@peac/kernel 0.11.1 → 0.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -3
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +14 -0
- package/dist/carrier.d.ts.map +1 -1
- package/dist/constants.cjs +2 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +4 -2
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +2 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +325 -149
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +6 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +325 -149
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +329 -150
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +328 -150
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/errors.cjs
CHANGED
|
@@ -65,6 +65,7 @@ var ERROR_CODES = {
|
|
|
65
65
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
66
66
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
67
67
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
68
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
68
69
|
// Infrastructure error codes
|
|
69
70
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
70
71
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -127,6 +128,8 @@ var ERROR_CODES = {
|
|
|
127
128
|
// Verification error codes
|
|
128
129
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
129
130
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
131
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
132
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
130
133
|
// Verifier error codes
|
|
131
134
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
132
135
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -168,7 +171,8 @@ var ERRORS = {
|
|
|
168
171
|
http_status: 400,
|
|
169
172
|
title: "Attribution Chain Too Deep",
|
|
170
173
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
171
|
-
|
|
174
|
+
retryable: false,
|
|
175
|
+
next_action: "retry_with_different_input",
|
|
172
176
|
category: "attribution"
|
|
173
177
|
},
|
|
174
178
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -176,7 +180,8 @@ var ERRORS = {
|
|
|
176
180
|
http_status: 400,
|
|
177
181
|
title: "Attribution Circular Chain",
|
|
178
182
|
description: "Circular reference detected in attribution chain",
|
|
179
|
-
|
|
183
|
+
retryable: false,
|
|
184
|
+
next_action: "retry_with_different_input",
|
|
180
185
|
category: "attribution"
|
|
181
186
|
},
|
|
182
187
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -184,7 +189,8 @@ var ERRORS = {
|
|
|
184
189
|
http_status: 401,
|
|
185
190
|
title: "Attribution Expired",
|
|
186
191
|
description: "Attribution attestation has exceeded its expiration time",
|
|
187
|
-
|
|
192
|
+
retryable: false,
|
|
193
|
+
next_action: "retry_with_different_input",
|
|
188
194
|
category: "attribution"
|
|
189
195
|
},
|
|
190
196
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -192,7 +198,8 @@ var ERRORS = {
|
|
|
192
198
|
http_status: 400,
|
|
193
199
|
title: "Attribution Hash Invalid",
|
|
194
200
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
195
|
-
|
|
201
|
+
retryable: false,
|
|
202
|
+
next_action: "retry_with_different_input",
|
|
196
203
|
category: "attribution"
|
|
197
204
|
},
|
|
198
205
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -200,7 +207,8 @@ var ERRORS = {
|
|
|
200
207
|
http_status: 400,
|
|
201
208
|
title: "Attribution Invalid Format",
|
|
202
209
|
description: "Attribution attestation does not conform to schema",
|
|
203
|
-
|
|
210
|
+
retryable: false,
|
|
211
|
+
next_action: "retry_with_different_input",
|
|
204
212
|
category: "attribution"
|
|
205
213
|
},
|
|
206
214
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -208,7 +216,8 @@ var ERRORS = {
|
|
|
208
216
|
http_status: 400,
|
|
209
217
|
title: "Attribution Invalid Reference",
|
|
210
218
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
211
|
-
|
|
219
|
+
retryable: false,
|
|
220
|
+
next_action: "retry_with_different_input",
|
|
212
221
|
category: "attribution"
|
|
213
222
|
},
|
|
214
223
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -216,7 +225,8 @@ var ERRORS = {
|
|
|
216
225
|
http_status: 400,
|
|
217
226
|
title: "Attribution Invalid Weight",
|
|
218
227
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
219
|
-
|
|
228
|
+
retryable: false,
|
|
229
|
+
next_action: "retry_with_different_input",
|
|
220
230
|
category: "attribution"
|
|
221
231
|
},
|
|
222
232
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -224,7 +234,8 @@ var ERRORS = {
|
|
|
224
234
|
http_status: 400,
|
|
225
235
|
title: "Attribution Missing Sources",
|
|
226
236
|
description: "Attribution attestation has empty sources array",
|
|
227
|
-
|
|
237
|
+
retryable: false,
|
|
238
|
+
next_action: "retry_with_different_input",
|
|
228
239
|
category: "attribution"
|
|
229
240
|
},
|
|
230
241
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -232,7 +243,8 @@ var ERRORS = {
|
|
|
232
243
|
http_status: 401,
|
|
233
244
|
title: "Attribution Not Yet Valid",
|
|
234
245
|
description: "Attribution attestation issued_at time is in the future",
|
|
235
|
-
|
|
246
|
+
retryable: true,
|
|
247
|
+
next_action: "retry_after_delay",
|
|
236
248
|
category: "attribution"
|
|
237
249
|
},
|
|
238
250
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -240,7 +252,8 @@ var ERRORS = {
|
|
|
240
252
|
http_status: 502,
|
|
241
253
|
title: "Attribution Resolution Failed",
|
|
242
254
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
243
|
-
|
|
255
|
+
retryable: true,
|
|
256
|
+
next_action: "retry_after_delay",
|
|
244
257
|
category: "attribution"
|
|
245
258
|
},
|
|
246
259
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -248,7 +261,8 @@ var ERRORS = {
|
|
|
248
261
|
http_status: 504,
|
|
249
262
|
title: "Attribution Resolution Timeout",
|
|
250
263
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
251
|
-
|
|
264
|
+
retryable: true,
|
|
265
|
+
next_action: "retry_after_delay",
|
|
252
266
|
category: "attribution"
|
|
253
267
|
},
|
|
254
268
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -256,7 +270,8 @@ var ERRORS = {
|
|
|
256
270
|
http_status: 400,
|
|
257
271
|
title: "Attribution Size Exceeded",
|
|
258
272
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
259
|
-
|
|
273
|
+
retryable: false,
|
|
274
|
+
next_action: "retry_with_different_input",
|
|
260
275
|
category: "attribution"
|
|
261
276
|
},
|
|
262
277
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -264,7 +279,8 @@ var ERRORS = {
|
|
|
264
279
|
http_status: 400,
|
|
265
280
|
title: "Attribution Too Many Sources",
|
|
266
281
|
description: "Attribution has too many sources (maximum 100)",
|
|
267
|
-
|
|
282
|
+
retryable: false,
|
|
283
|
+
next_action: "retry_with_different_input",
|
|
268
284
|
category: "attribution"
|
|
269
285
|
},
|
|
270
286
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -272,7 +288,8 @@ var ERRORS = {
|
|
|
272
288
|
http_status: 400,
|
|
273
289
|
title: "Attribution Unknown Usage",
|
|
274
290
|
description: "Attribution usage type is not recognized",
|
|
275
|
-
|
|
291
|
+
retryable: false,
|
|
292
|
+
next_action: "retry_with_different_input",
|
|
276
293
|
category: "attribution"
|
|
277
294
|
},
|
|
278
295
|
// Bundle error codes
|
|
@@ -281,7 +298,8 @@ var ERRORS = {
|
|
|
281
298
|
http_status: 400,
|
|
282
299
|
title: "Bundle Duplicate Receipt",
|
|
283
300
|
description: "Bundle contains multiple receipts with the same ID",
|
|
284
|
-
|
|
301
|
+
retryable: false,
|
|
302
|
+
next_action: "retry_with_different_input",
|
|
285
303
|
category: "bundle"
|
|
286
304
