtlSeconds: POLICY.cacheTtlSeconds
+};
+var JWKS = {
+  rotationDays: 90,
+  overlapDays: 7,
+  emergencyRevocationHours: 24
+};
+var RECEIPT = {
+  minReceiptIdLength: 16,
+  maxReceiptIdLength: 64,
+  defaultTtlSeconds: 86400
+  // 24 hours
+};
+var LIMITS = {
+  maxAmountCents: 999999999999,
+  minAmountCents: 1
+};
+var BUNDLE_VERSION = "peac-bundle/0.1";
+var VERIFICATION_REPORT_VERSION = "peac-verification-report/0.1";
+var HASH = {
+  /** Canonical hash algorithm */
+  algorithm: "sha256",
+  /** Hash prefix pattern */
+  prefix: "sha256:",
+  /** Valid hash regex: sha256:<64 lowercase hex> */
+  pattern: /^sha256:[0-9a-f]{64}$/,
+  /** Hex-only pattern for legacy comparison */
+  hexPattern: /^[0-9a-f]{64}$/
+};
+function parseHash(hash) {
+  if (!HASH.pattern.test(hash)) {
+    return null;
+  }
+  return {
+    alg: "sha256",
+    hex: hash.slice(7)
+    // Remove 'sha256:' prefix
+  };
+}
+function formatHash(hex) {
+  if (!HASH.hexPattern.test(hex)) {
+    return null;
+  }
+  return `sha256:${hex}`;
+}
+function isValidHash(hash) {
+  return HASH.pattern.test(hash);
+}
+var VERIFIER_LIMITS = {
+  /** Maximum receipt size in bytes (256 KB) */
+  maxReceiptBytes: 262144,
+  /** Maximum number of claims in a receipt */
+  maxClaimsCount: 100,
+  /** Maximum extension size in bytes (64 KB) */
+  maxExtensionBytes: 65536,
+  /** Maximum string length for individual claims (64 KB) */
+  maxStringLength: 65536,
+  /** Maximum JWKS document size in bytes (64 KB) */
+  maxJwksBytes: 65536,
+  /** Maximum number of keys in a JWKS */
+  maxJwksKeys: 20,
+  /** Maximum individual key size in bytes */
+  maxKeySize: 4096,
+  /** Network fetch timeout in milliseconds */
+  fetchTimeoutMs: 5e3,
+  /** Maximum number of redirects to follow */
+  maxRedirects: 3,
+  /** Maximum network response size in bytes (256 KB) */
+  maxResponseBytes: 262144
+};
+var VERIFIER_NETWORK = {
+  /** Only allow HTTPS URLs */
+  httpsOnly: true,
+  /** Block requests to private IP ranges */
+  blockPrivateIps: true,
+  /** Default redirect policy (false = no redirects) */
+  allowRedirects: false
+};
+var PRIVATE_IP_RANGES = {
+  /** RFC 1918 private ranges */
+  rfc1918: ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
+  /** Link-local addresses */
+  linkLocal: ["169.254.0.0/16"],
+  /** Loopback addresses */
+  loopback: ["127.0.0.0/8"],
+  /** IPv6 loopback */
+  ipv6Loopback: ["::1/128"],
+  /** IPv6 link-local */
+  ipv6LinkLocal: ["fe80::/10"]
+};
+var VERIFIER_POLICY_VERSION = "peac-verifier-policy/0.1";
+var VERIFICATION_MODES = {
+  /** All verification in browser/client, may fetch JWKS */
+  clientSide: "client_side",
+  /** No network access, uses bundled/pinned keys */
+  offlineOnly: "offline_only",
+  /** Prefer offline, fallback to network */
+  offlinePreferred: "offline_preferred",
+  /** Allow network fetches for key discovery */
+  networkAllowed: "network_allowed"
+};
+var CONSTANTS = {
+  WIRE_TYPE,
+  WIRE_VERSION,
+  ALGORITHMS,
+  HEADERS,
+  DISCOVERY,
+  JWKS,
+  RECEIPT,
+  LIMITS,
+  BUNDLE_VERSION,
+  VERIFICATION_REPORT_VERSION,
+  HASH,
+  VERIFIER_LIMITS,
+  VERIFIER_NETWORK,
+  VERIFIER_POLICY_VERSION,
+  VERIFICATION_MODES
+};
+
+// src/errors.generated.ts
+var ERROR_CODES = {
+  // Attribution error codes
+  E_ATTRIBUTION_CHAIN_TOO_DEEP: "E_ATTRIBUTION_CHAIN_TOO_DEEP",
+  E_ATTRIBUTION_CIRCULAR_CHAIN: "E_ATTRIBUTION_CIRCULAR_CHAIN",
+  E_ATTRIBUTION_EXPIRED: "E_ATTRIBUTION_EXPIRED",
+  E_ATTRIBUTION_HASH_INVALID: "E_ATTRIBUTION_HASH_INVALID",
+  E_ATTRIBUTION_INVALID_FORMAT: "E_ATTRIBUTION_INVALID_FORMAT",
+  E_ATTRIBUTION_INVALID_REF: "E_ATTRIBUTION_INVALID_REF",
+  E_ATTRIBUTION_INVALID_WEIGHT: "E_ATTRIBUTION_INVALID_WEIGHT",
+  E_ATTRIBUTION_MISSING_SOURCES: "E_ATTRIBUTION_MISSING_SOURCES",
+  E_ATTRIBUTION_NOT_YET_VALID: "E_ATTRIBUTION_NOT_YET_VALID",
+  E_ATTRIBUTION_RESOLUTION_FAILED: "E_ATTRIBUTION_RESOLUTION_FAILED",
+  E_ATTRIBUTION_RESOLUTION_TIMEOUT: "E_ATTRIBUTION_RESOLUTION_TIMEOUT",
+  E_ATTRIBUTION_SIZE_EXCEEDED: "E_ATTRIBUTION_SIZE_EXCEEDED",
+  E_ATTRIBUTION_TOO_MANY_SOURCES: "E_ATTRIBUTION_TOO_MANY_SOURCES",
+  E_ATTRIBUTION_UNKNOWN_USAGE: "E_ATTRIBUTION_UNKNOWN_USAGE",
+  // Bundle error codes
+  E_BUNDLE_DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
+  E_BUNDLE_HASH_MISMATCH: "E_BUNDLE_HASH_MISMATCH",
+  E_BUNDLE_INVALID_FORMAT: "E_BUNDLE_INVALID_FORMAT",
+  E_BUNDLE_KEY_MISSING: "E_BUNDLE_KEY_MISSING",
+  E_BUNDLE_MANIFEST_INVALID: "E_BUNDLE_MANIFEST_INVALID",
+  E_BUNDLE_MANIFEST_MISSING: "E_BUNDLE_MANIFEST_MISSING",
+  E_BUNDLE_MISSING_KEYS: "E_BUNDLE_MISSING_KEYS",
+  E_BUNDLE_MISSING_RECEIPTS: "E_BUNDLE_MISSING_RECEIPTS",
+  E_BUNDLE_PATH_TRAVERSAL: "E_BUNDLE_PATH_TRAVERSAL",
+  E_BUNDLE_POLICY_HASH_MISMATCH: "E_BUNDLE_POLICY_HASH_MISMATCH",
+  E_BUNDLE_RECEIPTS_UNORDERED: "E_BUNDLE_RECEIPTS_UNORDERED",
+  E_BUNDLE_RECEIPT_INVALID: "E_BUNDLE_RECEIPT_INVALID",
+  E_BUNDLE_SIGNATURE_INVALID: "E_BUNDLE_SIGNATURE_INVALID",
+  E_BUNDLE_SIZE_EXCEEDED: "E_BUNDLE_SIZE_EXCEEDED",
+  E_BUNDLE_TIME_RANGE_INVALID: "E_BUNDLE_TIME_RANGE_INVALID",
+  // Control error codes
+  E_CONTROL_DENIED: "E_CONTROL_DENIED",
+  E_CONTROL_REVIEW_REQUIRED: "E_CONTROL_REVIEW_REQUIRED",
+  // Dispute error codes
+  E_DISPUTE_DUPLICATE: "E_DISPUTE_DUPLICATE",
+  E_DISPUTE_EXPIRED: "E_DISPUTE_EXPIRED",
+  E_DISPUTE_INVALID_FORMAT: "E_DISPUTE_INVALID_FORMAT",
+  E_DISPUTE_INVALID_GROUNDS: "E_DISPUTE_INVALID_GROUNDS",
+  E_DISPUTE_INVALID_ID: "E_DISPUTE_INVALID_ID",
+  E_DISPUTE_INVALID_STATE: "E_DISPUTE_INVALID_STATE",
+  E_DISPUTE_INVALID_TARGET_TYPE: "E_DISPUTE_INVALID_TARGET_TYPE",
+  E_DISPUTE_INVALID_TRANSITION: "E_DISPUTE_INVALID_TRANSITION",
+  E_DISPUTE_INVALID_TYPE: "E_DISPUTE_INVALID_TYPE",
+  E_DISPUTE_MISSING_RESOLUTION: "E_DISPUTE_MISSING_RESOLUTION",
+  E_DISPUTE_NOT_YET_VALID: "E_DISPUTE_NOT_YET_VALID",
+  E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: "E_DISPUTE_OTHER_REQUIRES_DESCRIPTION",
+  E_DISPUTE_RESOLUTION_NOT_ALLOWED: "E_DISPUTE_RESOLUTION_NOT_ALLOWED",
+  E_DISPUTE_TARGET_NOT_FOUND: "E_DISPUTE_TARGET_NOT_FOUND",
+  // Identity error codes
+  E_IDENTITY_BINDING_FUTURE: "E_IDENTITY_BINDING_FUTURE",
+  E_IDENTITY_BINDING_MISMATCH: "E_IDENTITY_BINDING_MISMATCH",
+  E_IDENTITY_BINDING_STALE: "E_IDENTITY_BINDING_STALE",
+  E_IDENTITY_DIRECTORY_UNAVAILABLE: "E_IDENTITY_DIRECTORY_UNAVAILABLE",
+  E_IDENTITY_EXPIRED: "E_IDENTITY_EXPIRED",
+  E_IDENTITY_INVALID_FORMAT: "E_IDENTITY_INVALID_FORMAT",
+  E_IDENTITY_KEY_EXPIRED: "E_IDENTITY_KEY_EXPIRED",
+  E_IDENTITY_KEY_REVOKED: "E_IDENTITY_KEY_REVOKED",
+  E_IDENTITY_KEY_UNKNOWN: "E_IDENTITY_KEY_UNKNOWN",
+  E_IDENTITY_MISSING: "E_IDENTITY_MISSING",
