@peac/kernel 0.11.2 → 0.12.0-preview.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -5
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/constants.cjs +35 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +93 -10
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +26 -2
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +2 -2
- package/dist/error-categories.generated.d.ts.map +1 -1
- package/dist/errors.cjs +182 -0
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.generated.d.ts +19 -1
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +182 -0
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +218 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +209 -2
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs +1 -0
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs +1 -0
- package/dist/types.mjs.map +1 -1
- package/dist/wire-02-types.d.ts +60 -0
- package/dist/wire-02-types.d.ts.map +1 -0
- package/package.json +1 -1
package/dist/errors.cjs
CHANGED
|
@@ -36,6 +36,12 @@ var ERROR_CODES = {
|
|
|
36
36
|
// Control error codes
|
|
37
37
|
E_CONTROL_DENIED: "E_CONTROL_DENIED",
|
|
38
38
|
E_CONTROL_REVIEW_REQUIRED: "E_CONTROL_REVIEW_REQUIRED",
|
|
39
|
+
// Cryptography error codes
|
|
40
|
+
E_JWS_B64_REJECTED: "E_JWS_B64_REJECTED",
|
|
41
|
+
E_JWS_CRIT_REJECTED: "E_JWS_CRIT_REJECTED",
|
|
42
|
+
E_JWS_EMBEDDED_KEY: "E_JWS_EMBEDDED_KEY",
|
|
43
|
+
E_JWS_MISSING_KID: "E_JWS_MISSING_KID",
|
|
44
|
+
E_JWS_ZIP_REJECTED: "E_JWS_ZIP_REJECTED",
|
|
39
45
|
// Dispute error codes
|
|
40
46
|
E_DISPUTE_DUPLICATE: "E_DISPUTE_DUPLICATE",
|
|
41
47
|
E_DISPUTE_EXPIRED: "E_DISPUTE_EXPIRED",
|
|
@@ -65,6 +71,7 @@ var ERROR_CODES = {
|
|
|
65
71
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
66
72
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
67
73
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
74
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
68
75
|
// Infrastructure error codes
|
|
69
76
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
70
77
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -115,18 +122,30 @@ var ERROR_CODES = {
|
|
|
115
122
|
E_INVALID_CURRENCY: "E_INVALID_CURRENCY",
|
|
116
123
|
E_INVALID_FORMAT: "E_INVALID_FORMAT",
|
|
117
124
|
E_INVALID_ISSUER: "E_INVALID_ISSUER",
|
|
125
|
+
E_INVALID_KIND: "E_INVALID_KIND",
|
|
126
|
+
E_INVALID_PILLAR_VALUE: "E_INVALID_PILLAR_VALUE",
|
|
118
127
|
E_INVALID_RAIL: "E_INVALID_RAIL",
|
|
119
128
|
E_INVALID_RECEIPT_ID: "E_INVALID_RECEIPT_ID",
|
|
120
129
|
E_INVALID_SUBJECT: "E_INVALID_SUBJECT",
|
|
130
|
+
E_INVALID_TYPE: "E_INVALID_TYPE",
|
|
131
|
+
E_ISS_NOT_CANONICAL: "E_ISS_NOT_CANONICAL",
|
|
121
132
|
E_MISSING_EXP: "E_MISSING_EXP",
|
|
122
133
|
E_MISSING_REQUIRED_CLAIM: "E_MISSING_REQUIRED_CLAIM",
|
|
123
134
|
E_NOT_YET_VALID: "E_NOT_YET_VALID",
|
|
135
|
+
E_OCCURRED_AT_FUTURE: "E_OCCURRED_AT_FUTURE",
|
|
136
|
+
E_OCCURRED_AT_ON_CHALLENGE: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
124
137
|
E_PARSE_ATTESTATION_INVALID: "E_PARSE_ATTESTATION_INVALID",
|
|
125
138
|
E_PARSE_COMMERCE_INVALID: "E_PARSE_COMMERCE_INVALID",
|
|
126
139
|
E_PARSE_INVALID_INPUT: "E_PARSE_INVALID_INPUT",
|
|
140
|
+
E_PILLARS_NOT_SORTED: "E_PILLARS_NOT_SORTED",
|
|
141
|
+
