@peac/kernel 0.11.1 → 0.11.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -3
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/carrier.d.ts +14 -0
- package/dist/carrier.d.ts.map +1 -1
- package/dist/constants.cjs +2 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +4 -2
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +2 -1
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +1 -1
- package/dist/errors.cjs +325 -149
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.ts +1 -1
- package/dist/errors.generated.d.ts +6 -3
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +325 -149
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +329 -150
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +328 -150
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -1
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs.map +1 -1
- package/package.json +1 -1
package/dist/index.mjs
CHANGED
|
@@ -55,7 +55,8 @@ var DISCOVERY = {
|
|
|
55
55
|
};
|
|
56
56
|
var JWKS = {
|
|
57
57
|
rotationDays: 90,
|
|
58
|
-
|
|
58
|
+
/** Normative minimum overlap period (DD-148, v0.11.3+) */
|
|
59
|
+
overlapDays: 30,
|
|
59
60
|
emergencyRevocationHours: 24
|
|
60
61
|
};
|
|
61
62
|
var RECEIPT = {
|
|
@@ -235,6 +236,7 @@ var ERROR_CODES = {
|
|
|
235
236
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
236
237
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
237
238
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
239
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
238
240
|
// Infrastructure error codes
|
|
239
241
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
240
242
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -297,6 +299,8 @@ var ERROR_CODES = {
|
|
|
297
299
|
// Verification error codes
|
|
298
300
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
299
301
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
302
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
303
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
300
304
|
// Verifier error codes
|
|
301
305
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
302
306
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -338,7 +342,8 @@ var ERRORS = {
|
|
|
338
342
|
http_status: 400,
|
|
339
343
|
title: "Attribution Chain Too Deep",
|
|
340
344
|
description: "Attribution chain exceeds maximum allowed depth (8)",
|
|
341
|
-
|
|
345
|
+
retryable: false,
|
|
346
|
+
next_action: "retry_with_different_input",
|
|
342
347
|
category: "attribution"
|
|
343
348
|
},
|
|
344
349
|
E_ATTRIBUTION_CIRCULAR_CHAIN: {
|
|
@@ -346,7 +351,8 @@ var ERRORS = {
|
|
|
346
351
|
http_status: 400,
|
|
347
352
|
title: "Attribution Circular Chain",
|
|
348
353
|
description: "Circular reference detected in attribution chain",
|
|
349
|
-
|
|
354
|
+
retryable: false,
|
|
355
|
+
next_action: "retry_with_different_input",
|
|
350
356
|
category: "attribution"
|
|
351
357
|
},
|
|
352
358
|
E_ATTRIBUTION_EXPIRED: {
|
|
@@ -354,7 +360,8 @@ var ERRORS = {
|
|
|
354
360
|
http_status: 401,
|
|
355
361
|
title: "Attribution Expired",
|
|
356
362
|
description: "Attribution attestation has exceeded its expiration time",
|
|
357
|
-
|
|
363
|
+
retryable: false,
|
|
364
|
+
next_action: "retry_with_different_input",
|
|
358
365
|
category: "attribution"
|
|
359
366
|
},
|
|
360
367
|
E_ATTRIBUTION_HASH_INVALID: {
|
|
@@ -362,7 +369,8 @@ var ERRORS = {
|
|
|
362
369
|
http_status: 400,
|
|
363
370
|
title: "Attribution Hash Invalid",
|
|
364
371
|
description: "Content hash structure is invalid (wrong algorithm, encoding, or value length)",
|
|
365
|
-
|
|
372
|
+
retryable: false,
|
|
373
|
+
next_action: "retry_with_different_input",
|
|
366
374
|
category: "attribution"
|
|
367
375
|
},
|
|
368
376
|
E_ATTRIBUTION_INVALID_FORMAT: {
|
|
@@ -370,7 +378,8 @@ var ERRORS = {
|
|
|
370
378
|
http_status: 400,
|
|
371
379
|
title: "Attribution Invalid Format",
|
|
372
380
|
description: "Attribution attestation does not conform to schema",
|
|
373
|
-
|
|
381
|
+
retryable: false,
|
|
382
|
+
next_action: "retry_with_different_input",
|
|
374
383
|
category: "attribution"
|
|
375
384
|
},
|
|
376
385
|
E_ATTRIBUTION_INVALID_REF: {
|
|
@@ -378,7 +387,8 @@ var ERRORS = {
|
|
|
378
387
|
http_status: 400,
|
|
379
388
|
title: "Attribution Invalid Reference",
|
|
380
389
|
description: "Receipt reference format is invalid (must be jti:{id}, URL, or URN)",
|
|
381
|
-
|
|
390
|
+
retryable: false,
|
|
391
|
+
next_action: "retry_with_different_input",
|
|
382
392
|
category: "attribution"
|
|
383
393
|
},
|
|
384
394
|
E_ATTRIBUTION_INVALID_WEIGHT: {
|
|
@@ -386,7 +396,8 @@ var ERRORS = {
|
|
|
386
396
|
http_status: 400,
|
|
387
397
|
title: "Attribution Invalid Weight",
|
|
388
398
|
description: "Attribution weight is out of valid range (must be 0.0-1.0)",
|
|
389
|
-
|
|
399
|
+
retryable: false,
|
|
400
|
+
next_action: "retry_with_different_input",
|
|
390
401
|
category: "attribution"
|
|
391
402
|
},
|
|
392
403
|
E_ATTRIBUTION_MISSING_SOURCES: {
|
|
@@ -394,7 +405,8 @@ var ERRORS = {
|
|
|
394
405
|
http_status: 400,
|
|
395
406
|
title: "Attribution Missing Sources",
|
|
396
407
|
description: "Attribution attestation has empty sources array",
|
|
397
|
-
|
|
408
|
+
retryable: false,
|
|
409
|
+
next_action: "retry_with_different_input",
|
|
398
410
|
category: "attribution"
|
|
399
411
|
},
|
|
400
412
|
E_ATTRIBUTION_NOT_YET_VALID: {
|
|
@@ -402,7 +414,8 @@ var ERRORS = {
|
|
|
402
414
|
http_status: 401,
|
|
403
415
|
title: "Attribution Not Yet Valid",
|
|
404
416
|
description: "Attribution attestation issued_at time is in the future",
|
|
405
|
-
|
|
417
|
+
retryable: true,
|
|
418
|
+
next_action: "retry_after_delay",
|
|
406
419
|
category: "attribution"
|
|
407
420
|
},
|
|
408
421
|
E_ATTRIBUTION_RESOLUTION_FAILED: {
|
|
@@ -410,7 +423,8 @@ var ERRORS = {
|
|
|
410
423
|
http_status: 502,
|
|
411
424
|
title: "Attribution Resolution Failed",
|
|
412
425
|
description: "Failed to resolve receipt reference in attribution chain",
|
|
413
|
-
|
|
426
|
+
retryable: true,
|
|
427
|
+
next_action: "retry_after_delay",
|
|
414
428
|
category: "attribution"
|
|
415
429
|
},
|
|
416
430
|
E_ATTRIBUTION_RESOLUTION_TIMEOUT: {
|
|
@@ -418,7 +432,8 @@ var ERRORS = {
|
|
|
418
432
|
http_status: 504,
|
|
419
433
|
title: "Attribution Resolution Timeout",
|
|
420
434
|
description: "Timeout while resolving receipt reference in attribution chain",
|
|
421
|
-
|
|
435
|
+
retryable: true,
|
|
436
|
+
next_action: "retry_after_delay",
|
|
422
437
|
category: "attribution"
|
|
423
438
|
},
|
|
424
439
|
E_ATTRIBUTION_SIZE_EXCEEDED: {
|
|
@@ -426,7 +441,8 @@ var ERRORS = {
|
|
|
426
441
|
http_status: 400,
|
|
427
442
|
title: "Attribution Size Exceeded",
|
|
428
443
|
description: "Attribution attestation exceeds maximum size (64KB)",
|
|
429
|
-
|
|
444
|
+
retryable: false,
|
|
445
|
+
next_action: "retry_with_different_input",
|
|
430
446
|
category: "attribution"
|
|
431
447
|
},
|
|
432
448
|
E_ATTRIBUTION_TOO_MANY_SOURCES: {
|
|
@@ -434,7 +450,8 @@ var ERRORS = {
|
|
|
434
450
|
http_status: 400,
|
|
435
451
|
title: "Attribution Too Many Sources",
|
|
436
452
|
description: "Attribution has too many sources (maximum 100)",
|
|
437
|
-
|
|
453
|
+
retryable: false,
|
|
454
|
+
next_action: "retry_with_different_input",
|
|
438
455
|
category: "attribution"
|
|
439
456
|
},
|
|
440
457
|
E_ATTRIBUTION_UNKNOWN_USAGE: {
|
|
@@ -442,7 +459,8 @@ var ERRORS = {
|
|
|
442
459
|
http_status: 400,
|
|
443
460
|
title: "Attribution Unknown Usage",
|
|
444
461
|
description: "Attribution usage type is not recognized",
|
|
445
|
-
|
|
462
|
+
retryable: false,
|
|
463
|
+
next_action: "retry_with_different_input",
|
|
446
464
|
category: "attribution"
|
|
447
465
|
},
|
|
448
466
|
// Bundle error codes
|
|
@@ -451,7 +469,8 @@ var ERRORS = {
|
|
|
451
469
|
http_status: 400,
|
|
452
470
|
title: "Bundle Duplicate Receipt",
|
|
453
471
|
description: "Bundle contains multiple receipts with the same ID",
