@peac/kernel 0.11.1 → 0.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -3
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +14 -0
- package/dist/carrier.d.ts.map +1 -1
- package/dist/constants.cjs +2 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +4 -2
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +2 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +325 -149
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +6 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +325 -149
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +329 -150
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +328 -150
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -57,7 +57,8 @@ var DISCOVERY = {
|
|
|
57
57
|
};
|
|
58
58
|
var JWKS = {
|
|
59
59
|
rotationDays: 90,
|
|
60
|
-
|
|
60
|
+
/** Normative minimum overlap period (DD-148, v0.11.3+) */
|
|
61
|
+
overlapDays: 30,
|
|
61
62
|
emergencyRevocationHours: 24
|
|
62
63
|
};
|
|
63
64
|
var RECEIPT = {
|
|
@@ -237,6 +238,7 @@ var ERROR_CODES = {
|
|
|
237
238
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
238
239
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
239
240
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
241
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
240
242
|
// Infrastructure error codes
|
|
241
243
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
242
244
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -299,6 +301,8 @@ var ERROR_CODES = {
|
|
|
299
301
|
// Verification error codes
|
|
300
302
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
301
303
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
304
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
305
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
302
306
|
// Verifier error codes
|
|
303
307
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
304
308
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -340,7 +344,8 @@ var ERRORS = {
|
|
|
340
344
|
http_status: 400,
|
|
341
345
|
title: "Attribution Chain Too Deep",
|
|
342
346
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
343
|
-
|
|
347
|
+
retryable: false,
|
|
348
|
+
next_action: "retry_with_different_input",
|
|
344
349
|
category: "attribution"
|
|
345
350
|
},
|
|
346
351
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -348,7 +353,8 @@ var ERRORS = {
|
|
|
348
353
|
http_status: 400,
|
|
349
354
|
title: "Attribution Circular Chain",
|
|
350
355
|
description: "Circular reference detected in attribution chain",
|
|
351
|
-
|
|
356
|
+
retryable: false,
|
|
357
|
+
next_action: "retry_with_different_input",
|
|
352
358
|
category: "attribution"
|
|
353
359
|
},
|
|
354
360
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -356,7 +362,8 @@ var ERRORS = {
|
|
|
356
362
|
http_status: 401,
|
|
357
363
|
title: "Attribution Expired",
|
|
358
364
|
description: "Attribution attestation has exceeded its expiration time",
|
|
359
|
-
|
|
365
|
+
retryable: false,
|
|
366
|
+
next_action: "retry_with_different_input",
|
|
360
367
|
category: "attribution"
|
|
361
368
|
},
|
|
362
369
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -364,7 +371,8 @@ var ERRORS = {
|
|
|
364
371
|
http_status: 400,
|
|
365
372
|
title: "Attribution Hash Invalid",
|
|
366
373
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
367
|
-
|
|
374
|
+
retryable: false,
|
|
375
|
+
next_action: "retry_with_different_input",
|
|
368
376
|
category: "attribution"
|
|
369
377
|
},
|
|
370
378
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -372,7 +380,8 @@ var ERRORS = {
|
|
|
372
380
|
http_status: 400,
|
|
373
381
|
title: "Attribution Invalid Format",
|
|
374
382
|
description: "Attribution attestation does not conform to schema",
|
|
375
|
-
|
|
383
|
+
retryable: false,
|
|
384
|
+
next_action: "retry_with_different_input",
|
|
376
385
|
category: "attribution"
|
|
377
386
|
},
|
|
378
387
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -380,7 +389,8 @@ var ERRORS = {
|
|
|
380
389
|
http_status: 400,
|
|
381
390
|
title: "Attribution Invalid Reference",
|
|
382
391
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
383
|
-
|
|
392
|
+
retryable: false,
|
|
393
|
+
next_action: "retry_with_different_input",
|
|
384
394
|
category: "attribution"
|
|
385
395
|
},
|
|
386
396
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -388,7 +398,8 @@ var ERRORS = {
|
|
|
388
398
|
http_status: 400,
|
|
389
399
|
title: "Attribution Invalid Weight",
|
|
390
400
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
391
|
-
|
|
401
|
+
retryable: false,
|
|
402
|
+
next_action: "retry_with_different_input",
|
|
392
403
|
category: "attribution"
|
|
393
404
|
},
|
|
394
405
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -396,7 +407,8 @@ var ERRORS = {
|
|
|
396
407
|
http_status: 400,
|
|
397
408
|
title: "Attribution Missing Sources",
|
|
398
409
|
description: "Attribution attestation has empty sources array",
|
|
399
|
-
|
|
410
|
+
retryable: false,
|
|
411
|
+
next_action: "retry_with_different_input",
|
|
400
412
|
category: "attribution"
|
|
401
413
|
},
|
|
402
414
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -404,7 +416,8 @@ var ERRORS = {
|
|
|
404
416
|
http_status: 401,
|
|
405
417
|
title: "Attribution Not Yet Valid",
|
|
406
418
|
description: "Attribution attestation issued_at time is in the future",
|
|
407
|
-
|
|
419
|
+
retryable: true,
|
|
420
|
+
next_action: "retry_after_delay",
|
|
408
421
|
category: "attribution"
|
|
409
422
|
},
|
|
410
423
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -412,7 +425,8 @@ var ERRORS = {
|
|
|
412
425
|
http_status: 502,
|
|
413
426
|
title: "Attribution Resolution Failed",
|
|
414
427
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
415
|
-
|
|
428
|
+
retryable: true,
|
|
429
|
+
next_action: "retry_after_delay",
|
|
416
430
|
category: "attribution"
|
|
417
431
|
},
|
|
418
432
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -420,7 +434,8 @@ var ERRORS = {
|
|
|
420
434
|
http_status: 504,
|
|
421
435
|
title: "Attribution Resolution Timeout",
|
|
422
436
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
423
|
-
|
|
437
|
+
retryable: true,
|
|
438
|
+
next_action: "retry_after_delay",
|
|
424
439
|
category: "attribution"
|
|
425
440
|
},
|
|
426
441
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -428,7 +443,8 @@ var ERRORS = {
|
|
|
428
443
|
http_status: 400,
|
|
429
444
|
title: "Attribution Size Exceeded",
|
|
430
445
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
431
|
-
|
|
446
|
+
retryable: false,
|
|
447
|
+
next_action: "retry_with_different_input",
|
|
432
448
|
category: "attribution"
|
|
433
449
|
},
|
|
434
450
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -436,7 +452,8 @@ var ERRORS = {
|
|
|
436
452
|
http_status: 400,
|
|
437
453
|
title: "Attribution Too Many Sources",
|
|
438
454
|
description: "Attribution has too many sources (maximum 100)",
|
|
439
|
-
|
|
455
|
+
retryable: false,
|
|
456
|
+
next_action: "retry_with_different_input",
|
|
440
457
|
category: "attribution"
|
|
441
458
|
},
|
|
442
459
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -444,7 +461,8 @@ var ERRORS = {
|
|
|
444
461
|
http_status: 400,
|
|
445
462
|
title: "Attribution Unknown Usage",
|
|
446
463
|
description: "Attribution usage type is not recognized",
|
|
447
|
-
|
|
464
|
+
retryable: false,
|
|
465
|
+
next_action: "retry_with_different_input",
|
|
448
466
|
category: "attribution"
|
|
449
467
|
},
|
|
450
468
|
// Bundle error codes
|
|
@@ -453,7 +471,8 @@ var ERRORS = {
|
|
|
453
471
|
http_status: 400,
|
|
454
472
|
title: "Bundle Duplicate Receipt",
|
|
455
473
|
description: "Bundle contains multiple receipts with the same ID",
|
|
456
|
-
|
|
474
|
+
retryable: false,
