@peac/kernel 0.11.1 → 0.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -3
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +14 -0
- package/dist/carrier.d.ts.map +1 -1
- package/dist/constants.cjs +2 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +4 -2
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +2 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +325 -149
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +6 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +325 -149
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +329 -150
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +328 -150
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/errors.mjs
CHANGED
|
@@ -63,6 +63,7 @@ var ERROR_CODES = {
|
|
|
63
63
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
64
64
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
65
65
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
66
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
66
67
|
// Infrastructure error codes
|
|
67
68
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
68
69
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -125,6 +126,8 @@ var ERROR_CODES = {
|
|
|
125
126
|
// Verification error codes
|
|
126
127
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
127
128
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
129
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
130
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
128
131
|
// Verifier error codes
|
|
129
132
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
130
133
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -166,7 +169,8 @@ var ERRORS = {
|
|
|
166
169
|
http_status: 400,
|
|
167
170
|
title: "Attribution Chain Too Deep",
|
|
168
171
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
169
|
-
|
|
172
|
+
retryable: false,
|
|
173
|
+
next_action: "retry_with_different_input",
|
|
170
174
|
category: "attribution"
|
|
171
175
|
},
|
|
172
176
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -174,7 +178,8 @@ var ERRORS = {
|
|
|
174
178
|
http_status: 400,
|
|
175
179
|
title: "Attribution Circular Chain",
|
|
176
180
|
description: "Circular reference detected in attribution chain",
|
|
177
|
-
|
|
181
|
+
retryable: false,
|
|
182
|
+
next_action: "retry_with_different_input",
|
|
178
183
|
category: "attribution"
|
|
179
184
|
},
|
|
180
185
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -182,7 +187,8 @@ var ERRORS = {
|
|
|
182
187
|
http_status: 401,
|
|
183
188
|
title: "Attribution Expired",
|
|
184
189
|
description: "Attribution attestation has exceeded its expiration time",
|
|
185
|
-
|
|
190
|
+
retryable: false,
|
|
191
|
+
next_action: "retry_with_different_input",
|
|
186
192
|
category: "attribution"
|
|
187
193
|
},
|
|
188
194
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -190,7 +196,8 @@ var ERRORS = {
|
|
|
190
196
|
http_status: 400,
|
|
191
197
|
title: "Attribution Hash Invalid",
|
|
192
198
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
193
|
-
|
|
199
|
+
retryable: false,
|
|
200
|
+
next_action: "retry_with_different_input",
|
|
194
201
|
category: "attribution"
|
|
195
202
|
},
|
|
196
203
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -198,7 +205,8 @@ var ERRORS = {
|
|
|
198
205
|
http_status: 400,
|
|
199
206
|
title: "Attribution Invalid Format",
|
|
200
207
|
description: "Attribution attestation does not conform to schema",
|
|
201
|
-
|
|
208
|
+
retryable: false,
|
|
209
|
+
next_action: "retry_with_different_input",
|
|
202
210
|
category: "attribution"
|
|
203
211
|
},
|
|
204
212
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -206,7 +214,8 @@ var ERRORS = {
|
|
|
206
214
|
http_status: 400,
|
|
207
215
|
title: "Attribution Invalid Reference",
|
|
208
216
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
209
|
-
|
|
217
|
+
retryable: false,
|
|
218
|
+
next_action: "retry_with_different_input",
|
|
210
219
|
category: "attribution"
|
|
211
220
|
},
|
|
212
221
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -214,7 +223,8 @@ var ERRORS = {
|
|
|
214
223
|
http_status: 400,
|
|
215
224
|
title: "Attribution Invalid Weight",
|
|
216
225
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
217
|
-
|
|
226
|
+
retryable: false,
|
|
227
|
+
next_action: "retry_with_different_input",
|
|
218
228
|
category: "attribution"
|
|
219
229
|
},
|
|
220
230
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -222,7 +232,8 @@ var ERRORS = {
|
|
|
222
232
|
http_status: 400,
|
|
223
233
|
title: "Attribution Missing Sources",
|
|
224
234
|
description: "Attribution attestation has empty sources array",
|
|
225
|
-
|
|
235
|
+
retryable: false,
|
|
236
|
+
next_action: "retry_with_different_input",
|
|
226
237
|
category: "attribution"
|
|
227
238
|
},
|
|
228
239
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -230,7 +241,8 @@ var ERRORS = {
|
|
|
230
241
|
http_status: 401,
|
|
231
242
|
title: "Attribution Not Yet Valid",
|
|
232
243
|
description: "Attribution attestation issued_at time is in the future",
|
|
233
|
-
|
|
244
|
+
retryable: true,
|
|
245
|
+
next_action: "retry_after_delay",
|
|
234
246
|
category: "attribution"
|
|
235
247
|
},
|
|
236
248
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -238,7 +250,8 @@ var ERRORS = {
|
|
|
238
250
|
http_status: 502,
|
|
239
251
|
title: "Attribution Resolution Failed",
|
|
240
252
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
241
|
-
|
|
253
|
+
retryable: true,
|
|
254
|
+
next_action: "retry_after_delay",
|
|
242
255
|
category: "attribution"
|
|
243
256
|
},
|
|
244
257
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -246,7 +259,8 @@ var ERRORS = {
|
|
|
246
259
|
http_status: 504,
|
|
247
260
|
title: "Attribution Resolution Timeout",
|
|
248
261
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
249
|
-
|
|
262
|
+
retryable: true,
|
|
263
|
+
next_action: "retry_after_delay",
|
|
250
264
|
category: "attribution"
|
|
251
265
|
},
|
|
252
266
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -254,7 +268,8 @@ var ERRORS = {
|
|
|
254
268
|
http_status: 400,
|
|
255
269
|
title: "Attribution Size Exceeded",
|
|
256
270
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
257
|
-
|
|
271
|
+
retryable: false,
|
|
272
|
+
next_action: "retry_with_different_input",
|
|
258
273
|
category: "attribution"
|
|
259
274
|
},
|
|
260
275
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -262,7 +277,8 @@ var ERRORS = {
|
|
|
262
277
|
http_status: 400,
|
|
263
278
|
title: "Attribution Too Many Sources",
|
|
264
279
|
description: "Attribution has too many sources (maximum 100)",
|
|
265
|
-
|
|
280
|
+
retryable: false,
|
|
281
|
+
next_action: "retry_with_different_input",
|
|
266
282
|
category: "attribution"
|
|
267
283
|
},
|
|
268
284
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -270,7 +286,8 @@ var ERRORS = {
|
|
|
270
286
|
http_status: 400,
|
|
271
287
|
title: "Attribution Unknown Usage",
|
|
272
288
|
description: "Attribution usage type is not recognized",
|
|
273
|
-
|
|
289
|
+
retryable: false,
|
|
290
|
+
next_action: "retry_with_different_input",
|
|
274
291
|
category: "attribution"
|
|
275
292
|
},
|
|
276
293
|
// Bundle error codes
|
|
@@ -279,7 +296,8 @@ var ERRORS = {
|
|
|
279
296
|
http_status: 400,
|
|
280
297
|
title: "Bundle Duplicate Receipt",
|
|
281
298
|
description: "Bundle contains multiple receipts with the same ID",
|
|
282
|
-
|
|
299
|
+
retryable: false,
|
|
300
|
+
next_action: "retry_with_different_input",
|
|
283
301
|
category: "bundle"
|
|
284
302
|
},
|