|
},
|
|
287
305
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -289,7 +307,8 @@ var ERRORS = {
|
|
|
289
307
|
http_status: 400,
|
|
290
308
|
title: "Bundle Hash Mismatch",
|
|
291
309
|
description: "File hash does not match value declared in manifest.json",
|
|
292
|
-
|
|
310
|
+
retryable: false,
|
|
311
|
+
next_action: "retry_with_different_input",
|
|
293
312
|
category: "bundle"
|
|
294
313
|
},
|
|
295
314
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -297,7 +316,8 @@ var ERRORS = {
|
|
|
297
316
|
http_status: 400,
|
|
298
317
|
title: "Bundle Invalid Format",
|
|
299
318
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
300
|
-
|
|
319
|
+
retryable: false,
|
|
320
|
+
next_action: "retry_with_different_input",
|
|
301
321
|
category: "bundle"
|
|
302
322
|
},
|
|
303
323
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -305,7 +325,8 @@ var ERRORS = {
|
|
|
305
325
|
http_status: 400,
|
|
306
326
|
title: "Bundle Key Missing",
|
|
307
327
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
308
|
-
|
|
328
|
+
retryable: false,
|
|
329
|
+
next_action: "retry_with_different_input",
|
|
309
330
|
category: "bundle"
|
|
310
331
|
},
|
|
311
332
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -313,7 +334,8 @@ var ERRORS = {
|
|
|
313
334
|
http_status: 400,
|
|
314
335
|
title: "Bundle Manifest Invalid",
|
|
315
336
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
316
|
-
|
|
337
|
+
retryable: false,
|
|
338
|
+
next_action: "retry_with_different_input",
|
|
317
339
|
category: "bundle"
|
|
318
340
|
},
|
|
319
341
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -321,7 +343,8 @@ var ERRORS = {
|
|
|
321
343
|
http_status: 400,
|
|
322
344
|
title: "Bundle Manifest Missing",
|
|
323
345
|
description: "manifest.json not found at bundle archive root",
|
|
324
|
-
|
|
346
|
+
retryable: false,
|
|
347
|
+
next_action: "retry_with_different_input",
|
|
325
348
|
category: "bundle"
|
|
326
349
|
},
|
|
327
350
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -329,7 +352,8 @@ var ERRORS = {
|
|
|
329
352
|
http_status: 400,
|
|
330
353
|
title: "Bundle Missing Keys",
|
|
331
354
|
description: "No verification keys provided in bundle JWKS",
|
|
332
|
-
|
|
355
|
+
retryable: false,
|
|
356
|
+
next_action: "retry_with_different_input",
|
|
333
357
|
category: "bundle"
|
|
334
358
|
},
|
|
335
359
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -337,7 +361,8 @@ var ERRORS = {
|
|
|
337
361
|
http_status: 400,
|
|
338
362
|
title: "Bundle Missing Receipts",
|
|
339
363
|
description: "No receipts provided when creating bundle",
|
|
340
|
-
|
|
364
|
+
retryable: false,
|
|
365
|
+
next_action: "retry_with_different_input",
|
|
341
366
|
category: "bundle"
|
|
342
367
|
},
|
|
343
368
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -345,7 +370,8 @@ var ERRORS = {
|
|
|
345
370
|
http_status: 400,
|
|
346
371
|
title: "Bundle Path Traversal",
|
|
347
372
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
348
|
-
|
|
373
|
+
retryable: false,
|
|
374
|
+
next_action: "retry_with_different_input",
|
|
349
375
|
category: "bundle"
|
|
350
376
|
},
|
|
351
377
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -353,7 +379,8 @@ var ERRORS = {
|
|
|
353
379
|
http_status: 400,
|
|
354
380
|
title: "Bundle Policy Hash Mismatch",
|
|
355
381
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
356
|
-
|
|
382
|
+
retryable: false,
|
|
383
|
+
next_action: "retry_with_different_input",
|
|
357
384
|
category: "bundle"
|
|
358
385
|
},
|
|
359
386
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -361,7 +388,8 @@ var ERRORS = {
|
|
|
361
388
|
http_status: 400,
|
|
362
389
|
title: "Bundle Receipts Unordered",
|
|
363
390
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
364
|
-
|
|
391
|
+
retryable: false,
|
|
392
|
+
next_action: "retry_with_different_input",
|
|
365
393
|
category: "bundle"
|
|
366
394
|
},
|
|
367
395
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -369,7 +397,8 @@ var ERRORS = {
|
|
|
369
397
|
http_status: 400,
|
|
370
398
|
title: "Bundle Receipt Invalid",
|
|
371
399
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
372
|
-
|
|
400
|
+
retryable: false,
|
|
401
|
+
next_action: "retry_with_different_input",
|
|
373
402
|
category: "bundle"
|
|
374
403
|
},
|
|
375
404
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -377,7 +406,8 @@ var ERRORS = {
|
|
|
377
406
|
http_status: 400,
|
|
378
407
|
title: "Bundle Signature Invalid",
|
|
379
408
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
380
|
-
|
|
409
|
+
retryable: false,
|
|
410
|
+
next_action: "retry_with_different_input",
|
|
381
411
|
category: "bundle"
|
|
382
412
|
},
|
|
383
413
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -385,7 +415,8 @@ var ERRORS = {
|
|
|
385
415
|
http_status: 400,
|
|
386
416
|
title: "Bundle Size Exceeded",
|
|
387
417
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
388
|
-
|
|
418
|
+
retryable: false,
|
|
419
|
+
next_action: "retry_with_different_input",
|
|
389
420
|
category: "bundle"
|
|
390
421
|
},
|
|
391
422
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -393,7 +424,8 @@ var ERRORS = {
|
|
|
393
424
|
http_status: 400,
|
|
394
425
|
title: "Bundle Time Range Invalid",
|
|
395
426
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
396
|
-
|
|
427
|
+
retryable: false,
|
|
428
|
+
next_action: "retry_with_different_input",
|
|
397
429
|
category: "bundle"
|
|
398
430
|
},
|
|
399
431
|
// Control error codes
|
|
@@ -402,7 +434,8 @@ var ERRORS = {
|
|
|
402
434
|
http_status: 403,
|
|
403
435
|
title: "Control Decision Denied",
|
|
404
436
|
description: "Control engine denied authorization",
|
|
405
|
-
|
|
437
|
+
retryable: false,
|
|
438
|
+
next_action: "contact_issuer",
|
|
406
439
|
category: "control"
|
|
407
440
|
},
|
|
408
441
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -410,7 +443,8 @@ var ERRORS = {
|
|
|
410
443
|
http_status: 202,
|
|
411
444
|
title: "Review Required",
|
|
412
445
|
description: "Control engine requires manual review",
|
|
413
|
-
|
|
446
|
+
retryable: true,
|
|
447
|
+
next_action: "contact_issuer",
|
|
414
448
|
category: "control"
|
|
415
449
|
},
|
|
416
450
|
// Dispute error codes
|
|
@@ -419,7 +453,8 @@ var ERRORS = {
|
|
|
419
453
|
http_status: 409,
|
|
420
454
|
title: "Dispute Duplicate",
|
|
421
455
|
description: "A dispute with this ID already exists",
|
|
422
|
-
|
|
456
|
+
retryable: false,
|
|
457
|
+
next_action: "retry_with_different_input",
|
|
423
458
|
category: "dispute"
|
|
424
459
|
},
|
|
425
460
|
E_DISPUTE_EXPIRED: {
|
|
@@ -427,7 +462,8 @@ var ERRORS = {
|
|
|
427
462
|
http_status: 401,
|
|
428
463
|
title: "Dispute Expired",
|
|
429
464
|
description: "Dispute attestation has exceeded its expiration time",
|
|
430
|
-
|
|
465
|
+
retryable: false,
|
|
466
|
+
next_action: "retry_with_different_input",
|
|
431
467
|
category: "dispute"
|
|
432
468
|
},
|
|
433
469
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -435,7 +471,8 @@ var ERRORS = {
|
|
|
435
471
|
http_status: 400,
|
|
436
472
|
title: "Dispute Invalid Format",
|
|
437
473
|
description: "Dispute attestation does not conform to schema",
|
|
438
|
-
|
|
474
|
+
retryable: false,
|
|
475
|
+
next_action: "retry_with_different_input",
|
|
439
476
|
category: "dispute"
|
|
440
477
|
},
|
|
441
478
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -443,7 +480,8 @@ var ERRORS = {
|
|
|
443
480
|
http_status: 400,
|
|
444
481
|
title: "Dispute Invalid Grounds",
|
|
445
482
|
