@peac/kernel 0.11.0 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/__tests__/carrier.test.d.ts +2 -0
- package/dist/__tests__/carrier.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +113 -0
- package/dist/carrier.d.ts.map +1 -0
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +343 -143
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +9 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +343 -143
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +349 -143
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +347 -143
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -299,10 +299,16 @@ var ERROR_CODES = {
|
|
|
299
299
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
300
300
|
// Verifier error codes
|
|
301
301
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
302
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
302
303
|
E_VERIFY_INVALID_TRANSPORT: "E_VERIFY_INVALID_TRANSPORT",
|
|
304
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
305
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
306
|
+
E_VERIFY_ISSUER_MISMATCH: "E_VERIFY_ISSUER_MISMATCH",
|
|
303
307
|
E_VERIFY_ISSUER_NOT_ALLOWED: "E_VERIFY_ISSUER_NOT_ALLOWED",
|
|
308
|
+
E_VERIFY_JWKS_INVALID: "E_VERIFY_JWKS_INVALID",
|
|
304
309
|
E_VERIFY_JWKS_TOO_LARGE: "E_VERIFY_JWKS_TOO_LARGE",
|
|
305
310
|
E_VERIFY_JWKS_TOO_MANY_KEYS: "E_VERIFY_JWKS_TOO_MANY_KEYS",
|
|
311
|
+
E_VERIFY_JWKS_URI_INVALID: "E_VERIFY_JWKS_URI_INVALID",
|
|
306
312
|
E_VERIFY_KEY_FETCH_BLOCKED: "E_VERIFY_KEY_FETCH_BLOCKED",
|
|
307
313
|
E_VERIFY_KEY_FETCH_FAILED: "E_VERIFY_KEY_FETCH_FAILED",
|
|
308
314
|
E_VERIFY_KEY_FETCH_TIMEOUT: "E_VERIFY_KEY_FETCH_TIMEOUT",
|
|
@@ -332,7 +338,8 @@ var ERRORS = {
|
|
|
332
338
|
http_status: 400,
|
|
333
339
|
title: "Attribution Chain Too Deep",
|
|
334
340
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
335
|
-
|
|
341
|
+
retryable: false,
|
|
342
|
+
next_action: "retry_with_different_input",
|
|
336
343
|
category: "attribution"
|
|
337
344
|
},
|
|
338
345
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -340,7 +347,8 @@ var ERRORS = {
|
|
|
340
347
|
http_status: 400,
|
|
341
348
|
title: "Attribution Circular Chain",
|
|
342
349
|
description: "Circular reference detected in attribution chain",
|
|
343
|
-
|
|
350
|
+
retryable: false,
|
|
351
|
+
next_action: "retry_with_different_input",
|
|
344
352
|
category: "attribution"
|
|
345
353
|
},
|
|
346
354
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -348,7 +356,8 @@ var ERRORS = {
|
|
|
348
356
|
http_status: 401,
|
|
349
357
|
title: "Attribution Expired",
|
|
350
358
|
description: "Attribution attestation has exceeded its expiration time",
|
|
351
|
-
|
|
359
|
+
retryable: false,
|
|
360
|
+
next_action: "retry_with_different_input",
|
|
352
361
|
category: "attribution"
|
|
353
362
|
},
|
|
354
363
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -356,7 +365,8 @@ var ERRORS = {
|
|
|
356
365
|
http_status: 400,
|
|
357
366
|
title: "Attribution Hash Invalid",
|
|
358
367
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
359
|
-
|
|
368
|
+
retryable: false,
|
|
369
|
+
next_action: "retry_with_different_input",
|
|
360
370
|
category: "attribution"
|
|
361
371
|
},
|
|
362
372
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -364,7 +374,8 @@ var ERRORS = {
|
|
|
364
374
|
http_status: 400,
|
|
365
375
|
title: "Attribution Invalid Format",
|
|
366
376
|
description: "Attribution attestation does not conform to schema",
|
|
367
|
-
|
|
377
|
+
retryable: false,
|
|
378
|
+
next_action: "retry_with_different_input",
|
|
368
379
|
category: "attribution"
|
|
369
380
|
},
|
|
370
381
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -372,7 +383,8 @@ var ERRORS = {
|
|
|
372
383
|
http_status: 400,
|
|
373
384
|
title: "Attribution Invalid Reference",
|
|
374
385
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
375
|
-
|
|
386
|
+
retryable: false,
|
|
387
|
+
next_action: "retry_with_different_input",
|
|
376
388
|
category: "attribution"
|
|
377
389
|
},
|
|
378
390
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -380,7 +392,8 @@ var ERRORS = {
|
|
|
380
392
|
http_status: 400,
|
|
381
393
|
title: "Attribution Invalid Weight",
|
|
382
394
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
383
|
-
|
|
395
|
+
retryable: false,
|
|
396
|
+
next_action: "retry_with_different_input",
|
|
384
397
|
category: "attribution"
|
|
385
398
|
},
|
|
386
399
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -388,7 +401,8 @@ var ERRORS = {
|
|
|
388
401
|
http_status: 400,
|
|
389
402
|
title: "Attribution Missing Sources",
|
|
390
403
|
description: "Attribution attestation has empty sources array",
|
|
391
|
-
|
|
404
|
+
retryable: false,
|
|
405
|
+
next_action: "retry_with_different_input",
|
|
392
406
|
category: "attribution"
|
|
393
407
|
},
|
|
394
408
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -396,7 +410,8 @@ var ERRORS = {
|
|
|
396
410
|
http_status: 401,
|
|
397
411
|
title: "Attribution Not Yet Valid",
|
|
398
412
|
description: "Attribution attestation issued_at time is in the future",
|
|
399
|
-
|
|
413
|
+
retryable: true,
|
|
414
|
+
next_action: "retry_after_delay",
|
|
400
415
|
category: "attribution"
|
|
401
416
|
},
|
|
402
417
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -404,7 +419,8 @@ var ERRORS = {
|
|
|
404
419
|
http_status: 502,
|
|
405
420
|
title: "Attribution Resolution Failed",
|
|
406
421
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
407
|
-
|
|
422
|
+
retryable: true,
|
|
423
|
+
next_action: "retry_after_delay",
|
|
408
424
|
category: "attribution"
|
|
409
425
|
},
|
|
410
426
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -412,7 +428,8 @@ var ERRORS = {
|
|
|
412
428
|
http_status: 504,
|
|
413
429
|
title: "Attribution Resolution Timeout",
|
|
414
430
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
415
|
-
|
|
431
|
+
retryable: true,
|
|
432
|
+
next_action: "retry_after_delay",
|
|
416
433
|
category: "attribution"
|
|
417
434
|
},
|
|
418
435
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -420,7 +437,8 @@ var ERRORS = {
|
|
|
420
437
|
http_status: 400,
|
|
421
438
|
title: "Attribution Size Exceeded",
|
|
422
439
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
423
|
-
|
|
440
|
+
retryable: false,
|
|
441
|
+
next_action: "retry_with_different_input",
|
|
424
442
|
category: "attribution"
|
|
425
443
|
},
|
|
426
444
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -428,7 +446,8 @@ var ERRORS = {
|
|
|
428
446
|
http_status: 400,
|
|
429
447
|
title: "Attribution Too Many Sources",
|
|
430
448
|
description: "Attribution has too many sources (maximum 100)",
|
|
431
|
-
|
|
449
|
+
retryable: false,
|
|
450
|
+
next_action: "retry_with_different_input",
|
|
432
451
|
category: "attribution"
|
|
433
452
|
},
|
|
434
453
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -436,7 +455,8 @@ var ERRORS = {
|
|
|
436
455
|
http_status: 400,
|
|
437
456
|
title: "Attribution Unknown Usage",
|
|
438
457
|
description: "Attribution usage type is not recognized",
|
|
439
|
-
|
|
458
|
+
retryable: false,
|
|
459
|
+
next_action: "retry_with_different_input",
|
|
440
460
|
category: "attribution"
|
|
441
461
|
},
|
|
442
462
|
// Bundle error codes
|
|
@@ -445,7 +465,8 @@ var ERRORS = {
|
|
|
445
465
|
http_status: 400,
|
|
446
466
|
title: "Bundle Duplicate Receipt",
|
|
447
467
|
description: "Bundle contains multiple receipts with the same ID",
|
|
448
|
-
|
|
468
|
+
retryable: false,
|
|
469
|
+
next_action: "retry_with_different_input",