|
285
303
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -287,7 +305,8 @@ var ERRORS = {
|
|
|
287
305
|
http_status: 400,
|
|
288
306
|
title: "Bundle Hash Mismatch",
|
|
289
307
|
description: "File hash does not match value declared in manifest.json",
|
|
290
|
-
|
|
308
|
+
retryable: false,
|
|
309
|
+
next_action: "retry_with_different_input",
|
|
291
310
|
category: "bundle"
|
|
292
311
|
},
|
|
293
312
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -295,7 +314,8 @@ var ERRORS = {
|
|
|
295
314
|
http_status: 400,
|
|
296
315
|
title: "Bundle Invalid Format",
|
|
297
316
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
298
|
-
|
|
317
|
+
retryable: false,
|
|
318
|
+
next_action: "retry_with_different_input",
|
|
299
319
|
category: "bundle"
|
|
300
320
|
},
|
|
301
321
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -303,7 +323,8 @@ var ERRORS = {
|
|
|
303
323
|
http_status: 400,
|
|
304
324
|
title: "Bundle Key Missing",
|
|
305
325
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
306
|
-
|
|
326
|
+
retryable: false,
|
|
327
|
+
next_action: "retry_with_different_input",
|
|
307
328
|
category: "bundle"
|
|
308
329
|
},
|
|
309
330
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -311,7 +332,8 @@ var ERRORS = {
|
|
|
311
332
|
http_status: 400,
|
|
312
333
|
title: "Bundle Manifest Invalid",
|
|
313
334
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
314
|
-
|
|
335
|
+
retryable: false,
|
|
336
|
+
next_action: "retry_with_different_input",
|
|
315
337
|
category: "bundle"
|
|
316
338
|
},
|
|
317
339
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -319,7 +341,8 @@ var ERRORS = {
|
|
|
319
341
|
http_status: 400,
|
|
320
342
|
title: "Bundle Manifest Missing",
|
|
321
343
|
description: "manifest.json not found at bundle archive root",
|
|
322
|
-
|
|
344
|
+
retryable: false,
|
|
345
|
+
next_action: "retry_with_different_input",
|
|
323
346
|
category: "bundle"
|
|
324
347
|
},
|
|
325
348
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -327,7 +350,8 @@ var ERRORS = {
|
|
|
327
350
|
http_status: 400,
|
|
328
351
|
title: "Bundle Missing Keys",
|
|
329
352
|
description: "No verification keys provided in bundle JWKS",
|
|
330
|
-
|
|
353
|
+
retryable: false,
|
|
354
|
+
next_action: "retry_with_different_input",
|
|
331
355
|
category: "bundle"
|
|
332
356
|
},
|
|
333
357
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -335,7 +359,8 @@ var ERRORS = {
|
|
|
335
359
|
http_status: 400,
|
|
336
360
|
title: "Bundle Missing Receipts",
|
|
337
361
|
description: "No receipts provided when creating bundle",
|
|
338
|
-
|
|
362
|
+
retryable: false,
|
|
363
|
+
next_action: "retry_with_different_input",
|
|
339
364
|
category: "bundle"
|
|
340
365
|
},
|
|
341
366
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -343,7 +368,8 @@ var ERRORS = {
|
|
|
343
368
|
http_status: 400,
|
|
344
369
|
title: "Bundle Path Traversal",
|
|
345
370
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
346
|
-
|
|
371
|
+
retryable: false,
|
|
372
|
+
next_action: "retry_with_different_input",
|
|
347
373
|
category: "bundle"
|
|
348
374
|
},
|
|
349
375
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -351,7 +377,8 @@ var ERRORS = {
|
|
|
351
377
|
http_status: 400,
|
|
352
378
|
title: "Bundle Policy Hash Mismatch",
|
|
353
379
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
354
|
-
|
|
380
|
+
retryable: false,
|
|
381
|
+
next_action: "retry_with_different_input",
|
|
355
382
|
category: "bundle"
|
|
356
383
|
},
|
|
357
384
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -359,7 +386,8 @@ var ERRORS = {
|
|
|
359
386
|
http_status: 400,
|
|
360
387
|
title: "Bundle Receipts Unordered",
|
|
361
388
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
362
|
-
|
|
389
|
+
retryable: false,
|
|
390
|
+
next_action: "retry_with_different_input",
|
|
363
391
|
category: "bundle"
|
|
364
392
|
},
|
|
365
393
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -367,7 +395,8 @@ var ERRORS = {
|
|
|
367
395
|
http_status: 400,
|
|
368
396
|
title: "Bundle Receipt Invalid",
|
|
369
397
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
370
|
-
|
|
398
|
+
retryable: false,
|
|
399
|
+
next_action: "retry_with_different_input",
|
|
371
400
|
category: "bundle"
|
|
372
401
|
},
|
|
373
402
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -375,7 +404,8 @@ var ERRORS = {
|
|
|
375
404
|
http_status: 400,
|
|
376
405
|
title: "Bundle Signature Invalid",
|
|
377
406
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
378
|
-
|
|
407
|
+
retryable: false,
|
|
408
|
+
next_action: "retry_with_different_input",
|
|
379
409
|
category: "bundle"
|
|
380
410
|
},
|
|
381
411
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -383,7 +413,8 @@ var ERRORS = {
|
|
|
383
413
|
http_status: 400,
|
|
384
414
|
title: "Bundle Size Exceeded",
|
|
385
415
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
386
|
-
|
|
416
|
+
retryable: false,
|
|
417
|
+
next_action: "retry_with_different_input",
|
|
387
418
|
category: "bundle"
|
|
388
419
|
},
|
|
389
420
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -391,7 +422,8 @@ var ERRORS = {
|
|
|
391
422
|
http_status: 400,
|
|
392
423
|
title: "Bundle Time Range Invalid",
|
|
393
424
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
394
|
-
|
|
425
|
+
retryable: false,
|
|
426
|
+
next_action: "retry_with_different_input",
|
|
395
427
|
category: "bundle"
|
|
396
428
|
},
|
|
397
429
|
// Control error codes
|
|
@@ -400,7 +432,8 @@ var ERRORS = {
|
|
|
400
432
|
http_status: 403,
|
|
401
433
|
title: "Control Decision Denied",
|
|
402
434
|
description: "Control engine denied authorization",
|
|
403
|
-
|
|
435
|
+
retryable: false,
|
|
436
|
+
next_action: "contact_issuer",
|
|
404
437
|
category: "control"
|
|
405
438
|
},
|
|
406
439
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -408,7 +441,8 @@ var ERRORS = {
|
|
|
408
441
|
http_status: 202,
|
|
409
442
|
title: "Review Required",
|
|
410
443
|
description: "Control engine requires manual review",
|
|
411
|
-
|
|
444
|
+
retryable: true,
|
|
445
|
+
next_action: "contact_issuer",
|
|
412
446
|
category: "control"
|
|
413
447
|
},
|
|
414
448
|
// Dispute error codes
|
|
@@ -417,7 +451,8 @@ var ERRORS = {
|
|
|
417
451
|
http_status: 409,
|
|
418
452
|
title: "Dispute Duplicate",
|
|
419
453
|
description: "A dispute with this ID already exists",
|
|
420
|
-
|
|
454
|
+
retryable: false,
|
|
455
|
+
next_action: "retry_with_different_input",
|
|
421
456
|
category: "dispute"
|
|
422
457
|
},
|
|
423
458
|
E_DISPUTE_EXPIRED: {
|
|
@@ -425,7 +460,8 @@ var ERRORS = {
|
|
|
425
460
|
http_status: 401,
|
|
426
461
|
title: "Dispute Expired",
|
|
427
462
|
description: "Dispute attestation has exceeded its expiration time",
|
|
428
|
-
|
|
463
|
+
retryable: false,
|
|
464
|
+
next_action: "retry_with_different_input",
|
|
429
465
|
category: "dispute"
|
|
430
466
|
},
|
|
431
467
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -433,7 +469,8 @@ var ERRORS = {
|
|
|
433
469
|
http_status: 400,
|
|
434
470
|
title: "Dispute Invalid Format",
|
|
435
471
|
description: "Dispute attestation does not conform to schema",
|
|
436
|
-
|
|
472
|
+
retryable: false,
|
|
473
|
+
next_action: "retry_with_different_input",
|
|
437
474
|
category: "dispute"
|
|
438
475
|
},
|
|
439
476
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -441,7 +478,8 @@ var ERRORS = {
|
|
|
441
478
|
http_status: 400,
|
|
442
479
|
title: "Dispute Invalid Grounds",
|
|
443
480
|
description: "Dispute grounds code is not recognized",