|
|
454
|
-
|
|
472
|
+
retryable: false,
|
|
473
|
+
next_action: "retry_with_different_input",
|
|
455
474
|
category: "bundle"
|
|
456
475
|
},
|
|
457
476
|
E_BUNDLE_HASH_MISMATCH: {
|
|
@@ -459,7 +478,8 @@ var ERRORS = {
|
|
|
459
478
|
http_status: 400,
|
|
460
479
|
title: "Bundle Hash Mismatch",
|
|
461
480
|
description: "File hash does not match value declared in manifest.json",
|
|
462
|
-
|
|
481
|
+
retryable: false,
|
|
482
|
+
next_action: "retry_with_different_input",
|
|
463
483
|
category: "bundle"
|
|
464
484
|
},
|
|
465
485
|
E_BUNDLE_INVALID_FORMAT: {
|
|
@@ -467,7 +487,8 @@ var ERRORS = {
|
|
|
467
487
|
http_status: 400,
|
|
468
488
|
title: "Bundle Invalid Format",
|
|
469
489
|
description: "Bundle archive structure is invalid (not a valid ZIP or missing required files)",
|
|
470
|
-
|
|
490
|
+
retryable: false,
|
|
491
|
+
next_action: "retry_with_different_input",
|
|
471
492
|
category: "bundle"
|
|
472
493
|
},
|
|
473
494
|
E_BUNDLE_KEY_MISSING: {
|
|
@@ -475,7 +496,8 @@ var ERRORS = {
|
|
|
475
496
|
http_status: 400,
|
|
476
497
|
title: "Bundle Key Missing",
|
|
477
498
|
description: "Required signing key not found in bundle (offline verification mode)",
|
|
478
|
-
|
|
499
|
+
retryable: false,
|
|
500
|
+
next_action: "retry_with_different_input",
|
|
479
501
|
category: "bundle"
|
|
480
502
|
},
|
|
481
503
|
E_BUNDLE_MANIFEST_INVALID: {
|
|
@@ -483,7 +505,8 @@ var ERRORS = {
|
|
|
483
505
|
http_status: 400,
|
|
484
506
|
title: "Bundle Manifest Invalid",
|
|
485
507
|
description: "manifest.json does not conform to schema or contains invalid values",
|
|
486
|
-
|
|
508
|
+
retryable: false,
|
|
509
|
+
next_action: "retry_with_different_input",
|
|
487
510
|
category: "bundle"
|
|
488
511
|
},
|
|
489
512
|
E_BUNDLE_MANIFEST_MISSING: {
|
|
@@ -491,7 +514,8 @@ var ERRORS = {
|
|
|
491
514
|
http_status: 400,
|
|
492
515
|
title: "Bundle Manifest Missing",
|
|
493
516
|
description: "manifest.json not found at bundle archive root",
|
|
494
|
-
|
|
517
|
+
retryable: false,
|
|
518
|
+
next_action: "retry_with_different_input",
|
|
495
519
|
category: "bundle"
|
|
496
520
|
},
|
|
497
521
|
E_BUNDLE_MISSING_KEYS: {
|
|
@@ -499,7 +523,8 @@ var ERRORS = {
|
|
|
499
523
|
http_status: 400,
|
|
500
524
|
title: "Bundle Missing Keys",
|
|
501
525
|
description: "No verification keys provided in bundle JWKS",
|
|
502
|
-
|
|
526
|
+
retryable: false,
|
|
527
|
+
next_action: "retry_with_different_input",
|
|
503
528
|
category: "bundle"
|
|
504
529
|
},
|
|
505
530
|
E_BUNDLE_MISSING_RECEIPTS: {
|
|
@@ -507,7 +532,8 @@ var ERRORS = {
|
|
|
507
532
|
http_status: 400,
|
|
508
533
|
title: "Bundle Missing Receipts",
|
|
509
534
|
description: "No receipts provided when creating bundle",
|
|
510
|
-
|
|
535
|
+
retryable: false,
|
|
536
|
+
next_action: "retry_with_different_input",
|
|
511
537
|
category: "bundle"
|
|
512
538
|
},
|
|
513
539
|
E_BUNDLE_PATH_TRAVERSAL: {
|
|
@@ -515,7 +541,8 @@ var ERRORS = {
|
|
|
515
541
|
http_status: 400,
|
|
516
542
|
title: "Bundle Path Traversal",
|
|
517
543
|
description: "Bundle contains path traversal attack (zip-slip vulnerability)",
|
|
518
|
-
|
|
544
|
+
retryable: false,
|
|
545
|
+
next_action: "retry_with_different_input",
|
|
519
546
|
category: "bundle"
|
|
520
547
|
},
|
|
521
548
|
E_BUNDLE_POLICY_HASH_MISMATCH: {
|
|
@@ -523,7 +550,8 @@ var ERRORS = {
|
|
|
523
550
|
http_status: 400,
|
|
524
551
|
title: "Bundle Policy Hash Mismatch",
|
|
525
552
|
description: "Policy snapshot hash does not match policy used to evaluate receipts",
|
|
526
|
-
|
|
553
|
+
retryable: false,
|
|
554
|
+
next_action: "retry_with_different_input",
|
|
527
555
|
category: "bundle"
|
|
528
556
|
},
|
|
529
557
|
E_BUNDLE_RECEIPTS_UNORDERED: {
|
|
@@ -531,7 +559,8 @@ var ERRORS = {
|
|
|
531
559
|
http_status: 400,
|
|
532
560
|
title: "Bundle Receipts Unordered",
|
|
533
561
|
description: "receipts.ndjson is not in deterministic order (issued_at, receipt_id, receipt_hash)",
|
|
534
|
-
|
|
562
|
+
retryable: false,
|
|
563
|
+
next_action: "retry_with_different_input",
|
|
535
564
|
category: "bundle"
|
|
536
565
|
},
|
|
537
566
|
E_BUNDLE_RECEIPT_INVALID: {
|
|
@@ -539,7 +568,8 @@ var ERRORS = {
|
|
|
539
568
|
http_status: 400,
|
|
540
569
|
title: "Bundle Receipt Invalid",
|
|
541
570
|
description: "Receipt JWS in bundle is malformed or missing required claims",
|
|
542
|
-
|
|
571
|
+
retryable: false,
|
|
572
|
+
next_action: "retry_with_different_input",
|
|
543
573
|
category: "bundle"
|
|
544
574
|
},
|
|
545
575
|
E_BUNDLE_SIGNATURE_INVALID: {
|
|
@@ -547,7 +577,8 @@ var ERRORS = {
|
|
|
547
577
|
http_status: 400,
|
|
548
578
|
title: "Bundle Signature Invalid",
|
|
549
579
|
description: "bundle.sig JWS verification failed over manifest hash",
|
|
550
|
-
|
|
580
|
+
retryable: false,
|
|
581
|
+
next_action: "retry_with_different_input",
|
|
551
582
|
category: "bundle"
|
|
552
583
|
},
|
|
553
584
|
E_BUNDLE_SIZE_EXCEEDED: {
|
|
@@ -555,7 +586,8 @@ var ERRORS = {
|
|
|
555
586
|
http_status: 400,
|
|
556
587
|
title: "Bundle Size Exceeded",
|
|
557
588
|
description: "Bundle exceeds size limits (entry count, entry size, or total size)",
|
|
558
|
-
|
|
589
|
+
retryable: false,
|
|
590
|
+
next_action: "retry_with_different_input",
|
|
559
591
|
category: "bundle"
|
|
560
592
|
},
|
|
561
593
|
E_BUNDLE_TIME_RANGE_INVALID: {
|
|
@@ -563,7 +595,8 @@ var ERRORS = {
|
|
|
563
595
|
http_status: 400,
|
|
564
596
|
title: "Bundle Time Range Invalid",
|
|
565
597
|
description: "Receipt issued_at is outside the bundle declared time_range",
|
|
566
|
-
|
|
598
|
+
retryable: false,
|
|
599
|
+
next_action: "retry_with_different_input",
|
|
567
600
|
category: "bundle"
|
|
568
601
|
},
|
|
569
602
|
// Control error codes
|
|
@@ -572,7 +605,8 @@ var ERRORS = {
|
|
|
572
605
|
http_status: 403,
|
|
573
606
|
title: "Control Decision Denied",
|
|
574
607
|
description: "Control engine denied authorization",
|
|
575
|
-
|
|
608
|
+
retryable: false,
|
|
609
|
+
next_action: "contact_issuer",
|
|
576
610
|
category: "control"
|
|
577
611
|
},
|
|
578
612
|
E_CONTROL_REVIEW_REQUIRED: {
|
|
@@ -580,7 +614,8 @@ var ERRORS = {
|
|
|
580
614
|
http_status: 202,
|
|
581
615
|
title: "Review Required",
|
|
582
616
|
description: "Control engine requires manual review",
|
|
583
|
-
|
|
617
|
+
retryable: true,
|
|
618
|
+
next_action: "contact_issuer",
|
|
584
619
|
category: "control"
|
|
585
620
|
},
|
|
586
621
|
// Dispute error codes
|
|
@@ -589,7 +624,8 @@ var ERRORS = {
|
|
|
589
624
|
http_status: 409,
|
|
590
625
|
title: "Dispute Duplicate",
|
|
591
626
|
description: "A dispute with this ID already exists",
|
|
592
|
-
|
|
627
|
+
retryable: false,
|
|
628
|
+
next_action: "retry_with_different_input",
|
|
593
629
|
category: "dispute"
|
|
594
630
|
},
|
|
595
631
|
E_DISPUTE_EXPIRED: {
|
|
@@ -597,7 +633,8 @@ var ERRORS = {
|
|
|
597
633
|
http_status: 401,
|
|
598
634
|
title: "Dispute Expired",
|
|
599
635
|
description: "Dispute attestation has exceeded its expiration time",
|
|
600
|
-
|
|
636
|
+
retryable: false,
|
|
637
|
+
next_action: "retry_with_different_input",
|
|
601
638
|
category: "dispute"
|
|
602
639
|
},
|
|
603
640
|
E_DISPUTE_INVALID_FORMAT: {
|
|
@@ -605,7 +642,8 @@ var ERRORS = {
|
|
|
605
642
|
http_status: 400,
|
|
606
643
|
title: "Dispute Invalid Format",
|
|
607
644
|
description: "Dispute attestation does not conform to schema",
|
|
608
|
-
|
|
645
|
+
retryable: false,
|
|
646
|
+
next_action: "retry_with_different_input",
|
|
609
647
|
category: "dispute"
|
|
610
648
|
},
|
|
611
649
|
E_DISPUTE_INVALID_GROUNDS: {
|
|
@@ -613,7 +651,8 @@ var ERRORS = {
|
|
|
613
651
|
http_status: 400,
|
|
614
652
|
title: "Dispute Invalid Grounds",
|
|
615
653
|
description: "Dispute grounds code is not recognized",
|
|
616
|
-
|
|
654
|
+
retryable: false,
|
|
655
|
+
next_action: "retry_with_different_input",
|
|
617
656
|
category: "dispute"
