@peac/kernel 0.11.1 → 0.11.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/carrier.d.ts +14 -0
- package/dist/carrier.d.ts.map +1 -1
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +295 -149
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +3 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +295 -149
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +297 -149
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +296 -149
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -340,7 +340,8 @@ var ERRORS = {
|
|
|
340
340
|
http_status: 400,
|
|
341
341
|
title: "Attribution Chain Too Deep",
|
|
342
342
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
343
|
-
|
|
343
|
+
retryable: false,
|
|
344
|
+
next_action: "retry_with_different_input",
|
|
344
345
|
category: "attribution"
|
|
345
346
|
},
|
|
346
347
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -348,7 +349,8 @@ var ERRORS = {
|
|
|
348
349
|
http_status: 400,
|
|
349
350
|
title: "Attribution Circular Chain",
|
|
350
351
|
description: "Circular reference detected in attribution chain",
|
|
351
|
-
|
|
352
|
+
retryable: false,
|
|
353
|
+
next_action: "retry_with_different_input",
|
|
352
354
|
category: "attribution"
|
|
353
355
|
},
|
|
354
356
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -356,7 +358,8 @@ var ERRORS = {
|
|
|
356
358
|
http_status: 401,
|
|
357
359
|
title: "Attribution Expired",
|
|
358
360
|
description: "Attribution attestation has exceeded its expiration time",
|
|
359
|
-
|
|
361
|
+
retryable: false,
|
|
362
|
+
next_action: "retry_with_different_input",
|
|
360
363
|
category: "attribution"
|
|
361
364
|
},
|
|
362
365
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -364,7 +367,8 @@ var ERRORS = {
|
|
|
364
367
|
http_status: 400,
|
|
365
368
|
title: "Attribution Hash Invalid",
|
|
366
369
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
367
|
-
|
|
370
|
+
retryable: false,
|
|
371
|
+
next_action: "retry_with_different_input",
|
|
368
372
|
category: "attribution"
|
|
369
373
|
},
|
|
370
374
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -372,7 +376,8 @@ var ERRORS = {
|
|
|
372
376
|
http_status: 400,
|
|
373
377
|
title: "Attribution Invalid Format",
|
|
374
378
|
description: "Attribution attestation does not conform to schema",
|
|
375
|
-
|
|
379
|
+
retryable: false,
|
|
380
|
+
next_action: "retry_with_different_input",
|
|
376
381
|
category: "attribution"
|
|
377
382
|
},
|
|
378
383
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -380,7 +385,8 @@ var ERRORS = {
|
|
|
380
385
|
http_status: 400,
|
|
381
386
|
title: "Attribution Invalid Reference",
|
|
382
387
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
383
|
-
|
|
388
|
+
retryable: false,
|
|
389
|
+
next_action: "retry_with_different_input",
|
|
384
390
|
category: "attribution"
|
|
385
391
|
},
|
|
386
392
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -388,7 +394,8 @@ var ERRORS = {
|
|
|
388
394
|
http_status: 400,
|
|
389
395
|
title: "Attribution Invalid Weight",
|
|
390
396
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
391
|
-
|
|
397
|
+
retryable: false,
|
|
398
|
+
next_action: "retry_with_different_input",
|
|
392
399
|
category: "attribution"
|
|
393
400
|
},
|
|
394
401
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -396,7 +403,8 @@ var ERRORS = {
|
|
|
396
403
|
http_status: 400,
|
|
397
404
|
title: "Attribution Missing Sources",
|
|
398
405
|
description: "Attribution attestation has empty sources array",
|
|
399
|
-
|
|
406
|
+
retryable: false,
|
|
407
|
+
next_action: "retry_with_different_input",
|
|
400
408
|
category: "attribution"
|
|
401
409
|
},
|
|
402
410
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -404,7 +412,8 @@ var ERRORS = {
|
|
|
404
412
|
http_status: 401,
|
|
405
413
|
title: "Attribution Not Yet Valid",
|
|
406
414
|
description: "Attribution attestation issued_at time is in the future",
|
|
407
|
-
|
|
415
|
+
retryable: true,
|
|
416
|
+
next_action: "retry_after_delay",
|
|
408
417
|
category: "attribution"
|
|
409
418
|
},
|
|
410
419
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -412,7 +421,8 @@ var ERRORS = {
|
|
|
412
421
|
http_status: 502,
|
|
413
422
|
title: "Attribution Resolution Failed",
|
|
414
423
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
415
|
-
|
|
424
|
+
retryable: true,
|
|
425
|
+
next_action: "retry_after_delay",
|
|
416
426
|
category: "attribution"
|
|
417
427
|
},
|
|
418
428
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -420,7 +430,8 @@ var ERRORS = {
|
|
|
420
430
|
http_status: 504,
|
|
421
431
|
title: "Attribution Resolution Timeout",
|
|
422
432
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
423
|
-
|
|
433
|
+
retryable: true,
|
|
434
|
+
next_action: "retry_after_delay",
|
|
424
435
|
category: "attribution"
|
|
425
436
|
},
|
|
426
437
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -428,7 +439,8 @@ var ERRORS = {
|
|
|
428
439
|
http_status: 400,
|
|
429
440
|
title: "Attribution Size Exceeded",
|
|
430
441
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
431
|
-
|
|
442
|
+
retryable: false,
|
|
443
|
+
next_action: "retry_with_different_input",
|
|
432
444
|
category: "attribution"
|
|
433
445
|
},
|
|
434
446
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -436,7 +448,8 @@ var ERRORS = {
|
|
|
436
448
|
http_status: 400,
|
|
437
449
|
title: "Attribution Too Many Sources",
|
|
438
450
|
description: "Attribution has too many sources (maximum 100)",
|
|
439
|
-
|
|
451
|
+
retryable: false,
|
|
452
|
+
next_action: "retry_with_different_input",
|
|
440
453
|
category: "attribution"
|
|
441
454
|
},
|
|
442
455
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -444,7 +457,8 @@ var ERRORS = {
|
|
|
444
457
|
http_status: 400,
|
|
445
458
|
title: "Attribution Unknown Usage",
|
|
446
459
|
description: "Attribution usage type is not recognized",
|
|
447
|
-
|
|
460
|
+
retryable: false,
|
|
461
|
+
next_action: "retry_with_different_input",
|
|
448
462
|
category: "attribution"
|
|
449
463
|
},
|
|
450
464
|
// Bundle error codes
|
|
@@ -453,7 +467,8 @@ var ERRORS = {
|
|
|
453
467
|
http_status: 400,
|
|
454
468
|
title: "Bundle Duplicate Receipt",
|
|
455
469
|
description: "Bundle contains multiple receipts with the same ID",
|
|
456
|
-
|
|
470
|
+
retryable: false,
|
|
471
|
+
next_action: "retry_with_different_input",
|
|
457
472
|
category: "bundle"
|
|
458
473
|
},
|
|
459
474
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -461,7 +476,8 @@ var ERRORS = {
|
|
|
461
476
|
http_status: 400,
|
|
462
477
|
title: "Bundle Hash Mismatch",
|
|
463
478
|
description: "File hash does not match value declared in manifest.json",
|
|
464
|
-
|
|
479
|
+
retryable: false,
|
|
480
|
+
next_action: "retry_with_different_input",
|
|
465
481
|
category: "bundle"
|
|
466
482
|
},
|
|
467
483
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -469,7 +485,8 @@ var ERRORS = {
|
|
|
469
485
|
http_status: 400,
|
|
470
486
|
title: "Bundle Invalid Format",
|
|
471
487
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
472
|
-
|
|
488
|
+
retryable: false,
|
|
489
|
+
next_action: "retry_with_different_input",
|
|
473
490
|
category: "bundle"
|
|
474
491
|
},
|
|
475
492
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -477,7 +494,8 @@ var ERRORS = {
|
|
|
477
494
|
http_status: 400,
|
|
478
495
|
title: "Bundle Key Missing",
|
|
479
496
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
