@peac/kernel 0.11.2 → 0.12.0-preview.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -5
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/constants.cjs +35 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +93 -10
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +26 -2
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +2 -2
- package/dist/error-categories.generated.d.ts.map +1 -1
- package/dist/errors.cjs +182 -0
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.generated.d.ts +19 -1
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +182 -0
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +218 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +209 -2
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs +1 -0
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs +1 -0
- package/dist/types.mjs.map +1 -1
- package/dist/wire-02-types.d.ts +60 -0
- package/dist/wire-02-types.d.ts.map +1 -0
- package/package.json +1 -1
package/dist/errors.mjs
CHANGED
|
@@ -34,6 +34,12 @@ var ERROR_CODES = {
|
|
|
34
34
|
// Control error codes
|
|
35
35
|
E_CONTROL_DENIED: "E_CONTROL_DENIED",
|
|
36
36
|
E_CONTROL_REVIEW_REQUIRED: "E_CONTROL_REVIEW_REQUIRED",
|
|
37
|
+
// Cryptography error codes
|
|
38
|
+
E_JWS_B64_REJECTED: "E_JWS_B64_REJECTED",
|
|
39
|
+
E_JWS_CRIT_REJECTED: "E_JWS_CRIT_REJECTED",
|
|
40
|
+
E_JWS_EMBEDDED_KEY: "E_JWS_EMBEDDED_KEY",
|
|
41
|
+
E_JWS_MISSING_KID: "E_JWS_MISSING_KID",
|
|
42
|
+
E_JWS_ZIP_REJECTED: "E_JWS_ZIP_REJECTED",
|
|
37
43
|
// Dispute error codes
|
|
38
44
|
E_DISPUTE_DUPLICATE: "E_DISPUTE_DUPLICATE",
|
|
39
45
|
E_DISPUTE_EXPIRED: "E_DISPUTE_EXPIRED",
|
|
@@ -63,6 +69,7 @@ var ERROR_CODES = {
|
|
|
63
69
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
64
70
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
65
71
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
72
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
66
73
|
// Infrastructure error codes
|
|
67
74
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
68
75
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -113,18 +120,30 @@ var ERROR_CODES = {
|
|
|
113
120
|
E_INVALID_CURRENCY: "E_INVALID_CURRENCY",
|
|
114
121
|
E_INVALID_FORMAT: "E_INVALID_FORMAT",
|
|
115
122
|
E_INVALID_ISSUER: "E_INVALID_ISSUER",
|
|
123
|
+
E_INVALID_KIND: "E_INVALID_KIND",
|
|
124
|
+
E_INVALID_PILLAR_VALUE: "E_INVALID_PILLAR_VALUE",
|
|
116
125
|
E_INVALID_RAIL: "E_INVALID_RAIL",
|
|
117
126
|
E_INVALID_RECEIPT_ID: "E_INVALID_RECEIPT_ID",
|
|
118
127
|
E_INVALID_SUBJECT: "E_INVALID_SUBJECT",
|
|
128
|
+
E_INVALID_TYPE: "E_INVALID_TYPE",
|
|
129
|
+
E_ISS_NOT_CANONICAL: "E_ISS_NOT_CANONICAL",
|
|
119
130
|
E_MISSING_EXP: "E_MISSING_EXP",
|
|
120
131
|
E_MISSING_REQUIRED_CLAIM: "E_MISSING_REQUIRED_CLAIM",
|
|
121
132
|
E_NOT_YET_VALID: "E_NOT_YET_VALID",
|
|
133
|
+
E_OCCURRED_AT_FUTURE: "E_OCCURRED_AT_FUTURE",
|
|
134
|
+
E_OCCURRED_AT_ON_CHALLENGE: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
122
135
|
E_PARSE_ATTESTATION_INVALID: "E_PARSE_ATTESTATION_INVALID",
|
|
123
136
|
E_PARSE_COMMERCE_INVALID: "E_PARSE_COMMERCE_INVALID",
|
|
124
137
|
E_PARSE_INVALID_INPUT: "E_PARSE_INVALID_INPUT",
|
|
138
|
+
E_PILLARS_NOT_SORTED: "E_PILLARS_NOT_SORTED",
|
|
139
|
+
E_POLICY_BINDING_FAILED: "E_POLICY_BINDING_FAILED",
|
|
140
|
+
E_UNSUPPORTED_WIRE_VERSION: "E_UNSUPPORTED_WIRE_VERSION",
|
|
141
|
+
E_WIRE_VERSION_MISMATCH: "E_WIRE_VERSION_MISMATCH",
|
|
125
142
|
// Verification error codes
|
|
126
143
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
127
144
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
145
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
146
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