|
|
618
657
|
},
|
|
619
658
|
E_DISPUTE_INVALID_ID: {
|
|
@@ -621,7 +660,8 @@ var ERRORS = {
|
|
|
621
660
|
http_status: 400,
|
|
622
661
|
title: "Dispute Invalid ID",
|
|
623
662
|
description: "Dispute ID is not a valid ULID format (26 uppercase alphanumeric characters)",
|
|
624
|
-
|
|
663
|
+
retryable: false,
|
|
664
|
+
next_action: "retry_with_different_input",
|
|
625
665
|
category: "dispute"
|
|
626
666
|
},
|
|
627
667
|
E_DISPUTE_INVALID_STATE: {
|
|
@@ -629,7 +669,8 @@ var ERRORS = {
|
|
|
629
669
|
http_status: 400,
|
|
630
670
|
title: "Dispute Invalid State",
|
|
631
671
|
description: "Dispute state is not recognized",
|
|
632
|
-
|
|
672
|
+
retryable: false,
|
|
673
|
+
next_action: "retry_with_different_input",
|
|
633
674
|
category: "dispute"
|
|
634
675
|
},
|
|
635
676
|
E_DISPUTE_INVALID_TARGET_TYPE: {
|
|
@@ -637,7 +678,8 @@ var ERRORS = {
|
|
|
637
678
|
http_status: 400,
|
|
638
679
|
title: "Dispute Invalid Target Type",
|
|
639
680
|
description: "Dispute target type is not recognized (must be receipt, attribution, identity, or policy)",
|
|
640
|
-
|
|
681
|
+
retryable: false,
|
|
682
|
+
next_action: "retry_with_different_input",
|
|
641
683
|
category: "dispute"
|
|
642
684
|
},
|
|
643
685
|
E_DISPUTE_INVALID_TRANSITION: {
|
|
@@ -645,7 +687,8 @@ var ERRORS = {
|
|
|
645
687
|
http_status: 400,
|
|
646
688
|
title: "Dispute Invalid Transition",
|
|
647
689
|
description: "Invalid state transition for dispute lifecycle",
|
|
648
|
-
|
|
690
|
+
retryable: false,
|
|
691
|
+
next_action: "retry_with_different_input",
|
|
649
692
|
category: "dispute"
|
|
650
693
|
},
|
|
651
694
|
E_DISPUTE_INVALID_TYPE: {
|
|
@@ -653,7 +696,8 @@ var ERRORS = {
|
|
|
653
696
|
http_status: 400,
|
|
654
697
|
title: "Dispute Invalid Type",
|
|
655
698
|
description: "Dispute type is not recognized",
|
|
656
|
-
|
|
699
|
+
retryable: false,
|
|
700
|
+
next_action: "retry_with_different_input",
|
|
657
701
|
category: "dispute"
|
|
658
702
|
},
|
|
659
703
|
E_DISPUTE_MISSING_RESOLUTION: {
|
|
@@ -661,7 +705,8 @@ var ERRORS = {
|
|
|
661
705
|
http_status: 400,
|
|
662
706
|
title: "Dispute Missing Resolution",
|
|
663
707
|
description: "Resolution is required for terminal states (resolved, rejected, final)",
|
|
664
|
-
|
|
708
|
+
retryable: false,
|
|
709
|
+
next_action: "retry_with_different_input",
|
|
665
710
|
category: "dispute"
|
|
666
711
|
},
|
|
667
712
|
E_DISPUTE_NOT_YET_VALID: {
|
|
@@ -669,7 +714,8 @@ var ERRORS = {
|
|
|
669
714
|
http_status: 401,
|
|
670
715
|
title: "Dispute Not Yet Valid",
|
|
671
716
|
description: "Dispute attestation issued_at time is in the future",
|
|
672
|
-
|
|
717
|
+
retryable: true,
|
|
718
|
+
next_action: "retry_after_delay",
|
|
673
719
|
category: "dispute"
|
|
674
720
|
},
|
|
675
721
|
E_DISPUTE_OTHER_REQUIRES_DESCRIPTION: {
|
|
@@ -677,7 +723,8 @@ var ERRORS = {
|
|
|
677
723
|
http_status: 400,
|
|
678
724
|
title: "Dispute Other Requires Description",
|
|
679
725
|
description: "Dispute type 'other' requires description of at least 50 characters",
|
|
680
|
-
|
|
726
|
+
retryable: false,
|
|
727
|
+
next_action: "retry_with_different_input",
|
|
681
728
|
category: "dispute"
|
|
682
729
|
},
|
|
683
730
|
E_DISPUTE_RESOLUTION_NOT_ALLOWED: {
|
|
@@ -685,7 +732,8 @@ var ERRORS = {
|
|
|
685
732
|
http_status: 400,
|
|
686
733
|
title: "Dispute Resolution Not Allowed",
|
|
687
734
|
description: "Resolution is only valid for terminal states",
|
|
688
|
-
|
|
735
|
+
retryable: false,
|
|
736
|
+
next_action: "retry_with_different_input",
|
|
689
737
|
category: "dispute"
|
|
690
738
|
},
|
|
691
739
|
E_DISPUTE_TARGET_NOT_FOUND: {
|
|
@@ -693,7 +741,8 @@ var ERRORS = {
|
|
|
693
741
|
http_status: 404,
|
|
694
742
|
title: "Dispute Target Not Found",
|
|
695
743
|
description: "The target receipt, attribution, or identity being disputed was not found",
|
|
696
|
-
|
|
744
|
+
retryable: true,
|
|
745
|
+
next_action: "retry_after_delay",
|
|
697
746
|
category: "dispute"
|
|
698
747
|
},
|
|
699
748
|
// Identity error codes
|
|
@@ -702,7 +751,8 @@ var ERRORS = {
|
|
|
702
751
|
http_status: 400,
|
|
703
752
|
title: "Identity Binding Future",
|
|
704
753
|
description: "Identity binding signed_at timestamp is in the future",
|
|
705
|
-
|
|
754
|
+
retryable: false,
|
|
755
|
+
next_action: "retry_with_different_input",
|
|
706
756
|
category: "identity"
|
|
707
757
|
},
|
|
708
758
|
E_IDENTITY_BINDING_MISMATCH: {
|
|
@@ -710,7 +760,8 @@ var ERRORS = {
|
|
|
710
760
|
http_status: 400,
|
|
711
761
|
title: "Identity Binding Mismatch",
|
|
712
762
|
description: "Identity binding does not match the request being verified",
|
|
713
|
-
|
|
763
|
+
retryable: false,
|
|
764
|
+
next_action: "retry_with_different_input",
|
|
714
765
|
category: "identity"
|
|
715
766
|
},
|
|
716
767
|
E_IDENTITY_BINDING_STALE: {
|
|
@@ -718,7 +769,8 @@ var ERRORS = {
|
|
|
718
769
|
http_status: 401,
|
|
719
770
|
title: "Identity Binding Stale",
|
|
720
771
|
description: "Identity binding is too old and requires fresh binding",
|
|
721
|
-
|
|
772
|
+
retryable: true,
|
|
773
|
+
next_action: "retry_after_delay",
|
|
722
774
|
category: "identity"
|
|
723
775
|
},
|
|
724
776
|
E_IDENTITY_DIRECTORY_UNAVAILABLE: {
|
|
@@ -726,7 +778,8 @@ var ERRORS = {
|
|
|
726
778
|
http_status: 503,
|
|
727
779
|
title: "Identity Directory Unavailable",
|
|
728
780
|
description: "Failed to fetch agent key directory",
|
|
729
|
-
|
|
781
|
+
retryable: true,
|
|
782
|
+
next_action: "retry_after_delay",
|
|
730
783
|
category: "identity"
|
|
731
784
|
},
|
|
732
785
|
E_IDENTITY_EXPIRED: {
|
|
@@ -734,7 +787,8 @@ var ERRORS = {
|
|
|
734
787
|
http_status: 401,
|
|
735
788
|
title: "Identity Expired",
|
|
736
789
|
description: "Agent identity attestation has exceeded its expiration time",
|
|
737
|
-
|
|
790
|
+
retryable: false,
|
|
791
|
+
next_action: "refresh_attestation",
|
|
738
792
|
category: "identity"
|
|
739
793
|
},
|
|
740
794
|
E_IDENTITY_INVALID_FORMAT: {
|
|
@@ -742,7 +796,8 @@ var ERRORS = {
|
|
|
742
796
|
http_status: 400,
|
|
743
797
|
title: "Identity Invalid Format",
|
|
744
798
|
description: "Agent identity attestation does not conform to schema",
|
|
745
|
-
|
|
799
|
+
retryable: false,
|
|
800
|
+
next_action: "retry_with_different_input",
|
|
746
801
|
category: "identity"
|
|
747
802
|
},
|
|
748
803
|
E_IDENTITY_KEY_EXPIRED: {
|
|
@@ -750,7 +805,8 @@ var ERRORS = {
|
|
|
750
805
|
http_status: 401,
|
|
751
806
|
title: "Identity Key Expired",
|
|
752
807
|
description: "Agent signing key has expired per directory metadata",
|
|
753
|
-
|
|
808
|
+
retryable: false,
|
|
809
|
+
next_action: "refresh_attestation",
|
|
754
810
|
category: "identity"
|
|
755
811
|
},
|
|
756
812
|
E_IDENTITY_KEY_REVOKED: {
|
|
@@ -758,7 +814,8 @@ var ERRORS = {
|
|
|
758
814
|
http_status: 401,
|
|
759
815
|
title: "Identity Key Revoked",
|
|
760
816
|
description: "Agent signing key has been explicitly revoked",
|
|
761
|
-
|
|
817
|
+
retryable: false,
|
|
818
|
+
next_action: "refresh_attestation",
|
|
762
819
|
category: "identity"
|
|
763
820
|
},
|
|
764
821
|
E_IDENTITY_KEY_UNKNOWN: {
|
|
@@ -766,7 +823,8 @@ var ERRORS = {
|
|
|
766
823
|
http_status: 401,
|
|
767
824
|
title: "Identity Key Unknown",
|
|
768
825
|
description: "Key ID not found in agent key directory",
|
|
769
|
-
|
|
826
|
+
retryable: true,
|
|
827
|
+
next_action: "retry_after_delay",
|
|
770
828
|
category: "identity"
|
|
771
829
|
},
|
|
772
830
|
E_IDENTITY_MISSING: {
|
|
@@ -774,7 +832,8 @@ var ERRORS = {
|
|
|
774
832
|
http_status: 401,
|
|
775
833
|
title: "Identity Missing",
|
|
776
834
|
description: "No agent identity attestation provided in request",
|
|
777
|
-
|
|
835
|
+
retryable: false,
|
|
836
|
+
next_action: "retry_with_different_input",
|
|
778
837
|
category: "identity"
|
|
779
838
|
},
|
|
780
839
|
E_IDENTITY_NOT_YET_VALID: {
|
|
@@ -782,7 +841,8 @@ var ERRORS = {
|
|
|
782
841
|