+  E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
+  E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
+  E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
+  // Infrastructure error codes
+  E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
+  E_INTERNAL: "E_INTERNAL",
+  E_JWKS_FETCH_FAILED: "E_JWKS_FETCH_FAILED",
+  E_RATE_LIMITED: "E_RATE_LIMITED",
+  // Interaction error codes
+  E_INTERACTION_INVALID_DIGEST: "E_INTERACTION_INVALID_DIGEST",
+  E_INTERACTION_INVALID_DIGEST_ALG: "E_INTERACTION_INVALID_DIGEST_ALG",
+  E_INTERACTION_INVALID_EXTENSION_KEY: "E_INTERACTION_INVALID_EXTENSION_KEY",
+  E_INTERACTION_INVALID_FORMAT: "E_INTERACTION_INVALID_FORMAT",
+  E_INTERACTION_INVALID_KIND_FORMAT: "E_INTERACTION_INVALID_KIND_FORMAT",
+  E_INTERACTION_INVALID_TIMING: "E_INTERACTION_INVALID_TIMING",
+  E_INTERACTION_KIND_RESERVED: "E_INTERACTION_KIND_RESERVED",
+  E_INTERACTION_MISSING_ERROR_DETAIL: "E_INTERACTION_MISSING_ERROR_DETAIL",
+  E_INTERACTION_MISSING_EXECUTOR: "E_INTERACTION_MISSING_EXECUTOR",
+  E_INTERACTION_MISSING_ID: "E_INTERACTION_MISSING_ID",
+  E_INTERACTION_MISSING_KIND: "E_INTERACTION_MISSING_KIND",
+  E_INTERACTION_MISSING_RESULT: "E_INTERACTION_MISSING_RESULT",
+  E_INTERACTION_MISSING_STARTED_AT: "E_INTERACTION_MISSING_STARTED_AT",
+  E_INTERACTION_MISSING_TARGET: "E_INTERACTION_MISSING_TARGET",
+  // Ucp error codes
+  E_UCP_EVIDENCE_SERIALIZATION_FAILED: "E_UCP_EVIDENCE_SERIALIZATION_FAILED",
+  E_UCP_KEY_ALGORITHM_MISMATCH: "E_UCP_KEY_ALGORITHM_MISMATCH",
+  E_UCP_KEY_CURVE_MISMATCH: "E_UCP_KEY_CURVE_MISMATCH",
+  E_UCP_KEY_NOT_FOUND: "E_UCP_KEY_NOT_FOUND",
+  E_UCP_ORDER_INVALID: "E_UCP_ORDER_INVALID",
+  E_UCP_ORDER_MISSING_ID: "E_UCP_ORDER_MISSING_ID",
+  E_UCP_ORDER_MISSING_LINE_ITEMS: "E_UCP_ORDER_MISSING_LINE_ITEMS",
+  E_UCP_ORDER_MISSING_TOTALS: "E_UCP_ORDER_MISSING_TOTALS",
+  E_UCP_PAYLOAD_EMPTY: "E_UCP_PAYLOAD_EMPTY",
+  E_UCP_PAYLOAD_NOT_JSON: "E_UCP_PAYLOAD_NOT_JSON",
+  E_UCP_PAYLOAD_TOO_LARGE: "E_UCP_PAYLOAD_TOO_LARGE",
+  E_UCP_PROFILE_FETCH_FAILED: "E_UCP_PROFILE_FETCH_FAILED",
+  E_UCP_PROFILE_INVALID: "E_UCP_PROFILE_INVALID",
+  E_UCP_PROFILE_NO_SIGNING_KEYS: "E_UCP_PROFILE_NO_SIGNING_KEYS",
+  E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: "E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED",
+  E_UCP_SIGNATURE_B64_INVALID: "E_UCP_SIGNATURE_B64_INVALID",
+  E_UCP_SIGNATURE_INVALID: "E_UCP_SIGNATURE_INVALID",
+  E_UCP_SIGNATURE_MALFORMED: "E_UCP_SIGNATURE_MALFORMED",
+  E_UCP_SIGNATURE_MISSING: "E_UCP_SIGNATURE_MISSING",
+  E_UCP_VERIFICATION_FAILED: "E_UCP_VERIFICATION_FAILED",
+  // Validation error codes
+  E_EVIDENCE_NOT_JSON: "E_EVIDENCE_NOT_JSON",
+  E_EXPIRED: "E_EXPIRED",
+  E_INVALID_AMOUNT: "E_INVALID_AMOUNT",
+  E_INVALID_AUDIENCE: "E_INVALID_AUDIENCE",
+  E_INVALID_CURRENCY: "E_INVALID_CURRENCY",
+  E_INVALID_FORMAT: "E_INVALID_FORMAT",
+  E_INVALID_ISSUER: "E_INVALID_ISSUER",
+  E_INVALID_RAIL: "E_INVALID_RAIL",
+  E_INVALID_RECEIPT_ID: "E_INVALID_RECEIPT_ID",
+  E_INVALID_SUBJECT: "E_INVALID_SUBJECT",
+  E_MISSING_EXP: "E_MISSING_EXP",
+  E_MISSING_REQUIRED_CLAIM: "E_MISSING_REQUIRED_CLAIM",
+  E_NOT_YET_VALID: "E_NOT_YET_VALID",
+  E_PARSE_ATTESTATION_INVALID: "E_PARSE_ATTESTATION_INVALID",
+  E_PARSE_COMMERCE_INVALID: "E_PARSE_COMMERCE_INVALID",
+  E_PARSE_INVALID_INPUT: "E_PARSE_INVALID_INPUT",
+  // Verification error codes
+  E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
+  E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
+  // Verifier error codes
+  E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
+  E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
+  E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
+  E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
+  E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
+  E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
+  E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
+  E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
+  E_VERIFY_MALFORMED_RECEIPT: "E_VERIFY_MALFORMED_RECEIPT",
+  E_VERIFY_POINTER_DIGEST_MISMATCH: "E_VERIFY_POINTER_DIGEST_MISMATCH",
+  E_VERIFY_POINTER_FETCH_BLOCKED: "E_VERIFY_POINTER_FETCH_BLOCKED",
+  E_VERIFY_POINTER_FETCH_FAILED: "E_VERIFY_POINTER_FETCH_FAILED",
+  E_VERIFY_POINTER_FETCH_TIMEOUT: "E_VERIFY_POINTER_FETCH_TIMEOUT",
+  E_VERIFY_POINTER_FETCH_TOO_LARGE: "E_VERIFY_POINTER_FETCH_TOO_LARGE",
+  E_VERIFY_POLICY_VIOLATION: "E_VERIFY_POLICY_VIOLATION",
+  E_VERIFY_RECEIPT_TOO_LARGE: "E_VERIFY_RECEIPT_TOO_LARGE",
+  E_VERIFY_SCHEMA_INVALID: "E_VERIFY_SCHEMA_INVALID",
+  // Workflow error codes
+  E_WORKFLOW_CONTEXT_INVALID: "E_WORKFLOW_CONTEXT_INVALID",
+  E_WORKFLOW_CYCLE_DETECTED: "E_WORKFLOW_CYCLE_DETECTED",
+  E_WORKFLOW_DAG_INVALID: "E_WORKFLOW_DAG_INVALID",
+  E_WORKFLOW_ID_INVALID: "E_WORKFLOW_ID_INVALID",
+  E_WORKFLOW_LIMIT_EXCEEDED: "E_WORKFLOW_LIMIT_EXCEEDED",
+  E_WORKFLOW_PARENT_NOT_FOUND: "E_WORKFLOW_PARENT_NOT_FOUND",
+  E_WORKFLOW_STEP_ID_INVALID: "E_WORKFLOW_STEP_ID_INVALID",
+  E_WORKFLOW_SUMMARY_INVALID: "E_WORKFLOW_SUMMARY_INVALID"
+};
+var ERRORS = {
+  // Attribution error codes
+  E_ATTRIBUTION_CHAIN_TOO_DEEP: {
+    code: "E_ATTRIBUTION_CHAIN_TOO_DEEP",
+    http_status: 400,
+    title: "Attribution Chain Too Deep",
+    description: "Attribution chain exceeds maximum allowed depth (8)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_CIRCULAR_CHAIN: {
+    code: "E_ATTRIBUTION_CIRCULAR_CHAIN",
+    http_status: 400,
+    title: "Attribution Circular Chain",
+    description: "Circular reference detected in attribution chain",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_EXPIRED: {
+    code: "E_ATTRIBUTION_EXPIRED",
+    http_status: 401,
+    title: "Attribution Expired",
+    description: "Attribution attestation has exceeded its expiration time",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_HASH_INVALID: {
+    code: "E_ATTRIBUTION_HASH_INVALID",
+    http_status: 400,
+    title: "Attribution Hash Invalid",
+    description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_INVALID_FORMAT: {
+    code: "E_ATTRIBUTION_INVALID_FORMAT",
+    http_status: 400,
+    title: "Attribution Invalid Format",
+    description: "Attribution attestation does not conform to schema",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_INVALID_REF: {
+    code: "E_ATTRIBUTION_INVALID_REF",
+    http_status: 400,
+    title: "Attribution Invalid Reference",
+    description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_INVALID_WEIGHT: {
+    code: "E_ATTRIBUTION_INVALID_WEIGHT",
+    http_status: 400,
+    title: "Attribution Invalid Weight",
