@peac/kernel 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/__tests__/carrier.test.d.ts +2 -0
- package/dist/__tests__/carrier.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +113 -0
- package/dist/carrier.d.ts.map +1 -0
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +343 -143
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +9 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +343 -143
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +349 -143
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +347 -143
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/errors.mjs
CHANGED
|
@@ -127,10 +127,16 @@ var ERROR_CODES = {
|
|
|
127
127
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
128
128
|
// Verifier error codes
|
|
129
129
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
130
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
130
131
|
E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
|
|
132
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
133
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
134
|
+
E_VERIFY_ISSUER_MISMATCH: "E_VERIFY_ISSUER_MISMATCH",
|
|
131
135
|
E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
|
|
136
|
+
E_VERIFY_JWKS_INVALID: "E_VERIFY_JWKS_INVALID",
|
|
132
137
|
E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
|
|
133
138
|
E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
|
|
139
|
+
E_VERIFY_JWKS_URI_INVALID: "E_VERIFY_JWKS_URI_INVALID",
|
|
134
140
|
E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
|
|
135
141
|
E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
|
|
136
142
|
E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
|
|
@@ -160,7 +166,8 @@ var ERRORS = {
|
|
|
160
166
|
http_status: 400,
|
|
161
167
|
title: "Attribution Chain Too Deep",
|
|
162
168
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
163
|
-
|
|
169
|
+
retryable: false,
|
|
170
|
+
next_action: "retry_with_different_input",
|
|
164
171
|
category: "attribution"
|
|
165
172
|
},
|
|
166
173
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -168,7 +175,8 @@ var ERRORS = {
|
|
|
168
175
|
http_status: 400,
|
|
169
176
|
title: "Attribution Circular Chain",
|
|
170
177
|
description: "Circular reference detected in attribution chain",
|
|
171
|
-
|
|
178
|
+
retryable: false,
|
|
179
|
+
next_action: "retry_with_different_input",
|
|
172
180
|
category: "attribution"
|
|
173
181
|
},
|
|
174
182
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -176,7 +184,8 @@ var ERRORS = {
|
|
|
176
184
|
http_status: 401,
|
|
177
185
|
title: "Attribution Expired",
|
|
178
186
|
description: "Attribution attestation has exceeded its expiration time",
|
|
179
|
-
|
|
187
|
+
retryable: false,
|
|
188
|
+
next_action: "retry_with_different_input",
|
|
180
189
|
category: "attribution"
|
|
181
190
|
},
|
|
182
191
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -184,7 +193,8 @@ var ERRORS = {
|
|
|
184
193
|
http_status: 400,
|
|
185
194
|
title: "Attribution Hash Invalid",
|
|
186
195
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
187
|
-
|
|
196
|
+
retryable: false,
|
|
197
|
+
next_action: "retry_with_different_input",
|
|
188
198
|
category: "attribution"
|
|
189
199
|
},
|
|
190
200
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -192,7 +202,8 @@ var ERRORS = {
|
|
|
192
202
|
http_status: 400,
|
|
193
203
|
title: "Attribution Invalid Format",
|
|
194
204
|
description: "Attribution attestation does not conform to schema",
|
|
195
|
-
|
|
205
|
+
retryable: false,
|
|
206
|
+
next_action: "retry_with_different_input",
|
|
196
207
|
category: "attribution"
|
|
197
208
|
},
|
|
198
209
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -200,7 +211,8 @@ var ERRORS = {
|
|
|
200
211
|
http_status: 400,
|
|
201
212
|
title: "Attribution Invalid Reference",
|
|
202
213
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
203
|
-
|
|
214
|
+
retryable: false,
|
|
215
|
+
next_action: "retry_with_different_input",
|
|
204
216
|
category: "attribution"
|
|
205
217
|
},
|
|
206
218
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -208,7 +220,8 @@ var ERRORS = {
|
|
|
208
220
|
http_status: 400,
|
|
209
221
|
title: "Attribution Invalid Weight",
|
|
210
222
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
211
|
-
|
|
223
|
+
retryable: false,
|
|
224
|
+
next_action: "retry_with_different_input",
|
|
212
225
|
category: "attribution"
|
|
213
226
|
},
|
|
214
227
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -216,7 +229,8 @@ var ERRORS = {
|
|
|
216
229
|
http_status: 400,
|
|
217
230
|
title: "Attribution Missing Sources",
|
|
218
231
|
description: "Attribution attestation has empty sources array",
|
|
219
|
-
|
|
232
|
+
retryable: false,
|
|
233
|
+
next_action: "retry_with_different_input",
|
|
220
234
|
category: "attribution"
|
|
221
235
|
},
|
|
222
236
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -224,7 +238,8 @@ var ERRORS = {
|
|
|
224
238
|
http_status: 401,
|
|
225
239
|
title: "Attribution Not Yet Valid",
|
|
226
240
|
description: "Attribution attestation issued_at time is in the future",
|
|
227
|
-
|
|
241
|
+
retryable: true,
|
|
242
|
+
next_action: "retry_after_delay",
|
|
228
243
|
category: "attribution"
|
|
229
244
|
},
|
|
230
245
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -232,7 +247,8 @@ var ERRORS = {
|
|
|
232
247
|
http_status: 502,
|
|
233
248
|
title: "Attribution Resolution Failed",
|
|
234
249
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
235
|
-
|
|
250
|
+
retryable: true,
|
|
251
|
+
next_action: "retry_after_delay",
|
|
236
252
|
category: "attribution"
|
|
237
253
|
},
|
|
238
254
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -240,7 +256,8 @@ var ERRORS = {
|
|
|
240
256
|
http_status: 504,
|
|
241
257
|
title: "Attribution Resolution Timeout",
|
|
242
258
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
243
|
-
|
|
259
|
+
retryable: true,
|
|
260
|
+
next_action: "retry_after_delay",
|
|
244
261
|
category: "attribution"
|
|
245
262
|
},
|
|
246
263
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -248,7 +265,8 @@ var ERRORS = {
|
|
|
248
265
|
http_status: 400,
|
|
249
266
|
title: "Attribution Size Exceeded",
|
|
250
267
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
251
|
-
|
|
268
|
+
retryable: false,
|
|
269
|
+
next_action: "retry_with_different_input",
|
|
252
270
|
category: "attribution"
|
|
253
271
|
},
|
|
254
272
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -256,7 +274,8 @@ var ERRORS = {
|
|
|
256
274
|
http_status: 400,
|
|
257
275
|
title: "Attribution Too Many Sources",
|
|
258
276
|
description: "Attribution has too many sources (maximum 100)",
|
|
259
|
-
|
|
277
|
+
retryable: false,
|
|
278
|
+
next_action: "retry_with_different_input",
|
|
260
279
|
category: "attribution"
|
|
261
280
|
},
|
|
262
281
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -264,7 +283,8 @@ var ERRORS = {
|
|
|
264
283
|
http_status: 400,
|
|
265
284
|
title: "Attribution Unknown Usage",
|
|
266
285
|
description: "Attribution usage type is not recognized",
|
|
267
|
-
|
|
286
|
+
retryable: false,
|
|
287
|
+
next_action: "retry_with_different_input",
|
|
268
288
|
category: "attribution"
|
|
269
289
|
},
|
|
270
290
|
// Bundle error codes
|
|
@@ -273,7 +293,8 @@ var ERRORS = {
|
|
|
273
293
|
http_status: 400,
|
|
274
294
|
title: "Bundle Duplicate Receipt",
|
|
275
295
|