|
|
475
|
+
next_action: "retry_with_different_input",
|
|
457
476
|
category: "bundle"
|
|
458
477
|
},
|
|
459
478
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -461,7 +480,8 @@ var ERRORS = {
|
|
|
461
480
|
http_status: 400,
|
|
462
481
|
title: "Bundle Hash Mismatch",
|
|
463
482
|
description: "File hash does not match value declared in manifest.json",
|
|
464
|
-
|
|
483
|
+
retryable: false,
|
|
484
|
+
next_action: "retry_with_different_input",
|
|
465
485
|
category: "bundle"
|
|
466
486
|
},
|
|
467
487
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -469,7 +489,8 @@ var ERRORS = {
|
|
|
469
489
|
http_status: 400,
|
|
470
490
|
title: "Bundle Invalid Format",
|
|
471
491
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
472
|
-
|
|
492
|
+
retryable: false,
|
|
493
|
+
next_action: "retry_with_different_input",
|
|
473
494
|
category: "bundle"
|
|
474
495
|
},
|
|
475
496
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -477,7 +498,8 @@ var ERRORS = {
|
|
|
477
498
|
http_status: 400,
|
|
478
499
|
title: "Bundle Key Missing",
|
|
479
500
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
480
|
-
|
|
501
|
+
retryable: false,
|
|
502
|
+
next_action: "retry_with_different_input",
|
|
481
503
|
category: "bundle"
|
|
482
504
|
},
|
|
483
505
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -485,7 +507,8 @@ var ERRORS = {
|
|
|
485
507
|
http_status: 400,
|
|
486
508
|
title: "Bundle Manifest Invalid",
|
|
487
509
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
488
|
-
|
|
510
|
+
retryable: false,
|
|
511
|
+
next_action: "retry_with_different_input",
|
|
489
512
|
category: "bundle"
|
|
490
513
|
},
|
|
491
514
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -493,7 +516,8 @@ var ERRORS = {
|
|
|
493
516
|
http_status: 400,
|
|
494
517
|
title: "Bundle Manifest Missing",
|
|
495
518
|
description: "manifest.json not found at bundle archive root",
|
|
496
|
-
|
|
519
|
+
retryable: false,
|
|
520
|
+
next_action: "retry_with_different_input",
|
|
497
521
|
category: "bundle"
|
|
498
522
|
},
|
|
499
523
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -501,7 +525,8 @@ var ERRORS = {
|
|
|
501
525
|
http_status: 400,
|
|
502
526
|
title: "Bundle Missing Keys",
|
|
503
527
|
description: "No verification keys provided in bundle JWKS",
|
|
504
|
-
|
|
528
|
+
retryable: false,
|
|
529
|
+
next_action: "retry_with_different_input",
|
|
505
530
|
category: "bundle"
|
|
506
531
|
},
|
|
507
532
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -509,7 +534,8 @@ var ERRORS = {
|
|
|
509
534
|
http_status: 400,
|
|
510
535
|
title: "Bundle Missing Receipts",
|
|
511
536
|
description: "No receipts provided when creating bundle",
|
|
512
|
-
|
|
537
|
+
retryable: false,
|
|
538
|
+
next_action: "retry_with_different_input",
|
|
513
539
|
category: "bundle"
|
|
514
540
|
},
|
|
515
541
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -517,7 +543,8 @@ var ERRORS = {
|
|
|
517
543
|
http_status: 400,
|
|
518
544
|
title: "Bundle Path Traversal",
|
|
519
545
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
520
|
-
|
|
546
|
+
retryable: false,
|
|
547
|
+
next_action: "retry_with_different_input",
|
|
521
548
|
category: "bundle"
|
|
522
549
|
},
|
|
523
550
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -525,7 +552,8 @@ var ERRORS = {
|
|
|
525
552
|
http_status: 400,
|
|
526
553
|
title: "Bundle Policy Hash Mismatch",
|
|
527
554
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
528
|
-
|
|
555
|
+
retryable: false,
|
|
556
|
+
next_action: "retry_with_different_input",
|
|
529
557
|
category: "bundle"
|
|
530
558
|
},
|
|
531
559
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -533,7 +561,8 @@ var ERRORS = {
|
|
|
533
561
|
http_status: 400,
|
|
534
562
|
title: "Bundle Receipts Unordered",
|
|
535
563
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
536
|
-
|
|
564
|
+
retryable: false,
|
|
565
|
+
next_action: "retry_with_different_input",
|
|
537
566
|
category: "bundle"
|
|
538
567
|
},
|
|
539
568
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -541,7 +570,8 @@ var ERRORS = {
|
|
|
541
570
|
http_status: 400,
|
|
542
571
|
title: "Bundle Receipt Invalid",
|
|
543
572
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
544
|
-
|
|
573
|
+
retryable: false,
|
|
574
|
+
next_action: "retry_with_different_input",
|
|
545
575
|
category: "bundle"
|
|
546
576
|
},
|
|
547
577
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -549,7 +579,8 @@ var ERRORS = {
|
|
|
549
579
|
http_status: 400,
|
|
550
580
|
title: "Bundle Signature Invalid",
|
|
551
581
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
552
|
-
|
|
582
|
+
retryable: false,
|
|
583
|
+
next_action: "retry_with_different_input",
|
|
553
584
|
category: "bundle"
|
|
554
585
|
},
|
|
555
586
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -557,7 +588,8 @@ var ERRORS = {
|
|
|
557
588
|
http_status: 400,
|
|
558
589
|
title: "Bundle Size Exceeded",
|
|
559
590
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
560
|
-
|
|
591
|
+
retryable: false,
|
|
592
|
+
next_action: "retry_with_different_input",
|
|
561
593
|
category: "bundle"
|
|
562
594
|
},
|
|
563
595
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -565,7 +597,8 @@ var ERRORS = {
|
|
|
565
597
|
http_status: 400,
|
|
566
598
|
title: "Bundle Time Range Invalid",
|
|
567
599
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
568
|
-
|
|
600
|
+
retryable: false,
|
|
601
|
+
next_action: "retry_with_different_input",
|
|
569
602
|
category: "bundle"
|
|
570
603
|
},
|
|
571
604
|
// Control error codes
|
|
@@ -574,7 +607,8 @@ var ERRORS = {
|
|
|
574
607
|
http_status: 403,
|
|
575
608
|
title: "Control Decision Denied",
|
|
576
609
|
description: "Control engine denied authorization",
|
|
577
|
-
|
|
610
|
+
retryable: false,
|
|
611
|
+
next_action: "contact_issuer",
|
|
578
612
|
category: "control"
|
|
579
613
|
},
|
|
580
614
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -582,7 +616,8 @@ var ERRORS = {
|
|
|
582
616
|
http_status: 202,
|
|
583
617
|
title: "Review Required",
|
|
584
618
|
description: "Control engine requires manual review",
|
|
585
|
-
|
|
619
|
+
retryable: true,
|
|
620
|
+
next_action: "contact_issuer",
|
|
586
621
|
category: "control"
|
|
587
622
|
},
|
|
588
623
|
// Dispute error codes
|
|
@@ -591,7 +626,8 @@ var ERRORS = {
|
|
|
591
626
|
http_status: 409,
|
|
592
627
|
title: "Dispute Duplicate",
|
|
593
628
|
description: "A dispute with this ID already exists",
|
|
594
|
-
|
|
629
|
+
retryable: false,
|
|
630
|
+
next_action: "retry_with_different_input",
|
|
595
631
|
category: "dispute"
|
|
596
632
|
},
|
|
597
633
|
E_DISPUTE_EXPIRED: {
|
|
@@ -599,7 +635,8 @@ var ERRORS = {
|
|
|
599
635
|
http_status: 401,
|
|
600
636
|
title: "Dispute Expired",
|
|
601
637
|
description: "Dispute attestation has exceeded its expiration time",
|
|
602
|
-
|
|
638
|
+
retryable: false,
|
|
639
|
+
next_action: "retry_with_different_input",
|
|
603
640
|
category: "dispute"
|
|
604
641
|
},
|
|
605
642
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -607,7 +644,8 @@ var ERRORS = {
|
|
|
607
644
|
http_status: 400,
|
|
608
645
|
title: "Dispute Invalid Format",
|
|
609
646
|
description: "Dispute attestation does not conform to schema",
|
|
610
|
-
|
|
647
|
+
retryable: false,
|
|
648
|
+
next_action: "retry_with_different_input",
|
|
611
649
|
category: "dispute"
|
|
612
650
|
},
|
|
613
651
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -615,7 +653,8 @@ var ERRORS = {
|
|
|
615
653
|
http_status: 400,
|
|
616
654
|
title: "Dispute Invalid Grounds",
|
|
617
655
|
description: "Dispute grounds code is not recognized",
|
|
618
|
-
|
|
656
|
+
retryable: false,
|
|
657
|
+