|
|
444
|
-
|
|
481
|
+
retryable: false,
|
|
482
|
+
next_action: "retry_with_different_input",
|
|
445
483
|
category: "dispute"
|
|
446
484
|
},
|
|
447
485
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -449,7 +487,8 @@ var ERRORS = {
|
|
|
449
487
|
http_status: 400,
|
|
450
488
|
title: "Dispute Invalid ID",
|
|
451
489
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
452
|
-
|
|
490
|
+
retryable: false,
|
|
491
|
+
next_action: "retry_with_different_input",
|
|
453
492
|
category: "dispute"
|
|
454
493
|
},
|
|
455
494
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -457,7 +496,8 @@ var ERRORS = {
|
|
|
457
496
|
http_status: 400,
|
|
458
497
|
title: "Dispute Invalid State",
|
|
459
498
|
description: "Dispute state is not recognized",
|
|
460
|
-
|
|
499
|
+
retryable: false,
|
|
500
|
+
next_action: "retry_with_different_input",
|
|
461
501
|
category: "dispute"
|
|
462
502
|
},
|
|
463
503
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -465,7 +505,8 @@ var ERRORS = {
|
|
|
465
505
|
http_status: 400,
|
|
466
506
|
title: "Dispute Invalid Target Type",
|
|
467
507
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
468
|
-
|
|
508
|
+
retryable: false,
|
|
509
|
+
next_action: "retry_with_different_input",
|
|
469
510
|
category: "dispute"
|
|
470
511
|
},
|
|
471
512
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -473,7 +514,8 @@ var ERRORS = {
|
|
|
473
514
|
http_status: 400,
|
|
474
515
|
title: "Dispute Invalid Transition",
|
|
475
516
|
description: "Invalid state transition for dispute lifecycle",
|
|
476
|
-
|
|
517
|
+
retryable: false,
|
|
518
|
+
next_action: "retry_with_different_input",
|
|
477
519
|
category: "dispute"
|
|
478
520
|
},
|
|
479
521
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -481,7 +523,8 @@ var ERRORS = {
|
|
|
481
523
|
http_status: 400,
|
|
482
524
|
title: "Dispute Invalid Type",
|
|
483
525
|
description: "Dispute type is not recognized",
|
|
484
|
-
|
|
526
|
+
retryable: false,
|
|
527
|
+
next_action: "retry_with_different_input",
|
|
485
528
|
category: "dispute"
|
|
486
529
|
},
|
|
487
530
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -489,7 +532,8 @@ var ERRORS = {
|
|
|
489
532
|
http_status: 400,
|
|
490
533
|
title: "Dispute Missing Resolution",
|
|
491
534
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
492
|
-
|
|
535
|
+
retryable: false,
|
|
536
|
+
next_action: "retry_with_different_input",
|
|
493
537
|
category: "dispute"
|
|
494
538
|
},
|
|
495
539
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -497,7 +541,8 @@ var ERRORS = {
|
|
|
497
541
|
http_status: 401,
|
|
498
542
|
title: "Dispute Not Yet Valid",
|
|
499
543
|
description: "Dispute attestation issued_at time is in the future",
|
|
500
|
-
|
|
544
|
+
retryable: true,
|
|
545
|
+
next_action: "retry_after_delay",
|
|
501
546
|
category: "dispute"
|
|
502
547
|
},
|
|
503
548
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -505,7 +550,8 @@ var ERRORS = {
|
|
|
505
550
|
http_status: 400,
|
|
506
551
|
title: "Dispute Other Requires Description",
|
|
507
552
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
508
|
-
|
|
553
|
+
retryable: false,
|
|
554
|
+
next_action: "retry_with_different_input",
|
|
509
555
|
category: "dispute"
|
|
510
556
|
},
|
|
511
557
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -513,7 +559,8 @@ var ERRORS = {
|
|
|
513
559
|
http_status: 400,
|
|
514
560
|
title: "Dispute Resolution Not Allowed",
|
|
515
561
|
description: "Resolution is only valid for terminal states",
|
|
516
|
-
|
|
562
|
+
retryable: false,
|
|
563
|
+
next_action: "retry_with_different_input",
|
|
517
564
|
category: "dispute"
|
|
518
565
|
},
|
|
519
566
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -521,7 +568,8 @@ var ERRORS = {
|
|
|
521
568
|
http_status: 404,
|
|
522
569
|
title: "Dispute Target Not Found",
|
|
523
570
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
524
|
-
|
|
571
|
+
retryable: true,
|
|
572
|
+
next_action: "retry_after_delay",
|
|
525
573
|
category: "dispute"
|
|
526
574
|
},
|
|
527
575
|
// Identity error codes
|
|
@@ -530,7 +578,8 @@ var ERRORS = {
|
|
|
530
578
|
http_status: 400,
|
|
531
579
|
title: "Identity Binding Future",
|
|
532
580
|
description: "Identity binding signed_at timestamp is in the future",
|
|
533
|
-
|
|
581
|
+
retryable: false,
|
|
582
|
+
next_action: "retry_with_different_input",
|
|
534
583
|
category: "identity"
|
|
535
584
|
},
|
|
536
585
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -538,7 +587,8 @@ var ERRORS = {
|
|
|
538
587
|
http_status: 400,
|
|
539
588
|
title: "Identity Binding Mismatch",
|
|
540
589
|
description: "Identity binding does not match the request being verified",
|
|
541
|
-
|
|
590
|
+
retryable: false,
|
|
591
|
+
next_action: "retry_with_different_input",
|
|
542
592
|
category: "identity"
|
|
543
593
|
},
|
|
544
594
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -546,7 +596,8 @@ var ERRORS = {
|
|
|
546
596
|
http_status: 401,
|
|
547
597
|
title: "Identity Binding Stale",
|
|
548
598
|
description: "Identity binding is too old and requires fresh binding",
|
|
549
|
-
|
|
599
|
+
retryable: true,
|
|
600
|
+
next_action: "retry_after_delay",
|
|
550
601
|
category: "identity"
|
|
551
602
|
},
|
|
552
603
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -554,7 +605,8 @@ var ERRORS = {
|
|
|
554
605
|
http_status: 503,
|
|
555
606
|
title: "Identity Directory Unavailable",
|
|
556
607
|
description: "Failed to fetch agent key directory",
|
|
557
|
-
|
|
608
|
+
retryable: true,
|
|
609
|
+
next_action: "retry_after_delay",
|
|
558
610
|
category: "identity"
|
|
559
611
|
},
|
|
560
612
|
E_IDENTITY_EXPIRED: {
|
|
@@ -562,7 +614,8 @@ var ERRORS = {
|
|
|
562
614
|
http_status: 401,
|
|
563
615
|
title: "Identity Expired",
|
|
564
616
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
565
|
-
|
|
617
|
+
retryable: false,
|
|
618
|
+
next_action: "refresh_attestation",
|
|
566
619
|
category: "identity"
|
|
567
620
|
},
|
|
568
621
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -570,7 +623,8 @@ var ERRORS = {
|
|
|
570
623
|
http_status: 400,
|
|
571
624
|
title: "Identity Invalid Format",
|
|
572
625
|
description: "Agent identity attestation does not conform to schema",
|
|
573
|
-
|
|
626
|
+
retryable: false,
|
|
627
|
+
next_action: "retry_with_different_input",
|
|
574
628
|
category: "identity"
|
|
575
629
|
},
|
|
576
630
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -578,7 +632,8 @@ var ERRORS = {
|
|
|
578
632
|
http_status: 401,
|
|
579
633
|
title: "Identity Key Expired",
|
|
580
634
|
description: "Agent signing key has expired per directory metadata",
|
|
581
|
-
|
|
635
|
+
retryable: false,
|
|
636
|
+
next_action: "refresh_attestation",
|
|
582
637
|
category: "identity"
|
|
583
638
|
},
|
|
584
639
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -586,7 +641,8 @@ var ERRORS = {
|
|
|
586
641
|
http_status: 401,
|
|
587
642
|
title: "Identity Key Revoked",
|
|
588
643
|
description: "Agent signing key has been explicitly revoked",
|
|
589
|
-
|
|
644
|
+
retryable: false,
|
|
645
|
+
next_action: "refresh_attestation",
|
|
590
646
|
category: "identity"
|
|
591
647
|
},
|
|
592
648
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -594,7 +650,8 @@ var ERRORS = {
|
|
|
594
650
|
http_status: 401,
|
|
595
651
|
title: "Identity Key Unknown",
|
|
596
652
|
description: "Key ID not found in agent key directory",
|
|
597
|
-
|
|
653
|
+
retryable: true,
|
|
654
|
+
next_action: "retry_after_delay",
|