480
|
-
|
|
497
|
+
retryable: false,
|
|
498
|
+
next_action: "retry_with_different_input",
|
|
481
499
|
category: "bundle"
|
|
482
500
|
},
|
|
483
501
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -485,7 +503,8 @@ var ERRORS = {
|
|
|
485
503
|
http_status: 400,
|
|
486
504
|
title: "Bundle Manifest Invalid",
|
|
487
505
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
488
|
-
|
|
506
|
+
retryable: false,
|
|
507
|
+
next_action: "retry_with_different_input",
|
|
489
508
|
category: "bundle"
|
|
490
509
|
},
|
|
491
510
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -493,7 +512,8 @@ var ERRORS = {
|
|
|
493
512
|
http_status: 400,
|
|
494
513
|
title: "Bundle Manifest Missing",
|
|
495
514
|
description: "manifest.json not found at bundle archive root",
|
|
496
|
-
|
|
515
|
+
retryable: false,
|
|
516
|
+
next_action: "retry_with_different_input",
|
|
497
517
|
category: "bundle"
|
|
498
518
|
},
|
|
499
519
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -501,7 +521,8 @@ var ERRORS = {
|
|
|
501
521
|
http_status: 400,
|
|
502
522
|
title: "Bundle Missing Keys",
|
|
503
523
|
description: "No verification keys provided in bundle JWKS",
|
|
504
|
-
|
|
524
|
+
retryable: false,
|
|
525
|
+
next_action: "retry_with_different_input",
|
|
505
526
|
category: "bundle"
|
|
506
527
|
},
|
|
507
528
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -509,7 +530,8 @@ var ERRORS = {
|
|
|
509
530
|
http_status: 400,
|
|
510
531
|
title: "Bundle Missing Receipts",
|
|
511
532
|
description: "No receipts provided when creating bundle",
|
|
512
|
-
|
|
533
|
+
retryable: false,
|
|
534
|
+
next_action: "retry_with_different_input",
|
|
513
535
|
category: "bundle"
|
|
514
536
|
},
|
|
515
537
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -517,7 +539,8 @@ var ERRORS = {
|
|
|
517
539
|
http_status: 400,
|
|
518
540
|
title: "Bundle Path Traversal",
|
|
519
541
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
520
|
-
|
|
542
|
+
retryable: false,
|
|
543
|
+
next_action: "retry_with_different_input",
|
|
521
544
|
category: "bundle"
|
|
522
545
|
},
|
|
523
546
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -525,7 +548,8 @@ var ERRORS = {
|
|
|
525
548
|
http_status: 400,
|
|
526
549
|
title: "Bundle Policy Hash Mismatch",
|
|
527
550
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
528
|
-
|
|
551
|
+
retryable: false,
|
|
552
|
+
next_action: "retry_with_different_input",
|
|
529
553
|
category: "bundle"
|
|
530
554
|
},
|
|
531
555
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -533,7 +557,8 @@ var ERRORS = {
|
|
|
533
557
|
http_status: 400,
|
|
534
558
|
title: "Bundle Receipts Unordered",
|
|
535
559
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
536
|
-
|
|
560
|
+
retryable: false,
|
|
561
|
+
next_action: "retry_with_different_input",
|
|
537
562
|
category: "bundle"
|
|
538
563
|
},
|
|
539
564
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -541,7 +566,8 @@ var ERRORS = {
|
|
|
541
566
|
http_status: 400,
|
|
542
567
|
title: "Bundle Receipt Invalid",
|
|
543
568
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
544
|
-
|
|
569
|
+
retryable: false,
|
|
570
|
+
next_action: "retry_with_different_input",
|
|
545
571
|
category: "bundle"
|
|
546
572
|
},
|
|
547
573
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -549,7 +575,8 @@ var ERRORS = {
|
|
|
549
575
|
http_status: 400,
|
|
550
576
|
title: "Bundle Signature Invalid",
|
|
551
577
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
552
|
-
|
|
578
|
+
retryable: false,
|
|
579
|
+
next_action: "retry_with_different_input",
|
|
553
580
|
category: "bundle"
|
|
554
581
|
},
|
|
555
582
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -557,7 +584,8 @@ var ERRORS = {
|
|
|
557
584
|
http_status: 400,
|
|
558
585
|
title: "Bundle Size Exceeded",
|
|
559
586
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
560
|
-
|
|
587
|
+
retryable: false,
|
|
588
|
+
next_action: "retry_with_different_input",
|
|
561
589
|
category: "bundle"
|
|
562
590
|
},
|
|
563
591
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -565,7 +593,8 @@ var ERRORS = {
|
|
|
565
593
|
http_status: 400,
|
|
566
594
|
title: "Bundle Time Range Invalid",
|
|
567
595
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
568
|
-
|
|
596
|
+
retryable: false,
|
|
597
|
+
next_action: "retry_with_different_input",
|
|
569
598
|
category: "bundle"
|
|
570
599
|
},
|
|
571
600
|
// Control error codes
|
|
@@ -574,7 +603,8 @@ var ERRORS = {
|
|
|
574
603
|
http_status: 403,
|
|
575
604
|
title: "Control Decision Denied",
|
|
576
605
|
description: "Control engine denied authorization",
|
|
577
|
-
|
|
606
|
+
retryable: false,
|
|
607
|
+
next_action: "contact_issuer",
|
|
578
608
|
category: "control"
|
|
579
609
|
},
|
|
580
610
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -582,7 +612,8 @@ var ERRORS = {
|
|
|
582
612
|
http_status: 202,
|
|
583
613
|
title: "Review Required",
|
|
584
614
|
description: "Control engine requires manual review",
|
|
585
|
-
|
|
615
|
+
retryable: true,
|
|
616
|
+
next_action: "contact_issuer",
|
|
586
617
|
category: "control"
|
|
587
618
|
},
|
|
588
619
|
// Dispute error codes
|
|
@@ -591,7 +622,8 @@ var ERRORS = {
|
|
|
591
622
|
http_status: 409,
|
|
592
623
|
title: "Dispute Duplicate",
|
|
593
624
|
description: "A dispute with this ID already exists",
|
|
594
|
-
|
|
625
|
+
retryable: false,
|
|
626
|
+
next_action: "retry_with_different_input",
|
|
595
627
|
category: "dispute"
|
|
596
628
|
},
|
|
597
629
|
E_DISPUTE_EXPIRED: {
|
|
@@ -599,7 +631,8 @@ var ERRORS = {
|
|
|
599
631
|
http_status: 401,
|
|
600
632
|
title: "Dispute Expired",
|
|
601
633
|
description: "Dispute attestation has exceeded its expiration time",
|
|
602
|
-
|
|
634
|
+
retryable: false,
|
|
635
|
+
next_action: "retry_with_different_input",
|
|
603
636
|
category: "dispute"
|
|
604
637
|
},
|
|
605
638
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -607,7 +640,8 @@ var ERRORS = {
|
|
|
607
640
|
http_status: 400,
|
|
608
641
|
title: "Dispute Invalid Format",
|
|
609
642
|
description: "Dispute attestation does not conform to schema",
|
|
610
|
-
|
|
643
|
+
retryable: false,
|
|
644
|
+
next_action: "retry_with_different_input",
|
|
611
645
|
category: "dispute"
|
|
612
646
|
},
|
|
613
647
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -615,7 +649,8 @@ var ERRORS = {
|
|
|
615
649
|
http_status: 400,
|
|
616
650
|
title: "Dispute Invalid Grounds",
|
|
617
651
|
description: "Dispute grounds code is not recognized",
|
|
618
|
-
|
|
652
|
+
retryable: false,
|
|
653
|
+
next_action: "retry_with_different_input",
|
|
619
654
|
category: "dispute"
|
|
620
655
|
},
|
|
621
656
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -623,7 +658,8 @@ var ERRORS = {
|
|
|
623
658
|
http_status: 400,
|
|
624
659
|
title: "Dispute Invalid ID",
|
|
625
660
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
626
|
-
|
|
661
|
+
retryable: false,
|
|
662
|
+
next_action: "retry_with_different_input",
|
|
627
663
|
category: "dispute"
|
|
628
664
|
},
|
|
629
665
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -631,7 +667,8 @@ var ERRORS = {
|
|
|
631
667
|
http_status: 400,
|
|
632
668
|
title: "Dispute Invalid State",
|
|
633
669
|
description: "Dispute state is not recognized",
|
|
634
|
-
|
|
670
|
+
retryable: false,
|
|
671
|
+
next_action: "retry_with_different_input",
|
|