next_action: "retry_with_different_input",
|
|
619
658
|
category: "dispute"
|
|
620
659
|
},
|
|
621
660
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -623,7 +662,8 @@ var ERRORS = {
|
|
|
623
662
|
http_status: 400,
|
|
624
663
|
title: "Dispute Invalid ID",
|
|
625
664
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
626
|
-
|
|
665
|
+
retryable: false,
|
|
666
|
+
next_action: "retry_with_different_input",
|
|
627
667
|
category: "dispute"
|
|
628
668
|
},
|
|
629
669
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -631,7 +671,8 @@ var ERRORS = {
|
|
|
631
671
|
http_status: 400,
|
|
632
672
|
title: "Dispute Invalid State",
|
|
633
673
|
description: "Dispute state is not recognized",
|
|
634
|
-
|
|
674
|
+
retryable: false,
|
|
675
|
+
next_action: "retry_with_different_input",
|
|
635
676
|
category: "dispute"
|
|
636
677
|
},
|
|
637
678
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -639,7 +680,8 @@ var ERRORS = {
|
|
|
639
680
|
http_status: 400,
|
|
640
681
|
title: "Dispute Invalid Target Type",
|
|
641
682
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
642
|
-
|
|
683
|
+
retryable: false,
|
|
684
|
+
next_action: "retry_with_different_input",
|
|
643
685
|
category: "dispute"
|
|
644
686
|
},
|
|
645
687
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -647,7 +689,8 @@ var ERRORS = {
|
|
|
647
689
|
http_status: 400,
|
|
648
690
|
title: "Dispute Invalid Transition",
|
|
649
691
|
description: "Invalid state transition for dispute lifecycle",
|
|
650
|
-
|
|
692
|
+
retryable: false,
|
|
693
|
+
next_action: "retry_with_different_input",
|
|
651
694
|
category: "dispute"
|
|
652
695
|
},
|
|
653
696
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -655,7 +698,8 @@ var ERRORS = {
|
|
|
655
698
|
http_status: 400,
|
|
656
699
|
title: "Dispute Invalid Type",
|
|
657
700
|
description: "Dispute type is not recognized",
|
|
658
|
-
|
|
701
|
+
retryable: false,
|
|
702
|
+
next_action: "retry_with_different_input",
|
|
659
703
|
category: "dispute"
|
|
660
704
|
},
|
|
661
705
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -663,7 +707,8 @@ var ERRORS = {
|
|
|
663
707
|
http_status: 400,
|
|
664
708
|
title: "Dispute Missing Resolution",
|
|
665
709
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
666
|
-
|
|
710
|
+
retryable: false,
|
|
711
|
+
next_action: "retry_with_different_input",
|
|
667
712
|
category: "dispute"
|
|
668
713
|
},
|
|
669
714
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -671,7 +716,8 @@ var ERRORS = {
|
|
|
671
716
|
http_status: 401,
|
|
672
717
|
title: "Dispute Not Yet Valid",
|
|
673
718
|
description: "Dispute attestation issued_at time is in the future",
|
|
674
|
-
|
|
719
|
+
retryable: true,
|
|
720
|
+
next_action: "retry_after_delay",
|
|
675
721
|
category: "dispute"
|
|
676
722
|
},
|
|
677
723
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -679,7 +725,8 @@ var ERRORS = {
|
|
|
679
725
|
http_status: 400,
|
|
680
726
|
title: "Dispute Other Requires Description",
|
|
681
727
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
682
|
-
|
|
728
|
+
retryable: false,
|
|
729
|
+
next_action: "retry_with_different_input",
|
|
683
730
|
category: "dispute"
|
|
684
731
|
},
|
|
685
732
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -687,7 +734,8 @@ var ERRORS = {
|
|
|
687
734
|
http_status: 400,
|
|
688
735
|
title: "Dispute Resolution Not Allowed",
|
|
689
736
|
description: "Resolution is only valid for terminal states",
|
|
690
|
-
|
|
737
|
+
retryable: false,
|
|
738
|
+
next_action: "retry_with_different_input",
|
|
691
739
|
category: "dispute"
|
|
692
740
|
},
|
|
693
741
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -695,7 +743,8 @@ var ERRORS = {
|
|
|
695
743
|
http_status: 404,
|
|
696
744
|
title: "Dispute Target Not Found",
|
|
697
745
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
698
|
-
|
|
746
|
+
retryable: true,
|
|
747
|
+
next_action: "retry_after_delay",
|
|
699
748
|
category: "dispute"
|
|
700
749
|
},
|
|
701
750
|
// Identity error codes
|
|
@@ -704,7 +753,8 @@ var ERRORS = {
|
|
|
704
753
|
http_status: 400,
|
|
705
754
|
title: "Identity Binding Future",
|
|
706
755
|
description: "Identity binding signed_at timestamp is in the future",
|
|
707
|
-
|
|
756
|
+
retryable: false,
|
|
757
|
+
next_action: "retry_with_different_input",
|
|
708
758
|
category: "identity"
|
|
709
759
|
},
|
|
710
760
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -712,7 +762,8 @@ var ERRORS = {
|
|
|
712
762
|
http_status: 400,
|
|
713
763
|
title: "Identity Binding Mismatch",
|
|
714
764
|
description: "Identity binding does not match the request being verified",
|
|
715
|
-
|
|
765
|
+
retryable: false,
|
|
766
|
+
next_action: "retry_with_different_input",
|
|
716
767
|
category: "identity"
|
|
717
768
|
},
|
|
718
769
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -720,7 +771,8 @@ var ERRORS = {
|
|
|
720
771
|
http_status: 401,
|
|
721
772
|
title: "Identity Binding Stale",
|
|
722
773
|
description: "Identity binding is too old and requires fresh binding",
|
|
723
|
-
|
|
774
|
+
retryable: true,
|
|
775
|
+
next_action: "retry_after_delay",
|
|
724
776
|
category: "identity"
|
|
725
777
|
},
|
|
726
778
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -728,7 +780,8 @@ var ERRORS = {
|
|
|
728
780
|
http_status: 503,
|
|
729
781
|
title: "Identity Directory Unavailable",
|
|
730
782
|
description: "Failed to fetch agent key directory",
|
|
731
|
-
|
|
783
|
+
retryable: true,
|
|
784
|
+
next_action: "retry_after_delay",
|
|
732
785
|
category: "identity"
|
|
733
786
|
},
|
|
734
787
|
E_IDENTITY_EXPIRED: {
|
|
@@ -736,7 +789,8 @@ var ERRORS = {
|
|
|
736
789
|
http_status: 401,
|
|
737
790
|
title: "Identity Expired",
|
|
738
791
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
739
|
-
|
|
792
|
+
retryable: false,
|
|
793
|
+
next_action: "refresh_attestation",
|
|
740
794
|
category: "identity"
|
|
741
795
|
},
|
|
742
796
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -744,7 +798,8 @@ var ERRORS = {
|
|
|
744
798
|
http_status: 400,
|
|
745
799
|
title: "Identity Invalid Format",
|
|
746
800
|
description: "Agent identity attestation does not conform to schema",
|
|
747
|
-
|
|
801
|
+
retryable: false,
|
|
802
|
+
next_action: "retry_with_different_input",
|
|
748
803
|
category: "identity"
|
|
749
804
|
},
|
|
750
805
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -752,7 +807,8 @@ var ERRORS = {
|
|
|
752
807
|
http_status: 401,
|
|
753
808
|
title: "Identity Key Expired",
|
|
754
809
|
description: "Agent signing key has expired per directory metadata",
|
|
755
|
-
|
|
810
|
+
retryable: false,
|
|
811
|
+
next_action: "refresh_attestation",
|
|
756
812
|
category: "identity"
|
|
757
813
|
},
|
|
758
814
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -760,7 +816,8 @@ var ERRORS = {
|
|
|
760
816
|
http_status: 401,
|
|
761
817
|
title: "Identity Key Revoked",
|
|
762
818
|
description: "Agent signing key has been explicitly revoked",
|
|
763
|
-
|
|
819
|
+
retryable: false,
|
|
820
|
+
next_action: "refresh_attestation",
|
|
764
821
|
category: "identity"
|
|
765
822
|
},
|
|
766
823
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -768,7 +825,8 @@ var ERRORS = {
|
|
|
768
825
|
http_status: 401,
|
|
769
826
|
title: "Identity Key Unknown",
|
|
770
827
|
description: "Key ID not found in agent key directory",
|
|
771
|
-
|
|
828
|
+
retryable: true,
|
|
829
|
+
next_action: "retry_after_delay",
|
|
772
830
|
category: "identity"
|
|
773
831
|
},
|
|
774
832
|
E_IDENTITY_MISSING: {
|
|
@@ -776,7 +834,8 @@ var ERRORS = {
|
|
|
776
834
|
http_status: 401,
|
|
777
835
|
title: "Identity Missing",
|
|
778
836
|
description: "No agent identity attestation provided in request",