description: "Dispute grounds code is not recognized",
|
|
446
|
-
|
|
483
|
+
retryable: false,
|
|
484
|
+
next_action: "retry_with_different_input",
|
|
447
485
|
category: "dispute"
|
|
448
486
|
},
|
|
449
487
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -451,7 +489,8 @@ var ERRORS = {
|
|
|
451
489
|
http_status: 400,
|
|
452
490
|
title: "Dispute Invalid ID",
|
|
453
491
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
454
|
-
|
|
492
|
+
retryable: false,
|
|
493
|
+
next_action: "retry_with_different_input",
|
|
455
494
|
category: "dispute"
|
|
456
495
|
},
|
|
457
496
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -459,7 +498,8 @@ var ERRORS = {
|
|
|
459
498
|
http_status: 400,
|
|
460
499
|
title: "Dispute Invalid State",
|
|
461
500
|
description: "Dispute state is not recognized",
|
|
462
|
-
|
|
501
|
+
retryable: false,
|
|
502
|
+
next_action: "retry_with_different_input",
|
|
463
503
|
category: "dispute"
|
|
464
504
|
},
|
|
465
505
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -467,7 +507,8 @@ var ERRORS = {
|
|
|
467
507
|
http_status: 400,
|
|
468
508
|
title: "Dispute Invalid Target Type",
|
|
469
509
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
470
|
-
|
|
510
|
+
retryable: false,
|
|
511
|
+
next_action: "retry_with_different_input",
|
|
471
512
|
category: "dispute"
|
|
472
513
|
},
|
|
473
514
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -475,7 +516,8 @@ var ERRORS = {
|
|
|
475
516
|
http_status: 400,
|
|
476
517
|
title: "Dispute Invalid Transition",
|
|
477
518
|
description: "Invalid state transition for dispute lifecycle",
|
|
478
|
-
|
|
519
|
+
retryable: false,
|
|
520
|
+
next_action: "retry_with_different_input",
|
|
479
521
|
category: "dispute"
|
|
480
522
|
},
|
|
481
523
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -483,7 +525,8 @@ var ERRORS = {
|
|
|
483
525
|
http_status: 400,
|
|
484
526
|
title: "Dispute Invalid Type",
|
|
485
527
|
description: "Dispute type is not recognized",
|
|
486
|
-
|
|
528
|
+
retryable: false,
|
|
529
|
+
next_action: "retry_with_different_input",
|
|
487
530
|
category: "dispute"
|
|
488
531
|
},
|
|
489
532
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -491,7 +534,8 @@ var ERRORS = {
|
|
|
491
534
|
http_status: 400,
|
|
492
535
|
title: "Dispute Missing Resolution",
|
|
493
536
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
494
|
-
|
|
537
|
+
retryable: false,
|
|
538
|
+
next_action: "retry_with_different_input",
|
|
495
539
|
category: "dispute"
|
|
496
540
|
},
|
|
497
541
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -499,7 +543,8 @@ var ERRORS = {
|
|
|
499
543
|
http_status: 401,
|
|
500
544
|
title: "Dispute Not Yet Valid",
|
|
501
545
|
description: "Dispute attestation issued_at time is in the future",
|
|
502
|
-
|
|
546
|
+
retryable: true,
|
|
547
|
+
next_action: "retry_after_delay",
|
|
503
548
|
category: "dispute"
|
|
504
549
|
},
|
|
505
550
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -507,7 +552,8 @@ var ERRORS = {
|
|
|
507
552
|
http_status: 400,
|
|
508
553
|
title: "Dispute Other Requires Description",
|
|
509
554
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
510
|
-
|
|
555
|
+
retryable: false,
|
|
556
|
+
next_action: "retry_with_different_input",
|
|
511
557
|
category: "dispute"
|
|
512
558
|
},
|
|
513
559
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -515,7 +561,8 @@ var ERRORS = {
|
|
|
515
561
|
http_status: 400,
|
|
516
562
|
title: "Dispute Resolution Not Allowed",
|
|
517
563
|
description: "Resolution is only valid for terminal states",
|
|
518
|
-
|
|
564
|
+
retryable: false,
|
|
565
|
+
next_action: "retry_with_different_input",
|
|
519
566
|
category: "dispute"
|
|
520
567
|
},
|
|
521
568
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -523,7 +570,8 @@ var ERRORS = {
|
|
|
523
570
|
http_status: 404,
|
|
524
571
|
title: "Dispute Target Not Found",
|
|
525
572
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
526
|
-
|
|
573
|
+
retryable: true,
|
|
574
|
+
next_action: "retry_after_delay",
|
|
527
575
|
category: "dispute"
|
|
528
576
|
},
|
|
529
577
|
// Identity error codes
|
|
@@ -532,7 +580,8 @@ var ERRORS = {
|
|
|
532
580
|
http_status: 400,
|
|
533
581
|
title: "Identity Binding Future",
|
|
534
582
|
description: "Identity binding signed_at timestamp is in the future",
|
|
535
|
-
|
|
583
|
+
retryable: false,
|
|
584
|
+
next_action: "retry_with_different_input",
|
|
536
585
|
category: "identity"
|
|
537
586
|
},
|
|
538
587
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -540,7 +589,8 @@ var ERRORS = {
|
|
|
540
589
|
http_status: 400,
|
|
541
590
|
title: "Identity Binding Mismatch",
|
|
542
591
|
description: "Identity binding does not match the request being verified",
|
|
543
|
-
|
|
592
|
+
retryable: false,
|
|
593
|
+
next_action: "retry_with_different_input",
|
|
544
594
|
category: "identity"
|
|
545
595
|
},
|
|
546
596
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -548,7 +598,8 @@ var ERRORS = {
|
|
|
548
598
|
http_status: 401,
|
|
549
599
|
title: "Identity Binding Stale",
|
|
550
600
|
description: "Identity binding is too old and requires fresh binding",
|
|
551
|
-
|
|
601
|
+
retryable: true,
|
|
602
|
+
next_action: "retry_after_delay",
|
|
552
603
|
category: "identity"
|
|
553
604
|
},
|
|
554
605
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -556,7 +607,8 @@ var ERRORS = {
|
|
|
556
607
|
http_status: 503,
|
|
557
608
|
title: "Identity Directory Unavailable",
|
|
558
609
|
description: "Failed to fetch agent key directory",
|
|
559
|
-
|
|
610
|
+
retryable: true,
|
|
611
|
+
next_action: "retry_after_delay",
|
|
560
612
|
category: "identity"
|
|
561
613
|
},
|
|
562
614
|
E_IDENTITY_EXPIRED: {
|
|
@@ -564,7 +616,8 @@ var ERRORS = {
|
|
|
564
616
|
http_status: 401,
|
|
565
617
|
title: "Identity Expired",
|
|
566
618
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
567
|
-
|
|
619
|
+
retryable: false,
|
|
620
|
+
next_action: "refresh_attestation",
|
|
568
621
|
category: "identity"
|
|
569
622
|
},
|
|
570
623
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -572,7 +625,8 @@ var ERRORS = {
|
|
|
572
625
|
http_status: 400,
|
|
573
626
|
title: "Identity Invalid Format",
|
|
574
627
|
description: "Agent identity attestation does not conform to schema",
|
|
575
|
-
|
|
628
|
+
retryable: false,
|
|
629
|
+
next_action: "retry_with_different_input",
|
|
576
630
|
category: "identity"
|
|
577
631
|
},
|
|
578
632
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -580,7 +634,8 @@ var ERRORS = {
|
|
|
580
634
|
http_status: 401,
|
|
581
635
|
title: "Identity Key Expired",
|
|
582
636
|
description: "Agent signing key has expired per directory metadata",
|
|
583
|
-
|
|
637
|
+
retryable: false,
|
|
638
|
+
next_action: "refresh_attestation",
|
|
584
639
|
category: "identity"
|
|
585
640
|
},
|
|
586
641
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -588,7 +643,8 @@ var ERRORS = {
|
|
|
588
643
|
http_status: 401,
|
|
589
644
|
title: "Identity Key Revoked",
|
|
590
645
|
description: "Agent signing key has been explicitly revoked",
|
|
591
|
-
|
|
646
|
+
retryable: false,
|
|
647
|
+
next_action: "refresh_attestation",
|
|
592
648
|
category: "identity"
|
|
593
649
|
},
|
|
594
650
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -596,7 +652,8 @@ var ERRORS = {
|
|
|
596
652
|
http_status: 401,
|
|
597
653
|
title: "Identity Key Unknown",
|
|
598
654
|
description: "Key ID not found in agent key directory",
|
|
599
|
-
|
|
655
|
+
retryable: true,
|
|
656
|
+