description: "Bundle contains multiple receipts with the same ID",
|
|
276
|
-
|
|
296
|
+
retryable: false,
|
|
297
|
+
next_action: "retry_with_different_input",
|
|
277
298
|
category: "bundle"
|
|
278
299
|
},
|
|
279
300
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -281,7 +302,8 @@ var ERRORS = {
|
|
|
281
302
|
http_status: 400,
|
|
282
303
|
title: "Bundle Hash Mismatch",
|
|
283
304
|
description: "File hash does not match value declared in manifest.json",
|
|
284
|
-
|
|
305
|
+
retryable: false,
|
|
306
|
+
next_action: "retry_with_different_input",
|
|
285
307
|
category: "bundle"
|
|
286
308
|
},
|
|
287
309
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -289,7 +311,8 @@ var ERRORS = {
|
|
|
289
311
|
http_status: 400,
|
|
290
312
|
title: "Bundle Invalid Format",
|
|
291
313
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
292
|
-
|
|
314
|
+
retryable: false,
|
|
315
|
+
next_action: "retry_with_different_input",
|
|
293
316
|
category: "bundle"
|
|
294
317
|
},
|
|
295
318
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -297,7 +320,8 @@ var ERRORS = {
|
|
|
297
320
|
http_status: 400,
|
|
298
321
|
title: "Bundle Key Missing",
|
|
299
322
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
300
|
-
|
|
323
|
+
retryable: false,
|
|
324
|
+
next_action: "retry_with_different_input",
|
|
301
325
|
category: "bundle"
|
|
302
326
|
},
|
|
303
327
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -305,7 +329,8 @@ var ERRORS = {
|
|
|
305
329
|
http_status: 400,
|
|
306
330
|
title: "Bundle Manifest Invalid",
|
|
307
331
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
308
|
-
|
|
332
|
+
retryable: false,
|
|
333
|
+
next_action: "retry_with_different_input",
|
|
309
334
|
category: "bundle"
|
|
310
335
|
},
|
|
311
336
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -313,7 +338,8 @@ var ERRORS = {
|
|
|
313
338
|
http_status: 400,
|
|
314
339
|
title: "Bundle Manifest Missing",
|
|
315
340
|
description: "manifest.json not found at bundle archive root",
|
|
316
|
-
|
|
341
|
+
retryable: false,
|
|
342
|
+
next_action: "retry_with_different_input",
|
|
317
343
|
category: "bundle"
|
|
318
344
|
},
|
|
319
345
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -321,7 +347,8 @@ var ERRORS = {
|
|
|
321
347
|
http_status: 400,
|
|
322
348
|
title: "Bundle Missing Keys",
|
|
323
349
|
description: "No verification keys provided in bundle JWKS",
|
|
324
|
-
|
|
350
|
+
retryable: false,
|
|
351
|
+
next_action: "retry_with_different_input",
|
|
325
352
|
category: "bundle"
|
|
326
353
|
},
|
|
327
354
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -329,7 +356,8 @@ var ERRORS = {
|
|
|
329
356
|
http_status: 400,
|
|
330
357
|
title: "Bundle Missing Receipts",
|
|
331
358
|
description: "No receipts provided when creating bundle",
|
|
332
|
-
|
|
359
|
+
retryable: false,
|
|
360
|
+
next_action: "retry_with_different_input",
|
|
333
361
|
category: "bundle"
|
|
334
362
|
},
|
|
335
363
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -337,7 +365,8 @@ var ERRORS = {
|
|
|
337
365
|
http_status: 400,
|
|
338
366
|
title: "Bundle Path Traversal",
|
|
339
367
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
340
|
-
|
|
368
|
+
retryable: false,
|
|
369
|
+
next_action: "retry_with_different_input",
|
|
341
370
|
category: "bundle"
|
|
342
371
|
},
|
|
343
372
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -345,7 +374,8 @@ var ERRORS = {
|
|
|
345
374
|
http_status: 400,
|
|
346
375
|
title: "Bundle Policy Hash Mismatch",
|
|
347
376
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
348
|
-
|
|
377
|
+
retryable: false,
|
|
378
|
+
next_action: "retry_with_different_input",
|
|
349
379
|
category: "bundle"
|
|
350
380
|
},
|
|
351
381
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -353,7 +383,8 @@ var ERRORS = {
|
|
|
353
383
|
http_status: 400,
|
|
354
384
|
title: "Bundle Receipts Unordered",
|
|
355
385
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
356
|
-
|
|
386
|
+
retryable: false,
|
|
387
|
+
next_action: "retry_with_different_input",
|
|
357
388
|
category: "bundle"
|
|
358
389
|
},
|
|
359
390
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -361,7 +392,8 @@ var ERRORS = {
|
|
|
361
392
|
http_status: 400,
|
|
362
393
|
title: "Bundle Receipt Invalid",
|
|
363
394
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
364
|
-
|
|
395
|
+
retryable: false,
|
|
396
|
+
next_action: "retry_with_different_input",
|
|
365
397
|
category: "bundle"
|
|
366
398
|
},
|
|
367
399
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -369,7 +401,8 @@ var ERRORS = {
|
|
|
369
401
|
http_status: 400,
|
|
370
402
|
title: "Bundle Signature Invalid",
|
|
371
403
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
372
|
-
|
|
404
|
+
retryable: false,
|
|
405
|
+
next_action: "retry_with_different_input",
|
|
373
406
|
category: "bundle"
|
|
374
407
|
},
|
|
375
408
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -377,7 +410,8 @@ var ERRORS = {
|
|
|
377
410
|
http_status: 400,
|
|
378
411
|
title: "Bundle Size Exceeded",
|
|
379
412
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
380
|
-
|
|
413
|
+
retryable: false,
|
|
414
|
+
next_action: "retry_with_different_input",
|
|
381
415
|
category: "bundle"
|
|
382
416
|
},
|
|
383
417
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -385,7 +419,8 @@ var ERRORS = {
|
|
|
385
419
|
http_status: 400,
|
|
386
420
|
title: "Bundle Time Range Invalid",
|
|
387
421
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
388
|
-
|
|
422
|
+
retryable: false,
|
|
423
|
+
next_action: "retry_with_different_input",
|
|
389
424
|
category: "bundle"
|
|
390
425
|
},
|
|
391
426
|
// Control error codes
|
|
@@ -394,7 +429,8 @@ var ERRORS = {
|
|
|
394
429
|
http_status: 403,
|
|
395
430
|
title: "Control Decision Denied",
|
|
396
431
|
description: "Control engine denied authorization",
|
|
397
|
-
|
|
432
|
+
retryable: false,
|
|
433
|
+
next_action: "contact_issuer",
|
|
398
434
|
category: "control"
|
|
399
435
|
},
|
|
400
436
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -402,7 +438,8 @@ var ERRORS = {
|
|
|
402
438
|
http_status: 202,
|
|
403
439
|
title: "Review Required",
|
|
404
440
|
description: "Control engine requires manual review",
|
|
405
|
-
|
|
441
|
+
retryable: true,
|
|
442
|
+
next_action: "contact_issuer",
|
|
406
443
|
category: "control"
|
|
407
444
|
},
|
|
408
445
|
// Dispute error codes
|
|
@@ -411,7 +448,8 @@ var ERRORS = {
|
|
|
411
448
|
http_status: 409,
|
|
412
449
|
title: "Dispute Duplicate",
|
|
413
450
|
description: "A dispute with this ID already exists",
|
|
414
|
-
|
|
451
|
+
retryable: false,
|
|
452
|
+
next_action: "retry_with_different_input",
|
|
415
453
|
category: "dispute"
|
|
416
454
|
},
|
|
417
455
|
E_DISPUTE_EXPIRED: {
|
|
@@ -419,7 +457,8 @@ var ERRORS = {
|
|
|
419
457
|
http_status: 401,
|
|
420
458
|
title: "Dispute Expired",
|
|
421
459
|
description: "Dispute attestation has exceeded its expiration time",
|
|
422
|
-
|
|
460
|
+
retryable: false,
|
|
461
|
+
next_action: "retry_with_different_input",
|
|
423
462
|
category: "dispute"
|
|
424
463
|
},
|
|
425
464
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -427,7 +466,8 @@ var ERRORS = {
|
|
|
427
466
|
http_status: 400,
|
|
428
467
|
title: "Dispute Invalid Format",
|
|
429
468
|
description: "Dispute attestation does not conform to schema",
|
|
430
|
-
|
|
469
|
+
retryable: false,
|
|
470
|
+
