@peac/kernel 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/__tests__/carrier.test.d.ts +2 -0
- package/dist/__tests__/carrier.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +113 -0
- package/dist/carrier.d.ts.map +1 -0
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +343 -143
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +9 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +343 -143
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +349 -143
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +347 -143
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/errors.cjs
CHANGED
|
@@ -129,10 +129,16 @@ var ERROR_CODES = {
|
|
|
129
129
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
130
130
|
// Verifier error codes
|
|
131
131
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
132
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
132
133
|
E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
|
|
134
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
135
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
136
|
+
E_VERIFY_ISSUER_MISMATCH: "E_VERIFY_ISSUER_MISMATCH",
|
|
133
137
|
E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
|
|
138
|
+
E_VERIFY_JWKS_INVALID: "E_VERIFY_JWKS_INVALID",
|
|
134
139
|
E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
|
|
135
140
|
E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
|
|
141
|
+
E_VERIFY_JWKS_URI_INVALID: "E_VERIFY_JWKS_URI_INVALID",
|
|
136
142
|
E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
|
|
137
143
|
E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
|
|
138
144
|
E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
|
|
@@ -162,7 +168,8 @@ var ERRORS = {
|
|
|
162
168
|
http_status: 400,
|
|
163
169
|
title: "Attribution Chain Too Deep",
|
|
164
170
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
165
|
-
|
|
171
|
+
retryable: false,
|
|
172
|
+
next_action: "retry_with_different_input",
|
|
166
173
|
category: "attribution"
|
|
167
174
|
},
|
|
168
175
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -170,7 +177,8 @@ var ERRORS = {
|
|
|
170
177
|
http_status: 400,
|
|
171
178
|
title: "Attribution Circular Chain",
|
|
172
179
|
description: "Circular reference detected in attribution chain",
|
|
173
|
-
|
|
180
|
+
retryable: false,
|
|
181
|
+
next_action: "retry_with_different_input",
|
|
174
182
|
category: "attribution"
|
|
175
183
|
},
|
|
176
184
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -178,7 +186,8 @@ var ERRORS = {
|
|
|
178
186
|
http_status: 401,
|
|
179
187
|
title: "Attribution Expired",
|
|
180
188
|
description: "Attribution attestation has exceeded its expiration time",
|
|
181
|
-
|
|
189
|
+
retryable: false,
|
|
190
|
+
next_action: "retry_with_different_input",
|
|
182
191
|
category: "attribution"
|
|
183
192
|
},
|
|
184
193
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -186,7 +195,8 @@ var ERRORS = {
|
|
|
186
195
|
http_status: 400,
|
|
187
196
|
title: "Attribution Hash Invalid",
|
|
188
197
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
189
|
-
|
|
198
|
+
retryable: false,
|
|
199
|
+
next_action: "retry_with_different_input",
|
|
190
200
|
category: "attribution"
|
|
191
201
|
},
|
|
192
202
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -194,7 +204,8 @@ var ERRORS = {
|
|
|
194
204
|
http_status: 400,
|
|
195
205
|
title: "Attribution Invalid Format",
|
|
196
206
|
description: "Attribution attestation does not conform to schema",
|
|
197
|
-
|
|
207
|
+
retryable: false,
|
|
208
|
+
next_action: "retry_with_different_input",
|
|
198
209
|
category: "attribution"
|
|
199
210
|
},
|
|
200
211
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -202,7 +213,8 @@ var ERRORS = {
|
|
|
202
213
|
http_status: 400,
|
|
203
214
|
title: "Attribution Invalid Reference",
|
|
204
215
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
205
|
-
|
|
216
|
+
retryable: false,
|
|
217
|
+
next_action: "retry_with_different_input",
|
|
206
218
|
category: "attribution"
|
|
207
219
|
},
|
|
208
220
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -210,7 +222,8 @@ var ERRORS = {
|
|
|
210
222
|
http_status: 400,
|
|
211
223
|
title: "Attribution Invalid Weight",
|
|
212
224
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
213
|
-
|
|
225
|
+
retryable: false,
|
|
226
|
+
next_action: "retry_with_different_input",
|
|
214
227
|
category: "attribution"
|
|
215
228
|
},
|
|
216
229
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -218,7 +231,8 @@ var ERRORS = {
|
|
|
218
231
|
http_status: 400,
|
|
219
232
|
title: "Attribution Missing Sources",
|
|
220
233
|
description: "Attribution attestation has empty sources array",
|
|
221
|
-
|
|
234
|
+
retryable: false,
|
|
235
|
+
next_action: "retry_with_different_input",
|
|
222
236
|
category: "attribution"
|
|
223
237
|
},
|
|
224
238
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -226,7 +240,8 @@ var ERRORS = {
|
|
|
226
240
|
http_status: 401,
|
|
227
241
|
title: "Attribution Not Yet Valid",
|
|
228
242
|
description: "Attribution attestation issued_at time is in the future",
|
|
229
|
-
|
|
243
|
+
retryable: true,
|
|
244
|
+
next_action: "retry_after_delay",
|
|
230
245
|
category: "attribution"
|
|
231
246
|
},
|
|
232
247
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -234,7 +249,8 @@ var ERRORS = {
|
|
|
234
249
|
http_status: 502,
|
|
235
250
|
title: "Attribution Resolution Failed",
|
|
236
251
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
237
|
-
|
|
252
|
+
retryable: true,
|
|
253
|
+
next_action: "retry_after_delay",
|
|
238
254
|
category: "attribution"
|
|
239
255
|
},
|
|
240
256
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -242,7 +258,8 @@ var ERRORS = {
|
|
|
242
258
|
http_status: 504,
|
|
243
259
|
title: "Attribution Resolution Timeout",
|
|
244
260
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
245
|
-
|
|
261
|
+
retryable: true,
|
|
262
|
+
next_action: "retry_after_delay",
|
|
246
263
|
category: "attribution"
|
|
247
264
|
},
|
|
248
265
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -250,7 +267,8 @@ var ERRORS = {
|
|
|
250
267
|
http_status: 400,
|
|
251
268
|
title: "Attribution Size Exceeded",
|
|
252
269
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
253
|
-
|
|
270
|
+
retryable: false,
|
|
271
|
+
next_action: "retry_with_different_input",
|
|
254
272
|
category: "attribution"
|
|
255
273
|
},
|
|
256
274
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -258,7 +276,8 @@ var ERRORS = {
|
|
|
258
276
|
http_status: 400,
|
|
259
277
|
title: "Attribution Too Many Sources",
|
|
260
278
|
description: "Attribution has too many sources (maximum 100)",
|
|
261
|
-
|
|
279
|
+
retryable: false,
|
|
280
|
+
next_action: "retry_with_different_input",
|
|
262
281
|
category: "attribution"
|
|
263
282
|
},
|
|
264
283
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -266,7 +285,8 @@ var ERRORS = {
|
|
|
266
285
|
http_status: 400,
|
|
267
286
|
title: "Attribution Unknown Usage",
|
|
268
287
|
description: "Attribution usage type is not recognized",
|
|
269
|
-
|
|
288
|
+
retryable: false,
|
|
289
|
+
next_action: "retry_with_different_input",
|
|
270
290
|
category: "attribution"
|
|
271
291
|
},
|
|
272
292
|
// Bundle error codes
|
|
@@ -275,7 +295,8 @@ var ERRORS = {
|
|
|
275
295
|
http_status: 400,
|
|
276
296
|
title: "Bundle Duplicate Receipt",
|
|
277
297
|