next_action: "retry_after_delay",
|
|
600
657
|
category: "identity"
|
|
601
658
|
},
|
|
602
659
|
E_IDENTITY_MISSING: {
|
|
@@ -604,7 +661,8 @@ var ERRORS = {
|
|
|
604
661
|
http_status: 401,
|
|
605
662
|
title: "Identity Missing",
|
|
606
663
|
description: "No agent identity attestation provided in request",
|
|
607
|
-
|
|
664
|
+
retryable: false,
|
|
665
|
+
next_action: "retry_with_different_input",
|
|
608
666
|
category: "identity"
|
|
609
667
|
},
|
|
610
668
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -612,7 +670,8 @@ var ERRORS = {
|
|
|
612
670
|
http_status: 401,
|
|
613
671
|
title: "Identity Not Yet Valid",
|
|
614
672
|
description: "Agent identity attestation issued_at time is in the future",
|
|
615
|
-
|
|
673
|
+
retryable: true,
|
|
674
|
+
next_action: "retry_after_delay",
|
|
616
675
|
category: "identity"
|
|
617
676
|
},
|
|
618
677
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -620,7 +679,8 @@ var ERRORS = {
|
|
|
620
679
|
http_status: 400,
|
|
621
680
|
title: "Identity Proof Unsupported",
|
|
622
681
|
description: "Agent identity proof method is not supported",
|
|
623
|
-
|
|
682
|
+
retryable: false,
|
|
683
|
+
next_action: "retry_with_different_input",
|
|
624
684
|
category: "identity"
|
|
625
685
|
},
|
|
626
686
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -628,7 +688,17 @@ var ERRORS = {
|
|
|
628
688
|
http_status: 401,
|
|
629
689
|
title: "Identity Signature Invalid",
|
|
630
690
|
description: "Agent identity proof signature verification failed",
|
|
631
|
-
|
|
691
|
+
retryable: false,
|
|
692
|
+
next_action: "retry_with_different_input",
|
|
693
|
+
category: "identity"
|
|
694
|
+
},
|
|
695
|
+
E_MVIS_INCOMPLETE: {
|
|
696
|
+
code: "E_MVIS_INCOMPLETE",
|
|
697
|
+
http_status: 400,
|
|
698
|
+
title: "MVIS Incomplete",
|
|
699
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
700
|
+
retryable: false,
|
|
701
|
+
next_action: "retry_with_different_input",
|
|
632
702
|
category: "identity"
|
|
633
703
|
},
|
|
634
704
|
// Infrastructure error codes
|
|
@@ -637,7 +707,8 @@ var ERRORS = {
|
|
|
637
707
|
http_status: 503,
|
|
638
708
|
title: "Circuit Breaker Open",
|
|
639
709
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
640
|
-
|
|
710
|
+
retryable: true,
|
|
711
|
+
next_action: "retry_after_delay",
|
|
641
712
|
category: "infrastructure"
|
|
642
713
|
},
|
|
643
714
|
E_INTERNAL: {
|
|
@@ -645,7 +716,8 @@ var ERRORS = {
|
|
|
645
716
|
http_status: 500,
|
|
646
717
|
title: "Internal Error",
|
|
647
718
|
description: "An unexpected internal error occurred during verification",
|
|
648
|
-
|
|
719
|
+
retryable: true,
|
|
720
|
+
next_action: "retry_after_delay",
|
|
649
721
|
category: "infrastructure"
|
|
650
722
|
},
|
|
651
723
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -653,7 +725,8 @@ var ERRORS = {
|
|
|
653
725
|
http_status: 503,
|
|
654
726
|
title: "JWKS Fetch Failed",
|
|
655
727
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
656
|
-
|
|
728
|
+
retryable: true,
|
|
729
|
+
next_action: "retry_after_delay",
|
|
657
730
|
category: "infrastructure"
|
|
658
731
|
},
|
|
659
732
|
E_RATE_LIMITED: {
|
|
@@ -661,7 +734,8 @@ var ERRORS = {
|
|
|
661
734
|
http_status: 429,
|
|
662
735
|
title: "Rate Limited",
|
|
663
736
|
description: "Too many requests, please retry later",
|
|
664
|
-
|
|
737
|
+
retryable: true,
|
|
738
|
+
next_action: "retry_after_delay",
|
|
665
739
|
category: "infrastructure"
|
|
666
740
|
},
|
|
667
741
|
// Interaction error codes
|
|
@@ -670,7 +744,8 @@ var ERRORS = {
|
|
|
670
744
|
http_status: 400,
|
|
671
745
|
title: "Interaction Invalid Digest",
|
|
672
746
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
673
|
-
|
|
747
|
+
retryable: false,
|
|
748
|
+
next_action: "retry_with_different_input",
|
|
674
749
|
category: "interaction"
|
|
675
750
|
},
|
|
676
751
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -678,7 +753,8 @@ var ERRORS = {
|
|
|
678
753
|
http_status: 400,
|
|
679
754
|
title: "Interaction Invalid Digest Algorithm",
|
|
680
755
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
681
|
-
|
|
756
|
+
retryable: false,
|
|
757
|
+
next_action: "retry_with_different_input",
|
|
682
758
|
category: "interaction"
|
|
683
759
|
},
|
|
684
760
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -686,7 +762,8 @@ var ERRORS = {
|
|
|
686
762
|
http_status: 400,
|
|
687
763
|
title: "Interaction Invalid Extension Key",
|
|
688
764
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
689
|
-
|
|
765
|
+
retryable: false,
|
|
766
|
+
next_action: "retry_with_different_input",
|
|
690
767
|
category: "interaction"
|
|
691
768
|
},
|
|
692
769
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -694,7 +771,8 @@ var ERRORS = {
|
|
|
694
771
|
http_status: 400,
|
|
695
772
|
title: "Interaction Invalid Format",
|
|
696
773
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
697
|
-
|
|
774
|
+
retryable: false,
|
|
775
|
+
next_action: "retry_with_different_input",
|
|
698
776
|
category: "interaction"
|
|
699
777
|
},
|
|
700
778
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -702,7 +780,8 @@ var ERRORS = {
|
|
|
702
780
|
http_status: 400,
|
|
703
781
|
title: "Interaction Invalid Kind Format",
|
|
704
782
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
705
|
-
|
|
783
|
+
retryable: false,
|
|
784
|
+
next_action: "retry_with_different_input",
|
|
706
785
|
category: "interaction"
|
|
707
786
|
},
|
|
708
787
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -710,7 +789,8 @@ var ERRORS = {
|
|
|
710
789
|
http_status: 400,
|
|
711
790
|
title: "Interaction Invalid Timing",
|
|
712
791
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
713
|
-
|
|
792
|
+
retryable: false,
|
|
793
|
+
next_action: "retry_with_different_input",
|
|
714
794
|
category: "interaction"
|
|
715
795
|
},
|
|
716
796
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -718,7 +798,8 @@ var ERRORS = {
|
|
|
718
798
|
http_status: 400,
|
|
719
799
|
title: "Interaction Kind Reserved",
|
|
720
800
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
721
|
-
|
|
801
|
+
retryable: false,
|
|
802
|
+
next_action: "retry_with_different_input",
|
|
722
803
|
category: "interaction"
|
|
723
804
|
},
|
|
724
805
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -726,7 +807,8 @@ var ERRORS = {
|
|
|
726
807
|
http_status: 400,
|
|
727
808
|
title: "Interaction Missing Error Detail",
|
|
728
809
|
description: "error_code or extensions required when result.status is error",
|
|
729
|
-
|
|
810
|
+
retryable: false,
|
|
811
|
+
next_action: "retry_with_different_input",
|
|
730
812
|
category: "interaction"
|
|
731
813
|
},
|
|
732
814
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -734,7 +816,8 @@ var ERRORS = {
|
|
|
734
816
|
http_status: 400,
|
|
735
817
|
title: "Interaction Missing Executor",
|
|
736
818
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
737
|
-
|
|
819
|
+
retryable: false,
|
|
820
|
+
next_action: "retry_with_different_input",
|
|
738
821
|
category: "interaction"
|
|
739
822
|
},
|
|
740
823
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -742,7 +825,8 @@ var ERRORS = {
|
|
|
742
825
|
http_status: 400,
|
|
743
826
|
title: "Interaction Missing ID",
|
|
744
827
|
description: "Interaction evidence is missing required interaction_id field",
|
|
745
|
-
|
|
828
|
+
retryable: false,
|
|
829
|
+
next_action: "retry_with_different_input",
|
|
746
830
|
category: "interaction"
|
|
747
831
|
},
|
|
748
832
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -750,7 +834,8 @@ var ERRORS = {