next_action: "retry_with_different_input",
|
|
431
471
|
category: "dispute"
|
|
432
472
|
},
|
|
433
473
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -435,7 +475,8 @@ var ERRORS = {
|
|
|
435
475
|
http_status: 400,
|
|
436
476
|
title: "Dispute Invalid Grounds",
|
|
437
477
|
description: "Dispute grounds code is not recognized",
|
|
438
|
-
|
|
478
|
+
retryable: false,
|
|
479
|
+
next_action: "retry_with_different_input",
|
|
439
480
|
category: "dispute"
|
|
440
481
|
},
|
|
441
482
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -443,7 +484,8 @@ var ERRORS = {
|
|
|
443
484
|
http_status: 400,
|
|
444
485
|
title: "Dispute Invalid ID",
|
|
445
486
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
446
|
-
|
|
487
|
+
retryable: false,
|
|
488
|
+
next_action: "retry_with_different_input",
|
|
447
489
|
category: "dispute"
|
|
448
490
|
},
|
|
449
491
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -451,7 +493,8 @@ var ERRORS = {
|
|
|
451
493
|
http_status: 400,
|
|
452
494
|
title: "Dispute Invalid State",
|
|
453
495
|
description: "Dispute state is not recognized",
|
|
454
|
-
|
|
496
|
+
retryable: false,
|
|
497
|
+
next_action: "retry_with_different_input",
|
|
455
498
|
category: "dispute"
|
|
456
499
|
},
|
|
457
500
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -459,7 +502,8 @@ var ERRORS = {
|
|
|
459
502
|
http_status: 400,
|
|
460
503
|
title: "Dispute Invalid Target Type",
|
|
461
504
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
462
|
-
|
|
505
|
+
retryable: false,
|
|
506
|
+
next_action: "retry_with_different_input",
|
|
463
507
|
category: "dispute"
|
|
464
508
|
},
|
|
465
509
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -467,7 +511,8 @@ var ERRORS = {
|
|
|
467
511
|
http_status: 400,
|
|
468
512
|
title: "Dispute Invalid Transition",
|
|
469
513
|
description: "Invalid state transition for dispute lifecycle",
|
|
470
|
-
|
|
514
|
+
retryable: false,
|
|
515
|
+
next_action: "retry_with_different_input",
|
|
471
516
|
category: "dispute"
|
|
472
517
|
},
|
|
473
518
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -475,7 +520,8 @@ var ERRORS = {
|
|
|
475
520
|
http_status: 400,
|
|
476
521
|
title: "Dispute Invalid Type",
|
|
477
522
|
description: "Dispute type is not recognized",
|
|
478
|
-
|
|
523
|
+
retryable: false,
|
|
524
|
+
next_action: "retry_with_different_input",
|
|
479
525
|
category: "dispute"
|
|
480
526
|
},
|
|
481
527
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -483,7 +529,8 @@ var ERRORS = {
|
|
|
483
529
|
http_status: 400,
|
|
484
530
|
title: "Dispute Missing Resolution",
|
|
485
531
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
486
|
-
|
|
532
|
+
retryable: false,
|
|
533
|
+
next_action: "retry_with_different_input",
|
|
487
534
|
category: "dispute"
|
|
488
535
|
},
|
|
489
536
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -491,7 +538,8 @@ var ERRORS = {
|
|
|
491
538
|
http_status: 401,
|
|
492
539
|
title: "Dispute Not Yet Valid",
|
|
493
540
|
description: "Dispute attestation issued_at time is in the future",
|
|
494
|
-
|
|
541
|
+
retryable: true,
|
|
542
|
+
next_action: "retry_after_delay",
|
|
495
543
|
category: "dispute"
|
|
496
544
|
},
|
|
497
545
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -499,7 +547,8 @@ var ERRORS = {
|
|
|
499
547
|
http_status: 400,
|
|
500
548
|
title: "Dispute Other Requires Description",
|
|
501
549
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
502
|
-
|
|
550
|
+
retryable: false,
|
|
551
|
+
next_action: "retry_with_different_input",
|
|
503
552
|
category: "dispute"
|
|
504
553
|
},
|
|
505
554
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -507,7 +556,8 @@ var ERRORS = {
|
|
|
507
556
|
http_status: 400,
|
|
508
557
|
title: "Dispute Resolution Not Allowed",
|
|
509
558
|
description: "Resolution is only valid for terminal states",
|
|
510
|
-
|
|
559
|
+
retryable: false,
|
|
560
|
+
next_action: "retry_with_different_input",
|
|
511
561
|
category: "dispute"
|
|
512
562
|
},
|
|
513
563
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -515,7 +565,8 @@ var ERRORS = {
|
|
|
515
565
|
http_status: 404,
|
|
516
566
|
title: "Dispute Target Not Found",
|
|
517
567
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
518
|
-
|
|
568
|
+
retryable: true,
|
|
569
|
+
next_action: "retry_after_delay",
|
|
519
570
|
category: "dispute"
|
|
520
571
|
},
|
|
521
572
|
// Identity error codes
|
|
@@ -524,7 +575,8 @@ var ERRORS = {
|
|
|
524
575
|
http_status: 400,
|
|
525
576
|
title: "Identity Binding Future",
|
|
526
577
|
description: "Identity binding signed_at timestamp is in the future",
|
|
527
|
-
|
|
578
|
+
retryable: false,
|
|
579
|
+
next_action: "retry_with_different_input",
|
|
528
580
|
category: "identity"
|
|
529
581
|
},
|
|
530
582
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -532,7 +584,8 @@ var ERRORS = {
|
|
|
532
584
|
http_status: 400,
|
|
533
585
|
title: "Identity Binding Mismatch",
|
|
534
586
|
description: "Identity binding does not match the request being verified",
|
|
535
|
-
|
|
587
|
+
retryable: false,
|
|
588
|
+
next_action: "retry_with_different_input",
|
|
536
589
|
category: "identity"
|
|
537
590
|
},
|
|
538
591
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -540,7 +593,8 @@ var ERRORS = {
|
|
|
540
593
|
http_status: 401,
|
|
541
594
|
title: "Identity Binding Stale",
|
|
542
595
|
description: "Identity binding is too old and requires fresh binding",
|
|
543
|
-
|
|
596
|
+
retryable: true,
|
|
597
|
+
next_action: "retry_after_delay",
|
|
544
598
|
category: "identity"
|
|
545
599
|
},
|
|
546
600
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -548,7 +602,8 @@ var ERRORS = {
|
|
|
548
602
|
http_status: 503,
|
|
549
603
|
title: "Identity Directory Unavailable",
|
|
550
604
|
description: "Failed to fetch agent key directory",
|
|
551
|
-
|
|
605
|
+
retryable: true,
|
|
606
|
+
next_action: "retry_after_delay",
|
|
552
607
|
category: "identity"
|
|
553
608
|
},
|
|
554
609
|
E_IDENTITY_EXPIRED: {
|
|
@@ -556,7 +611,8 @@ var ERRORS = {
|
|
|
556
611
|
http_status: 401,
|
|
557
612
|
title: "Identity Expired",
|
|
558
613
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
559
|
-
|
|
614
|
+
retryable: false,
|
|
615
|
+
next_action: "refresh_attestation",
|
|
560
616
|
category: "identity"
|
|
561
617
|
},
|
|
562
618
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -564,7 +620,8 @@ var ERRORS = {
|
|
|
564
620
|
http_status: 400,
|
|
565
621
|
title: "Identity Invalid Format",
|
|
566
622
|
description: "Agent identity attestation does not conform to schema",
|
|
567
|
-
|
|
623
|
+
retryable: false,
|
|
624
|
+
next_action: "retry_with_different_input",
|
|
568
625
|
category: "identity"
|
|
569
626
|
},
|
|
570
627
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -572,7 +629,8 @@ var ERRORS = {
|
|
|
572
629
|
http_status: 401,
|
|
573
630
|
title: "Identity Key Expired",
|
|
574
631
|
description: "Agent signing key has expired per directory metadata",
|
|
575
|
-
|
|
632
|
+
retryable: false,
|
|
633
|
+
next_action: "refresh_attestation",
|
|
576
634
|
category: "identity"
|
|
577
635
|
},
|
|
578
636
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -580,7 +638,8 @@ var ERRORS = {
|
|
|
580
638
|
http_status: 401,
|
|
581
639
|
title: "Identity Key Revoked",
|
|
582
640
|
description: "Agent signing key has been explicitly revoked",
|
|
583
|
-
|
|
641