description: "Bundle contains multiple receipts with the same ID",
|
|
278
|
-
|
|
298
|
+
retryable: false,
|
|
299
|
+
next_action: "retry_with_different_input",
|
|
279
300
|
category: "bundle"
|
|
280
301
|
},
|
|
281
302
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -283,7 +304,8 @@ var ERRORS = {
|
|
|
283
304
|
http_status: 400,
|
|
284
305
|
title: "Bundle Hash Mismatch",
|
|
285
306
|
description: "File hash does not match value declared in manifest.json",
|
|
286
|
-
|
|
307
|
+
retryable: false,
|
|
308
|
+
next_action: "retry_with_different_input",
|
|
287
309
|
category: "bundle"
|
|
288
310
|
},
|
|
289
311
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -291,7 +313,8 @@ var ERRORS = {
|
|
|
291
313
|
http_status: 400,
|
|
292
314
|
title: "Bundle Invalid Format",
|
|
293
315
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
294
|
-
|
|
316
|
+
retryable: false,
|
|
317
|
+
next_action: "retry_with_different_input",
|
|
295
318
|
category: "bundle"
|
|
296
319
|
},
|
|
297
320
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -299,7 +322,8 @@ var ERRORS = {
|
|
|
299
322
|
http_status: 400,
|
|
300
323
|
title: "Bundle Key Missing",
|
|
301
324
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
302
|
-
|
|
325
|
+
retryable: false,
|
|
326
|
+
next_action: "retry_with_different_input",
|
|
303
327
|
category: "bundle"
|
|
304
328
|
},
|
|
305
329
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -307,7 +331,8 @@ var ERRORS = {
|
|
|
307
331
|
http_status: 400,
|
|
308
332
|
title: "Bundle Manifest Invalid",
|
|
309
333
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
310
|
-
|
|
334
|
+
retryable: false,
|
|
335
|
+
next_action: "retry_with_different_input",
|
|
311
336
|
category: "bundle"
|
|
312
337
|
},
|
|
313
338
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -315,7 +340,8 @@ var ERRORS = {
|
|
|
315
340
|
http_status: 400,
|
|
316
341
|
title: "Bundle Manifest Missing",
|
|
317
342
|
description: "manifest.json not found at bundle archive root",
|
|
318
|
-
|
|
343
|
+
retryable: false,
|
|
344
|
+
next_action: "retry_with_different_input",
|
|
319
345
|
category: "bundle"
|
|
320
346
|
},
|
|
321
347
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -323,7 +349,8 @@ var ERRORS = {
|
|
|
323
349
|
http_status: 400,
|
|
324
350
|
title: "Bundle Missing Keys",
|
|
325
351
|
description: "No verification keys provided in bundle JWKS",
|
|
326
|
-
|
|
352
|
+
retryable: false,
|
|
353
|
+
next_action: "retry_with_different_input",
|
|
327
354
|
category: "bundle"
|
|
328
355
|
},
|
|
329
356
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -331,7 +358,8 @@ var ERRORS = {
|
|
|
331
358
|
http_status: 400,
|
|
332
359
|
title: "Bundle Missing Receipts",
|
|
333
360
|
description: "No receipts provided when creating bundle",
|
|
334
|
-
|
|
361
|
+
retryable: false,
|
|
362
|
+
next_action: "retry_with_different_input",
|
|
335
363
|
category: "bundle"
|
|
336
364
|
},
|
|
337
365
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -339,7 +367,8 @@ var ERRORS = {
|
|
|
339
367
|
http_status: 400,
|
|
340
368
|
title: "Bundle Path Traversal",
|
|
341
369
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
342
|
-
|
|
370
|
+
retryable: false,
|
|
371
|
+
next_action: "retry_with_different_input",
|
|
343
372
|
category: "bundle"
|
|
344
373
|
},
|
|
345
374
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -347,7 +376,8 @@ var ERRORS = {
|
|
|
347
376
|
http_status: 400,
|
|
348
377
|
title: "Bundle Policy Hash Mismatch",
|
|
349
378
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
350
|
-
|
|
379
|
+
retryable: false,
|
|
380
|
+
next_action: "retry_with_different_input",
|
|
351
381
|
category: "bundle"
|
|
352
382
|
},
|
|
353
383
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -355,7 +385,8 @@ var ERRORS = {
|
|
|
355
385
|
http_status: 400,
|
|
356
386
|
title: "Bundle Receipts Unordered",
|
|
357
387
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
358
|
-
|
|
388
|
+
retryable: false,
|
|
389
|
+
next_action: "retry_with_different_input",
|
|
359
390
|
category: "bundle"
|
|
360
391
|
},
|
|
361
392
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -363,7 +394,8 @@ var ERRORS = {
|
|
|
363
394
|
http_status: 400,
|
|
364
395
|
title: "Bundle Receipt Invalid",
|
|
365
396
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
366
|
-
|
|
397
|
+
retryable: false,
|
|
398
|
+
next_action: "retry_with_different_input",
|
|
367
399
|
category: "bundle"
|
|
368
400
|
},
|
|
369
401
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -371,7 +403,8 @@ var ERRORS = {
|
|
|
371
403
|
http_status: 400,
|
|
372
404
|
title: "Bundle Signature Invalid",
|
|
373
405
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
374
|
-
|
|
406
|
+
retryable: false,
|
|
407
|
+
next_action: "retry_with_different_input",
|
|
375
408
|
category: "bundle"
|
|
376
409
|
},
|
|
377
410
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -379,7 +412,8 @@ var ERRORS = {
|
|
|
379
412
|
http_status: 400,
|
|
380
413
|
title: "Bundle Size Exceeded",
|
|
381
414
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
382
|
-
|
|
415
|
+
retryable: false,
|
|
416
|
+
next_action: "retry_with_different_input",
|
|
383
417
|
category: "bundle"
|
|
384
418
|
},
|
|
385
419
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -387,7 +421,8 @@ var ERRORS = {
|
|
|
387
421
|
http_status: 400,
|
|
388
422
|
title: "Bundle Time Range Invalid",
|
|
389
423
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
390
|
-
|
|
424
|
+
retryable: false,
|
|
425
|
+
next_action: "retry_with_different_input",
|
|
391
426
|
category: "bundle"
|
|
392
427
|
},
|
|
393
428
|
// Control error codes
|
|
@@ -396,7 +431,8 @@ var ERRORS = {
|
|
|
396
431
|
http_status: 403,
|
|
397
432
|
title: "Control Decision Denied",
|
|
398
433
|
description: "Control engine denied authorization",
|
|
399
|
-
|
|
434
|
+
retryable: false,
|
|
435
|
+
next_action: "contact_issuer",
|
|
400
436
|
category: "control"
|
|
401
437
|
},
|
|
402
438
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -404,7 +440,8 @@ var ERRORS = {
|
|
|
404
440
|
http_status: 202,
|
|
405
441
|
title: "Review Required",
|
|
406
442
|
description: "Control engine requires manual review",
|
|
407
|
-
|
|
443
|
+
retryable: true,
|
|
444
|
+
next_action: "contact_issuer",
|
|
408
445
|
category: "control"
|
|
409
446
|
},
|
|
410
447
|
// Dispute error codes
|
|
@@ -413,7 +450,8 @@ var ERRORS = {
|
|
|
413
450
|
http_status: 409,
|
|
414
451
|
title: "Dispute Duplicate",
|
|
415
452
|
description: "A dispute with this ID already exists",
|
|
416
|
-
|
|
453
|
+
retryable: false,
|
|
454
|
+
next_action: "retry_with_different_input",
|
|
417
455
|
category: "dispute"
|
|
418
456
|
},
|
|
419
457
|
E_DISPUTE_EXPIRED: {
|
|
@@ -421,7 +459,8 @@ var ERRORS = {
|
|
|
421
459
|
http_status: 401,
|
|
422
460
|
title: "Dispute Expired",
|
|
423
461
|
description: "Dispute attestation has exceeded its expiration time",
|
|
424
|
-
|
|
462
|
+
retryable: false,
|
|
463
|
+
next_action: "retry_with_different_input",
|
|
425
464
|
category: "dispute"
|
|
426
465
|
},
|
|
427
466
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -429,7 +468,8 @@ var ERRORS = {
|
|
|
429
468
|
http_status: 400,
|
|
430
469
|
title: "Dispute Invalid Format",
|
|
431
470
|
description: "Dispute attestation does not conform to schema",
|
|
432
|
-
|
|
471
|
+
retryable: false,
|
|