E_POLICY_BINDING_FAILED: "E_POLICY_BINDING_FAILED",
|
|
142
|
+
E_UNSUPPORTED_WIRE_VERSION: "E_UNSUPPORTED_WIRE_VERSION",
|
|
143
|
+
E_WIRE_VERSION_MISMATCH: "E_WIRE_VERSION_MISMATCH",
|
|
127
144
|
// Verification error codes
|
|
128
145
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
129
146
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
147
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
148
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
130
149
|
// Verifier error codes
|
|
131
150
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
132
151
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -444,6 +463,52 @@ var ERRORS = {
|
|
|
444
463
|
next_action: "contact_issuer",
|
|
445
464
|
category: "control"
|
|
446
465
|
},
|
|
466
|
+
// Cryptography error codes
|
|
467
|
+
E_JWS_B64_REJECTED: {
|
|
468
|
+
code: "E_JWS_B64_REJECTED",
|
|
469
|
+
http_status: 400,
|
|
470
|
+
title: "JWS b64:false Rejected",
|
|
471
|
+
description: "JWS header contains b64:false (RFC 7797 unencoded payload); unencoded payloads are not supported",
|
|
472
|
+
retryable: false,
|
|
473
|
+
next_action: "abort",
|
|
474
|
+
category: "cryptography"
|
|
475
|
+
},
|
|
476
|
+
E_JWS_CRIT_REJECTED: {
|
|
477
|
+
code: "E_JWS_CRIT_REJECTED",
|
|
478
|
+
http_status: 400,
|
|
479
|
+
title: "JWS crit Header Rejected",
|
|
480
|
+
description: "JWS header contains a crit field; critical header extensions are not supported and are rejected",
|
|
481
|
+
retryable: false,
|
|
482
|
+
next_action: "abort",
|
|
483
|
+
category: "cryptography"
|
|
484
|
+
},
|
|
485
|
+
E_JWS_EMBEDDED_KEY: {
|
|
486
|
+
code: "E_JWS_EMBEDDED_KEY",
|
|
487
|
+
http_status: 400,
|
|
488
|
+
title: "JWS Embedded Key Rejected",
|
|
489
|
+
description: "JWS header contains an embedded key (jwk, x5c, x5u, or jku); embedded key material is rejected by the PEAC JOSE hardening rules",
|
|
490
|
+
retryable: false,
|
|
491
|
+
next_action: "abort",
|
|
492
|
+
category: "cryptography"
|
|
493
|
+
},
|
|
494
|
+
E_JWS_MISSING_KID: {
|
|
495
|
+
code: "E_JWS_MISSING_KID",
|
|
496
|
+
http_status: 400,
|
|
497
|
+
title: "JWS kid Missing or Invalid",
|
|
498
|
+
description: "JWS header kid field is absent, empty, or exceeds the maximum allowed length (256 characters)",
|
|
499
|
+
retryable: false,
|
|
500
|
+
next_action: "abort",
|
|
501
|
+
category: "cryptography"
|
|
502
|
+
},
|
|
503
|
+
E_JWS_ZIP_REJECTED: {
|
|
504
|
+
code: "E_JWS_ZIP_REJECTED",
|
|
505
|
+
http_status: 400,
|
|
506
|
+
title: "JWS zip Header Rejected",
|
|
507
|
+
description: "JWS header contains a zip compression field; payload compression is not supported",
|
|
508
|
+
retryable: false,
|
|
509
|
+
next_action: "abort",
|
|
510
|
+
category: "cryptography"
|
|
511
|
+
},
|
|
447
512
|
// Dispute error codes
|
|
448
513
|
E_DISPUTE_DUPLICATE: {
|
|
449
514
|
code: "E_DISPUTE_DUPLICATE",
|
|
@@ -689,6 +754,15 @@ var ERRORS = {
|
|
|
689
754
|
next_action: "retry_with_different_input",
|
|
690
755
|
category: "identity"
|
|
691
756
|
},
|
|
757
|
+
E_MVIS_INCOMPLETE: {
|
|
758
|
+
code: "E_MVIS_INCOMPLETE",
|
|
759
|
+
http_status: 400,
|
|
760
|
+
title: "MVIS Incomplete",
|
|
761
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
762
|
+