|
|
|
750
834
|
http_status: 400,
|
|
751
835
|
title: "Interaction Missing Kind",
|
|
752
836
|
description: "Interaction evidence is missing required kind field",
|
|
753
|
-
|
|
837
|
+
retryable: false,
|
|
838
|
+
next_action: "retry_with_different_input",
|
|
754
839
|
category: "interaction"
|
|
755
840
|
},
|
|
756
841
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -758,7 +843,8 @@ var ERRORS = {
|
|
|
758
843
|
http_status: 400,
|
|
759
844
|
title: "Interaction Missing Result",
|
|
760
845
|
description: "result.status is required when output is present",
|
|
761
|
-
|
|
846
|
+
retryable: false,
|
|
847
|
+
next_action: "retry_with_different_input",
|
|
762
848
|
category: "interaction"
|
|
763
849
|
},
|
|
764
850
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -766,7 +852,8 @@ var ERRORS = {
|
|
|
766
852
|
http_status: 400,
|
|
767
853
|
title: "Interaction Missing Started At",
|
|
768
854
|
description: "Interaction evidence is missing required started_at field",
|
|
769
|
-
|
|
855
|
+
retryable: false,
|
|
856
|
+
next_action: "retry_with_different_input",
|
|
770
857
|
category: "interaction"
|
|
771
858
|
},
|
|
772
859
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -774,7 +861,8 @@ var ERRORS = {
|
|
|
774
861
|
http_status: 400,
|
|
775
862
|
title: "Interaction Missing Target",
|
|
776
863
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
777
|
-
|
|
864
|
+
retryable: false,
|
|
865
|
+
next_action: "retry_with_different_input",
|
|
778
866
|
category: "interaction"
|
|
779
867
|
},
|
|
780
868
|
// Ucp error codes
|
|
@@ -783,7 +871,8 @@ var ERRORS = {
|
|
|
783
871
|
http_status: 500,
|
|
784
872
|
title: "UCP Evidence Serialization Failed",
|
|
785
873
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
786
|
-
|
|
874
|
+
retryable: false,
|
|
875
|
+
next_action: "retry_with_different_input",
|
|
787
876
|
category: "ucp"
|
|
788
877
|
},
|
|
789
878
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -791,7 +880,8 @@ var ERRORS = {
|
|
|
791
880
|
http_status: 401,
|
|
792
881
|
title: "UCP Key Algorithm Mismatch",
|
|
793
882
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
794
|
-
|
|
883
|
+
retryable: false,
|
|
884
|
+
next_action: "retry_with_different_input",
|
|
795
885
|
category: "ucp"
|
|
796
886
|
},
|
|
797
887
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -799,7 +889,8 @@ var ERRORS = {
|
|
|
799
889
|
http_status: 401,
|
|
800
890
|
title: "UCP Key Curve Mismatch",
|
|
801
891
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
802
|
-
|
|
892
|
+
retryable: false,
|
|
893
|
+
next_action: "retry_with_different_input",
|
|
803
894
|
category: "ucp"
|
|
804
895
|
},
|
|
805
896
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -807,7 +898,8 @@ var ERRORS = {
|
|
|
807
898
|
http_status: 401,
|
|
808
899
|
title: "UCP Key Not Found",
|
|
809
900
|
description: "Key ID from signature not found in business UCP profile",
|
|
810
|
-
|
|
901
|
+
retryable: true,
|
|
902
|
+
next_action: "retry_after_delay",
|
|
811
903
|
category: "ucp"
|
|
812
904
|
},
|
|
813
905
|
E_UCP_ORDER_INVALID: {
|
|
@@ -815,7 +907,8 @@ var ERRORS = {
|
|
|
815
907
|
http_status: 400,
|
|
816
908
|
title: "UCP Order Invalid",
|
|
817
909
|
description: "UCP order object does not conform to expected schema",
|
|
818
|
-
|
|
910
|
+
retryable: false,
|
|
911
|
+
next_action: "retry_with_different_input",
|
|
819
912
|
category: "ucp"
|
|
820
913
|
},
|
|
821
914
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -823,7 +916,8 @@ var ERRORS = {
|
|
|
823
916
|
http_status: 400,
|
|
824
917
|
title: "UCP Order Missing ID",
|
|
825
918
|
description: "UCP order is missing required id field",
|
|
826
|
-
|
|
919
|
+
retryable: false,
|
|
920
|
+
next_action: "retry_with_different_input",
|
|
827
921
|
category: "ucp"
|
|
828
922
|
},
|
|
829
923
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -831,7 +925,8 @@ var ERRORS = {
|
|
|
831
925
|
http_status: 400,
|
|
832
926
|
title: "UCP Order Missing Line Items",
|
|
833
927
|
description: "UCP order is missing required line_items array",
|
|
834
|
-
|
|
928
|
+
retryable: false,
|
|
929
|
+
next_action: "retry_with_different_input",
|
|
835
930
|
category: "ucp"
|
|
836
931
|
},
|
|
837
932
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -839,7 +934,8 @@ var ERRORS = {
|
|
|
839
934
|
http_status: 400,
|
|
840
935
|
title: "UCP Order Missing Totals",
|
|
841
936
|
description: "UCP order is missing required totals array or total entry",
|
|
842
|
-
|
|
937
|
+
retryable: false,
|
|
938
|
+
next_action: "retry_with_different_input",
|
|
843
939
|
category: "ucp"
|
|
844
940
|
},
|
|
845
941
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -847,7 +943,8 @@ var ERRORS = {
|
|
|
847
943
|
http_status: 400,
|
|
848
944
|
title: "UCP Payload Empty",
|
|
849
945
|
description: "Webhook request body is empty",
|
|
850
|
-
|
|
946
|
+
retryable: false,
|
|
947
|
+
next_action: "retry_with_different_input",
|
|
851
948
|
category: "ucp"
|
|
852
949
|
},
|
|
853
950
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -855,7 +952,8 @@ var ERRORS = {
|
|
|
855
952
|
http_status: 400,
|
|
856
953
|
title: "UCP Payload Not JSON",
|
|
857
954
|
description: "Webhook request body is not valid JSON",
|
|
858
|
-
|
|
955
|
+
retryable: false,
|
|
956
|
+
next_action: "retry_with_different_input",
|
|
859
957
|
category: "ucp"
|
|
860
958
|
},
|
|
861
959
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -863,7 +961,8 @@ var ERRORS = {
|
|
|
863
961
|
http_status: 400,
|
|
864
962
|
title: "UCP Payload Too Large",
|
|
865
963
|
description: "Webhook request body exceeds maximum allowed size",
|
|
866
|
-
|
|
964
|
+
retryable: false,
|
|
965
|
+
next_action: "retry_with_different_input",
|
|
867
966
|
category: "ucp"
|
|
868
967
|
},
|
|
869
968
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -871,7 +970,8 @@ var ERRORS = {
|
|
|
871
970
|
http_status: 502,
|
|
872
971
|
title: "UCP Profile Fetch Failed",
|
|
873
972
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
874
|
-
|
|
973
|
+
retryable: true,
|
|
974
|
+
next_action: "retry_after_delay",
|
|
875
975
|
category: "ucp"
|
|
876
976
|
},
|
|
877
977
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -879,7 +979,8 @@ var ERRORS = {
|
|
|
879
979
|
http_status: 502,
|
|
880
980
|
title: "UCP Profile Invalid",
|
|
881
981
|
description: "Business UCP profile does not conform to expected schema",
|
|
882
|
-
|
|
982
|
+
retryable: false,
|
|
983
|
+
next_action: "retry_with_different_input",
|
|
883
984
|
category: "ucp"
|
|
884
985
|
},
|
|
885
986
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -887,7 +988,8 @@ var ERRORS = {
|
|
|
887
988
|
http_status: 502,
|
|
888
989
|
title: "UCP Profile No Signing Keys",
|
|
889
990
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
890
|
-
|
|
991
|
+
retryable: false,
|
|
992
|
+
next_action: "retry_with_different_input",
|
|
891
993
|
category: "ucp"
|
|
892
994
|
},
|
|
893
995
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -895,7 +997,8 @@ var ERRORS = {
|
|
|
895
997
|
http_status: 400,
|
|
896
998
|
title: "UCP Signature Algorithm Unsupported",
|
|
897
999
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
898
|
-
|
|
1000
|
+
retryable: false,
|
|
1001
|
+
next_action: "retry_with_different_input",
|
|
899
1002
|
category: "ucp"
|
|
900
1003
|
},
|
|
901
1004
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -903,7 +1006,8 @@ var ERRORS = {
|
|
|
903
1006
|
http_status: 400,
|
|
904
1007
|