472
|
+
next_action: "retry_with_different_input",
|
|
433
473
|
category: "dispute"
|
|
434
474
|
},
|
|
435
475
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -437,7 +477,8 @@ var ERRORS = {
|
|
|
437
477
|
http_status: 400,
|
|
438
478
|
title: "Dispute Invalid Grounds",
|
|
439
479
|
description: "Dispute grounds code is not recognized",
|
|
440
|
-
|
|
480
|
+
retryable: false,
|
|
481
|
+
next_action: "retry_with_different_input",
|
|
441
482
|
category: "dispute"
|
|
442
483
|
},
|
|
443
484
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -445,7 +486,8 @@ var ERRORS = {
|
|
|
445
486
|
http_status: 400,
|
|
446
487
|
title: "Dispute Invalid ID",
|
|
447
488
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
448
|
-
|
|
489
|
+
retryable: false,
|
|
490
|
+
next_action: "retry_with_different_input",
|
|
449
491
|
category: "dispute"
|
|
450
492
|
},
|
|
451
493
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -453,7 +495,8 @@ var ERRORS = {
|
|
|
453
495
|
http_status: 400,
|
|
454
496
|
title: "Dispute Invalid State",
|
|
455
497
|
description: "Dispute state is not recognized",
|
|
456
|
-
|
|
498
|
+
retryable: false,
|
|
499
|
+
next_action: "retry_with_different_input",
|
|
457
500
|
category: "dispute"
|
|
458
501
|
},
|
|
459
502
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -461,7 +504,8 @@ var ERRORS = {
|
|
|
461
504
|
http_status: 400,
|
|
462
505
|
title: "Dispute Invalid Target Type",
|
|
463
506
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
464
|
-
|
|
507
|
+
retryable: false,
|
|
508
|
+
next_action: "retry_with_different_input",
|
|
465
509
|
category: "dispute"
|
|
466
510
|
},
|
|
467
511
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -469,7 +513,8 @@ var ERRORS = {
|
|
|
469
513
|
http_status: 400,
|
|
470
514
|
title: "Dispute Invalid Transition",
|
|
471
515
|
description: "Invalid state transition for dispute lifecycle",
|
|
472
|
-
|
|
516
|
+
retryable: false,
|
|
517
|
+
next_action: "retry_with_different_input",
|
|
473
518
|
category: "dispute"
|
|
474
519
|
},
|
|
475
520
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -477,7 +522,8 @@ var ERRORS = {
|
|
|
477
522
|
http_status: 400,
|
|
478
523
|
title: "Dispute Invalid Type",
|
|
479
524
|
description: "Dispute type is not recognized",
|
|
480
|
-
|
|
525
|
+
retryable: false,
|
|
526
|
+
next_action: "retry_with_different_input",
|
|
481
527
|
category: "dispute"
|
|
482
528
|
},
|
|
483
529
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -485,7 +531,8 @@ var ERRORS = {
|
|
|
485
531
|
http_status: 400,
|
|
486
532
|
title: "Dispute Missing Resolution",
|
|
487
533
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
488
|
-
|
|
534
|
+
retryable: false,
|
|
535
|
+
next_action: "retry_with_different_input",
|
|
489
536
|
category: "dispute"
|
|
490
537
|
},
|
|
491
538
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -493,7 +540,8 @@ var ERRORS = {
|
|
|
493
540
|
http_status: 401,
|
|
494
541
|
title: "Dispute Not Yet Valid",
|
|
495
542
|
description: "Dispute attestation issued_at time is in the future",
|
|
496
|
-
|
|
543
|
+
retryable: true,
|
|
544
|
+
next_action: "retry_after_delay",
|
|
497
545
|
category: "dispute"
|
|
498
546
|
},
|
|
499
547
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -501,7 +549,8 @@ var ERRORS = {
|
|
|
501
549
|
http_status: 400,
|
|
502
550
|
title: "Dispute Other Requires Description",
|
|
503
551
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
504
|
-
|
|
552
|
+
retryable: false,
|
|
553
|
+
next_action: "retry_with_different_input",
|
|
505
554
|
category: "dispute"
|
|
506
555
|
},
|
|
507
556
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -509,7 +558,8 @@ var ERRORS = {
|
|
|
509
558
|
http_status: 400,
|
|
510
559
|
title: "Dispute Resolution Not Allowed",
|
|
511
560
|
description: "Resolution is only valid for terminal states",
|
|
512
|
-
|
|
561
|
+
retryable: false,
|
|
562
|
+
next_action: "retry_with_different_input",
|
|
513
563
|
category: "dispute"
|
|
514
564
|
},
|
|
515
565
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -517,7 +567,8 @@ var ERRORS = {
|
|
|
517
567
|
http_status: 404,
|
|
518
568
|
title: "Dispute Target Not Found",
|
|
519
569
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
520
|
-
|
|
570
|
+
retryable: true,
|
|
571
|
+
next_action: "retry_after_delay",
|
|
521
572
|
category: "dispute"
|
|
522
573
|
},
|
|
523
574
|
// Identity error codes
|
|
@@ -526,7 +577,8 @@ var ERRORS = {
|
|
|
526
577
|
http_status: 400,
|
|
527
578
|
title: "Identity Binding Future",
|
|
528
579
|
description: "Identity binding signed_at timestamp is in the future",
|
|
529
|
-
|
|
580
|
+
retryable: false,
|
|
581
|
+
next_action: "retry_with_different_input",
|
|
530
582
|
category: "identity"
|
|
531
583
|
},
|
|
532
584
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -534,7 +586,8 @@ var ERRORS = {
|
|
|
534
586
|
http_status: 400,
|
|
535
587
|
title: "Identity Binding Mismatch",
|
|
536
588
|
description: "Identity binding does not match the request being verified",
|
|
537
|
-
|
|
589
|
+
retryable: false,
|
|
590
|
+
next_action: "retry_with_different_input",
|
|
538
591
|
category: "identity"
|
|
539
592
|
},
|
|
540
593
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -542,7 +595,8 @@ var ERRORS = {
|
|
|
542
595
|
http_status: 401,
|
|
543
596
|
title: "Identity Binding Stale",
|
|
544
597
|
description: "Identity binding is too old and requires fresh binding",
|
|
545
|
-
|
|
598
|
+
retryable: true,
|
|
599
|
+
next_action: "retry_after_delay",
|
|
546
600
|
category: "identity"
|
|
547
601
|
},
|
|
548
602
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -550,7 +604,8 @@ var ERRORS = {
|
|
|
550
604
|
http_status: 503,
|
|
551
605
|
title: "Identity Directory Unavailable",
|
|
552
606
|
description: "Failed to fetch agent key directory",
|
|
553
|
-
|
|
607
|
+
retryable: true,
|
|
608
|
+
next_action: "retry_after_delay",
|
|
554
609
|
category: "identity"
|
|
555
610
|
},
|
|
556
611
|
E_IDENTITY_EXPIRED: {
|
|
@@ -558,7 +613,8 @@ var ERRORS = {
|
|
|
558
613
|
http_status: 401,
|
|
559
614
|
title: "Identity Expired",
|
|
560
615
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
561
|
-
|
|
616
|
+
retryable: false,
|
|
617
|
+
next_action: "refresh_attestation",
|
|
562
618
|
category: "identity"
|
|
563
619
|
},
|
|
564
620
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -566,7 +622,8 @@ var ERRORS = {
|
|
|
566
622
|
http_status: 400,
|
|
567
623
|
title: "Identity Invalid Format",
|
|
568
624
|
description: "Agent identity attestation does not conform to schema",
|
|
569
|
-
|
|
625
|
+
retryable: false,
|
|
626
|
+
next_action: "retry_with_different_input",
|
|
570
627
|
category: "identity"
|
|
571
628
|
},
|
|
572
629
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -574,7 +631,8 @@ var ERRORS = {
|
|
|
574
631
|
http_status: 401,
|
|
575
632
|
title: "Identity Key Expired",
|
|
576
633
|
description: "Agent signing key has expired per directory metadata",
|
|
577
|
-
|
|
634
|
+
retryable: false,
|
|
635
|
+
next_action: "refresh_attestation",
|
|
578
636
|
category: "identity"
|
|
579
637
|
},
|
|
580
638
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -582,7 +640,8 @@ var ERRORS = {
|
|
|
582
640
|
http_status: 401,
|
|
583
641
|
title: "Identity Key Revoked",
|
|
584
642
|
description: "Agent signing key has been explicitly revoked",