635
672
|
category: "dispute"
|
|
636
673
|
},
|
|
637
674
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -639,7 +676,8 @@ var ERRORS = {
|
|
|
639
676
|
http_status: 400,
|
|
640
677
|
title: "Dispute Invalid Target Type",
|
|
641
678
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
642
|
-
|
|
679
|
+
retryable: false,
|
|
680
|
+
next_action: "retry_with_different_input",
|
|
643
681
|
category: "dispute"
|
|
644
682
|
},
|
|
645
683
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -647,7 +685,8 @@ var ERRORS = {
|
|
|
647
685
|
http_status: 400,
|
|
648
686
|
title: "Dispute Invalid Transition",
|
|
649
687
|
description: "Invalid state transition for dispute lifecycle",
|
|
650
|
-
|
|
688
|
+
retryable: false,
|
|
689
|
+
next_action: "retry_with_different_input",
|
|
651
690
|
category: "dispute"
|
|
652
691
|
},
|
|
653
692
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -655,7 +694,8 @@ var ERRORS = {
|
|
|
655
694
|
http_status: 400,
|
|
656
695
|
title: "Dispute Invalid Type",
|
|
657
696
|
description: "Dispute type is not recognized",
|
|
658
|
-
|
|
697
|
+
retryable: false,
|
|
698
|
+
next_action: "retry_with_different_input",
|
|
659
699
|
category: "dispute"
|
|
660
700
|
},
|
|
661
701
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -663,7 +703,8 @@ var ERRORS = {
|
|
|
663
703
|
http_status: 400,
|
|
664
704
|
title: "Dispute Missing Resolution",
|
|
665
705
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
666
|
-
|
|
706
|
+
retryable: false,
|
|
707
|
+
next_action: "retry_with_different_input",
|
|
667
708
|
category: "dispute"
|
|
668
709
|
},
|
|
669
710
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -671,7 +712,8 @@ var ERRORS = {
|
|
|
671
712
|
http_status: 401,
|
|
672
713
|
title: "Dispute Not Yet Valid",
|
|
673
714
|
description: "Dispute attestation issued_at time is in the future",
|
|
674
|
-
|
|
715
|
+
retryable: true,
|
|
716
|
+
next_action: "retry_after_delay",
|
|
675
717
|
category: "dispute"
|
|
676
718
|
},
|
|
677
719
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -679,7 +721,8 @@ var ERRORS = {
|
|
|
679
721
|
http_status: 400,
|
|
680
722
|
title: "Dispute Other Requires Description",
|
|
681
723
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
682
|
-
|
|
724
|
+
retryable: false,
|
|
725
|
+
next_action: "retry_with_different_input",
|
|
683
726
|
category: "dispute"
|
|
684
727
|
},
|
|
685
728
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -687,7 +730,8 @@ var ERRORS = {
|
|
|
687
730
|
http_status: 400,
|
|
688
731
|
title: "Dispute Resolution Not Allowed",
|
|
689
732
|
description: "Resolution is only valid for terminal states",
|
|
690
|
-
|
|
733
|
+
retryable: false,
|
|
734
|
+
next_action: "retry_with_different_input",
|
|
691
735
|
category: "dispute"
|
|
692
736
|
},
|
|
693
737
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -695,7 +739,8 @@ var ERRORS = {
|
|
|
695
739
|
http_status: 404,
|
|
696
740
|
title: "Dispute Target Not Found",
|
|
697
741
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
698
|
-
|
|
742
|
+
retryable: true,
|
|
743
|
+
next_action: "retry_after_delay",
|
|
699
744
|
category: "dispute"
|
|
700
745
|
},
|
|
701
746
|
// Identity error codes
|
|
@@ -704,7 +749,8 @@ var ERRORS = {
|
|
|
704
749
|
http_status: 400,
|
|
705
750
|
title: "Identity Binding Future",
|
|
706
751
|
description: "Identity binding signed_at timestamp is in the future",
|
|
707
|
-
|
|
752
|
+
retryable: false,
|
|
753
|
+
next_action: "retry_with_different_input",
|
|
708
754
|
category: "identity"
|
|
709
755
|
},
|
|
710
756
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -712,7 +758,8 @@ var ERRORS = {
|
|
|
712
758
|
http_status: 400,
|
|
713
759
|
title: "Identity Binding Mismatch",
|
|
714
760
|
description: "Identity binding does not match the request being verified",
|
|
715
|
-
|
|
761
|
+
retryable: false,
|
|
762
|
+
next_action: "retry_with_different_input",
|
|
716
763
|
category: "identity"
|
|
717
764
|
},
|
|
718
765
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -720,7 +767,8 @@ var ERRORS = {
|
|
|
720
767
|
http_status: 401,
|
|
721
768
|
title: "Identity Binding Stale",
|
|
722
769
|
description: "Identity binding is too old and requires fresh binding",
|
|
723
|
-
|
|
770
|
+
retryable: true,
|
|
771
|
+
next_action: "retry_after_delay",
|
|
724
772
|
category: "identity"
|
|
725
773
|
},
|
|
726
774
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -728,7 +776,8 @@ var ERRORS = {
|
|
|
728
776
|
http_status: 503,
|
|
729
777
|
title: "Identity Directory Unavailable",
|
|
730
778
|
description: "Failed to fetch agent key directory",
|
|
731
|
-
|
|
779
|
+
retryable: true,
|
|
780
|
+
next_action: "retry_after_delay",
|
|
732
781
|
category: "identity"
|
|
733
782
|
},
|
|
734
783
|
E_IDENTITY_EXPIRED: {
|
|
@@ -736,7 +785,8 @@ var ERRORS = {
|
|
|
736
785
|
http_status: 401,
|
|
737
786
|
title: "Identity Expired",
|
|
738
787
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
739
|
-
|
|
788
|
+
retryable: false,
|
|
789
|
+
next_action: "refresh_attestation",
|
|
740
790
|
category: "identity"
|
|
741
791
|
},
|
|
742
792
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -744,7 +794,8 @@ var ERRORS = {
|
|
|
744
794
|
http_status: 400,
|
|
745
795
|
title: "Identity Invalid Format",
|
|
746
796
|
description: "Agent identity attestation does not conform to schema",
|
|
747
|
-
|
|
797
|
+
retryable: false,
|
|
798
|
+
next_action: "retry_with_different_input",
|
|
748
799
|
category: "identity"
|
|
749
800
|
},
|
|
750
801
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -752,7 +803,8 @@ var ERRORS = {
|
|
|
752
803
|
http_status: 401,
|
|
753
804
|
title: "Identity Key Expired",
|
|
754
805
|
description: "Agent signing key has expired per directory metadata",
|
|
755
|
-
|
|
806
|
+
retryable: false,
|
|
807
|
+
next_action: "refresh_attestation",
|
|
756
808
|
category: "identity"
|
|
757
809
|
},
|
|
758
810
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -760,7 +812,8 @@ var ERRORS = {
|
|
|
760
812
|
http_status: 401,
|
|
761
813
|
title: "Identity Key Revoked",
|
|
762
814
|
description: "Agent signing key has been explicitly revoked",
|
|
763
|
-
|
|
815
|
+
retryable: false,
|
|
816
|
+
next_action: "refresh_attestation",
|
|
764
817
|
category: "identity"
|
|
765
818
|
},
|
|
766
819
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -768,7 +821,8 @@ var ERRORS = {
|
|
|
768
821
|
http_status: 401,
|
|
769
822
|
title: "Identity Key Unknown",
|
|
770
823
|
description: "Key ID not found in agent key directory",
|
|
771
|
-
|
|
824
|
+
retryable: true,
|
|
825
|
+
next_action: "retry_after_delay",
|
|
772
826
|
category: "identity"
|
|
773
827
|
},
|
|
774
828
|
E_IDENTITY_MISSING: {
|
|
@@ -776,7 +830,8 @@ var ERRORS = {
|
|
|
776
830
|
http_status: 401,
|
|
777
831
|
title: "Identity Missing",
|
|
778
832
|
description: "No agent identity attestation provided in request",
|
|
779
|
-
|
|
833
|
+
retryable: false,
|
|
834
|
+
next_action: "retry_with_different_input",
|
|
780
835
|
category: "identity"
|
|
781
836
|
},
|
|
782
837
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -784,7 +839,8 @@ var ERRORS = {
|
|
|
784
839
|
http_status: 401,
|
|
785
840
|
title: "Identity Not Yet Valid",
|
|
786
841
|
description: "Agent identity attestation issued_at time is in the future",
|
|
787
|
-
|
|
842
|
+
retryable: true,
|
|
843
|
+