+    description: "Attribution weight is out of valid range (must be 0.0-1.0)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_MISSING_SOURCES: {
+    code: "E_ATTRIBUTION_MISSING_SOURCES",
+    http_status: 400,
+    title: "Attribution Missing Sources",
+    description: "Attribution attestation has empty sources array",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_NOT_YET_VALID: {
+    code: "E_ATTRIBUTION_NOT_YET_VALID",
+    http_status: 401,
+    title: "Attribution Not Yet Valid",
+    description: "Attribution attestation issued_at time is in the future",
+    retriable: true,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_RESOLUTION_FAILED: {
+    code: "E_ATTRIBUTION_RESOLUTION_FAILED",
+    http_status: 502,
+    title: "Attribution Resolution Failed",
+    description: "Failed to resolve receipt reference in attribution chain",
+    retriable: true,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
+    code: "E_ATTRIBUTION_RESOLUTION_TIMEOUT",
+    http_status: 504,
+    title: "Attribution Resolution Timeout",
+    description: "Timeout while resolving receipt reference in attribution chain",
+    retriable: true,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_SIZE_EXCEEDED: {
+    code: "E_ATTRIBUTION_SIZE_EXCEEDED",
+    http_status: 400,
+    title: "Attribution Size Exceeded",
+    description: "Attribution attestation exceeds maximum size (64KB)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_TOO_MANY_SOURCES: {
+    code: "E_ATTRIBUTION_TOO_MANY_SOURCES",
+    http_status: 400,
+    title: "Attribution Too Many Sources",
+    description: "Attribution has too many sources (maximum 100)",
+    retriable: false,
+    category: "attribution"
+  },
+  E_ATTRIBUTION_UNKNOWN_USAGE: {
+    code: "E_ATTRIBUTION_UNKNOWN_USAGE",
+    http_status: 400,
+    title: "Attribution Unknown Usage",
+    description: "Attribution usage type is not recognized",
+    retriable: false,
+    category: "attribution"
+  },
+  // Bundle error codes
+  E_BUNDLE_DUPLICATE_RECEIPT: {
+    code: "E_BUNDLE_DUPLICATE_RECEIPT",
+    http_status: 400,
+    title: "Bundle Duplicate Receipt",
+    description: "Bundle contains multiple receipts with the same ID",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_HASH_MISMATCH: {
+    code: "E_BUNDLE_HASH_MISMATCH",
+    http_status: 400,
+    title: "Bundle Hash Mismatch",
+    description: "File hash does not match value declared in manifest.json",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_INVALID_FORMAT: {
+    code: "E_BUNDLE_INVALID_FORMAT",
+    http_status: 400,
+    title: "Bundle Invalid Format",
+    description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_KEY_MISSING: {
+    code: "E_BUNDLE_KEY_MISSING",
+    http_status: 400,
+    title: "Bundle Key Missing",
+    description: "Required signing key not found in bundle (offline verification mode)",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_MANIFEST_INVALID: {
+    code: "E_BUNDLE_MANIFEST_INVALID",
+    http_status: 400,
+    title: "Bundle Manifest Invalid",
+    description: "manifest.json does not conform to schema or contains invalid values",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_MANIFEST_MISSING: {
+    code: "E_BUNDLE_MANIFEST_MISSING",
+    http_status: 400,
+    title: "Bundle Manifest Missing",
+    description: "manifest.json not found at bundle archive root",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_MISSING_KEYS: {
+    code: "E_BUNDLE_MISSING_KEYS",
+    http_status: 400,
+    title: "Bundle Missing Keys",
+    description: "No verification keys provided in bundle JWKS",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_MISSING_RECEIPTS: {
+    code: "E_BUNDLE_MISSING_RECEIPTS",
+    http_status: 400,
+    title: "Bundle Missing Receipts",
+    description: "No receipts provided when creating bundle",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_PATH_TRAVERSAL: {
+    code: "E_BUNDLE_PATH_TRAVERSAL",
+    http_status: 400,
+    title: "Bundle Path Traversal",
+    description: "Bundle contains path traversal attack (zip-slip vulnerability)",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_POLICY_HASH_MISMATCH: {
+    code: "E_BUNDLE_POLICY_HASH_MISMATCH",
+    http_status: 400,
+    title: "Bundle Policy Hash Mismatch",
+    description: "Policy snapshot hash does not match policy used to evaluate receipts",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_RECEIPTS_UNORDERED: {
+    code: "E_BUNDLE_RECEIPTS_UNORDERED",
+    http_status: 400,
+    title: "Bundle Receipts Unordered",
+    description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_RECEIPT_INVALID: {
+    code: "E_BUNDLE_RECEIPT_INVALID",
+    http_status: 400,
+    title: "Bundle Receipt Invalid",
+    description: "Receipt JWS in bundle is malformed or missing required claims",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_SIGNATURE_INVALID: {
+    code: "E_BUNDLE_SIGNATURE_INVALID",
+    http_status: 400,
+    title: "Bundle Signature Invalid",
+    description: "bundle.sig JWS verification failed over manifest hash",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_SIZE_EXCEEDED: {
+    code: "E_BUNDLE_SIZE_EXCEEDED",
+    http_status: 400,
+    title: "Bundle Size Exceeded",
+    description: "Bundle exceeds size limits (entry count, entry size, or total size)",
+    retriable: false,
+    category: "bundle"
+  },
+  E_BUNDLE_TIME_RANGE_INVALID: {
+    code: "E_BUNDLE_TIME_RANGE_INVALID",
+    http_status: 400,
+    title: "Bundle Time Range Invalid",
+    description: "Receipt issued_at is outside the bundle declared time_range",
+    retriable: false,
+    category: "bundle"
+  },
+  // Control error codes
+  E_CONTROL_DENIED: {
+    code: "E_CONTROL_DENIED",
+    http_status: 403,
+    title: "Control Decision Denied",
+    description: "Control engine denied authorization",
+    retriable: false,
+    category: "control"
+  },
+  E_CONTROL_REVIEW_REQUIRED: {
+    code: "E_CONTROL_REVIEW_REQUIRED",
+    http_status: 202,
+    title: "Review Required",
+    description: "Control engine requires manual review",
+    retriable: true,
+    category: "control"
+  },
+  // Dispute error codes
+  E_DISPUTE_DUPLICATE: {
+    code: "E_DISPUTE_DUPLICATE",
+    http_status: 409,
+    title: "Dispute Duplicate",
+    description: "A dispute with this ID already exists",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_EXPIRED: {
+    code: "E_DISPUTE_EXPIRED",
+    http_status: 401,
+    title: "Dispute Expired",
+    description: "Dispute attestation has exceeded its expiration time",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_FORMAT: {
+    code: "E_DISPUTE_INVALID_FORMAT",