|
|
449
470
|
category: "bundle"
|
|
450
471
|
},
|
|
451
472
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -453,7 +474,8 @@ var ERRORS = {
|
|
|
453
474
|
http_status: 400,
|
|
454
475
|
title: "Bundle Hash Mismatch",
|
|
455
476
|
description: "File hash does not match value declared in manifest.json",
|
|
456
|
-
|
|
477
|
+
retryable: false,
|
|
478
|
+
next_action: "retry_with_different_input",
|
|
457
479
|
category: "bundle"
|
|
458
480
|
},
|
|
459
481
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -461,7 +483,8 @@ var ERRORS = {
|
|
|
461
483
|
http_status: 400,
|
|
462
484
|
title: "Bundle Invalid Format",
|
|
463
485
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
464
|
-
|
|
486
|
+
retryable: false,
|
|
487
|
+
next_action: "retry_with_different_input",
|
|
465
488
|
category: "bundle"
|
|
466
489
|
},
|
|
467
490
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -469,7 +492,8 @@ var ERRORS = {
|
|
|
469
492
|
http_status: 400,
|
|
470
493
|
title: "Bundle Key Missing",
|
|
471
494
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
472
|
-
|
|
495
|
+
retryable: false,
|
|
496
|
+
next_action: "retry_with_different_input",
|
|
473
497
|
category: "bundle"
|
|
474
498
|
},
|
|
475
499
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -477,7 +501,8 @@ var ERRORS = {
|
|
|
477
501
|
http_status: 400,
|
|
478
502
|
title: "Bundle Manifest Invalid",
|
|
479
503
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
480
|
-
|
|
504
|
+
retryable: false,
|
|
505
|
+
next_action: "retry_with_different_input",
|
|
481
506
|
category: "bundle"
|
|
482
507
|
},
|
|
483
508
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -485,7 +510,8 @@ var ERRORS = {
|
|
|
485
510
|
http_status: 400,
|
|
486
511
|
title: "Bundle Manifest Missing",
|
|
487
512
|
description: "manifest.json not found at bundle archive root",
|
|
488
|
-
|
|
513
|
+
retryable: false,
|
|
514
|
+
next_action: "retry_with_different_input",
|
|
489
515
|
category: "bundle"
|
|
490
516
|
},
|
|
491
517
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -493,7 +519,8 @@ var ERRORS = {
|
|
|
493
519
|
http_status: 400,
|
|
494
520
|
title: "Bundle Missing Keys",
|
|
495
521
|
description: "No verification keys provided in bundle JWKS",
|
|
496
|
-
|
|
522
|
+
retryable: false,
|
|
523
|
+
next_action: "retry_with_different_input",
|
|
497
524
|
category: "bundle"
|
|
498
525
|
},
|
|
499
526
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -501,7 +528,8 @@ var ERRORS = {
|
|
|
501
528
|
http_status: 400,
|
|
502
529
|
title: "Bundle Missing Receipts",
|
|
503
530
|
description: "No receipts provided when creating bundle",
|
|
504
|
-
|
|
531
|
+
retryable: false,
|
|
532
|
+
next_action: "retry_with_different_input",
|
|
505
533
|
category: "bundle"
|
|
506
534
|
},
|
|
507
535
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -509,7 +537,8 @@ var ERRORS = {
|
|
|
509
537
|
http_status: 400,
|
|
510
538
|
title: "Bundle Path Traversal",
|
|
511
539
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
512
|
-
|
|
540
|
+
retryable: false,
|
|
541
|
+
next_action: "retry_with_different_input",
|
|
513
542
|
category: "bundle"
|
|
514
543
|
},
|
|
515
544
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -517,7 +546,8 @@ var ERRORS = {
|
|
|
517
546
|
http_status: 400,
|
|
518
547
|
title: "Bundle Policy Hash Mismatch",
|
|
519
548
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
520
|
-
|
|
549
|
+
retryable: false,
|
|
550
|
+
next_action: "retry_with_different_input",
|
|
521
551
|
category: "bundle"
|
|
522
552
|
},
|
|
523
553
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -525,7 +555,8 @@ var ERRORS = {
|
|
|
525
555
|
http_status: 400,
|
|
526
556
|
title: "Bundle Receipts Unordered",
|
|
527
557
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
528
|
-
|
|
558
|
+
retryable: false,
|
|
559
|
+
next_action: "retry_with_different_input",
|
|
529
560
|
category: "bundle"
|
|
530
561
|
},
|
|
531
562
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -533,7 +564,8 @@ var ERRORS = {
|
|
|
533
564
|
http_status: 400,
|
|
534
565
|
title: "Bundle Receipt Invalid",
|
|
535
566
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
536
|
-
|
|
567
|
+
retryable: false,
|
|
568
|
+
next_action: "retry_with_different_input",
|
|
537
569
|
category: "bundle"
|
|
538
570
|
},
|
|
539
571
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -541,7 +573,8 @@ var ERRORS = {
|
|
|
541
573
|
http_status: 400,
|
|
542
574
|
title: "Bundle Signature Invalid",
|
|
543
575
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
544
|
-
|
|
576
|
+
retryable: false,
|
|
577
|
+
next_action: "retry_with_different_input",
|
|
545
578
|
category: "bundle"
|
|
546
579
|
},
|
|
547
580
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -549,7 +582,8 @@ var ERRORS = {
|
|
|
549
582
|
http_status: 400,
|
|
550
583
|
title: "Bundle Size Exceeded",
|
|
551
584
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
552
|
-
|
|
585
|
+
retryable: false,
|
|
586
|
+
next_action: "retry_with_different_input",
|
|
553
587
|
category: "bundle"
|
|
554
588
|
},
|
|
555
589
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -557,7 +591,8 @@ var ERRORS = {
|
|
|
557
591
|
http_status: 400,
|
|
558
592
|
title: "Bundle Time Range Invalid",
|
|
559
593
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
560
|
-
|
|
594
|
+
retryable: false,
|
|
595
|
+
next_action: "retry_with_different_input",
|
|
561
596
|
category: "bundle"
|
|
562
597
|
},
|
|
563
598
|
// Control error codes
|
|
@@ -566,7 +601,8 @@ var ERRORS = {
|
|
|
566
601
|
http_status: 403,
|
|
567
602
|
title: "Control Decision Denied",
|
|
568
603
|
description: "Control engine denied authorization",
|
|
569
|
-
|
|
604
|
+
retryable: false,
|
|
605
|
+
next_action: "contact_issuer",
|
|
570
606
|
category: "control"
|
|
571
607
|
},
|
|
572
608
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -574,7 +610,8 @@ var ERRORS = {
|
|
|
574
610
|
http_status: 202,
|
|
575
611
|
title: "Review Required",
|
|
576
612
|
description: "Control engine requires manual review",
|
|
577
|
-
|
|
613
|
+
retryable: true,
|
|
614
|
+
next_action: "contact_issuer",
|
|
578
615
|
category: "control"
|
|
579
616
|
},
|
|
580
617
|
// Dispute error codes
|
|
@@ -583,7 +620,8 @@ var ERRORS = {
|
|
|
583
620
|
http_status: 409,
|
|
584
621
|
title: "Dispute Duplicate",
|
|
585
622
|
description: "A dispute with this ID already exists",
|
|
586
|
-
|
|
623
|
+
retryable: false,
|
|
624
|
+
next_action: "retry_with_different_input",
|
|
587
625
|
category: "dispute"
|
|
588
626
|
},
|
|
589
627
|
E_DISPUTE_EXPIRED: {
|
|
@@ -591,7 +629,8 @@ var ERRORS = {
|
|
|
591
629
|
http_status: 401,
|
|
592
630
|
title: "Dispute Expired",
|
|
593
631
|
description: "Dispute attestation has exceeded its expiration time",
|
|
594
|
-
|
|
632
|
+
retryable: false,
|
|
633
|
+
next_action: "retry_with_different_input",
|
|
595
634
|
category: "dispute"
|
|
596
635
|
},
|
|
597
636
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -599,7 +638,8 @@ var ERRORS = {
|
|
|
599
638
|
http_status: 400,
|
|
600
639
|
title: "Dispute Invalid Format",
|
|
601
640
|
description: "Dispute attestation does not conform to schema",
|
|
602
|
-
|
|
641
|
+
retryable: false,
|
|
642
|
+
next_action: "retry_with_different_input",
|
|
603
643
|
category: "dispute"
|
|
604
644
|
},
|
|
605
645
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -607,7 +647,8 @@ var ERRORS = {
|
|
|
607
647
|
http_status: 400,
|
|
608
648
|
title: "Dispute Invalid Grounds",