|
598
655
|
category: "identity"
|
|
599
656
|
},
|
|
600
657
|
E_IDENTITY_MISSING: {
|
|
@@ -602,7 +659,8 @@ var ERRORS = {
|
|
|
602
659
|
http_status: 401,
|
|
603
660
|
title: "Identity Missing",
|
|
604
661
|
description: "No agent identity attestation provided in request",
|
|
605
|
-
|
|
662
|
+
retryable: false,
|
|
663
|
+
next_action: "retry_with_different_input",
|
|
606
664
|
category: "identity"
|
|
607
665
|
},
|
|
608
666
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -610,7 +668,8 @@ var ERRORS = {
|
|
|
610
668
|
http_status: 401,
|
|
611
669
|
title: "Identity Not Yet Valid",
|
|
612
670
|
description: "Agent identity attestation issued_at time is in the future",
|
|
613
|
-
|
|
671
|
+
retryable: true,
|
|
672
|
+
next_action: "retry_after_delay",
|
|
614
673
|
category: "identity"
|
|
615
674
|
},
|
|
616
675
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -618,7 +677,8 @@ var ERRORS = {
|
|
|
618
677
|
http_status: 400,
|
|
619
678
|
title: "Identity Proof Unsupported",
|
|
620
679
|
description: "Agent identity proof method is not supported",
|
|
621
|
-
|
|
680
|
+
retryable: false,
|
|
681
|
+
next_action: "retry_with_different_input",
|
|
622
682
|
category: "identity"
|
|
623
683
|
},
|
|
624
684
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -626,7 +686,17 @@ var ERRORS = {
|
|
|
626
686
|
http_status: 401,
|
|
627
687
|
title: "Identity Signature Invalid",
|
|
628
688
|
description: "Agent identity proof signature verification failed",
|
|
629
|
-
|
|
689
|
+
retryable: false,
|
|
690
|
+
next_action: "retry_with_different_input",
|
|
691
|
+
category: "identity"
|
|
692
|
+
},
|
|
693
|
+
E_MVIS_INCOMPLETE: {
|
|
694
|
+
code: "E_MVIS_INCOMPLETE",
|
|
695
|
+
http_status: 400,
|
|
696
|
+
title: "MVIS Incomplete",
|
|
697
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
698
|
+
retryable: false,
|
|
699
|
+
next_action: "retry_with_different_input",
|
|
630
700
|
category: "identity"
|
|
631
701
|
},
|
|
632
702
|
// Infrastructure error codes
|
|
@@ -635,7 +705,8 @@ var ERRORS = {
|
|
|
635
705
|
http_status: 503,
|
|
636
706
|
title: "Circuit Breaker Open",
|
|
637
707
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
638
|
-
|
|
708
|
+
retryable: true,
|
|
709
|
+
next_action: "retry_after_delay",
|
|
639
710
|
category: "infrastructure"
|
|
640
711
|
},
|
|
641
712
|
E_INTERNAL: {
|
|
@@ -643,7 +714,8 @@ var ERRORS = {
|
|
|
643
714
|
http_status: 500,
|
|
644
715
|
title: "Internal Error",
|
|
645
716
|
description: "An unexpected internal error occurred during verification",
|
|
646
|
-
|
|
717
|
+
retryable: true,
|
|
718
|
+
next_action: "retry_after_delay",
|
|
647
719
|
category: "infrastructure"
|
|
648
720
|
},
|
|
649
721
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -651,7 +723,8 @@ var ERRORS = {
|
|
|
651
723
|
http_status: 503,
|
|
652
724
|
title: "JWKS Fetch Failed",
|
|
653
725
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
654
|
-
|
|
726
|
+
retryable: true,
|
|
727
|
+
next_action: "retry_after_delay",
|
|
655
728
|
category: "infrastructure"
|
|
656
729
|
},
|
|
657
730
|
E_RATE_LIMITED: {
|
|
@@ -659,7 +732,8 @@ var ERRORS = {
|
|
|
659
732
|
http_status: 429,
|
|
660
733
|
title: "Rate Limited",
|
|
661
734
|
description: "Too many requests, please retry later",
|
|
662
|
-
|
|
735
|
+
retryable: true,
|
|
736
|
+
next_action: "retry_after_delay",
|
|
663
737
|
category: "infrastructure"
|
|
664
738
|
},
|
|
665
739
|
// Interaction error codes
|
|
@@ -668,7 +742,8 @@ var ERRORS = {
|
|
|
668
742
|
http_status: 400,
|
|
669
743
|
title: "Interaction Invalid Digest",
|
|
670
744
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
671
|
-
|
|
745
|
+
retryable: false,
|
|
746
|
+
next_action: "retry_with_different_input",
|
|
672
747
|
category: "interaction"
|
|
673
748
|
},
|
|
674
749
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -676,7 +751,8 @@ var ERRORS = {
|
|
|
676
751
|
http_status: 400,
|
|
677
752
|
title: "Interaction Invalid Digest Algorithm",
|
|
678
753
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
679
|
-
|
|
754
|
+
retryable: false,
|
|
755
|
+
next_action: "retry_with_different_input",
|
|
680
756
|
category: "interaction"
|
|
681
757
|
},
|
|
682
758
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -684,7 +760,8 @@ var ERRORS = {
|
|
|
684
760
|
http_status: 400,
|
|
685
761
|
title: "Interaction Invalid Extension Key",
|
|
686
762
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
687
|
-
|
|
763
|
+
retryable: false,
|
|
764
|
+
next_action: "retry_with_different_input",
|
|
688
765
|
category: "interaction"
|
|
689
766
|
},
|
|
690
767
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -692,7 +769,8 @@ var ERRORS = {
|
|
|
692
769
|
http_status: 400,
|
|
693
770
|
title: "Interaction Invalid Format",
|
|
694
771
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
695
|
-
|
|
772
|
+
retryable: false,
|
|
773
|
+
next_action: "retry_with_different_input",
|
|
696
774
|
category: "interaction"
|
|
697
775
|
},
|
|
698
776
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -700,7 +778,8 @@ var ERRORS = {
|
|
|
700
778
|
http_status: 400,
|
|
701
779
|
title: "Interaction Invalid Kind Format",
|
|
702
780
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
703
|
-
|
|
781
|
+
retryable: false,
|
|
782
|
+
next_action: "retry_with_different_input",
|
|
704
783
|
category: "interaction"
|
|
705
784
|
},
|
|
706
785
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -708,7 +787,8 @@ var ERRORS = {
|
|
|
708
787
|
http_status: 400,
|
|
709
788
|
title: "Interaction Invalid Timing",
|
|
710
789
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
711
|
-
|
|
790
|
+
retryable: false,
|
|
791
|
+
next_action: "retry_with_different_input",
|
|
712
792
|
category: "interaction"
|
|
713
793
|
},
|
|
714
794
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -716,7 +796,8 @@ var ERRORS = {
|
|
|
716
796
|
http_status: 400,
|
|
717
797
|
title: "Interaction Kind Reserved",
|
|
718
798
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
719
|
-
|
|
799
|
+
retryable: false,
|
|
800
|
+
next_action: "retry_with_different_input",
|
|
720
801
|
category: "interaction"
|
|
721
802
|
},
|
|
722
803
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -724,7 +805,8 @@ var ERRORS = {
|
|
|
724
805
|
http_status: 400,
|
|
725
806
|
title: "Interaction Missing Error Detail",
|
|
726
807
|
description: "error_code or extensions required when result.status is error",
|
|
727
|
-
|
|
808
|
+
retryable: false,
|
|
809
|
+
next_action: "retry_with_different_input",
|
|
728
810
|
category: "interaction"
|
|
729
811
|
},
|
|
730
812
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -732,7 +814,8 @@ var ERRORS = {
|
|
|
732
814
|
http_status: 400,
|
|
733
815
|
title: "Interaction Missing Executor",
|
|
734
816
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
735
|
-
|
|
817
|
+
retryable: false,
|
|
818
|
+
next_action: "retry_with_different_input",
|
|
736
819
|
category: "interaction"
|
|
737
820
|
},
|
|
738
821
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -740,7 +823,8 @@ var ERRORS = {
|
|
|
740
823
|
http_status: 400,
|
|
741
824
|
title: "Interaction Missing ID",
|
|
742
825
|
description: "Interaction evidence is missing required interaction_id field",
|
|
743
|
-
|
|
826
|
+
retryable: false,
|
|
827
|
+
next_action: "retry_with_different_input",
|
|
744
828
|
category: "interaction"
|
|
745
829
|
},
|
|
746
830
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -748,7 +832,8 @@ var ERRORS = {
|
|
|
748