+    http_status: 400,
+    title: "Dispute Invalid Format",
+    description: "Dispute attestation does not conform to schema",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_GROUNDS: {
+    code: "E_DISPUTE_INVALID_GROUNDS",
+    http_status: 400,
+    title: "Dispute Invalid Grounds",
+    description: "Dispute grounds code is not recognized",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_ID: {
+    code: "E_DISPUTE_INVALID_ID",
+    http_status: 400,
+    title: "Dispute Invalid ID",
+    description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_STATE: {
+    code: "E_DISPUTE_INVALID_STATE",
+    http_status: 400,
+    title: "Dispute Invalid State",
+    description: "Dispute state is not recognized",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_TARGET_TYPE: {
+    code: "E_DISPUTE_INVALID_TARGET_TYPE",
+    http_status: 400,
+    title: "Dispute Invalid Target Type",
+    description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_TRANSITION: {
+    code: "E_DISPUTE_INVALID_TRANSITION",
+    http_status: 400,
+    title: "Dispute Invalid Transition",
+    description: "Invalid state transition for dispute lifecycle",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_INVALID_TYPE: {
+    code: "E_DISPUTE_INVALID_TYPE",
+    http_status: 400,
+    title: "Dispute Invalid Type",
+    description: "Dispute type is not recognized",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_MISSING_RESOLUTION: {
+    code: "E_DISPUTE_MISSING_RESOLUTION",
+    http_status: 400,
+    title: "Dispute Missing Resolution",
+    description: "Resolution is required for terminal states (resolved, rejected, final)",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_NOT_YET_VALID: {
+    code: "E_DISPUTE_NOT_YET_VALID",
+    http_status: 401,
+    title: "Dispute Not Yet Valid",
+    description: "Dispute attestation issued_at time is in the future",
+    retriable: true,
+    category: "dispute"
+  },
+  E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
+    code: "E_DISPUTE_OTHER_REQUIRES_DESCRIPTION",
+    http_status: 400,
+    title: "Dispute Other Requires Description",
+    description: "Dispute type 'other' requires description of at least 50 characters",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
+    code: "E_DISPUTE_RESOLUTION_NOT_ALLOWED",
+    http_status: 400,
+    title: "Dispute Resolution Not Allowed",
+    description: "Resolution is only valid for terminal states",
+    retriable: false,
+    category: "dispute"
+  },
+  E_DISPUTE_TARGET_NOT_FOUND: {
+    code: "E_DISPUTE_TARGET_NOT_FOUND",
+    http_status: 404,
+    title: "Dispute Target Not Found",
+    description: "The target receipt, attribution, or identity being disputed was not found",
+    retriable: true,
+    category: "dispute"
+  },
+  // Identity error codes
+  E_IDENTITY_BINDING_FUTURE: {
+    code: "E_IDENTITY_BINDING_FUTURE",
+    http_status: 400,
+    title: "Identity Binding Future",
+    description: "Identity binding signed_at timestamp is in the future",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_BINDING_MISMATCH: {
+    code: "E_IDENTITY_BINDING_MISMATCH",
+    http_status: 400,
+    title: "Identity Binding Mismatch",
+    description: "Identity binding does not match the request being verified",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_BINDING_STALE: {
+    code: "E_IDENTITY_BINDING_STALE",
+    http_status: 401,
+    title: "Identity Binding Stale",
+    description: "Identity binding is too old and requires fresh binding",
+    retriable: true,
+    category: "identity"
+  },
+  E_IDENTITY_DIRECTORY_UNAVAILABLE: {
+    code: "E_IDENTITY_DIRECTORY_UNAVAILABLE",
+    http_status: 503,
+    title: "Identity Directory Unavailable",
+    description: "Failed to fetch agent key directory",
+    retriable: true,
+    category: "identity"
+  },
+  E_IDENTITY_EXPIRED: {
+    code: "E_IDENTITY_EXPIRED",
+    http_status: 401,
+    title: "Identity Expired",
+    description: "Agent identity attestation has exceeded its expiration time",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_INVALID_FORMAT: {
+    code: "E_IDENTITY_INVALID_FORMAT",
+    http_status: 400,
+    title: "Identity Invalid Format",
+    description: "Agent identity attestation does not conform to schema",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_KEY_EXPIRED: {
+    code: "E_IDENTITY_KEY_EXPIRED",
+    http_status: 401,
+    title: "Identity Key Expired",
+    description: "Agent signing key has expired per directory metadata",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_KEY_REVOKED: {
+    code: "E_IDENTITY_KEY_REVOKED",
+    http_status: 401,
+    title: "Identity Key Revoked",
+    description: "Agent signing key has been explicitly revoked",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_KEY_UNKNOWN: {
+    code: "E_IDENTITY_KEY_UNKNOWN",
+    http_status: 401,
+    title: "Identity Key Unknown",
+    description: "Key ID not found in agent key directory",
+    retriable: true,
+    category: "identity"
+  },
+  E_IDENTITY_MISSING: {
+    code: "E_IDENTITY_MISSING",
+    http_status: 401,
+    title: "Identity Missing",
+    description: "No agent identity attestation provided in request",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_NOT_YET_VALID: {
+    code: "E_IDENTITY_NOT_YET_VALID",
+    http_status: 401,
+    title: "Identity Not Yet Valid",
+    description: "Agent identity attestation issued_at time is in the future",
+    retriable: true,
+    category: "identity"
+  },
+  E_IDENTITY_PROOF_UNSUPPORTED: {
+    code: "E_IDENTITY_PROOF_UNSUPPORTED",
+    http_status: 400,
+    title: "Identity Proof Unsupported",
+    description: "Agent identity proof method is not supported",
+    retriable: false,
+    category: "identity"
+  },
+  E_IDENTITY_SIG_INVALID: {
+    code: "E_IDENTITY_SIG_INVALID",
+    http_status: 401,
+    title: "Identity Signature Invalid",
+    description: "Agent identity proof signature verification failed",
+    retriable: false,
+    category: "identity"
+  },
+  // Infrastructure error codes
+  E_CIRCUIT_BREAKER_OPEN: {
+    code: "E_CIRCUIT_BREAKER_OPEN",
+    http_status: 503,
+    title: "Circuit Breaker Open",
+    description: "Service temporarily unavailable due to circuit breaker",
+    retriable: true,
+    category: "infrastructure"
+  },
+  E_INTERNAL: {
+    code: "E_INTERNAL",
+    http_status: 500,
+    title: "Internal Error",
+    description: "An unexpected internal error occurred during verification",
+    retriable: true,
+    category: "infrastructure"
+  },
+  E_JWKS_FETCH_FAILED: {
+    code: "E_JWKS_FETCH_FAILED",
+    http_status: 503,
