@peac/kernel 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/__tests__/carrier.test.d.ts +2 -0
- package/dist/__tests__/carrier.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +113 -0
- package/dist/carrier.d.ts.map +1 -0
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +343 -143
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +9 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +343 -143
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +349 -143
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +347 -143
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -301,10 +301,16 @@ var ERROR_CODES = {
|
|
|
301
301
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
302
302
|
// Verifier error codes
|
|
303
303
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
304
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
304
305
|
E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
|
|
306
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
307
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
308
|
+
E_VERIFY_ISSUER_MISMATCH: "E_VERIFY_ISSUER_MISMATCH",
|
|
305
309
|
E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
|
|
310
|
+
E_VERIFY_JWKS_INVALID: "E_VERIFY_JWKS_INVALID",
|
|
306
311
|
E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
|
|
307
312
|
E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
|
|
313
|
+
E_VERIFY_JWKS_URI_INVALID: "E_VERIFY_JWKS_URI_INVALID",
|
|
308
314
|
E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
|
|
309
315
|
E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
|
|
310
316
|
E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
|
|
@@ -334,7 +340,8 @@ var ERRORS = {
|
|
|
334
340
|
http_status: 400,
|
|
335
341
|
title: "Attribution Chain Too Deep",
|
|
336
342
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
337
|
-
|
|
343
|
+
retryable: false,
|
|
344
|
+
next_action: "retry_with_different_input",
|
|
338
345
|
category: "attribution"
|
|
339
346
|
},
|
|
340
347
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -342,7 +349,8 @@ var ERRORS = {
|
|
|
342
349
|
http_status: 400,
|
|
343
350
|
title: "Attribution Circular Chain",
|
|
344
351
|
description: "Circular reference detected in attribution chain",
|
|
345
|
-
|
|
352
|
+
retryable: false,
|
|
353
|
+
next_action: "retry_with_different_input",
|
|
346
354
|
category: "attribution"
|
|
347
355
|
},
|
|
348
356
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -350,7 +358,8 @@ var ERRORS = {
|
|
|
350
358
|
http_status: 401,
|
|
351
359
|
title: "Attribution Expired",
|
|
352
360
|
description: "Attribution attestation has exceeded its expiration time",
|
|
353
|
-
|
|
361
|
+
retryable: false,
|
|
362
|
+
next_action: "retry_with_different_input",
|
|
354
363
|
category: "attribution"
|
|
355
364
|
},
|
|
356
365
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -358,7 +367,8 @@ var ERRORS = {
|
|
|
358
367
|
http_status: 400,
|
|
359
368
|
title: "Attribution Hash Invalid",
|
|
360
369
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
361
|
-
|
|
370
|
+
retryable: false,
|
|
371
|
+
next_action: "retry_with_different_input",
|
|
362
372
|
category: "attribution"
|
|
363
373
|
},
|
|
364
374
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -366,7 +376,8 @@ var ERRORS = {
|
|
|
366
376
|
http_status: 400,
|
|
367
377
|
title: "Attribution Invalid Format",
|
|
368
378
|
description: "Attribution attestation does not conform to schema",
|
|
369
|
-
|
|
379
|
+
retryable: false,
|
|
380
|
+
next_action: "retry_with_different_input",
|
|
370
381
|
category: "attribution"
|
|
371
382
|
},
|
|
372
383
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -374,7 +385,8 @@ var ERRORS = {
|
|
|
374
385
|
http_status: 400,
|
|
375
386
|
title: "Attribution Invalid Reference",
|
|
376
387
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
377
|
-
|
|
388
|
+
retryable: false,
|
|
389
|
+
next_action: "retry_with_different_input",
|
|
378
390
|
category: "attribution"
|
|
379
391
|
},
|
|
380
392
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -382,7 +394,8 @@ var ERRORS = {
|
|
|
382
394
|
http_status: 400,
|
|
383
395
|
title: "Attribution Invalid Weight",
|
|
384
396
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
385
|
-
|
|
397
|
+
retryable: false,
|
|
398
|
+
next_action: "retry_with_different_input",
|
|
386
399
|
category: "attribution"
|
|
387
400
|
},
|
|
388
401
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -390,7 +403,8 @@ var ERRORS = {
|
|
|
390
403
|
http_status: 400,
|
|
391
404
|
title: "Attribution Missing Sources",
|
|
392
405
|
description: "Attribution attestation has empty sources array",
|
|
393
|
-
|
|
406
|
+
retryable: false,
|
|
407
|
+
next_action: "retry_with_different_input",
|
|
394
408
|
category: "attribution"
|
|
395
409
|
},
|
|
396
410
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -398,7 +412,8 @@ var ERRORS = {
|
|
|
398
412
|
http_status: 401,
|
|
399
413
|
title: "Attribution Not Yet Valid",
|
|
400
414
|
description: "Attribution attestation issued_at time is in the future",
|
|
401
|
-
|
|
415
|
+
retryable: true,
|
|
416
|
+
next_action: "retry_after_delay",
|
|
402
417
|
category: "attribution"
|
|
403
418
|
},
|
|
404
419
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -406,7 +421,8 @@ var ERRORS = {
|
|
|
406
421
|
http_status: 502,
|
|
407
422
|
title: "Attribution Resolution Failed",
|
|
408
423
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
409
|
-
|
|
424
|
+
retryable: true,
|
|
425
|
+
next_action: "retry_after_delay",
|
|
410
426
|
category: "attribution"
|
|
411
427
|
},
|
|
412
428
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -414,7 +430,8 @@ var ERRORS = {
|
|
|
414
430
|
http_status: 504,
|
|
415
431
|
title: "Attribution Resolution Timeout",
|
|
416
432
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
417
|
-
|
|
433
|
+
retryable: true,
|
|
434
|
+
next_action: "retry_after_delay",
|
|
418
435
|
category: "attribution"
|
|
419
436
|
},
|
|
420
437
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -422,7 +439,8 @@ var ERRORS = {
|
|
|
422
439
|
http_status: 400,
|
|
423
440
|
title: "Attribution Size Exceeded",
|
|
424
441
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
425
|
-
|
|
442
|
+
retryable: false,
|
|
443
|
+
next_action: "retry_with_different_input",
|
|
426
444
|
category: "attribution"
|
|
427
445
|
},
|
|
428
446
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -430,7 +448,8 @@ var ERRORS = {
|
|
|
430
448
|
http_status: 400,
|
|
431
449
|
title: "Attribution Too Many Sources",
|
|
432
450
|
description: "Attribution has too many sources (maximum 100)",
|
|
433
|
-
|
|
451
|
+
retryable: false,
|
|
452
|
+
next_action: "retry_with_different_input",
|
|
434
453
|
category: "attribution"
|
|
435
454
|
},
|
|
436
455
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -438,7 +457,8 @@ var ERRORS = {
|
|
|
438
457
|
http_status: 400,
|
|
439
458
|
title: "Attribution Unknown Usage",
|
|
440
459
|
description: "Attribution usage type is not recognized",
|
|
441
|
-
|
|
460
|
+
retryable: false,
|
|
461
|
+
next_action: "retry_with_different_input",
|
|
442
462
|
category: "attribution"
|
|
443
463
|
},
|
|
444
464
|
// Bundle error codes
|
|
@@ -447,7 +467,8 @@ var ERRORS = {
|
|
|
447
467
|
http_status: 400,
|
|
448
468
|
title: "Bundle Duplicate Receipt",
|
|
449
469
|
description: "Bundle contains multiple receipts with the same ID",
|
|
450
|
-
|
|
470
|
+
retryable: false,
|
|
471
|
+
next_action: "retry_with_different_input",
|
|
451
472
|
category: "bundle"
|
|
452
473
|
},
|
|
453