next_action: "retry_after_delay",
|
|
788
844
|
category: "identity"
|
|
789
845
|
},
|
|
790
846
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -792,7 +848,8 @@ var ERRORS = {
|
|
|
792
848
|
http_status: 400,
|
|
793
849
|
title: "Identity Proof Unsupported",
|
|
794
850
|
description: "Agent identity proof method is not supported",
|
|
795
|
-
|
|
851
|
+
retryable: false,
|
|
852
|
+
next_action: "retry_with_different_input",
|
|
796
853
|
category: "identity"
|
|
797
854
|
},
|
|
798
855
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -800,7 +857,8 @@ var ERRORS = {
|
|
|
800
857
|
http_status: 401,
|
|
801
858
|
title: "Identity Signature Invalid",
|
|
802
859
|
description: "Agent identity proof signature verification failed",
|
|
803
|
-
|
|
860
|
+
retryable: false,
|
|
861
|
+
next_action: "retry_with_different_input",
|
|
804
862
|
category: "identity"
|
|
805
863
|
},
|
|
806
864
|
// Infrastructure error codes
|
|
@@ -809,7 +867,8 @@ var ERRORS = {
|
|
|
809
867
|
http_status: 503,
|
|
810
868
|
title: "Circuit Breaker Open",
|
|
811
869
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
812
|
-
|
|
870
|
+
retryable: true,
|
|
871
|
+
next_action: "retry_after_delay",
|
|
813
872
|
category: "infrastructure"
|
|
814
873
|
},
|
|
815
874
|
E_INTERNAL: {
|
|
@@ -817,7 +876,8 @@ var ERRORS = {
|
|
|
817
876
|
http_status: 500,
|
|
818
877
|
title: "Internal Error",
|
|
819
878
|
description: "An unexpected internal error occurred during verification",
|
|
820
|
-
|
|
879
|
+
retryable: true,
|
|
880
|
+
next_action: "retry_after_delay",
|
|
821
881
|
category: "infrastructure"
|
|
822
882
|
},
|
|
823
883
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -825,7 +885,8 @@ var ERRORS = {
|
|
|
825
885
|
http_status: 503,
|
|
826
886
|
title: "JWKS Fetch Failed",
|
|
827
887
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
828
|
-
|
|
888
|
+
retryable: true,
|
|
889
|
+
next_action: "retry_after_delay",
|
|
829
890
|
category: "infrastructure"
|
|
830
891
|
},
|
|
831
892
|
E_RATE_LIMITED: {
|
|
@@ -833,7 +894,8 @@ var ERRORS = {
|
|
|
833
894
|
http_status: 429,
|
|
834
895
|
title: "Rate Limited",
|
|
835
896
|
description: "Too many requests, please retry later",
|
|
836
|
-
|
|
897
|
+
retryable: true,
|
|
898
|
+
next_action: "retry_after_delay",
|
|
837
899
|
category: "infrastructure"
|
|
838
900
|
},
|
|
839
901
|
// Interaction error codes
|
|
@@ -842,7 +904,8 @@ var ERRORS = {
|
|
|
842
904
|
http_status: 400,
|
|
843
905
|
title: "Interaction Invalid Digest",
|
|
844
906
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
845
|
-
|
|
907
|
+
retryable: false,
|
|
908
|
+
next_action: "retry_with_different_input",
|
|
846
909
|
category: "interaction"
|
|
847
910
|
},
|
|
848
911
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -850,7 +913,8 @@ var ERRORS = {
|
|
|
850
913
|
http_status: 400,
|
|
851
914
|
title: "Interaction Invalid Digest Algorithm",
|
|
852
915
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
853
|
-
|
|
916
|
+
retryable: false,
|
|
917
|
+
next_action: "retry_with_different_input",
|
|
854
918
|
category: "interaction"
|
|
855
919
|
},
|
|
856
920
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -858,7 +922,8 @@ var ERRORS = {
|
|
|
858
922
|
http_status: 400,
|
|
859
923
|
title: "Interaction Invalid Extension Key",
|
|
860
924
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
861
|
-
|
|
925
|
+
retryable: false,
|
|
926
|
+
next_action: "retry_with_different_input",
|
|
862
927
|
category: "interaction"
|
|
863
928
|
},
|
|
864
929
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -866,7 +931,8 @@ var ERRORS = {
|
|
|
866
931
|
http_status: 400,
|
|
867
932
|
title: "Interaction Invalid Format",
|
|
868
933
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
869
|
-
|
|
934
|
+
retryable: false,
|
|
935
|
+
next_action: "retry_with_different_input",
|
|
870
936
|
category: "interaction"
|
|
871
937
|
},
|
|
872
938
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -874,7 +940,8 @@ var ERRORS = {
|
|
|
874
940
|
http_status: 400,
|
|
875
941
|
title: "Interaction Invalid Kind Format",
|
|
876
942
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
877
|
-
|
|
943
|
+
retryable: false,
|
|
944
|
+
next_action: "retry_with_different_input",
|
|
878
945
|
category: "interaction"
|
|
879
946
|
},
|
|
880
947
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -882,7 +949,8 @@ var ERRORS = {
|
|
|
882
949
|
http_status: 400,
|
|
883
950
|
title: "Interaction Invalid Timing",
|
|
884
951
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
885
|
-
|
|
952
|
+
retryable: false,
|
|
953
|
+
next_action: "retry_with_different_input",
|
|
886
954
|
category: "interaction"
|
|
887
955
|
},
|
|
888
956
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -890,7 +958,8 @@ var ERRORS = {
|
|
|
890
958
|
http_status: 400,
|
|
891
959
|
title: "Interaction Kind Reserved",
|
|
892
960
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
893
|
-
|
|
961
|
+
retryable: false,
|
|
962
|
+
next_action: "retry_with_different_input",
|
|
894
963
|
category: "interaction"
|
|
895
964
|
},
|
|
896
965
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -898,7 +967,8 @@ var ERRORS = {
|
|
|
898
967
|
http_status: 400,
|
|
899
968
|
title: "Interaction Missing Error Detail",
|
|
900
969
|
description: "error_code or extensions required when result.status is error",
|
|
901
|
-
|
|
970
|
+
retryable: false,
|
|
971
|
+
next_action: "retry_with_different_input",
|
|
902
972
|
category: "interaction"
|
|
903
973
|
},
|
|
904
974
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -906,7 +976,8 @@ var ERRORS = {
|
|
|
906
976
|
http_status: 400,
|
|
907
977
|
title: "Interaction Missing Executor",
|
|
908
978
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
909
|
-
|
|
979
|
+
retryable: false,
|
|
980
|
+
next_action: "retry_with_different_input",
|
|
910
981
|
category: "interaction"
|
|
911
982
|
},
|
|
912
983
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -914,7 +985,8 @@ var ERRORS = {
|
|
|
914
985
|
http_status: 400,
|
|
915
986
|
title: "Interaction Missing ID",
|
|
916
987
|
description: "Interaction evidence is missing required interaction_id field",
|
|
917
|
-
|
|
988
|
+
retryable: false,
|
|
989
|
+
next_action: "retry_with_different_input",
|
|
918
990
|
category: "interaction"
|
|
919
991
|
},
|
|
920
992
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -922,7 +994,8 @@ var ERRORS = {
|
|
|
922
994
|
http_status: 400,
|
|
923
995
|
title: "Interaction Missing Kind",
|
|
924
996
|
description: "Interaction evidence is missing required kind field",
|
|
925
|
-
|
|
997
|
+
retryable: false,
|
|
998
|
+
next_action: "retry_with_different_input",
|
|
926
999
|
category: "interaction"
|
|
927
1000
|
},
|
|
928
1001
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -930,7 +1003,8 @@ var ERRORS = {
|
|
|
930
1003
|
http_status: 400,
|
|
931
1004
|
title: "Interaction Missing Result",
|
|
932
1005
|
description: "result.status is required when output is present",
|
|
933
|
-
|
|
1006
|
+
retryable: false,
|
|
1007
|
+
next_action: "retry_with_different_input",
|
|
934
1008
|
category: "interaction"
|
|
935
1009
|
},
|
|
936
1010
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -938,7 +1012,8 @@ var ERRORS = {
|
|
|
938
1012
|
http_status: 400,
|
|
939
1013
|
title: "Interaction Missing Started At",
|
|
940
1014
|
description: "Interaction evidence is missing required started_at field",