|
+
retryable: false,
|
|
642
|
+
next_action: "refresh_attestation",
|
|
584
643
|
category: "identity"
|
|
585
644
|
},
|
|
586
645
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -588,7 +647,8 @@ var ERRORS = {
|
|
|
588
647
|
http_status: 401,
|
|
589
648
|
title: "Identity Key Unknown",
|
|
590
649
|
description: "Key ID not found in agent key directory",
|
|
591
|
-
|
|
650
|
+
retryable: true,
|
|
651
|
+
next_action: "retry_after_delay",
|
|
592
652
|
category: "identity"
|
|
593
653
|
},
|
|
594
654
|
E_IDENTITY_MISSING: {
|
|
@@ -596,7 +656,8 @@ var ERRORS = {
|
|
|
596
656
|
http_status: 401,
|
|
597
657
|
title: "Identity Missing",
|
|
598
658
|
description: "No agent identity attestation provided in request",
|
|
599
|
-
|
|
659
|
+
retryable: false,
|
|
660
|
+
next_action: "retry_with_different_input",
|
|
600
661
|
category: "identity"
|
|
601
662
|
},
|
|
602
663
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -604,7 +665,8 @@ var ERRORS = {
|
|
|
604
665
|
http_status: 401,
|
|
605
666
|
title: "Identity Not Yet Valid",
|
|
606
667
|
description: "Agent identity attestation issued_at time is in the future",
|
|
607
|
-
|
|
668
|
+
retryable: true,
|
|
669
|
+
next_action: "retry_after_delay",
|
|
608
670
|
category: "identity"
|
|
609
671
|
},
|
|
610
672
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -612,7 +674,8 @@ var ERRORS = {
|
|
|
612
674
|
http_status: 400,
|
|
613
675
|
title: "Identity Proof Unsupported",
|
|
614
676
|
description: "Agent identity proof method is not supported",
|
|
615
|
-
|
|
677
|
+
retryable: false,
|
|
678
|
+
next_action: "retry_with_different_input",
|
|
616
679
|
category: "identity"
|
|
617
680
|
},
|
|
618
681
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -620,7 +683,8 @@ var ERRORS = {
|
|
|
620
683
|
http_status: 401,
|
|
621
684
|
title: "Identity Signature Invalid",
|
|
622
685
|
description: "Agent identity proof signature verification failed",
|
|
623
|
-
|
|
686
|
+
retryable: false,
|
|
687
|
+
next_action: "retry_with_different_input",
|
|
624
688
|
category: "identity"
|
|
625
689
|
},
|
|
626
690
|
// Infrastructure error codes
|
|
@@ -629,7 +693,8 @@ var ERRORS = {
|
|
|
629
693
|
http_status: 503,
|
|
630
694
|
title: "Circuit Breaker Open",
|
|
631
695
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
632
|
-
|
|
696
|
+
retryable: true,
|
|
697
|
+
next_action: "retry_after_delay",
|
|
633
698
|
category: "infrastructure"
|
|
634
699
|
},
|
|
635
700
|
E_INTERNAL: {
|
|
@@ -637,7 +702,8 @@ var ERRORS = {
|
|
|
637
702
|
http_status: 500,
|
|
638
703
|
title: "Internal Error",
|
|
639
704
|
description: "An unexpected internal error occurred during verification",
|
|
640
|
-
|
|
705
|
+
retryable: true,
|
|
706
|
+
next_action: "retry_after_delay",
|
|
641
707
|
category: "infrastructure"
|
|
642
708
|
},
|
|
643
709
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -645,7 +711,8 @@ var ERRORS = {
|
|
|
645
711
|
http_status: 503,
|
|
646
712
|
title: "JWKS Fetch Failed",
|
|
647
713
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
648
|
-
|
|
714
|
+
retryable: true,
|
|
715
|
+
next_action: "retry_after_delay",
|
|
649
716
|
category: "infrastructure"
|
|
650
717
|
},
|
|
651
718
|
E_RATE_LIMITED: {
|
|
@@ -653,7 +720,8 @@ var ERRORS = {
|
|
|
653
720
|
http_status: 429,
|
|
654
721
|
title: "Rate Limited",
|
|
655
722
|
description: "Too many requests, please retry later",
|
|
656
|
-
|
|
723
|
+
retryable: true,
|
|
724
|
+
next_action: "retry_after_delay",
|
|
657
725
|
category: "infrastructure"
|
|
658
726
|
},
|
|
659
727
|
// Interaction error codes
|
|
@@ -662,7 +730,8 @@ var ERRORS = {
|
|
|
662
730
|
http_status: 400,
|
|
663
731
|
title: "Interaction Invalid Digest",
|
|
664
732
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
665
|
-
|
|
733
|
+
retryable: false,
|
|
734
|
+
next_action: "retry_with_different_input",
|
|
666
735
|
category: "interaction"
|
|
667
736
|
},
|
|
668
737
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -670,7 +739,8 @@ var ERRORS = {
|
|
|
670
739
|
http_status: 400,
|
|
671
740
|
title: "Interaction Invalid Digest Algorithm",
|
|
672
741
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
673
|
-
|
|
742
|
+
retryable: false,
|
|
743
|
+
next_action: "retry_with_different_input",
|
|
674
744
|
category: "interaction"
|
|
675
745
|
},
|
|
676
746
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -678,7 +748,8 @@ var ERRORS = {
|
|
|
678
748
|
http_status: 400,
|
|
679
749
|
title: "Interaction Invalid Extension Key",
|
|
680
750
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
681
|
-
|
|
751
|
+
retryable: false,
|
|
752
|
+
next_action: "retry_with_different_input",
|
|
682
753
|
category: "interaction"
|
|
683
754
|
},
|
|
684
755
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -686,7 +757,8 @@ var ERRORS = {
|
|
|
686
757
|
http_status: 400,
|
|
687
758
|
title: "Interaction Invalid Format",
|
|
688
759
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
689
|
-
|
|
760
|
+
retryable: false,
|
|
761
|
+
next_action: "retry_with_different_input",
|
|
690
762
|
category: "interaction"
|
|
691
763
|
},
|
|
692
764
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -694,7 +766,8 @@ var ERRORS = {
|
|
|
694
766
|
http_status: 400,
|
|
695
767
|
title: "Interaction Invalid Kind Format",
|
|
696
768
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
697
|
-
|
|
769
|
+
retryable: false,
|
|
770
|
+
next_action: "retry_with_different_input",
|
|
698
771
|
category: "interaction"
|
|
699
772
|
},
|
|
700
773
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -702,7 +775,8 @@ var ERRORS = {
|
|
|
702
775
|
http_status: 400,
|
|
703
776
|
title: "Interaction Invalid Timing",
|
|
704
777
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
705
|
-
|
|
778
|
+
retryable: false,
|
|
779
|
+
next_action: "retry_with_different_input",
|
|
706
780
|
category: "interaction"
|
|
707
781
|
},
|
|
708
782
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -710,7 +784,8 @@ var ERRORS = {
|
|
|
710
784
|
http_status: 400,
|
|
711
785
|
title: "Interaction Kind Reserved",
|
|
712
786
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
713
|
-
|
|
787
|
+
retryable: false,
|
|
788
|
+
next_action: "retry_with_different_input",
|
|
714
789
|
category: "interaction"
|
|
715
790
|
},
|
|
716
791
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -718,7 +793,8 @@ var ERRORS = {
|
|
|
718
793
|
http_status: 400,
|
|
719
794
|
title: "Interaction Missing Error Detail",
|
|
720
795
|
description: "error_code or extensions required when result.status is error",
|
|
721
|
-
|
|
796
|
+
retryable: false,
|
|
797
|
+
next_action: "retry_with_different_input",
|
|
722
798
|
category: "interaction"
|
|
723
799
|
},
|
|
724
800
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -726,7 +802,8 @@ var ERRORS = {
|
|
|
726
802
|
http_status: 400,
|
|
727
803
|
title: "Interaction Missing Executor",
|
|
728
804
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
729
|
-
|
|
805
|
+
retryable: false,
|
|
806
|
+
next_action: "retry_with_different_input",
|
|
730
807
|
category: "interaction"
|
|
731
808
|
},
|
|
732
809
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -734,7 +811,8 @@ var ERRORS = {
|
|
|
734
811
|
http_status: 400,
|
|
735
812
|
title: "Interaction Missing ID",
|
|
736
813
|
description: "Interaction evidence is missing required interaction_id field",