474
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -455,7 +476,8 @@ var ERRORS = {
|
|
|
455
476
|
http_status: 400,
|
|
456
477
|
title: "Bundle Hash Mismatch",
|
|
457
478
|
description: "File hash does not match value declared in manifest.json",
|
|
458
|
-
|
|
479
|
+
retryable: false,
|
|
480
|
+
next_action: "retry_with_different_input",
|
|
459
481
|
category: "bundle"
|
|
460
482
|
},
|
|
461
483
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -463,7 +485,8 @@ var ERRORS = {
|
|
|
463
485
|
http_status: 400,
|
|
464
486
|
title: "Bundle Invalid Format",
|
|
465
487
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
466
|
-
|
|
488
|
+
retryable: false,
|
|
489
|
+
next_action: "retry_with_different_input",
|
|
467
490
|
category: "bundle"
|
|
468
491
|
},
|
|
469
492
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -471,7 +494,8 @@ var ERRORS = {
|
|
|
471
494
|
http_status: 400,
|
|
472
495
|
title: "Bundle Key Missing",
|
|
473
496
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
474
|
-
|
|
497
|
+
retryable: false,
|
|
498
|
+
next_action: "retry_with_different_input",
|
|
475
499
|
category: "bundle"
|
|
476
500
|
},
|
|
477
501
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -479,7 +503,8 @@ var ERRORS = {
|
|
|
479
503
|
http_status: 400,
|
|
480
504
|
title: "Bundle Manifest Invalid",
|
|
481
505
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
482
|
-
|
|
506
|
+
retryable: false,
|
|
507
|
+
next_action: "retry_with_different_input",
|
|
483
508
|
category: "bundle"
|
|
484
509
|
},
|
|
485
510
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -487,7 +512,8 @@ var ERRORS = {
|
|
|
487
512
|
http_status: 400,
|
|
488
513
|
title: "Bundle Manifest Missing",
|
|
489
514
|
description: "manifest.json not found at bundle archive root",
|
|
490
|
-
|
|
515
|
+
retryable: false,
|
|
516
|
+
next_action: "retry_with_different_input",
|
|
491
517
|
category: "bundle"
|
|
492
518
|
},
|
|
493
519
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -495,7 +521,8 @@ var ERRORS = {
|
|
|
495
521
|
http_status: 400,
|
|
496
522
|
title: "Bundle Missing Keys",
|
|
497
523
|
description: "No verification keys provided in bundle JWKS",
|
|
498
|
-
|
|
524
|
+
retryable: false,
|
|
525
|
+
next_action: "retry_with_different_input",
|
|
499
526
|
category: "bundle"
|
|
500
527
|
},
|
|
501
528
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -503,7 +530,8 @@ var ERRORS = {
|
|
|
503
530
|
http_status: 400,
|
|
504
531
|
title: "Bundle Missing Receipts",
|
|
505
532
|
description: "No receipts provided when creating bundle",
|
|
506
|
-
|
|
533
|
+
retryable: false,
|
|
534
|
+
next_action: "retry_with_different_input",
|
|
507
535
|
category: "bundle"
|
|
508
536
|
},
|
|
509
537
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -511,7 +539,8 @@ var ERRORS = {
|
|
|
511
539
|
http_status: 400,
|
|
512
540
|
title: "Bundle Path Traversal",
|
|
513
541
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
514
|
-
|
|
542
|
+
retryable: false,
|
|
543
|
+
next_action: "retry_with_different_input",
|
|
515
544
|
category: "bundle"
|
|
516
545
|
},
|
|
517
546
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -519,7 +548,8 @@ var ERRORS = {
|
|
|
519
548
|
http_status: 400,
|
|
520
549
|
title: "Bundle Policy Hash Mismatch",
|
|
521
550
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
522
|
-
|
|
551
|
+
retryable: false,
|
|
552
|
+
next_action: "retry_with_different_input",
|
|
523
553
|
category: "bundle"
|
|
524
554
|
},
|
|
525
555
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -527,7 +557,8 @@ var ERRORS = {
|
|
|
527
557
|
http_status: 400,
|
|
528
558
|
title: "Bundle Receipts Unordered",
|
|
529
559
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
530
|
-
|
|
560
|
+
retryable: false,
|
|
561
|
+
next_action: "retry_with_different_input",
|
|
531
562
|
category: "bundle"
|
|
532
563
|
},
|
|
533
564
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -535,7 +566,8 @@ var ERRORS = {
|
|
|
535
566
|
http_status: 400,
|
|
536
567
|
title: "Bundle Receipt Invalid",
|
|
537
568
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
538
|
-
|
|
569
|
+
retryable: false,
|
|
570
|
+
next_action: "retry_with_different_input",
|
|
539
571
|
category: "bundle"
|
|
540
572
|
},
|
|
541
573
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -543,7 +575,8 @@ var ERRORS = {
|
|
|
543
575
|
http_status: 400,
|
|
544
576
|
title: "Bundle Signature Invalid",
|
|
545
577
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
546
|
-
|
|
578
|
+
retryable: false,
|
|
579
|
+
next_action: "retry_with_different_input",
|
|
547
580
|
category: "bundle"
|
|
548
581
|
},
|
|
549
582
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -551,7 +584,8 @@ var ERRORS = {
|
|
|
551
584
|
http_status: 400,
|
|
552
585
|
title: "Bundle Size Exceeded",
|
|
553
586
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
554
|
-
|
|
587
|
+
retryable: false,
|
|
588
|
+
next_action: "retry_with_different_input",
|
|
555
589
|
category: "bundle"
|
|
556
590
|
},
|
|
557
591
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -559,7 +593,8 @@ var ERRORS = {
|
|
|
559
593
|
http_status: 400,
|
|
560
594
|
title: "Bundle Time Range Invalid",
|
|
561
595
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
562
|
-
|
|
596
|
+
retryable: false,
|
|
597
|
+
next_action: "retry_with_different_input",
|
|
563
598
|
category: "bundle"
|
|
564
599
|
},
|
|
565
600
|
// Control error codes
|
|
@@ -568,7 +603,8 @@ var ERRORS = {
|
|
|
568
603
|
http_status: 403,
|
|
569
604
|
title: "Control Decision Denied",
|
|
570
605
|
description: "Control engine denied authorization",
|
|
571
|
-
|
|
606
|
+
retryable: false,
|
|
607
|
+
next_action: "contact_issuer",
|
|
572
608
|
category: "control"
|
|
573
609
|
},
|
|
574
610
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -576,7 +612,8 @@ var ERRORS = {
|
|
|
576
612
|
http_status: 202,
|
|
577
613
|
title: "Review Required",
|
|
578
614
|
description: "Control engine requires manual review",
|
|
579
|
-
|
|
615
|
+
retryable: true,
|
|
616
|
+
next_action: "contact_issuer",
|
|
580
617
|
category: "control"
|
|
581
618
|
},
|
|
582
619
|
// Dispute error codes
|
|
@@ -585,7 +622,8 @@ var ERRORS = {
|
|
|
585
622
|
http_status: 409,
|
|
586
623
|
title: "Dispute Duplicate",
|
|
587
624
|
description: "A dispute with this ID already exists",
|
|
588
|
-
|
|
625
|
+
retryable: false,
|
|
626
|
+
next_action: "retry_with_different_input",
|
|
589
627
|
category: "dispute"
|
|
590
628
|
},
|
|
591
629
|
E_DISPUTE_EXPIRED: {
|
|
@@ -593,7 +631,8 @@ var ERRORS = {
|
|
|
593
631
|
http_status: 401,
|
|
594
632
|
title: "Dispute Expired",
|
|
595
633
|
description: "Dispute attestation has exceeded its expiration time",
|
|
596
|
-
|
|
634
|
+
retryable: false,
|
|
635
|
+
next_action: "retry_with_different_input",
|
|
597
636
|
category: "dispute"
|
|
598
637
|
},
|
|
599
638
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -601,7 +640,8 @@ var ERRORS = {
|
|
|
601
640
|
http_status: 400,
|
|
602
641
|
title: "Dispute Invalid Format",
|
|
603
642
|
description: "Dispute attestation does not conform to schema",
|
|
604
|
-
|
|
643
|
+
retryable: false,
|
|
644
|
+
next_action: "retry_with_different_input",
|
|
605
645
|
category: "dispute"
|
|
606
646
|
},
|
|
607
647
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -609,7 +649,8 @@ var ERRORS = {
|
|
|
609
649
|
http_status: 400,
|
|
610
650
|
title: "Dispute Invalid Grounds",
|
|
611
651
|
description: "Dispute grounds code is not recognized",
|
|
612
|
-
|
|