|
|
609
649
|
description: "Dispute grounds code is not recognized",
|
|
610
|
-
|
|
650
|
+
retryable: false,
|
|
651
|
+
next_action: "retry_with_different_input",
|
|
611
652
|
category: "dispute"
|
|
612
653
|
},
|
|
613
654
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -615,7 +656,8 @@ var ERRORS = {
|
|
|
615
656
|
http_status: 400,
|
|
616
657
|
title: "Dispute Invalid ID",
|
|
617
658
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
618
|
-
|
|
659
|
+
retryable: false,
|
|
660
|
+
next_action: "retry_with_different_input",
|
|
619
661
|
category: "dispute"
|
|
620
662
|
},
|
|
621
663
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -623,7 +665,8 @@ var ERRORS = {
|
|
|
623
665
|
http_status: 400,
|
|
624
666
|
title: "Dispute Invalid State",
|
|
625
667
|
description: "Dispute state is not recognized",
|
|
626
|
-
|
|
668
|
+
retryable: false,
|
|
669
|
+
next_action: "retry_with_different_input",
|
|
627
670
|
category: "dispute"
|
|
628
671
|
},
|
|
629
672
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -631,7 +674,8 @@ var ERRORS = {
|
|
|
631
674
|
http_status: 400,
|
|
632
675
|
title: "Dispute Invalid Target Type",
|
|
633
676
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
634
|
-
|
|
677
|
+
retryable: false,
|
|
678
|
+
next_action: "retry_with_different_input",
|
|
635
679
|
category: "dispute"
|
|
636
680
|
},
|
|
637
681
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -639,7 +683,8 @@ var ERRORS = {
|
|
|
639
683
|
http_status: 400,
|
|
640
684
|
title: "Dispute Invalid Transition",
|
|
641
685
|
description: "Invalid state transition for dispute lifecycle",
|
|
642
|
-
|
|
686
|
+
retryable: false,
|
|
687
|
+
next_action: "retry_with_different_input",
|
|
643
688
|
category: "dispute"
|
|
644
689
|
},
|
|
645
690
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -647,7 +692,8 @@ var ERRORS = {
|
|
|
647
692
|
http_status: 400,
|
|
648
693
|
title: "Dispute Invalid Type",
|
|
649
694
|
description: "Dispute type is not recognized",
|
|
650
|
-
|
|
695
|
+
retryable: false,
|
|
696
|
+
next_action: "retry_with_different_input",
|
|
651
697
|
category: "dispute"
|
|
652
698
|
},
|
|
653
699
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -655,7 +701,8 @@ var ERRORS = {
|
|
|
655
701
|
http_status: 400,
|
|
656
702
|
title: "Dispute Missing Resolution",
|
|
657
703
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
658
|
-
|
|
704
|
+
retryable: false,
|
|
705
|
+
next_action: "retry_with_different_input",
|
|
659
706
|
category: "dispute"
|
|
660
707
|
},
|
|
661
708
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -663,7 +710,8 @@ var ERRORS = {
|
|
|
663
710
|
http_status: 401,
|
|
664
711
|
title: "Dispute Not Yet Valid",
|
|
665
712
|
description: "Dispute attestation issued_at time is in the future",
|
|
666
|
-
|
|
713
|
+
retryable: true,
|
|
714
|
+
next_action: "retry_after_delay",
|
|
667
715
|
category: "dispute"
|
|
668
716
|
},
|
|
669
717
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -671,7 +719,8 @@ var ERRORS = {
|
|
|
671
719
|
http_status: 400,
|
|
672
720
|
title: "Dispute Other Requires Description",
|
|
673
721
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
674
|
-
|
|
722
|
+
retryable: false,
|
|
723
|
+
next_action: "retry_with_different_input",
|
|
675
724
|
category: "dispute"
|
|
676
725
|
},
|
|
677
726
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -679,7 +728,8 @@ var ERRORS = {
|
|
|
679
728
|
http_status: 400,
|
|
680
729
|
title: "Dispute Resolution Not Allowed",
|
|
681
730
|
description: "Resolution is only valid for terminal states",
|
|
682
|
-
|
|
731
|
+
retryable: false,
|
|
732
|
+
next_action: "retry_with_different_input",
|
|
683
733
|
category: "dispute"
|
|
684
734
|
},
|
|
685
735
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -687,7 +737,8 @@ var ERRORS = {
|
|
|
687
737
|
http_status: 404,
|
|
688
738
|
title: "Dispute Target Not Found",
|
|
689
739
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
690
|
-
|
|
740
|
+
retryable: true,
|
|
741
|
+
next_action: "retry_after_delay",
|
|
691
742
|
category: "dispute"
|
|
692
743
|
},
|
|
693
744
|
// Identity error codes
|
|
@@ -696,7 +747,8 @@ var ERRORS = {
|
|
|
696
747
|
http_status: 400,
|
|
697
748
|
title: "Identity Binding Future",
|
|
698
749
|
description: "Identity binding signed_at timestamp is in the future",
|
|
699
|
-
|
|
750
|
+
retryable: false,
|
|
751
|
+
next_action: "retry_with_different_input",
|
|
700
752
|
category: "identity"
|
|
701
753
|
},
|
|
702
754
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -704,7 +756,8 @@ var ERRORS = {
|
|
|
704
756
|
http_status: 400,
|
|
705
757
|
title: "Identity Binding Mismatch",
|
|
706
758
|
description: "Identity binding does not match the request being verified",
|
|
707
|
-
|
|
759
|
+
retryable: false,
|
|
760
|
+
next_action: "retry_with_different_input",
|
|
708
761
|
category: "identity"
|
|
709
762
|
},
|
|
710
763
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -712,7 +765,8 @@ var ERRORS = {
|
|
|
712
765
|
http_status: 401,
|
|
713
766
|
title: "Identity Binding Stale",
|
|
714
767
|
description: "Identity binding is too old and requires fresh binding",
|
|
715
|
-
|
|
768
|
+
retryable: true,
|
|
769
|
+
next_action: "retry_after_delay",
|
|
716
770
|
category: "identity"
|
|
717
771
|
},
|
|
718
772
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -720,7 +774,8 @@ var ERRORS = {
|
|
|
720
774
|
http_status: 503,
|
|
721
775
|
title: "Identity Directory Unavailable",
|
|
722
776
|
description: "Failed to fetch agent key directory",
|
|
723
|
-
|
|
777
|
+
retryable: true,
|
|
778
|
+
next_action: "retry_after_delay",
|
|
724
779
|
category: "identity"
|
|
725
780
|
},
|
|
726
781
|
E_IDENTITY_EXPIRED: {
|
|
@@ -728,7 +783,8 @@ var ERRORS = {
|
|
|
728
783
|
http_status: 401,
|
|
729
784
|
title: "Identity Expired",
|
|
730
785
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
731
|
-
|
|
786
|
+
retryable: false,
|
|
787
|
+
next_action: "refresh_attestation",
|
|
732
788
|
category: "identity"
|
|
733
789
|
},
|
|
734
790
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -736,7 +792,8 @@ var ERRORS = {
|
|
|
736
792
|
http_status: 400,
|
|
737
793
|
title: "Identity Invalid Format",
|
|
738
794
|
description: "Agent identity attestation does not conform to schema",
|
|
739
|
-
|
|
795
|
+
retryable: false,
|
|
796
|
+
next_action: "retry_with_different_input",
|
|
740
797
|
category: "identity"
|
|
741
798
|
},
|
|
742
799
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -744,7 +801,8 @@ var ERRORS = {
|
|
|
744
801
|
http_status: 401,
|
|
745
802
|
title: "Identity Key Expired",
|
|
746
803
|
description: "Agent signing key has expired per directory metadata",
|
|
747
|
-
|
|
804
|
+
retryable: false,
|
|
805
|
+
next_action: "refresh_attestation",
|
|
748
806
|
category: "identity"
|
|
749
807
|
},
|
|
750
808
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -752,7 +810,8 @@ var ERRORS = {
|
|
|
752
810
|
http_status: 401,
|
|
753
811
|
title: "Identity Key Revoked",
|
|
754
812
|
description: "Agent signing key has been explicitly revoked",
|
|
755
|
-
|
|
813
|
+
retryable: false,
|
|
814
|
+
next_action: "refresh_attestation",
|
|
756
815
|
category: "identity"
|
|
757
816
|
},
|
|
758
817
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -760,7 +819,8 @@ var ERRORS = {
|
|
|
760
819
|
http_status: 401,
|
|
761
820
|
title: "Identity Key Unknown",
|
|
762
821
|
description: "Key ID not found in agent key directory",
|
|
763