|
|
585
|
-
|
|
643
|
+
retryable: false,
|
|
644
|
+
next_action: "refresh_attestation",
|
|
586
645
|
category: "identity"
|
|
587
646
|
},
|
|
588
647
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -590,7 +649,8 @@ var ERRORS = {
|
|
|
590
649
|
http_status: 401,
|
|
591
650
|
title: "Identity Key Unknown",
|
|
592
651
|
description: "Key ID not found in agent key directory",
|
|
593
|
-
|
|
652
|
+
retryable: true,
|
|
653
|
+
next_action: "retry_after_delay",
|
|
594
654
|
category: "identity"
|
|
595
655
|
},
|
|
596
656
|
E_IDENTITY_MISSING: {
|
|
@@ -598,7 +658,8 @@ var ERRORS = {
|
|
|
598
658
|
http_status: 401,
|
|
599
659
|
title: "Identity Missing",
|
|
600
660
|
description: "No agent identity attestation provided in request",
|
|
601
|
-
|
|
661
|
+
retryable: false,
|
|
662
|
+
next_action: "retry_with_different_input",
|
|
602
663
|
category: "identity"
|
|
603
664
|
},
|
|
604
665
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -606,7 +667,8 @@ var ERRORS = {
|
|
|
606
667
|
http_status: 401,
|
|
607
668
|
title: "Identity Not Yet Valid",
|
|
608
669
|
description: "Agent identity attestation issued_at time is in the future",
|
|
609
|
-
|
|
670
|
+
retryable: true,
|
|
671
|
+
next_action: "retry_after_delay",
|
|
610
672
|
category: "identity"
|
|
611
673
|
},
|
|
612
674
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -614,7 +676,8 @@ var ERRORS = {
|
|
|
614
676
|
http_status: 400,
|
|
615
677
|
title: "Identity Proof Unsupported",
|
|
616
678
|
description: "Agent identity proof method is not supported",
|
|
617
|
-
|
|
679
|
+
retryable: false,
|
|
680
|
+
next_action: "retry_with_different_input",
|
|
618
681
|
category: "identity"
|
|
619
682
|
},
|
|
620
683
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -622,7 +685,8 @@ var ERRORS = {
|
|
|
622
685
|
http_status: 401,
|
|
623
686
|
title: "Identity Signature Invalid",
|
|
624
687
|
description: "Agent identity proof signature verification failed",
|
|
625
|
-
|
|
688
|
+
retryable: false,
|
|
689
|
+
next_action: "retry_with_different_input",
|
|
626
690
|
category: "identity"
|
|
627
691
|
},
|
|
628
692
|
// Infrastructure error codes
|
|
@@ -631,7 +695,8 @@ var ERRORS = {
|
|
|
631
695
|
http_status: 503,
|
|
632
696
|
title: "Circuit Breaker Open",
|
|
633
697
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
634
|
-
|
|
698
|
+
retryable: true,
|
|
699
|
+
next_action: "retry_after_delay",
|
|
635
700
|
category: "infrastructure"
|
|
636
701
|
},
|
|
637
702
|
E_INTERNAL: {
|
|
@@ -639,7 +704,8 @@ var ERRORS = {
|
|
|
639
704
|
http_status: 500,
|
|
640
705
|
title: "Internal Error",
|
|
641
706
|
description: "An unexpected internal error occurred during verification",
|
|
642
|
-
|
|
707
|
+
retryable: true,
|
|
708
|
+
next_action: "retry_after_delay",
|
|
643
709
|
category: "infrastructure"
|
|
644
710
|
},
|
|
645
711
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -647,7 +713,8 @@ var ERRORS = {
|
|
|
647
713
|
http_status: 503,
|
|
648
714
|
title: "JWKS Fetch Failed",
|
|
649
715
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
650
|
-
|
|
716
|
+
retryable: true,
|
|
717
|
+
next_action: "retry_after_delay",
|
|
651
718
|
category: "infrastructure"
|
|
652
719
|
},
|
|
653
720
|
E_RATE_LIMITED: {
|
|
@@ -655,7 +722,8 @@ var ERRORS = {
|
|
|
655
722
|
http_status: 429,
|
|
656
723
|
title: "Rate Limited",
|
|
657
724
|
description: "Too many requests, please retry later",
|
|
658
|
-
|
|
725
|
+
retryable: true,
|
|
726
|
+
next_action: "retry_after_delay",
|
|
659
727
|
category: "infrastructure"
|
|
660
728
|
},
|
|
661
729
|
// Interaction error codes
|
|
@@ -664,7 +732,8 @@ var ERRORS = {
|
|
|
664
732
|
http_status: 400,
|
|
665
733
|
title: "Interaction Invalid Digest",
|
|
666
734
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
667
|
-
|
|
735
|
+
retryable: false,
|
|
736
|
+
next_action: "retry_with_different_input",
|
|
668
737
|
category: "interaction"
|
|
669
738
|
},
|
|
670
739
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -672,7 +741,8 @@ var ERRORS = {
|
|
|
672
741
|
http_status: 400,
|
|
673
742
|
title: "Interaction Invalid Digest Algorithm",
|
|
674
743
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
675
|
-
|
|
744
|
+
retryable: false,
|
|
745
|
+
next_action: "retry_with_different_input",
|
|
676
746
|
category: "interaction"
|
|
677
747
|
},
|
|
678
748
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -680,7 +750,8 @@ var ERRORS = {
|
|
|
680
750
|
http_status: 400,
|
|
681
751
|
title: "Interaction Invalid Extension Key",
|
|
682
752
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
683
|
-
|
|
753
|
+
retryable: false,
|
|
754
|
+
next_action: "retry_with_different_input",
|
|
684
755
|
category: "interaction"
|
|
685
756
|
},
|
|
686
757
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -688,7 +759,8 @@ var ERRORS = {
|
|
|
688
759
|
http_status: 400,
|
|
689
760
|
title: "Interaction Invalid Format",
|
|
690
761
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
691
|
-
|
|
762
|
+
retryable: false,
|
|
763
|
+
next_action: "retry_with_different_input",
|
|
692
764
|
category: "interaction"
|
|
693
765
|
},
|
|
694
766
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -696,7 +768,8 @@ var ERRORS = {
|
|
|
696
768
|
http_status: 400,
|
|
697
769
|
title: "Interaction Invalid Kind Format",
|
|
698
770
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
699
|
-
|
|
771
|
+
retryable: false,
|
|
772
|
+
next_action: "retry_with_different_input",
|
|
700
773
|
category: "interaction"
|
|
701
774
|
},
|
|
702
775
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -704,7 +777,8 @@ var ERRORS = {
|
|
|
704
777
|
http_status: 400,
|
|
705
778
|
title: "Interaction Invalid Timing",
|
|
706
779
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
707
|
-
|
|
780
|
+
retryable: false,
|
|
781
|
+
next_action: "retry_with_different_input",
|
|
708
782
|
category: "interaction"
|
|
709
783
|
},
|
|
710
784
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -712,7 +786,8 @@ var ERRORS = {
|
|
|
712
786
|
http_status: 400,
|
|
713
787
|
title: "Interaction Kind Reserved",
|
|
714
788
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
715
|
-
|
|
789
|
+
retryable: false,
|
|
790
|
+
next_action: "retry_with_different_input",
|
|
716
791
|
category: "interaction"
|
|
717
792
|
},
|
|
718
793
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -720,7 +795,8 @@ var ERRORS = {
|
|
|
720
795
|
http_status: 400,
|
|
721
796
|
title: "Interaction Missing Error Detail",
|
|
722
797
|
description: "error_code or extensions required when result.status is error",
|
|
723
|
-
|
|
798
|
+
retryable: false,
|
|
799
|
+
next_action: "retry_with_different_input",
|
|
724
800
|
category: "interaction"
|
|
725
801
|
},
|
|
726
802
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -728,7 +804,8 @@ var ERRORS = {
|
|
|
728
804
|
http_status: 400,
|
|
729
805
|
title: "Interaction Missing Executor",
|
|
730
806
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
731
|
-
|
|
807
|
+
retryable: false,
|
|
808
|
+
next_action: "retry_with_different_input",
|
|
732
809
|
category: "interaction"
|
|
733
810
|
},
|
|
734
811
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -736,7 +813,8 @@ var ERRORS = {
|
|
|
736
813
|
http_status: 400,
|
|
737
814
|
title: "Interaction Missing ID",
|
|
738
815
|
description: "Interaction evidence is missing required interaction_id field",