|
|
941
|
-
|
|
1015
|
+
retryable: false,
|
|
1016
|
+
next_action: "retry_with_different_input",
|
|
942
1017
|
category: "interaction"
|
|
943
1018
|
},
|
|
944
1019
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -946,7 +1021,8 @@ var ERRORS = {
|
|
|
946
1021
|
http_status: 400,
|
|
947
1022
|
title: "Interaction Missing Target",
|
|
948
1023
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
949
|
-
|
|
1024
|
+
retryable: false,
|
|
1025
|
+
next_action: "retry_with_different_input",
|
|
950
1026
|
category: "interaction"
|
|
951
1027
|
},
|
|
952
1028
|
// Ucp error codes
|
|
@@ -955,7 +1031,8 @@ var ERRORS = {
|
|
|
955
1031
|
http_status: 500,
|
|
956
1032
|
title: "UCP Evidence Serialization Failed",
|
|
957
1033
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
958
|
-
|
|
1034
|
+
retryable: false,
|
|
1035
|
+
next_action: "retry_with_different_input",
|
|
959
1036
|
category: "ucp"
|
|
960
1037
|
},
|
|
961
1038
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -963,7 +1040,8 @@ var ERRORS = {
|
|
|
963
1040
|
http_status: 401,
|
|
964
1041
|
title: "UCP Key Algorithm Mismatch",
|
|
965
1042
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
966
|
-
|
|
1043
|
+
retryable: false,
|
|
1044
|
+
next_action: "retry_with_different_input",
|
|
967
1045
|
category: "ucp"
|
|
968
1046
|
},
|
|
969
1047
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -971,7 +1049,8 @@ var ERRORS = {
|
|
|
971
1049
|
http_status: 401,
|
|
972
1050
|
title: "UCP Key Curve Mismatch",
|
|
973
1051
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
974
|
-
|
|
1052
|
+
retryable: false,
|
|
1053
|
+
next_action: "retry_with_different_input",
|
|
975
1054
|
category: "ucp"
|
|
976
1055
|
},
|
|
977
1056
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -979,7 +1058,8 @@ var ERRORS = {
|
|
|
979
1058
|
http_status: 401,
|
|
980
1059
|
title: "UCP Key Not Found",
|
|
981
1060
|
description: "Key ID from signature not found in business UCP profile",
|
|
982
|
-
|
|
1061
|
+
retryable: true,
|
|
1062
|
+
next_action: "retry_after_delay",
|
|
983
1063
|
category: "ucp"
|
|
984
1064
|
},
|
|
985
1065
|
E_UCP_ORDER_INVALID: {
|
|
@@ -987,7 +1067,8 @@ var ERRORS = {
|
|
|
987
1067
|
http_status: 400,
|
|
988
1068
|
title: "UCP Order Invalid",
|
|
989
1069
|
description: "UCP order object does not conform to expected schema",
|
|
990
|
-
|
|
1070
|
+
retryable: false,
|
|
1071
|
+
next_action: "retry_with_different_input",
|
|
991
1072
|
category: "ucp"
|
|
992
1073
|
},
|
|
993
1074
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -995,7 +1076,8 @@ var ERRORS = {
|
|
|
995
1076
|
http_status: 400,
|
|
996
1077
|
title: "UCP Order Missing ID",
|
|
997
1078
|
description: "UCP order is missing required id field",
|
|
998
|
-
|
|
1079
|
+
retryable: false,
|
|
1080
|
+
next_action: "retry_with_different_input",
|
|
999
1081
|
category: "ucp"
|
|
1000
1082
|
},
|
|
1001
1083
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -1003,7 +1085,8 @@ var ERRORS = {
|
|
|
1003
1085
|
http_status: 400,
|
|
1004
1086
|
title: "UCP Order Missing Line Items",
|
|
1005
1087
|
description: "UCP order is missing required line_items array",
|
|
1006
|
-
|
|
1088
|
+
retryable: false,
|
|
1089
|
+
next_action: "retry_with_different_input",
|
|
1007
1090
|
category: "ucp"
|
|
1008
1091
|
},
|
|
1009
1092
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -1011,7 +1094,8 @@ var ERRORS = {
|
|
|
1011
1094
|
http_status: 400,
|
|
1012
1095
|
title: "UCP Order Missing Totals",
|
|
1013
1096
|
description: "UCP order is missing required totals array or total entry",
|
|
1014
|
-
|
|
1097
|
+
retryable: false,
|
|
1098
|
+
next_action: "retry_with_different_input",
|
|
1015
1099
|
category: "ucp"
|
|
1016
1100
|
},
|
|
1017
1101
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -1019,7 +1103,8 @@ var ERRORS = {
|
|
|
1019
1103
|
http_status: 400,
|
|
1020
1104
|
title: "UCP Payload Empty",
|
|
1021
1105
|
description: "Webhook request body is empty",
|
|
1022
|
-
|
|
1106
|
+
retryable: false,
|
|
1107
|
+
next_action: "retry_with_different_input",
|
|
1023
1108
|
category: "ucp"
|
|
1024
1109
|
},
|
|
1025
1110
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -1027,7 +1112,8 @@ var ERRORS = {
|
|
|
1027
1112
|
http_status: 400,
|
|
1028
1113
|
title: "UCP Payload Not JSON",
|
|
1029
1114
|
description: "Webhook request body is not valid JSON",
|
|
1030
|
-
|
|
1115
|
+
retryable: false,
|
|
1116
|
+
next_action: "retry_with_different_input",
|
|
1031
1117
|
category: "ucp"
|
|
1032
1118
|
},
|
|
1033
1119
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -1035,7 +1121,8 @@ var ERRORS = {
|
|
|
1035
1121
|
http_status: 400,
|
|
1036
1122
|
title: "UCP Payload Too Large",
|
|
1037
1123
|
description: "Webhook request body exceeds maximum allowed size",
|
|
1038
|
-
|
|
1124
|
+
retryable: false,
|
|
1125
|
+
next_action: "retry_with_different_input",
|
|
1039
1126
|
category: "ucp"
|
|
1040
1127
|
},
|
|
1041
1128
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -1043,7 +1130,8 @@ var ERRORS = {
|
|
|
1043
1130
|
http_status: 502,
|
|
1044
1131
|
title: "UCP Profile Fetch Failed",
|
|
1045
1132
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
1046
|
-
|
|
1133
|
+
retryable: true,
|
|
1134
|
+
next_action: "retry_after_delay",
|
|
1047
1135
|
category: "ucp"
|
|
1048
1136
|
},
|
|
1049
1137
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -1051,7 +1139,8 @@ var ERRORS = {
|
|
|
1051
1139
|
http_status: 502,
|
|
1052
1140
|
title: "UCP Profile Invalid",
|
|
1053
1141
|
description: "Business UCP profile does not conform to expected schema",
|
|
1054
|
-
|
|
1142
|
+
retryable: false,
|
|
1143
|
+
next_action: "retry_with_different_input",
|
|
1055
1144
|
category: "ucp"
|
|
1056
1145
|
},
|
|
1057
1146
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -1059,7 +1148,8 @@ var ERRORS = {
|
|
|
1059
1148
|
http_status: 502,
|
|
1060
1149
|
title: "UCP Profile No Signing Keys",
|
|
1061
1150
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
1062
|
-
|
|
1151
|
+
retryable: false,
|
|
1152
|
+
next_action: "retry_with_different_input",
|
|
1063
1153
|
category: "ucp"
|
|
1064
1154
|
},
|
|
1065
1155
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -1067,7 +1157,8 @@ var ERRORS = {
|
|
|
1067
1157
|
http_status: 400,
|
|
1068
1158
|
title: "UCP Signature Algorithm Unsupported",
|
|
1069
1159
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
1070
|
-
|
|
1160
|
+
retryable: false,
|
|
1161
|
+
next_action: "retry_with_different_input",
|
|
1071
1162
|
category: "ucp"
|
|
1072
1163
|
},
|
|
1073
1164
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -1075,7 +1166,8 @@ var ERRORS = {
|
|
|
1075
1166
|
http_status: 400,
|
|
1076
1167
|
title: "UCP Signature b64 Invalid",
|
|
1077
1168
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
1078
|
-
|
|
1169
|
+
retryable: false,
|
|
1170
|
+
next_action: "retry_with_different_input",
|
|
1079
1171
|
category: "ucp"
|
|
1080
1172
|
},
|
|
1081
1173
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -1083,7 +1175,8 @@ var ERRORS = {
|
|
|
1083
1175
|
http_status: 401,
|
|
1084
1176
|
title: "UCP Signature Invalid",
|
|
1085
1177
|
description: "Webhook signature verification failed against payload",
|
|
1086
|
-
|
|
1178
|
+
retryable: false,
|
|
1179
|
+
next_action: "retry_with_different_input",
|
|
1087
1180
|
category: "ucp"
|
|
1088