title: "UCP Signature b64 Invalid",
|
|
905
1008
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
906
|
-
|
|
1009
|
+
retryable: false,
|
|
1010
|
+
next_action: "retry_with_different_input",
|
|
907
1011
|
category: "ucp"
|
|
908
1012
|
},
|
|
909
1013
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -911,7 +1015,8 @@ var ERRORS = {
|
|
|
911
1015
|
http_status: 401,
|
|
912
1016
|
title: "UCP Signature Invalid",
|
|
913
1017
|
description: "Webhook signature verification failed against payload",
|
|
914
|
-
|
|
1018
|
+
retryable: false,
|
|
1019
|
+
next_action: "retry_with_different_input",
|
|
915
1020
|
category: "ucp"
|
|
916
1021
|
},
|
|
917
1022
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -919,7 +1024,8 @@ var ERRORS = {
|
|
|
919
1024
|
http_status: 400,
|
|
920
1025
|
title: "UCP Signature Malformed",
|
|
921
1026
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
922
|
-
|
|
1027
|
+
retryable: false,
|
|
1028
|
+
next_action: "retry_with_different_input",
|
|
923
1029
|
category: "ucp"
|
|
924
1030
|
},
|
|
925
1031
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -927,7 +1033,8 @@ var ERRORS = {
|
|
|
927
1033
|
http_status: 400,
|
|
928
1034
|
title: "UCP Signature Missing",
|
|
929
1035
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
930
|
-
|
|
1036
|
+
retryable: false,
|
|
1037
|
+
next_action: "retry_with_different_input",
|
|
931
1038
|
category: "ucp"
|
|
932
1039
|
},
|
|
933
1040
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -935,7 +1042,8 @@ var ERRORS = {
|
|
|
935
1042
|
http_status: 401,
|
|
936
1043
|
title: "UCP Verification Failed",
|
|
937
1044
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
938
|
-
|
|
1045
|
+
retryable: false,
|
|
1046
|
+
next_action: "retry_with_different_input",
|
|
939
1047
|
category: "ucp"
|
|
940
1048
|
},
|
|
941
1049
|
// Validation error codes
|
|
@@ -944,7 +1052,8 @@ var ERRORS = {
|
|
|
944
1052
|
http_status: 400,
|
|
945
1053
|
title: "Kernel Constraint Violation",
|
|
946
1054
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
947
|
-
|
|
1055
|
+
retryable: false,
|
|
1056
|
+
next_action: "retry_with_different_input",
|
|
948
1057
|
category: "validation"
|
|
949
1058
|
},
|
|
950
1059
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -952,7 +1061,8 @@ var ERRORS = {
|
|
|
952
1061
|
http_status: 400,
|
|
953
1062
|
title: "Evidence Not JSON-Safe",
|
|
954
1063
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
955
|
-
|
|
1064
|
+
retryable: false,
|
|
1065
|
+
next_action: "retry_with_different_input",
|
|
956
1066
|
category: "validation"
|
|
957
1067
|
},
|
|
958
1068
|
E_EXPIRED: {
|
|
@@ -960,7 +1070,8 @@ var ERRORS = {
|
|
|
960
1070
|
http_status: 400,
|
|
961
1071
|
title: "Receipt Expired",
|
|
962
1072
|
description: "Receipt has exceeded its expiration time",
|
|
963
|
-
|
|
1073
|
+
retryable: false,
|
|
1074
|
+
next_action: "retry_with_different_input",
|
|
964
1075
|
category: "validation"
|
|
965
1076
|
},
|
|
966
1077
|
E_INVALID_AMOUNT: {
|
|
@@ -968,7 +1079,8 @@ var ERRORS = {
|
|
|
968
1079
|
http_status: 400,
|
|
969
1080
|
title: "Invalid Amount",
|
|
970
1081
|
description: "Payment amount is invalid or out of allowed range",
|
|
971
|
-
|
|
1082
|
+
retryable: false,
|
|
1083
|
+
next_action: "retry_with_different_input",
|
|
972
1084
|
category: "validation"
|
|
973
1085
|
},
|
|
974
1086
|
E_INVALID_AUDIENCE: {
|
|
@@ -976,7 +1088,8 @@ var ERRORS = {
|
|
|
976
1088
|
http_status: 400,
|
|
977
1089
|
title: "Invalid Audience",
|
|
978
1090
|
description: "Receipt audience claim does not match expected value",
|
|
979
|
-
|
|
1091
|
+
retryable: false,
|
|
1092
|
+
next_action: "retry_with_different_input",
|
|
980
1093
|
category: "validation"
|
|
981
1094
|
},
|
|
982
1095
|
E_INVALID_CURRENCY: {
|
|
@@ -984,7 +1097,8 @@ var ERRORS = {
|
|
|
984
1097
|
http_status: 400,
|
|
985
1098
|
title: "Invalid Currency",
|
|
986
1099
|
description: "Currency code is not a valid ISO 4217 code",
|
|
987
|
-
|
|
1100
|
+
retryable: false,
|
|
1101
|
+
next_action: "retry_with_different_input",
|
|
988
1102
|
category: "validation"
|
|
989
1103
|
},
|
|
990
1104
|
E_INVALID_FORMAT: {
|
|
@@ -992,7 +1106,8 @@ var ERRORS = {
|
|
|
992
1106
|
http_status: 400,
|
|
993
1107
|
title: "Invalid Format",
|
|
994
1108
|
description: "Receipt does not conform to JWS format",
|
|
995
|
-
|
|
1109
|
+
retryable: false,
|
|
1110
|
+
next_action: "retry_with_different_input",
|
|
996
1111
|
category: "validation"
|
|
997
1112
|
},
|
|
998
1113
|
E_INVALID_ISSUER: {
|
|
@@ -1000,7 +1115,8 @@ var ERRORS = {
|
|
|
1000
1115
|
http_status: 400,
|
|
1001
1116
|
title: "Invalid Issuer",
|
|
1002
1117
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1003
|
-
|
|
1118
|
+
retryable: false,
|
|
1119
|
+
next_action: "retry_with_different_input",
|
|
1004
1120
|
category: "validation"
|
|
1005
1121
|
},
|
|
1006
1122
|
E_INVALID_RAIL: {
|
|
@@ -1008,7 +1124,8 @@ var ERRORS = {
|
|
|
1008
1124
|
http_status: 400,
|
|
1009
1125
|
title: "Invalid Payment Rail",
|
|
1010
1126
|
description: "Payment rail identifier is not recognized",
|
|
1011
|
-
|
|
1127
|
+
retryable: false,
|
|
1128
|
+
next_action: "retry_with_different_input",
|
|
1012
1129
|
category: "validation"
|
|
1013
1130
|
},
|
|
1014
1131
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1016,7 +1133,8 @@ var ERRORS = {
|
|
|
1016
1133
|
http_status: 400,
|
|
1017
1134
|
title: "Invalid Receipt ID",
|
|
1018
1135
|
description: "Receipt ID (rid) does not match expected value",
|
|
1019
|
-
|
|
1136
|
+
retryable: false,
|
|
1137
|
+
next_action: "retry_with_different_input",
|
|
1020
1138
|
category: "validation"
|
|
1021
1139
|
},
|
|
1022
1140
|
E_INVALID_SUBJECT: {
|
|
@@ -1024,7 +1142,8 @@ var ERRORS = {
|
|
|
1024
1142
|
http_status: 400,
|
|
1025
1143
|
title: "Invalid Subject",
|
|
1026
1144
|
description: "Receipt subject claim does not match expected value",
|
|
1027
|
-
|
|
1145
|
+
retryable: false,
|
|
1146
|
+
next_action: "retry_with_different_input",
|
|
1028
1147
|
category: "validation"
|
|
1029
1148
|
},
|
|
1030
1149
|
E_MISSING_EXP: {
|
|
@@ -1032,7 +1151,8 @@ var ERRORS = {
|
|
|
1032
1151
|
http_status: 400,
|
|
1033
1152
|
title: "Missing Expiration",
|
|
1034
1153
|
description: "Receipt is missing required exp claim",
|
|
1035
|
-
|
|
1154
|
+
retryable: false,
|
|
1155
|
+
next_action: "retry_with_different_input",
|
|
1036
1156
|
category: "validation"
|
|
1037
1157
|
},
|
|
1038
1158
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1040,7 +1160,8 @@ var ERRORS = {
|
|
|
1040
1160
|
http_status: 400,
|
|
1041
1161
|
title: "Missing Required Claim",
|
|
1042
1162
|
description: "Receipt is missing a required JWT claim",
|
|
1043
|
-
|
|
1163
|
+
retryable: false,
|
|
1164
|
+
next_action: "retry_with_different_input",
|
|
1044
1165
|
category: "validation"
|
|
1045
1166
|
},
|
|
1046
1167
|
E_NOT_YET_VALID: {
|
|
@@ -1048,7 +1169,8 @@ var ERRORS = {
|
|
|
1048
1169
|
http_status: 400,
|
|
1049
1170
|
title: "Not Yet Valid",
|
|
1050
1171
|
description: "Receipt nbf (not before) time is in the future",
|
|
1051
|
-
|
|
1172
|
+
retryable: true,
|
|
1173
|
+
next_action: "retry_after_delay",
|
|
1052
1174
|
category: "validation"
|
|
1053
1175
|
},
|
|
1054
1176
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1056,7 +1178,8 @@ var ERRORS = {
|
|
|
1056
1178
|
http_status: 400,
|
|
1057
1179
|
title: "Attestation Receipt Invalid",
|
|
1058
1180
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1059
|
-
|
|
1181
|
+
retryable: false,
|
|
1182
|
+