|
|
779
|
-
|
|
837
|
+
retryable: false,
|
|
838
|
+
next_action: "retry_with_different_input",
|
|
780
839
|
category: "identity"
|
|
781
840
|
},
|
|
782
841
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -784,7 +843,8 @@ var ERRORS = {
|
|
|
784
843
|
http_status: 401,
|
|
785
844
|
title: "Identity Not Yet Valid",
|
|
786
845
|
description: "Agent identity attestation issued_at time is in the future",
|
|
787
|
-
|
|
846
|
+
retryable: true,
|
|
847
|
+
next_action: "retry_after_delay",
|
|
788
848
|
category: "identity"
|
|
789
849
|
},
|
|
790
850
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -792,7 +852,8 @@ var ERRORS = {
|
|
|
792
852
|
http_status: 400,
|
|
793
853
|
title: "Identity Proof Unsupported",
|
|
794
854
|
description: "Agent identity proof method is not supported",
|
|
795
|
-
|
|
855
|
+
retryable: false,
|
|
856
|
+
next_action: "retry_with_different_input",
|
|
796
857
|
category: "identity"
|
|
797
858
|
},
|
|
798
859
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -800,7 +861,17 @@ var ERRORS = {
|
|
|
800
861
|
http_status: 401,
|
|
801
862
|
title: "Identity Signature Invalid",
|
|
802
863
|
description: "Agent identity proof signature verification failed",
|
|
803
|
-
|
|
864
|
+
retryable: false,
|
|
865
|
+
next_action: "retry_with_different_input",
|
|
866
|
+
category: "identity"
|
|
867
|
+
},
|
|
868
|
+
E_MVIS_INCOMPLETE: {
|
|
869
|
+
code: "E_MVIS_INCOMPLETE",
|
|
870
|
+
http_status: 400,
|
|
871
|
+
title: "MVIS Incomplete",
|
|
872
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
873
|
+
retryable: false,
|
|
874
|
+
next_action: "retry_with_different_input",
|
|
804
875
|
category: "identity"
|
|
805
876
|
},
|
|
806
877
|
// Infrastructure error codes
|
|
@@ -809,7 +880,8 @@ var ERRORS = {
|
|
|
809
880
|
http_status: 503,
|
|
810
881
|
title: "Circuit Breaker Open",
|
|
811
882
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
812
|
-
|
|
883
|
+
retryable: true,
|
|
884
|
+
next_action: "retry_after_delay",
|
|
813
885
|
category: "infrastructure"
|
|
814
886
|
},
|
|
815
887
|
E_INTERNAL: {
|
|
@@ -817,7 +889,8 @@ var ERRORS = {
|
|
|
817
889
|
http_status: 500,
|
|
818
890
|
title: "Internal Error",
|
|
819
891
|
description: "An unexpected internal error occurred during verification",
|
|
820
|
-
|
|
892
|
+
retryable: true,
|
|
893
|
+
next_action: "retry_after_delay",
|
|
821
894
|
category: "infrastructure"
|
|
822
895
|
},
|
|
823
896
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -825,7 +898,8 @@ var ERRORS = {
|
|
|
825
898
|
http_status: 503,
|
|
826
899
|
title: "JWKS Fetch Failed",
|
|
827
900
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
828
|
-
|
|
901
|
+
retryable: true,
|
|
902
|
+
next_action: "retry_after_delay",
|
|
829
903
|
category: "infrastructure"
|
|
830
904
|
},
|
|
831
905
|
E_RATE_LIMITED: {
|
|
@@ -833,7 +907,8 @@ var ERRORS = {
|
|
|
833
907
|
http_status: 429,
|
|
834
908
|
title: "Rate Limited",
|
|
835
909
|
description: "Too many requests, please retry later",
|
|
836
|
-
|
|
910
|
+
retryable: true,
|
|
911
|
+
next_action: "retry_after_delay",
|
|
837
912
|
category: "infrastructure"
|
|
838
913
|
},
|
|
839
914
|
// Interaction error codes
|
|
@@ -842,7 +917,8 @@ var ERRORS = {
|
|
|
842
917
|
http_status: 400,
|
|
843
918
|
title: "Interaction Invalid Digest",
|
|
844
919
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
845
|
-
|
|
920
|
+
retryable: false,
|
|
921
|
+
next_action: "retry_with_different_input",
|
|
846
922
|
category: "interaction"
|
|
847
923
|
},
|
|
848
924
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -850,7 +926,8 @@ var ERRORS = {
|
|
|
850
926
|
http_status: 400,
|
|
851
927
|
title: "Interaction Invalid Digest Algorithm",
|
|
852
928
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
853
|
-
|
|
929
|
+
retryable: false,
|
|
930
|
+
next_action: "retry_with_different_input",
|
|
854
931
|
category: "interaction"
|
|
855
932
|
},
|
|
856
933
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -858,7 +935,8 @@ var ERRORS = {
|
|
|
858
935
|
http_status: 400,
|
|
859
936
|
title: "Interaction Invalid Extension Key",
|
|
860
937
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
861
|
-
|
|
938
|
+
retryable: false,
|
|
939
|
+
next_action: "retry_with_different_input",
|
|
862
940
|
category: "interaction"
|
|
863
941
|
},
|
|
864
942
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -866,7 +944,8 @@ var ERRORS = {
|
|
|
866
944
|
http_status: 400,
|
|
867
945
|
title: "Interaction Invalid Format",
|
|
868
946
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
869
|
-
|
|
947
|
+
retryable: false,
|
|
948
|
+
next_action: "retry_with_different_input",
|
|
870
949
|
category: "interaction"
|
|
871
950
|
},
|
|
872
951
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -874,7 +953,8 @@ var ERRORS = {
|
|
|
874
953
|
http_status: 400,
|
|
875
954
|
title: "Interaction Invalid Kind Format",
|
|
876
955
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
877
|
-
|
|
956
|
+
retryable: false,
|
|
957
|
+
next_action: "retry_with_different_input",
|
|
878
958
|
category: "interaction"
|
|
879
959
|
},
|
|
880
960
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -882,7 +962,8 @@ var ERRORS = {
|
|
|
882
962
|
http_status: 400,
|
|
883
963
|
title: "Interaction Invalid Timing",
|
|
884
964
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
885
|
-
|
|
965
|
+
retryable: false,
|
|
966
|
+
next_action: "retry_with_different_input",
|
|
886
967
|
category: "interaction"
|
|
887
968
|
},
|
|
888
969
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -890,7 +971,8 @@ var ERRORS = {
|
|
|
890
971
|
http_status: 400,
|
|
891
972
|
title: "Interaction Kind Reserved",
|
|
892
973
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
893
|
-
|
|
974
|
+
retryable: false,
|
|
975
|
+
next_action: "retry_with_different_input",
|
|
894
976
|
category: "interaction"
|
|
895
977
|
},
|
|
896
978
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -898,7 +980,8 @@ var ERRORS = {
|
|
|
898
980
|
http_status: 400,
|
|
899
981
|
title: "Interaction Missing Error Detail",
|
|
900
982
|
description: "error_code or extensions required when result.status is error",
|
|
901
|
-
|
|
983
|
+
retryable: false,
|
|
984
|
+
next_action: "retry_with_different_input",
|
|
902
985
|
category: "interaction"
|
|
903
986
|
},
|
|
904
987
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -906,7 +989,8 @@ var ERRORS = {
|
|
|
906
989
|
http_status: 400,
|
|
907
990
|
title: "Interaction Missing Executor",
|
|
908
991
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
909
|
-
|
|
992
|
+
retryable: false,
|
|
993
|
+
next_action: "retry_with_different_input",
|
|
910
994
|
category: "interaction"
|
|
911
995
|
},
|
|
912
996
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -914,7 +998,8 @@ var ERRORS = {
|
|
|
914
998
|
http_status: 400,
|
|
915
999
|
title: "Interaction Missing ID",
|
|
916
1000
|
description: "Interaction evidence is missing required interaction_id field",
|
|
917
|
-
|
|
1001
|
+
retryable: false,
|
|
1002
|
+
next_action: "retry_with_different_input",
|
|
918
1003
|
category: "interaction"
|
|
919
1004
|
},
|
|
920
1005
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -922,7 +1007,8 @@ var ERRORS = {
|
|
|
922
1007
|
http_status: 400,
|
|
923
1008
|
title: "Interaction Missing Kind",
|
|
924
1009
|
description: "Interaction evidence is missing required kind field",
|
|
925
|
-
|
|
1010
|
+
retryable: false,
|
|
1011
|
+
next_action: "retry_with_different_input",
|
|
926
1012
|
category: "interaction"
|
|
927
1013
|
},
|
|
928
1014
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -930,7 +1016,8 @@ var ERRORS = {
|
|
|
930
1016
|