|
|
737
|
-
|
|
814
|
+
retryable: false,
|
|
815
|
+
next_action: "retry_with_different_input",
|
|
738
816
|
category: "interaction"
|
|
739
817
|
},
|
|
740
818
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -742,7 +820,8 @@ var ERRORS = {
|
|
|
742
820
|
http_status: 400,
|
|
743
821
|
title: "Interaction Missing Kind",
|
|
744
822
|
description: "Interaction evidence is missing required kind field",
|
|
745
|
-
|
|
823
|
+
retryable: false,
|
|
824
|
+
next_action: "retry_with_different_input",
|
|
746
825
|
category: "interaction"
|
|
747
826
|
},
|
|
748
827
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -750,7 +829,8 @@ var ERRORS = {
|
|
|
750
829
|
http_status: 400,
|
|
751
830
|
title: "Interaction Missing Result",
|
|
752
831
|
description: "result.status is required when output is present",
|
|
753
|
-
|
|
832
|
+
retryable: false,
|
|
833
|
+
next_action: "retry_with_different_input",
|
|
754
834
|
category: "interaction"
|
|
755
835
|
},
|
|
756
836
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -758,7 +838,8 @@ var ERRORS = {
|
|
|
758
838
|
http_status: 400,
|
|
759
839
|
title: "Interaction Missing Started At",
|
|
760
840
|
description: "Interaction evidence is missing required started_at field",
|
|
761
|
-
|
|
841
|
+
retryable: false,
|
|
842
|
+
next_action: "retry_with_different_input",
|
|
762
843
|
category: "interaction"
|
|
763
844
|
},
|
|
764
845
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -766,7 +847,8 @@ var ERRORS = {
|
|
|
766
847
|
http_status: 400,
|
|
767
848
|
title: "Interaction Missing Target",
|
|
768
849
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
769
|
-
|
|
850
|
+
retryable: false,
|
|
851
|
+
next_action: "retry_with_different_input",
|
|
770
852
|
category: "interaction"
|
|
771
853
|
},
|
|
772
854
|
// Ucp error codes
|
|
@@ -775,7 +857,8 @@ var ERRORS = {
|
|
|
775
857
|
http_status: 500,
|
|
776
858
|
title: "UCP Evidence Serialization Failed",
|
|
777
859
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
778
|
-
|
|
860
|
+
retryable: false,
|
|
861
|
+
next_action: "retry_with_different_input",
|
|
779
862
|
category: "ucp"
|
|
780
863
|
},
|
|
781
864
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -783,7 +866,8 @@ var ERRORS = {
|
|
|
783
866
|
http_status: 401,
|
|
784
867
|
title: "UCP Key Algorithm Mismatch",
|
|
785
868
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
786
|
-
|
|
869
|
+
retryable: false,
|
|
870
|
+
next_action: "retry_with_different_input",
|
|
787
871
|
category: "ucp"
|
|
788
872
|
},
|
|
789
873
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -791,7 +875,8 @@ var ERRORS = {
|
|
|
791
875
|
http_status: 401,
|
|
792
876
|
title: "UCP Key Curve Mismatch",
|
|
793
877
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
794
|
-
|
|
878
|
+
retryable: false,
|
|
879
|
+
next_action: "retry_with_different_input",
|
|
795
880
|
category: "ucp"
|
|
796
881
|
},
|
|
797
882
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -799,7 +884,8 @@ var ERRORS = {
|
|
|
799
884
|
http_status: 401,
|
|
800
885
|
title: "UCP Key Not Found",
|
|
801
886
|
description: "Key ID from signature not found in business UCP profile",
|
|
802
|
-
|
|
887
|
+
retryable: true,
|
|
888
|
+
next_action: "retry_after_delay",
|
|
803
889
|
category: "ucp"
|
|
804
890
|
},
|
|
805
891
|
E_UCP_ORDER_INVALID: {
|
|
@@ -807,7 +893,8 @@ var ERRORS = {
|
|
|
807
893
|
http_status: 400,
|
|
808
894
|
title: "UCP Order Invalid",
|
|
809
895
|
description: "UCP order object does not conform to expected schema",
|
|
810
|
-
|
|
896
|
+
retryable: false,
|
|
897
|
+
next_action: "retry_with_different_input",
|
|
811
898
|
category: "ucp"
|
|
812
899
|
},
|
|
813
900
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -815,7 +902,8 @@ var ERRORS = {
|
|
|
815
902
|
http_status: 400,
|
|
816
903
|
title: "UCP Order Missing ID",
|
|
817
904
|
description: "UCP order is missing required id field",
|
|
818
|
-
|
|
905
|
+
retryable: false,
|
|
906
|
+
next_action: "retry_with_different_input",
|
|
819
907
|
category: "ucp"
|
|
820
908
|
},
|
|
821
909
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -823,7 +911,8 @@ var ERRORS = {
|
|
|
823
911
|
http_status: 400,
|
|
824
912
|
title: "UCP Order Missing Line Items",
|
|
825
913
|
description: "UCP order is missing required line_items array",
|
|
826
|
-
|
|
914
|
+
retryable: false,
|
|
915
|
+
next_action: "retry_with_different_input",
|
|
827
916
|
category: "ucp"
|
|
828
917
|
},
|
|
829
918
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -831,7 +920,8 @@ var ERRORS = {
|
|
|
831
920
|
http_status: 400,
|
|
832
921
|
title: "UCP Order Missing Totals",
|
|
833
922
|
description: "UCP order is missing required totals array or total entry",
|
|
834
|
-
|
|
923
|
+
retryable: false,
|
|
924
|
+
next_action: "retry_with_different_input",
|
|
835
925
|
category: "ucp"
|
|
836
926
|
},
|
|
837
927
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -839,7 +929,8 @@ var ERRORS = {
|
|
|
839
929
|
http_status: 400,
|
|
840
930
|
title: "UCP Payload Empty",
|
|
841
931
|
description: "Webhook request body is empty",
|
|
842
|
-
|
|
932
|
+
retryable: false,
|
|
933
|
+
next_action: "retry_with_different_input",
|
|
843
934
|
category: "ucp"
|
|
844
935
|
},
|
|
845
936
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -847,7 +938,8 @@ var ERRORS = {
|
|
|
847
938
|
http_status: 400,
|
|
848
939
|
title: "UCP Payload Not JSON",
|
|
849
940
|
description: "Webhook request body is not valid JSON",
|
|
850
|
-
|
|
941
|
+
retryable: false,
|
|
942
|
+
next_action: "retry_with_different_input",
|
|
851
943
|
category: "ucp"
|
|
852
944
|
},
|
|
853
945
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -855,7 +947,8 @@ var ERRORS = {
|
|
|
855
947
|
http_status: 400,
|
|
856
948
|
title: "UCP Payload Too Large",
|
|
857
949
|
description: "Webhook request body exceeds maximum allowed size",
|
|
858
|
-
|
|
950
|
+
retryable: false,
|
|
951
|
+
next_action: "retry_with_different_input",
|
|
859
952
|
category: "ucp"
|
|
860
953
|
},
|
|
861
954
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -863,7 +956,8 @@ var ERRORS = {
|
|
|
863
956
|
http_status: 502,
|
|
864
957
|
title: "UCP Profile Fetch Failed",
|
|
865
958
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
866
|
-
|
|
959
|
+
retryable: true,
|
|
960
|
+
next_action: "retry_after_delay",
|
|
867
961
|
category: "ucp"
|
|
868
962
|
},
|
|
869
963
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -871,7 +965,8 @@ var ERRORS = {
|
|
|
871
965
|
http_status: 502,
|
|
872
966
|
title: "UCP Profile Invalid",
|
|
873
967
|
description: "Business UCP profile does not conform to expected schema",
|
|
874
|
-
|
|
968
|
+
retryable: false,
|
|
969
|
+
next_action: "retry_with_different_input",
|
|
875
970
|
category: "ucp"
|
|
876
971
|
},
|
|
877
972
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -879,7 +974,8 @@ var ERRORS = {
|
|
|
879
974
|
http_status: 502,
|
|
880
975
|
title: "UCP Profile No Signing Keys",
|
|
881
976
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
882
|
-
|
|
977
|
+
retryable: false,
|
|
978
|
+
next_action: "retry_with_different_input",
|
|
883
979
|
category: "ucp"
|
|
884
980
|
},
|
|
885
981
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -887,7 +983,8 @@ var ERRORS = {
|
|
|
887
983
|
http_status: 400,
|
|
888
984
|
title: "UCP Signature Algorithm Unsupported",
|
|
889