652
|
+
retryable: false,
|
|
653
|
+
next_action: "retry_with_different_input",
|
|
613
654
|
category: "dispute"
|
|
614
655
|
},
|
|
615
656
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -617,7 +658,8 @@ var ERRORS = {
|
|
|
617
658
|
http_status: 400,
|
|
618
659
|
title: "Dispute Invalid ID",
|
|
619
660
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
620
|
-
|
|
661
|
+
retryable: false,
|
|
662
|
+
next_action: "retry_with_different_input",
|
|
621
663
|
category: "dispute"
|
|
622
664
|
},
|
|
623
665
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -625,7 +667,8 @@ var ERRORS = {
|
|
|
625
667
|
http_status: 400,
|
|
626
668
|
title: "Dispute Invalid State",
|
|
627
669
|
description: "Dispute state is not recognized",
|
|
628
|
-
|
|
670
|
+
retryable: false,
|
|
671
|
+
next_action: "retry_with_different_input",
|
|
629
672
|
category: "dispute"
|
|
630
673
|
},
|
|
631
674
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -633,7 +676,8 @@ var ERRORS = {
|
|
|
633
676
|
http_status: 400,
|
|
634
677
|
title: "Dispute Invalid Target Type",
|
|
635
678
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
636
|
-
|
|
679
|
+
retryable: false,
|
|
680
|
+
next_action: "retry_with_different_input",
|
|
637
681
|
category: "dispute"
|
|
638
682
|
},
|
|
639
683
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -641,7 +685,8 @@ var ERRORS = {
|
|
|
641
685
|
http_status: 400,
|
|
642
686
|
title: "Dispute Invalid Transition",
|
|
643
687
|
description: "Invalid state transition for dispute lifecycle",
|
|
644
|
-
|
|
688
|
+
retryable: false,
|
|
689
|
+
next_action: "retry_with_different_input",
|
|
645
690
|
category: "dispute"
|
|
646
691
|
},
|
|
647
692
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -649,7 +694,8 @@ var ERRORS = {
|
|
|
649
694
|
http_status: 400,
|
|
650
695
|
title: "Dispute Invalid Type",
|
|
651
696
|
description: "Dispute type is not recognized",
|
|
652
|
-
|
|
697
|
+
retryable: false,
|
|
698
|
+
next_action: "retry_with_different_input",
|
|
653
699
|
category: "dispute"
|
|
654
700
|
},
|
|
655
701
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -657,7 +703,8 @@ var ERRORS = {
|
|
|
657
703
|
http_status: 400,
|
|
658
704
|
title: "Dispute Missing Resolution",
|
|
659
705
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
660
|
-
|
|
706
|
+
retryable: false,
|
|
707
|
+
next_action: "retry_with_different_input",
|
|
661
708
|
category: "dispute"
|
|
662
709
|
},
|
|
663
710
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -665,7 +712,8 @@ var ERRORS = {
|
|
|
665
712
|
http_status: 401,
|
|
666
713
|
title: "Dispute Not Yet Valid",
|
|
667
714
|
description: "Dispute attestation issued_at time is in the future",
|
|
668
|
-
|
|
715
|
+
retryable: true,
|
|
716
|
+
next_action: "retry_after_delay",
|
|
669
717
|
category: "dispute"
|
|
670
718
|
},
|
|
671
719
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -673,7 +721,8 @@ var ERRORS = {
|
|
|
673
721
|
http_status: 400,
|
|
674
722
|
title: "Dispute Other Requires Description",
|
|
675
723
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
676
|
-
|
|
724
|
+
retryable: false,
|
|
725
|
+
next_action: "retry_with_different_input",
|
|
677
726
|
category: "dispute"
|
|
678
727
|
},
|
|
679
728
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -681,7 +730,8 @@ var ERRORS = {
|
|
|
681
730
|
http_status: 400,
|
|
682
731
|
title: "Dispute Resolution Not Allowed",
|
|
683
732
|
description: "Resolution is only valid for terminal states",
|
|
684
|
-
|
|
733
|
+
retryable: false,
|
|
734
|
+
next_action: "retry_with_different_input",
|
|
685
735
|
category: "dispute"
|
|
686
736
|
},
|
|
687
737
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -689,7 +739,8 @@ var ERRORS = {
|
|
|
689
739
|
http_status: 404,
|
|
690
740
|
title: "Dispute Target Not Found",
|
|
691
741
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
692
|
-
|
|
742
|
+
retryable: true,
|
|
743
|
+
next_action: "retry_after_delay",
|
|
693
744
|
category: "dispute"
|
|
694
745
|
},
|
|
695
746
|
// Identity error codes
|
|
@@ -698,7 +749,8 @@ var ERRORS = {
|
|
|
698
749
|
http_status: 400,
|
|
699
750
|
title: "Identity Binding Future",
|
|
700
751
|
description: "Identity binding signed_at timestamp is in the future",
|
|
701
|
-
|
|
752
|
+
retryable: false,
|
|
753
|
+
next_action: "retry_with_different_input",
|
|
702
754
|
category: "identity"
|
|
703
755
|
},
|
|
704
756
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -706,7 +758,8 @@ var ERRORS = {
|
|
|
706
758
|
http_status: 400,
|
|
707
759
|
title: "Identity Binding Mismatch",
|
|
708
760
|
description: "Identity binding does not match the request being verified",
|
|
709
|
-
|
|
761
|
+
retryable: false,
|
|
762
|
+
next_action: "retry_with_different_input",
|
|
710
763
|
category: "identity"
|
|
711
764
|
},
|
|
712
765
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -714,7 +767,8 @@ var ERRORS = {
|
|
|
714
767
|
http_status: 401,
|
|
715
768
|
title: "Identity Binding Stale",
|
|
716
769
|
description: "Identity binding is too old and requires fresh binding",
|
|
717
|
-
|
|
770
|
+
retryable: true,
|
|
771
|
+
next_action: "retry_after_delay",
|
|
718
772
|
category: "identity"
|
|
719
773
|
},
|
|
720
774
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -722,7 +776,8 @@ var ERRORS = {
|
|
|
722
776
|
http_status: 503,
|
|
723
777
|
title: "Identity Directory Unavailable",
|
|
724
778
|
description: "Failed to fetch agent key directory",
|
|
725
|
-
|
|
779
|
+
retryable: true,
|
|
780
|
+
next_action: "retry_after_delay",
|
|
726
781
|
category: "identity"
|
|
727
782
|
},
|
|
728
783
|
E_IDENTITY_EXPIRED: {
|
|
@@ -730,7 +785,8 @@ var ERRORS = {
|
|
|
730
785
|
http_status: 401,
|
|
731
786
|
title: "Identity Expired",
|
|
732
787
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
733
|
-
|
|
788
|
+
retryable: false,
|
|
789
|
+
next_action: "refresh_attestation",
|
|
734
790
|
category: "identity"
|
|
735
791
|
},
|
|
736
792
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -738,7 +794,8 @@ var ERRORS = {
|
|
|
738
794
|
http_status: 400,
|
|
739
795
|
title: "Identity Invalid Format",
|
|
740
796
|
description: "Agent identity attestation does not conform to schema",
|
|
741
|
-
|
|
797
|
+
retryable: false,
|
|
798
|
+
next_action: "retry_with_different_input",
|
|
742
799
|
category: "identity"
|
|
743
800
|
},
|
|
744
801
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -746,7 +803,8 @@ var ERRORS = {
|
|
|
746
803
|
http_status: 401,
|
|
747
804
|
title: "Identity Key Expired",
|
|
748
805
|
description: "Agent signing key has expired per directory metadata",
|
|
749
|
-
|
|
806
|
+
retryable: false,
|
|
807
|
+
next_action: "refresh_attestation",
|
|
750
808
|
category: "identity"
|
|
751
809
|
},
|
|
752
810
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -754,7 +812,8 @@ var ERRORS = {
|
|
|
754
812
|
http_status: 401,
|
|
755
813
|
title: "Identity Key Revoked",
|
|
756
814
|
description: "Agent signing key has been explicitly revoked",
|
|
757
|
-
|
|
815
|
+
retryable: false,
|
|
816
|
+
next_action: "refresh_attestation",
|
|
758
817
|
category: "identity"
|
|
759
818
|
},
|
|
760
819
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -762,7 +821,8 @@ var ERRORS = {
|
|
|
762
821
|
http_status: 401,
|
|
763
822
|
title: "Identity Key Unknown",
|
|
764
823
|
description: "Key ID not found in agent key directory",
|
|
765
|
-
|
|
824
|
+
retryable: true,
|
|
825
|
+
next_action: "retry_after_delay",
|
|
766
826
|
category: "identity"
|
|
767
827
|
},
|
|
768