http_status: 400,
|
|
931
1017
|
title: "Interaction Missing Result",
|
|
932
1018
|
description: "result.status is required when output is present",
|
|
933
|
-
|
|
1019
|
+
retryable: false,
|
|
1020
|
+
next_action: "retry_with_different_input",
|
|
934
1021
|
category: "interaction"
|
|
935
1022
|
},
|
|
936
1023
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -938,7 +1025,8 @@ var ERRORS = {
|
|
|
938
1025
|
http_status: 400,
|
|
939
1026
|
title: "Interaction Missing Started At",
|
|
940
1027
|
description: "Interaction evidence is missing required started_at field",
|
|
941
|
-
|
|
1028
|
+
retryable: false,
|
|
1029
|
+
next_action: "retry_with_different_input",
|
|
942
1030
|
category: "interaction"
|
|
943
1031
|
},
|
|
944
1032
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -946,7 +1034,8 @@ var ERRORS = {
|
|
|
946
1034
|
http_status: 400,
|
|
947
1035
|
title: "Interaction Missing Target",
|
|
948
1036
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
949
|
-
|
|
1037
|
+
retryable: false,
|
|
1038
|
+
next_action: "retry_with_different_input",
|
|
950
1039
|
category: "interaction"
|
|
951
1040
|
},
|
|
952
1041
|
// Ucp error codes
|
|
@@ -955,7 +1044,8 @@ var ERRORS = {
|
|
|
955
1044
|
http_status: 500,
|
|
956
1045
|
title: "UCP Evidence Serialization Failed",
|
|
957
1046
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
958
|
-
|
|
1047
|
+
retryable: false,
|
|
1048
|
+
next_action: "retry_with_different_input",
|
|
959
1049
|
category: "ucp"
|
|
960
1050
|
},
|
|
961
1051
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -963,7 +1053,8 @@ var ERRORS = {
|
|
|
963
1053
|
http_status: 401,
|
|
964
1054
|
title: "UCP Key Algorithm Mismatch",
|
|
965
1055
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
966
|
-
|
|
1056
|
+
retryable: false,
|
|
1057
|
+
next_action: "retry_with_different_input",
|
|
967
1058
|
category: "ucp"
|
|
968
1059
|
},
|
|
969
1060
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -971,7 +1062,8 @@ var ERRORS = {
|
|
|
971
1062
|
http_status: 401,
|
|
972
1063
|
title: "UCP Key Curve Mismatch",
|
|
973
1064
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
974
|
-
|
|
1065
|
+
retryable: false,
|
|
1066
|
+
next_action: "retry_with_different_input",
|
|
975
1067
|
category: "ucp"
|
|
976
1068
|
},
|
|
977
1069
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -979,7 +1071,8 @@ var ERRORS = {
|
|
|
979
1071
|
http_status: 401,
|
|
980
1072
|
title: "UCP Key Not Found",
|
|
981
1073
|
description: "Key ID from signature not found in business UCP profile",
|
|
982
|
-
|
|
1074
|
+
retryable: true,
|
|
1075
|
+
next_action: "retry_after_delay",
|
|
983
1076
|
category: "ucp"
|
|
984
1077
|
},
|
|
985
1078
|
E_UCP_ORDER_INVALID: {
|
|
@@ -987,7 +1080,8 @@ var ERRORS = {
|
|
|
987
1080
|
http_status: 400,
|
|
988
1081
|
title: "UCP Order Invalid",
|
|
989
1082
|
description: "UCP order object does not conform to expected schema",
|
|
990
|
-
|
|
1083
|
+
retryable: false,
|
|
1084
|
+
next_action: "retry_with_different_input",
|
|
991
1085
|
category: "ucp"
|
|
992
1086
|
},
|
|
993
1087
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -995,7 +1089,8 @@ var ERRORS = {
|
|
|
995
1089
|
http_status: 400,
|
|
996
1090
|
title: "UCP Order Missing ID",
|
|
997
1091
|
description: "UCP order is missing required id field",
|
|
998
|
-
|
|
1092
|
+
retryable: false,
|
|
1093
|
+
next_action: "retry_with_different_input",
|
|
999
1094
|
category: "ucp"
|
|
1000
1095
|
},
|
|
1001
1096
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -1003,7 +1098,8 @@ var ERRORS = {
|
|
|
1003
1098
|
http_status: 400,
|
|
1004
1099
|
title: "UCP Order Missing Line Items",
|
|
1005
1100
|
description: "UCP order is missing required line_items array",
|
|
1006
|
-
|
|
1101
|
+
retryable: false,
|
|
1102
|
+
next_action: "retry_with_different_input",
|
|
1007
1103
|
category: "ucp"
|
|
1008
1104
|
},
|
|
1009
1105
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -1011,7 +1107,8 @@ var ERRORS = {
|
|
|
1011
1107
|
http_status: 400,
|
|
1012
1108
|
title: "UCP Order Missing Totals",
|
|
1013
1109
|
description: "UCP order is missing required totals array or total entry",
|
|
1014
|
-
|
|
1110
|
+
retryable: false,
|
|
1111
|
+
next_action: "retry_with_different_input",
|
|
1015
1112
|
category: "ucp"
|
|
1016
1113
|
},
|
|
1017
1114
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -1019,7 +1116,8 @@ var ERRORS = {
|
|
|
1019
1116
|
http_status: 400,
|
|
1020
1117
|
title: "UCP Payload Empty",
|
|
1021
1118
|
description: "Webhook request body is empty",
|
|
1022
|
-
|
|
1119
|
+
retryable: false,
|
|
1120
|
+
next_action: "retry_with_different_input",
|
|
1023
1121
|
category: "ucp"
|
|
1024
1122
|
},
|
|
1025
1123
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -1027,7 +1125,8 @@ var ERRORS = {
|
|
|
1027
1125
|
http_status: 400,
|
|
1028
1126
|
title: "UCP Payload Not JSON",
|
|
1029
1127
|
description: "Webhook request body is not valid JSON",
|
|
1030
|
-
|
|
1128
|
+
retryable: false,
|
|
1129
|
+
next_action: "retry_with_different_input",
|
|
1031
1130
|
category: "ucp"
|
|
1032
1131
|
},
|
|
1033
1132
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -1035,7 +1134,8 @@ var ERRORS = {
|
|
|
1035
1134
|
http_status: 400,
|
|
1036
1135
|
title: "UCP Payload Too Large",
|
|
1037
1136
|
description: "Webhook request body exceeds maximum allowed size",
|
|
1038
|
-
|
|
1137
|
+
retryable: false,
|
|
1138
|
+
next_action: "retry_with_different_input",
|
|
1039
1139
|
category: "ucp"
|
|
1040
1140
|
},
|
|
1041
1141
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -1043,7 +1143,8 @@ var ERRORS = {
|
|
|
1043
1143
|
http_status: 502,
|
|
1044
1144
|
title: "UCP Profile Fetch Failed",
|
|
1045
1145
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
1046
|
-
|
|
1146
|
+
retryable: true,
|
|
1147
|
+
next_action: "retry_after_delay",
|
|
1047
1148
|
category: "ucp"
|
|
1048
1149
|
},
|
|
1049
1150
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -1051,7 +1152,8 @@ var ERRORS = {
|
|
|
1051
1152
|
http_status: 502,
|
|
1052
1153
|
title: "UCP Profile Invalid",
|
|
1053
1154
|
description: "Business UCP profile does not conform to expected schema",
|
|
1054
|
-
|
|
1155
|
+
retryable: false,
|
|
1156
|
+
next_action: "retry_with_different_input",
|
|
1055
1157
|
category: "ucp"
|
|
1056
1158
|
},
|
|
1057
1159
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -1059,7 +1161,8 @@ var ERRORS = {
|
|
|
1059
1161
|
http_status: 502,
|
|
1060
1162
|
title: "UCP Profile No Signing Keys",
|
|
1061
1163
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
1062
|
-
|
|
1164
|
+
retryable: false,
|
|
1165
|
+
next_action: "retry_with_different_input",
|
|
1063
1166
|
category: "ucp"
|
|
1064
1167
|
},
|
|
1065
1168
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -1067,7 +1170,8 @@ var ERRORS = {
|
|
|
1067
1170
|
http_status: 400,
|
|
1068
1171
|
title: "UCP Signature Algorithm Unsupported",
|
|
1069
1172
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
1070
|
-
|
|
1173
|
+
retryable: false,
|
|
1174
|
+
next_action: "retry_with_different_input",
|
|
1071
1175
|
category: "ucp"
|
|
1072
1176
|
},
|
|
1073
1177
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -1075,7 +1179,8 @@ var ERRORS = {
|
|
|
1075
1179
|
http_status: 400,
|
|
1076
1180
|
title: "UCP Signature b64 Invalid",
|
|
1077
1181
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
1078
|
-
|
|
1182
|
+
retryable: false,
|
|
1183
|
+
next_action: "retry_with_different_input",
|
|
1079
1184
|
category: "ucp"
|
|
1080
1185
|
},
|
|
1081
1186
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -1083,7 +1188,8 @@ var ERRORS = {
|
|
|
1083
1188
|
http_status: 401,
|
|
1084
1189
|
title: "UCP Signature Invalid",