retryable: false,
|
|
763
|
+
next_action: "retry_with_different_input",
|
|
764
|
+
category: "identity"
|
|
765
|
+
},
|
|
692
766
|
// Infrastructure error codes
|
|
693
767
|
E_CIRCUIT_BREAKER_OPEN: {
|
|
694
768
|
code: "E_CIRCUIT_BREAKER_OPEN",
|
|
@@ -1107,6 +1181,24 @@ var ERRORS = {
|
|
|
1107
1181
|
next_action: "retry_with_different_input",
|
|
1108
1182
|
category: "validation"
|
|
1109
1183
|
},
|
|
1184
|
+
E_INVALID_KIND: {
|
|
1185
|
+
code: "E_INVALID_KIND",
|
|
1186
|
+
http_status: 400,
|
|
1187
|
+
title: "Invalid Kind",
|
|
1188
|
+
description: "Wire 0.2 receipt kind field is missing or not one of the accepted structural kinds (evidence, challenge)",
|
|
1189
|
+
retryable: false,
|
|
1190
|
+
next_action: "abort",
|
|
1191
|
+
category: "validation"
|
|
1192
|
+
},
|
|
1193
|
+
E_INVALID_PILLAR_VALUE: {
|
|
1194
|
+
code: "E_INVALID_PILLAR_VALUE",
|
|
1195
|
+
http_status: 400,
|
|
1196
|
+
title: "Invalid Pillar Value",
|
|
1197
|
+
description: "Wire 0.2 pillars array contains an unrecognized pillar value outside the closed 10-value taxonomy",
|
|
1198
|
+
retryable: false,
|
|
1199
|
+
next_action: "abort",
|
|
1200
|
+
category: "validation"
|
|
1201
|
+
},
|
|
1110
1202
|
E_INVALID_RAIL: {
|
|
1111
1203
|
code: "E_INVALID_RAIL",
|
|
1112
1204
|
http_status: 400,
|
|
@@ -1134,6 +1226,24 @@ var ERRORS = {
|
|
|
1134
1226
|
next_action: "retry_with_different_input",
|
|
1135
1227
|
category: "validation"
|
|
1136
1228
|
},
|
|
1229
|
+
E_INVALID_TYPE: {
|
|
1230
|
+
code: "E_INVALID_TYPE",
|
|
1231
|
+
http_status: 400,
|
|
1232
|
+
title: "Invalid Type",
|
|
1233
|
+
description: "Wire 0.2 receipt type field is missing or does not conform to the required grammar (reverse-DNS or absolute URI)",
|
|
1234
|
+
retryable: false,
|
|
1235
|
+
next_action: "abort",
|
|
1236
|
+
category: "validation"
|
|
1237
|
+
},
|
|
1238
|
+
E_ISS_NOT_CANONICAL: {
|
|
1239
|
+
code: "E_ISS_NOT_CANONICAL",
|
|
1240
|
+
http_status: 400,
|
|
1241
|
+
title: "Issuer Not Canonical",
|
|
1242
|
+
description: "Wire 0.2 iss claim does not conform to canonical form: must be an https:// ASCII origin (no default port, no path) or a did: identifier",
|
|
1243
|
+
retryable: false,
|
|
1244
|
+
next_action: "abort",
|
|
1245
|
+
category: "validation"
|
|
1246
|
+
},
|
|
1137
1247
|
E_MISSING_EXP: {
|
|
1138
1248
|
code: "E_MISSING_EXP",
|
|
1139
1249
|
http_status: 400,
|
|
@@ -1161,6 +1271,24 @@ var ERRORS = {
|
|
|
1161
1271
|
next_action: "retry_after_delay",
|
|
1162
1272
|
category: "validation"
|
|
1163
1273
|
},
|
|
1274
|
+
E_OCCURRED_AT_FUTURE: {
|
|
1275
|
+
code: "E_OCCURRED_AT_FUTURE",
|
|
1276
|
+
http_status: 400,
|
|
1277
|
+
title: "occurred_at in Future",
|
|
1278
|
+
description: "Wire 0.2 occurred_at is more than the tolerance window ahead of the current time; the timestamp appears to be in the future",
|
|
1279
|
+
retryable: false,
|
|
1280
|
+
next_action: "retry_after_delay",
|
|
1281
|
+
category: "validation"
|
|
1282
|
+
},
|
|
1283
|
+
E_OCCURRED_AT_ON_CHALLENGE: {
|
|
1284
|
+
code: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
1285
|
+
http_status: 400,
|
|
1286
|
+
title: "occurred_at on Challenge",
|
|
1287
|
+