http_status: 401,
|
|
783
842
|
title: "Identity Not Yet Valid",
|
|
784
843
|
description: "Agent identity attestation issued_at time is in the future",
|
|
785
|
-
|
|
844
|
+
retryable: true,
|
|
845
|
+
next_action: "retry_after_delay",
|
|
786
846
|
category: "identity"
|
|
787
847
|
},
|
|
788
848
|
E_IDENTITY_PROOF_UNSUPPORTED: {
|
|
@@ -790,7 +850,8 @@ var ERRORS = {
|
|
|
790
850
|
http_status: 400,
|
|
791
851
|
title: "Identity Proof Unsupported",
|
|
792
852
|
description: "Agent identity proof method is not supported",
|
|
793
|
-
|
|
853
|
+
retryable: false,
|
|
854
|
+
next_action: "retry_with_different_input",
|
|
794
855
|
category: "identity"
|
|
795
856
|
},
|
|
796
857
|
E_IDENTITY_SIG_INVALID: {
|
|
@@ -798,7 +859,17 @@ var ERRORS = {
|
|
|
798
859
|
http_status: 401,
|
|
799
860
|
title: "Identity Signature Invalid",
|
|
800
861
|
description: "Agent identity proof signature verification failed",
|
|
801
|
-
|
|
862
|
+
retryable: false,
|
|
863
|
+
next_action: "retry_with_different_input",
|
|
864
|
+
category: "identity"
|
|
865
|
+
},
|
|
866
|
+
E_MVIS_INCOMPLETE: {
|
|
867
|
+
code: "E_MVIS_INCOMPLETE",
|
|
868
|
+
http_status: 400,
|
|
869
|
+
title: "MVIS Incomplete",
|
|
870
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
871
|
+
retryable: false,
|
|
872
|
+
next_action: "retry_with_different_input",
|
|
802
873
|
category: "identity"
|
|
803
874
|
},
|
|
804
875
|
// Infrastructure error codes
|
|
@@ -807,7 +878,8 @@ var ERRORS = {
|
|
|
807
878
|
http_status: 503,
|
|
808
879
|
title: "Circuit Breaker Open",
|
|
809
880
|
description: "Service temporarily unavailable due to circuit breaker",
|
|
810
|
-
|
|
881
|
+
retryable: true,
|
|
882
|
+
next_action: "retry_after_delay",
|
|
811
883
|
category: "infrastructure"
|
|
812
884
|
},
|
|
813
885
|
E_INTERNAL: {
|
|
@@ -815,7 +887,8 @@ var ERRORS = {
|
|
|
815
887
|
http_status: 500,
|
|
816
888
|
title: "Internal Error",
|
|
817
889
|
description: "An unexpected internal error occurred during verification",
|
|
818
|
-
|
|
890
|
+
retryable: true,
|
|
891
|
+
next_action: "retry_after_delay",
|
|
819
892
|
category: "infrastructure"
|
|
820
893
|
},
|
|
821
894
|
E_JWKS_FETCH_FAILED: {
|
|
@@ -823,7 +896,8 @@ var ERRORS = {
|
|
|
823
896
|
http_status: 503,
|
|
824
897
|
title: "JWKS Fetch Failed",
|
|
825
898
|
description: "Failed to fetch public keys from JWKS endpoint",
|
|
826
|
-
|
|
899
|
+
retryable: true,
|
|
900
|
+
next_action: "retry_after_delay",
|
|
827
901
|
category: "infrastructure"
|
|
828
902
|
},
|
|
829
903
|
E_RATE_LIMITED: {
|
|
@@ -831,7 +905,8 @@ var ERRORS = {
|
|
|
831
905
|
http_status: 429,
|
|
832
906
|
title: "Rate Limited",
|
|
833
907
|
description: "Too many requests, please retry later",
|
|
834
|
-
|
|
908
|
+
retryable: true,
|
|
909
|
+
next_action: "retry_after_delay",
|
|
835
910
|
category: "infrastructure"
|
|
836
911
|
},
|
|
837
912
|
// Interaction error codes
|
|
@@ -840,7 +915,8 @@ var ERRORS = {
|
|
|
840
915
|
http_status: 400,
|
|
841
916
|
title: "Interaction Invalid Digest",
|
|
842
917
|
description: "Digest structure is invalid (wrong value format or missing bytes)",
|
|
843
|
-
|
|
918
|
+
retryable: false,
|
|
919
|
+
next_action: "retry_with_different_input",
|
|
844
920
|
category: "interaction"
|
|
845
921
|
},
|
|
846
922
|
E_INTERACTION_INVALID_DIGEST_ALG: {
|
|
@@ -848,7 +924,8 @@ var ERRORS = {
|
|
|
848
924
|
http_status: 400,
|
|
849
925
|
title: "Interaction Invalid Digest Algorithm",
|
|
850
926
|
description: "Digest algorithm is not in the canonical set (sha-256, sha-256:trunc-64k, sha-256:trunc-1m)",
|
|
851
|
-
|
|
927
|
+
retryable: false,
|
|
928
|
+
next_action: "retry_with_different_input",
|
|
852
929
|
category: "interaction"
|
|
853
930
|
},
|
|
854
931
|
E_INTERACTION_INVALID_EXTENSION_KEY: {
|
|
@@ -856,7 +933,8 @@ var ERRORS = {
|
|
|
856
933
|
http_status: 400,
|
|
857
934
|
title: "Interaction Invalid Extension Key",
|
|
858
935
|
description: "Extension key does not match required format (reverse-DNS/name[@version])",
|
|
859
|
-
|
|
936
|
+
retryable: false,
|
|
937
|
+
next_action: "retry_with_different_input",
|
|
860
938
|
category: "interaction"
|
|
861
939
|
},
|
|
862
940
|
E_INTERACTION_INVALID_FORMAT: {
|
|
@@ -864,7 +942,8 @@ var ERRORS = {
|
|
|
864
942
|
http_status: 400,
|
|
865
943
|
title: "Interaction Invalid Format",
|
|
866
944
|
description: "Interaction evidence does not conform to InteractionEvidenceV01 schema",
|
|
867
|
-
|
|
945
|
+
retryable: false,
|
|
946
|
+
next_action: "retry_with_different_input",
|
|
868
947
|
category: "interaction"
|
|
869
948
|
},
|
|
870
949
|
E_INTERACTION_INVALID_KIND_FORMAT: {
|
|
@@ -872,7 +951,8 @@ var ERRORS = {
|
|
|
872
951
|
http_status: 400,
|
|
873
952
|
title: "Interaction Invalid Kind Format",
|
|
874
953
|
description: "Interaction kind does not match required format (lowercase, 2-128 chars, starts with letter)",
|
|
875
|
-
|
|
954
|
+
retryable: false,
|
|
955
|
+
next_action: "retry_with_different_input",
|
|
876
956
|
category: "interaction"
|
|
877
957
|
},
|
|
878
958
|
E_INTERACTION_INVALID_TIMING: {
|
|
@@ -880,7 +960,8 @@ var ERRORS = {
|
|
|
880
960
|
http_status: 400,
|
|
881
961
|
title: "Interaction Invalid Timing",
|
|
882
962
|
description: "Timing constraint violated (completed_at < started_at or invalid datetime format)",
|
|
883
|
-
|
|
963
|
+
retryable: false,
|
|
964
|
+
next_action: "retry_with_different_input",
|
|
884
965
|
category: "interaction"
|
|
885
966
|
},
|
|
886
967
|
E_INTERACTION_KIND_RESERVED: {
|
|
@@ -888,7 +969,8 @@ var ERRORS = {
|
|
|
888
969
|
http_status: 400,
|
|
889
970
|
title: "Interaction Kind Reserved",
|
|
890
971
|
description: "Interaction kind uses reserved prefix (peac.*, org.peacprotocol.*) but is not in the well-known registry",
|
|
891
|
-
|
|
972
|
+
retryable: false,
|
|
973
|
+
next_action: "retry_with_different_input",
|
|
892
974
|
category: "interaction"
|
|
893
975
|
},
|
|
894
976
|
E_INTERACTION_MISSING_ERROR_DETAIL: {
|
|
@@ -896,7 +978,8 @@ var ERRORS = {
|
|
|
896
978
|
http_status: 400,
|
|
897
979
|
title: "Interaction Missing Error Detail",
|
|
898
980
|
description: "error_code or extensions required when result.status is error",
|
|
899
|
-
|
|
981
|
+
retryable: false,
|
|
982
|
+
next_action: "retry_with_different_input",
|
|
900
983
|
category: "interaction"
|
|
901
984
|
},
|
|
902
985
|
E_INTERACTION_MISSING_EXECUTOR: {
|
|
@@ -904,7 +987,8 @@ var ERRORS = {
|
|
|
904
987
|
http_status: 400,
|
|
905
988
|
title: "Interaction Missing Executor",
|
|
906
989
|
description: "Interaction evidence is missing required executor or executor.platform field",
|
|
907
|
-
|
|
990
|
+
retryable: false,
|
|
991
|
+
next_action: "retry_with_different_input",
|
|
908
992
|
category: "interaction"
|
|
909
993
|
},
|
|
910
994
|
E_INTERACTION_MISSING_ID: {
|
|
@@ -912,7 +996,8 @@ var ERRORS = {
|
|
|
912
996
|
http_status: 400,
|
|
913
997
|
title: "Interaction Missing ID",
|
|
914
998
|
description: "Interaction evidence is missing required interaction_id field",
|
|
915
|
-
|
|
999
|
+
retryable: false,
|
|
1000
|
+
next_action: "retry_with_different_input",
|
|
916
1001
|
category: "interaction"
|
|
917
1002
|
},
|
|
918
1003
|
E_INTERACTION_MISSING_KIND: {
|
|
@@ -920,7 +1005,8 @@ var ERRORS = {
|
|
|
920
1005
|
http_status: 400,
|
|
921
1006
|
title: "Interaction Missing Kind",
|
|
922
1007
|
description: "Interaction evidence is missing required kind field",
|
|
923
|
-
|
|
1008
|
+
retryable: false,
|
|
1009
|
+
next_action: "retry_with_different_input",
|
|
924
1010
|
category: "interaction"
|
|
925
1011
|
},
|
|
926
1012
|
E_INTERACTION_MISSING_RESULT: {
|
|
@@ -928,7 +1014,8 @@ var ERRORS = {
|
|
|
928
1014
|
http_status: 400,
|
|
929
1015
|
title: "Interaction Missing Result",
|
|
930
1016
|
description: "result.status is required when output is present",
|
|
931
|
-
|
|
1017
|
+
retryable: false,
|
|
1018
|
+
next_action: "retry_with_different_input",