1181
|
},
|
|
1089
1182
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -1091,7 +1184,8 @@ var ERRORS = {
|
|
|
1091
1184
|
http_status: 400,
|
|
1092
1185
|
title: "UCP Signature Malformed",
|
|
1093
1186
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
1094
|
-
|
|
1187
|
+
retryable: false,
|
|
1188
|
+
next_action: "retry_with_different_input",
|
|
1095
1189
|
category: "ucp"
|
|
1096
1190
|
},
|
|
1097
1191
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -1099,7 +1193,8 @@ var ERRORS = {
|
|
|
1099
1193
|
http_status: 400,
|
|
1100
1194
|
title: "UCP Signature Missing",
|
|
1101
1195
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
1102
|
-
|
|
1196
|
+
retryable: false,
|
|
1197
|
+
next_action: "retry_with_different_input",
|
|
1103
1198
|
category: "ucp"
|
|
1104
1199
|
},
|
|
1105
1200
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -1107,7 +1202,8 @@ var ERRORS = {
|
|
|
1107
1202
|
http_status: 401,
|
|
1108
1203
|
title: "UCP Verification Failed",
|
|
1109
1204
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
1110
|
-
|
|
1205
|
+
retryable: false,
|
|
1206
|
+
next_action: "retry_with_different_input",
|
|
1111
1207
|
category: "ucp"
|
|
1112
1208
|
},
|
|
1113
1209
|
// Validation error codes
|
|
@@ -1116,7 +1212,8 @@ var ERRORS = {
|
|
|
1116
1212
|
http_status: 400,
|
|
1117
1213
|
title: "Kernel Constraint Violation",
|
|
1118
1214
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
1119
|
-
|
|
1215
|
+
retryable: false,
|
|
1216
|
+
next_action: "retry_with_different_input",
|
|
1120
1217
|
category: "validation"
|
|
1121
1218
|
},
|
|
1122
1219
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -1124,7 +1221,8 @@ var ERRORS = {
|
|
|
1124
1221
|
http_status: 400,
|
|
1125
1222
|
title: "Evidence Not JSON-Safe",
|
|
1126
1223
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
1127
|
-
|
|
1224
|
+
retryable: false,
|
|
1225
|
+
next_action: "retry_with_different_input",
|
|
1128
1226
|
category: "validation"
|
|
1129
1227
|
},
|
|
1130
1228
|
E_EXPIRED: {
|
|
@@ -1132,7 +1230,8 @@ var ERRORS = {
|
|
|
1132
1230
|
http_status: 400,
|
|
1133
1231
|
title: "Receipt Expired",
|
|
1134
1232
|
description: "Receipt has exceeded its expiration time",
|
|
1135
|
-
|
|
1233
|
+
retryable: false,
|
|
1234
|
+
next_action: "retry_with_different_input",
|
|
1136
1235
|
category: "validation"
|
|
1137
1236
|
},
|
|
1138
1237
|
E_INVALID_AMOUNT: {
|
|
@@ -1140,7 +1239,8 @@ var ERRORS = {
|
|
|
1140
1239
|
http_status: 400,
|
|
1141
1240
|
title: "Invalid Amount",
|
|
1142
1241
|
description: "Payment amount is invalid or out of allowed range",
|
|
1143
|
-
|
|
1242
|
+
retryable: false,
|
|
1243
|
+
next_action: "retry_with_different_input",
|
|
1144
1244
|
category: "validation"
|
|
1145
1245
|
},
|
|
1146
1246
|
E_INVALID_AUDIENCE: {
|
|
@@ -1148,7 +1248,8 @@ var ERRORS = {
|
|
|
1148
1248
|
http_status: 400,
|
|
1149
1249
|
title: "Invalid Audience",
|
|
1150
1250
|
description: "Receipt audience claim does not match expected value",
|
|
1151
|
-
|
|
1251
|
+
retryable: false,
|
|
1252
|
+
next_action: "retry_with_different_input",
|
|
1152
1253
|
category: "validation"
|
|
1153
1254
|
},
|
|
1154
1255
|
E_INVALID_CURRENCY: {
|
|
@@ -1156,7 +1257,8 @@ var ERRORS = {
|
|
|
1156
1257
|
http_status: 400,
|
|
1157
1258
|
title: "Invalid Currency",
|
|
1158
1259
|
description: "Currency code is not a valid ISO 4217 code",
|
|
1159
|
-
|
|
1260
|
+
retryable: false,
|
|
1261
|
+
next_action: "retry_with_different_input",
|
|
1160
1262
|
category: "validation"
|
|
1161
1263
|
},
|
|
1162
1264
|
E_INVALID_FORMAT: {
|
|
@@ -1164,7 +1266,8 @@ var ERRORS = {
|
|
|
1164
1266
|
http_status: 400,
|
|
1165
1267
|
title: "Invalid Format",
|
|
1166
1268
|
description: "Receipt does not conform to JWS format",
|
|
1167
|
-
|
|
1269
|
+
retryable: false,
|
|
1270
|
+
next_action: "retry_with_different_input",
|
|
1168
1271
|
category: "validation"
|
|
1169
1272
|
},
|
|
1170
1273
|
E_INVALID_ISSUER: {
|
|
@@ -1172,7 +1275,8 @@ var ERRORS = {
|
|
|
1172
1275
|
http_status: 400,
|
|
1173
1276
|
title: "Invalid Issuer",
|
|
1174
1277
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1175
|
-
|
|
1278
|
+
retryable: false,
|
|
1279
|
+
next_action: "retry_with_different_input",
|
|
1176
1280
|
category: "validation"
|
|
1177
1281
|
},
|
|
1178
1282
|
E_INVALID_RAIL: {
|
|
@@ -1180,7 +1284,8 @@ var ERRORS = {
|
|
|
1180
1284
|
http_status: 400,
|
|
1181
1285
|
title: "Invalid Payment Rail",
|
|
1182
1286
|
description: "Payment rail identifier is not recognized",
|
|
1183
|
-
|
|
1287
|
+
retryable: false,
|
|
1288
|
+
next_action: "retry_with_different_input",
|
|
1184
1289
|
category: "validation"
|
|
1185
1290
|
},
|
|
1186
1291
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1188,7 +1293,8 @@ var ERRORS = {
|
|
|
1188
1293
|
http_status: 400,
|
|
1189
1294
|
title: "Invalid Receipt ID",
|
|
1190
1295
|
description: "Receipt ID (rid) does not match expected value",
|
|
1191
|
-
|
|
1296
|
+
retryable: false,
|
|
1297
|
+
next_action: "retry_with_different_input",
|
|
1192
1298
|
category: "validation"
|
|
1193
1299
|
},
|
|
1194
1300
|
E_INVALID_SUBJECT: {
|
|
@@ -1196,7 +1302,8 @@ var ERRORS = {
|
|
|
1196
1302
|
http_status: 400,
|
|
1197
1303
|
title: "Invalid Subject",
|
|
1198
1304
|
description: "Receipt subject claim does not match expected value",
|
|
1199
|
-
|
|
1305
|
+
retryable: false,
|
|
1306
|
+
next_action: "retry_with_different_input",
|
|
1200
1307
|
category: "validation"
|
|
1201
1308
|
},
|
|
1202
1309
|
E_MISSING_EXP: {
|
|
@@ -1204,7 +1311,8 @@ var ERRORS = {
|
|
|
1204
1311
|
http_status: 400,
|
|
1205
1312
|
title: "Missing Expiration",
|
|
1206
1313
|
description: "Receipt is missing required exp claim",
|
|
1207
|
-
|
|
1314
|
+
retryable: false,
|
|
1315
|
+
next_action: "retry_with_different_input",
|
|
1208
1316
|
category: "validation"
|
|
1209
1317
|
},
|
|
1210
1318
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1212,7 +1320,8 @@ var ERRORS = {
|
|
|
1212
1320
|
http_status: 400,
|
|
1213
1321
|
title: "Missing Required Claim",
|
|
1214
1322
|
description: "Receipt is missing a required JWT claim",
|
|
1215
|
-
|
|
1323
|
+
retryable: false,
|
|
1324
|
+
next_action: "retry_with_different_input",
|
|
1216
1325
|
category: "validation"
|
|
1217
1326
|
},
|
|
1218
1327
|
E_NOT_YET_VALID: {
|
|
@@ -1220,7 +1329,8 @@ var ERRORS = {
|
|
|
1220
1329
|
http_status: 400,
|
|
1221
1330
|
title: "Not Yet Valid",
|
|
1222
1331
|
description: "Receipt nbf (not before) time is in the future",
|
|
1223
|
-
|
|
1332
|
+
retryable: true,
|
|
1333
|
+
next_action: "retry_after_delay",
|
|
1224
1334
|
category: "validation"
|
|
1225
1335
|
},
|
|
1226
1336
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1228,7 +1338,8 @@ var ERRORS = {
|
|
|
1228
1338
|
http_status: 400,
|
|
1229
1339
|
title: "Attestation Receipt Invalid",
|
|
1230
1340
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1231
|
-
|
|
1341
|
+
retryable: false,
|
|
1342
|
+
next_action: "retry_with_different_input",
|
|
1232
1343
|
category: "validation"
|
|
1233
1344
|
},
|
|
1234
1345
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1236,7 +1347,8 @@ var ERRORS = {
|
|
|
1236
1347
|
http_status: 400,
|
|
1237
1348
|
title: "Commerce Receipt Invalid",
|
|
1238
1349
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1239
|
-
|
|
1350
|
+
retryable: false,
|
|
1351
|
+
next_action: "retry_with_different_input",