|
|
739
|
-
|
|
816
|
+
retryable: false,
|
|
817
|
+
next_action: "retry_with_different_input",
|
|
740
818
|
category: "interaction"
|
|
741
819
|
},
|
|
742
820
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -744,7 +822,8 @@ var ERRORS = {
|
|
|
744
822
|
http_status: 400,
|
|
745
823
|
title: "Interaction Missing Kind",
|
|
746
824
|
description: "Interaction evidence is missing required kind field",
|
|
747
|
-
|
|
825
|
+
retryable: false,
|
|
826
|
+
next_action: "retry_with_different_input",
|
|
748
827
|
category: "interaction"
|
|
749
828
|
},
|
|
750
829
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -752,7 +831,8 @@ var ERRORS = {
|
|
|
752
831
|
http_status: 400,
|
|
753
832
|
title: "Interaction Missing Result",
|
|
754
833
|
description: "result.status is required when output is present",
|
|
755
|
-
|
|
834
|
+
retryable: false,
|
|
835
|
+
next_action: "retry_with_different_input",
|
|
756
836
|
category: "interaction"
|
|
757
837
|
},
|
|
758
838
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -760,7 +840,8 @@ var ERRORS = {
|
|
|
760
840
|
http_status: 400,
|
|
761
841
|
title: "Interaction Missing Started At",
|
|
762
842
|
description: "Interaction evidence is missing required started_at field",
|
|
763
|
-
|
|
843
|
+
retryable: false,
|
|
844
|
+
next_action: "retry_with_different_input",
|
|
764
845
|
category: "interaction"
|
|
765
846
|
},
|
|
766
847
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -768,7 +849,8 @@ var ERRORS = {
|
|
|
768
849
|
http_status: 400,
|
|
769
850
|
title: "Interaction Missing Target",
|
|
770
851
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
771
|
-
|
|
852
|
+
retryable: false,
|
|
853
|
+
next_action: "retry_with_different_input",
|
|
772
854
|
category: "interaction"
|
|
773
855
|
},
|
|
774
856
|
// Ucp error codes
|
|
@@ -777,7 +859,8 @@ var ERRORS = {
|
|
|
777
859
|
http_status: 500,
|
|
778
860
|
title: "UCP Evidence Serialization Failed",
|
|
779
861
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
780
|
-
|
|
862
|
+
retryable: false,
|
|
863
|
+
next_action: "retry_with_different_input",
|
|
781
864
|
category: "ucp"
|
|
782
865
|
},
|
|
783
866
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -785,7 +868,8 @@ var ERRORS = {
|
|
|
785
868
|
http_status: 401,
|
|
786
869
|
title: "UCP Key Algorithm Mismatch",
|
|
787
870
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
788
|
-
|
|
871
|
+
retryable: false,
|
|
872
|
+
next_action: "retry_with_different_input",
|
|
789
873
|
category: "ucp"
|
|
790
874
|
},
|
|
791
875
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -793,7 +877,8 @@ var ERRORS = {
|
|
|
793
877
|
http_status: 401,
|
|
794
878
|
title: "UCP Key Curve Mismatch",
|
|
795
879
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
796
|
-
|
|
880
|
+
retryable: false,
|
|
881
|
+
next_action: "retry_with_different_input",
|
|
797
882
|
category: "ucp"
|
|
798
883
|
},
|
|
799
884
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -801,7 +886,8 @@ var ERRORS = {
|
|
|
801
886
|
http_status: 401,
|
|
802
887
|
title: "UCP Key Not Found",
|
|
803
888
|
description: "Key ID from signature not found in business UCP profile",
|
|
804
|
-
|
|
889
|
+
retryable: true,
|
|
890
|
+
next_action: "retry_after_delay",
|
|
805
891
|
category: "ucp"
|
|
806
892
|
},
|
|
807
893
|
E_UCP_ORDER_INVALID: {
|
|
@@ -809,7 +895,8 @@ var ERRORS = {
|
|
|
809
895
|
http_status: 400,
|
|
810
896
|
title: "UCP Order Invalid",
|
|
811
897
|
description: "UCP order object does not conform to expected schema",
|
|
812
|
-
|
|
898
|
+
retryable: false,
|
|
899
|
+
next_action: "retry_with_different_input",
|
|
813
900
|
category: "ucp"
|
|
814
901
|
},
|
|
815
902
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -817,7 +904,8 @@ var ERRORS = {
|
|
|
817
904
|
http_status: 400,
|
|
818
905
|
title: "UCP Order Missing ID",
|
|
819
906
|
description: "UCP order is missing required id field",
|
|
820
|
-
|
|
907
|
+
retryable: false,
|
|
908
|
+
next_action: "retry_with_different_input",
|
|
821
909
|
category: "ucp"
|
|
822
910
|
},
|
|
823
911
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -825,7 +913,8 @@ var ERRORS = {
|
|
|
825
913
|
http_status: 400,
|
|
826
914
|
title: "UCP Order Missing Line Items",
|
|
827
915
|
description: "UCP order is missing required line_items array",
|
|
828
|
-
|
|
916
|
+
retryable: false,
|
|
917
|
+
next_action: "retry_with_different_input",
|
|
829
918
|
category: "ucp"
|
|
830
919
|
},
|
|
831
920
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -833,7 +922,8 @@ var ERRORS = {
|
|
|
833
922
|
http_status: 400,
|
|
834
923
|
title: "UCP Order Missing Totals",
|
|
835
924
|
description: "UCP order is missing required totals array or total entry",
|
|
836
|
-
|
|
925
|
+
retryable: false,
|
|
926
|
+
next_action: "retry_with_different_input",
|
|
837
927
|
category: "ucp"
|
|
838
928
|
},
|
|
839
929
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -841,7 +931,8 @@ var ERRORS = {
|
|
|
841
931
|
http_status: 400,
|
|
842
932
|
title: "UCP Payload Empty",
|
|
843
933
|
description: "Webhook request body is empty",
|
|
844
|
-
|
|
934
|
+
retryable: false,
|
|
935
|
+
next_action: "retry_with_different_input",
|
|
845
936
|
category: "ucp"
|
|
846
937
|
},
|
|
847
938
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -849,7 +940,8 @@ var ERRORS = {
|
|
|
849
940
|
http_status: 400,
|
|
850
941
|
title: "UCP Payload Not JSON",
|
|
851
942
|
description: "Webhook request body is not valid JSON",
|
|
852
|
-
|
|
943
|
+
retryable: false,
|
|
944
|
+
next_action: "retry_with_different_input",
|
|
853
945
|
category: "ucp"
|
|
854
946
|
},
|
|
855
947
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -857,7 +949,8 @@ var ERRORS = {
|
|
|
857
949
|
http_status: 400,
|
|
858
950
|
title: "UCP Payload Too Large",
|
|
859
951
|
description: "Webhook request body exceeds maximum allowed size",
|
|
860
|
-
|
|
952
|
+
retryable: false,
|
|
953
|
+
next_action: "retry_with_different_input",
|
|
861
954
|
category: "ucp"
|
|
862
955
|
},
|
|
863
956
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -865,7 +958,8 @@ var ERRORS = {
|
|
|
865
958
|
http_status: 502,
|
|
866
959
|
title: "UCP Profile Fetch Failed",
|
|
867
960
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
868
|
-
|
|
961
|
+
retryable: true,
|
|
962
|
+
next_action: "retry_after_delay",
|
|
869
963
|
category: "ucp"
|
|
870
964
|
},
|
|
871
965
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -873,7 +967,8 @@ var ERRORS = {
|
|
|
873
967
|
http_status: 502,
|
|
874
968
|
title: "UCP Profile Invalid",
|
|
875
969
|
description: "Business UCP profile does not conform to expected schema",
|
|
876
|
-
|
|
970
|
+
retryable: false,
|
|
971
|
+
next_action: "retry_with_different_input",
|
|
877
972
|
category: "ucp"
|
|
878
973
|
},
|
|
879
974
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -881,7 +976,8 @@ var ERRORS = {
|
|
|
881
976
|
http_status: 502,
|
|
882
977
|
title: "UCP Profile No Signing Keys",
|
|
883
978
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
884
|
-
|
|
979
|
+
retryable: false,
|
|
980
|
+
next_action: "retry_with_different_input",
|
|
885
981
|
category: "ucp"
|
|
886
982
|
},
|
|
887
983
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -889,7 +985,8 @@ var ERRORS = {
|
|
|
889
985
|
http_status: 400,
|
|
890
986
|