|
|
932
1019
|
category: "interaction"
|
|
933
1020
|
},
|
|
934
1021
|
E_INTERACTION_MISSING_STARTED_AT: {
|
|
@@ -936,7 +1023,8 @@ var ERRORS = {
|
|
|
936
1023
|
http_status: 400,
|
|
937
1024
|
title: "Interaction Missing Started At",
|
|
938
1025
|
description: "Interaction evidence is missing required started_at field",
|
|
939
|
-
|
|
1026
|
+
retryable: false,
|
|
1027
|
+
next_action: "retry_with_different_input",
|
|
940
1028
|
category: "interaction"
|
|
941
1029
|
},
|
|
942
1030
|
E_INTERACTION_MISSING_TARGET: {
|
|
@@ -944,7 +1032,8 @@ var ERRORS = {
|
|
|
944
1032
|
http_status: 400,
|
|
945
1033
|
title: "Interaction Missing Target",
|
|
946
1034
|
description: "Kind prefix requires matching target field (tool.* needs tool, http.*/fs.* need resource)",
|
|
947
|
-
|
|
1035
|
+
retryable: false,
|
|
1036
|
+
next_action: "retry_with_different_input",
|
|
948
1037
|
category: "interaction"
|
|
949
1038
|
},
|
|
950
1039
|
// Ucp error codes
|
|
@@ -953,7 +1042,8 @@ var ERRORS = {
|
|
|
953
1042
|
http_status: 500,
|
|
954
1043
|
title: "UCP Evidence Serialization Failed",
|
|
955
1044
|
description: "Failed to serialize UCP evidence to YAML format",
|
|
956
|
-
|
|
1045
|
+
retryable: false,
|
|
1046
|
+
next_action: "retry_with_different_input",
|
|
957
1047
|
category: "ucp"
|
|
958
1048
|
},
|
|
959
1049
|
E_UCP_KEY_ALGORITHM_MISMATCH: {
|
|
@@ -961,7 +1051,8 @@ var ERRORS = {
|
|
|
961
1051
|
http_status: 401,
|
|
962
1052
|
title: "UCP Key Algorithm Mismatch",
|
|
963
1053
|
description: "Key type is not EC as required for ECDSA signatures",
|
|
964
|
-
|
|
1054
|
+
retryable: false,
|
|
1055
|
+
next_action: "retry_with_different_input",
|
|
965
1056
|
category: "ucp"
|
|
966
1057
|
},
|
|
967
1058
|
E_UCP_KEY_CURVE_MISMATCH: {
|
|
@@ -969,7 +1060,8 @@ var ERRORS = {
|
|
|
969
1060
|
http_status: 401,
|
|
970
1061
|
title: "UCP Key Curve Mismatch",
|
|
971
1062
|
description: "Key curve does not match signature algorithm (ES256=P-256, ES384=P-384, ES512=P-521)",
|
|
972
|
-
|
|
1063
|
+
retryable: false,
|
|
1064
|
+
next_action: "retry_with_different_input",
|
|
973
1065
|
category: "ucp"
|
|
974
1066
|
},
|
|
975
1067
|
E_UCP_KEY_NOT_FOUND: {
|
|
@@ -977,7 +1069,8 @@ var ERRORS = {
|
|
|
977
1069
|
http_status: 401,
|
|
978
1070
|
title: "UCP Key Not Found",
|
|
979
1071
|
description: "Key ID from signature not found in business UCP profile",
|
|
980
|
-
|
|
1072
|
+
retryable: true,
|
|
1073
|
+
next_action: "retry_after_delay",
|
|
981
1074
|
category: "ucp"
|
|
982
1075
|
},
|
|
983
1076
|
E_UCP_ORDER_INVALID: {
|
|
@@ -985,7 +1078,8 @@ var ERRORS = {
|
|
|
985
1078
|
http_status: 400,
|
|
986
1079
|
title: "UCP Order Invalid",
|
|
987
1080
|
description: "UCP order object does not conform to expected schema",
|
|
988
|
-
|
|
1081
|
+
retryable: false,
|
|
1082
|
+
next_action: "retry_with_different_input",
|
|
989
1083
|
category: "ucp"
|
|
990
1084
|
},
|
|
991
1085
|
E_UCP_ORDER_MISSING_ID: {
|
|
@@ -993,7 +1087,8 @@ var ERRORS = {
|
|
|
993
1087
|
http_status: 400,
|
|
994
1088
|
title: "UCP Order Missing ID",
|
|
995
1089
|
description: "UCP order is missing required id field",
|
|
996
|
-
|
|
1090
|
+
retryable: false,
|
|
1091
|
+
next_action: "retry_with_different_input",
|
|
997
1092
|
category: "ucp"
|
|
998
1093
|
},
|
|
999
1094
|
E_UCP_ORDER_MISSING_LINE_ITEMS: {
|
|
@@ -1001,7 +1096,8 @@ var ERRORS = {
|
|
|
1001
1096
|
http_status: 400,
|
|
1002
1097
|
title: "UCP Order Missing Line Items",
|
|
1003
1098
|
description: "UCP order is missing required line_items array",
|
|
1004
|
-
|
|
1099
|
+
retryable: false,
|
|
1100
|
+
next_action: "retry_with_different_input",
|
|
1005
1101
|
category: "ucp"
|
|
1006
1102
|
},
|
|
1007
1103
|
E_UCP_ORDER_MISSING_TOTALS: {
|
|
@@ -1009,7 +1105,8 @@ var ERRORS = {
|
|
|
1009
1105
|
http_status: 400,
|
|
1010
1106
|
title: "UCP Order Missing Totals",
|
|
1011
1107
|
description: "UCP order is missing required totals array or total entry",
|
|
1012
|
-
|
|
1108
|
+
retryable: false,
|
|
1109
|
+
next_action: "retry_with_different_input",
|
|
1013
1110
|
category: "ucp"
|
|
1014
1111
|
},
|
|
1015
1112
|
E_UCP_PAYLOAD_EMPTY: {
|
|
@@ -1017,7 +1114,8 @@ var ERRORS = {
|
|
|
1017
1114
|
http_status: 400,
|
|
1018
1115
|
title: "UCP Payload Empty",
|
|
1019
1116
|
description: "Webhook request body is empty",
|
|
1020
|
-
|
|
1117
|
+
retryable: false,
|
|
1118
|
+
next_action: "retry_with_different_input",
|
|
1021
1119
|
category: "ucp"
|
|
1022
1120
|
},
|
|
1023
1121
|
E_UCP_PAYLOAD_NOT_JSON: {
|
|
@@ -1025,7 +1123,8 @@ var ERRORS = {
|
|
|
1025
1123
|
http_status: 400,
|
|
1026
1124
|
title: "UCP Payload Not JSON",
|
|
1027
1125
|
description: "Webhook request body is not valid JSON",
|
|
1028
|
-
|
|
1126
|
+
retryable: false,
|
|
1127
|
+
next_action: "retry_with_different_input",
|
|
1029
1128
|
category: "ucp"
|
|
1030
1129
|
},
|
|
1031
1130
|
E_UCP_PAYLOAD_TOO_LARGE: {
|
|
@@ -1033,7 +1132,8 @@ var ERRORS = {
|
|
|
1033
1132
|
http_status: 400,
|
|
1034
1133
|
title: "UCP Payload Too Large",
|
|
1035
1134
|
description: "Webhook request body exceeds maximum allowed size",
|
|
1036
|
-
|
|
1135
|
+
retryable: false,
|
|
1136
|
+
next_action: "retry_with_different_input",
|
|
1037
1137
|
category: "ucp"
|
|
1038
1138
|
},
|
|
1039
1139
|
E_UCP_PROFILE_FETCH_FAILED: {
|
|
@@ -1041,7 +1141,8 @@ var ERRORS = {
|
|
|
1041
1141
|
http_status: 502,
|
|
1042
1142
|
title: "UCP Profile Fetch Failed",
|
|
1043
1143
|
description: "Failed to fetch business UCP profile from /.well-known/ucp",
|
|
1044
|
-
|
|
1144
|
+
retryable: true,
|
|
1145
|
+
next_action: "retry_after_delay",
|
|
1045
1146
|
category: "ucp"
|
|
1046
1147
|
},
|
|
1047
1148
|
E_UCP_PROFILE_INVALID: {
|
|
@@ -1049,7 +1150,8 @@ var ERRORS = {
|
|
|
1049
1150
|
http_status: 502,
|
|
1050
1151
|
title: "UCP Profile Invalid",
|
|
1051
1152
|
description: "Business UCP profile does not conform to expected schema",
|
|
1052
|
-
|
|
1153
|
+
retryable: false,
|
|
1154
|
+
next_action: "retry_with_different_input",
|
|
1053
1155
|
category: "ucp"
|
|
1054
1156
|
},
|
|
1055
1157
|
E_UCP_PROFILE_NO_SIGNING_KEYS: {
|
|
@@ -1057,7 +1159,8 @@ var ERRORS = {
|
|
|
1057
1159
|
http_status: 502,
|
|
1058
1160
|
title: "UCP Profile No Signing Keys",
|
|
1059
1161
|
description: "Business UCP profile has empty or missing signing_keys array",
|
|
1060
|
-
|
|
1162
|
+
retryable: false,
|
|
1163
|
+
next_action: "retry_with_different_input",
|
|
1061
1164
|
category: "ucp"
|
|
1062
1165
|
},
|
|
1063
1166
|
E_UCP_SIGNATURE_ALGORITHM_UNSUPPORTED: {
|
|
@@ -1065,7 +1168,8 @@ var ERRORS = {
|
|
|
1065
1168
|
http_status: 400,
|
|
1066
1169
|
title: "UCP Signature Algorithm Unsupported",
|
|
1067
1170
|
description: "Signature algorithm is not ES256, ES384, or ES512",
|
|
1068
|
-
|
|
1171
|
+
retryable: false,
|
|
1172
|
+
next_action: "retry_with_different_input",
|
|
1069
1173
|
category: "ucp"
|
|
1070
1174
|
},
|
|
1071
1175
|
E_UCP_SIGNATURE_B64_INVALID: {
|
|
@@ -1073,7 +1177,8 @@ var ERRORS = {
|
|
|
1073
1177
|
http_status: 400,
|
|
1074
1178
|
title: "UCP Signature b64 Invalid",
|
|
1075
1179
|
description: "b64=false requires 'b64' in 'crit' array per RFC 7797",
|
|
1076
|
-
|
|
1180
|
+
retryable: false,
|
|
1181
|
+
next_action: "retry_with_different_input",
|
|
1077
1182
|
category: "ucp"
|
|
1078
1183
|
},
|
|
1079
1184
|
E_UCP_SIGNATURE_INVALID: {
|
|
@@ -1081,7 +1186,8 @@ var ERRORS = {
|
|
|
1081
1186
|
http_status: 401,
|
|
1082
1187
|
title: "UCP Signature Invalid",
|
|
1083
1188
|
description: "Webhook signature verification failed against payload",
|
|
1084
|
-
|
|
1189
|
+
retryable: false,
|
|
1190
|
+
next_action: "retry_with_different_input",
|
|
1085
1191
|
category: "ucp"
|
|
1086
1192
|
},
|
|
1087
1193
|
E_UCP_SIGNATURE_MALFORMED: {
|
|
@@ -1089,7 +1195,8 @@ var ERRORS = {
|
|
|
1089
1195
|
http_status: 400,
|
|
1090
1196
|
title: "UCP Signature Malformed",
|
|
1091
1197
|