832
|
http_status: 400,
|
|
749
833
|
title: "Interaction Missing Kind",
|
|
750
834
|
description: "Interaction evidence is missing required kind field",
|
|
751
|
-
|
|
835
|
+
retryable: false,
|
|
836
|
+
next_action: "retry_with_different_input",
|
|
752
837
|
category: "interaction"
|
|
753
838
|
},
|
|
754
839
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -756,7 +841,8 @@ var ERRORS = {
|
|
|
756
841
|
http_status: 400,
|
|
757
842
|
title: "Interaction Missing Result",
|
|
758
843
|
description: "result.status is required when output is present",
|
|
759
|
-
|
|
844
|
+
retryable: false,
|
|
845
|
+
next_action: "retry_with_different_input",
|
|
760
846
|
category: "interaction"
|
|
761
847
|
},
|
|
762
848
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -764,7 +850,8 @@ var ERRORS = {
|
|
|
764
850
|
http_status: 400,
|
|
765
851
|
title: "Interaction Missing Started At",
|
|
766
852
|
description: "Interaction evidence is missing required started_at field",
|
|
767
|
-
|
|
853
|
+
retryable: false,
|
|
854
|
+
next_action: "retry_with_different_input",
|
|
768
855
|
category: "interaction"
|
|
769
856
|
},
|
|
770
857
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -772,7 +859,8 @@ var ERRORS = {
|
|
|
772
859
|
http_status: 400,
|
|
773
860
|
title: "Interaction Missing Target",
|
|
774
861
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
775
|
-
|
|
862
|
+
retryable: false,
|
|
863
|
+
next_action: "retry_with_different_input",
|
|
776
864
|
category: "interaction"
|
|
777
865
|
},
|
|
778
866
|
// Ucp error codes
|
|
@@ -781,7 +869,8 @@ var ERRORS = {
|
|
|
781
869
|
http_status: 500,
|
|
782
870
|
title: "UCP Evidence Serialization Failed",
|
|
783
871
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
784
|
-
|
|
872
|
+
retryable: false,
|
|
873
|
+
next_action: "retry_with_different_input",
|
|
785
874
|
category: "ucp"
|
|
786
875
|
},
|
|
787
876
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -789,7 +878,8 @@ var ERRORS = {
|
|
|
789
878
|
http_status: 401,
|
|
790
879
|
title: "UCP Key Algorithm Mismatch",
|
|
791
880
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
792
|
-
|
|
881
|
+
retryable: false,
|
|
882
|
+
next_action: "retry_with_different_input",
|
|
793
883
|
category: "ucp"
|
|
794
884
|
},
|
|
795
885
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -797,7 +887,8 @@ var ERRORS = {
|
|
|
797
887
|
http_status: 401,
|
|
798
888
|
title: "UCP Key Curve Mismatch",
|
|
799
889
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
800
|
-
|
|
890
|
+
retryable: false,
|
|
891
|
+
next_action: "retry_with_different_input",
|
|
801
892
|
category: "ucp"
|
|
802
893
|
},
|
|
803
894
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -805,7 +896,8 @@ var ERRORS = {
|
|
|
805
896
|
http_status: 401,
|
|
806
897
|
title: "UCP Key Not Found",
|
|
807
898
|
description: "Key ID from signature not found in business UCP profile",
|
|
808
|
-
|
|
899
|
+
retryable: true,
|
|
900
|
+
next_action: "retry_after_delay",
|
|
809
901
|
category: "ucp"
|
|
810
902
|
},
|
|
811
903
|
E_UCP_ORDER_INVALID: {
|
|
@@ -813,7 +905,8 @@ var ERRORS = {
|
|
|
813
905
|
http_status: 400,
|
|
814
906
|
title: "UCP Order Invalid",
|
|
815
907
|
description: "UCP order object does not conform to expected schema",
|
|
816
|
-
|
|
908
|
+
retryable: false,
|
|
909
|
+
next_action: "retry_with_different_input",
|
|
817
910
|
category: "ucp"
|
|
818
911
|
},
|
|
819
912
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -821,7 +914,8 @@ var ERRORS = {
|
|
|
821
914
|
http_status: 400,
|
|
822
915
|
title: "UCP Order Missing ID",
|
|
823
916
|
description: "UCP order is missing required id field",
|
|
824
|
-
|
|
917
|
+
retryable: false,
|
|
918
|
+
next_action: "retry_with_different_input",
|
|
825
919
|
category: "ucp"
|
|
826
920
|
},
|
|
827
921
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -829,7 +923,8 @@ var ERRORS = {
|
|
|
829
923
|
http_status: 400,
|
|
830
924
|
title: "UCP Order Missing Line Items",
|
|
831
925
|
description: "UCP order is missing required line_items array",
|
|
832
|
-
|
|
926
|
+
retryable: false,
|
|
927
|
+
next_action: "retry_with_different_input",
|
|
833
928
|
category: "ucp"
|
|
834
929
|
},
|
|
835
930
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -837,7 +932,8 @@ var ERRORS = {
|
|
|
837
932
|
http_status: 400,
|
|
838
933
|
title: "UCP Order Missing Totals",
|
|
839
934
|
description: "UCP order is missing required totals array or total entry",
|
|
840
|
-
|
|
935
|
+
retryable: false,
|
|
936
|
+
next_action: "retry_with_different_input",
|
|
841
937
|
category: "ucp"
|
|
842
938
|
},
|
|
843
939
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -845,7 +941,8 @@ var ERRORS = {
|
|
|
845
941
|
http_status: 400,
|
|
846
942
|
title: "UCP Payload Empty",
|
|
847
943
|
description: "Webhook request body is empty",
|
|
848
|
-
|
|
944
|
+
retryable: false,
|
|
945
|
+
next_action: "retry_with_different_input",
|
|
849
946
|
category: "ucp"
|
|
850
947
|
},
|
|
851
948
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -853,7 +950,8 @@ var ERRORS = {
|
|
|
853
950
|
http_status: 400,
|
|
854
951
|
title: "UCP Payload Not JSON",
|
|
855
952
|
description: "Webhook request body is not valid JSON",
|
|
856
|
-
|
|
953
|
+
retryable: false,
|
|
954
|
+
next_action: "retry_with_different_input",
|
|
857
955
|
category: "ucp"
|
|
858
956
|
},
|
|
859
957
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -861,7 +959,8 @@ var ERRORS = {
|
|
|
861
959
|
http_status: 400,
|
|
862
960
|
title: "UCP Payload Too Large",
|
|
863
961
|
description: "Webhook request body exceeds maximum allowed size",
|
|
864
|
-
|
|
962
|
+
retryable: false,
|
|
963
|
+
next_action: "retry_with_different_input",
|
|
865
964
|
category: "ucp"
|
|
866
965
|
},
|
|
867
966
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -869,7 +968,8 @@ var ERRORS = {
|
|
|
869
968
|
http_status: 502,
|
|
870
969
|
title: "UCP Profile Fetch Failed",
|
|
871
970
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
872
|
-
|
|
971
|
+
retryable: true,
|
|
972
|
+
next_action: "retry_after_delay",
|
|
873
973
|
category: "ucp"
|
|
874
974
|
},
|
|
875
975
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -877,7 +977,8 @@ var ERRORS = {
|
|
|
877
977
|
http_status: 502,
|
|
878
978
|
title: "UCP Profile Invalid",
|
|
879
979
|
description: "Business UCP profile does not conform to expected schema",
|
|
880
|
-
|
|
980
|
+
retryable: false,
|
|
981
|
+
next_action: "retry_with_different_input",
|
|
881
982
|
category: "ucp"
|
|
882
983
|
},
|
|
883
984
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -885,7 +986,8 @@ var ERRORS = {
|
|
|
885
986
|
http_status: 502,
|
|
886
987
|
title: "UCP Profile No Signing Keys",
|
|
887
988
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
888
|
-
|
|
989
|
+
retryable: false,
|
|
990
|
+
next_action: "retry_with_different_input",
|
|
889
991
|
category: "ucp"
|
|
890
992
|
},
|
|
891
993
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -893,7 +995,8 @@ var ERRORS = {
|
|
|
893
995
|
http_status: 400,
|
|
894
996
|
title: "UCP Signature Algorithm Unsupported",
|
|
895
997
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
896
|
-
|
|
998
|
+
retryable: false,
|
|
999
|
+
next_action: "retry_with_different_input",
|
|
897
1000
|
category: "ucp"
|
|
898
1001
|
},
|
|
899
1002
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -901,7 +1004,8 @@ var ERRORS = {
|
|
|
901
1004
|
http_status: 400,
|
|
902
1005
|
title: "UCP Signature b64 Invalid",
|
|
903
1006