title: "UCP Signature Algorithm Unsupported",
|
|
891
987
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
892
|
-
|
|
988
|
+
retryable: false,
|
|
989
|
+
next_action: "retry_with_different_input",
|
|
893
990
|
category: "ucp"
|
|
894
991
|
},
|
|
895
992
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -897,7 +994,8 @@ var ERRORS = {
|
|
|
897
994
|
http_status: 400,
|
|
898
995
|
title: "UCP Signature b64 Invalid",
|
|
899
996
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
900
|
-
|
|
997
|
+
retryable: false,
|
|
998
|
+
next_action: "retry_with_different_input",
|
|
901
999
|
category: "ucp"
|
|
902
1000
|
},
|
|
903
1001
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -905,7 +1003,8 @@ var ERRORS = {
|
|
|
905
1003
|
http_status: 401,
|
|
906
1004
|
title: "UCP Signature Invalid",
|
|
907
1005
|
description: "Webhook signature verification failed against payload",
|
|
908
|
-
|
|
1006
|
+
retryable: false,
|
|
1007
|
+
next_action: "retry_with_different_input",
|
|
909
1008
|
category: "ucp"
|
|
910
1009
|
},
|
|
911
1010
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -913,7 +1012,8 @@ var ERRORS = {
|
|
|
913
1012
|
http_status: 400,
|
|
914
1013
|
title: "UCP Signature Malformed",
|
|
915
1014
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
916
|
-
|
|
1015
|
+
retryable: false,
|
|
1016
|
+
next_action: "retry_with_different_input",
|
|
917
1017
|
category: "ucp"
|
|
918
1018
|
},
|
|
919
1019
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -921,7 +1021,8 @@ var ERRORS = {
|
|
|
921
1021
|
http_status: 400,
|
|
922
1022
|
title: "UCP Signature Missing",
|
|
923
1023
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
924
|
-
|
|
1024
|
+
retryable: false,
|
|
1025
|
+
next_action: "retry_with_different_input",
|
|
925
1026
|
category: "ucp"
|
|
926
1027
|
},
|
|
927
1028
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -929,7 +1030,8 @@ var ERRORS = {
|
|
|
929
1030
|
http_status: 401,
|
|
930
1031
|
title: "UCP Verification Failed",
|
|
931
1032
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
932
|
-
|
|
1033
|
+
retryable: false,
|
|
1034
|
+
next_action: "retry_with_different_input",
|
|
933
1035
|
category: "ucp"
|
|
934
1036
|
},
|
|
935
1037
|
// Validation error codes
|
|
@@ -938,7 +1040,8 @@ var ERRORS = {
|
|
|
938
1040
|
http_status: 400,
|
|
939
1041
|
title: "Kernel Constraint Violation",
|
|
940
1042
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
941
|
-
|
|
1043
|
+
retryable: false,
|
|
1044
|
+
next_action: "retry_with_different_input",
|
|
942
1045
|
category: "validation"
|
|
943
1046
|
},
|
|
944
1047
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -946,7 +1049,8 @@ var ERRORS = {
|
|
|
946
1049
|
http_status: 400,
|
|
947
1050
|
title: "Evidence Not JSON-Safe",
|
|
948
1051
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
949
|
-
|
|
1052
|
+
retryable: false,
|
|
1053
|
+
next_action: "retry_with_different_input",
|
|
950
1054
|
category: "validation"
|
|
951
1055
|
},
|
|
952
1056
|
E_EXPIRED: {
|
|
@@ -954,7 +1058,8 @@ var ERRORS = {
|
|
|
954
1058
|
http_status: 400,
|
|
955
1059
|
title: "Receipt Expired",
|
|
956
1060
|
description: "Receipt has exceeded its expiration time",
|
|
957
|
-
|
|
1061
|
+
retryable: false,
|
|
1062
|
+
next_action: "retry_with_different_input",
|
|
958
1063
|
category: "validation"
|
|
959
1064
|
},
|
|
960
1065
|
E_INVALID_AMOUNT: {
|
|
@@ -962,7 +1067,8 @@ var ERRORS = {
|
|
|
962
1067
|
http_status: 400,
|
|
963
1068
|
title: "Invalid Amount",
|
|
964
1069
|
description: "Payment amount is invalid or out of allowed range",
|
|
965
|
-
|
|
1070
|
+
retryable: false,
|
|
1071
|
+
next_action: "retry_with_different_input",
|
|
966
1072
|
category: "validation"
|
|
967
1073
|
},
|
|
968
1074
|
E_INVALID_AUDIENCE: {
|
|
@@ -970,7 +1076,8 @@ var ERRORS = {
|
|
|
970
1076
|
http_status: 400,
|
|
971
1077
|
title: "Invalid Audience",
|
|
972
1078
|
description: "Receipt audience claim does not match expected value",
|
|
973
|
-
|
|
1079
|
+
retryable: false,
|
|
1080
|
+
next_action: "retry_with_different_input",
|
|
974
1081
|
category: "validation"
|
|
975
1082
|
},
|
|
976
1083
|
E_INVALID_CURRENCY: {
|
|
@@ -978,7 +1085,8 @@ var ERRORS = {
|
|
|
978
1085
|
http_status: 400,
|
|
979
1086
|
title: "Invalid Currency",
|
|
980
1087
|
description: "Currency code is not a valid ISO 4217 code",
|
|
981
|
-
|
|
1088
|
+
retryable: false,
|
|
1089
|
+
next_action: "retry_with_different_input",
|
|
982
1090
|
category: "validation"
|
|
983
1091
|
},
|
|
984
1092
|
E_INVALID_FORMAT: {
|
|
@@ -986,7 +1094,8 @@ var ERRORS = {
|
|
|
986
1094
|
http_status: 400,
|
|
987
1095
|
title: "Invalid Format",
|
|
988
1096
|
description: "Receipt does not conform to JWS format",
|
|
989
|
-
|
|
1097
|
+
retryable: false,
|
|
1098
|
+
next_action: "retry_with_different_input",
|
|
990
1099
|
category: "validation"
|
|
991
1100
|
},
|
|
992
1101
|
E_INVALID_ISSUER: {
|
|
@@ -994,7 +1103,8 @@ var ERRORS = {
|
|
|
994
1103
|
http_status: 400,
|
|
995
1104
|
title: "Invalid Issuer",
|
|
996
1105
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
997
|
-
|
|
1106
|
+
retryable: false,
|
|
1107
|
+
next_action: "retry_with_different_input",
|
|
998
1108
|
category: "validation"
|
|
999
1109
|
},
|
|
1000
1110
|
E_INVALID_RAIL: {
|
|
@@ -1002,7 +1112,8 @@ var ERRORS = {
|
|
|
1002
1112
|
http_status: 400,
|
|
1003
1113
|
title: "Invalid Payment Rail",
|
|
1004
1114
|
description: "Payment rail identifier is not recognized",
|
|
1005
|
-
|
|
1115
|
+
retryable: false,
|
|
1116
|
+
next_action: "retry_with_different_input",
|
|
1006
1117
|
category: "validation"
|
|
1007
1118
|
},
|
|
1008
1119
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1010,7 +1121,8 @@ var ERRORS = {
|
|
|
1010
1121
|
http_status: 400,
|
|
1011
1122
|
title: "Invalid Receipt ID",
|
|
1012
1123
|
description: "Receipt ID (rid) does not match expected value",
|
|
1013
|
-
|
|
1124
|
+
retryable: false,
|
|
1125
|
+
next_action: "retry_with_different_input",
|
|
1014
1126
|
category: "validation"
|
|
1015
1127
|
},
|
|
1016
1128
|
E_INVALID_SUBJECT: {
|
|
@@ -1018,7 +1130,8 @@ var ERRORS = {
|
|
|
1018
1130
|
http_status: 400,
|
|
1019
1131
|
title: "Invalid Subject",
|
|
1020
1132
|
description: "Receipt subject claim does not match expected value",
|
|
1021
|
-
|
|
1133
|
+
retryable: false,
|
|
1134
|
+
next_action: "retry_with_different_input",
|
|
1022
1135
|
category: "validation"
|
|
1023
1136
|
},
|
|
1024
1137
|
E_MISSING_EXP: {
|
|
@@ -1026,7 +1139,8 @@ var ERRORS = {
|
|
|
1026
1139
|
http_status: 400,
|
|
1027
1140
|
title: "Missing Expiration",
|
|
1028
1141
|
description: "Receipt is missing required exp claim",
|
|
1029
|
-
|
|
1142
|
+
retryable: false,
|
|
1143
|
+
next_action: "retry_with_different_input",
|
|
1030
1144
|
category: "validation"
|
|
1031
1145
|
},
|
|
1032
1146
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1034,7 +1148,8 @@ var ERRORS = {
|
|
|
1034
1148
|
http_status: 400,
|
|
1035
1149
|
title: "Missing Required Claim",
|
|
1036
1150
|
description: "Receipt is missing a required JWT claim",
|
|
1037
|
-
|
|
1151
|
+
retryable: false,
|
|
1152
|
+
next_action: "retry_with_different_input",
|
|
1038
1153
|
category: "validation"
|
|
1039
1154
|
},
|
|
1040
1155
|
E_NOT_YET_VALID: {
|
|
@@ -1042,7 +1157,8 @@ var ERRORS = {
|
|
|
1042
1157
|
http_status: 400,
|
|
1043
1158
|
title: "Not Yet Valid",
|
|
1044
1159
|