+    title: "JWKS Fetch Failed",
+    description: "Failed to fetch public keys from JWKS endpoint",
+    retriable: true,
+    category: "infrastructure"
+  },
+  E_RATE_LIMITED: {
+    code: "E_RATE_LIMITED",
+    http_status: 429,
+    title: "Rate Limited",
+    description: "Too many requests, please retry later",
+    retriable: true,
+    category: "infrastructure"
+  },
+  // Interaction error codes
+  E_INTERACTION_INVALID_DIGEST: {
+    code: "E_INTERACTION_INVALID_DIGEST",
+    http_status: 400,
+    title: "Interaction Invalid Digest",
+    description: "Digest structure is invalid (wrong value format or missing bytes)",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_INVALID_DIGEST_ALG: {
+    code: "E_INTERACTION_INVALID_DIGEST_ALG",
+    http_status: 400,
+    title: "Interaction Invalid Digest Algorithm",
+    description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_INVALID_EXTENSION_KEY: {
+    code: "E_INTERACTION_INVALID_EXTENSION_KEY",
+    http_status: 400,
+    title: "Interaction Invalid Extension Key",
+    description: "Extension key does not match required format (reverse-DNS/name[@version])",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_INVALID_FORMAT: {
+    code: "E_INTERACTION_INVALID_FORMAT",
+    http_status: 400,
+    title: "Interaction Invalid Format",
+    description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_INVALID_KIND_FORMAT: {
+    code: "E_INTERACTION_INVALID_KIND_FORMAT",
+    http_status: 400,
+    title: "Interaction Invalid Kind Format",
+    description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_INVALID_TIMING: {
+    code: "E_INTERACTION_INVALID_TIMING",
+    http_status: 400,
+    title: "Interaction Invalid Timing",
+    description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_KIND_RESERVED: {
+    code: "E_INTERACTION_KIND_RESERVED",
+    http_status: 400,
+    title: "Interaction Kind Reserved",
+    description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_ERROR_DETAIL: {
+    code: "E_INTERACTION_MISSING_ERROR_DETAIL",
+    http_status: 400,
+    title: "Interaction Missing Error Detail",
+    description: "error_code or extensions required when result.status is error",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_EXECUTOR: {
+    code: "E_INTERACTION_MISSING_EXECUTOR",
+    http_status: 400,
+    title: "Interaction Missing Executor",
+    description: "Interaction evidence is missing required executor or executor.platform field",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_ID: {
+    code: "E_INTERACTION_MISSING_ID",
+    http_status: 400,
+    title: "Interaction Missing ID",
+    description: "Interaction evidence is missing required interaction_id field",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_KIND: {
+    code: "E_INTERACTION_MISSING_KIND",
+    http_status: 400,
+    title: "Interaction Missing Kind",
+    description: "Interaction evidence is missing required kind field",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_RESULT: {
+    code: "E_INTERACTION_MISSING_RESULT",
+    http_status: 400,
+    title: "Interaction Missing Result",
+    description: "result.status is required when output is present",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_STARTED_AT: {
+    code: "E_INTERACTION_MISSING_STARTED_AT",
+    http_status: 400,
+    title: "Interaction Missing Started At",
+    description: "Interaction evidence is missing required started_at field",
+    retriable: false,
+    category: "interaction"
+  },
+  E_INTERACTION_MISSING_TARGET: {
+    code: "E_INTERACTION_MISSING_TARGET",
+    http_status: 400,
+    title: "Interaction Missing Target",
+    description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
+    retriable: false,
+    category: "interaction"
+  },
+  // Ucp error codes
+  E_UCP_EVIDENCE_SERIALIZATION_FAILED: {
+    code: "E_UCP_EVIDENCE_SERIALIZATION_FAILED",
+    http_status: 500,
+    title: "UCP Evidence Serialization Failed",
+    description: "Failed to serialize UCP evidence to YAML format",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_KEY_ALGORITHM_MISMATCH: {
+    code: "E_UCP_KEY_ALGORITHM_MISMATCH",
+    http_status: 401,
+    title: "UCP Key Algorithm Mismatch",
+    description: "Key type is not EC as required for ECDSA signatures",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_KEY_CURVE_MISMATCH: {
+    code: "E_UCP_KEY_CURVE_MISMATCH",
+    http_status: 401,
+    title: "UCP Key Curve Mismatch",
+    description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_KEY_NOT_FOUND: {
+    code: "E_UCP_KEY_NOT_FOUND",
+    http_status: 401,
+    title: "UCP Key Not Found",
+    description: "Key ID from signature not found in business UCP profile",
+    retriable: true,
+    category: "ucp"
+  },
+  E_UCP_ORDER_INVALID: {
+    code: "E_UCP_ORDER_INVALID",
+    http_status: 400,
+    title: "UCP Order Invalid",
+    description: "UCP order object does not conform to expected schema",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_ORDER_MISSING_ID: {
+    code: "E_UCP_ORDER_MISSING_ID",
+    http_status: 400,
+    title: "UCP Order Missing ID",
+    description: "UCP order is missing required id field",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_ORDER_MISSING_LINE_ITEMS: {
+    code: "E_UCP_ORDER_MISSING_LINE_ITEMS",
+    http_status: 400,
+    title: "UCP Order Missing Line Items",
+    description: "UCP order is missing required line_items array",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_ORDER_MISSING_TOTALS: {
+    code: "E_UCP_ORDER_MISSING_TOTALS",
+    http_status: 400,
+    title: "UCP Order Missing Totals",
+    description: "UCP order is missing required totals array or total entry",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_PAYLOAD_EMPTY: {
+    code: "E_UCP_PAYLOAD_EMPTY",
+    http_status: 400,
+    title: "UCP Payload Empty",
+    description: "Webhook request body is empty",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_PAYLOAD_NOT_JSON: {
+    code: "E_UCP_PAYLOAD_NOT_JSON",
+    http_status: 400,
+    title: "UCP Payload Not JSON",
+    description: "Webhook request body is not valid JSON",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_PAYLOAD_TOO_LARGE: {
+    code: "E_UCP_PAYLOAD_TOO_LARGE",
+    http_status: 400,
+    title: "UCP Payload Too Large",
+    description: "Webhook request body exceeds maximum allowed size",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_PROFILE_FETCH_FAILED: {
+    code: "E_UCP_PROFILE_FETCH_FAILED",
+    http_status: 502,
+    title: "UCP Profile Fetch Failed",
+    description: "Failed to fetch business UCP profile from /.well-known/ucp",