|
|
1085
1190
|
description: "Webhook signature verification failed against payload",
|
|
1086
|
-
|
|
1191
|
+
retryable: false,
|
|
1192
|
+
next_action: "retry_with_different_input",
|
|
1087
1193
|
category: "ucp"
|
|
1088
1194
|
},
|
|
1089
1195
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -1091,7 +1197,8 @@ var ERRORS = {
|
|
|
1091
1197
|
http_status: 400,
|
|
1092
1198
|
title: "UCP Signature Malformed",
|
|
1093
1199
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
1094
|
-
|
|
1200
|
+
retryable: false,
|
|
1201
|
+
next_action: "retry_with_different_input",
|
|
1095
1202
|
category: "ucp"
|
|
1096
1203
|
},
|
|
1097
1204
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -1099,7 +1206,8 @@ var ERRORS = {
|
|
|
1099
1206
|
http_status: 400,
|
|
1100
1207
|
title: "UCP Signature Missing",
|
|
1101
1208
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
1102
|
-
|
|
1209
|
+
retryable: false,
|
|
1210
|
+
next_action: "retry_with_different_input",
|
|
1103
1211
|
category: "ucp"
|
|
1104
1212
|
},
|
|
1105
1213
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -1107,7 +1215,8 @@ var ERRORS = {
|
|
|
1107
1215
|
http_status: 401,
|
|
1108
1216
|
title: "UCP Verification Failed",
|
|
1109
1217
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
1110
|
-
|
|
1218
|
+
retryable: false,
|
|
1219
|
+
next_action: "retry_with_different_input",
|
|
1111
1220
|
category: "ucp"
|
|
1112
1221
|
},
|
|
1113
1222
|
// Validation error codes
|
|
@@ -1116,7 +1225,8 @@ var ERRORS = {
|
|
|
1116
1225
|
http_status: 400,
|
|
1117
1226
|
title: "Kernel Constraint Violation",
|
|
1118
1227
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
1119
|
-
|
|
1228
|
+
retryable: false,
|
|
1229
|
+
next_action: "retry_with_different_input",
|
|
1120
1230
|
category: "validation"
|
|
1121
1231
|
},
|
|
1122
1232
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -1124,7 +1234,8 @@ var ERRORS = {
|
|
|
1124
1234
|
http_status: 400,
|
|
1125
1235
|
title: "Evidence Not JSON-Safe",
|
|
1126
1236
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
1127
|
-
|
|
1237
|
+
retryable: false,
|
|
1238
|
+
next_action: "retry_with_different_input",
|
|
1128
1239
|
category: "validation"
|
|
1129
1240
|
},
|
|
1130
1241
|
E_EXPIRED: {
|
|
@@ -1132,7 +1243,8 @@ var ERRORS = {
|
|
|
1132
1243
|
http_status: 400,
|
|
1133
1244
|
title: "Receipt Expired",
|
|
1134
1245
|
description: "Receipt has exceeded its expiration time",
|
|
1135
|
-
|
|
1246
|
+
retryable: false,
|
|
1247
|
+
next_action: "retry_with_different_input",
|
|
1136
1248
|
category: "validation"
|
|
1137
1249
|
},
|
|
1138
1250
|
E_INVALID_AMOUNT: {
|
|
@@ -1140,7 +1252,8 @@ var ERRORS = {
|
|
|
1140
1252
|
http_status: 400,
|
|
1141
1253
|
title: "Invalid Amount",
|
|
1142
1254
|
description: "Payment amount is invalid or out of allowed range",
|
|
1143
|
-
|
|
1255
|
+
retryable: false,
|
|
1256
|
+
next_action: "retry_with_different_input",
|
|
1144
1257
|
category: "validation"
|
|
1145
1258
|
},
|
|
1146
1259
|
E_INVALID_AUDIENCE: {
|
|
@@ -1148,7 +1261,8 @@ var ERRORS = {
|
|
|
1148
1261
|
http_status: 400,
|
|
1149
1262
|
title: "Invalid Audience",
|
|
1150
1263
|
description: "Receipt audience claim does not match expected value",
|
|
1151
|
-
|
|
1264
|
+
retryable: false,
|
|
1265
|
+
next_action: "retry_with_different_input",
|
|
1152
1266
|
category: "validation"
|
|
1153
1267
|
},
|
|
1154
1268
|
E_INVALID_CURRENCY: {
|
|
@@ -1156,7 +1270,8 @@ var ERRORS = {
|
|
|
1156
1270
|
http_status: 400,
|
|
1157
1271
|
title: "Invalid Currency",
|
|
1158
1272
|
description: "Currency code is not a valid ISO 4217 code",
|
|
1159
|
-
|
|
1273
|
+
retryable: false,
|
|
1274
|
+
next_action: "retry_with_different_input",
|
|
1160
1275
|
category: "validation"
|
|
1161
1276
|
},
|
|
1162
1277
|
E_INVALID_FORMAT: {
|
|
@@ -1164,7 +1279,8 @@ var ERRORS = {
|
|
|
1164
1279
|
http_status: 400,
|
|
1165
1280
|
title: "Invalid Format",
|
|
1166
1281
|
description: "Receipt does not conform to JWS format",
|
|
1167
|
-
|
|
1282
|
+
retryable: false,
|
|
1283
|
+
next_action: "retry_with_different_input",
|
|
1168
1284
|
category: "validation"
|
|
1169
1285
|
},
|
|
1170
1286
|
E_INVALID_ISSUER: {
|
|
@@ -1172,7 +1288,8 @@ var ERRORS = {
|
|
|
1172
1288
|
http_status: 400,
|
|
1173
1289
|
title: "Invalid Issuer",
|
|
1174
1290
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1175
|
-
|
|
1291
|
+
retryable: false,
|
|
1292
|
+
next_action: "retry_with_different_input",
|
|
1176
1293
|
category: "validation"
|
|
1177
1294
|
},
|
|
1178
1295
|
E_INVALID_RAIL: {
|
|
@@ -1180,7 +1297,8 @@ var ERRORS = {
|
|
|
1180
1297
|
http_status: 400,
|
|
1181
1298
|
title: "Invalid Payment Rail",
|
|
1182
1299
|
description: "Payment rail identifier is not recognized",
|
|
1183
|
-
|
|
1300
|
+
retryable: false,
|
|
1301
|
+
next_action: "retry_with_different_input",
|
|
1184
1302
|
category: "validation"
|
|
1185
1303
|
},
|
|
1186
1304
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1188,7 +1306,8 @@ var ERRORS = {
|
|
|
1188
1306
|
http_status: 400,
|
|
1189
1307
|
title: "Invalid Receipt ID",
|
|
1190
1308
|
description: "Receipt ID (rid) does not match expected value",
|
|
1191
|
-
|
|
1309
|
+
retryable: false,
|
|
1310
|
+
next_action: "retry_with_different_input",
|
|
1192
1311
|
category: "validation"
|
|
1193
1312
|
},
|
|
1194
1313
|
E_INVALID_SUBJECT: {
|
|
@@ -1196,7 +1315,8 @@ var ERRORS = {
|
|
|
1196
1315
|
http_status: 400,
|
|
1197
1316
|
title: "Invalid Subject",
|
|
1198
1317
|
description: "Receipt subject claim does not match expected value",
|
|
1199
|
-
|
|
1318
|
+
retryable: false,
|
|
1319
|
+
next_action: "retry_with_different_input",
|
|
1200
1320
|
category: "validation"
|
|
1201
1321
|
},
|
|
1202
1322
|
E_MISSING_EXP: {
|
|
@@ -1204,7 +1324,8 @@ var ERRORS = {
|
|
|
1204
1324
|
http_status: 400,
|
|
1205
1325
|
title: "Missing Expiration",
|
|
1206
1326
|
description: "Receipt is missing required exp claim",
|
|
1207
|
-
|
|
1327
|
+
retryable: false,
|
|
1328
|
+
next_action: "retry_with_different_input",
|
|
1208
1329
|
category: "validation"
|
|
1209
1330
|
},
|
|
1210
1331
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1212,7 +1333,8 @@ var ERRORS = {
|
|
|
1212
1333
|
http_status: 400,
|
|
1213
1334
|
title: "Missing Required Claim",
|
|
1214
1335
|
description: "Receipt is missing a required JWT claim",
|
|
1215
|
-
|
|
1336
|
+
retryable: false,
|
|
1337
|
+
next_action: "retry_with_different_input",
|
|
1216
1338
|
category: "validation"
|
|
1217
1339
|
},
|
|
1218
1340
|
E_NOT_YET_VALID: {
|
|
@@ -1220,7 +1342,8 @@ var ERRORS = {
|
|
|
1220
1342
|
http_status: 400,
|
|
1221
1343
|
title: "Not Yet Valid",
|
|
1222
1344
|
description: "Receipt nbf (not before) time is in the future",
|
|
1223
|
-
|
|
1345
|
+
retryable: true,
|
|
1346
|
+
next_action: "retry_after_delay",
|
|
1224
1347
|
category: "validation"
|
|
1225
1348
|
},
|
|
1226
1349
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1228,7 +1351,8 @@ var ERRORS = {
|
|
|
1228
1351
|
http_status: 400,
|
|
1229
1352
|
title: "Attestation Receipt Invalid",
|
|
1230
1353
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1231
|
-
|
|
1354
|
+
retryable: false,
|
|
1355
|
+
next_action: "retry_with_different_input",
|
|
1232
1356
|
category: "validation"
|
|
1233
1357
|
},
|
|
1234
1358
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1236,7 +1360,8 @@ var ERRORS = {
|
|
|
1236
1360
|
http_status: 400,
|
|
1237
1361
|
title: "Commerce Receipt Invalid",
|
|
1238
1362
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1239
|
-
|
|
1363
|
+
retryable: false,
|
|
1364
|
+
next_action: "retry_with_different_input",
|
|
1240
1365
|
category: "validation"
|
|
1241
1366
|
},
|
|