128
147
|
// Verifier error codes
|
|
129
148
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
130
149
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -442,6 +461,52 @@ var ERRORS = {
|
|
|
442
461
|
next_action: "contact_issuer",
|
|
443
462
|
category: "control"
|
|
444
463
|
},
|
|
464
|
+
// Cryptography error codes
|
|
465
|
+
E_JWS_B64_REJECTED: {
|
|
466
|
+
code: "E_JWS_B64_REJECTED",
|
|
467
|
+
http_status: 400,
|
|
468
|
+
title: "JWS b64:false Rejected",
|
|
469
|
+
description: "JWS header contains b64:false (RFC 7797 unencoded payload); unencoded payloads are not supported",
|
|
470
|
+
retryable: false,
|
|
471
|
+
next_action: "abort",
|
|
472
|
+
category: "cryptography"
|
|
473
|
+
},
|
|
474
|
+
E_JWS_CRIT_REJECTED: {
|
|
475
|
+
code: "E_JWS_CRIT_REJECTED",
|
|
476
|
+
http_status: 400,
|
|
477
|
+
title: "JWS crit Header Rejected",
|
|
478
|
+
description: "JWS header contains a crit field; critical header extensions are not supported and are rejected",
|
|
479
|
+
retryable: false,
|
|
480
|
+
next_action: "abort",
|
|
481
|
+
category: "cryptography"
|
|
482
|
+
},
|
|
483
|
+
E_JWS_EMBEDDED_KEY: {
|
|
484
|
+
code: "E_JWS_EMBEDDED_KEY",
|
|
485
|
+
http_status: 400,
|
|
486
|
+
title: "JWS Embedded Key Rejected",
|
|
487
|
+
description: "JWS header contains an embedded key (jwk, x5c, x5u, or jku); embedded key material is rejected by the PEAC JOSE hardening rules",
|
|
488
|
+
retryable: false,
|
|
489
|
+
next_action: "abort",
|
|
490
|
+
category: "cryptography"
|
|
491
|
+
},
|
|
492
|
+
E_JWS_MISSING_KID: {
|
|
493
|
+
code: "E_JWS_MISSING_KID",
|
|
494
|
+
http_status: 400,
|
|
495
|
+
title: "JWS kid Missing or Invalid",
|
|
496
|
+
description: "JWS header kid field is absent, empty, or exceeds the maximum allowed length (256 characters)",
|
|
497
|
+
retryable: false,
|
|
498
|
+
next_action: "abort",
|
|
499
|
+
category: "cryptography"
|
|
500
|
+
},
|
|
501
|
+
E_JWS_ZIP_REJECTED: {
|
|
502
|
+
code: "E_JWS_ZIP_REJECTED",
|
|
503
|
+
http_status: 400,
|
|
504
|
+
title: "JWS zip Header Rejected",
|
|
505
|
+
description: "JWS header contains a zip compression field; payload compression is not supported",
|
|
506
|
+
retryable: false,
|
|
507
|
+
next_action: "abort",
|
|
508
|
+
category: "cryptography"
|
|
509
|
+
},
|
|
445
510
|
// Dispute error codes
|
|
446
511
|
E_DISPUTE_DUPLICATE: {
|
|
447
512
|
code: "E_DISPUTE_DUPLICATE",
|
|
@@ -687,6 +752,15 @@ var ERRORS = {
|
|
|
687
752
|
next_action: "retry_with_different_input",
|
|
688
753
|
category: "identity"
|
|
689
754
|
},
|
|
755
|
+
E_MVIS_INCOMPLETE: {
|
|
756
|
+
code: "E_MVIS_INCOMPLETE",
|
|
757
|
+
http_status: 400,
|
|
758
|
+
title: "MVIS Incomplete",
|
|
759
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
760
|
+
retryable: false,
|
|
761
|
+
next_action: "retry_with_different_input",
|
|
762
|
+
category: "identity"
|
|
763
|
+
},
|
|
690
764
|
// Infrastructure error codes
|
|
691
765
|
E_CIRCUIT_BREAKER_OPEN: {
|
|
692
766
|
code: "E_CIRCUIT_BREAKER_OPEN",
|
|
@@ -1105,6 +1179,24 @@ var ERRORS = {
|
|
|
1105
1179
|
next_action: "retry_with_different_input",
|
|
1106
1180
|
category: "validation"
|
|
1107
1181
|
},
|
|
1182
|
+
E_INVALID_KIND: {
|
|
1183
|
+
code: "E_INVALID_KIND",
|
|
1184
|
+
http_status: 400,
|
|
1185
|
+
title: "Invalid Kind",
|
|
1186
|
+
description: "Wire 0.2 receipt kind field is missing or not one of the accepted structural kinds (evidence, challenge)",
|
|
1187
|
+
retryable: false,
|
|
1188
|
+
next_action: "abort",
|
|
1189
|
+
category: "validation"
|
|
1190
|
+
},
|
|
1191
|
+
E_INVALID_PILLAR_VALUE: {
|
|
1192
|
+
code: "E_INVALID_PILLAR_VALUE",
|
|
1193
|
+
http_status: 400,