description: "Request-Signature header is not a valid detached JWS (RFC 7797)",
|
|
1092
|
-
|
|
1198
|
+
retryable: false,
|
|
1199
|
+
next_action: "retry_with_different_input",
|
|
1093
1200
|
category: "ucp"
|
|
1094
1201
|
},
|
|
1095
1202
|
E_UCP_SIGNATURE_MISSING: {
|
|
@@ -1097,7 +1204,8 @@ var ERRORS = {
|
|
|
1097
1204
|
http_status: 400,
|
|
1098
1205
|
title: "UCP Signature Missing",
|
|
1099
1206
|
description: "Request-Signature header is missing from UCP webhook request",
|
|
1100
|
-
|
|
1207
|
+
retryable: false,
|
|
1208
|
+
next_action: "retry_with_different_input",
|
|
1101
1209
|
category: "ucp"
|
|
1102
1210
|
},
|
|
1103
1211
|
E_UCP_VERIFICATION_FAILED: {
|
|
@@ -1105,7 +1213,8 @@ var ERRORS = {
|
|
|
1105
1213
|
http_status: 401,
|
|
1106
1214
|
title: "UCP Verification Failed",
|
|
1107
1215
|
description: "All verification attempts failed (raw and JCS canonicalized)",
|
|
1108
|
-
|
|
1216
|
+
retryable: false,
|
|
1217
|
+
next_action: "retry_with_different_input",
|
|
1109
1218
|
category: "ucp"
|
|
1110
1219
|
},
|
|
1111
1220
|
// Validation error codes
|
|
@@ -1114,7 +1223,8 @@ var ERRORS = {
|
|
|
1114
1223
|
http_status: 400,
|
|
1115
1224
|
title: "Kernel Constraint Violation",
|
|
1116
1225
|
description: "Receipt claims exceed a kernel constraint (max keys, max depth, max string length, max evidence bytes, or similar structural limit)",
|
|
1117
|
-
|
|
1226
|
+
retryable: false,
|
|
1227
|
+
next_action: "retry_with_different_input",
|
|
1118
1228
|
category: "validation"
|
|
1119
1229
|
},
|
|
1120
1230
|
E_EVIDENCE_NOT_JSON: {
|
|
@@ -1122,7 +1232,8 @@ var ERRORS = {
|
|
|
1122
1232
|
http_status: 400,
|
|
1123
1233
|
title: "Evidence Not JSON-Safe",
|
|
1124
1234
|
description: "Evidence contains non-JSON-safe values (NaN, Infinity, undefined, BigInt, Date, Map, Set, functions, symbols, class instances, or cycles)",
|
|
1125
|
-
|
|
1235
|
+
retryable: false,
|
|
1236
|
+
next_action: "retry_with_different_input",
|
|
1126
1237
|
category: "validation"
|
|
1127
1238
|
},
|
|
1128
1239
|
E_EXPIRED: {
|
|
@@ -1130,7 +1241,8 @@ var ERRORS = {
|
|
|
1130
1241
|
http_status: 400,
|
|
1131
1242
|
title: "Receipt Expired",
|
|
1132
1243
|
description: "Receipt has exceeded its expiration time",
|
|
1133
|
-
|
|
1244
|
+
retryable: false,
|
|
1245
|
+
next_action: "retry_with_different_input",
|
|
1134
1246
|
category: "validation"
|
|
1135
1247
|
},
|
|
1136
1248
|
E_INVALID_AMOUNT: {
|
|
@@ -1138,7 +1250,8 @@ var ERRORS = {
|
|
|
1138
1250
|
http_status: 400,
|
|
1139
1251
|
title: "Invalid Amount",
|
|
1140
1252
|
description: "Payment amount is invalid or out of allowed range",
|
|
1141
|
-
|
|
1253
|
+
retryable: false,
|
|
1254
|
+
next_action: "retry_with_different_input",
|
|
1142
1255
|
category: "validation"
|
|
1143
1256
|
},
|
|
1144
1257
|
E_INVALID_AUDIENCE: {
|
|
@@ -1146,7 +1259,8 @@ var ERRORS = {
|
|
|
1146
1259
|
http_status: 400,
|
|
1147
1260
|
title: "Invalid Audience",
|
|
1148
1261
|
description: "Receipt audience claim does not match expected value",
|
|
1149
|
-
|
|
1262
|
+
retryable: false,
|
|
1263
|
+
next_action: "retry_with_different_input",
|
|
1150
1264
|
category: "validation"
|
|
1151
1265
|
},
|
|
1152
1266
|
E_INVALID_CURRENCY: {
|
|
@@ -1154,7 +1268,8 @@ var ERRORS = {
|
|
|
1154
1268
|
http_status: 400,
|
|
1155
1269
|
title: "Invalid Currency",
|
|
1156
1270
|
description: "Currency code is not a valid ISO 4217 code",
|
|
1157
|
-
|
|
1271
|
+
retryable: false,
|
|
1272
|
+
next_action: "retry_with_different_input",
|
|
1158
1273
|
category: "validation"
|
|
1159
1274
|
},
|
|
1160
1275
|
E_INVALID_FORMAT: {
|
|
@@ -1162,7 +1277,8 @@ var ERRORS = {
|
|
|
1162
1277
|
http_status: 400,
|
|
1163
1278
|
title: "Invalid Format",
|
|
1164
1279
|
description: "Receipt does not conform to JWS format",
|
|
1165
|
-
|
|
1280
|
+
retryable: false,
|
|
1281
|
+
next_action: "retry_with_different_input",
|
|
1166
1282
|
category: "validation"
|
|
1167
1283
|
},
|
|
1168
1284
|
E_INVALID_ISSUER: {
|
|
@@ -1170,7 +1286,8 @@ var ERRORS = {
|
|
|
1170
1286
|
http_status: 400,
|
|
1171
1287
|
title: "Invalid Issuer",
|
|
1172
1288
|
description: "Receipt issuer claim is invalid or untrusted",
|
|
1173
|
-
|
|
1289
|
+
retryable: false,
|
|
1290
|
+
next_action: "retry_with_different_input",
|
|
1174
1291
|
category: "validation"
|
|
1175
1292
|
},
|
|
1176
1293
|
E_INVALID_RAIL: {
|
|
@@ -1178,7 +1295,8 @@ var ERRORS = {
|
|
|
1178
1295
|
http_status: 400,
|
|
1179
1296
|
title: "Invalid Payment Rail",
|
|
1180
1297
|
description: "Payment rail identifier is not recognized",
|
|
1181
|
-
|
|
1298
|
+
retryable: false,
|
|
1299
|
+
next_action: "retry_with_different_input",
|
|
1182
1300
|
category: "validation"
|
|
1183
1301
|
},
|
|
1184
1302
|
E_INVALID_RECEIPT_ID: {
|
|
@@ -1186,7 +1304,8 @@ var ERRORS = {
|
|
|
1186
1304
|
http_status: 400,
|
|
1187
1305
|
title: "Invalid Receipt ID",
|
|
1188
1306
|
description: "Receipt ID (rid) does not match expected value",
|
|
1189
|
-
|
|
1307
|
+
retryable: false,
|
|
1308
|
+
next_action: "retry_with_different_input",
|
|
1190
1309
|
category: "validation"
|
|
1191
1310
|
},
|
|
1192
1311
|
E_INVALID_SUBJECT: {
|
|
@@ -1194,7 +1313,8 @@ var ERRORS = {
|
|
|
1194
1313
|
http_status: 400,
|
|
1195
1314
|
title: "Invalid Subject",
|
|
1196
1315
|
description: "Receipt subject claim does not match expected value",
|
|
1197
|
-
|
|
1316
|
+
retryable: false,
|
|
1317
|
+
next_action: "retry_with_different_input",
|
|
1198
1318
|
category: "validation"
|
|
1199
1319
|
},
|
|
1200
1320
|
E_MISSING_EXP: {
|
|
@@ -1202,7 +1322,8 @@ var ERRORS = {
|
|
|
1202
1322
|
http_status: 400,
|
|
1203
1323
|
title: "Missing Expiration",
|
|
1204
1324
|
description: "Receipt is missing required exp claim",
|
|
1205
|
-
|
|
1325
|
+
retryable: false,
|
|
1326
|
+
next_action: "retry_with_different_input",
|
|
1206
1327
|
category: "validation"
|
|
1207
1328
|
},
|
|
1208
1329
|
E_MISSING_REQUIRED_CLAIM: {
|
|
@@ -1210,7 +1331,8 @@ var ERRORS = {
|
|
|
1210
1331
|
http_status: 400,
|
|
1211
1332
|
title: "Missing Required Claim",
|
|
1212
1333
|
description: "Receipt is missing a required JWT claim",
|
|
1213
|
-
|
|
1334
|
+
retryable: false,
|
|
1335
|
+
next_action: "retry_with_different_input",
|
|
1214
1336
|
category: "validation"
|
|
1215
1337
|
},
|
|
1216
1338
|
E_NOT_YET_VALID: {
|
|
@@ -1218,7 +1340,8 @@ var ERRORS = {
|
|
|
1218
1340
|
http_status: 400,
|
|
1219
1341
|
title: "Not Yet Valid",
|
|
1220
1342
|
description: "Receipt nbf (not before) time is in the future",
|
|
1221
|
-
|
|
1343
|
+
retryable: true,
|
|
1344
|
+
next_action: "retry_after_delay",
|
|
1222
1345
|
category: "validation"
|
|
1223
1346
|
},
|
|
1224
1347
|
E_PARSE_ATTESTATION_INVALID: {
|
|
@@ -1226,7 +1349,8 @@ var ERRORS = {
|
|
|
1226
1349
|
http_status: 400,
|
|
1227
1350
|
title: "Attestation Receipt Invalid",
|
|
1228
1351
|
description: "Receipt classified as attestation but fails attestation schema validation",
|
|
1229
|
-
|
|
1352
|
+
retryable: false,
|
|
1353
|
+
next_action: "retry_with_different_input",
|
|
1230
1354
|
category: "validation"
|
|
1231
1355
|
},
|
|
1232
1356
|
E_PARSE_COMMERCE_INVALID: {
|
|
@@ -1234,7 +1358,8 @@ var ERRORS = {
|
|
|
1234
1358
|
http_status: 400,
|
|
1235
1359
|
title: "Commerce Receipt Invalid",
|
|
1236
1360
|
description: "Receipt has commerce fields (amt/cur/payment) but fails commerce schema validation",
|
|
1237
|
-
|
|
1361
|
+
retryable: false,
|
|
1362
|
+
next_action: "retry_with_different_input",
|
|
1238
1363
|
category: "validation"
|
|
1239
1364
|
},
|
|
1240
1365
|
E_PARSE_INVALID_INPUT: {
|
|
@@ -1242,7 +1367,8 @@ var ERRORS = {
|
|
|
1242
1367
|
http_status: 400,
|
|
1243
1368
|
title: "Parse Invalid Input",
|
|
1244
1369
|
description: "Input to receipt parser is not a non-null object",
|
|
1245
|
-
|
|
1370
|
+
retryable: false,
|
|
1371
|
+
next_action: "retry_with_different_input",
|
|
1246
1372
|
category: "validation"
|
|
1247
1373
|