1242
1367
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1244,7 +1369,8 @@ var ERRORS = {
|
|
|
1244
1369
|
http_status: 400,
|
|
1245
1370
|
title: "Parse Invalid Input",
|
|
1246
1371
|
description: "Input to receipt parser is not a non-null object",
|
|
1247
|
-
|
|
1372
|
+
retryable: false,
|
|
1373
|
+
next_action: "retry_with_different_input",
|
|
1248
1374
|
category: "validation"
|
|
1249
1375
|
},
|
|
1250
1376
|
// Verification error codes
|
|
@@ -1253,7 +1379,8 @@ var ERRORS = {
|
|
|
1253
1379
|
http_status: 400,
|
|
1254
1380
|
title: "Invalid Signature",
|
|
1255
1381
|
description: "Receipt signature verification failed",
|
|
1256
|
-
|
|
1382
|
+
retryable: false,
|
|
1383
|
+
next_action: "abort",
|
|
1257
1384
|
category: "verification"
|
|
1258
1385
|
},
|
|
1259
1386
|
E_KEY_NOT_FOUND: {
|
|
@@ -1261,7 +1388,26 @@ var ERRORS = {
|
|
|
1261
1388
|
http_status: 400,
|
|
1262
1389
|
title: "Key Not Found",
|
|
1263
1390
|
description: "Public key with specified kid not found in JWKS",
|
|
1264
|
-
|
|
1391
|
+
retryable: false,
|
|
1392
|
+
next_action: "retry_with_different_key",
|
|
1393
|
+
category: "verification"
|
|
1394
|
+
},
|
|
1395
|
+
E_KID_REUSE_DETECTED: {
|
|
1396
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1397
|
+
http_status: 400,
|
|
1398
|
+
title: "Kid Reuse Detected",
|
|
1399
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1400
|
+
retryable: false,
|
|
1401
|
+
next_action: "abort",
|
|
1402
|
+
category: "verification"
|
|
1403
|
+
},
|
|
1404
|
+
E_REVOKED_KEY_USED: {
|
|
1405
|
+
code: "E_REVOKED_KEY_USED",
|
|
1406
|
+
http_status: 400,
|
|
1407
|
+
title: "Revoked Key Used",
|
|
1408
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1409
|
+
retryable: false,
|
|
1410
|
+
next_action: "retry_with_different_key",
|
|
1265
1411
|
category: "verification"
|
|
1266
1412
|
},
|
|
1267
1413
|
// Verifier error codes
|
|
@@ -1270,7 +1416,8 @@ var ERRORS = {
|
|
|
1270
1416
|
http_status: 400,
|
|
1271
1417
|
title: "Extension Too Large",
|
|
1272
1418
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1273
|
-
|
|
1419
|
+
retryable: false,
|
|
1420
|
+
next_action: "abort",
|
|
1274
1421
|
category: "verifier"
|
|
1275
1422
|
},
|
|
1276
1423
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
@@ -1278,7 +1425,8 @@ var ERRORS = {
|
|
|
1278
1425
|
http_status: 403,
|
|
1279
1426
|
title: "Insecure Scheme Blocked",
|
|
1280
1427
|
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1281
|
-
|
|
1428
|
+
retryable: false,
|
|
1429
|
+
next_action: "abort",
|
|
1282
1430
|
category: "verifier"
|
|
1283
1431
|
},
|
|
1284
1432
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1286,7 +1434,8 @@ var ERRORS = {
|
|
|
1286
1434
|
http_status: 400,
|
|
1287
1435
|
title: "Invalid Transport",
|
|
1288
1436
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1289
|
-
|
|
1437
|
+
retryable: false,
|
|
1438
|
+
next_action: "abort",
|
|
1290
1439
|
category: "verifier"
|
|
1291
1440
|
},
|
|
1292
1441
|
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
@@ -1294,7 +1443,8 @@ var ERRORS = {
|
|
|
1294
1443
|
http_status: 502,
|
|
1295
1444
|
title: "Issuer Config Invalid",
|
|
1296
1445
|
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1297
|
-
|
|
1446
|
+
retryable: false,
|
|
1447
|
+
next_action: "abort",
|
|
1298
1448
|
category: "verifier"
|
|
1299
1449
|
},
|
|
1300
1450
|
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
@@ -1302,7 +1452,8 @@ var ERRORS = {
|
|
|
1302
1452
|
http_status: 502,
|
|
1303
1453
|
title: "Issuer Config Missing",
|
|
1304
1454
|
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1305
|
-
|
|
1455
|
+
retryable: true,
|
|
1456
|
+
next_action: "retry_after_delay",
|
|
1306
1457
|
category: "verifier"
|
|
1307
1458
|
},
|
|
1308
1459
|
E_VERIFY_ISSUER_MISMATCH: {
|
|
@@ -1310,7 +1461,8 @@ var ERRORS = {
|
|
|
1310
1461
|
http_status: 403,
|
|
1311
1462
|
title: "Issuer Mismatch",
|
|
1312
1463
|
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1313
|
-
|
|
1464
|
+
retryable: false,
|
|
1465
|
+
next_action: "abort",
|
|
1314
1466
|
category: "verifier"
|
|
1315
1467
|
},
|
|
1316
1468
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1318,7 +1470,8 @@ var ERRORS = {
|
|
|
1318
1470
|
http_status: 403,
|
|
1319
1471
|
title: "Issuer Not Allowed",
|
|
1320
1472
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1321
|
-
|
|
1473
|
+
retryable: false,
|
|
1474
|
+
next_action: "abort",
|
|
1322
1475
|
category: "verifier"
|
|
1323
1476
|
},
|
|
1324
1477
|
E_VERIFY_JWKS_INVALID: {
|
|
@@ -1326,7 +1479,8 @@ var ERRORS = {
|
|
|
1326
1479
|
http_status: 502,
|
|
1327
1480
|
title: "JWKS Invalid",
|
|
1328
1481
|
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1329
|
-
|
|
1482
|
+
retryable: false,
|
|
1483
|
+
next_action: "abort",
|
|
1330
1484
|
category: "verifier"
|
|
1331
1485
|
},
|
|
1332
1486
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1334,7 +1488,8 @@ var ERRORS = {
|
|
|
1334
1488
|
http_status: 400,
|
|
1335
1489
|
title: "JWKS Too Large",
|
|
1336
1490
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1337
|
-
|
|
1491
|
+
retryable: false,
|
|
1492
|
+
next_action: "abort",
|
|
1338
1493
|
category: "verifier"
|
|
1339
1494
|
},
|
|
1340
1495
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1342,7 +1497,8 @@ var ERRORS = {
|
|
|
1342
1497
|
http_status: 400,
|
|
1343
1498
|
title: "JWKS Too Many Keys",
|
|
1344
1499
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1345
|
-
|
|
1500
|
+
retryable: false,
|
|
1501
|
+
next_action: "abort",
|
|
1346
1502
|
category: "verifier"
|
|
1347
1503
|
},
|
|
1348
1504
|
E_VERIFY_JWKS_URI_INVALID: {
|
|
@@ -1350,7 +1506,8 @@ var ERRORS = {
|
|
|
1350
1506
|
http_status: 502,
|
|
1351
1507
|
title: "JWKS URI Invalid",
|
|
1352
1508
|
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1353
|
-
|
|
1509
|
+
retryable: false,
|
|
1510
|
+
next_action: "abort",
|
|
1354
1511
|
category: "verifier"
|
|
1355
1512
|
},
|
|
1356
1513
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1358,7 +1515,8 @@ var ERRORS = {
|
|
|
1358
1515
|
http_status: 403,
|
|
1359
1516
|
title: "Key Fetch Blocked",
|
|
1360
1517
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1361
|
-
|
|
1518
|
+
retryable: false,
|
|
1519
|
+
next_action: "abort",
|
|
1362
1520
|
category: "verifier"
|
|
1363
1521
|
},
|
|
1364
1522
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1366,7 +1524,8 @@ var ERRORS = {
|
|
|
1366
1524
|
http_status: 502,
|
|
1367
1525
|
title: "Key Fetch Failed",
|
|
1368
1526
|
description: "Network error while fetching JWKS from issuer",
|
|
1369
|
-
|
|
1527
|
+
retryable: true,
|
|
1528
|
+
next_action: "retry_after_delay",
|
|
1370
1529
|
category: "verifier"
|
|
1371
1530
|
},
|
|
1372
1531
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1374,7 +1533,8 @@ var ERRORS = {
|
|
|
1374
1533
|
http_status: 504,
|
|
1375
1534
|
title: "Key Fetch Timeout",
|
|
1376
1535
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1377
|
-
|
|
1536
|
+
retryable: true,
|
|
1537
|
+
next_action: "retry_after_delay",
|
|
1378
1538
|
category: "verifier"
|
|
1379
1539
|
},
|
|
1380
1540
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1382,7 +1542,8 @@ var ERRORS = {
|
|
|
1382
1542
|
http_status: 400,
|
|
1383
1543
|
title: "Malformed Receipt",
|
|
1384
1544
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1385
|
-
|
|
1545
|
+
retryable: false,
|
|
1546
|
+
next_action: "abort",
|
|
1386
1547
|
category: "verifier"
|
|
1387
1548
|
},
|
|
1388
1549
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1390,7 +1551,8 @@ var ERRORS = {
|
|
|
1390
1551
|
http_status: 400,
|
|
1391
1552
|
title: "Pointer Digest Mismatch",
|
|
1392
1553