+    retriable: true,
+    category: "ucp"
+  },
+  E_UCP_PROFILE_INVALID: {
+    code: "E_UCP_PROFILE_INVALID",
+    http_status: 502,
+    title: "UCP Profile Invalid",
+    description: "Business UCP profile does not conform to expected schema",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_PROFILE_NO_SIGNING_KEYS: {
+    code: "E_UCP_PROFILE_NO_SIGNING_KEYS",
+    http_status: 502,
+    title: "UCP Profile No Signing Keys",
+    description: "Business UCP profile has empty or missing signing_keys array",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
+    code: "E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED",
+    http_status: 400,
+    title: "UCP Signature Algorithm Unsupported",
+    description: "Signature algorithm is not ES256, ES384, or ES512",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_SIGNATURE_B64_INVALID: {
+    code: "E_UCP_SIGNATURE_B64_INVALID",
+    http_status: 400,
+    title: "UCP Signature b64 Invalid",
+    description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_SIGNATURE_INVALID: {
+    code: "E_UCP_SIGNATURE_INVALID",
+    http_status: 401,
+    title: "UCP Signature Invalid",
+    description: "Webhook signature verification failed against payload",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_SIGNATURE_MALFORMED: {
+    code: "E_UCP_SIGNATURE_MALFORMED",
+    http_status: 400,
+    title: "UCP Signature Malformed",
+    description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_SIGNATURE_MISSING: {
+    code: "E_UCP_SIGNATURE_MISSING",
+    http_status: 400,
+    title: "UCP Signature Missing",
+    description: "Request-Signature header is missing from UCP webhook request",
+    retriable: false,
+    category: "ucp"
+  },
+  E_UCP_VERIFICATION_FAILED: {
+    code: "E_UCP_VERIFICATION_FAILED",
+    http_status: 401,
+    title: "UCP Verification Failed",
+    description: "All verification attempts failed (raw and JCS canonicalized)",
+    retriable: false,
+    category: "ucp"
+  },
+  // Validation error codes
+  E_EVIDENCE_NOT_JSON: {
+    code: "E_EVIDENCE_NOT_JSON",
+    http_status: 400,
+    title: "Evidence Not JSON-Safe",
+    description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
+    retriable: false,
+    category: "validation"
+  },
+  E_EXPIRED: {
+    code: "E_EXPIRED",
+    http_status: 400,
+    title: "Receipt Expired",
+    description: "Receipt has exceeded its expiration time",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_AMOUNT: {
+    code: "E_INVALID_AMOUNT",
+    http_status: 400,
+    title: "Invalid Amount",
+    description: "Payment amount is invalid or out of allowed range",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_AUDIENCE: {
+    code: "E_INVALID_AUDIENCE",
+    http_status: 400,
+    title: "Invalid Audience",
+    description: "Receipt audience claim does not match expected value",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_CURRENCY: {
+    code: "E_INVALID_CURRENCY",
+    http_status: 400,
+    title: "Invalid Currency",
+    description: "Currency code is not a valid ISO 4217 code",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_FORMAT: {
+    code: "E_INVALID_FORMAT",
+    http_status: 400,
+    title: "Invalid Format",
+    description: "Receipt does not conform to JWS format",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_ISSUER: {
+    code: "E_INVALID_ISSUER",
+    http_status: 400,
+    title: "Invalid Issuer",
+    description: "Receipt issuer claim is invalid or untrusted",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_RAIL: {
+    code: "E_INVALID_RAIL",
+    http_status: 400,
+    title: "Invalid Payment Rail",
+    description: "Payment rail identifier is not recognized",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_RECEIPT_ID: {
+    code: "E_INVALID_RECEIPT_ID",
+    http_status: 400,
+    title: "Invalid Receipt ID",
+    description: "Receipt ID (rid) does not match expected value",
+    retriable: false,
+    category: "validation"
+  },
+  E_INVALID_SUBJECT: {
+    code: "E_INVALID_SUBJECT",
+    http_status: 400,
+    title: "Invalid Subject",
+    description: "Receipt subject claim does not match expected value",
+    retriable: false,
+    category: "validation"
+  },
+  E_MISSING_EXP: {
+    code: "E_MISSING_EXP",
+    http_status: 400,
+    title: "Missing Expiration",
+    description: "Receipt is missing required exp claim",
+    retriable: false,
+    category: "validation"
+  },
+  E_MISSING_REQUIRED_CLAIM: {
+    code: "E_MISSING_REQUIRED_CLAIM",
+    http_status: 400,
+    title: "Missing Required Claim",
+    description: "Receipt is missing a required JWT claim",
+    retriable: false,
+    category: "validation"
+  },
+  E_NOT_YET_VALID: {
+    code: "E_NOT_YET_VALID",
+    http_status: 400,
+    title: "Not Yet Valid",
+    description: "Receipt nbf (not before) time is in the future",
+    retriable: true,
+    category: "validation"
+  },
+  E_PARSE_ATTESTATION_INVALID: {
+    code: "E_PARSE_ATTESTATION_INVALID",
+    http_status: 400,
+    title: "Attestation Receipt Invalid",
+    description: "Receipt classified as attestation but fails attestation schema validation",
+    retriable: false,
+    category: "validation"
+  },
+  E_PARSE_COMMERCE_INVALID: {
+    code: "E_PARSE_COMMERCE_INVALID",
+    http_status: 400,
+    title: "Commerce Receipt Invalid",
+    description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
+    retriable: false,
+    category: "validation"
+  },
+  E_PARSE_INVALID_INPUT: {
+    code: "E_PARSE_INVALID_INPUT",
+    http_status: 400,
+    title: "Parse Invalid Input",
+    description: "Input to receipt parser is not a non-null object",
+    retriable: false,
+    category: "validation"
+  },
+  // Verification error codes
+  E_INVALID_SIGNATURE: {
+    code: "E_INVALID_SIGNATURE",
+    http_status: 400,
+    title: "Invalid Signature",
+    description: "Receipt signature verification failed",
+    retriable: false,
+    category: "verification"
+  },
+  E_KEY_NOT_FOUND: {
+    code: "E_KEY_NOT_FOUND",
+    http_status: 400,
+    title: "Key Not Found",
+    description: "Public key with specified kid not found in JWKS",
+    retriable: false,
+    category: "verification"
+  },
+  // Verifier error codes
+  E_VERIFY_EXTENSION_TOO_LARGE: {
+    code: "E_VERIFY_EXTENSION_TOO_LARGE",
+    http_status: 400,
+    title: "Extension Too Large",
+    description: "Receipt extension data exceeds maximum size limit (64 KB)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_INVALID_TRANSPORT: {
+    code: "E_VERIFY_INVALID_TRANSPORT",
+    http_status: 400,
+    title: "Invalid Transport",