985
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
890
|
-
|
|
986
|
+
retryable: false,
|
|
987
|
+
next_action: "retry_with_different_input",
|
|
891
988
|
category: "ucp"
|
|
892
989
|
},
|
|
893
990
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -895,7 +992,8 @@ var ERRORS = {
|
|
|
895
992
|
http_status: 400,
|
|
896
993
|
title: "UCP Signature b64 Invalid",
|
|
897
994
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
898
|
-
|
|
995
|
+
retryable: false,
|
|
996
|
+
next_action: "retry_with_different_input",
|
|
899
997
|
category: "ucp"
|
|
900
998
|
},
|
|
901
999
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -903,7 +1001,8 @@ var ERRORS = {
|
|
|
903
1001
|
http_status: 401,
|
|
904
1002
|
title: "UCP Signature Invalid",
|
|
905
1003
|
description: "Webhook signature verification failed against payload",
|
|
906
|
-
|
|
1004
|
+
retryable: false,
|
|
1005
|
+
next_action: "retry_with_different_input",
|
|
907
1006
|
category: "ucp"
|
|
908
1007
|
},
|
|
909
1008
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -911,7 +1010,8 @@ var ERRORS = {
|
|
|
911
1010
|
http_status: 400,
|
|
912
1011
|
title: "UCP Signature Malformed",
|
|
913
1012
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
914
|
-
|
|
1013
|
+
retryable: false,
|
|
1014
|
+
next_action: "retry_with_different_input",
|
|
915
1015
|
category: "ucp"
|
|
916
1016
|
},
|
|
917
1017
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -919,7 +1019,8 @@ var ERRORS = {
|
|
|
919
1019
|
http_status: 400,
|
|
920
1020
|
title: "UCP Signature Missing",
|
|
921
1021
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
922
|
-
|
|
1022
|
+
retryable: false,
|
|
1023
|
+
next_action: "retry_with_different_input",
|
|
923
1024
|
category: "ucp"
|
|
924
1025
|
},
|
|
925
1026
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -927,7 +1028,8 @@ var ERRORS = {
|
|
|
927
1028
|
http_status: 401,
|
|
928
1029
|
title: "UCP Verification Failed",
|
|
929
1030
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
930
|
-
|
|
1031
|
+
retryable: false,
|
|
1032
|
+
next_action: "retry_with_different_input",
|
|
931
1033
|
category: "ucp"
|
|
932
1034
|
},
|
|
933
1035
|
// Validation error codes
|
|
@@ -936,7 +1038,8 @@ var ERRORS = {
|
|
|
936
1038
|
http_status: 400,
|
|
937
1039
|
title: "Kernel Constraint Violation",
|
|
938
1040
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
939
|
-
|
|
1041
|
+
retryable: false,
|
|
1042
|
+
next_action: "retry_with_different_input",
|
|
940
1043
|
category: "validation"
|
|
941
1044
|
},
|
|
942
1045
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -944,7 +1047,8 @@ var ERRORS = {
|
|
|
944
1047
|
http_status: 400,
|
|
945
1048
|
title: "Evidence Not JSON-Safe",
|
|
946
1049
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
947
|
-
|
|
1050
|
+
retryable: false,
|
|
1051
|
+
next_action: "retry_with_different_input",
|
|
948
1052
|
category: "validation"
|
|
949
1053
|
},
|
|
950
1054
|
E_EXPIRED: {
|
|
@@ -952,7 +1056,8 @@ var ERRORS = {
|
|
|
952
1056
|
http_status: 400,
|
|
953
1057
|
title: "Receipt Expired",
|
|
954
1058
|
description: "Receipt has exceeded its expiration time",
|
|
955
|
-
|
|
1059
|
+
retryable: false,
|
|
1060
|
+
next_action: "retry_with_different_input",
|
|
956
1061
|
category: "validation"
|
|
957
1062
|
},
|
|
958
1063
|
E_INVALID_AMOUNT: {
|
|
@@ -960,7 +1065,8 @@ var ERRORS = {
|
|
|
960
1065
|
http_status: 400,
|
|
961
1066
|
title: "Invalid Amount",
|
|
962
1067
|
description: "Payment amount is invalid or out of allowed range",
|
|
963
|
-
|
|
1068
|
+
retryable: false,
|
|
1069
|
+
next_action: "retry_with_different_input",
|
|
964
1070
|
category: "validation"
|
|
965
1071
|
},
|
|
966
1072
|
E_INVALID_AUDIENCE: {
|
|
@@ -968,7 +1074,8 @@ var ERRORS = {
|
|
|
968
1074
|
http_status: 400,
|
|
969
1075
|
title: "Invalid Audience",
|
|
970
1076
|
description: "Receipt audience claim does not match expected value",
|
|
971
|
-
|
|
1077
|
+
retryable: false,
|
|
1078
|
+
next_action: "retry_with_different_input",
|
|
972
1079
|
category: "validation"
|
|
973
1080
|
},
|
|
974
1081
|
E_INVALID_CURRENCY: {
|
|
@@ -976,7 +1083,8 @@ var ERRORS = {
|
|
|
976
1083
|
http_status: 400,
|
|
977
1084
|
title: "Invalid Currency",
|
|
978
1085
|
description: "Currency code is not a valid ISO 4217 code",
|
|
979
|
-
|
|
1086
|
+
retryable: false,
|
|
1087
|
+
next_action: "retry_with_different_input",
|
|
980
1088
|
category: "validation"
|
|
981
1089
|
},
|
|
982
1090
|
E_INVALID_FORMAT: {
|
|
@@ -984,7 +1092,8 @@ var ERRORS = {
|
|
|
984
1092
|
http_status: 400,
|
|
985
1093
|
title: "Invalid Format",
|
|
986
1094
|
description: "Receipt does not conform to JWS format",
|
|
987
|
-
|
|
1095
|
+
retryable: false,
|
|
1096
|
+
next_action: "retry_with_different_input",
|
|
988
1097
|
category: "validation"
|
|
989
1098
|
},
|
|
990
1099
|
E_INVALID_ISSUER: {
|
|
@@ -992,7 +1101,8 @@ var ERRORS = {
|
|
|
992
1101
|
http_status: 400,
|
|
993
1102
|
title: "Invalid Issuer",
|
|
994
1103
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
995
|
-
|
|
1104
|
+
retryable: false,
|
|
1105
|
+
next_action: "retry_with_different_input",
|
|
996
1106
|
category: "validation"
|
|
997
1107
|
},
|
|
998
1108
|
E_INVALID_RAIL: {
|
|
@@ -1000,7 +1110,8 @@ var ERRORS = {
|
|
|
1000
1110
|
http_status: 400,
|
|
1001
1111
|
title: "Invalid Payment Rail",
|
|
1002
1112
|
description: "Payment rail identifier is not recognized",
|
|
1003
|
-
|
|
1113
|
+
retryable: false,
|
|
1114
|
+
next_action: "retry_with_different_input",
|
|
1004
1115
|
category: "validation"
|
|
1005
1116
|
},
|
|
1006
1117
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1008,7 +1119,8 @@ var ERRORS = {
|
|
|
1008
1119
|
http_status: 400,
|
|
1009
1120
|
title: "Invalid Receipt ID",
|
|
1010
1121
|
description: "Receipt ID (rid) does not match expected value",
|
|
1011
|
-
|
|
1122
|
+
retryable: false,
|
|
1123
|
+
next_action: "retry_with_different_input",
|
|
1012
1124
|
category: "validation"
|
|
1013
1125
|
},
|
|
1014
1126
|
E_INVALID_SUBJECT: {
|
|
@@ -1016,7 +1128,8 @@ var ERRORS = {
|
|
|
1016
1128
|
http_status: 400,
|
|
1017
1129
|
title: "Invalid Subject",
|
|
1018
1130
|
description: "Receipt subject claim does not match expected value",
|
|
1019
|
-
|
|
1131
|
+
retryable: false,
|
|
1132
|
+
next_action: "retry_with_different_input",
|
|
1020
1133
|
category: "validation"
|
|
1021
1134
|
},
|
|
1022
1135
|
E_MISSING_EXP: {
|
|
@@ -1024,7 +1137,8 @@ var ERRORS = {
|
|
|
1024
1137
|
http_status: 400,
|
|
1025
1138
|
title: "Missing Expiration",
|
|
1026
1139
|
description: "Receipt is missing required exp claim",
|
|
1027
|
-
|
|
1140
|
+
retryable: false,
|
|
1141
|
+
next_action: "retry_with_different_input",
|
|
1028
1142
|
category: "validation"
|
|
1029
1143
|
},
|
|
1030
1144
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1032,7 +1146,8 @@ var ERRORS = {
|
|
|
1032
1146
|
http_status: 400,
|
|
1033
1147
|
title: "Missing Required Claim",
|
|
1034
1148
|
description: "Receipt is missing a required JWT claim",
|
|
1035
|
-
|
|
1149
|
+
retryable: false,
|
|
1150
|
+
next_action: "retry_with_different_input",
|
|
1036
1151
|
category: "validation"
|
|
1037
1152
|
},
|
|
1038
1153
|
E_NOT_YET_VALID: {
|
|
@@ -1040,7 +1155,8 @@ var ERRORS = {
|
|
|
1040
1155
|
http_status: 400,
|
|
1041
1156
|
title: "Not Yet Valid",
|
|
1042
1157
|
description: "Receipt nbf (not before) time is in the future",