828
|
E_IDENTITY_MISSING: {
|
|
@@ -770,7 +830,8 @@ var ERRORS = {
|
|
|
770
830
|
http_status: 401,
|
|
771
831
|
title: "Identity Missing",
|
|
772
832
|
description: "No agent identity attestation provided in request",
|
|
773
|
-
|
|
833
|
+
retryable: false,
|
|
834
|
+
next_action: "retry_with_different_input",
|
|
774
835
|
category: "identity"
|
|
775
836
|
},
|
|
776
837
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -778,7 +839,8 @@ var ERRORS = {
|
|
|
778
839
|
http_status: 401,
|
|
779
840
|
title: "Identity Not Yet Valid",
|
|
780
841
|
description: "Agent identity attestation issued_at time is in the future",
|
|
781
|
-
|
|
842
|
+
retryable: true,
|
|
843
|
+
next_action: "retry_after_delay",
|
|
782
844
|
category: "identity"
|
|
783
845
|
},
|
|
784
846
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -786,7 +848,8 @@ var ERRORS = {
|
|
|
786
848
|
http_status: 400,
|
|
787
849
|
title: "Identity Proof Unsupported",
|
|
788
850
|
description: "Agent identity proof method is not supported",
|
|
789
|
-
|
|
851
|
+
retryable: false,
|
|
852
|
+
next_action: "retry_with_different_input",
|
|
790
853
|
category: "identity"
|
|
791
854
|
},
|
|
792
855
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -794,7 +857,8 @@ var ERRORS = {
|
|
|
794
857
|
http_status: 401,
|
|
795
858
|
title: "Identity Signature Invalid",
|
|
796
859
|
description: "Agent identity proof signature verification failed",
|
|
797
|
-
|
|
860
|
+
retryable: false,
|
|
861
|
+
next_action: "retry_with_different_input",
|
|
798
862
|
category: "identity"
|
|
799
863
|
},
|
|
800
864
|
// Infrastructure error codes
|
|
@@ -803,7 +867,8 @@ var ERRORS = {
|
|
|
803
867
|
http_status: 503,
|
|
804
868
|
title: "Circuit Breaker Open",
|
|
805
869
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
806
|
-
|
|
870
|
+
retryable: true,
|
|
871
|
+
next_action: "retry_after_delay",
|
|
807
872
|
category: "infrastructure"
|
|
808
873
|
},
|
|
809
874
|
E_INTERNAL: {
|
|
@@ -811,7 +876,8 @@ var ERRORS = {
|
|
|
811
876
|
http_status: 500,
|
|
812
877
|
title: "Internal Error",
|
|
813
878
|
description: "An unexpected internal error occurred during verification",
|
|
814
|
-
|
|
879
|
+
retryable: true,
|
|
880
|
+
next_action: "retry_after_delay",
|
|
815
881
|
category: "infrastructure"
|
|
816
882
|
},
|
|
817
883
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -819,7 +885,8 @@ var ERRORS = {
|
|
|
819
885
|
http_status: 503,
|
|
820
886
|
title: "JWKS Fetch Failed",
|
|
821
887
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
822
|
-
|
|
888
|
+
retryable: true,
|
|
889
|
+
next_action: "retry_after_delay",
|
|
823
890
|
category: "infrastructure"
|
|
824
891
|
},
|
|
825
892
|
E_RATE_LIMITED: {
|
|
@@ -827,7 +894,8 @@ var ERRORS = {
|
|
|
827
894
|
http_status: 429,
|
|
828
895
|
title: "Rate Limited",
|
|
829
896
|
description: "Too many requests, please retry later",
|
|
830
|
-
|
|
897
|
+
retryable: true,
|
|
898
|
+
next_action: "retry_after_delay",
|
|
831
899
|
category: "infrastructure"
|
|
832
900
|
},
|
|
833
901
|
// Interaction error codes
|
|
@@ -836,7 +904,8 @@ var ERRORS = {
|
|
|
836
904
|
http_status: 400,
|
|
837
905
|
title: "Interaction Invalid Digest",
|
|
838
906
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
839
|
-
|
|
907
|
+
retryable: false,
|
|
908
|
+
next_action: "retry_with_different_input",
|
|
840
909
|
category: "interaction"
|
|
841
910
|
},
|
|
842
911
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -844,7 +913,8 @@ var ERRORS = {
|
|
|
844
913
|
http_status: 400,
|
|
845
914
|
title: "Interaction Invalid Digest Algorithm",
|
|
846
915
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
847
|
-
|
|
916
|
+
retryable: false,
|
|
917
|
+
next_action: "retry_with_different_input",
|
|
848
918
|
category: "interaction"
|
|
849
919
|
},
|
|
850
920
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -852,7 +922,8 @@ var ERRORS = {
|
|
|
852
922
|
http_status: 400,
|
|
853
923
|
title: "Interaction Invalid Extension Key",
|
|
854
924
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
855
|
-
|
|
925
|
+
retryable: false,
|
|
926
|
+
next_action: "retry_with_different_input",
|
|
856
927
|
category: "interaction"
|
|
857
928
|
},
|
|
858
929
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -860,7 +931,8 @@ var ERRORS = {
|
|
|
860
931
|
http_status: 400,
|
|
861
932
|
title: "Interaction Invalid Format",
|
|
862
933
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
863
|
-
|
|
934
|
+
retryable: false,
|
|
935
|
+
next_action: "retry_with_different_input",
|
|
864
936
|
category: "interaction"
|
|
865
937
|
},
|
|
866
938
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -868,7 +940,8 @@ var ERRORS = {
|
|
|
868
940
|
http_status: 400,
|
|
869
941
|
title: "Interaction Invalid Kind Format",
|
|
870
942
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
871
|
-
|
|
943
|
+
retryable: false,
|
|
944
|
+
next_action: "retry_with_different_input",
|
|
872
945
|
category: "interaction"
|
|
873
946
|
},
|
|
874
947
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -876,7 +949,8 @@ var ERRORS = {
|
|
|
876
949
|
http_status: 400,
|
|
877
950
|
title: "Interaction Invalid Timing",
|
|
878
951
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
879
|
-
|
|
952
|
+
retryable: false,
|
|
953
|
+
next_action: "retry_with_different_input",
|
|
880
954
|
category: "interaction"
|
|
881
955
|
},
|
|
882
956
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -884,7 +958,8 @@ var ERRORS = {
|
|
|
884
958
|
http_status: 400,
|
|
885
959
|
title: "Interaction Kind Reserved",
|
|
886
960
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
887
|
-
|
|
961
|
+
retryable: false,
|
|
962
|
+
next_action: "retry_with_different_input",
|
|
888
963
|
category: "interaction"
|
|
889
964
|
},
|
|
890
965
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -892,7 +967,8 @@ var ERRORS = {
|
|
|
892
967
|
http_status: 400,
|
|
893
968
|
title: "Interaction Missing Error Detail",
|
|
894
969
|
description: "error_code or extensions required when result.status is error",
|
|
895
|
-
|
|
970
|
+
retryable: false,
|
|
971
|
+
next_action: "retry_with_different_input",
|
|
896
972
|
category: "interaction"
|
|
897
973
|
},
|
|
898
974
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -900,7 +976,8 @@ var ERRORS = {
|
|
|
900
976
|
http_status: 400,
|
|
901
977
|
title: "Interaction Missing Executor",
|
|
902
978
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
903
|
-
|
|
979
|
+
retryable: false,
|
|
980
|
+
next_action: "retry_with_different_input",
|
|
904
981
|
category: "interaction"
|
|
905
982
|
},
|
|
906
983
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -908,7 +985,8 @@ var ERRORS = {
|
|
|
908
985
|
http_status: 400,
|
|
909
986
|
title: "Interaction Missing ID",
|
|
910
987
|
description: "Interaction evidence is missing required interaction_id field",
|
|
911
|
-
|
|
988
|
+
retryable: false,
|
|
989
|
+
next_action: "retry_with_different_input",
|
|
912
990
|
category: "interaction"
|
|
913
991
|
},
|
|
914
992
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -916,7 +994,8 @@ var ERRORS = {
|
|
|
916
994
|
http_status: 400,
|
|
917
995
|
title: "Interaction Missing Kind",
|
|
918
996
|
description: "Interaction evidence is missing required kind field",
|
|
919
|
-
|
|
997
|
+
retryable: false,
|
|
998
|
+
next_action: "retry_with_different_input",
|
|
920
999
|
category: "interaction"
|
|
921
1000
|
},
|
|
922
1001
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -924,7 +1003,8 @@ var ERRORS = {
|
|
|
924