},
|
|
1248
1374
|
// Verification error codes
|
|
@@ -1251,7 +1377,8 @@ var ERRORS = {
|
|
|
1251
1377
|
http_status: 400,
|
|
1252
1378
|
title: "Invalid Signature",
|
|
1253
1379
|
description: "Receipt signature verification failed",
|
|
1254
|
-
|
|
1380
|
+
retryable: false,
|
|
1381
|
+
next_action: "abort",
|
|
1255
1382
|
category: "verification"
|
|
1256
1383
|
},
|
|
1257
1384
|
E_KEY_NOT_FOUND: {
|
|
@@ -1259,7 +1386,26 @@ var ERRORS = {
|
|
|
1259
1386
|
http_status: 400,
|
|
1260
1387
|
title: "Key Not Found",
|
|
1261
1388
|
description: "Public key with specified kid not found in JWKS",
|
|
1262
|
-
|
|
1389
|
+
retryable: false,
|
|
1390
|
+
next_action: "retry_with_different_key",
|
|
1391
|
+
category: "verification"
|
|
1392
|
+
},
|
|
1393
|
+
E_KID_REUSE_DETECTED: {
|
|
1394
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1395
|
+
http_status: 400,
|
|
1396
|
+
title: "Kid Reuse Detected",
|
|
1397
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1398
|
+
retryable: false,
|
|
1399
|
+
next_action: "abort",
|
|
1400
|
+
category: "verification"
|
|
1401
|
+
},
|
|
1402
|
+
E_REVOKED_KEY_USED: {
|
|
1403
|
+
code: "E_REVOKED_KEY_USED",
|
|
1404
|
+
http_status: 400,
|
|
1405
|
+
title: "Revoked Key Used",
|
|
1406
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1407
|
+
retryable: false,
|
|
1408
|
+
next_action: "retry_with_different_key",
|
|
1263
1409
|
category: "verification"
|
|
1264
1410
|
},
|
|
1265
1411
|
// Verifier error codes
|
|
@@ -1268,7 +1414,8 @@ var ERRORS = {
|
|
|
1268
1414
|
http_status: 400,
|
|
1269
1415
|
title: "Extension Too Large",
|
|
1270
1416
|
description: "Receipt extension data exceeds maximum size limit (64 KB)",
|
|
1271
|
-
|
|
1417
|
+
retryable: false,
|
|
1418
|
+
next_action: "abort",
|
|
1272
1419
|
category: "verifier"
|
|
1273
1420
|
},
|
|
1274
1421
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: {
|
|
@@ -1276,7 +1423,8 @@ var ERRORS = {
|
|
|
1276
1423
|
http_status: 403,
|
|
1277
1424
|
title: "Insecure Scheme Blocked",
|
|
1278
1425
|
description: "Non-HTTPS URL encountered during issuer discovery (issuer URL or jwks_uri)",
|
|
1279
|
-
|
|
1426
|
+
retryable: false,
|
|
1427
|
+
next_action: "abort",
|
|
1280
1428
|
category: "verifier"
|
|
1281
1429
|
},
|
|
1282
1430
|
E_VERIFY_INVALID_TRANSPORT: {
|
|
@@ -1284,7 +1432,8 @@ var ERRORS = {
|
|
|
1284
1432
|
http_status: 400,
|
|
1285
1433
|
title: "Invalid Transport",
|
|
1286
1434
|
description: "Multiple PEAC-Receipt or PEAC-Receipt-Pointer headers detected (ambiguous transport)",
|
|
1287
|
-
|
|
1435
|
+
retryable: false,
|
|
1436
|
+
next_action: "abort",
|
|
1288
1437
|
category: "verifier"
|
|
1289
1438
|
},
|
|
1290
1439
|
E_VERIFY_ISSUER_CONFIG_INVALID: {
|
|
@@ -1292,7 +1441,8 @@ var ERRORS = {
|
|
|
1292
1441
|
http_status: 502,
|
|
1293
1442
|
title: "Issuer Config Invalid",
|
|
1294
1443
|
description: "peac-issuer.json is not valid JSON or does not conform to issuer config schema",
|
|
1295
|
-
|
|
1444
|
+
retryable: false,
|
|
1445
|
+
next_action: "abort",
|
|
1296
1446
|
category: "verifier"
|
|
1297
1447
|
},
|
|
1298
1448
|
E_VERIFY_ISSUER_CONFIG_MISSING: {
|
|
@@ -1300,7 +1450,8 @@ var ERRORS = {
|
|
|
1300
1450
|
http_status: 502,
|
|
1301
1451
|
title: "Issuer Config Missing",
|
|
1302
1452
|
description: "peac-issuer.json not found or not fetchable at issuer origin",
|
|
1303
|
-
|
|
1453
|
+
retryable: true,
|
|
1454
|
+
next_action: "retry_after_delay",
|
|
1304
1455
|
category: "verifier"
|
|
1305
1456
|
},
|
|
1306
1457
|
E_VERIFY_ISSUER_MISMATCH: {
|
|
@@ -1308,7 +1459,8 @@ var ERRORS = {
|
|
|
1308
1459
|
http_status: 403,
|
|
1309
1460
|
title: "Issuer Mismatch",
|
|
1310
1461
|
description: "issuer field in peac-issuer.json does not match the expected issuer origin",
|
|
1311
|
-
|
|
1462
|
+
retryable: false,
|
|
1463
|
+
next_action: "abort",
|
|
1312
1464
|
category: "verifier"
|
|
1313
1465
|
},
|
|
1314
1466
|
E_VERIFY_ISSUER_NOT_ALLOWED: {
|
|
@@ -1316,7 +1468,8 @@ var ERRORS = {
|
|
|
1316
1468
|
http_status: 403,
|
|
1317
1469
|
title: "Issuer Not Allowed",
|
|
1318
1470
|
description: "Receipt issuer is not in the verifier policy allowlist",
|
|
1319
|
-
|
|
1471
|
+
retryable: false,
|
|
1472
|
+
next_action: "abort",
|
|
1320
1473
|
category: "verifier"
|
|
1321
1474
|
},
|
|
1322
1475
|
E_VERIFY_JWKS_INVALID: {
|
|
@@ -1324,7 +1477,8 @@ var ERRORS = {
|
|
|
1324
1477
|
http_status: 502,
|
|
1325
1478
|
title: "JWKS Invalid",
|
|
1326
1479
|
description: "JWKS response is not valid JSON or missing required keys array",
|
|
1327
|
-
|
|
1480
|
+
retryable: false,
|
|
1481
|
+
next_action: "abort",
|
|
1328
1482
|
category: "verifier"
|
|
1329
1483
|
},
|
|
1330
1484
|
E_VERIFY_JWKS_TOO_LARGE: {
|
|
@@ -1332,7 +1486,8 @@ var ERRORS = {
|
|
|
1332
1486
|
http_status: 400,
|
|
1333
1487
|
title: "JWKS Too Large",
|
|
1334
1488
|
description: "JWKS response exceeds maximum size limit (64 KB)",
|
|
1335
|
-
|
|
1489
|
+
retryable: false,
|
|
1490
|
+
next_action: "abort",
|
|
1336
1491
|
category: "verifier"
|
|
1337
1492
|
},
|
|
1338
1493
|
E_VERIFY_JWKS_TOO_MANY_KEYS: {
|
|
@@ -1340,7 +1495,8 @@ var ERRORS = {
|
|
|
1340
1495
|
http_status: 400,
|
|
1341
1496
|
title: "JWKS Too Many Keys",
|
|
1342
1497
|
description: "JWKS contains more than maximum allowed keys (20)",
|
|
1343
|
-
|
|
1498
|
+
retryable: false,
|
|
1499
|
+
next_action: "abort",
|
|
1344
1500
|
category: "verifier"
|
|
1345
1501
|
},
|
|
1346
1502
|
E_VERIFY_JWKS_URI_INVALID: {
|
|
@@ -1348,7 +1504,8 @@ var ERRORS = {
|
|
|
1348
1504
|
http_status: 502,
|
|
1349
1505
|
title: "JWKS URI Invalid",
|
|
1350
1506
|
description: "jwks_uri in peac-issuer.json is not a valid HTTPS URL",
|
|
1351
|
-
|
|
1507
|
+
retryable: false,
|
|
1508
|
+
next_action: "abort",
|
|
1352
1509
|
category: "verifier"
|
|
1353
1510
|
},
|
|
1354
1511
|
E_VERIFY_KEY_FETCH_BLOCKED: {
|
|
@@ -1356,7 +1513,8 @@ var ERRORS = {
|
|
|
1356
1513
|
http_status: 403,
|
|
1357
1514
|
title: "Key Fetch Blocked",
|
|
1358
1515
|
description: "JWKS discovery blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1359
|
-
|
|
1516
|
+
retryable: false,
|
|
1517
|
+
next_action: "abort",
|
|
1360
1518
|
category: "verifier"
|
|
1361
1519
|
},
|
|
1362
1520
|
E_VERIFY_KEY_FETCH_FAILED: {
|
|
@@ -1364,7 +1522,8 @@ var ERRORS = {
|
|
|
1364
1522
|
http_status: 502,
|
|
1365
1523
|
title: "Key Fetch Failed",
|
|
1366
1524
|
description: "Network error while fetching JWKS from issuer",
|
|
1367
|
-
|
|
1525
|
+
retryable: true,
|
|
1526
|
+
next_action: "retry_after_delay",
|
|
1368
1527
|
category: "verifier"
|
|
1369
1528
|
},
|
|
1370
1529
|
E_VERIFY_KEY_FETCH_TIMEOUT: {
|
|
@@ -1372,7 +1531,8 @@ var ERRORS = {
|
|
|
1372
1531
|
http_status: 504,
|
|
1373
1532
|
title: "Key Fetch Timeout",
|
|
1374
1533
|
description: "JWKS discovery timed out (5 second limit)",
|
|
1375
|
-
|
|
1534
|
+
retryable: true,
|
|
1535
|
+
next_action: "retry_after_delay",
|
|
1376
1536
|
category: "verifier"
|
|
1377
1537
|
},
|
|
1378
1538
|
E_VERIFY_MALFORMED_RECEIPT: {
|
|
@@ -1380,7 +1540,8 @@ var ERRORS = {
|
|
|
1380
1540
|
http_status: 400,
|
|
1381
1541
|
title: "Malformed Receipt",
|
|
1382
1542
|
description: "Cannot parse receipt as JWS Compact Serialization",
|
|
1383
|
-
|
|
1543
|
+
retryable: false,
|
|
1544
|
+
next_action: "abort",
|
|
1384
1545
|
category: "verifier"
|
|
1385
1546
|
},
|
|
1386
1547
|
E_VERIFY_POINTER_DIGEST_MISMATCH: {
|
|
@@ -1388,7 +1549,8 @@ var ERRORS = {
|
|
|
1388
1549
|
http_status: 400,
|
|
1389
1550
|
title: "Pointer Digest Mismatch",
|
|
1390
1551
|
description: "Fetched receipt SHA-256 digest does not match pointer declaration",
|
|
1391
|
-
|
|
1552
|
+
retryable: false,
|
|
1553
|
+
next_action: "abort",
|
|
1392
1554
|
category: "verifier"
|
|
1393
1555
|
},
|
|
1394
1556
|
E_VERIFY_POINTER_FETCH_BLOCKED: {
|
|
@@ -1396,7 +1558,8 @@ var ERRORS = {
|
|
|
1396
1558
|
http_status: 403,
|
|
1397
1559
|