|
|
1043
|
-
|
|
1158
|
+
retryable: true,
|
|
1159
|
+
next_action: "retry_after_delay",
|
|
1044
1160
|
category: "validation"
|
|
1045
1161
|
},
|
|
1046
1162
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1048,7 +1164,8 @@ var ERRORS = {
|
|
|
1048
1164
|
http_status: 400,
|
|
1049
1165
|
title: "Attestation Receipt Invalid",
|
|
1050
1166
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1051
|
-
|
|
1167
|
+
retryable: false,
|
|
1168
|
+
next_action: "retry_with_different_input",
|
|
1052
1169
|
category: "validation"
|
|
1053
1170
|
},
|
|
1054
1171
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1056,7 +1173,8 @@ var ERRORS = {
|
|
|
1056
1173
|
http_status: 400,
|
|
1057
1174
|
title: "Commerce Receipt Invalid",
|
|
1058
1175
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1059
|
-
|
|
1176
|
+
retryable: false,
|
|
1177
|
+
next_action: "retry_with_different_input",
|
|
1060
1178
|
category: "validation"
|
|
1061
1179
|
},
|
|
1062
1180
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1064,7 +1182,8 @@ var ERRORS = {
|
|
|
1064
1182
|
http_status: 400,
|
|
1065
1183
|
title: "Parse Invalid Input",
|
|
1066
1184
|
description: "Input to receipt parser is not a non-null object",
|
|
1067
|
-
|
|
1185
|
+
retryable: false,
|
|
1186
|
+
next_action: "retry_with_different_input",
|
|
1068
1187
|
category: "validation"
|
|
1069
1188
|
},
|
|
1070
1189
|
// Verification error codes
|
|
@@ -1073,7 +1192,8 @@ var ERRORS = {
|
|
|
1073
1192
|
http_status: 400,
|
|
1074
1193
|
title: "Invalid Signature",
|
|
1075
1194
|
description: "Receipt signature verification failed",
|
|
1076
|
-
|
|
1195
|
+
retryable: false,
|
|
1196
|
+
next_action: "abort",
|
|
1077
1197
|
category: "verification"
|
|
1078
1198
|
},
|
|
1079
1199
|
E_KEY_NOT_FOUND: {
|
|
@@ -1081,7 +1201,8 @@ var ERRORS = {
|
|
|
1081
1201
|
http_status: 400,
|
|
1082
1202
|
title: "Key Not Found",
|
|
1083
1203
|
description: "Public key with specified kid not found in JWKS",
|
|
1084
|
-
|
|
1204
|
+
retryable: false,
|
|
1205
|
+
next_action: "retry_with_different_key",
|
|
1085
1206
|
category: "verification"
|
|
1086
1207
|
},
|
|
1087
1208
|
// Verifier error codes
|
|
@@ -1090,7 +1211,17 @@ var ERRORS = {
|
|
|
1090
1211
|
http_status: 400,
|
|
1091
1212
|
title: "Extension Too Large",
|
|
1092
1213
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1093
|
-
|
|
1214
|
+
retryable: false,
|
|
1215
|
+
next_action: "abort",
|
|
1216
|
+
category: "verifier"
|
|
1217
|
+
},
|
|
1218
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
1219
|
+
code: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
1220
|
+
http_status: 403,
|
|
1221
|
+
title: "Insecure Scheme Blocked",
|
|
1222
|
+
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1223
|
+
retryable: false,
|
|
1224
|
+
next_action: "abort",
|
|
1094
1225
|
category: "verifier"
|
|
1095
1226
|
},
|
|
1096
1227
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1098,7 +1229,35 @@ var ERRORS = {
|
|
|
1098
1229
|
http_status: 400,
|
|
1099
1230
|
title: "Invalid Transport",
|
|
1100
1231
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1101
|
-
|
|
1232
|
+
retryable: false,
|
|
1233
|
+
next_action: "abort",
|
|
1234
|
+
category: "verifier"
|
|
1235
|
+
},
|
|
1236
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
1237
|
+
code: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
1238
|
+
http_status: 502,
|
|
1239
|
+
title: "Issuer Config Invalid",
|
|
1240
|
+
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1241
|
+
retryable: false,
|
|
1242
|
+
next_action: "abort",
|
|
1243
|
+
category: "verifier"
|
|
1244
|
+
},
|
|
1245
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
1246
|
+
code: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
1247
|
+
http_status: 502,
|
|
1248
|
+
title: "Issuer Config Missing",
|
|
1249
|
+
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1250
|
+
retryable: true,
|
|
1251
|
+
next_action: "retry_after_delay",
|
|
1252
|
+
category: "verifier"
|
|
1253
|
+
},
|
|
1254
|
+
E_VERIFY_ISSUER_MISMATCH: {
|
|
1255
|
+
code: "E_VERIFY_ISSUER_MISMATCH",
|
|
1256
|
+
http_status: 403,
|
|
1257
|
+
title: "Issuer Mismatch",
|
|
1258
|
+
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1259
|
+
retryable: false,
|
|
1260
|
+
next_action: "abort",
|
|
1102
1261
|
category: "verifier"
|
|
1103
1262
|
},
|
|
1104
1263
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1106,7 +1265,17 @@ var ERRORS = {
|
|
|
1106
1265
|
http_status: 403,
|
|
1107
1266
|
title: "Issuer Not Allowed",
|
|
1108
1267
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1109
|
-
|
|
1268
|
+
retryable: false,
|
|
1269
|
+
next_action: "abort",
|
|
1270
|
+
category: "verifier"
|
|
1271
|
+
},
|
|
1272
|
+
E_VERIFY_JWKS_INVALID: {
|
|
1273
|
+
code: "E_VERIFY_JWKS_INVALID",
|
|
1274
|
+
http_status: 502,
|
|
1275
|
+
title: "JWKS Invalid",
|
|
1276
|
+
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1277
|
+
retryable: false,
|
|
1278
|
+
next_action: "abort",
|
|
1110
1279
|
category: "verifier"
|
|
1111
1280
|
},
|
|
1112
1281
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1114,7 +1283,8 @@ var ERRORS = {
|
|
|
1114
1283
|
http_status: 400,
|
|
1115
1284
|
title: "JWKS Too Large",
|
|
1116
1285
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1117
|
-
|
|
1286
|
+
retryable: false,
|
|
1287
|
+
next_action: "abort",
|
|
1118
1288
|
category: "verifier"
|
|
1119
1289
|
},
|
|
1120
1290
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1122,7 +1292,17 @@ var ERRORS = {
|
|
|
1122
1292
|
http_status: 400,
|
|
1123
1293
|
title: "JWKS Too Many Keys",
|
|
1124
1294
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1125
|
-
|
|
1295
|
+
retryable: false,
|
|
1296
|
+
next_action: "abort",
|
|
1297
|
+
category: "verifier"
|
|
1298
|
+
},
|
|
1299
|
+
E_VERIFY_JWKS_URI_INVALID: {
|
|
1300
|
+
code: "E_VERIFY_JWKS_URI_INVALID",
|
|
1301
|
+
http_status: 502,
|
|
1302
|
+
title: "JWKS URI Invalid",
|
|
1303
|
+
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1304
|
+
retryable: false,
|
|
1305
|
+
next_action: "abort",
|
|
1126
1306
|
category: "verifier"
|
|
1127
1307
|
},
|
|
1128
1308
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1130,7 +1310,8 @@ var ERRORS = {
|
|
|
1130
1310
|
http_status: 403,
|
|
1131
1311
|
title: "Key Fetch Blocked",
|
|
1132
1312
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1133
|
-
|
|
1313
|
+
retryable: false,
|
|
1314
|
+
next_action: "abort",
|
|
1134
1315
|
category: "verifier"
|
|
1135
1316
|
},
|
|
1136
1317
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1138,7 +1319,8 @@ var ERRORS = {
|
|
|
1138
1319
|
http_status: 502,
|
|
1139
1320
|
title: "Key Fetch Failed",
|
|
1140
1321
|
description: "Network error while fetching JWKS from issuer",
|
|
1141
|
-
|
|
1322
|
+
retryable: true,
|
|
1323
|
+
next_action: "retry_after_delay",
|
|
1142
1324
|
category: "verifier"
|
|
1143
1325
|
},
|
|
1144
1326
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1146,7 +1328,8 @@ var ERRORS = {
|
|
|
1146
1328
|
http_status: 504,
|
|
1147
1329
|
title: "Key Fetch Timeout",
|
|
1148
1330
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1149
|
-
|
|
1331
|
+
retryable: true,
|
|
1332
|
+
next_action: "retry_after_delay",
|
|
1150
1333
|
category: "verifier"
|
|
1151
1334
|
},
|
|
1152
1335
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1154,7 +1337,8 @@ var ERRORS = {