1003
|
http_status: 400,
|
|
925
1004
|
title: "Interaction Missing Result",
|
|
926
1005
|
description: "result.status is required when output is present",
|
|
927
|
-
|
|
1006
|
+
retryable: false,
|
|
1007
|
+
next_action: "retry_with_different_input",
|
|
928
1008
|
category: "interaction"
|
|
929
1009
|
},
|
|
930
1010
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -932,7 +1012,8 @@ var ERRORS = {
|
|
|
932
1012
|
http_status: 400,
|
|
933
1013
|
title: "Interaction Missing Started At",
|
|
934
1014
|
description: "Interaction evidence is missing required started_at field",
|
|
935
|
-
|
|
1015
|
+
retryable: false,
|
|
1016
|
+
next_action: "retry_with_different_input",
|
|
936
1017
|
category: "interaction"
|
|
937
1018
|
},
|
|
938
1019
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -940,7 +1021,8 @@ var ERRORS = {
|
|
|
940
1021
|
http_status: 400,
|
|
941
1022
|
title: "Interaction Missing Target",
|
|
942
1023
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
943
|
-
|
|
1024
|
+
retryable: false,
|
|
1025
|
+
next_action: "retry_with_different_input",
|
|
944
1026
|
category: "interaction"
|
|
945
1027
|
},
|
|
946
1028
|
// Ucp error codes
|
|
@@ -949,7 +1031,8 @@ var ERRORS = {
|
|
|
949
1031
|
http_status: 500,
|
|
950
1032
|
title: "UCP Evidence Serialization Failed",
|
|
951
1033
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
952
|
-
|
|
1034
|
+
retryable: false,
|
|
1035
|
+
next_action: "retry_with_different_input",
|
|
953
1036
|
category: "ucp"
|
|
954
1037
|
},
|
|
955
1038
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -957,7 +1040,8 @@ var ERRORS = {
|
|
|
957
1040
|
http_status: 401,
|
|
958
1041
|
title: "UCP Key Algorithm Mismatch",
|
|
959
1042
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
960
|
-
|
|
1043
|
+
retryable: false,
|
|
1044
|
+
next_action: "retry_with_different_input",
|
|
961
1045
|
category: "ucp"
|
|
962
1046
|
},
|
|
963
1047
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -965,7 +1049,8 @@ var ERRORS = {
|
|
|
965
1049
|
http_status: 401,
|
|
966
1050
|
title: "UCP Key Curve Mismatch",
|
|
967
1051
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
968
|
-
|
|
1052
|
+
retryable: false,
|
|
1053
|
+
next_action: "retry_with_different_input",
|
|
969
1054
|
category: "ucp"
|
|
970
1055
|
},
|
|
971
1056
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -973,7 +1058,8 @@ var ERRORS = {
|
|
|
973
1058
|
http_status: 401,
|
|
974
1059
|
title: "UCP Key Not Found",
|
|
975
1060
|
description: "Key ID from signature not found in business UCP profile",
|
|
976
|
-
|
|
1061
|
+
retryable: true,
|
|
1062
|
+
next_action: "retry_after_delay",
|
|
977
1063
|
category: "ucp"
|
|
978
1064
|
},
|
|
979
1065
|
E_UCP_ORDER_INVALID: {
|
|
@@ -981,7 +1067,8 @@ var ERRORS = {
|
|
|
981
1067
|
http_status: 400,
|
|
982
1068
|
title: "UCP Order Invalid",
|
|
983
1069
|
description: "UCP order object does not conform to expected schema",
|
|
984
|
-
|
|
1070
|
+
retryable: false,
|
|
1071
|
+
next_action: "retry_with_different_input",
|
|
985
1072
|
category: "ucp"
|
|
986
1073
|
},
|
|
987
1074
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -989,7 +1076,8 @@ var ERRORS = {
|
|
|
989
1076
|
http_status: 400,
|
|
990
1077
|
title: "UCP Order Missing ID",
|
|
991
1078
|
description: "UCP order is missing required id field",
|
|
992
|
-
|
|
1079
|
+
retryable: false,
|
|
1080
|
+
next_action: "retry_with_different_input",
|
|
993
1081
|
category: "ucp"
|
|
994
1082
|
},
|
|
995
1083
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -997,7 +1085,8 @@ var ERRORS = {
|
|
|
997
1085
|
http_status: 400,
|
|
998
1086
|
title: "UCP Order Missing Line Items",
|
|
999
1087
|
description: "UCP order is missing required line_items array",
|
|
1000
|
-
|
|
1088
|
+
retryable: false,
|
|
1089
|
+
next_action: "retry_with_different_input",
|
|
1001
1090
|
category: "ucp"
|
|
1002
1091
|
},
|
|
1003
1092
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -1005,7 +1094,8 @@ var ERRORS = {
|
|
|
1005
1094
|
http_status: 400,
|
|
1006
1095
|
title: "UCP Order Missing Totals",
|
|
1007
1096
|
description: "UCP order is missing required totals array or total entry",
|
|
1008
|
-
|
|
1097
|
+
retryable: false,
|
|
1098
|
+
next_action: "retry_with_different_input",
|
|
1009
1099
|
category: "ucp"
|
|
1010
1100
|
},
|
|
1011
1101
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -1013,7 +1103,8 @@ var ERRORS = {
|
|
|
1013
1103
|
http_status: 400,
|
|
1014
1104
|
title: "UCP Payload Empty",
|
|
1015
1105
|
description: "Webhook request body is empty",
|
|
1016
|
-
|
|
1106
|
+
retryable: false,
|
|
1107
|
+
next_action: "retry_with_different_input",
|
|
1017
1108
|
category: "ucp"
|
|
1018
1109
|
},
|
|
1019
1110
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -1021,7 +1112,8 @@ var ERRORS = {
|
|
|
1021
1112
|
http_status: 400,
|
|
1022
1113
|
title: "UCP Payload Not JSON",
|
|
1023
1114
|
description: "Webhook request body is not valid JSON",
|
|
1024
|
-
|
|
1115
|
+
retryable: false,
|
|
1116
|
+
next_action: "retry_with_different_input",
|
|
1025
1117
|
category: "ucp"
|
|
1026
1118
|
},
|
|
1027
1119
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -1029,7 +1121,8 @@ var ERRORS = {
|
|
|
1029
1121
|
http_status: 400,
|
|
1030
1122
|
title: "UCP Payload Too Large",
|
|
1031
1123
|
description: "Webhook request body exceeds maximum allowed size",
|
|
1032
|
-
|
|
1124
|
+
retryable: false,
|
|
1125
|
+
next_action: "retry_with_different_input",
|
|
1033
1126
|
category: "ucp"
|
|
1034
1127
|
},
|
|
1035
1128
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -1037,7 +1130,8 @@ var ERRORS = {
|
|
|
1037
1130
|
http_status: 502,
|
|
1038
1131
|
title: "UCP Profile Fetch Failed",
|
|
1039
1132
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
1040
|
-
|
|
1133
|
+
retryable: true,
|
|
1134
|
+
next_action: "retry_after_delay",
|
|
1041
1135
|
category: "ucp"
|
|
1042
1136
|
},
|
|
1043
1137
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -1045,7 +1139,8 @@ var ERRORS = {
|
|
|
1045
1139
|
http_status: 502,
|
|
1046
1140
|
title: "UCP Profile Invalid",
|
|
1047
1141
|
description: "Business UCP profile does not conform to expected schema",
|
|
1048
|
-
|
|
1142
|
+
retryable: false,
|
|
1143
|
+
next_action: "retry_with_different_input",
|
|
1049
1144
|
category: "ucp"
|
|
1050
1145
|
},
|
|
1051
1146
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -1053,7 +1148,8 @@ var ERRORS = {
|
|
|
1053
1148
|
http_status: 502,
|
|
1054
1149
|
title: "UCP Profile No Signing Keys",
|
|
1055
1150
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
1056
|
-
|
|
1151
|
+
retryable: false,
|
|
1152
|
+
next_action: "retry_with_different_input",
|
|
1057
1153
|
category: "ucp"
|
|
1058
1154
|
},
|
|
1059
1155
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -1061,7 +1157,8 @@ var ERRORS = {
|
|
|
1061
1157
|
http_status: 400,
|
|
1062
1158
|
title: "UCP Signature Algorithm Unsupported",
|
|
1063
1159
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
1064
|
-
|
|
1160
|
+
retryable: false,
|
|
1161
|
+
next_action: "retry_with_different_input",
|
|
1065
1162
|
category: "ucp"
|
|
1066
1163
|
},
|
|
1067
1164
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -1069,7 +1166,8 @@ var ERRORS = {
|
|
|
1069
1166
|
http_status: 400,
|
|
1070
1167
|
title: "UCP Signature b64 Invalid",
|
|
1071
1168
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
1072
|
-
|
|
1169
|
+
retryable: false,
|
|
1170
|
+
next_action: "retry_with_different_input",
|
|
1073
1171
|
category: "ucp"
|
|
1074
1172
|
},
|
|
1075