description: "Wire 0.2 occurred_at field is present on a challenge-kind receipt; occurred_at is only permitted on evidence-kind receipts",
|
|
1288
|
+
retryable: false,
|
|
1289
|
+
next_action: "abort",
|
|
1290
|
+
category: "validation"
|
|
1291
|
+
},
|
|
1164
1292
|
E_PARSE_ATTESTATION_INVALID: {
|
|
1165
1293
|
code: "E_PARSE_ATTESTATION_INVALID",
|
|
1166
1294
|
http_status: 400,
|
|
@@ -1188,6 +1316,42 @@ var ERRORS = {
|
|
|
1188
1316
|
next_action: "retry_with_different_input",
|
|
1189
1317
|
category: "validation"
|
|
1190
1318
|
},
|
|
1319
|
+
E_PILLARS_NOT_SORTED: {
|
|
1320
|
+
code: "E_PILLARS_NOT_SORTED",
|
|
1321
|
+
http_status: 400,
|
|
1322
|
+
title: "Pillars Not Sorted",
|
|
1323
|
+
description: "Wire 0.2 pillars array is not in ascending lexicographic order or contains duplicates",
|
|
1324
|
+
retryable: false,
|
|
1325
|
+
next_action: "abort",
|
|
1326
|
+
category: "validation"
|
|
1327
|
+
},
|
|
1328
|
+
E_POLICY_BINDING_FAILED: {
|
|
1329
|
+
code: "E_POLICY_BINDING_FAILED",
|
|
1330
|
+
http_status: 400,
|
|
1331
|
+
title: "Policy Binding Failed",
|
|
1332
|
+
description: "Wire 0.2 policy.digest does not match the computed digest of the provided policy document",
|
|
1333
|
+
retryable: false,
|
|
1334
|
+
next_action: "none",
|
|
1335
|
+
category: "validation"
|
|
1336
|
+
},
|
|
1337
|
+
E_UNSUPPORTED_WIRE_VERSION: {
|
|
1338
|
+
code: "E_UNSUPPORTED_WIRE_VERSION",
|
|
1339
|
+
http_status: 400,
|
|
1340
|
+
title: "Unsupported Wire Version",
|
|
1341
|
+
description: "Receipt peac_version field specifies a wire version that is not supported by this implementation",
|
|
1342
|
+
retryable: false,
|
|
1343
|
+
next_action: "abort",
|
|
1344
|
+
category: "validation"
|
|
1345
|
+
},
|
|
1346
|
+
E_WIRE_VERSION_MISMATCH: {
|
|
1347
|
+
code: "E_WIRE_VERSION_MISMATCH",
|
|
1348
|
+
http_status: 400,
|
|
1349
|
+
title: "Wire Version Mismatch",
|
|
1350
|
+
description: "JWS header typ value and peac_version payload claim indicate different wire versions; the receipt is incoherent",
|
|
1351
|
+
retryable: false,
|
|
1352
|
+
next_action: "abort",
|
|
1353
|
+
category: "validation"
|
|
1354
|
+
},
|
|
1191
1355
|
// Verification error codes
|
|
1192
1356
|
E_INVALID_SIGNATURE: {
|
|
1193
1357
|
code: "E_INVALID_SIGNATURE",
|
|
@@ -1207,6 +1371,24 @@ var ERRORS = {
|
|
|
1207
1371
|
next_action: "retry_with_different_key",
|
|
1208
1372
|
category: "verification"
|
|
1209
1373
|
},
|
|
1374
|
+
E_KID_REUSE_DETECTED: {
|
|
1375
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1376
|
+
http_status: 400,
|
|
1377
|
+
title: "Kid Reuse Detected",
|
|
1378
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1379
|
+
retryable: false,
|
|
1380
|
+
next_action: "abort",
|
|
1381
|
+
category: "verification"
|
|
1382
|
+
},
|
|
1383
|
+
E_REVOKED_KEY_USED: {
|
|
1384
|
+
code: "E_REVOKED_KEY_USED",
|
|
1385
|
+
http_status: 400,
|
|
1386
|
+
title: "Revoked Key Used",
|
|
1387
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1388
|
+
retryable: false,
|
|
1389
|
+
next_action: "retry_with_different_key",
|
|
1390
|
+
category: "verification"
|
|
1391
|
+
},
|
|
1210
1392
|
// Verifier error codes
|
|
1211
1393
|
E_VERIFY_EXTENSION_TOO_LARGE: {
|
|
1212
1394
|
code: "E_VERIFY_EXTENSION_TOO_LARGE",
|