|
|
|
1154
1337
|
http_status: 400,
|
|
1155
1338
|
title: "Malformed Receipt",
|
|
1156
1339
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1157
|
-
|
|
1340
|
+
retryable: false,
|
|
1341
|
+
next_action: "abort",
|
|
1158
1342
|
category: "verifier"
|
|
1159
1343
|
},
|
|
1160
1344
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1162,7 +1346,8 @@ var ERRORS = {
|
|
|
1162
1346
|
http_status: 400,
|
|
1163
1347
|
title: "Pointer Digest Mismatch",
|
|
1164
1348
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1165
|
-
|
|
1349
|
+
retryable: false,
|
|
1350
|
+
next_action: "abort",
|
|
1166
1351
|
category: "verifier"
|
|
1167
1352
|
},
|
|
1168
1353
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1170,7 +1355,8 @@ var ERRORS = {
|
|
|
1170
1355
|
http_status: 403,
|
|
1171
1356
|
title: "Pointer Fetch Blocked",
|
|
1172
1357
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1173
|
-
|
|
1358
|
+
retryable: false,
|
|
1359
|
+
next_action: "abort",
|
|
1174
1360
|
category: "verifier"
|
|
1175
1361
|
},
|
|
1176
1362
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1178,7 +1364,8 @@ var ERRORS = {
|
|
|
1178
1364
|
http_status: 502,
|
|
1179
1365
|
title: "Pointer Fetch Failed",
|
|
1180
1366
|
description: "Network error while fetching receipt from pointer URL",
|
|
1181
|
-
|
|
1367
|
+
retryable: true,
|
|
1368
|
+
next_action: "retry_after_delay",
|
|
1182
1369
|
category: "verifier"
|
|
1183
1370
|
},
|
|
1184
1371
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1186,7 +1373,8 @@ var ERRORS = {
|
|
|
1186
1373
|
http_status: 504,
|
|
1187
1374
|
title: "Pointer Fetch Timeout",
|
|
1188
1375
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1189
|
-
|
|
1376
|
+
retryable: true,
|
|
1377
|
+
next_action: "retry_after_delay",
|
|
1190
1378
|
category: "verifier"
|
|
1191
1379
|
},
|
|
1192
1380
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1194,7 +1382,8 @@ var ERRORS = {
|
|
|
1194
1382
|
http_status: 413,
|
|
1195
1383
|
title: "Pointer Fetch Too Large",
|
|
1196
1384
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1197
|
-
|
|
1385
|
+
retryable: false,
|
|
1386
|
+
next_action: "abort",
|
|
1198
1387
|
category: "verifier"
|
|
1199
1388
|
},
|
|
1200
1389
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1202,7 +1391,8 @@ var ERRORS = {
|
|
|
1202
1391
|
http_status: 403,
|
|
1203
1392
|
title: "Policy Violation",
|
|
1204
1393
|
description: "Receipt violates verifier trust policy",
|
|
1205
|
-
|
|
1394
|
+
retryable: false,
|
|
1395
|
+
next_action: "abort",
|
|
1206
1396
|
category: "verifier"
|
|
1207
1397
|
},
|
|
1208
1398
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1210,7 +1400,8 @@ var ERRORS = {
|
|
|
1210
1400
|
http_status: 413,
|
|
1211
1401
|
title: "Receipt Too Large",
|
|
1212
1402
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1213
|
-
|
|
1403
|
+
retryable: false,
|
|
1404
|
+
next_action: "abort",
|
|
1214
1405
|
category: "verifier"
|
|
1215
1406
|
},
|
|
1216
1407
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1218,7 +1409,8 @@ var ERRORS = {
|
|
|
1218
1409
|
http_status: 400,
|
|
1219
1410
|
title: "Schema Invalid",
|
|
1220
1411
|
description: "Receipt claims do not conform to expected schema",
|
|
1221
|
-
|
|
1412
|
+
retryable: false,
|
|
1413
|
+
next_action: "abort",
|
|
1222
1414
|
category: "verifier"
|
|
1223
1415
|
},
|
|
1224
1416
|
// Workflow error codes
|
|
@@ -1227,7 +1419,8 @@ var ERRORS = {
|
|
|
1227
1419
|
http_status: 400,
|
|
1228
1420
|
title: "Invalid Workflow Context",
|
|
1229
1421
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1230
|
-
|
|
1422
|
+
retryable: false,
|
|
1423
|
+
next_action: "retry_with_different_input",
|
|
1231
1424
|
category: "workflow"
|
|
1232
1425
|
},
|
|
1233
1426
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1235,7 +1428,8 @@ var ERRORS = {
|
|
|
1235
1428
|
http_status: 400,
|
|
1236
1429
|
title: "Workflow Cycle Detected",
|
|
1237
1430
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1238
|
-
|
|
1431
|
+
retryable: false,
|
|
1432
|
+
next_action: "retry_with_different_input",
|
|
1239
1433
|
category: "workflow"
|
|
1240
1434
|
},
|
|
1241
1435
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1243,7 +1437,8 @@ var ERRORS = {
|
|
|
1243
1437
|
http_status: 400,
|
|
1244
1438
|
title: "Invalid Workflow DAG",
|
|
1245
1439
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1246
|
-
|
|
1440
|
+
retryable: false,
|
|
1441
|
+
next_action: "retry_with_different_input",
|
|
1247
1442
|
category: "workflow"
|
|
1248
1443
|
},
|
|
1249
1444
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1251,7 +1446,8 @@ var ERRORS = {
|
|
|
1251
1446
|
http_status: 400,
|
|
1252
1447
|
title: "Invalid Workflow ID",
|
|
1253
1448
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1254
|
-
|
|
1449
|
+
retryable: false,
|
|
1450
|
+
next_action: "retry_with_different_input",
|
|
1255
1451
|
category: "workflow"
|
|
1256
1452
|
},
|
|
1257
1453
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1259,7 +1455,8 @@ var ERRORS = {
|
|
|
1259
1455
|
http_status: 400,
|
|
1260
1456
|
title: "Workflow Limit Exceeded",
|
|
1261
1457
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1262
|
-
|
|
1458
|
+
retryable: false,
|
|
1459
|
+
next_action: "retry_with_different_input",
|
|
1263
1460
|
category: "workflow"
|
|
1264
1461
|
},
|
|
1265
1462
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1267,7 +1464,8 @@ var ERRORS = {
|
|
|
1267
1464
|
http_status: 400,
|
|
1268
1465
|
title: "Parent Step Not Found",
|
|
1269
1466
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1270
|
-
|
|
1467
|
+
retryable: false,
|
|
1468
|
+
next_action: "retry_with_different_input",
|
|
1271
1469
|
category: "workflow"
|
|
1272
1470
|
},
|
|
1273
1471
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1275,7 +1473,8 @@ var ERRORS = {
|
|
|
1275
1473
|
http_status: 400,
|
|
1276
1474
|
title: "Invalid Step ID",
|
|
1277
1475
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1278
|
-
|
|
1476
|
+
retryable: false,
|
|
1477
|
+
next_action: "retry_with_different_input",
|
|
1279
1478
|
category: "workflow"
|
|
1280
1479
|
},
|
|
1281
1480
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1283,15 +1482,16 @@ var ERRORS = {
|
|
|
1283
1482
|
http_status: 400,
|
|
1284
1483
|
title: "Invalid Workflow Summary",
|
|
1285
1484
|
description: "Workflow summary attestation does not conform to schema",
|
|
1286
|
-
|
|
1485
|
+
retryable: false,
|
|
1486
|
+
next_action: "retry_with_different_input",
|
|
1287
1487
|
category: "workflow"
|
|
1288
1488
|
}
|
|
1289
1489
|
};
|
|
1290
1490
|
function getError(code) {
|
|
1291
1491
|
return ERRORS[code];
|
|
1292
1492
|
}
|
|
1293
|
-
function
|
|
1294
|
-
return ERRORS[code]?.
|
|
1493
|
+
function isRetryable(code) {
|
|
1494
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1295
1495
|
}
|
|
1296
1496
|
var BUNDLE_ERRORS = {
|
|
1297
1497
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1327,6 +1527,6 @@ var DISPUTE_ERRORS = {
|
|
|
1327
1527
|
TARGET_NOT_FOUND: "E_DISPUTE_TARGET_NOT_FOUND"
|
|
1328
1528
|
};
|
|
1329
1529
|
|
|
1330
|
-
export { BUNDLE_ERRORS, DISPUTE_ERRORS, ERRORS, ERROR_CODES, getError,
|
|
1530
|
+
export { BUNDLE_ERRORS, DISPUTE_ERRORS, ERRORS, ERROR_CODES, getError, isRetryable };
|
|
1331
1531
|
//# sourceMappingURL=errors.mjs.map
|
|
1332
1532
|
//# sourceMappingURL=errors.mjs.map
|