1173
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -1077,7 +1175,8 @@ var ERRORS = {
|
|
|
1077
1175
|
http_status: 401,
|
|
1078
1176
|
title: "UCP Signature Invalid",
|
|
1079
1177
|
description: "Webhook signature verification failed against payload",
|
|
1080
|
-
|
|
1178
|
+
retryable: false,
|
|
1179
|
+
next_action: "retry_with_different_input",
|
|
1081
1180
|
category: "ucp"
|
|
1082
1181
|
},
|
|
1083
1182
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -1085,7 +1184,8 @@ var ERRORS = {
|
|
|
1085
1184
|
http_status: 400,
|
|
1086
1185
|
title: "UCP Signature Malformed",
|
|
1087
1186
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
1088
|
-
|
|
1187
|
+
retryable: false,
|
|
1188
|
+
next_action: "retry_with_different_input",
|
|
1089
1189
|
category: "ucp"
|
|
1090
1190
|
},
|
|
1091
1191
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -1093,7 +1193,8 @@ var ERRORS = {
|
|
|
1093
1193
|
http_status: 400,
|
|
1094
1194
|
title: "UCP Signature Missing",
|
|
1095
1195
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
1096
|
-
|
|
1196
|
+
retryable: false,
|
|
1197
|
+
next_action: "retry_with_different_input",
|
|
1097
1198
|
category: "ucp"
|
|
1098
1199
|
},
|
|
1099
1200
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -1101,7 +1202,8 @@ var ERRORS = {
|
|
|
1101
1202
|
http_status: 401,
|
|
1102
1203
|
title: "UCP Verification Failed",
|
|
1103
1204
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
1104
|
-
|
|
1205
|
+
retryable: false,
|
|
1206
|
+
next_action: "retry_with_different_input",
|
|
1105
1207
|
category: "ucp"
|
|
1106
1208
|
},
|
|
1107
1209
|
// Validation error codes
|
|
@@ -1110,7 +1212,8 @@ var ERRORS = {
|
|
|
1110
1212
|
http_status: 400,
|
|
1111
1213
|
title: "Kernel Constraint Violation",
|
|
1112
1214
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
1113
|
-
|
|
1215
|
+
retryable: false,
|
|
1216
|
+
next_action: "retry_with_different_input",
|
|
1114
1217
|
category: "validation"
|
|
1115
1218
|
},
|
|
1116
1219
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -1118,7 +1221,8 @@ var ERRORS = {
|
|
|
1118
1221
|
http_status: 400,
|
|
1119
1222
|
title: "Evidence Not JSON-Safe",
|
|
1120
1223
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
1121
|
-
|
|
1224
|
+
retryable: false,
|
|
1225
|
+
next_action: "retry_with_different_input",
|
|
1122
1226
|
category: "validation"
|
|
1123
1227
|
},
|
|
1124
1228
|
E_EXPIRED: {
|
|
@@ -1126,7 +1230,8 @@ var ERRORS = {
|
|
|
1126
1230
|
http_status: 400,
|
|
1127
1231
|
title: "Receipt Expired",
|
|
1128
1232
|
description: "Receipt has exceeded its expiration time",
|
|
1129
|
-
|
|
1233
|
+
retryable: false,
|
|
1234
|
+
next_action: "retry_with_different_input",
|
|
1130
1235
|
category: "validation"
|
|
1131
1236
|
},
|
|
1132
1237
|
E_INVALID_AMOUNT: {
|
|
@@ -1134,7 +1239,8 @@ var ERRORS = {
|
|
|
1134
1239
|
http_status: 400,
|
|
1135
1240
|
title: "Invalid Amount",
|
|
1136
1241
|
description: "Payment amount is invalid or out of allowed range",
|
|
1137
|
-
|
|
1242
|
+
retryable: false,
|
|
1243
|
+
next_action: "retry_with_different_input",
|
|
1138
1244
|
category: "validation"
|
|
1139
1245
|
},
|
|
1140
1246
|
E_INVALID_AUDIENCE: {
|
|
@@ -1142,7 +1248,8 @@ var ERRORS = {
|
|
|
1142
1248
|
http_status: 400,
|
|
1143
1249
|
title: "Invalid Audience",
|
|
1144
1250
|
description: "Receipt audience claim does not match expected value",
|
|
1145
|
-
|
|
1251
|
+
retryable: false,
|
|
1252
|
+
next_action: "retry_with_different_input",
|
|
1146
1253
|
category: "validation"
|
|
1147
1254
|
},
|
|
1148
1255
|
E_INVALID_CURRENCY: {
|
|
@@ -1150,7 +1257,8 @@ var ERRORS = {
|
|
|
1150
1257
|
http_status: 400,
|
|
1151
1258
|
title: "Invalid Currency",
|
|
1152
1259
|
description: "Currency code is not a valid ISO 4217 code",
|
|
1153
|
-
|
|
1260
|
+
retryable: false,
|
|
1261
|
+
next_action: "retry_with_different_input",
|
|
1154
1262
|
category: "validation"
|
|
1155
1263
|
},
|
|
1156
1264
|
E_INVALID_FORMAT: {
|
|
@@ -1158,7 +1266,8 @@ var ERRORS = {
|
|
|
1158
1266
|
http_status: 400,
|
|
1159
1267
|
title: "Invalid Format",
|
|
1160
1268
|
description: "Receipt does not conform to JWS format",
|
|
1161
|
-
|
|
1269
|
+
retryable: false,
|
|
1270
|
+
next_action: "retry_with_different_input",
|
|
1162
1271
|
category: "validation"
|
|
1163
1272
|
},
|
|
1164
1273
|
E_INVALID_ISSUER: {
|
|
@@ -1166,7 +1275,8 @@ var ERRORS = {
|
|
|
1166
1275
|
http_status: 400,
|
|
1167
1276
|
title: "Invalid Issuer",
|
|
1168
1277
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1169
|
-
|
|
1278
|
+
retryable: false,
|
|
1279
|
+
next_action: "retry_with_different_input",
|
|
1170
1280
|
category: "validation"
|
|
1171
1281
|
},
|
|
1172
1282
|
E_INVALID_RAIL: {
|
|
@@ -1174,7 +1284,8 @@ var ERRORS = {
|
|
|
1174
1284
|
http_status: 400,
|
|
1175
1285
|
title: "Invalid Payment Rail",
|
|
1176
1286
|
description: "Payment rail identifier is not recognized",
|
|
1177
|
-
|
|
1287
|
+
retryable: false,
|
|
1288
|
+
next_action: "retry_with_different_input",
|
|
1178
1289
|
category: "validation"
|
|
1179
1290
|
},
|
|
1180
1291
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1182,7 +1293,8 @@ var ERRORS = {
|
|
|
1182
1293
|
http_status: 400,
|
|
1183
1294
|
title: "Invalid Receipt ID",
|
|
1184
1295
|
description: "Receipt ID (rid) does not match expected value",
|
|
1185
|
-
|
|
1296
|
+
retryable: false,
|
|
1297
|
+
next_action: "retry_with_different_input",
|
|
1186
1298
|
category: "validation"
|
|
1187
1299
|
},
|
|
1188
1300
|
E_INVALID_SUBJECT: {
|
|
@@ -1190,7 +1302,8 @@ var ERRORS = {
|
|
|
1190
1302
|
http_status: 400,
|
|
1191
1303
|
title: "Invalid Subject",
|
|
1192
1304
|
description: "Receipt subject claim does not match expected value",
|
|
1193
|
-
|
|
1305
|
+
retryable: false,
|
|
1306
|
+
next_action: "retry_with_different_input",
|
|
1194
1307
|
category: "validation"
|
|
1195
1308
|
},
|
|
1196
1309
|
E_MISSING_EXP: {
|
|
@@ -1198,7 +1311,8 @@ var ERRORS = {
|
|
|
1198
1311
|
http_status: 400,
|
|
1199
1312
|
title: "Missing Expiration",
|
|
1200
1313
|
description: "Receipt is missing required exp claim",
|
|
1201
|
-
|
|
1314
|
+
retryable: false,
|
|
1315
|
+
next_action: "retry_with_different_input",
|
|
1202
1316
|
category: "validation"
|
|
1203
1317
|
},
|
|
1204
1318
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1206,7 +1320,8 @@ var ERRORS = {
|
|
|
1206
1320
|
http_status: 400,
|
|
1207
1321
|
title: "Missing Required Claim",
|
|
1208
1322
|
description: "Receipt is missing a required JWT claim",
|
|
1209
|
-
|
|
1323
|
+
retryable: false,
|
|
1324
|
+
next_action: "retry_with_different_input",
|
|
1210
1325
|
category: "validation"
|
|
1211
1326
|
},
|
|
1212
1327
|
E_NOT_YET_VALID: {
|
|
@@ -1214,7 +1329,8 @@ var ERRORS = {
|
|
|
1214
1329
|
http_status: 400,
|
|
1215
1330
|
title: "Not Yet Valid",
|
|
1216
1331
|
description: "Receipt nbf (not before) time is in the future",
|
|
1217
|
-
|
|
1332
|
+
retryable: true,
|
|
1333
|
+
next_action: "retry_after_delay",
|
|
1218
1334
|
category: "validation"
|
|
1219
1335
|
},
|
|
1220
1336
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1222,7 +1338,8 @@ var ERRORS = {
|
|
|
1222
1338
|
http_status: 400,
|
|
1223
1339
|
title: "Attestation Receipt Invalid",
|
|
1224
1340
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1225
|
-
|
|
1341
|
+
retryable: false,
|
|
1342
|
+
next_action: "retry_with_different_input",
|
|
1226
1343
|
category: "validation"
|
|
1227
1344
|
},
|
|
1228
1345
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1230,7 +1347,8 @@ var ERRORS = {