|
-
|
|
822
|
+
retryable: true,
|
|
823
|
+
next_action: "retry_after_delay",
|
|
764
824
|
category: "identity"
|
|
765
825
|
},
|
|
766
826
|
E_IDENTITY_MISSING: {
|
|
@@ -768,7 +828,8 @@ var ERRORS = {
|
|
|
768
828
|
http_status: 401,
|
|
769
829
|
title: "Identity Missing",
|
|
770
830
|
description: "No agent identity attestation provided in request",
|
|
771
|
-
|
|
831
|
+
retryable: false,
|
|
832
|
+
next_action: "retry_with_different_input",
|
|
772
833
|
category: "identity"
|
|
773
834
|
},
|
|
774
835
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -776,7 +837,8 @@ var ERRORS = {
|
|
|
776
837
|
http_status: 401,
|
|
777
838
|
title: "Identity Not Yet Valid",
|
|
778
839
|
description: "Agent identity attestation issued_at time is in the future",
|
|
779
|
-
|
|
840
|
+
retryable: true,
|
|
841
|
+
next_action: "retry_after_delay",
|
|
780
842
|
category: "identity"
|
|
781
843
|
},
|
|
782
844
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -784,7 +846,8 @@ var ERRORS = {
|
|
|
784
846
|
http_status: 400,
|
|
785
847
|
title: "Identity Proof Unsupported",
|
|
786
848
|
description: "Agent identity proof method is not supported",
|
|
787
|
-
|
|
849
|
+
retryable: false,
|
|
850
|
+
next_action: "retry_with_different_input",
|
|
788
851
|
category: "identity"
|
|
789
852
|
},
|
|
790
853
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -792,7 +855,8 @@ var ERRORS = {
|
|
|
792
855
|
http_status: 401,
|
|
793
856
|
title: "Identity Signature Invalid",
|
|
794
857
|
description: "Agent identity proof signature verification failed",
|
|
795
|
-
|
|
858
|
+
retryable: false,
|
|
859
|
+
next_action: "retry_with_different_input",
|
|
796
860
|
category: "identity"
|
|
797
861
|
},
|
|
798
862
|
// Infrastructure error codes
|
|
@@ -801,7 +865,8 @@ var ERRORS = {
|
|
|
801
865
|
http_status: 503,
|
|
802
866
|
title: "Circuit Breaker Open",
|
|
803
867
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
804
|
-
|
|
868
|
+
retryable: true,
|
|
869
|
+
next_action: "retry_after_delay",
|
|
805
870
|
category: "infrastructure"
|
|
806
871
|
},
|
|
807
872
|
E_INTERNAL: {
|
|
@@ -809,7 +874,8 @@ var ERRORS = {
|
|
|
809
874
|
http_status: 500,
|
|
810
875
|
title: "Internal Error",
|
|
811
876
|
description: "An unexpected internal error occurred during verification",
|
|
812
|
-
|
|
877
|
+
retryable: true,
|
|
878
|
+
next_action: "retry_after_delay",
|
|
813
879
|
category: "infrastructure"
|
|
814
880
|
},
|
|
815
881
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -817,7 +883,8 @@ var ERRORS = {
|
|
|
817
883
|
http_status: 503,
|
|
818
884
|
title: "JWKS Fetch Failed",
|
|
819
885
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
820
|
-
|
|
886
|
+
retryable: true,
|
|
887
|
+
next_action: "retry_after_delay",
|
|
821
888
|
category: "infrastructure"
|
|
822
889
|
},
|
|
823
890
|
E_RATE_LIMITED: {
|
|
@@ -825,7 +892,8 @@ var ERRORS = {
|
|
|
825
892
|
http_status: 429,
|
|
826
893
|
title: "Rate Limited",
|
|
827
894
|
description: "Too many requests, please retry later",
|
|
828
|
-
|
|
895
|
+
retryable: true,
|
|
896
|
+
next_action: "retry_after_delay",
|
|
829
897
|
category: "infrastructure"
|
|
830
898
|
},
|
|
831
899
|
// Interaction error codes
|
|
@@ -834,7 +902,8 @@ var ERRORS = {
|
|
|
834
902
|
http_status: 400,
|
|
835
903
|
title: "Interaction Invalid Digest",
|
|
836
904
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
837
|
-
|
|
905
|
+
retryable: false,
|
|
906
|
+
next_action: "retry_with_different_input",
|
|
838
907
|
category: "interaction"
|
|
839
908
|
},
|
|
840
909
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -842,7 +911,8 @@ var ERRORS = {
|
|
|
842
911
|
http_status: 400,
|
|
843
912
|
title: "Interaction Invalid Digest Algorithm",
|
|
844
913
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
845
|
-
|
|
914
|
+
retryable: false,
|
|
915
|
+
next_action: "retry_with_different_input",
|
|
846
916
|
category: "interaction"
|
|
847
917
|
},
|
|
848
918
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -850,7 +920,8 @@ var ERRORS = {
|
|
|
850
920
|
http_status: 400,
|
|
851
921
|
title: "Interaction Invalid Extension Key",
|
|
852
922
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
853
|
-
|
|
923
|
+
retryable: false,
|
|
924
|
+
next_action: "retry_with_different_input",
|
|
854
925
|
category: "interaction"
|
|
855
926
|
},
|
|
856
927
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -858,7 +929,8 @@ var ERRORS = {
|
|
|
858
929
|
http_status: 400,
|
|
859
930
|
title: "Interaction Invalid Format",
|
|
860
931
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
861
|
-
|
|
932
|
+
retryable: false,
|
|
933
|
+
next_action: "retry_with_different_input",
|
|
862
934
|
category: "interaction"
|
|
863
935
|
},
|
|
864
936
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -866,7 +938,8 @@ var ERRORS = {
|
|
|
866
938
|
http_status: 400,
|
|
867
939
|
title: "Interaction Invalid Kind Format",
|
|
868
940
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
869
|
-
|
|
941
|
+
retryable: false,
|
|
942
|
+
next_action: "retry_with_different_input",
|
|
870
943
|
category: "interaction"
|
|
871
944
|
},
|
|
872
945
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -874,7 +947,8 @@ var ERRORS = {
|
|
|
874
947
|
http_status: 400,
|
|
875
948
|
title: "Interaction Invalid Timing",
|
|
876
949
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
877
|
-
|
|
950
|
+
retryable: false,
|
|
951
|
+
next_action: "retry_with_different_input",
|
|
878
952
|
category: "interaction"
|
|
879
953
|
},
|
|
880
954
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -882,7 +956,8 @@ var ERRORS = {
|
|
|
882
956
|
http_status: 400,
|
|
883
957
|
title: "Interaction Kind Reserved",
|
|
884
958
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
885
|
-
|
|
959
|
+
retryable: false,
|
|
960
|
+
next_action: "retry_with_different_input",
|
|
886
961
|
category: "interaction"
|
|
887
962
|
},
|
|
888
963
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -890,7 +965,8 @@ var ERRORS = {
|
|
|
890
965
|
http_status: 400,
|
|
891
966
|
title: "Interaction Missing Error Detail",
|
|
892
967
|
description: "error_code or extensions required when result.status is error",
|
|
893
|
-
|
|
968
|
+
retryable: false,
|
|
969
|
+
next_action: "retry_with_different_input",
|
|
894
970
|
category: "interaction"
|
|
895
971
|
},
|
|
896
972
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -898,7 +974,8 @@ var ERRORS = {
|
|
|
898
974
|
http_status: 400,
|
|
899
975
|
title: "Interaction Missing Executor",
|
|
900
976
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
901
|
-
|
|
977
|
+
retryable: false,
|
|
978
|
+
next_action: "retry_with_different_input",
|
|
902
979
|
category: "interaction"
|
|
903
980
|
},
|
|
904
981
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -906,7 +983,8 @@ var ERRORS = {
|
|
|
906
983
|
http_status: 400,
|
|
907
984
|
title: "Interaction Missing ID",
|
|
908
985
|
description: "Interaction evidence is missing required interaction_id field",
|
|
909
|
-
|
|
986
|
+
retryable: false,
|
|
987
|
+
next_action: "retry_with_different_input",
|
|
910
988
|
category: "interaction"
|
|
911
989
|
},
|
|
912
990
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -914,7 +992,8 @@ var ERRORS = {
|
|
|
914
992
|
http_status: 400,
|
|
915
993
|
title: "Interaction Missing Kind",
|
|
916
994
|
description: "Interaction evidence is missing required kind field",
|
|
917
|
-
|
|
995
|
+
retryable: false,
|
|
996
|
+
next_action: "retry_with_different_input",