description: "Receipt nbf (not before) time is in the future",
|
|
1045
|
-
|
|
1160
|
+
retryable: true,
|
|
1161
|
+
next_action: "retry_after_delay",
|
|
1046
1162
|
category: "validation"
|
|
1047
1163
|
},
|
|
1048
1164
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1050,7 +1166,8 @@ var ERRORS = {
|
|
|
1050
1166
|
http_status: 400,
|
|
1051
1167
|
title: "Attestation Receipt Invalid",
|
|
1052
1168
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1053
|
-
|
|
1169
|
+
retryable: false,
|
|
1170
|
+
next_action: "retry_with_different_input",
|
|
1054
1171
|
category: "validation"
|
|
1055
1172
|
},
|
|
1056
1173
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1058,7 +1175,8 @@ var ERRORS = {
|
|
|
1058
1175
|
http_status: 400,
|
|
1059
1176
|
title: "Commerce Receipt Invalid",
|
|
1060
1177
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1061
|
-
|
|
1178
|
+
retryable: false,
|
|
1179
|
+
next_action: "retry_with_different_input",
|
|
1062
1180
|
category: "validation"
|
|
1063
1181
|
},
|
|
1064
1182
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1066,7 +1184,8 @@ var ERRORS = {
|
|
|
1066
1184
|
http_status: 400,
|
|
1067
1185
|
title: "Parse Invalid Input",
|
|
1068
1186
|
description: "Input to receipt parser is not a non-null object",
|
|
1069
|
-
|
|
1187
|
+
retryable: false,
|
|
1188
|
+
next_action: "retry_with_different_input",
|
|
1070
1189
|
category: "validation"
|
|
1071
1190
|
},
|
|
1072
1191
|
// Verification error codes
|
|
@@ -1075,7 +1194,8 @@ var ERRORS = {
|
|
|
1075
1194
|
http_status: 400,
|
|
1076
1195
|
title: "Invalid Signature",
|
|
1077
1196
|
description: "Receipt signature verification failed",
|
|
1078
|
-
|
|
1197
|
+
retryable: false,
|
|
1198
|
+
next_action: "abort",
|
|
1079
1199
|
category: "verification"
|
|
1080
1200
|
},
|
|
1081
1201
|
E_KEY_NOT_FOUND: {
|
|
@@ -1083,7 +1203,8 @@ var ERRORS = {
|
|
|
1083
1203
|
http_status: 400,
|
|
1084
1204
|
title: "Key Not Found",
|
|
1085
1205
|
description: "Public key with specified kid not found in JWKS",
|
|
1086
|
-
|
|
1206
|
+
retryable: false,
|
|
1207
|
+
next_action: "retry_with_different_key",
|
|
1087
1208
|
category: "verification"
|
|
1088
1209
|
},
|
|
1089
1210
|
// Verifier error codes
|
|
@@ -1092,7 +1213,17 @@ var ERRORS = {
|
|
|
1092
1213
|
http_status: 400,
|
|
1093
1214
|
title: "Extension Too Large",
|
|
1094
1215
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1095
|
-
|
|
1216
|
+
retryable: false,
|
|
1217
|
+
next_action: "abort",
|
|
1218
|
+
category: "verifier"
|
|
1219
|
+
},
|
|
1220
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
1221
|
+
code: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
1222
|
+
http_status: 403,
|
|
1223
|
+
title: "Insecure Scheme Blocked",
|
|
1224
|
+
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1225
|
+
retryable: false,
|
|
1226
|
+
next_action: "abort",
|
|
1096
1227
|
category: "verifier"
|
|
1097
1228
|
},
|
|
1098
1229
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1100,7 +1231,35 @@ var ERRORS = {
|
|
|
1100
1231
|
http_status: 400,
|
|
1101
1232
|
title: "Invalid Transport",
|
|
1102
1233
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1103
|
-
|
|
1234
|
+
retryable: false,
|
|
1235
|
+
next_action: "abort",
|
|
1236
|
+
category: "verifier"
|
|
1237
|
+
},
|
|
1238
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
1239
|
+
code: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
1240
|
+
http_status: 502,
|
|
1241
|
+
title: "Issuer Config Invalid",
|
|
1242
|
+
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1243
|
+
retryable: false,
|
|
1244
|
+
next_action: "abort",
|
|
1245
|
+
category: "verifier"
|
|
1246
|
+
},
|
|
1247
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
1248
|
+
code: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
1249
|
+
http_status: 502,
|
|
1250
|
+
title: "Issuer Config Missing",
|
|
1251
|
+
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1252
|
+
retryable: true,
|
|
1253
|
+
next_action: "retry_after_delay",
|
|
1254
|
+
category: "verifier"
|
|
1255
|
+
},
|
|
1256
|
+
E_VERIFY_ISSUER_MISMATCH: {
|
|
1257
|
+
code: "E_VERIFY_ISSUER_MISMATCH",
|
|
1258
|
+
http_status: 403,
|
|
1259
|
+
title: "Issuer Mismatch",
|
|
1260
|
+
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1261
|
+
retryable: false,
|
|
1262
|
+
next_action: "abort",
|
|
1104
1263
|
category: "verifier"
|
|
1105
1264
|
},
|
|
1106
1265
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1108,7 +1267,17 @@ var ERRORS = {
|
|
|
1108
1267
|
http_status: 403,
|
|
1109
1268
|
title: "Issuer Not Allowed",
|
|
1110
1269
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1111
|
-
|
|
1270
|
+
retryable: false,
|
|
1271
|
+
next_action: "abort",
|
|
1272
|
+
category: "verifier"
|
|
1273
|
+
},
|
|
1274
|
+
E_VERIFY_JWKS_INVALID: {
|
|
1275
|
+
code: "E_VERIFY_JWKS_INVALID",
|
|
1276
|
+
http_status: 502,
|
|
1277
|
+
title: "JWKS Invalid",
|
|
1278
|
+
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1279
|
+
retryable: false,
|
|
1280
|
+
next_action: "abort",
|
|
1112
1281
|
category: "verifier"
|
|
1113
1282
|
},
|
|
1114
1283
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1116,7 +1285,8 @@ var ERRORS = {
|
|
|
1116
1285
|
http_status: 400,
|
|
1117
1286
|
title: "JWKS Too Large",
|
|
1118
1287
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1119
|
-
|
|
1288
|
+
retryable: false,
|
|
1289
|
+
next_action: "abort",
|
|
1120
1290
|
category: "verifier"
|
|
1121
1291
|
},
|
|
1122
1292
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1124,7 +1294,17 @@ var ERRORS = {
|
|
|
1124
1294
|
http_status: 400,
|
|
1125
1295
|
title: "JWKS Too Many Keys",
|
|
1126
1296
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1127
|
-
|
|
1297
|
+
retryable: false,
|
|
1298
|
+
next_action: "abort",
|
|
1299
|
+
category: "verifier"
|
|
1300
|
+
},
|
|
1301
|
+
E_VERIFY_JWKS_URI_INVALID: {
|
|
1302
|
+
code: "E_VERIFY_JWKS_URI_INVALID",
|
|
1303
|
+
http_status: 502,
|
|
1304
|
+
title: "JWKS URI Invalid",
|
|
1305
|
+
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1306
|
+
retryable: false,
|
|
1307
|
+
next_action: "abort",
|
|
1128
1308
|
category: "verifier"
|
|
1129
1309
|
},
|
|
1130
1310
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1132,7 +1312,8 @@ var ERRORS = {
|
|
|
1132
1312
|
http_status: 403,
|
|
1133
1313
|
title: "Key Fetch Blocked",
|
|
1134
1314
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1135
|
-
|
|
1315
|
+
retryable: false,
|
|
1316
|
+
next_action: "abort",
|
|
1136
1317
|
category: "verifier"
|
|
1137
1318
|
},
|
|
1138
1319
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1140,7 +1321,8 @@ var ERRORS = {
|
|
|
1140
1321
|
http_status: 502,
|
|
1141
1322
|
title: "Key Fetch Failed",
|
|
1142
1323
|
description: "Network error while fetching JWKS from issuer",
|
|
1143
|
-
|
|
1324
|
+
retryable: true,
|
|
1325
|
+
next_action: "retry_after_delay",
|
|
1144
1326
|
category: "verifier"
|
|
1145
1327
|
},
|
|
1146
1328
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1148,7 +1330,8 @@ var ERRORS = {
|
|
|
1148
1330
|
http_status: 504,
|
|
1149
1331
|
title: "Key Fetch Timeout",
|
|
1150
1332
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1151
|
-
|
|
1333
|
+
retryable: true,
|
|
1334
|
+
next_action: "retry_after_delay",
|
|
1152
1335
|
category: "verifier"
|
|
1153
1336
|
},
|
|
1154
1337