|
|
|
1230
1347
|
http_status: 400,
|
|
1231
1348
|
title: "Commerce Receipt Invalid",
|
|
1232
1349
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1233
|
-
|
|
1350
|
+
retryable: false,
|
|
1351
|
+
next_action: "retry_with_different_input",
|
|
1234
1352
|
category: "validation"
|
|
1235
1353
|
},
|
|
1236
1354
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1238,7 +1356,8 @@ var ERRORS = {
|
|
|
1238
1356
|
http_status: 400,
|
|
1239
1357
|
title: "Parse Invalid Input",
|
|
1240
1358
|
description: "Input to receipt parser is not a non-null object",
|
|
1241
|
-
|
|
1359
|
+
retryable: false,
|
|
1360
|
+
next_action: "retry_with_different_input",
|
|
1242
1361
|
category: "validation"
|
|
1243
1362
|
},
|
|
1244
1363
|
// Verification error codes
|
|
@@ -1247,7 +1366,8 @@ var ERRORS = {
|
|
|
1247
1366
|
http_status: 400,
|
|
1248
1367
|
title: "Invalid Signature",
|
|
1249
1368
|
description: "Receipt signature verification failed",
|
|
1250
|
-
|
|
1369
|
+
retryable: false,
|
|
1370
|
+
next_action: "abort",
|
|
1251
1371
|
category: "verification"
|
|
1252
1372
|
},
|
|
1253
1373
|
E_KEY_NOT_FOUND: {
|
|
@@ -1255,7 +1375,8 @@ var ERRORS = {
|
|
|
1255
1375
|
http_status: 400,
|
|
1256
1376
|
title: "Key Not Found",
|
|
1257
1377
|
description: "Public key with specified kid not found in JWKS",
|
|
1258
|
-
|
|
1378
|
+
retryable: false,
|
|
1379
|
+
next_action: "retry_with_different_key",
|
|
1259
1380
|
category: "verification"
|
|
1260
1381
|
},
|
|
1261
1382
|
// Verifier error codes
|
|
@@ -1264,7 +1385,17 @@ var ERRORS = {
|
|
|
1264
1385
|
http_status: 400,
|
|
1265
1386
|
title: "Extension Too Large",
|
|
1266
1387
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1267
|
-
|
|
1388
|
+
retryable: false,
|
|
1389
|
+
next_action: "abort",
|
|
1390
|
+
category: "verifier"
|
|
1391
|
+
},
|
|
1392
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
1393
|
+
code: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
1394
|
+
http_status: 403,
|
|
1395
|
+
title: "Insecure Scheme Blocked",
|
|
1396
|
+
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1397
|
+
retryable: false,
|
|
1398
|
+
next_action: "abort",
|
|
1268
1399
|
category: "verifier"
|
|
1269
1400
|
},
|
|
1270
1401
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1272,7 +1403,35 @@ var ERRORS = {
|
|
|
1272
1403
|
http_status: 400,
|
|
1273
1404
|
title: "Invalid Transport",
|
|
1274
1405
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1275
|
-
|
|
1406
|
+
retryable: false,
|
|
1407
|
+
next_action: "abort",
|
|
1408
|
+
category: "verifier"
|
|
1409
|
+
},
|
|
1410
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
1411
|
+
code: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
1412
|
+
http_status: 502,
|
|
1413
|
+
title: "Issuer Config Invalid",
|
|
1414
|
+
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1415
|
+
retryable: false,
|
|
1416
|
+
next_action: "abort",
|
|
1417
|
+
category: "verifier"
|
|
1418
|
+
},
|
|
1419
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
1420
|
+
code: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
1421
|
+
http_status: 502,
|
|
1422
|
+
title: "Issuer Config Missing",
|
|
1423
|
+
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1424
|
+
retryable: true,
|
|
1425
|
+
next_action: "retry_after_delay",
|
|
1426
|
+
category: "verifier"
|
|
1427
|
+
},
|
|
1428
|
+
E_VERIFY_ISSUER_MISMATCH: {
|
|
1429
|
+
code: "E_VERIFY_ISSUER_MISMATCH",
|
|
1430
|
+
http_status: 403,
|
|
1431
|
+
title: "Issuer Mismatch",
|
|
1432
|
+
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1433
|
+
retryable: false,
|
|
1434
|
+
next_action: "abort",
|
|
1276
1435
|
category: "verifier"
|
|
1277
1436
|
},
|
|
1278
1437
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1280,7 +1439,17 @@ var ERRORS = {
|
|
|
1280
1439
|
http_status: 403,
|
|
1281
1440
|
title: "Issuer Not Allowed",
|
|
1282
1441
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1283
|
-
|
|
1442
|
+
retryable: false,
|
|
1443
|
+
next_action: "abort",
|
|
1444
|
+
category: "verifier"
|
|
1445
|
+
},
|
|
1446
|
+
E_VERIFY_JWKS_INVALID: {
|
|
1447
|
+
code: "E_VERIFY_JWKS_INVALID",
|
|
1448
|
+
http_status: 502,
|
|
1449
|
+
title: "JWKS Invalid",
|
|
1450
|
+
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1451
|
+
retryable: false,
|
|
1452
|
+
next_action: "abort",
|
|
1284
1453
|
category: "verifier"
|
|
1285
1454
|
},
|
|
1286
1455
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1288,7 +1457,8 @@ var ERRORS = {
|
|
|
1288
1457
|
http_status: 400,
|
|
1289
1458
|
title: "JWKS Too Large",
|
|
1290
1459
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1291
|
-
|
|
1460
|
+
retryable: false,
|
|
1461
|
+
next_action: "abort",
|
|
1292
1462
|
category: "verifier"
|
|
1293
1463
|
},
|
|
1294
1464
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1296,7 +1466,17 @@ var ERRORS = {
|
|
|
1296
1466
|
http_status: 400,
|
|
1297
1467
|
title: "JWKS Too Many Keys",
|
|
1298
1468
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1299
|
-
|
|
1469
|
+
retryable: false,
|
|
1470
|
+
next_action: "abort",
|
|
1471
|
+
category: "verifier"
|
|
1472
|
+
},
|
|
1473
|
+
E_VERIFY_JWKS_URI_INVALID: {
|
|
1474
|
+
code: "E_VERIFY_JWKS_URI_INVALID",
|
|
1475
|
+
http_status: 502,
|
|
1476
|
+
title: "JWKS URI Invalid",
|
|
1477
|
+
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1478
|
+
retryable: false,
|
|
1479
|
+
next_action: "abort",
|
|
1300
1480
|
category: "verifier"
|
|
1301
1481
|
},
|
|
1302
1482
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1304,7 +1484,8 @@ var ERRORS = {
|
|
|
1304
1484
|
http_status: 403,
|
|
1305
1485
|
title: "Key Fetch Blocked",
|
|
1306
1486
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1307
|
-
|
|
1487
|
+
retryable: false,
|
|
1488
|
+
next_action: "abort",
|
|
1308
1489
|
category: "verifier"
|
|
1309
1490
|
},
|
|
1310
1491
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1312,7 +1493,8 @@ var ERRORS = {
|
|
|
1312
1493
|
http_status: 502,
|
|
1313
1494
|
title: "Key Fetch Failed",
|
|
1314
1495
|
description: "Network error while fetching JWKS from issuer",
|
|
1315
|
-
|
|
1496
|
+
retryable: true,
|
|
1497
|
+
next_action: "retry_after_delay",
|
|
1316
1498
|
category: "verifier"
|
|
1317
1499
|
},
|
|
1318
1500
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1320,7 +1502,8 @@ var ERRORS = {
|
|
|
1320
1502
|
http_status: 504,
|
|
1321
1503
|
title: "Key Fetch Timeout",
|
|
1322
1504
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1323
|
-
|
|
1505
|
+
retryable: true,
|
|
1506
|
+
next_action: "retry_after_delay",
|
|
1324
1507
|
category: "verifier"
|
|
1325
1508
|
},
|
|
1326
1509
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1328,7 +1511,8 @@ var ERRORS = {
|
|
|
1328
1511
|
http_status: 400,
|
|
1329
1512
|
title: "Malformed Receipt",
|
|
1330
1513
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1331
|
-
|
|
1514
|
+
retryable: false,
|
|
1515
|
+
next_action: "abort",
|
|
1332
1516
|
category: "verifier"
|
|
1333
1517
|
},
|
|
1334
1518
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1336,7 +1520,8 @@ var ERRORS = {
|
|
|
1336
1520
|
http_status: 400,
|
|
1337
1521
|
title: "Pointer Digest Mismatch",
|
|
1338
1522
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1339
|
-
|
|
1523
|
+
retryable: false,
|
|
1524
|
+
next_action: "abort",
|
|
1340
1525
|
category: "verifier"
|
|
1341
1526
|
},
|
|
1342
1527
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1344,7 +1529,8 @@ var ERRORS = {
|
|
|
1344
1529
|
http_status: 403,
|
|
1345
1530
|