|
|
1240
1352
|
category: "validation"
|
|
1241
1353
|
},
|
|
1242
1354
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1244,7 +1356,8 @@ var ERRORS = {
|
|
|
1244
1356
|
http_status: 400,
|
|
1245
1357
|
title: "Parse Invalid Input",
|
|
1246
1358
|
description: "Input to receipt parser is not a non-null object",
|
|
1247
|
-
|
|
1359
|
+
retryable: false,
|
|
1360
|
+
next_action: "retry_with_different_input",
|
|
1248
1361
|
category: "validation"
|
|
1249
1362
|
},
|
|
1250
1363
|
// Verification error codes
|
|
@@ -1253,7 +1366,8 @@ var ERRORS = {
|
|
|
1253
1366
|
http_status: 400,
|
|
1254
1367
|
title: "Invalid Signature",
|
|
1255
1368
|
description: "Receipt signature verification failed",
|
|
1256
|
-
|
|
1369
|
+
retryable: false,
|
|
1370
|
+
next_action: "abort",
|
|
1257
1371
|
category: "verification"
|
|
1258
1372
|
},
|
|
1259
1373
|
E_KEY_NOT_FOUND: {
|
|
@@ -1261,7 +1375,8 @@ var ERRORS = {
|
|
|
1261
1375
|
http_status: 400,
|
|
1262
1376
|
title: "Key Not Found",
|
|
1263
1377
|
description: "Public key with specified kid not found in JWKS",
|
|
1264
|
-
|
|
1378
|
+
retryable: false,
|
|
1379
|
+
next_action: "retry_with_different_key",
|
|
1265
1380
|
category: "verification"
|
|
1266
1381
|
},
|
|
1267
1382
|
// Verifier error codes
|
|
@@ -1270,7 +1385,8 @@ var ERRORS = {
|
|
|
1270
1385
|
http_status: 400,
|
|
1271
1386
|
title: "Extension Too Large",
|
|
1272
1387
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1273
|
-
|
|
1388
|
+
retryable: false,
|
|
1389
|
+
next_action: "abort",
|
|
1274
1390
|
category: "verifier"
|
|
1275
1391
|
},
|
|
1276
1392
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
@@ -1278,7 +1394,8 @@ var ERRORS = {
|
|
|
1278
1394
|
http_status: 403,
|
|
1279
1395
|
title: "Insecure Scheme Blocked",
|
|
1280
1396
|
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1281
|
-
|
|
1397
|
+
retryable: false,
|
|
1398
|
+
next_action: "abort",
|
|
1282
1399
|
category: "verifier"
|
|
1283
1400
|
},
|
|
1284
1401
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1286,7 +1403,8 @@ var ERRORS = {
|
|
|
1286
1403
|
http_status: 400,
|
|
1287
1404
|
title: "Invalid Transport",
|
|
1288
1405
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1289
|
-
|
|
1406
|
+
retryable: false,
|
|
1407
|
+
next_action: "abort",
|
|
1290
1408
|
category: "verifier"
|
|
1291
1409
|
},
|
|
1292
1410
|
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
@@ -1294,7 +1412,8 @@ var ERRORS = {
|
|
|
1294
1412
|
http_status: 502,
|
|
1295
1413
|
title: "Issuer Config Invalid",
|
|
1296
1414
|
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1297
|
-
|
|
1415
|
+
retryable: false,
|
|
1416
|
+
next_action: "abort",
|
|
1298
1417
|
category: "verifier"
|
|
1299
1418
|
},
|
|
1300
1419
|
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
@@ -1302,7 +1421,8 @@ var ERRORS = {
|
|
|
1302
1421
|
http_status: 502,
|
|
1303
1422
|
title: "Issuer Config Missing",
|
|
1304
1423
|
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1305
|
-
|
|
1424
|
+
retryable: true,
|
|
1425
|
+
next_action: "retry_after_delay",
|
|
1306
1426
|
category: "verifier"
|
|
1307
1427
|
},
|
|
1308
1428
|
E_VERIFY_ISSUER_MISMATCH: {
|
|
@@ -1310,7 +1430,8 @@ var ERRORS = {
|
|
|
1310
1430
|
http_status: 403,
|
|
1311
1431
|
title: "Issuer Mismatch",
|
|
1312
1432
|
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1313
|
-
|
|
1433
|
+
retryable: false,
|
|
1434
|
+
next_action: "abort",
|
|
1314
1435
|
category: "verifier"
|
|
1315
1436
|
},
|
|
1316
1437
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1318,7 +1439,8 @@ var ERRORS = {
|
|
|
1318
1439
|
http_status: 403,
|
|
1319
1440
|
title: "Issuer Not Allowed",
|
|
1320
1441
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1321
|
-
|
|
1442
|
+
retryable: false,
|
|
1443
|
+
next_action: "abort",
|
|
1322
1444
|
category: "verifier"
|
|
1323
1445
|
},
|
|
1324
1446
|
E_VERIFY_JWKS_INVALID: {
|
|
@@ -1326,7 +1448,8 @@ var ERRORS = {
|
|
|
1326
1448
|
http_status: 502,
|
|
1327
1449
|
title: "JWKS Invalid",
|
|
1328
1450
|
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1329
|
-
|
|
1451
|
+
retryable: false,
|
|
1452
|
+
next_action: "abort",
|
|
1330
1453
|
category: "verifier"
|
|
1331
1454
|
},
|
|
1332
1455
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1334,7 +1457,8 @@ var ERRORS = {
|
|
|
1334
1457
|
http_status: 400,
|
|
1335
1458
|
title: "JWKS Too Large",
|
|
1336
1459
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1337
|
-
|
|
1460
|
+
retryable: false,
|
|
1461
|
+
next_action: "abort",
|
|
1338
1462
|
category: "verifier"
|
|
1339
1463
|
},
|
|
1340
1464
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1342,7 +1466,8 @@ var ERRORS = {
|
|
|
1342
1466
|
http_status: 400,
|
|
1343
1467
|
title: "JWKS Too Many Keys",
|
|
1344
1468
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1345
|
-
|
|
1469
|
+
retryable: false,
|
|
1470
|
+
next_action: "abort",
|
|
1346
1471
|
category: "verifier"
|
|
1347
1472
|
},
|
|
1348
1473
|
E_VERIFY_JWKS_URI_INVALID: {
|
|
@@ -1350,7 +1475,8 @@ var ERRORS = {
|
|
|
1350
1475
|
http_status: 502,
|
|
1351
1476
|
title: "JWKS URI Invalid",
|
|
1352
1477
|
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1353
|
-
|
|
1478
|
+
retryable: false,
|
|
1479
|
+
next_action: "abort",
|
|
1354
1480
|
category: "verifier"
|
|
1355
1481
|
},
|
|
1356
1482
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1358,7 +1484,8 @@ var ERRORS = {
|
|
|
1358
1484
|
http_status: 403,
|
|
1359
1485
|
title: "Key Fetch Blocked",
|
|
1360
1486
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1361
|
-
|
|
1487
|
+
retryable: false,
|
|
1488
|
+
next_action: "abort",
|
|
1362
1489
|
category: "verifier"
|
|
1363
1490
|
},
|
|
1364
1491
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1366,7 +1493,8 @@ var ERRORS = {
|
|
|
1366
1493
|
http_status: 502,
|
|
1367
1494
|
title: "Key Fetch Failed",
|
|
1368
1495
|
description: "Network error while fetching JWKS from issuer",
|
|
1369
|
-
|
|
1496
|
+
retryable: true,
|
|
1497
|
+
next_action: "retry_after_delay",
|
|
1370
1498
|
category: "verifier"
|
|
1371
1499
|
},
|
|
1372
1500
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1374,7 +1502,8 @@ var ERRORS = {
|
|
|
1374
1502
|
http_status: 504,
|
|
1375
1503
|
title: "Key Fetch Timeout",
|
|
1376
1504
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1377
|
-
|
|
1505
|
+
retryable: true,
|
|
1506
|
+
next_action: "retry_after_delay",
|
|
1378
1507
|
category: "verifier"
|
|
1379
1508
|
},
|
|
1380
1509
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1382,7 +1511,8 @@ var ERRORS = {
|
|
|
1382
1511
|
http_status: 400,
|
|
1383
1512
|
title: "Malformed Receipt",
|
|
1384
1513
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1385
|
-
|
|
1514
|
+
retryable: false,
|
|
1515
|
+
next_action: "abort",
|
|
1386
1516
|
category: "verifier"
|
|
1387
1517
|
},
|
|
1388
1518
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1390,7 +1520,8 @@ var ERRORS = {
|
|
|
1390
1520
|
http_status: 400,
|
|
1391
1521
|
title: "Pointer Digest Mismatch",
|
|
1392
1522
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1393
|
-
|
|
1523
|
+
retryable: false,
|
|
1524
|
+
next_action: "abort",
|
|
1394
1525
|
category: "verifier"
|
|
1395
1526
|
},
|
|
1396
1527
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1398,7 +1529,8 @@ var ERRORS = {
|
|
|
1398
1529
|
http_status: 403,
|
|
1399
1530