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
904
|
-
|
|
1007
|
+
retryable: false,
|
|
1008
|
+
next_action: "retry_with_different_input",
|
|
905
1009
|
category: "ucp"
|
|
906
1010
|
},
|
|
907
1011
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -909,7 +1013,8 @@ var ERRORS = {
|
|
|
909
1013
|
http_status: 401,
|
|
910
1014
|
title: "UCP Signature Invalid",
|
|
911
1015
|
description: "Webhook signature verification failed against payload",
|
|
912
|
-
|
|
1016
|
+
retryable: false,
|
|
1017
|
+
next_action: "retry_with_different_input",
|
|
913
1018
|
category: "ucp"
|
|
914
1019
|
},
|
|
915
1020
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -917,7 +1022,8 @@ var ERRORS = {
|
|
|
917
1022
|
http_status: 400,
|
|
918
1023
|
title: "UCP Signature Malformed",
|
|
919
1024
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
920
|
-
|
|
1025
|
+
retryable: false,
|
|
1026
|
+
next_action: "retry_with_different_input",
|
|
921
1027
|
category: "ucp"
|
|
922
1028
|
},
|
|
923
1029
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -925,7 +1031,8 @@ var ERRORS = {
|
|
|
925
1031
|
http_status: 400,
|
|
926
1032
|
title: "UCP Signature Missing",
|
|
927
1033
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
928
|
-
|
|
1034
|
+
retryable: false,
|
|
1035
|
+
next_action: "retry_with_different_input",
|
|
929
1036
|
category: "ucp"
|
|
930
1037
|
},
|
|
931
1038
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -933,7 +1040,8 @@ var ERRORS = {
|
|
|
933
1040
|
http_status: 401,
|
|
934
1041
|
title: "UCP Verification Failed",
|
|
935
1042
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
936
|
-
|
|
1043
|
+
retryable: false,
|
|
1044
|
+
next_action: "retry_with_different_input",
|
|
937
1045
|
category: "ucp"
|
|
938
1046
|
},
|
|
939
1047
|
// Validation error codes
|
|
@@ -942,7 +1050,8 @@ var ERRORS = {
|
|
|
942
1050
|
http_status: 400,
|
|
943
1051
|
title: "Kernel Constraint Violation",
|
|
944
1052
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
945
|
-
|
|
1053
|
+
retryable: false,
|
|
1054
|
+
next_action: "retry_with_different_input",
|
|
946
1055
|
category: "validation"
|
|
947
1056
|
},
|
|
948
1057
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -950,7 +1059,8 @@ var ERRORS = {
|
|
|
950
1059
|
http_status: 400,
|
|
951
1060
|
title: "Evidence Not JSON-Safe",
|
|
952
1061
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
953
|
-
|
|
1062
|
+
retryable: false,
|
|
1063
|
+
next_action: "retry_with_different_input",
|
|
954
1064
|
category: "validation"
|
|
955
1065
|
},
|
|
956
1066
|
E_EXPIRED: {
|
|
@@ -958,7 +1068,8 @@ var ERRORS = {
|
|
|
958
1068
|
http_status: 400,
|
|
959
1069
|
title: "Receipt Expired",
|
|
960
1070
|
description: "Receipt has exceeded its expiration time",
|
|
961
|
-
|
|
1071
|
+
retryable: false,
|
|
1072
|
+
next_action: "retry_with_different_input",
|
|
962
1073
|
category: "validation"
|
|
963
1074
|
},
|
|
964
1075
|
E_INVALID_AMOUNT: {
|
|
@@ -966,7 +1077,8 @@ var ERRORS = {
|
|
|
966
1077
|
http_status: 400,
|
|
967
1078
|
title: "Invalid Amount",
|
|
968
1079
|
description: "Payment amount is invalid or out of allowed range",
|
|
969
|
-
|
|
1080
|
+
retryable: false,
|
|
1081
|
+
next_action: "retry_with_different_input",
|
|
970
1082
|
category: "validation"
|
|
971
1083
|
},
|
|
972
1084
|
E_INVALID_AUDIENCE: {
|
|
@@ -974,7 +1086,8 @@ var ERRORS = {
|
|
|
974
1086
|
http_status: 400,
|
|
975
1087
|
title: "Invalid Audience",
|
|
976
1088
|
description: "Receipt audience claim does not match expected value",
|
|
977
|
-
|
|
1089
|
+
retryable: false,
|
|
1090
|
+
next_action: "retry_with_different_input",
|
|
978
1091
|
category: "validation"
|
|
979
1092
|
},
|
|
980
1093
|
E_INVALID_CURRENCY: {
|
|
@@ -982,7 +1095,8 @@ var ERRORS = {
|
|
|
982
1095
|
http_status: 400,
|
|
983
1096
|
title: "Invalid Currency",
|
|
984
1097
|
description: "Currency code is not a valid ISO 4217 code",
|
|
985
|
-
|
|
1098
|
+
retryable: false,
|
|
1099
|
+
next_action: "retry_with_different_input",
|
|
986
1100
|
category: "validation"
|
|
987
1101
|
},
|
|
988
1102
|
E_INVALID_FORMAT: {
|
|
@@ -990,7 +1104,8 @@ var ERRORS = {
|
|
|
990
1104
|
http_status: 400,
|
|
991
1105
|
title: "Invalid Format",
|
|
992
1106
|
description: "Receipt does not conform to JWS format",
|
|
993
|
-
|
|
1107
|
+
retryable: false,
|
|
1108
|
+
next_action: "retry_with_different_input",
|
|
994
1109
|
category: "validation"
|
|
995
1110
|
},
|
|
996
1111
|
E_INVALID_ISSUER: {
|
|
@@ -998,7 +1113,8 @@ var ERRORS = {
|
|
|
998
1113
|
http_status: 400,
|
|
999
1114
|
title: "Invalid Issuer",
|
|
1000
1115
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1001
|
-
|
|
1116
|
+
retryable: false,
|
|
1117
|
+
next_action: "retry_with_different_input",
|
|
1002
1118
|
category: "validation"
|
|
1003
1119
|
},
|
|
1004
1120
|
E_INVALID_RAIL: {
|
|
@@ -1006,7 +1122,8 @@ var ERRORS = {
|
|
|
1006
1122
|
http_status: 400,
|
|
1007
1123
|
title: "Invalid Payment Rail",
|
|
1008
1124
|
description: "Payment rail identifier is not recognized",
|
|
1009
|
-
|
|
1125
|
+
retryable: false,
|
|
1126
|
+
next_action: "retry_with_different_input",
|
|
1010
1127
|
category: "validation"
|
|
1011
1128
|
},
|
|
1012
1129
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1014,7 +1131,8 @@ var ERRORS = {
|
|
|
1014
1131
|
http_status: 400,
|
|
1015
1132
|
title: "Invalid Receipt ID",
|
|
1016
1133
|
description: "Receipt ID (rid) does not match expected value",
|
|
1017
|
-
|
|
1134
|
+
retryable: false,
|
|
1135
|
+
next_action: "retry_with_different_input",
|
|
1018
1136
|
category: "validation"
|
|
1019
1137
|
},
|
|
1020
1138
|
E_INVALID_SUBJECT: {
|
|
@@ -1022,7 +1140,8 @@ var ERRORS = {
|
|
|
1022
1140
|
http_status: 400,
|
|
1023
1141
|
title: "Invalid Subject",
|
|
1024
1142
|
description: "Receipt subject claim does not match expected value",
|
|
1025
|
-
|
|
1143
|
+
retryable: false,
|
|
1144
|
+
next_action: "retry_with_different_input",
|
|
1026
1145
|
category: "validation"
|
|
1027
1146
|
},
|
|
1028
1147
|
E_MISSING_EXP: {
|
|
@@ -1030,7 +1149,8 @@ var ERRORS = {
|
|
|
1030
1149
|
http_status: 400,
|
|
1031
1150
|
title: "Missing Expiration",
|
|
1032
1151
|
description: "Receipt is missing required exp claim",
|
|
1033
|
-
|
|
1152
|
+
retryable: false,
|
|
1153
|
+
next_action: "retry_with_different_input",
|
|
1034
1154
|
category: "validation"
|
|
1035
1155
|
},
|
|
1036
1156
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1038,7 +1158,8 @@ var ERRORS = {
|
|
|
1038
1158
|
http_status: 400,
|
|
1039
1159
|
title: "Missing Required Claim",
|
|
1040
1160
|
description: "Receipt is missing a required JWT claim",
|
|
1041
|
-
|
|
1161
|
+
retryable: false,
|
|
1162
|
+
next_action: "retry_with_different_input",
|
|
1042
1163
|
category: "validation"
|
|
1043
1164
|
},
|
|
1044
1165
|
E_NOT_YET_VALID: {
|
|
@@ -1046,7 +1167,8 @@ var ERRORS = {
|
|
|
1046
1167
|
http_status: 400,
|
|
1047
1168
|
title: "Not Yet Valid",
|
|
1048
1169
|
description: "Receipt nbf (not before) time is in the future",
|
|
1049
|
-
|
|
1170
|
+
retryable: true,
|
|
1171
|
+
next_action: "retry_after_delay",
|
|
1050
1172
|
category: "validation"
|
|
1051
1173
|
},
|
|
1052
1174
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1054,7 +1176,8 @@ var ERRORS = {
|
|
|
1054
1176
|
http_status: 400,
|
|
1055
1177
|
title: "Attestation Receipt Invalid",
|
|
1056
1178
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1057
|
-
|
|
1179
|
+
retryable: false,
|
|
1180
|
+
next_action: "retry_with_different_input",
|
|