|
|
918
997
|
category: "interaction"
|
|
919
998
|
},
|
|
920
999
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -922,7 +1001,8 @@ var ERRORS = {
|
|
|
922
1001
|
http_status: 400,
|
|
923
1002
|
title: "Interaction Missing Result",
|
|
924
1003
|
description: "result.status is required when output is present",
|
|
925
|
-
|
|
1004
|
+
retryable: false,
|
|
1005
|
+
next_action: "retry_with_different_input",
|
|
926
1006
|
category: "interaction"
|
|
927
1007
|
},
|
|
928
1008
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -930,7 +1010,8 @@ var ERRORS = {
|
|
|
930
1010
|
http_status: 400,
|
|
931
1011
|
title: "Interaction Missing Started At",
|
|
932
1012
|
description: "Interaction evidence is missing required started_at field",
|
|
933
|
-
|
|
1013
|
+
retryable: false,
|
|
1014
|
+
next_action: "retry_with_different_input",
|
|
934
1015
|
category: "interaction"
|
|
935
1016
|
},
|
|
936
1017
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -938,7 +1019,8 @@ var ERRORS = {
|
|
|
938
1019
|
http_status: 400,
|
|
939
1020
|
title: "Interaction Missing Target",
|
|
940
1021
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
941
|
-
|
|
1022
|
+
retryable: false,
|
|
1023
|
+
next_action: "retry_with_different_input",
|
|
942
1024
|
category: "interaction"
|
|
943
1025
|
},
|
|
944
1026
|
// Ucp error codes
|
|
@@ -947,7 +1029,8 @@ var ERRORS = {
|
|
|
947
1029
|
http_status: 500,
|
|
948
1030
|
title: "UCP Evidence Serialization Failed",
|
|
949
1031
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
950
|
-
|
|
1032
|
+
retryable: false,
|
|
1033
|
+
next_action: "retry_with_different_input",
|
|
951
1034
|
category: "ucp"
|
|
952
1035
|
},
|
|
953
1036
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -955,7 +1038,8 @@ var ERRORS = {
|
|
|
955
1038
|
http_status: 401,
|
|
956
1039
|
title: "UCP Key Algorithm Mismatch",
|
|
957
1040
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
958
|
-
|
|
1041
|
+
retryable: false,
|
|
1042
|
+
next_action: "retry_with_different_input",
|
|
959
1043
|
category: "ucp"
|
|
960
1044
|
},
|
|
961
1045
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -963,7 +1047,8 @@ var ERRORS = {
|
|
|
963
1047
|
http_status: 401,
|
|
964
1048
|
title: "UCP Key Curve Mismatch",
|
|
965
1049
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
966
|
-
|
|
1050
|
+
retryable: false,
|
|
1051
|
+
next_action: "retry_with_different_input",
|
|
967
1052
|
category: "ucp"
|
|
968
1053
|
},
|
|
969
1054
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -971,7 +1056,8 @@ var ERRORS = {
|
|
|
971
1056
|
http_status: 401,
|
|
972
1057
|
title: "UCP Key Not Found",
|
|
973
1058
|
description: "Key ID from signature not found in business UCP profile",
|
|
974
|
-
|
|
1059
|
+
retryable: true,
|
|
1060
|
+
next_action: "retry_after_delay",
|
|
975
1061
|
category: "ucp"
|
|
976
1062
|
},
|
|
977
1063
|
E_UCP_ORDER_INVALID: {
|
|
@@ -979,7 +1065,8 @@ var ERRORS = {
|
|
|
979
1065
|
http_status: 400,
|
|
980
1066
|
title: "UCP Order Invalid",
|
|
981
1067
|
description: "UCP order object does not conform to expected schema",
|
|
982
|
-
|
|
1068
|
+
retryable: false,
|
|
1069
|
+
next_action: "retry_with_different_input",
|
|
983
1070
|
category: "ucp"
|
|
984
1071
|
},
|
|
985
1072
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -987,7 +1074,8 @@ var ERRORS = {
|
|
|
987
1074
|
http_status: 400,
|
|
988
1075
|
title: "UCP Order Missing ID",
|
|
989
1076
|
description: "UCP order is missing required id field",
|
|
990
|
-
|
|
1077
|
+
retryable: false,
|
|
1078
|
+
next_action: "retry_with_different_input",
|
|
991
1079
|
category: "ucp"
|
|
992
1080
|
},
|
|
993
1081
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -995,7 +1083,8 @@ var ERRORS = {
|
|
|
995
1083
|
http_status: 400,
|
|
996
1084
|
title: "UCP Order Missing Line Items",
|
|
997
1085
|
description: "UCP order is missing required line_items array",
|
|
998
|
-
|
|
1086
|
+
retryable: false,
|
|
1087
|
+
next_action: "retry_with_different_input",
|
|
999
1088
|
category: "ucp"
|
|
1000
1089
|
},
|
|
1001
1090
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -1003,7 +1092,8 @@ var ERRORS = {
|
|
|
1003
1092
|
http_status: 400,
|
|
1004
1093
|
title: "UCP Order Missing Totals",
|
|
1005
1094
|
description: "UCP order is missing required totals array or total entry",
|
|
1006
|
-
|
|
1095
|
+
retryable: false,
|
|
1096
|
+
next_action: "retry_with_different_input",
|
|
1007
1097
|
category: "ucp"
|
|
1008
1098
|
},
|
|
1009
1099
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -1011,7 +1101,8 @@ var ERRORS = {
|
|
|
1011
1101
|
http_status: 400,
|
|
1012
1102
|
title: "UCP Payload Empty",
|
|
1013
1103
|
description: "Webhook request body is empty",
|
|
1014
|
-
|
|
1104
|
+
retryable: false,
|
|
1105
|
+
next_action: "retry_with_different_input",
|
|
1015
1106
|
category: "ucp"
|
|
1016
1107
|
},
|
|
1017
1108
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -1019,7 +1110,8 @@ var ERRORS = {
|
|
|
1019
1110
|
http_status: 400,
|
|
1020
1111
|
title: "UCP Payload Not JSON",
|
|
1021
1112
|
description: "Webhook request body is not valid JSON",
|
|
1022
|
-
|
|
1113
|
+
retryable: false,
|
|
1114
|
+
next_action: "retry_with_different_input",
|
|
1023
1115
|
category: "ucp"
|
|
1024
1116
|
},
|
|
1025
1117
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -1027,7 +1119,8 @@ var ERRORS = {
|
|
|
1027
1119
|
http_status: 400,
|
|
1028
1120
|
title: "UCP Payload Too Large",
|
|
1029
1121
|
description: "Webhook request body exceeds maximum allowed size",
|
|
1030
|
-
|
|
1122
|
+
retryable: false,
|
|
1123
|
+
next_action: "retry_with_different_input",
|
|
1031
1124
|
category: "ucp"
|
|
1032
1125
|
},
|
|
1033
1126
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -1035,7 +1128,8 @@ var ERRORS = {
|
|
|
1035
1128
|
http_status: 502,
|
|
1036
1129
|
title: "UCP Profile Fetch Failed",
|
|
1037
1130
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
1038
|
-
|
|
1131
|
+
retryable: true,
|
|
1132
|
+
next_action: "retry_after_delay",
|
|
1039
1133
|
category: "ucp"
|
|
1040
1134
|
},
|
|
1041
1135
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -1043,7 +1137,8 @@ var ERRORS = {
|
|
|
1043
1137
|
http_status: 502,
|
|
1044
1138
|
title: "UCP Profile Invalid",
|
|
1045
1139
|
description: "Business UCP profile does not conform to expected schema",
|
|
1046
|
-
|
|
1140
|
+
retryable: false,
|
|
1141
|
+
next_action: "retry_with_different_input",
|
|
1047
1142
|
category: "ucp"
|
|
1048
1143
|
},
|
|
1049
1144
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -1051,7 +1146,8 @@ var ERRORS = {
|
|
|
1051
1146
|
http_status: 502,
|
|
1052
1147
|
title: "UCP Profile No Signing Keys",
|
|
1053
1148
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
1054
|
-
|
|
1149
|
+
retryable: false,
|
|
1150
|
+
next_action: "retry_with_different_input",
|
|
1055
1151
|
category: "ucp"
|
|
1056
1152
|
},
|
|
1057
1153
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -1059,7 +1155,8 @@ var ERRORS = {
|
|
|
1059
1155
|
http_status: 400,
|
|
1060
1156
|
title: "UCP Signature Algorithm Unsupported",
|
|
1061
1157
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
1062
|
-
|
|
1158
|
+
retryable: false,
|
|
1159
|
+
next_action: "retry_with_different_input",
|
|
1063
1160
|
category: "ucp"
|
|
1064
1161
|
},
|
|
1065
1162
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -1067,7 +1164,8 @@ var ERRORS = {
|
|
|
1067
1164
|
http_status: 400,
|
|
1068
1165
|
title: "UCP Signature b64 Invalid",
|
|
1069
1166