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1393
|
-
|
|
1554
|
+
retryable: false,
|
|
1555
|
+
next_action: "abort",
|
|
1394
1556
|
category: "verifier"
|
|
1395
1557
|
},
|
|
1396
1558
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1398,7 +1560,8 @@ var ERRORS = {
|
|
|
1398
1560
|
http_status: 403,
|
|
1399
1561
|
title: "Pointer Fetch Blocked",
|
|
1400
1562
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1401
|
-
|
|
1563
|
+
retryable: false,
|
|
1564
|
+
next_action: "abort",
|
|
1402
1565
|
category: "verifier"
|
|
1403
1566
|
},
|
|
1404
1567
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1406,7 +1569,8 @@ var ERRORS = {
|
|
|
1406
1569
|
http_status: 502,
|
|
1407
1570
|
title: "Pointer Fetch Failed",
|
|
1408
1571
|
description: "Network error while fetching receipt from pointer URL",
|
|
1409
|
-
|
|
1572
|
+
retryable: true,
|
|
1573
|
+
next_action: "retry_after_delay",
|
|
1410
1574
|
category: "verifier"
|
|
1411
1575
|
},
|
|
1412
1576
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1414,7 +1578,8 @@ var ERRORS = {
|
|
|
1414
1578
|
http_status: 504,
|
|
1415
1579
|
title: "Pointer Fetch Timeout",
|
|
1416
1580
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1417
|
-
|
|
1581
|
+
retryable: true,
|
|
1582
|
+
next_action: "retry_after_delay",
|
|
1418
1583
|
category: "verifier"
|
|
1419
1584
|
},
|
|
1420
1585
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1422,7 +1587,8 @@ var ERRORS = {
|
|
|
1422
1587
|
http_status: 413,
|
|
1423
1588
|
title: "Pointer Fetch Too Large",
|
|
1424
1589
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1425
|
-
|
|
1590
|
+
retryable: false,
|
|
1591
|
+
next_action: "abort",
|
|
1426
1592
|
category: "verifier"
|
|
1427
1593
|
},
|
|
1428
1594
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1430,7 +1596,8 @@ var ERRORS = {
|
|
|
1430
1596
|
http_status: 403,
|
|
1431
1597
|
title: "Policy Violation",
|
|
1432
1598
|
description: "Receipt violates verifier trust policy",
|
|
1433
|
-
|
|
1599
|
+
retryable: false,
|
|
1600
|
+
next_action: "abort",
|
|
1434
1601
|
category: "verifier"
|
|
1435
1602
|
},
|
|
1436
1603
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1438,7 +1605,8 @@ var ERRORS = {
|
|
|
1438
1605
|
http_status: 413,
|
|
1439
1606
|
title: "Receipt Too Large",
|
|
1440
1607
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1441
|
-
|
|
1608
|
+
retryable: false,
|
|
1609
|
+
next_action: "abort",
|
|
1442
1610
|
category: "verifier"
|
|
1443
1611
|
},
|
|
1444
1612
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1446,7 +1614,8 @@ var ERRORS = {
|
|
|
1446
1614
|
http_status: 400,
|
|
1447
1615
|
title: "Schema Invalid",
|
|
1448
1616
|
description: "Receipt claims do not conform to expected schema",
|
|
1449
|
-
|
|
1617
|
+
retryable: false,
|
|
1618
|
+
next_action: "abort",
|
|
1450
1619
|
category: "verifier"
|
|
1451
1620
|
},
|
|
1452
1621
|
// Workflow error codes
|
|
@@ -1455,7 +1624,8 @@ var ERRORS = {
|
|
|
1455
1624
|
http_status: 400,
|
|
1456
1625
|
title: "Invalid Workflow Context",
|
|
1457
1626
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1458
|
-
|
|
1627
|
+
retryable: false,
|
|
1628
|
+
next_action: "retry_with_different_input",
|
|
1459
1629
|
category: "workflow"
|
|
1460
1630
|
},
|
|
1461
1631
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1463,7 +1633,8 @@ var ERRORS = {
|
|
|
1463
1633
|
http_status: 400,
|
|
1464
1634
|
title: "Workflow Cycle Detected",
|
|
1465
1635
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1466
|
-
|
|
1636
|
+
retryable: false,
|
|
1637
|
+
next_action: "retry_with_different_input",
|
|
1467
1638
|
category: "workflow"
|
|
1468
1639
|
},
|
|
1469
1640
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1471,7 +1642,8 @@ var ERRORS = {
|
|
|
1471
1642
|
http_status: 400,
|
|
1472
1643
|
title: "Invalid Workflow DAG",
|
|
1473
1644
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1474
|
-
|
|
1645
|
+
retryable: false,
|
|
1646
|
+
next_action: "retry_with_different_input",
|
|
1475
1647
|
category: "workflow"
|
|
1476
1648
|
},
|
|
1477
1649
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1479,7 +1651,8 @@ var ERRORS = {
|
|
|
1479
1651
|
http_status: 400,
|
|
1480
1652
|
title: "Invalid Workflow ID",
|
|
1481
1653
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1482
|
-
|
|
1654
|
+
retryable: false,
|
|
1655
|
+
next_action: "retry_with_different_input",
|
|
1483
1656
|
category: "workflow"
|
|
1484
1657
|
},
|
|
1485
1658
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1487,7 +1660,8 @@ var ERRORS = {
|
|
|
1487
1660
|
http_status: 400,
|
|
1488
1661
|
title: "Workflow Limit Exceeded",
|
|
1489
1662
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1490
|
-
|
|
1663
|
+
retryable: false,
|
|
1664
|
+
next_action: "retry_with_different_input",
|
|
1491
1665
|
category: "workflow"
|
|
1492
1666
|
},
|
|
1493
1667
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1495,7 +1669,8 @@ var ERRORS = {
|
|
|
1495
1669
|
http_status: 400,
|
|
1496
1670
|
title: "Parent Step Not Found",
|
|
1497
1671
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1498
|
-
|
|
1672
|
+
retryable: false,
|
|
1673
|
+
next_action: "retry_with_different_input",
|
|
1499
1674
|
category: "workflow"
|
|
1500
1675
|
},
|
|
1501
1676
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1503,7 +1678,8 @@ var ERRORS = {
|
|
|
1503
1678
|
http_status: 400,
|
|
1504
1679
|
title: "Invalid Step ID",
|
|
1505
1680
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1506
|
-
|
|
1681
|
+
retryable: false,
|
|
1682
|
+
next_action: "retry_with_different_input",
|
|
1507
1683
|
category: "workflow"
|
|
1508
1684
|
},
|
|
1509
1685
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1511,15 +1687,16 @@ var ERRORS = {
|
|
|
1511
1687
|
http_status: 400,
|
|
1512
1688
|
title: "Invalid Workflow Summary",
|
|
1513
1689
|
description: "Workflow summary attestation does not conform to schema",
|
|
1514
|
-
|
|
1690
|
+
retryable: false,
|
|
1691
|
+
next_action: "retry_with_different_input",
|
|
1515
1692
|
category: "workflow"
|
|
1516
1693
|
}
|
|
1517
1694
|
};
|
|
1518
1695
|
function getError(code) {
|
|
1519
1696
|
return ERRORS[code];
|
|
1520
1697
|
}
|
|
1521
|
-
function
|
|
1522
|
-
return ERRORS[code]?.
|
|
1698
|
+
function isRetryable(code) {
|
|
1699
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1523
1700
|
}
|
|
1524
1701
|
var BUNDLE_ERRORS = {
|
|
1525
1702
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1709,6 +1886,7 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1709
1886
|
|
|
1710
1887
|
// src/carrier.ts
|
|
1711
1888
|
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1889
|
+
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1712
1890
|
|
|
1713
1891
|
exports.AGENT_PROTOCOLS = AGENT_PROTOCOLS;
|
|
1714
1892
|
exports.ALGORITHMS = ALGORITHMS;
|
|
@@ -1728,6 +1906,7 @@ exports.JWKS = JWKS;
|
|
|
1728
1906
|
exports.LIMITS = LIMITS;
|
|
1729
1907
|
exports.PAYMENT_RAILS = PAYMENT_RAILS;
|
|
1730
1908
|
exports.PEAC_RECEIPT_HEADER = PEAC_RECEIPT_HEADER;
|
|
1909
|
+
exports.PEAC_RECEIPT_URL_HEADER = PEAC_RECEIPT_URL_HEADER;
|
|
1731
1910
|
exports.POLICY = POLICY;
|
|
1732
1911
|
exports.PRIVATE_IP_RANGES = PRIVATE_IP_RANGES;
|
|
1733
1912
|
exports.RECEIPT = RECEIPT;
|
|
@@ -1749,7 +1928,7 @@ exports.findTransportMethod = findTransportMethod;
|
|
|
1749
1928
|
exports.formatHash = formatHash;
|
|
1750
1929
|
exports.getError = getError;
|
|
1751
1930
|
exports.getPeacVaryHeaders = getPeacVaryHeaders;
|
|
1752
|
-
exports.
|
|
1931
|
+
exports.isRetryable = isRetryable;
|
|
1753
1932
|
exports.isValidHash = isValidHash;
|
|
1754
1933
|
exports.needsPurposeVary = needsPurposeVary;
|
|
1755
1934
|
exports.parseHash = parseHash;
|