1058
1181
|
category: "validation"
|
|
1059
1182
|
},
|
|
1060
1183
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1062,7 +1185,8 @@ var ERRORS = {
|
|
|
1062
1185
|
http_status: 400,
|
|
1063
1186
|
title: "Commerce Receipt Invalid",
|
|
1064
1187
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1065
|
-
|
|
1188
|
+
retryable: false,
|
|
1189
|
+
next_action: "retry_with_different_input",
|
|
1066
1190
|
category: "validation"
|
|
1067
1191
|
},
|
|
1068
1192
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1070,7 +1194,8 @@ var ERRORS = {
|
|
|
1070
1194
|
http_status: 400,
|
|
1071
1195
|
title: "Parse Invalid Input",
|
|
1072
1196
|
description: "Input to receipt parser is not a non-null object",
|
|
1073
|
-
|
|
1197
|
+
retryable: false,
|
|
1198
|
+
next_action: "retry_with_different_input",
|
|
1074
1199
|
category: "validation"
|
|
1075
1200
|
},
|
|
1076
1201
|
// Verification error codes
|
|
@@ -1079,7 +1204,8 @@ var ERRORS = {
|
|
|
1079
1204
|
http_status: 400,
|
|
1080
1205
|
title: "Invalid Signature",
|
|
1081
1206
|
description: "Receipt signature verification failed",
|
|
1082
|
-
|
|
1207
|
+
retryable: false,
|
|
1208
|
+
next_action: "abort",
|
|
1083
1209
|
category: "verification"
|
|
1084
1210
|
},
|
|
1085
1211
|
E_KEY_NOT_FOUND: {
|
|
@@ -1087,7 +1213,26 @@ var ERRORS = {
|
|
|
1087
1213
|
http_status: 400,
|
|
1088
1214
|
title: "Key Not Found",
|
|
1089
1215
|
description: "Public key with specified kid not found in JWKS",
|
|
1090
|
-
|
|
1216
|
+
retryable: false,
|
|
1217
|
+
next_action: "retry_with_different_key",
|
|
1218
|
+
category: "verification"
|
|
1219
|
+
},
|
|
1220
|
+
E_KID_REUSE_DETECTED: {
|
|
1221
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1222
|
+
http_status: 400,
|
|
1223
|
+
title: "Kid Reuse Detected",
|
|
1224
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1225
|
+
retryable: false,
|
|
1226
|
+
next_action: "abort",
|
|
1227
|
+
category: "verification"
|
|
1228
|
+
},
|
|
1229
|
+
E_REVOKED_KEY_USED: {
|
|
1230
|
+
code: "E_REVOKED_KEY_USED",
|
|
1231
|
+
http_status: 400,
|
|
1232
|
+
title: "Revoked Key Used",
|
|
1233
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1234
|
+
retryable: false,
|
|
1235
|
+
next_action: "retry_with_different_key",
|
|
1091
1236
|
category: "verification"
|
|
1092
1237
|
},
|
|
1093
1238
|
// Verifier error codes
|
|
@@ -1096,7 +1241,8 @@ var ERRORS = {
|
|
|
1096
1241
|
http_status: 400,
|
|
1097
1242
|
title: "Extension Too Large",
|
|
1098
1243
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1099
|
-
|
|
1244
|
+
retryable: false,
|
|
1245
|
+
next_action: "abort",
|
|
1100
1246
|
category: "verifier"
|
|
1101
1247
|
},
|
|
1102
1248
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
@@ -1104,7 +1250,8 @@ var ERRORS = {
|
|
|
1104
1250
|
http_status: 403,
|
|
1105
1251
|
title: "Insecure Scheme Blocked",
|
|
1106
1252
|
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1107
|
-
|
|
1253
|
+
retryable: false,
|
|
1254
|
+
next_action: "abort",
|
|
1108
1255
|
category: "verifier"
|
|
1109
1256
|
},
|
|
1110
1257
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1112,7 +1259,8 @@ var ERRORS = {
|
|
|
1112
1259
|
http_status: 400,
|
|
1113
1260
|
title: "Invalid Transport",
|
|
1114
1261
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1115
|
-
|
|
1262
|
+
retryable: false,
|
|
1263
|
+
next_action: "abort",
|
|
1116
1264
|
category: "verifier"
|
|
1117
1265
|
},
|
|
1118
1266
|
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
@@ -1120,7 +1268,8 @@ var ERRORS = {
|
|
|
1120
1268
|
http_status: 502,
|
|
1121
1269
|
title: "Issuer Config Invalid",
|
|
1122
1270
|
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1123
|
-
|
|
1271
|
+
retryable: false,
|
|
1272
|
+
next_action: "abort",
|
|
1124
1273
|
category: "verifier"
|
|
1125
1274
|
},
|
|
1126
1275
|
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
@@ -1128,7 +1277,8 @@ var ERRORS = {
|
|
|
1128
1277
|
http_status: 502,
|
|
1129
1278
|
title: "Issuer Config Missing",
|
|
1130
1279
|
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1131
|
-
|
|
1280
|
+
retryable: true,
|
|
1281
|
+
next_action: "retry_after_delay",
|
|
1132
1282
|
category: "verifier"
|
|
1133
1283
|
},
|
|
1134
1284
|
E_VERIFY_ISSUER_MISMATCH: {
|
|
@@ -1136,7 +1286,8 @@ var ERRORS = {
|
|
|
1136
1286
|
http_status: 403,
|
|
1137
1287
|
title: "Issuer Mismatch",
|
|
1138
1288
|
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1139
|
-
|
|
1289
|
+
retryable: false,
|
|
1290
|
+
next_action: "abort",
|
|
1140
1291
|
category: "verifier"
|
|
1141
1292
|
},
|
|
1142
1293
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1144,7 +1295,8 @@ var ERRORS = {
|
|
|
1144
1295
|
http_status: 403,
|
|
1145
1296
|
title: "Issuer Not Allowed",
|
|
1146
1297
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1147
|
-
|
|
1298
|
+
retryable: false,
|
|
1299
|
+
next_action: "abort",
|
|
1148
1300
|
category: "verifier"
|
|
1149
1301
|
},
|
|
1150
1302
|
E_VERIFY_JWKS_INVALID: {
|
|
@@ -1152,7 +1304,8 @@ var ERRORS = {
|
|
|
1152
1304
|
http_status: 502,
|
|
1153
1305
|
title: "JWKS Invalid",
|
|
1154
1306
|
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1155
|
-
|
|
1307
|
+
retryable: false,
|
|
1308
|
+
next_action: "abort",
|
|
1156
1309
|
category: "verifier"
|
|
1157
1310
|
},
|
|
1158
1311
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1160,7 +1313,8 @@ var ERRORS = {
|
|
|
1160
1313
|
http_status: 400,
|
|
1161
1314
|
title: "JWKS Too Large",
|
|
1162
1315
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1163
|
-
|
|
1316
|
+
retryable: false,
|
|
1317
|
+
next_action: "abort",
|
|
1164
1318
|
category: "verifier"
|
|
1165
1319
|
},
|
|
1166
1320
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1168,7 +1322,8 @@ var ERRORS = {
|
|
|
1168
1322
|
http_status: 400,
|
|
1169
1323
|
title: "JWKS Too Many Keys",
|
|
1170
1324
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1171
|
-
|
|
1325
|
+
retryable: false,
|
|
1326
|
+
next_action: "abort",
|
|
1172
1327
|
category: "verifier"
|
|
1173
1328
|
},
|
|
1174
1329
|
E_VERIFY_JWKS_URI_INVALID: {
|
|
@@ -1176,7 +1331,8 @@ var ERRORS = {
|
|
|
1176
1331
|
http_status: 502,
|
|
1177
1332
|
title: "JWKS URI Invalid",
|
|
1178
1333
|
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1179
|
-
|
|
1334
|
+
retryable: false,
|
|
1335
|
+
next_action: "abort",
|
|
1180
1336
|
category: "verifier"
|
|
1181
1337
|
},
|
|
1182
1338
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1184,7 +1340,8 @@ var ERRORS = {
|
|
|
1184
1340
|
http_status: 403,
|
|
1185
1341
|
title: "Key Fetch Blocked",
|
|
1186
1342
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1187
|
-
|
|
1343
|
+
retryable: false,
|
|
1344
|
+
next_action: "abort",
|
|
1188
1345
|
category: "verifier"
|
|
1189
1346
|
},
|
|
1190
1347
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1192,7 +1349,8 @@ var ERRORS = {
|
|
|
1192
1349
|
http_status: 502,
|
|
1193
1350
|
title: "Key Fetch Failed",
|
|
1194
1351
|
description: "Network error while fetching JWKS from issuer",
|
|
1195
|
-
|
|
1352
|
+
retryable: true,
|
|
1353
|
+
next_action: "retry_after_delay",
|
|
1196
1354
|
category: "verifier"
|
|
1197
1355
|
},
|
|
1198
1356
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1200,7 +1358,8 @@ var ERRORS = {
|
|
|
1200
1358
|
http_status: 504,
|
|
1201
1359
|
title: "Key Fetch Timeout",
|
|
1202
1360
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1203
|
-
|
|
1361
|
+
retryable: true,
|
|
1362
|
+
next_action: "retry_after_delay",
|
|
1204