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
1070
|
-
|
|
1167
|
+
retryable: false,
|
|
1168
|
+
next_action: "retry_with_different_input",
|
|
1071
1169
|
category: "ucp"
|
|
1072
1170
|
},
|
|
1073
1171
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -1075,7 +1173,8 @@ var ERRORS = {
|
|
|
1075
1173
|
http_status: 401,
|
|
1076
1174
|
title: "UCP Signature Invalid",
|
|
1077
1175
|
description: "Webhook signature verification failed against payload",
|
|
1078
|
-
|
|
1176
|
+
retryable: false,
|
|
1177
|
+
next_action: "retry_with_different_input",
|
|
1079
1178
|
category: "ucp"
|
|
1080
1179
|
},
|
|
1081
1180
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -1083,7 +1182,8 @@ var ERRORS = {
|
|
|
1083
1182
|
http_status: 400,
|
|
1084
1183
|
title: "UCP Signature Malformed",
|
|
1085
1184
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
1086
|
-
|
|
1185
|
+
retryable: false,
|
|
1186
|
+
next_action: "retry_with_different_input",
|
|
1087
1187
|
category: "ucp"
|
|
1088
1188
|
},
|
|
1089
1189
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -1091,7 +1191,8 @@ var ERRORS = {
|
|
|
1091
1191
|
http_status: 400,
|
|
1092
1192
|
title: "UCP Signature Missing",
|
|
1093
1193
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
1094
|
-
|
|
1194
|
+
retryable: false,
|
|
1195
|
+
next_action: "retry_with_different_input",
|
|
1095
1196
|
category: "ucp"
|
|
1096
1197
|
},
|
|
1097
1198
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -1099,7 +1200,8 @@ var ERRORS = {
|
|
|
1099
1200
|
http_status: 401,
|
|
1100
1201
|
title: "UCP Verification Failed",
|
|
1101
1202
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
1102
|
-
|
|
1203
|
+
retryable: false,
|
|
1204
|
+
next_action: "retry_with_different_input",
|
|
1103
1205
|
category: "ucp"
|
|
1104
1206
|
},
|
|
1105
1207
|
// Validation error codes
|
|
@@ -1108,7 +1210,8 @@ var ERRORS = {
|
|
|
1108
1210
|
http_status: 400,
|
|
1109
1211
|
title: "Kernel Constraint Violation",
|
|
1110
1212
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
1111
|
-
|
|
1213
|
+
retryable: false,
|
|
1214
|
+
next_action: "retry_with_different_input",
|
|
1112
1215
|
category: "validation"
|
|
1113
1216
|
},
|
|
1114
1217
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -1116,7 +1219,8 @@ var ERRORS = {
|
|
|
1116
1219
|
http_status: 400,
|
|
1117
1220
|
title: "Evidence Not JSON-Safe",
|
|
1118
1221
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
1119
|
-
|
|
1222
|
+
retryable: false,
|
|
1223
|
+
next_action: "retry_with_different_input",
|
|
1120
1224
|
category: "validation"
|
|
1121
1225
|
},
|
|
1122
1226
|
E_EXPIRED: {
|
|
@@ -1124,7 +1228,8 @@ var ERRORS = {
|
|
|
1124
1228
|
http_status: 400,
|
|
1125
1229
|
title: "Receipt Expired",
|
|
1126
1230
|
description: "Receipt has exceeded its expiration time",
|
|
1127
|
-
|
|
1231
|
+
retryable: false,
|
|
1232
|
+
next_action: "retry_with_different_input",
|
|
1128
1233
|
category: "validation"
|
|
1129
1234
|
},
|
|
1130
1235
|
E_INVALID_AMOUNT: {
|
|
@@ -1132,7 +1237,8 @@ var ERRORS = {
|
|
|
1132
1237
|
http_status: 400,
|
|
1133
1238
|
title: "Invalid Amount",
|
|
1134
1239
|
description: "Payment amount is invalid or out of allowed range",
|
|
1135
|
-
|
|
1240
|
+
retryable: false,
|
|
1241
|
+
next_action: "retry_with_different_input",
|
|
1136
1242
|
category: "validation"
|
|
1137
1243
|
},
|
|
1138
1244
|
E_INVALID_AUDIENCE: {
|
|
@@ -1140,7 +1246,8 @@ var ERRORS = {
|
|
|
1140
1246
|
http_status: 400,
|
|
1141
1247
|
title: "Invalid Audience",
|
|
1142
1248
|
description: "Receipt audience claim does not match expected value",
|
|
1143
|
-
|
|
1249
|
+
retryable: false,
|
|
1250
|
+
next_action: "retry_with_different_input",
|
|
1144
1251
|
category: "validation"
|
|
1145
1252
|
},
|
|
1146
1253
|
E_INVALID_CURRENCY: {
|
|
@@ -1148,7 +1255,8 @@ var ERRORS = {
|
|
|
1148
1255
|
http_status: 400,
|
|
1149
1256
|
title: "Invalid Currency",
|
|
1150
1257
|
description: "Currency code is not a valid ISO 4217 code",
|
|
1151
|
-
|
|
1258
|
+
retryable: false,
|
|
1259
|
+
next_action: "retry_with_different_input",
|
|
1152
1260
|
category: "validation"
|
|
1153
1261
|
},
|
|
1154
1262
|
E_INVALID_FORMAT: {
|
|
@@ -1156,7 +1264,8 @@ var ERRORS = {
|
|
|
1156
1264
|
http_status: 400,
|
|
1157
1265
|
title: "Invalid Format",
|
|
1158
1266
|
description: "Receipt does not conform to JWS format",
|
|
1159
|
-
|
|
1267
|
+
retryable: false,
|
|
1268
|
+
next_action: "retry_with_different_input",
|
|
1160
1269
|
category: "validation"
|
|
1161
1270
|
},
|
|
1162
1271
|
E_INVALID_ISSUER: {
|
|
@@ -1164,7 +1273,8 @@ var ERRORS = {
|
|
|
1164
1273
|
http_status: 400,
|
|
1165
1274
|
title: "Invalid Issuer",
|
|
1166
1275
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1167
|
-
|
|
1276
|
+
retryable: false,
|
|
1277
|
+
next_action: "retry_with_different_input",
|
|
1168
1278
|
category: "validation"
|
|
1169
1279
|
},
|
|
1170
1280
|
E_INVALID_RAIL: {
|
|
@@ -1172,7 +1282,8 @@ var ERRORS = {
|
|
|
1172
1282
|
http_status: 400,
|
|
1173
1283
|
title: "Invalid Payment Rail",
|
|
1174
1284
|
description: "Payment rail identifier is not recognized",
|
|
1175
|
-
|
|
1285
|
+
retryable: false,
|
|
1286
|
+
next_action: "retry_with_different_input",
|
|
1176
1287
|
category: "validation"
|
|
1177
1288
|
},
|
|
1178
1289
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1180,7 +1291,8 @@ var ERRORS = {
|
|
|
1180
1291
|
http_status: 400,
|
|
1181
1292
|
title: "Invalid Receipt ID",
|
|
1182
1293
|
description: "Receipt ID (rid) does not match expected value",
|
|
1183
|
-
|
|
1294
|
+
retryable: false,
|
|
1295
|
+
next_action: "retry_with_different_input",
|
|
1184
1296
|
category: "validation"
|
|
1185
1297
|
},
|
|
1186
1298
|
E_INVALID_SUBJECT: {
|
|
@@ -1188,7 +1300,8 @@ var ERRORS = {
|
|
|
1188
1300
|
http_status: 400,
|
|
1189
1301
|
title: "Invalid Subject",
|
|
1190
1302
|
description: "Receipt subject claim does not match expected value",
|
|
1191
|
-
|
|
1303
|
+
retryable: false,
|
|
1304
|
+
next_action: "retry_with_different_input",
|
|
1192
1305
|
category: "validation"
|
|
1193
1306
|
},
|
|
1194
1307
|
E_MISSING_EXP: {
|
|
@@ -1196,7 +1309,8 @@ var ERRORS = {
|
|
|
1196
1309
|
http_status: 400,
|
|
1197
1310
|
title: "Missing Expiration",
|
|
1198
1311
|
description: "Receipt is missing required exp claim",
|
|
1199
|
-
|
|
1312
|
+
retryable: false,
|
|
1313
|
+
next_action: "retry_with_different_input",
|
|
1200
1314
|
category: "validation"
|
|
1201
1315
|
},
|
|
1202
1316
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1204,7 +1318,8 @@ var ERRORS = {
|
|
|
1204
1318
|
http_status: 400,
|
|
1205
1319
|
title: "Missing Required Claim",
|
|
1206
1320
|
description: "Receipt is missing a required JWT claim",
|
|
1207
|
-
|
|
1321
|
+
retryable: false,
|
|
1322
|
+
next_action: "retry_with_different_input",
|
|
1208
1323
|
category: "validation"
|
|
1209
1324
|
},
|
|
1210
1325
|
E_NOT_YET_VALID: {
|
|
@@ -1212,7 +1327,8 @@ var ERRORS = {
|
|
|
1212
1327
|
http_status: 400,
|
|
1213
1328
|
title: "Not Yet Valid",
|
|
1214
1329
|
description: "Receipt nbf (not before) time is in the future",
|
|
1215
|
-
|
|
1330
|
+
retryable: true,
|
|
1331
|
+
next_action: "retry_after_delay",
|
|
1216
1332
|
category: "validation"
|
|
1217
1333
|
},
|
|
1218
1334
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1220,7 +1336,8 @@ var ERRORS = {
|
|
|
1220
1336
|
http_status: 400,
|
|
1221
1337
|
title: "Attestation Receipt Invalid",
|
|
1222
1338
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1223