next_action: "retry_with_different_input",
|
|
1060
1183
|
category: "validation"
|
|
1061
1184
|
},
|
|
1062
1185
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1064,7 +1187,8 @@ var ERRORS = {
|
|
|
1064
1187
|
http_status: 400,
|
|
1065
1188
|
title: "Commerce Receipt Invalid",
|
|
1066
1189
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1067
|
-
|
|
1190
|
+
retryable: false,
|
|
1191
|
+
next_action: "retry_with_different_input",
|
|
1068
1192
|
category: "validation"
|
|
1069
1193
|
},
|
|
1070
1194
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1072,7 +1196,8 @@ var ERRORS = {
|
|
|
1072
1196
|
http_status: 400,
|
|
1073
1197
|
title: "Parse Invalid Input",
|
|
1074
1198
|
description: "Input to receipt parser is not a non-null object",
|
|
1075
|
-
|
|
1199
|
+
retryable: false,
|
|
1200
|
+
next_action: "retry_with_different_input",
|
|
1076
1201
|
category: "validation"
|
|
1077
1202
|
},
|
|
1078
1203
|
// Verification error codes
|
|
@@ -1081,7 +1206,8 @@ var ERRORS = {
|
|
|
1081
1206
|
http_status: 400,
|
|
1082
1207
|
title: "Invalid Signature",
|
|
1083
1208
|
description: "Receipt signature verification failed",
|
|
1084
|
-
|
|
1209
|
+
retryable: false,
|
|
1210
|
+
next_action: "abort",
|
|
1085
1211
|
category: "verification"
|
|
1086
1212
|
},
|
|
1087
1213
|
E_KEY_NOT_FOUND: {
|
|
@@ -1089,7 +1215,26 @@ var ERRORS = {
|
|
|
1089
1215
|
http_status: 400,
|
|
1090
1216
|
title: "Key Not Found",
|
|
1091
1217
|
description: "Public key with specified kid not found in JWKS",
|
|
1092
|
-
|
|
1218
|
+
retryable: false,
|
|
1219
|
+
next_action: "retry_with_different_key",
|
|
1220
|
+
category: "verification"
|
|
1221
|
+
},
|
|
1222
|
+
E_KID_REUSE_DETECTED: {
|
|
1223
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1224
|
+
http_status: 400,
|
|
1225
|
+
title: "Kid Reuse Detected",
|
|
1226
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1227
|
+
retryable: false,
|
|
1228
|
+
next_action: "abort",
|
|
1229
|
+
category: "verification"
|
|
1230
|
+
},
|
|
1231
|
+
E_REVOKED_KEY_USED: {
|
|
1232
|
+
code: "E_REVOKED_KEY_USED",
|
|
1233
|
+
http_status: 400,
|
|
1234
|
+
title: "Revoked Key Used",
|
|
1235
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1236
|
+
retryable: false,
|
|
1237
|
+
next_action: "retry_with_different_key",
|
|
1093
1238
|
category: "verification"
|
|
1094
1239
|
},
|
|
1095
1240
|
// Verifier error codes
|
|
@@ -1098,7 +1243,8 @@ var ERRORS = {
|
|
|
1098
1243
|
http_status: 400,
|
|
1099
1244
|
title: "Extension Too Large",
|
|
1100
1245
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1101
|
-
|
|
1246
|
+
retryable: false,
|
|
1247
|
+
next_action: "abort",
|
|
1102
1248
|
category: "verifier"
|
|
1103
1249
|
},
|
|
1104
1250
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
@@ -1106,7 +1252,8 @@ var ERRORS = {
|
|
|
1106
1252
|
http_status: 403,
|
|
1107
1253
|
title: "Insecure Scheme Blocked",
|
|
1108
1254
|
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1109
|
-
|
|
1255
|
+
retryable: false,
|
|
1256
|
+
next_action: "abort",
|
|
1110
1257
|
category: "verifier"
|
|
1111
1258
|
},
|
|
1112
1259
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1114,7 +1261,8 @@ var ERRORS = {
|
|
|
1114
1261
|
http_status: 400,
|
|
1115
1262
|
title: "Invalid Transport",
|
|
1116
1263
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1117
|
-
|
|
1264
|
+
retryable: false,
|
|
1265
|
+
next_action: "abort",
|
|
1118
1266
|
category: "verifier"
|
|
1119
1267
|
},
|
|
1120
1268
|
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
@@ -1122,7 +1270,8 @@ var ERRORS = {
|
|
|
1122
1270
|
http_status: 502,
|
|
1123
1271
|
title: "Issuer Config Invalid",
|
|
1124
1272
|
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1125
|
-
|
|
1273
|
+
retryable: false,
|
|
1274
|
+
next_action: "abort",
|
|
1126
1275
|
category: "verifier"
|
|
1127
1276
|
},
|
|
1128
1277
|
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
@@ -1130,7 +1279,8 @@ var ERRORS = {
|
|
|
1130
1279
|
http_status: 502,
|
|
1131
1280
|
title: "Issuer Config Missing",
|
|
1132
1281
|
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1133
|
-
|
|
1282
|
+
retryable: true,
|
|
1283
|
+
next_action: "retry_after_delay",
|
|
1134
1284
|
category: "verifier"
|
|
1135
1285
|
},
|
|
1136
1286
|
E_VERIFY_ISSUER_MISMATCH: {
|
|
@@ -1138,7 +1288,8 @@ var ERRORS = {
|
|
|
1138
1288
|
http_status: 403,
|
|
1139
1289
|
title: "Issuer Mismatch",
|
|
1140
1290
|
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1141
|
-
|
|
1291
|
+
retryable: false,
|
|
1292
|
+
next_action: "abort",
|
|
1142
1293
|
category: "verifier"
|
|
1143
1294
|
},
|
|
1144
1295
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1146,7 +1297,8 @@ var ERRORS = {
|
|
|
1146
1297
|
http_status: 403,
|
|
1147
1298
|
title: "Issuer Not Allowed",
|
|
1148
1299
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1149
|
-
|
|
1300
|
+
retryable: false,
|
|
1301
|
+
next_action: "abort",
|
|
1150
1302
|
category: "verifier"
|
|
1151
1303
|
},
|
|
1152
1304
|
E_VERIFY_JWKS_INVALID: {
|
|
@@ -1154,7 +1306,8 @@ var ERRORS = {
|
|
|
1154
1306
|
http_status: 502,
|
|
1155
1307
|
title: "JWKS Invalid",
|
|
1156
1308
|
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1157
|
-
|
|
1309
|
+
retryable: false,
|
|
1310
|
+
next_action: "abort",
|
|
1158
1311
|
category: "verifier"
|
|
1159
1312
|
},
|
|
1160
1313
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1162,7 +1315,8 @@ var ERRORS = {
|
|
|
1162
1315
|
http_status: 400,
|
|
1163
1316
|
title: "JWKS Too Large",
|
|
1164
1317
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1165
|
-
|
|
1318
|
+
retryable: false,
|
|
1319
|
+
next_action: "abort",
|
|
1166
1320
|
category: "verifier"
|
|
1167
1321
|
},
|
|
1168
1322
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1170,7 +1324,8 @@ var ERRORS = {
|
|
|
1170
1324
|
http_status: 400,
|
|
1171
1325
|
title: "JWKS Too Many Keys",
|
|
1172
1326
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1173
|
-
|
|
1327
|
+
retryable: false,
|
|
1328
|
+
next_action: "abort",
|
|
1174
1329
|
category: "verifier"
|
|
1175
1330
|
},
|
|
1176
1331
|
E_VERIFY_JWKS_URI_INVALID: {
|
|
@@ -1178,7 +1333,8 @@ var ERRORS = {
|
|
|
1178
1333
|
http_status: 502,
|
|
1179
1334
|
title: "JWKS URI Invalid",
|
|
1180
1335
|
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1181
|
-
|
|
1336
|
+
retryable: false,
|
|
1337
|
+
next_action: "abort",
|
|
1182
1338
|
category: "verifier"
|
|
1183
1339
|
},
|
|
1184
1340
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1186,7 +1342,8 @@ var ERRORS = {
|
|
|
1186
1342
|
http_status: 403,
|
|
1187
1343
|
title: "Key Fetch Blocked",
|
|
1188
1344
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1189
|
-
|
|
1345
|
+
retryable: false,
|
|
1346
|
+
next_action: "abort",
|
|
1190
1347
|
category: "verifier"
|
|
1191
1348
|
},
|
|
1192
1349
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1194,7 +1351,8 @@ var ERRORS = {
|
|
|
1194
1351
|
http_status: 502,
|
|
1195
1352
|
title: "Key Fetch Failed",
|
|
1196
1353
|
description: "Network error while fetching JWKS from issuer",
|
|
1197
|
-
|
|
1354
|
+
retryable: true,
|
|
1355
|
+
next_action: "retry_after_delay",
|
|
1198
1356
|
category: "verifier"
|
|
1199
1357
|
},
|
|
1200
1358
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1202,7 +1360,8 @@ var ERRORS = {
|
|
|
1202
1360
|
http_status: 504,
|
|
1203
1361
|
title: "Key Fetch Timeout",
|
|
1204
1362
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1205
|
-
|
|
1363
|
+
retryable: true,
|
|