|
title: "Pointer Fetch Blocked",
|
|
1400
1531
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1401
|
-
|
|
1532
|
+
retryable: false,
|
|
1533
|
+
next_action: "abort",
|
|
1402
1534
|
category: "verifier"
|
|
1403
1535
|
},
|
|
1404
1536
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1406,7 +1538,8 @@ var ERRORS = {
|
|
|
1406
1538
|
http_status: 502,
|
|
1407
1539
|
title: "Pointer Fetch Failed",
|
|
1408
1540
|
description: "Network error while fetching receipt from pointer URL",
|
|
1409
|
-
|
|
1541
|
+
retryable: true,
|
|
1542
|
+
next_action: "retry_after_delay",
|
|
1410
1543
|
category: "verifier"
|
|
1411
1544
|
},
|
|
1412
1545
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1414,7 +1547,8 @@ var ERRORS = {
|
|
|
1414
1547
|
http_status: 504,
|
|
1415
1548
|
title: "Pointer Fetch Timeout",
|
|
1416
1549
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1417
|
-
|
|
1550
|
+
retryable: true,
|
|
1551
|
+
next_action: "retry_after_delay",
|
|
1418
1552
|
category: "verifier"
|
|
1419
1553
|
},
|
|
1420
1554
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1422,7 +1556,8 @@ var ERRORS = {
|
|
|
1422
1556
|
http_status: 413,
|
|
1423
1557
|
title: "Pointer Fetch Too Large",
|
|
1424
1558
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1425
|
-
|
|
1559
|
+
retryable: false,
|
|
1560
|
+
next_action: "abort",
|
|
1426
1561
|
category: "verifier"
|
|
1427
1562
|
},
|
|
1428
1563
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1430,7 +1565,8 @@ var ERRORS = {
|
|
|
1430
1565
|
http_status: 403,
|
|
1431
1566
|
title: "Policy Violation",
|
|
1432
1567
|
description: "Receipt violates verifier trust policy",
|
|
1433
|
-
|
|
1568
|
+
retryable: false,
|
|
1569
|
+
next_action: "abort",
|
|
1434
1570
|
category: "verifier"
|
|
1435
1571
|
},
|
|
1436
1572
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1438,7 +1574,8 @@ var ERRORS = {
|
|
|
1438
1574
|
http_status: 413,
|
|
1439
1575
|
title: "Receipt Too Large",
|
|
1440
1576
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1441
|
-
|
|
1577
|
+
retryable: false,
|
|
1578
|
+
next_action: "abort",
|
|
1442
1579
|
category: "verifier"
|
|
1443
1580
|
},
|
|
1444
1581
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1446,7 +1583,8 @@ var ERRORS = {
|
|
|
1446
1583
|
http_status: 400,
|
|
1447
1584
|
title: "Schema Invalid",
|
|
1448
1585
|
description: "Receipt claims do not conform to expected schema",
|
|
1449
|
-
|
|
1586
|
+
retryable: false,
|
|
1587
|
+
next_action: "abort",
|
|
1450
1588
|
category: "verifier"
|
|
1451
1589
|
},
|
|
1452
1590
|
// Workflow error codes
|
|
@@ -1455,7 +1593,8 @@ var ERRORS = {
|
|
|
1455
1593
|
http_status: 400,
|
|
1456
1594
|
title: "Invalid Workflow Context",
|
|
1457
1595
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1458
|
-
|
|
1596
|
+
retryable: false,
|
|
1597
|
+
next_action: "retry_with_different_input",
|
|
1459
1598
|
category: "workflow"
|
|
1460
1599
|
},
|
|
1461
1600
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1463,7 +1602,8 @@ var ERRORS = {
|
|
|
1463
1602
|
http_status: 400,
|
|
1464
1603
|
title: "Workflow Cycle Detected",
|
|
1465
1604
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1466
|
-
|
|
1605
|
+
retryable: false,
|
|
1606
|
+
next_action: "retry_with_different_input",
|
|
1467
1607
|
category: "workflow"
|
|
1468
1608
|
},
|
|
1469
1609
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1471,7 +1611,8 @@ var ERRORS = {
|
|
|
1471
1611
|
http_status: 400,
|
|
1472
1612
|
title: "Invalid Workflow DAG",
|
|
1473
1613
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1474
|
-
|
|
1614
|
+
retryable: false,
|
|
1615
|
+
next_action: "retry_with_different_input",
|
|
1475
1616
|
category: "workflow"
|
|
1476
1617
|
},
|
|
1477
1618
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1479,7 +1620,8 @@ var ERRORS = {
|
|
|
1479
1620
|
http_status: 400,
|
|
1480
1621
|
title: "Invalid Workflow ID",
|
|
1481
1622
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1482
|
-
|
|
1623
|
+
retryable: false,
|
|
1624
|
+
next_action: "retry_with_different_input",
|
|
1483
1625
|
category: "workflow"
|
|
1484
1626
|
},
|
|
1485
1627
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1487,7 +1629,8 @@ var ERRORS = {
|
|
|
1487
1629
|
http_status: 400,
|
|
1488
1630
|
title: "Workflow Limit Exceeded",
|
|
1489
1631
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1490
|
-
|
|
1632
|
+
retryable: false,
|
|
1633
|
+
next_action: "retry_with_different_input",
|
|
1491
1634
|
category: "workflow"
|
|
1492
1635
|
},
|
|
1493
1636
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1495,7 +1638,8 @@ var ERRORS = {
|
|
|
1495
1638
|
http_status: 400,
|
|
1496
1639
|
title: "Parent Step Not Found",
|
|
1497
1640
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1498
|
-
|
|
1641
|
+
retryable: false,
|
|
1642
|
+
next_action: "retry_with_different_input",
|
|
1499
1643
|
category: "workflow"
|
|
1500
1644
|
},
|
|
1501
1645
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1503,7 +1647,8 @@ var ERRORS = {
|
|
|
1503
1647
|
http_status: 400,
|
|
1504
1648
|
title: "Invalid Step ID",
|
|
1505
1649
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1506
|
-
|
|
1650
|
+
retryable: false,
|
|
1651
|
+
next_action: "retry_with_different_input",
|
|
1507
1652
|
category: "workflow"
|
|
1508
1653
|
},
|
|
1509
1654
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1511,15 +1656,16 @@ var ERRORS = {
|
|
|
1511
1656
|
http_status: 400,
|
|
1512
1657
|
title: "Invalid Workflow Summary",
|
|
1513
1658
|
description: "Workflow summary attestation does not conform to schema",
|
|
1514
|
-
|
|
1659
|
+
retryable: false,
|
|
1660
|
+
next_action: "retry_with_different_input",
|
|
1515
1661
|
category: "workflow"
|
|
1516
1662
|
}
|
|
1517
1663
|
};
|
|
1518
1664
|
function getError(code) {
|
|
1519
1665
|
return ERRORS[code];
|
|
1520
1666
|
}
|
|
1521
|
-
function
|
|
1522
|
-
return ERRORS[code]?.
|
|
1667
|
+
function isRetryable(code) {
|
|
1668
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1523
1669
|
}
|
|
1524
1670
|
var BUNDLE_ERRORS = {
|
|
1525
1671
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1709,6 +1855,7 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1709
1855
|
|
|
1710
1856
|
// src/carrier.ts
|
|
1711
1857
|
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1858
|
+
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1712
1859
|
|
|
1713
1860
|
exports.AGENT_PROTOCOLS = AGENT_PROTOCOLS;
|
|
1714
1861
|
exports.ALGORITHMS = ALGORITHMS;
|
|
@@ -1728,6 +1875,7 @@ exports.JWKS = JWKS;
|
|
|
1728
1875
|
exports.LIMITS = LIMITS;
|
|
1729
1876
|
exports.PAYMENT_RAILS = PAYMENT_RAILS;
|
|
1730
1877
|
exports.PEAC_RECEIPT_HEADER = PEAC_RECEIPT_HEADER;
|
|
1878
|
+
exports.PEAC_RECEIPT_URL_HEADER = PEAC_RECEIPT_URL_HEADER;
|
|
1731
1879
|
exports.POLICY = POLICY;
|
|
1732
1880
|
exports.PRIVATE_IP_RANGES = PRIVATE_IP_RANGES;
|
|
1733
1881
|
exports.RECEIPT = RECEIPT;
|
|
@@ -1749,7 +1897,7 @@ exports.findTransportMethod = findTransportMethod;
|
|
|
1749
1897
|
exports.formatHash = formatHash;
|
|
1750
1898
|
exports.getError = getError;
|
|
1751
1899
|
exports.getPeacVaryHeaders = getPeacVaryHeaders;
|
|
1752
|
-
exports.
|
|
1900
|
+
exports.isRetryable = isRetryable;
|
|
1753
1901
|
exports.isValidHash = isValidHash;
|
|
1754
1902
|
exports.needsPurposeVary = needsPurposeVary;
|
|
1755
1903
|
exports.parseHash = parseHash;
|