|
-
|
|
1339
|
+
retryable: false,
|
|
1340
|
+
next_action: "retry_with_different_input",
|
|
1224
1341
|
category: "validation"
|
|
1225
1342
|
},
|
|
1226
1343
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1228,7 +1345,8 @@ var ERRORS = {
|
|
|
1228
1345
|
http_status: 400,
|
|
1229
1346
|
title: "Commerce Receipt Invalid",
|
|
1230
1347
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1231
|
-
|
|
1348
|
+
retryable: false,
|
|
1349
|
+
next_action: "retry_with_different_input",
|
|
1232
1350
|
category: "validation"
|
|
1233
1351
|
},
|
|
1234
1352
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1236,7 +1354,8 @@ var ERRORS = {
|
|
|
1236
1354
|
http_status: 400,
|
|
1237
1355
|
title: "Parse Invalid Input",
|
|
1238
1356
|
description: "Input to receipt parser is not a non-null object",
|
|
1239
|
-
|
|
1357
|
+
retryable: false,
|
|
1358
|
+
next_action: "retry_with_different_input",
|
|
1240
1359
|
category: "validation"
|
|
1241
1360
|
},
|
|
1242
1361
|
// Verification error codes
|
|
@@ -1245,7 +1364,8 @@ var ERRORS = {
|
|
|
1245
1364
|
http_status: 400,
|
|
1246
1365
|
title: "Invalid Signature",
|
|
1247
1366
|
description: "Receipt signature verification failed",
|
|
1248
|
-
|
|
1367
|
+
retryable: false,
|
|
1368
|
+
next_action: "abort",
|
|
1249
1369
|
category: "verification"
|
|
1250
1370
|
},
|
|
1251
1371
|
E_KEY_NOT_FOUND: {
|
|
@@ -1253,7 +1373,8 @@ var ERRORS = {
|
|
|
1253
1373
|
http_status: 400,
|
|
1254
1374
|
title: "Key Not Found",
|
|
1255
1375
|
description: "Public key with specified kid not found in JWKS",
|
|
1256
|
-
|
|
1376
|
+
retryable: false,
|
|
1377
|
+
next_action: "retry_with_different_key",
|
|
1257
1378
|
category: "verification"
|
|
1258
1379
|
},
|
|
1259
1380
|
// Verifier error codes
|
|
@@ -1262,7 +1383,17 @@ var ERRORS = {
|
|
|
1262
1383
|
http_status: 400,
|
|
1263
1384
|
title: "Extension Too Large",
|
|
1264
1385
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1265
|
-
|
|
1386
|
+
retryable: false,
|
|
1387
|
+
next_action: "abort",
|
|
1388
|
+
category: "verifier"
|
|
1389
|
+
},
|
|
1390
|
+
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
1391
|
+
code: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
1392
|
+
http_status: 403,
|
|
1393
|
+
title: "Insecure Scheme Blocked",
|
|
1394
|
+
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1395
|
+
retryable: false,
|
|
1396
|
+
next_action: "abort",
|
|
1266
1397
|
category: "verifier"
|
|
1267
1398
|
},
|
|
1268
1399
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1270,7 +1401,35 @@ var ERRORS = {
|
|
|
1270
1401
|
http_status: 400,
|
|
1271
1402
|
title: "Invalid Transport",
|
|
1272
1403
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1273
|
-
|
|
1404
|
+
retryable: false,
|
|
1405
|
+
next_action: "abort",
|
|
1406
|
+
category: "verifier"
|
|
1407
|
+
},
|
|
1408
|
+
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
1409
|
+
code: "E_VERIFY_ISSUER_CONFIG_INVALID",
|
|
1410
|
+
http_status: 502,
|
|
1411
|
+
title: "Issuer Config Invalid",
|
|
1412
|
+
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1413
|
+
retryable: false,
|
|
1414
|
+
next_action: "abort",
|
|
1415
|
+
category: "verifier"
|
|
1416
|
+
},
|
|
1417
|
+
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
1418
|
+
code: "E_VERIFY_ISSUER_CONFIG_MISSING",
|
|
1419
|
+
http_status: 502,
|
|
1420
|
+
title: "Issuer Config Missing",
|
|
1421
|
+
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1422
|
+
retryable: true,
|
|
1423
|
+
next_action: "retry_after_delay",
|
|
1424
|
+
category: "verifier"
|
|
1425
|
+
},
|
|
1426
|
+
E_VERIFY_ISSUER_MISMATCH: {
|
|
1427
|
+
code: "E_VERIFY_ISSUER_MISMATCH",
|
|
1428
|
+
http_status: 403,
|
|
1429
|
+
title: "Issuer Mismatch",
|
|
1430
|
+
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1431
|
+
retryable: false,
|
|
1432
|
+
next_action: "abort",
|
|
1274
1433
|
category: "verifier"
|
|
1275
1434
|
},
|
|
1276
1435
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1278,7 +1437,17 @@ var ERRORS = {
|
|
|
1278
1437
|
http_status: 403,
|
|
1279
1438
|
title: "Issuer Not Allowed",
|
|
1280
1439
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1281
|
-
|
|
1440
|
+
retryable: false,
|
|
1441
|
+
next_action: "abort",
|
|
1442
|
+
category: "verifier"
|
|
1443
|
+
},
|
|
1444
|
+
E_VERIFY_JWKS_INVALID: {
|
|
1445
|
+
code: "E_VERIFY_JWKS_INVALID",
|
|
1446
|
+
http_status: 502,
|
|
1447
|
+
title: "JWKS Invalid",
|
|
1448
|
+
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1449
|
+
retryable: false,
|
|
1450
|
+
next_action: "abort",
|
|
1282
1451
|
category: "verifier"
|
|
1283
1452
|
},
|
|
1284
1453
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1286,7 +1455,8 @@ var ERRORS = {
|
|
|
1286
1455
|
http_status: 400,
|
|
1287
1456
|
title: "JWKS Too Large",
|
|
1288
1457
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1289
|
-
|
|
1458
|
+
retryable: false,
|
|
1459
|
+
next_action: "abort",
|
|
1290
1460
|
category: "verifier"
|
|
1291
1461
|
},
|
|
1292
1462
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1294,7 +1464,17 @@ var ERRORS = {
|
|
|
1294
1464
|
http_status: 400,
|
|
1295
1465
|
title: "JWKS Too Many Keys",
|
|
1296
1466
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1297
|
-
|
|
1467
|
+
retryable: false,
|
|
1468
|
+
next_action: "abort",
|
|
1469
|
+
category: "verifier"
|
|
1470
|
+
},
|
|
1471
|
+
E_VERIFY_JWKS_URI_INVALID: {
|
|
1472
|
+
code: "E_VERIFY_JWKS_URI_INVALID",
|
|
1473
|
+
http_status: 502,
|
|
1474
|
+
title: "JWKS URI Invalid",
|
|
1475
|
+
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1476
|
+
retryable: false,
|
|
1477
|
+
next_action: "abort",
|
|
1298
1478
|
category: "verifier"
|
|
1299
1479
|
},
|
|
1300
1480
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1302,7 +1482,8 @@ var ERRORS = {
|
|
|
1302
1482
|
http_status: 403,
|
|
1303
1483
|
title: "Key Fetch Blocked",
|
|
1304
1484
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1305
|
-
|
|
1485
|
+
retryable: false,
|
|
1486
|
+
next_action: "abort",
|
|
1306
1487
|
category: "verifier"
|
|
1307
1488
|
},
|
|
1308
1489
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1310,7 +1491,8 @@ var ERRORS = {
|
|
|
1310
1491
|
http_status: 502,
|
|
1311
1492
|
title: "Key Fetch Failed",
|
|
1312
1493
|
description: "Network error while fetching JWKS from issuer",
|
|
1313
|
-
|
|
1494
|
+
retryable: true,
|
|
1495
|
+
next_action: "retry_after_delay",
|
|
1314
1496
|
category: "verifier"
|
|
1315
1497
|
},
|
|
1316
1498
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1318,7 +1500,8 @@ var ERRORS = {
|
|
|
1318
1500
|
http_status: 504,
|
|
1319
1501
|
title: "Key Fetch Timeout",
|
|
1320
1502
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1321
|
-
|
|
1503
|
+
retryable: true,
|
|
1504
|
+
next_action: "retry_after_delay",
|
|
1322
1505
|
category: "verifier"
|
|
1323
1506
|
},
|
|
1324
1507
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1326,7 +1509,8 @@ var ERRORS = {
|
|
|
1326
1509
|
http_status: 400,
|
|
1327
1510
|
title: "Malformed Receipt",
|
|
1328
1511
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1329
|
-
|
|
1512
|
+
retryable: false,
|
|
1513
|
+
next_action: "abort",
|
|
1330
1514
|
category: "verifier"
|
|
1331
1515
|
},
|
|
1332
1516
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1334,7 +1518,8 @@ var ERRORS = {
|
|
|
1334
1518
|
http_status: 400,
|
|
1335
1519
|
title: "Pointer Digest Mismatch",
|
|
1336
1520
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1337
|
-
|
|