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1156,7 +1339,8 @@ var ERRORS = {
|
|
|
1156
1339
|
http_status: 400,
|
|
1157
1340
|
title: "Malformed Receipt",
|
|
1158
1341
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1159
|
-
|
|
1342
|
+
retryable: false,
|
|
1343
|
+
next_action: "abort",
|
|
1160
1344
|
category: "verifier"
|
|
1161
1345
|
},
|
|
1162
1346
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1164,7 +1348,8 @@ var ERRORS = {
|
|
|
1164
1348
|
http_status: 400,
|
|
1165
1349
|
title: "Pointer Digest Mismatch",
|
|
1166
1350
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1167
|
-
|
|
1351
|
+
retryable: false,
|
|
1352
|
+
next_action: "abort",
|
|
1168
1353
|
category: "verifier"
|
|
1169
1354
|
},
|
|
1170
1355
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1172,7 +1357,8 @@ var ERRORS = {
|
|
|
1172
1357
|
http_status: 403,
|
|
1173
1358
|
title: "Pointer Fetch Blocked",
|
|
1174
1359
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1175
|
-
|
|
1360
|
+
retryable: false,
|
|
1361
|
+
next_action: "abort",
|
|
1176
1362
|
category: "verifier"
|
|
1177
1363
|
},
|
|
1178
1364
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1180,7 +1366,8 @@ var ERRORS = {
|
|
|
1180
1366
|
http_status: 502,
|
|
1181
1367
|
title: "Pointer Fetch Failed",
|
|
1182
1368
|
description: "Network error while fetching receipt from pointer URL",
|
|
1183
|
-
|
|
1369
|
+
retryable: true,
|
|
1370
|
+
next_action: "retry_after_delay",
|
|
1184
1371
|
category: "verifier"
|
|
1185
1372
|
},
|
|
1186
1373
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1188,7 +1375,8 @@ var ERRORS = {
|
|
|
1188
1375
|
http_status: 504,
|
|
1189
1376
|
title: "Pointer Fetch Timeout",
|
|
1190
1377
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1191
|
-
|
|
1378
|
+
retryable: true,
|
|
1379
|
+
next_action: "retry_after_delay",
|
|
1192
1380
|
category: "verifier"
|
|
1193
1381
|
},
|
|
1194
1382
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1196,7 +1384,8 @@ var ERRORS = {
|
|
|
1196
1384
|
http_status: 413,
|
|
1197
1385
|
title: "Pointer Fetch Too Large",
|
|
1198
1386
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1199
|
-
|
|
1387
|
+
retryable: false,
|
|
1388
|
+
next_action: "abort",
|
|
1200
1389
|
category: "verifier"
|
|
1201
1390
|
},
|
|
1202
1391
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1204,7 +1393,8 @@ var ERRORS = {
|
|
|
1204
1393
|
http_status: 403,
|
|
1205
1394
|
title: "Policy Violation",
|
|
1206
1395
|
description: "Receipt violates verifier trust policy",
|
|
1207
|
-
|
|
1396
|
+
retryable: false,
|
|
1397
|
+
next_action: "abort",
|
|
1208
1398
|
category: "verifier"
|
|
1209
1399
|
},
|
|
1210
1400
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1212,7 +1402,8 @@ var ERRORS = {
|
|
|
1212
1402
|
http_status: 413,
|
|
1213
1403
|
title: "Receipt Too Large",
|
|
1214
1404
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1215
|
-
|
|
1405
|
+
retryable: false,
|
|
1406
|
+
next_action: "abort",
|
|
1216
1407
|
category: "verifier"
|
|
1217
1408
|
},
|
|
1218
1409
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1220,7 +1411,8 @@ var ERRORS = {
|
|
|
1220
1411
|
http_status: 400,
|
|
1221
1412
|
title: "Schema Invalid",
|
|
1222
1413
|
description: "Receipt claims do not conform to expected schema",
|
|
1223
|
-
|
|
1414
|
+
retryable: false,
|
|
1415
|
+
next_action: "abort",
|
|
1224
1416
|
category: "verifier"
|
|
1225
1417
|
},
|
|
1226
1418
|
// Workflow error codes
|
|
@@ -1229,7 +1421,8 @@ var ERRORS = {
|
|
|
1229
1421
|
http_status: 400,
|
|
1230
1422
|
title: "Invalid Workflow Context",
|
|
1231
1423
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1232
|
-
|
|
1424
|
+
retryable: false,
|
|
1425
|
+
next_action: "retry_with_different_input",
|
|
1233
1426
|
category: "workflow"
|
|
1234
1427
|
},
|
|
1235
1428
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1237,7 +1430,8 @@ var ERRORS = {
|
|
|
1237
1430
|
http_status: 400,
|
|
1238
1431
|
title: "Workflow Cycle Detected",
|
|
1239
1432
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1240
|
-
|
|
1433
|
+
retryable: false,
|
|
1434
|
+
next_action: "retry_with_different_input",
|
|
1241
1435
|
category: "workflow"
|
|
1242
1436
|
},
|
|
1243
1437
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1245,7 +1439,8 @@ var ERRORS = {
|
|
|
1245
1439
|
http_status: 400,
|
|
1246
1440
|
title: "Invalid Workflow DAG",
|
|
1247
1441
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1248
|
-
|
|
1442
|
+
retryable: false,
|
|
1443
|
+
next_action: "retry_with_different_input",
|
|
1249
1444
|
category: "workflow"
|
|
1250
1445
|
},
|
|
1251
1446
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1253,7 +1448,8 @@ var ERRORS = {
|
|
|
1253
1448
|
http_status: 400,
|
|
1254
1449
|
title: "Invalid Workflow ID",
|
|
1255
1450
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1256
|
-
|
|
1451
|
+
retryable: false,
|
|
1452
|
+
next_action: "retry_with_different_input",
|
|
1257
1453
|
category: "workflow"
|
|
1258
1454
|
},
|
|
1259
1455
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1261,7 +1457,8 @@ var ERRORS = {
|
|
|
1261
1457
|
http_status: 400,
|
|
1262
1458
|
title: "Workflow Limit Exceeded",
|
|
1263
1459
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1264
|
-
|
|
1460
|
+
retryable: false,
|
|
1461
|
+
next_action: "retry_with_different_input",
|
|
1265
1462
|
category: "workflow"
|
|
1266
1463
|
},
|
|
1267
1464
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1269,7 +1466,8 @@ var ERRORS = {
|
|
|
1269
1466
|
http_status: 400,
|
|
1270
1467
|
title: "Parent Step Not Found",
|
|
1271
1468
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1272
|
-
|
|
1469
|
+
retryable: false,
|
|
1470
|
+
next_action: "retry_with_different_input",
|
|
1273
1471
|
category: "workflow"
|
|
1274
1472
|
},
|
|
1275
1473
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1277,7 +1475,8 @@ var ERRORS = {
|
|
|
1277
1475
|
http_status: 400,
|
|
1278
1476
|
title: "Invalid Step ID",
|
|
1279
1477
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1280
|
-
|
|
1478
|
+
retryable: false,
|
|
1479
|
+
next_action: "retry_with_different_input",
|
|
1281
1480
|
category: "workflow"
|
|
1282
1481
|
},
|
|
1283
1482
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1285,15 +1484,16 @@ var ERRORS = {
|
|
|
1285
1484
|
http_status: 400,
|
|
1286
1485
|
title: "Invalid Workflow Summary",
|
|
1287
1486
|
description: "Workflow summary attestation does not conform to schema",
|
|
1288
|
-
|
|
1487
|
+
retryable: false,
|
|
1488
|
+
next_action: "retry_with_different_input",
|
|
1289
1489
|
category: "workflow"
|
|
1290
1490
|
}
|
|
1291
1491
|
};
|
|
1292
1492
|
function getError(code) {
|
|
1293
1493
|
return ERRORS[code];
|
|
1294
1494
|
}
|
|
1295
|
-
function
|
|
1296
|
-
return ERRORS[code]?.
|
|
1495
|
+
function isRetryable(code) {
|
|
1496
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1297
1497
|
}
|
|
1298
1498
|
var BUNDLE_ERRORS = {
|
|
1299
1499
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1334,6 +1534,6 @@ exports.DISPUTE_ERRORS = DISPUTE_ERRORS;
|
|
|
1334
1534
|
exports.ERRORS = ERRORS;
|
|
1335
1535
|
exports.ERROR_CODES = ERROR_CODES;
|
|
1336
1536
|
exports.getError = getError;
|
|
1337
|
-
exports.
|
|
1537
|
+
exports.isRetryable = isRetryable;
|
|
1338
1538
|
//# sourceMappingURL=errors.cjs.map
|
|
1339
1539
|
//# sourceMappingURL=errors.cjs.map
|