1363
|
category: "verifier"
|
|
1205
1364
|
},
|
|
1206
1365
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1208,7 +1367,8 @@ var ERRORS = {
|
|
|
1208
1367
|
http_status: 400,
|
|
1209
1368
|
title: "Malformed Receipt",
|
|
1210
1369
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1211
|
-
|
|
1370
|
+
retryable: false,
|
|
1371
|
+
next_action: "abort",
|
|
1212
1372
|
category: "verifier"
|
|
1213
1373
|
},
|
|
1214
1374
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1216,7 +1376,8 @@ var ERRORS = {
|
|
|
1216
1376
|
http_status: 400,
|
|
1217
1377
|
title: "Pointer Digest Mismatch",
|
|
1218
1378
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1219
|
-
|
|
1379
|
+
retryable: false,
|
|
1380
|
+
next_action: "abort",
|
|
1220
1381
|
category: "verifier"
|
|
1221
1382
|
},
|
|
1222
1383
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1224,7 +1385,8 @@ var ERRORS = {
|
|
|
1224
1385
|
http_status: 403,
|
|
1225
1386
|
title: "Pointer Fetch Blocked",
|
|
1226
1387
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1227
|
-
|
|
1388
|
+
retryable: false,
|
|
1389
|
+
next_action: "abort",
|
|
1228
1390
|
category: "verifier"
|
|
1229
1391
|
},
|
|
1230
1392
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1232,7 +1394,8 @@ var ERRORS = {
|
|
|
1232
1394
|
http_status: 502,
|
|
1233
1395
|
title: "Pointer Fetch Failed",
|
|
1234
1396
|
description: "Network error while fetching receipt from pointer URL",
|
|
1235
|
-
|
|
1397
|
+
retryable: true,
|
|
1398
|
+
next_action: "retry_after_delay",
|
|
1236
1399
|
category: "verifier"
|
|
1237
1400
|
},
|
|
1238
1401
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1240,7 +1403,8 @@ var ERRORS = {
|
|
|
1240
1403
|
http_status: 504,
|
|
1241
1404
|
title: "Pointer Fetch Timeout",
|
|
1242
1405
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1243
|
-
|
|
1406
|
+
retryable: true,
|
|
1407
|
+
next_action: "retry_after_delay",
|
|
1244
1408
|
category: "verifier"
|
|
1245
1409
|
},
|
|
1246
1410
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1248,7 +1412,8 @@ var ERRORS = {
|
|
|
1248
1412
|
http_status: 413,
|
|
1249
1413
|
title: "Pointer Fetch Too Large",
|
|
1250
1414
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1251
|
-
|
|
1415
|
+
retryable: false,
|
|
1416
|
+
next_action: "abort",
|
|
1252
1417
|
category: "verifier"
|
|
1253
1418
|
},
|
|
1254
1419
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1256,7 +1421,8 @@ var ERRORS = {
|
|
|
1256
1421
|
http_status: 403,
|
|
1257
1422
|
title: "Policy Violation",
|
|
1258
1423
|
description: "Receipt violates verifier trust policy",
|
|
1259
|
-
|
|
1424
|
+
retryable: false,
|
|
1425
|
+
next_action: "abort",
|
|
1260
1426
|
category: "verifier"
|
|
1261
1427
|
},
|
|
1262
1428
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1264,7 +1430,8 @@ var ERRORS = {
|
|
|
1264
1430
|
http_status: 413,
|
|
1265
1431
|
title: "Receipt Too Large",
|
|
1266
1432
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1267
|
-
|
|
1433
|
+
retryable: false,
|
|
1434
|
+
next_action: "abort",
|
|
1268
1435
|
category: "verifier"
|
|
1269
1436
|
},
|
|
1270
1437
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1272,7 +1439,8 @@ var ERRORS = {
|
|
|
1272
1439
|
http_status: 400,
|
|
1273
1440
|
title: "Schema Invalid",
|
|
1274
1441
|
description: "Receipt claims do not conform to expected schema",
|
|
1275
|
-
|
|
1442
|
+
retryable: false,
|
|
1443
|
+
next_action: "abort",
|
|
1276
1444
|
category: "verifier"
|
|
1277
1445
|
},
|
|
1278
1446
|
// Workflow error codes
|
|
@@ -1281,7 +1449,8 @@ var ERRORS = {
|
|
|
1281
1449
|
http_status: 400,
|
|
1282
1450
|
title: "Invalid Workflow Context",
|
|
1283
1451
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1284
|
-
|
|
1452
|
+
retryable: false,
|
|
1453
|
+
next_action: "retry_with_different_input",
|
|
1285
1454
|
category: "workflow"
|
|
1286
1455
|
},
|
|
1287
1456
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1289,7 +1458,8 @@ var ERRORS = {
|
|
|
1289
1458
|
http_status: 400,
|
|
1290
1459
|
title: "Workflow Cycle Detected",
|
|
1291
1460
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1292
|
-
|
|
1461
|
+
retryable: false,
|
|
1462
|
+
next_action: "retry_with_different_input",
|
|
1293
1463
|
category: "workflow"
|
|
1294
1464
|
},
|
|
1295
1465
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1297,7 +1467,8 @@ var ERRORS = {
|
|
|
1297
1467
|
http_status: 400,
|
|
1298
1468
|
title: "Invalid Workflow DAG",
|
|
1299
1469
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1300
|
-
|
|
1470
|
+
retryable: false,
|
|
1471
|
+
next_action: "retry_with_different_input",
|
|
1301
1472
|
category: "workflow"
|
|
1302
1473
|
},
|
|
1303
1474
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1305,7 +1476,8 @@ var ERRORS = {
|
|
|
1305
1476
|
http_status: 400,
|
|
1306
1477
|
title: "Invalid Workflow ID",
|
|
1307
1478
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1308
|
-
|
|
1479
|
+
retryable: false,
|
|
1480
|
+
next_action: "retry_with_different_input",
|
|
1309
1481
|
category: "workflow"
|
|
1310
1482
|
},
|
|
1311
1483
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1313,7 +1485,8 @@ var ERRORS = {
|
|
|
1313
1485
|
http_status: 400,
|
|
1314
1486
|
title: "Workflow Limit Exceeded",
|
|
1315
1487
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1316
|
-
|
|
1488
|
+
retryable: false,
|
|
1489
|
+
next_action: "retry_with_different_input",
|
|
1317
1490
|
category: "workflow"
|
|
1318
1491
|
},
|
|
1319
1492
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1321,7 +1494,8 @@ var ERRORS = {
|
|
|
1321
1494
|
http_status: 400,
|
|
1322
1495
|
title: "Parent Step Not Found",
|
|
1323
1496
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1324
|
-
|
|
1497
|
+
retryable: false,
|
|
1498
|
+
next_action: "retry_with_different_input",
|
|
1325
1499
|
category: "workflow"
|
|
1326
1500
|
},
|
|
1327
1501
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1329,7 +1503,8 @@ var ERRORS = {
|
|
|
1329
1503
|
http_status: 400,
|
|
1330
1504
|
title: "Invalid Step ID",
|
|
1331
1505
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1332
|
-
|
|
1506
|
+
retryable: false,
|
|
1507
|
+
next_action: "retry_with_different_input",
|
|
1333
1508
|
category: "workflow"
|
|
1334
1509
|
},
|
|
1335
1510
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1337,15 +1512,16 @@ var ERRORS = {
|
|
|
1337
1512
|
http_status: 400,
|
|
1338
1513
|
title: "Invalid Workflow Summary",
|
|
1339
1514
|
description: "Workflow summary attestation does not conform to schema",
|
|
1340
|
-
|
|
1515
|
+
retryable: false,
|
|
1516
|
+
next_action: "retry_with_different_input",
|
|
1341
1517
|
category: "workflow"
|
|
1342
1518
|
}
|
|
1343
1519
|
};
|
|
1344
1520
|
function getError(code) {
|
|
1345
1521
|
return ERRORS[code];
|
|
1346
1522
|
}
|
|
1347
|
-
function
|
|
1348
|
-
return ERRORS[code]?.
|
|
1523
|
+
function isRetryable(code) {
|
|
1524
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1349
1525
|
}
|
|
1350
1526
|
var BUNDLE_ERRORS = {
|
|
1351
1527
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1381,6 +1557,6 @@ var DISPUTE_ERRORS = {
|
|
|
1381
1557
|
TARGET_NOT_FOUND: "E_DISPUTE_TARGET_NOT_FOUND"
|
|
1382
1558
|
};
|
|
1383
1559
|
|
|
1384
|
-
export { BUNDLE_ERRORS, DISPUTE_ERRORS, ERRORS, ERROR_CODES, getError,
|
|
1560
|
+
export { BUNDLE_ERRORS, DISPUTE_ERRORS, ERRORS, ERROR_CODES, getError, isRetryable };
|
|
1385
1561
|
//# sourceMappingURL=errors.mjs.map
|
|
1386
1562
|
//# sourceMappingURL=errors.mjs.map
|