+    description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_ISSUER_NOT_ALLOWED: {
+    code: "E_VERIFY_ISSUER_NOT_ALLOWED",
+    http_status: 403,
+    title: "Issuer Not Allowed",
+    description: "Receipt issuer is not in the verifier policy allowlist",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_JWKS_TOO_LARGE: {
+    code: "E_VERIFY_JWKS_TOO_LARGE",
+    http_status: 400,
+    title: "JWKS Too Large",
+    description: "JWKS response exceeds maximum size limit (64 KB)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_JWKS_TOO_MANY_KEYS: {
+    code: "E_VERIFY_JWKS_TOO_MANY_KEYS",
+    http_status: 400,
+    title: "JWKS Too Many Keys",
+    description: "JWKS contains more than maximum allowed keys (20)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_KEY_FETCH_BLOCKED: {
+    code: "E_VERIFY_KEY_FETCH_BLOCKED",
+    http_status: 403,
+    title: "Key Fetch Blocked",
+    description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_KEY_FETCH_FAILED: {
+    code: "E_VERIFY_KEY_FETCH_FAILED",
+    http_status: 502,
+    title: "Key Fetch Failed",
+    description: "Network error while fetching JWKS from issuer",
+    retriable: true,
+    category: "verifier"
+  },
+  E_VERIFY_KEY_FETCH_TIMEOUT: {
+    code: "E_VERIFY_KEY_FETCH_TIMEOUT",
+    http_status: 504,
+    title: "Key Fetch Timeout",
+    description: "JWKS discovery timed out (5 second limit)",
+    retriable: true,
+    category: "verifier"
+  },
+  E_VERIFY_MALFORMED_RECEIPT: {
+    code: "E_VERIFY_MALFORMED_RECEIPT",
+    http_status: 400,
+    title: "Malformed Receipt",
+    description: "Cannot parse receipt as JWS Compact Serialization",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_POINTER_DIGEST_MISMATCH: {
+    code: "E_VERIFY_POINTER_DIGEST_MISMATCH",
+    http_status: 400,
+    title: "Pointer Digest Mismatch",
+    description: "Fetched receipt SHA-256 digest does not match pointer declaration",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_POINTER_FETCH_BLOCKED: {
+    code: "E_VERIFY_POINTER_FETCH_BLOCKED",
+    http_status: 403,
+    title: "Pointer Fetch Blocked",
+    description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_POINTER_FETCH_FAILED: {
+    code: "E_VERIFY_POINTER_FETCH_FAILED",
+    http_status: 502,
+    title: "Pointer Fetch Failed",
+    description: "Network error while fetching receipt from pointer URL",
+    retriable: true,
+    category: "verifier"
+  },
+  E_VERIFY_POINTER_FETCH_TIMEOUT: {
+    code: "E_VERIFY_POINTER_FETCH_TIMEOUT",
+    http_status: 504,
+    title: "Pointer Fetch Timeout",
+    description: "Pointer URL fetch timed out (5 second limit)",
+    retriable: true,
+    category: "verifier"
+  },
+  E_VERIFY_POINTER_FETCH_TOO_LARGE: {
+    code: "E_VERIFY_POINTER_FETCH_TOO_LARGE",
+    http_status: 413,
+    title: "Pointer Fetch Too Large",
+    description: "Pointer URL response exceeds maximum size limit (256 KB)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_POLICY_VIOLATION: {
+    code: "E_VERIFY_POLICY_VIOLATION",
+    http_status: 403,
+    title: "Policy Violation",
+    description: "Receipt violates verifier trust policy",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_RECEIPT_TOO_LARGE: {
+    code: "E_VERIFY_RECEIPT_TOO_LARGE",
+    http_status: 413,
+    title: "Receipt Too Large",
+    description: "Receipt exceeds maximum size limit (256 KB)",
+    retriable: false,
+    category: "verifier"
+  },
+  E_VERIFY_SCHEMA_INVALID: {
+    code: "E_VERIFY_SCHEMA_INVALID",
+    http_status: 400,
+    title: "Schema Invalid",
+    description: "Receipt claims do not conform to expected schema",
+    retriable: false,
+    category: "verifier"
+  },
+  // Workflow error codes
+  E_WORKFLOW_CONTEXT_INVALID: {
+    code: "E_WORKFLOW_CONTEXT_INVALID",
+    http_status: 400,
+    title: "Invalid Workflow Context",
+    description: "Workflow context does not conform to WorkflowContextSchema",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_CYCLE_DETECTED: {
+    code: "E_WORKFLOW_CYCLE_DETECTED",
+    http_status: 400,
+    title: "Workflow Cycle Detected",
+    description: "Workflow DAG contains a cycle (not acyclic)",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_DAG_INVALID: {
+    code: "E_WORKFLOW_DAG_INVALID",
+    http_status: 400,
+    title: "Invalid Workflow DAG",
+    description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_ID_INVALID: {
+    code: "E_WORKFLOW_ID_INVALID",
+    http_status: 400,
+    title: "Invalid Workflow ID",
+    description: "Workflow ID does not match required format (wf_{ulid|uuid})",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_LIMIT_EXCEEDED: {
+    code: "E_WORKFLOW_LIMIT_EXCEEDED",
+    http_status: 400,
+    title: "Workflow Limit Exceeded",
+    description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_PARENT_NOT_FOUND: {
+    code: "E_WORKFLOW_PARENT_NOT_FOUND",
+    http_status: 400,
+    title: "Parent Step Not Found",
+    description: "Referenced parent step ID does not exist in the workflow",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_STEP_ID_INVALID: {
+    code: "E_WORKFLOW_STEP_ID_INVALID",
+    http_status: 400,
+    title: "Invalid Step ID",
+    description: "Step ID does not match required format (step_{ulid|uuid})",
+    retriable: false,
+    category: "workflow"
+  },
+  E_WORKFLOW_SUMMARY_INVALID: {
+    code: "E_WORKFLOW_SUMMARY_INVALID",
+    http_status: 400,
+    title: "Invalid Workflow Summary",
+    description: "Workflow summary attestation does not conform to schema",
+    retriable: false,
+    category: "workflow"
+  }
+};
+function getError(code) {
+  return ERRORS[code];
+}
+function isRetriable(code) {
+  return ERRORS[code]?.retriable ?? false;
+}
+var BUNDLE_ERRORS = {
+  DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
+  HASH_MISMATCH: "E_BUNDLE_HASH_MISMATCH",
+  INVALID_FORMAT: "E_BUNDLE_INVALID_FORMAT",
+  KEY_MISSING: "E_BUNDLE_KEY_MISSING",
+  MANIFEST_INVALID: "E_BUNDLE_MANIFEST_INVALID",
+  MANIFEST_MISSING: "E_BUNDLE_MANIFEST_MISSING",
+  MISSING_KEYS: "E_BUNDLE_MISSING_KEYS",
+  MISSING_RECEIPTS: "E_BUNDLE_MISSING_RECEIPTS",
+  PATH_TRAVERSAL: "E_BUNDLE_PATH_TRAVERSAL",
+  POLICY_HASH_MISMATCH: "E_BUNDLE_POLICY_HASH_MISMATCH",
+  RECEIPTS_UNORDERED: "E_BUNDLE_RECEIPTS_UNORDERED",
+  RECEIPT_INVALID: "E_BUNDLE_RECEIPT_INVALID",
+  SIGNATURE_INVALID: "E_BUNDLE_SIGNATURE_INVALID",
+  SIZE_EXCEEDED: "E_BUNDLE_SIZE_EXCEEDED",
+  TIME_RANGE_INVALID: "E_BUNDLE_TIME_RANGE_INVALID"
+};
+var DISPUTE_ERRORS = {
+  DUPLICATE: "E_DISPUTE_DUPLICATE",
+  EXPIRED: "E_DISPUTE_EXPIRED",
+  INVALID_FORMAT: "E_DISPUTE_INVALID_FORMAT",
+  INVALID_GROUNDS: "E_DISPUTE_INVALID_GROUNDS",