1521
|
+
retryable: false,
|
|
1522
|
+
next_action: "abort",
|
|
1338
1523
|
category: "verifier"
|
|
1339
1524
|
},
|
|
1340
1525
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1342,7 +1527,8 @@ var ERRORS = {
|
|
|
1342
1527
|
http_status: 403,
|
|
1343
1528
|
title: "Pointer Fetch Blocked",
|
|
1344
1529
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1345
|
-
|
|
1530
|
+
retryable: false,
|
|
1531
|
+
next_action: "abort",
|
|
1346
1532
|
category: "verifier"
|
|
1347
1533
|
},
|
|
1348
1534
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1350,7 +1536,8 @@ var ERRORS = {
|
|
|
1350
1536
|
http_status: 502,
|
|
1351
1537
|
title: "Pointer Fetch Failed",
|
|
1352
1538
|
description: "Network error while fetching receipt from pointer URL",
|
|
1353
|
-
|
|
1539
|
+
retryable: true,
|
|
1540
|
+
next_action: "retry_after_delay",
|
|
1354
1541
|
category: "verifier"
|
|
1355
1542
|
},
|
|
1356
1543
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1358,7 +1545,8 @@ var ERRORS = {
|
|
|
1358
1545
|
http_status: 504,
|
|
1359
1546
|
title: "Pointer Fetch Timeout",
|
|
1360
1547
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1361
|
-
|
|
1548
|
+
retryable: true,
|
|
1549
|
+
next_action: "retry_after_delay",
|
|
1362
1550
|
category: "verifier"
|
|
1363
1551
|
},
|
|
1364
1552
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1366,7 +1554,8 @@ var ERRORS = {
|
|
|
1366
1554
|
http_status: 413,
|
|
1367
1555
|
title: "Pointer Fetch Too Large",
|
|
1368
1556
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1369
|
-
|
|
1557
|
+
retryable: false,
|
|
1558
|
+
next_action: "abort",
|
|
1370
1559
|
category: "verifier"
|
|
1371
1560
|
},
|
|
1372
1561
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1374,7 +1563,8 @@ var ERRORS = {
|
|
|
1374
1563
|
http_status: 403,
|
|
1375
1564
|
title: "Policy Violation",
|
|
1376
1565
|
description: "Receipt violates verifier trust policy",
|
|
1377
|
-
|
|
1566
|
+
retryable: false,
|
|
1567
|
+
next_action: "abort",
|
|
1378
1568
|
category: "verifier"
|
|
1379
1569
|
},
|
|
1380
1570
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1382,7 +1572,8 @@ var ERRORS = {
|
|
|
1382
1572
|
http_status: 413,
|
|
1383
1573
|
title: "Receipt Too Large",
|
|
1384
1574
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1385
|
-
|
|
1575
|
+
retryable: false,
|
|
1576
|
+
next_action: "abort",
|
|
1386
1577
|
category: "verifier"
|
|
1387
1578
|
},
|
|
1388
1579
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1390,7 +1581,8 @@ var ERRORS = {
|
|
|
1390
1581
|
http_status: 400,
|
|
1391
1582
|
title: "Schema Invalid",
|
|
1392
1583
|
description: "Receipt claims do not conform to expected schema",
|
|
1393
|
-
|
|
1584
|
+
retryable: false,
|
|
1585
|
+
next_action: "abort",
|
|
1394
1586
|
category: "verifier"
|
|
1395
1587
|
},
|
|
1396
1588
|
// Workflow error codes
|
|
@@ -1399,7 +1591,8 @@ var ERRORS = {
|
|
|
1399
1591
|
http_status: 400,
|
|
1400
1592
|
title: "Invalid Workflow Context",
|
|
1401
1593
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1402
|
-
|
|
1594
|
+
retryable: false,
|
|
1595
|
+
next_action: "retry_with_different_input",
|
|
1403
1596
|
category: "workflow"
|
|
1404
1597
|
},
|
|
1405
1598
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1407,7 +1600,8 @@ var ERRORS = {
|
|
|
1407
1600
|
http_status: 400,
|
|
1408
1601
|
title: "Workflow Cycle Detected",
|
|
1409
1602
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1410
|
-
|
|
1603
|
+
retryable: false,
|
|
1604
|
+
next_action: "retry_with_different_input",
|
|
1411
1605
|
category: "workflow"
|
|
1412
1606
|
},
|
|
1413
1607
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1415,7 +1609,8 @@ var ERRORS = {
|
|
|
1415
1609
|
http_status: 400,
|
|
1416
1610
|
title: "Invalid Workflow DAG",
|
|
1417
1611
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1418
|
-
|
|
1612
|
+
retryable: false,
|
|
1613
|
+
next_action: "retry_with_different_input",
|
|
1419
1614
|
category: "workflow"
|
|
1420
1615
|
},
|
|
1421
1616
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1423,7 +1618,8 @@ var ERRORS = {
|
|
|
1423
1618
|
http_status: 400,
|
|
1424
1619
|
title: "Invalid Workflow ID",
|
|
1425
1620
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1426
|
-
|
|
1621
|
+
retryable: false,
|
|
1622
|
+
next_action: "retry_with_different_input",
|
|
1427
1623
|
category: "workflow"
|
|
1428
1624
|
},
|
|
1429
1625
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1431,7 +1627,8 @@ var ERRORS = {
|
|
|
1431
1627
|
http_status: 400,
|
|
1432
1628
|
title: "Workflow Limit Exceeded",
|
|
1433
1629
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1434
|
-
|
|
1630
|
+
retryable: false,
|
|
1631
|
+
next_action: "retry_with_different_input",
|
|
1435
1632
|
category: "workflow"
|
|
1436
1633
|
},
|
|
1437
1634
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1439,7 +1636,8 @@ var ERRORS = {
|
|
|
1439
1636
|
http_status: 400,
|
|
1440
1637
|
title: "Parent Step Not Found",
|
|
1441
1638
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1442
|
-
|
|
1639
|
+
retryable: false,
|
|
1640
|
+
next_action: "retry_with_different_input",
|
|
1443
1641
|
category: "workflow"
|
|
1444
1642
|
},
|
|
1445
1643
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1447,7 +1645,8 @@ var ERRORS = {
|
|
|
1447
1645
|
http_status: 400,
|
|
1448
1646
|
title: "Invalid Step ID",
|
|
1449
1647
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1450
|
-
|
|
1648
|
+
retryable: false,
|
|
1649
|
+
next_action: "retry_with_different_input",
|
|
1451
1650
|
category: "workflow"
|
|
1452
1651
|
},
|
|
1453
1652
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1455,15 +1654,16 @@ var ERRORS = {
|
|
|
1455
1654
|
http_status: 400,
|
|
1456
1655
|
title: "Invalid Workflow Summary",
|
|
1457
1656
|
description: "Workflow summary attestation does not conform to schema",
|
|
1458
|
-
|
|
1657
|
+
retryable: false,
|
|
1658
|
+
next_action: "retry_with_different_input",
|
|
1459
1659
|
category: "workflow"
|
|
1460
1660
|
}
|
|
1461
1661
|
};
|
|
1462
1662
|
function getError(code) {
|
|
1463
1663
|
return ERRORS[code];
|
|
1464
1664
|
}
|
|
1465
|
-
function
|
|
1466
|
-
return ERRORS[code]?.
|
|
1665
|
+
function isRetryable(code) {
|
|
1666
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1467
1667
|
}
|
|
1468
1668
|
var BUNDLE_ERRORS = {
|
|
1469
1669
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1651,6 +1851,10 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1651
1851
|
return purposeEnforced;
|
|
1652
1852
|
}
|
|
1653
1853
|
|
|
1654
|
-
|
|
1854
|
+
// src/carrier.ts
|
|
1855
|
+
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1856
|
+
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1857
|
+
|
|
1858
|
+
export { AGENT_PROTOCOLS, ALGORITHMS, BUNDLE_ERRORS, BUNDLE_VERSION, CONSTANTS, CONTROL_ENGINES, DISCOVERY, DISPUTE_ERRORS, ERRORS, ERROR_CATEGORIES, ERROR_CODES, HASH, HEADERS, ISSUER_CONFIG, JWKS, LIMITS, PAYMENT_RAILS, PEAC_RECEIPT_HEADER, PEAC_RECEIPT_URL_HEADER, POLICY, PRIVATE_IP_RANGES, RECEIPT, REGISTRIES, TRANSPORT_METHODS, VARY_HEADERS, VERIFICATION_MODES, VERIFICATION_REPORT_VERSION, VERIFIER_LIMITS, VERIFIER_NETWORK, VERIFIER_POLICY_VERSION, WIRE_TYPE, WIRE_VERSION, applyPurposeVary, findAgentProtocol, findControlEngine, findPaymentRail, findTransportMethod, formatHash, getError, getPeacVaryHeaders, isRetryable, isValidHash, needsPurposeVary, parseHash };
|
|
1655
1859
|
//# sourceMappingURL=index.mjs.map
|
|
1656
1860
|
//# sourceMappingURL=index.mjs.map
|