1364
|
+
next_action: "retry_after_delay",
|
|
1206
1365
|
category: "verifier"
|
|
1207
1366
|
},
|
|
1208
1367
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1210,7 +1369,8 @@ var ERRORS = {
|
|
|
1210
1369
|
http_status: 400,
|
|
1211
1370
|
title: "Malformed Receipt",
|
|
1212
1371
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1213
|
-
|
|
1372
|
+
retryable: false,
|
|
1373
|
+
next_action: "abort",
|
|
1214
1374
|
category: "verifier"
|
|
1215
1375
|
},
|
|
1216
1376
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1218,7 +1378,8 @@ var ERRORS = {
|
|
|
1218
1378
|
http_status: 400,
|
|
1219
1379
|
title: "Pointer Digest Mismatch",
|
|
1220
1380
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1221
|
-
|
|
1381
|
+
retryable: false,
|
|
1382
|
+
next_action: "abort",
|
|
1222
1383
|
category: "verifier"
|
|
1223
1384
|
},
|
|
1224
1385
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1226,7 +1387,8 @@ var ERRORS = {
|
|
|
1226
1387
|
http_status: 403,
|
|
1227
1388
|
title: "Pointer Fetch Blocked",
|
|
1228
1389
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1229
|
-
|
|
1390
|
+
retryable: false,
|
|
1391
|
+
next_action: "abort",
|
|
1230
1392
|
category: "verifier"
|
|
1231
1393
|
},
|
|
1232
1394
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1234,7 +1396,8 @@ var ERRORS = {
|
|
|
1234
1396
|
http_status: 502,
|
|
1235
1397
|
title: "Pointer Fetch Failed",
|
|
1236
1398
|
description: "Network error while fetching receipt from pointer URL",
|
|
1237
|
-
|
|
1399
|
+
retryable: true,
|
|
1400
|
+
next_action: "retry_after_delay",
|
|
1238
1401
|
category: "verifier"
|
|
1239
1402
|
},
|
|
1240
1403
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1242,7 +1405,8 @@ var ERRORS = {
|
|
|
1242
1405
|
http_status: 504,
|
|
1243
1406
|
title: "Pointer Fetch Timeout",
|
|
1244
1407
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1245
|
-
|
|
1408
|
+
retryable: true,
|
|
1409
|
+
next_action: "retry_after_delay",
|
|
1246
1410
|
category: "verifier"
|
|
1247
1411
|
},
|
|
1248
1412
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1250,7 +1414,8 @@ var ERRORS = {
|
|
|
1250
1414
|
http_status: 413,
|
|
1251
1415
|
title: "Pointer Fetch Too Large",
|
|
1252
1416
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1253
|
-
|
|
1417
|
+
retryable: false,
|
|
1418
|
+
next_action: "abort",
|
|
1254
1419
|
category: "verifier"
|
|
1255
1420
|
},
|
|
1256
1421
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1258,7 +1423,8 @@ var ERRORS = {
|
|
|
1258
1423
|
http_status: 403,
|
|
1259
1424
|
title: "Policy Violation",
|
|
1260
1425
|
description: "Receipt violates verifier trust policy",
|
|
1261
|
-
|
|
1426
|
+
retryable: false,
|
|
1427
|
+
next_action: "abort",
|
|
1262
1428
|
category: "verifier"
|
|
1263
1429
|
},
|
|
1264
1430
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1266,7 +1432,8 @@ var ERRORS = {
|
|
|
1266
1432
|
http_status: 413,
|
|
1267
1433
|
title: "Receipt Too Large",
|
|
1268
1434
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1269
|
-
|
|
1435
|
+
retryable: false,
|
|
1436
|
+
next_action: "abort",
|
|
1270
1437
|
category: "verifier"
|
|
1271
1438
|
},
|
|
1272
1439
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1274,7 +1441,8 @@ var ERRORS = {
|
|
|
1274
1441
|
http_status: 400,
|
|
1275
1442
|
title: "Schema Invalid",
|
|
1276
1443
|
description: "Receipt claims do not conform to expected schema",
|
|
1277
|
-
|
|
1444
|
+
retryable: false,
|
|
1445
|
+
next_action: "abort",
|
|
1278
1446
|
category: "verifier"
|
|
1279
1447
|
},
|
|
1280
1448
|
// Workflow error codes
|
|
@@ -1283,7 +1451,8 @@ var ERRORS = {
|
|
|
1283
1451
|
http_status: 400,
|
|
1284
1452
|
title: "Invalid Workflow Context",
|
|
1285
1453
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1286
|
-
|
|
1454
|
+
retryable: false,
|
|
1455
|
+
next_action: "retry_with_different_input",
|
|
1287
1456
|
category: "workflow"
|
|
1288
1457
|
},
|
|
1289
1458
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1291,7 +1460,8 @@ var ERRORS = {
|
|
|
1291
1460
|
http_status: 400,
|
|
1292
1461
|
title: "Workflow Cycle Detected",
|
|
1293
1462
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1294
|
-
|
|
1463
|
+
retryable: false,
|
|
1464
|
+
next_action: "retry_with_different_input",
|
|
1295
1465
|
category: "workflow"
|
|
1296
1466
|
},
|
|
1297
1467
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1299,7 +1469,8 @@ var ERRORS = {
|
|
|
1299
1469
|
http_status: 400,
|
|
1300
1470
|
title: "Invalid Workflow DAG",
|
|
1301
1471
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1302
|
-
|
|
1472
|
+
retryable: false,
|
|
1473
|
+
next_action: "retry_with_different_input",
|
|
1303
1474
|
category: "workflow"
|
|
1304
1475
|
},
|
|
1305
1476
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1307,7 +1478,8 @@ var ERRORS = {
|
|
|
1307
1478
|
http_status: 400,
|
|
1308
1479
|
title: "Invalid Workflow ID",
|
|
1309
1480
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1310
|
-
|
|
1481
|
+
retryable: false,
|
|
1482
|
+
next_action: "retry_with_different_input",
|
|
1311
1483
|
category: "workflow"
|
|
1312
1484
|
},
|
|
1313
1485
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1315,7 +1487,8 @@ var ERRORS = {
|
|
|
1315
1487
|
http_status: 400,
|
|
1316
1488
|
title: "Workflow Limit Exceeded",
|
|
1317
1489
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1318
|
-
|
|
1490
|
+
retryable: false,
|
|
1491
|
+
next_action: "retry_with_different_input",
|
|
1319
1492
|
category: "workflow"
|
|
1320
1493
|
},
|
|
1321
1494
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1323,7 +1496,8 @@ var ERRORS = {
|
|
|
1323
1496
|
http_status: 400,
|
|
1324
1497
|
title: "Parent Step Not Found",
|
|
1325
1498
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1326
|
-
|
|
1499
|
+
retryable: false,
|
|
1500
|
+
next_action: "retry_with_different_input",
|
|
1327
1501
|
category: "workflow"
|
|
1328
1502
|
},
|
|
1329
1503
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1331,7 +1505,8 @@ var ERRORS = {
|
|
|
1331
1505
|
http_status: 400,
|
|
1332
1506
|
title: "Invalid Step ID",
|
|
1333
1507
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1334
|
-
|
|
1508
|
+
retryable: false,
|
|
1509
|
+
next_action: "retry_with_different_input",
|
|
1335
1510
|
category: "workflow"
|
|
1336
1511
|
},
|
|
1337
1512
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1339,15 +1514,16 @@ var ERRORS = {
|
|
|
1339
1514
|
http_status: 400,
|
|
1340
1515
|
title: "Invalid Workflow Summary",
|
|
1341
1516
|
description: "Workflow summary attestation does not conform to schema",
|
|
1342
|
-
|
|
1517
|
+
retryable: false,
|
|
1518
|
+
next_action: "retry_with_different_input",
|
|
1343
1519
|
category: "workflow"
|
|
1344
1520
|
}
|
|
1345
1521
|
};
|
|
1346
1522
|
function getError(code) {
|
|
1347
1523
|
return ERRORS[code];
|
|
1348
1524
|
}
|
|
1349
|
-
function
|
|
1350
|
-
return ERRORS[code]?.
|
|
1525
|
+
function isRetryable(code) {
|
|
1526
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1351
1527
|
}
|
|
1352
1528
|
var BUNDLE_ERRORS = {
|
|
1353
1529
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1388,6 +1564,6 @@ exports.DISPUTE_ERRORS = DISPUTE_ERRORS;
|
|
|
1388
1564
|
exports.ERRORS = ERRORS;
|
|
1389
1565
|
exports.ERROR_CODES = ERROR_CODES;
|
|
1390
1566
|
exports.getError = getError;
|
|
1391
|
-
exports.
|
|
1567
|
+
exports.isRetryable = isRetryable;
|
|
1392
1568
|
//# sourceMappingURL=errors.cjs.map
|
|
1393
1569
|
//# sourceMappingURL=errors.cjs.map
|