+  INVALID_ID: "E_DISPUTE_INVALID_ID",
+  INVALID_STATE: "E_DISPUTE_INVALID_STATE",
+  INVALID_TARGET_TYPE: "E_DISPUTE_INVALID_TARGET_TYPE",
+  INVALID_TRANSITION: "E_DISPUTE_INVALID_TRANSITION",
+  INVALID_TYPE: "E_DISPUTE_INVALID_TYPE",
+  MISSING_RESOLUTION: "E_DISPUTE_MISSING_RESOLUTION",
+  NOT_YET_VALID: "E_DISPUTE_NOT_YET_VALID",
+  OTHER_REQUIRES_DESCRIPTION: "E_DISPUTE_OTHER_REQUIRES_DESCRIPTION",
+  RESOLUTION_NOT_ALLOWED: "E_DISPUTE_RESOLUTION_NOT_ALLOWED",
+  TARGET_NOT_FOUND: "E_DISPUTE_TARGET_NOT_FOUND"
+};
+
+// src/registries.ts
+var PAYMENT_RAILS = [
+  {
+    id: "x402",
+    category: "agentic-payment",
+    description: "HTTP 402-based paid call receipts",
+    reference: "https://www.x402.org/",
+    status: "informational"
+  },
+  {
+    id: "l402",
+    category: "agentic-payment",
+    description: "Lightning HTTP 402 Protocol (LSAT-based)",
+    reference: "https://docs.lightning.engineering/the-lightning-network/l402",
+    status: "informational"
+  },
+  {
+    id: "card-network",
+    category: "card",
+    description: "Generic card network authorizations/clearing",
+    reference: null,
+    status: "informational"
+  },
+  {
+    id: "upi",
+    category: "account-to-account",
+    description: "Unified Payments Interface",
+    reference: "https://www.npci.org.in/",
+    status: "informational"
+  }
+];
+var CONTROL_ENGINES = [
+  {
+    id: "spend-control-service",
+    category: "limits",
+    description: "Generic spend control decisions (per-tx, daily, monthly limits)",
+    reference: null,
+    status: "informational"
+  },
+  {
+    id: "risk-engine",
+    category: "fraud",
+    description: "Generic risk/fraud scoring engine",
+    reference: null,
+    status: "informational"
+  },
+  {
+    id: "mandate-service",
+    category: "mandate",
+    description: "Generic enterprise mandate/approval chain evaluator",
+    reference: null,
+    status: "informational"
+  }
+];
+var TRANSPORT_METHODS = [
+  {
+    id: "dpop",
+    category: "proof-of-possession",
+    description: "Demonstrating Proof-of-Possession at the Application Layer",
+    reference: "https://www.rfc-editor.org/rfc/rfc9449",
+    status: "informational"
+  },
+  {
+    id: "http-signature",
+    category: "message-signature",
+    description: "HTTP Message Signatures",
+    reference: "https://www.rfc-editor.org/rfc/rfc9421",
+    status: "informational"
+  },
+  {
+    id: "none",
+    category: "none",
+    description: "No transport binding",
+    reference: null,
+    status: "informational"
+  }
+];
+var AGENT_PROTOCOLS = [
+  {
+    id: "mcp",
+    category: "tool-protocol",
+    description: "Model Context Protocol (MCP)",
+    reference: "https://modelcontextprotocol.io/",
+    status: "informational"
+  },
+  {
+    id: "acp",
+    category: "commerce-protocol",
+    description: "Agentic Commerce Protocol",
+    reference: null,
+    status: "informational"
+  },
+  {
+    id: "ap2",
+    category: "agent-protocol",
+    description: "Google Agent Protocol v2",
+    reference: null,
+    status: "informational"
+  },
+  {
+    id: "tap",
+    category: "card-protocol",
+    description: "Trusted Agent Protocol (Visa TAP)",
+    reference: "https://developer.visa.com/",
+    status: "informational"
+  }
+];
+var REGISTRIES = {
+  payment_rails: PAYMENT_RAILS,
+  control_engines: CONTROL_ENGINES,
+  transport_methods: TRANSPORT_METHODS,
+  agent_protocols: AGENT_PROTOCOLS
+};
+function findPaymentRail(id) {
+  return PAYMENT_RAILS.find((rail) => rail.id === id);
+}
+function findControlEngine(id) {
+  return CONTROL_ENGINES.find((engine) => engine.id === id);
+}
+function findTransportMethod(id) {
+  return TRANSPORT_METHODS.find((method) => method.id === id);
+}
+function findAgentProtocol(id) {
+  return AGENT_PROTOCOLS.find((protocol) => protocol.id === id);
+}
+
+// src/http.ts
+var VARY_HEADERS = [HEADERS.purpose, HEADERS.receipt];
+function applyPurposeVary(headers) {
+  const purposeHeader = HEADERS.purpose;
+  if ("append" in headers && typeof headers.append === "function") {
+    const existing = headers.get("Vary") || "";
+    if (!existing.toLowerCase().includes(purposeHeader.toLowerCase())) {
+      headers.append("Vary", purposeHeader);
+    }
+  } else if ("setHeader" in headers && typeof headers.setHeader === "function") {
+    const existing = headers.getHeader?.("Vary");
+    const existingStr = Array.isArray(existing) ? existing.join(", ") : String(existing || "");
+    if (!existingStr.toLowerCase().includes(purposeHeader.toLowerCase())) {
+      headers.setHeader("Vary", existingStr ? `${existingStr}, ${purposeHeader}` : purposeHeader);
+    }
+  } else if ("set" in headers && typeof headers.set === "function") {
+    headers.set("Vary", purposeHeader);
+  }
+}
+function getPeacVaryHeaders() {
+  return VARY_HEADERS.join(", ");
+}
+function needsPurposeVary(purposeEnforced) {
+  return purposeEnforced;
+}
+
+exports.AGENT_PROTOCOLS = AGENT_PROTOCOLS;
+exports.ALGORITHMS = ALGORITHMS;
+exports.BUNDLE_ERRORS = BUNDLE_ERRORS;
+exports.BUNDLE_VERSION = BUNDLE_VERSION;
+exports.CONSTANTS = CONSTANTS;
+exports.CONTROL_ENGINES = CONTROL_ENGINES;
+exports.DISCOVERY = DISCOVERY;
+exports.DISPUTE_ERRORS = DISPUTE_ERRORS;
+exports.ERRORS = ERRORS;
+exports.ERROR_CATEGORIES = ERROR_CATEGORIES;
+exports.ERROR_CODES = ERROR_CODES;
+exports.HASH = HASH;
+exports.HEADERS = HEADERS;
+exports.ISSUER_CONFIG = ISSUER_CONFIG;
+exports.JWKS = JWKS;
+exports.LIMITS = LIMITS;
+exports.PAYMENT_RAILS = PAYMENT_RAILS;
+exports.POLICY = POLICY;
+exports.PRIVATE_IP_RANGES = PRIVATE_IP_RANGES;
+exports.RECEIPT = RECEIPT;
+exports.REGISTRIES = REGISTRIES;
+exports.TRANSPORT_METHODS = TRANSPORT_METHODS;
+exports.VARY_HEADERS = VARY_HEADERS;
+exports.VERIFICATION_MODES = VERIFICATION_MODES;
+exports.VERIFICATION_REPORT_VERSION = VERIFICATION_REPORT_VERSION;
+exports.VERIFIER_LIMITS = VERIFIER_LIMITS;
+exports.VERIFIER_NETWORK = VERIFIER_NETWORK;
+exports.VERIFIER_POLICY_VERSION = VERIFIER_POLICY_VERSION;
+exports.WIRE_TYPE = WIRE_TYPE;
+exports.WIRE_VERSION = WIRE_VERSION;
+exports.applyPurposeVary = applyPurposeVary;
+exports.findAgentProtocol = findAgentProtocol;
+exports.findControlEngine = findControlEngine;
+exports.findPaymentRail = findPaymentRail;
+exports.findTransportMethod = findTransportMethod;
+exports.formatHash = formatHash;
+exports.getError = getError;
+exports.getPeacVaryHeaders = getPeacVaryHeaders;
+exports.isRetriable = isRetriable;
+exports.isValidHash = isValidHash;
+exports.needsPurposeVary = needsPurposeVary;
+exports.parseHash = parseHash;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map