title: "Pointer Fetch Blocked",
|
|
1398
1560
|
description: "Pointer URL fetch blocked by SSRF protection (private IP, non-HTTPS, or blocked redirect)",
|
|
1399
|
-
|
|
1561
|
+
retryable: false,
|
|
1562
|
+
next_action: "abort",
|
|
1400
1563
|
category: "verifier"
|
|
1401
1564
|
},
|
|
1402
1565
|
E_VERIFY_POINTER_FETCH_FAILED: {
|
|
@@ -1404,7 +1567,8 @@ var ERRORS = {
|
|
|
1404
1567
|
http_status: 502,
|
|
1405
1568
|
title: "Pointer Fetch Failed",
|
|
1406
1569
|
description: "Network error while fetching receipt from pointer URL",
|
|
1407
|
-
|
|
1570
|
+
retryable: true,
|
|
1571
|
+
next_action: "retry_after_delay",
|
|
1408
1572
|
category: "verifier"
|
|
1409
1573
|
},
|
|
1410
1574
|
E_VERIFY_POINTER_FETCH_TIMEOUT: {
|
|
@@ -1412,7 +1576,8 @@ var ERRORS = {
|
|
|
1412
1576
|
http_status: 504,
|
|
1413
1577
|
title: "Pointer Fetch Timeout",
|
|
1414
1578
|
description: "Pointer URL fetch timed out (5 second limit)",
|
|
1415
|
-
|
|
1579
|
+
retryable: true,
|
|
1580
|
+
next_action: "retry_after_delay",
|
|
1416
1581
|
category: "verifier"
|
|
1417
1582
|
},
|
|
1418
1583
|
E_VERIFY_POINTER_FETCH_TOO_LARGE: {
|
|
@@ -1420,7 +1585,8 @@ var ERRORS = {
|
|
|
1420
1585
|
http_status: 413,
|
|
1421
1586
|
title: "Pointer Fetch Too Large",
|
|
1422
1587
|
description: "Pointer URL response exceeds maximum size limit (256 KB)",
|
|
1423
|
-
|
|
1588
|
+
retryable: false,
|
|
1589
|
+
next_action: "abort",
|
|
1424
1590
|
category: "verifier"
|
|
1425
1591
|
},
|
|
1426
1592
|
E_VERIFY_POLICY_VIOLATION: {
|
|
@@ -1428,7 +1594,8 @@ var ERRORS = {
|
|
|
1428
1594
|
http_status: 403,
|
|
1429
1595
|
title: "Policy Violation",
|
|
1430
1596
|
description: "Receipt violates verifier trust policy",
|
|
1431
|
-
|
|
1597
|
+
retryable: false,
|
|
1598
|
+
next_action: "abort",
|
|
1432
1599
|
category: "verifier"
|
|
1433
1600
|
},
|
|
1434
1601
|
E_VERIFY_RECEIPT_TOO_LARGE: {
|
|
@@ -1436,7 +1603,8 @@ var ERRORS = {
|
|
|
1436
1603
|
http_status: 413,
|
|
1437
1604
|
title: "Receipt Too Large",
|
|
1438
1605
|
description: "Receipt exceeds maximum size limit (256 KB)",
|
|
1439
|
-
|
|
1606
|
+
retryable: false,
|
|
1607
|
+
next_action: "abort",
|
|
1440
1608
|
category: "verifier"
|
|
1441
1609
|
},
|
|
1442
1610
|
E_VERIFY_SCHEMA_INVALID: {
|
|
@@ -1444,7 +1612,8 @@ var ERRORS = {
|
|
|
1444
1612
|
http_status: 400,
|
|
1445
1613
|
title: "Schema Invalid",
|
|
1446
1614
|
description: "Receipt claims do not conform to expected schema",
|
|
1447
|
-
|
|
1615
|
+
retryable: false,
|
|
1616
|
+
next_action: "abort",
|
|
1448
1617
|
category: "verifier"
|
|
1449
1618
|
},
|
|
1450
1619
|
// Workflow error codes
|
|
@@ -1453,7 +1622,8 @@ var ERRORS = {
|
|
|
1453
1622
|
http_status: 400,
|
|
1454
1623
|
title: "Invalid Workflow Context",
|
|
1455
1624
|
description: "Workflow context does not conform to WorkflowContextSchema",
|
|
1456
|
-
|
|
1625
|
+
retryable: false,
|
|
1626
|
+
next_action: "retry_with_different_input",
|
|
1457
1627
|
category: "workflow"
|
|
1458
1628
|
},
|
|
1459
1629
|
E_WORKFLOW_CYCLE_DETECTED: {
|
|
@@ -1461,7 +1631,8 @@ var ERRORS = {
|
|
|
1461
1631
|
http_status: 400,
|
|
1462
1632
|
title: "Workflow Cycle Detected",
|
|
1463
1633
|
description: "Workflow DAG contains a cycle (not acyclic)",
|
|
1464
|
-
|
|
1634
|
+
retryable: false,
|
|
1635
|
+
next_action: "retry_with_different_input",
|
|
1465
1636
|
category: "workflow"
|
|
1466
1637
|
},
|
|
1467
1638
|
E_WORKFLOW_DAG_INVALID: {
|
|
@@ -1469,7 +1640,8 @@ var ERRORS = {
|
|
|
1469
1640
|
http_status: 400,
|
|
1470
1641
|
title: "Invalid Workflow DAG",
|
|
1471
1642
|
description: "Workflow DAG semantics violated (self-parent, duplicate parents, or cycle detected)",
|
|
1472
|
-
|
|
1643
|
+
retryable: false,
|
|
1644
|
+
next_action: "retry_with_different_input",
|
|
1473
1645
|
category: "workflow"
|
|
1474
1646
|
},
|
|
1475
1647
|
E_WORKFLOW_ID_INVALID: {
|
|
@@ -1477,7 +1649,8 @@ var ERRORS = {
|
|
|
1477
1649
|
http_status: 400,
|
|
1478
1650
|
title: "Invalid Workflow ID",
|
|
1479
1651
|
description: "Workflow ID does not match required format (wf_{ulid|uuid})",
|
|
1480
|
-
|
|
1652
|
+
retryable: false,
|
|
1653
|
+
next_action: "retry_with_different_input",
|
|
1481
1654
|
category: "workflow"
|
|
1482
1655
|
},
|
|
1483
1656
|
E_WORKFLOW_LIMIT_EXCEEDED: {
|
|
@@ -1485,7 +1658,8 @@ var ERRORS = {
|
|
|
1485
1658
|
http_status: 400,
|
|
1486
1659
|
title: "Workflow Limit Exceeded",
|
|
1487
1660
|
description: "Workflow exceeds defined limits (parent count, ID length, etc.)",
|
|
1488
|
-
|
|
1661
|
+
retryable: false,
|
|
1662
|
+
next_action: "retry_with_different_input",
|
|
1489
1663
|
category: "workflow"
|
|
1490
1664
|
},
|
|
1491
1665
|
E_WORKFLOW_PARENT_NOT_FOUND: {
|
|
@@ -1493,7 +1667,8 @@ var ERRORS = {
|
|
|
1493
1667
|
http_status: 400,
|
|
1494
1668
|
title: "Parent Step Not Found",
|
|
1495
1669
|
description: "Referenced parent step ID does not exist in the workflow",
|
|
1496
|
-
|
|
1670
|
+
retryable: false,
|
|
1671
|
+
next_action: "retry_with_different_input",
|
|
1497
1672
|
category: "workflow"
|
|
1498
1673
|
},
|
|
1499
1674
|
E_WORKFLOW_STEP_ID_INVALID: {
|
|
@@ -1501,7 +1676,8 @@ var ERRORS = {
|
|
|
1501
1676
|
http_status: 400,
|
|
1502
1677
|
title: "Invalid Step ID",
|
|
1503
1678
|
description: "Step ID does not match required format (step_{ulid|uuid})",
|
|
1504
|
-
|
|
1679
|
+
retryable: false,
|
|
1680
|
+
next_action: "retry_with_different_input",
|
|
1505
1681
|
category: "workflow"
|
|
1506
1682
|
},
|
|
1507
1683
|
E_WORKFLOW_SUMMARY_INVALID: {
|
|
@@ -1509,15 +1685,16 @@ var ERRORS = {
|
|
|
1509
1685
|
http_status: 400,
|
|
1510
1686
|
title: "Invalid Workflow Summary",
|
|
1511
1687
|
description: "Workflow summary attestation does not conform to schema",
|
|
1512
|
-
|
|
1688
|
+
retryable: false,
|
|
1689
|
+
next_action: "retry_with_different_input",
|
|
1513
1690
|
category: "workflow"
|
|
1514
1691
|
}
|
|
1515
1692
|
};
|
|
1516
1693
|
function getError(code) {
|
|
1517
1694
|
return ERRORS[code];
|
|
1518
1695
|
}
|
|
1519
|
-
function
|
|
1520
|
-
return ERRORS[code]?.
|
|
1696
|
+
function isRetryable(code) {
|
|
1697
|
+
return ERRORS[code]?.retryable ?? false;
|
|
1521
1698
|
}
|
|
1522
1699
|
var BUNDLE_ERRORS = {
|
|
1523
1700
|
DUPLICATE_RECEIPT: "E_BUNDLE_DUPLICATE_RECEIPT",
|
|
@@ -1707,7 +1884,8 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1707
1884
|
|
|
1708
1885
|
// src/carrier.ts
|
|
1709
1886
|
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1887
|
+
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1710
1888
|
|
|
1711
|
-
export { AGENT_PROTOCOLS, ALGORITHMS, BUNDLE_ERRORS, BUNDLE_VERSION, CONSTANTS, CONTROL_ENGINES, DISCOVERY, DISPUTE_ERRORS, ERRORS, ERROR_CATEGORIES, ERROR_CODES, HASH, HEADERS, ISSUER_CONFIG, JWKS, LIMITS, PAYMENT_RAILS, PEAC_RECEIPT_HEADER, POLICY, PRIVATE_IP_RANGES, RECEIPT, REGISTRIES, TRANSPORT_METHODS, VARY_HEADERS, VERIFICATION_MODES, VERIFICATION_REPORT_VERSION, VERIFIER_LIMITS, VERIFIER_NETWORK, VERIFIER_POLICY_VERSION, WIRE_TYPE, WIRE_VERSION, applyPurposeVary, findAgentProtocol, findControlEngine, findPaymentRail, findTransportMethod, formatHash, getError, getPeacVaryHeaders,
|
|
1889
|
+
export { AGENT_PROTOCOLS, ALGORITHMS, BUNDLE_ERRORS, BUNDLE_VERSION, CONSTANTS, CONTROL_ENGINES, DISCOVERY, DISPUTE_ERRORS, ERRORS, ERROR_CATEGORIES, ERROR_CODES, HASH, HEADERS, ISSUER_CONFIG, JWKS, LIMITS, PAYMENT_RAILS, PEAC_RECEIPT_HEADER, PEAC_RECEIPT_URL_HEADER, POLICY, PRIVATE_IP_RANGES, RECEIPT, REGISTRIES, TRANSPORT_METHODS, VARY_HEADERS, VERIFICATION_MODES, VERIFICATION_REPORT_VERSION, VERIFIER_LIMITS, VERIFIER_NETWORK, VERIFIER_POLICY_VERSION, WIRE_TYPE, WIRE_VERSION, applyPurposeVary, findAgentProtocol, findControlEngine, findPaymentRail, findTransportMethod, formatHash, getError, getPeacVaryHeaders, isRetryable, isValidHash, needsPurposeVary, parseHash };
|
|
1712
1890
|
//# sourceMappingURL=index.mjs.map
|
|
1713
1891
|
//# sourceMappingURL=index.mjs.map
|