title: "Pointer Fetch Blocked",
|
|
1346
1531
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1347
|
-
|
|
1532
|
+
retryable: false,
|
|
1533
|
+
next_action: "abort",
|
|
1348
1534
|
category: "verifier"
|
|
1349
1535
|
},
|
|
1350
1536
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1352,7 +1538,8 @@ var ERRORS = {
|
|
|
1352
1538
|
http_status: 502,
|
|
1353
1539
|
title: "Pointer Fetch Failed",
|
|
1354
1540
|
description: "Network error while fetching receipt from pointer URL",
|
|
1355
|
-
|
|
1541
|
+
retryable: true,
|
|
1542
|
+
next_action: "retry_after_delay",
|
|
1356
1543
|
category: "verifier"
|
|
1357
1544
|
},
|
|
1358
1545
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1360,7 +1547,8 @@ var ERRORS = {
|
|
|
1360
1547
|
http_status: 504,
|
|
1361
1548
|
title: "Pointer Fetch Timeout",
|
|
1362
1549
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1363
|
-
|
|
1550
|
+
retryable: true,
|
|
1551
|
+
next_action: "retry_after_delay",
|
|
1364
1552
|
category: "verifier"
|
|
1365
1553
|
},
|
|
1366
1554
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1368,7 +1556,8 @@ var ERRORS = {
|
|
|
1368
1556
|
http_status: 413,
|
|
1369
1557
|
title: "Pointer Fetch Too Large",
|
|
1370
1558
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1371
|
-
|
|
1559
|
+
retryable: false,
|
|
1560
|
+
next_action: "abort",
|
|
1372
1561
|
category: "verifier"
|
|
1373
1562
|
},
|
|
1374
1563
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1376,7 +1565,8 @@ var ERRORS = {
|
|
|
1376
1565
|
http_status: 403,
|
|
1377
1566
|
title: "Policy Violation",
|
|
1378
1567
|
description: "Receipt violates verifier trust policy",
|
|
1379
|
-
|
|
1568
|
+
retryable: false,
|
|
1569
|
+
next_action: "abort",
|
|
1380
1570
|
category: "verifier"
|
|
1381
1571
|
},
|
|
1382
1572
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1384,7 +1574,8 @@ var ERRORS = {
|
|
|
1384
1574
|
http_status: 413,
|
|
1385
1575
|
title: "Receipt Too Large",
|
|
1386
1576
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1387
|
-
|
|
1577
|
+
retryable: false,
|
|
1578
|
+
next_action: "abort",
|
|
1388
1579
|
category: "verifier"
|
|
1389
1580
|
},
|
|
1390
1581
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1392,7 +1583,8 @@ var ERRORS = {
|
|
|
1392
1583
|
http_status: 400,
|
|
1393
1584
|
title: "Schema Invalid",
|
|
1394
1585
|
description: "Receipt claims do not conform to expected schema",
|
|
1395
|
-
|
|
1586
|
+
retryable: false,
|
|
1587
|
+
next_action: "abort",
|
|
1396
1588
|
category: "verifier"
|
|
1397
1589
|
},
|
|
1398
1590
|
// Workflow error codes
|
|
@@ -1401,7 +1593,8 @@ var ERRORS = {
|
|
|
1401
1593
|
http_status: 400,
|
|
1402
1594
|
title: "Invalid Workflow Context",
|
|
1403
1595
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1404
|
-
|
|
1596
|
+
retryable: false,
|
|
1597
|
+
next_action: "retry_with_different_input",
|
|
1405
1598
|
category: "workflow"
|
|
1406
1599
|
},
|
|
1407
1600
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1409,7 +1602,8 @@ var ERRORS = {
|
|
|
1409
1602
|
http_status: 400,
|
|
1410
1603
|
title: "Workflow Cycle Detected",
|
|
1411
1604
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1412
|
-
|
|
1605
|
+
retryable: false,
|
|
1606
|
+
next_action: "retry_with_different_input",
|
|
1413
1607
|
category: "workflow"
|
|
1414
1608
|
},
|
|
1415
1609
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1417,7 +1611,8 @@ var ERRORS = {
|
|
|
1417
1611
|
http_status: 400,
|
|
1418
1612
|
title: "Invalid Workflow DAG",
|
|
1419
1613
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1420
|
-
|
|
1614
|
+
retryable: false,
|
|
1615
|
+
next_action: "retry_with_different_input",
|
|
1421
1616
|
category: "workflow"
|
|
1422
1617
|
},
|
|
1423
1618
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1425,7 +1620,8 @@ var ERRORS = {
|
|
|
1425
1620
|
http_status: 400,
|
|
1426
1621
|
title: "Invalid Workflow ID",
|
|
1427
1622
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1428
|
-
|
|
1623
|
+
retryable: false,
|
|
1624
|
+
next_action: "retry_with_different_input",
|
|
1429
1625
|
category: "workflow"
|
|
1430
1626
|
},
|
|
1431
1627
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1433,7 +1629,8 @@ var ERRORS = {
|
|
|
1433
1629
|
http_status: 400,
|
|
1434
1630
|
title: "Workflow Limit Exceeded",
|
|
1435
1631
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1436
|
-
|
|
1632
|
+
retryable: false,
|
|
1633
|
+
next_action: "retry_with_different_input",
|
|
1437
1634
|
category: "workflow"
|
|
1438
1635
|
},
|
|
1439
1636
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1441,7 +1638,8 @@ var ERRORS = {
|
|
|
1441
1638
|
http_status: 400,
|
|
1442
1639
|
title: "Parent Step Not Found",
|
|
1443
1640
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1444
|
-
|
|
1641
|
+
retryable: false,
|
|
1642
|
+
next_action: "retry_with_different_input",
|
|
1445
1643
|
category: "workflow"
|
|
1446
1644
|
},
|
|
1447
1645
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1449,7 +1647,8 @@ var ERRORS = {
|
|
|
1449
1647
|
http_status: 400,
|
|
1450
1648
|
title: "Invalid Step ID",
|
|
1451
1649
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1452
|
-
|
|
1650
|
+
retryable: false,
|
|
1651
|
+
next_action: "retry_with_different_input",
|
|
1453
1652
|
category: "workflow"
|
|
1454
1653
|
},
|
|
1455
1654
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1457,15 +1656,16 @@ var ERRORS = {
|
|
|
1457
1656
|
http_status: 400,
|
|
1458
1657
|
title: "Invalid Workflow Summary",
|
|
1459
1658
|
description: "Workflow summary attestation does not conform to schema",
|
|
1460
|
-
|
|
1659
|
+
retryable: false,
|
|
1660
|
+
next_action: "retry_with_different_input",
|
|
1461
1661
|
category: "workflow"
|
|
1462
1662
|
}
|
|
1463
1663
|
};
|
|
1464
1664
|
function getError(code) {
|
|
1465
1665
|
return ERRORS[code];
|
|
1466
1666
|
}
|
|
1467
|
-
function
|
|
1468
|
-
return ERRORS[code]?.
|
|
1667
|
+
function isRetryable(code) {
|
|
1668
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1469
1669
|
}
|
|
1470
1670
|
var BUNDLE_ERRORS = {
|
|
1471
1671
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1653,6 +1853,10 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1653
1853
|
return purposeEnforced;
|
|
1654
1854
|
}
|
|
1655
1855
|
|
|
1856
|
+
// src/carrier.ts
|
|
1857
|
+
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1858
|
+
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1859
|
+
|
|
1656
1860
|
exports.AGENT_PROTOCOLS = AGENT_PROTOCOLS;
|
|
1657
1861
|
exports.ALGORITHMS = ALGORITHMS;
|
|
1658
1862
|
exports.BUNDLE_ERRORS = BUNDLE_ERRORS;
|
|
@@ -1670,6 +1874,8 @@ exports.ISSUER_CONFIG = ISSUER_CONFIG;
|
|
|
1670
1874
|
exports.JWKS = JWKS;
|
|
1671
1875
|
exports.LIMITS = LIMITS;
|
|
1672
1876
|
exports.PAYMENT_RAILS = PAYMENT_RAILS;
|
|
1877
|
+
exports.PEAC_RECEIPT_HEADER = PEAC_RECEIPT_HEADER;
|
|
1878
|
+
exports.PEAC_RECEIPT_URL_HEADER = PEAC_RECEIPT_URL_HEADER;
|
|
1673
1879
|
exports.POLICY = POLICY;
|
|
1674
1880
|
exports.PRIVATE_IP_RANGES = PRIVATE_IP_RANGES;
|
|
1675
1881
|
exports.RECEIPT = RECEIPT;
|
|
@@ -1691,7 +1897,7 @@ exports.findTransportMethod = findTransportMethod;
|
|
|
1691
1897
|
exports.formatHash = formatHash;
|
|
1692
1898
|
exports.getError = getError;
|
|
1693
1899
|
exports.getPeacVaryHeaders = getPeacVaryHeaders;
|
|
1694
|
-
exports.
|
|
1900
|
+
exports.isRetryable = isRetryable;
|
|
1695
1901
|
exports.isValidHash = isValidHash;
|
|
1696
1902
|
exports.needsPurposeVary = needsPurposeVary;
|
|
1697
1903
|
exports.parseHash = parseHash;
|