|
|
1194
|
+
title: "Invalid Pillar Value",
|
|
1195
|
+
description: "Wire 0.2 pillars array contains an unrecognized pillar value outside the closed 10-value taxonomy",
|
|
1196
|
+
retryable: false,
|
|
1197
|
+
next_action: "abort",
|
|
1198
|
+
category: "validation"
|
|
1199
|
+
},
|
|
1108
1200
|
E_INVALID_RAIL: {
|
|
1109
1201
|
code: "E_INVALID_RAIL",
|
|
1110
1202
|
http_status: 400,
|
|
@@ -1132,6 +1224,24 @@ var ERRORS = {
|
|
|
1132
1224
|
next_action: "retry_with_different_input",
|
|
1133
1225
|
category: "validation"
|
|
1134
1226
|
},
|
|
1227
|
+
E_INVALID_TYPE: {
|
|
1228
|
+
code: "E_INVALID_TYPE",
|
|
1229
|
+
http_status: 400,
|
|
1230
|
+
title: "Invalid Type",
|
|
1231
|
+
description: "Wire 0.2 receipt type field is missing or does not conform to the required grammar (reverse-DNS or absolute URI)",
|
|
1232
|
+
retryable: false,
|
|
1233
|
+
next_action: "abort",
|
|
1234
|
+
category: "validation"
|
|
1235
|
+
},
|
|
1236
|
+
E_ISS_NOT_CANONICAL: {
|
|
1237
|
+
code: "E_ISS_NOT_CANONICAL",
|
|
1238
|
+
http_status: 400,
|
|
1239
|
+
title: "Issuer Not Canonical",
|
|
1240
|
+
description: "Wire 0.2 iss claim does not conform to canonical form: must be an https:// ASCII origin (no default port, no path) or a did: identifier",
|
|
1241
|
+
retryable: false,
|
|
1242
|
+
next_action: "abort",
|
|
1243
|
+
category: "validation"
|
|
1244
|
+
},
|
|
1135
1245
|
E_MISSING_EXP: {
|
|
1136
1246
|
code: "E_MISSING_EXP",
|
|
1137
1247
|
http_status: 400,
|
|
@@ -1159,6 +1269,24 @@ var ERRORS = {
|
|
|
1159
1269
|
next_action: "retry_after_delay",
|
|
1160
1270
|
category: "validation"
|
|
1161
1271
|
},
|
|
1272
|
+
E_OCCURRED_AT_FUTURE: {
|
|
1273
|
+
code: "E_OCCURRED_AT_FUTURE",
|
|
1274
|
+
http_status: 400,
|
|
1275
|
+
title: "occurred_at in Future",
|
|
1276
|
+
description: "Wire 0.2 occurred_at is more than the tolerance window ahead of the current time; the timestamp appears to be in the future",
|
|
1277
|
+
retryable: false,
|
|
1278
|
+
next_action: "retry_after_delay",
|
|
1279
|
+
category: "validation"
|
|
1280
|
+
},
|
|
1281
|
+
E_OCCURRED_AT_ON_CHALLENGE: {
|
|
1282
|
+
code: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
1283
|
+
http_status: 400,
|
|
1284
|
+
title: "occurred_at on Challenge",
|
|
1285
|
+
description: "Wire 0.2 occurred_at field is present on a challenge-kind receipt; occurred_at is only permitted on evidence-kind receipts",
|
|
1286
|
+
retryable: false,
|
|
1287
|
+
next_action: "abort",
|
|
1288
|
+
category: "validation"
|
|
1289
|
+
},
|
|
1162
1290
|
E_PARSE_ATTESTATION_INVALID: {
|
|
1163
1291
|
code: "E_PARSE_ATTESTATION_INVALID",
|
|
1164
1292
|
http_status: 400,
|
|
@@ -1186,6 +1314,42 @@ var ERRORS = {
|
|
|
1186
1314
|
next_action: "retry_with_different_input",
|
|
1187
1315
|
category: "validation"
|
|
1188
1316
|
},
|
|
1317
|
+
E_PILLARS_NOT_SORTED: {
|
|
1318
|
+
code: "E_PILLARS_NOT_SORTED",
|
|
1319
|
+
http_status: 400,
|
|
1320
|
+
title: "Pillars Not Sorted",
|
|
1321
|
+
description: "Wire 0.2 pillars array is not in ascending lexicographic order or contains duplicates",
|
|
1322
|
+
retryable: false,
|
|
1323
|
+
next_action: "abort",
|
|
1324
|
+
category: "validation"
|
|
1325
|
+
},
|
|
1326
|
+
E_POLICY_BINDING_FAILED: {
|
|
1327
|
+
code: "E_POLICY_BINDING_FAILED",
|
|
1328
|
+
http_status: 400,
|
|
1329
|
+
title: "Policy Binding Failed",
|
|
1330
|
+
description: "Wire 0.2 policy.digest does not match the computed digest of the provided policy document",
|
|
1331
|
+
retryable: false,
|
|
1332
|
+
next_action: "none",
|
|
1333
|
+
category: "validation"
|
|
1334
|
+
},
|
|
1335
|
+
E_UNSUPPORTED_WIRE_VERSION: {
|
|
1336
|
+
code: "E_UNSUPPORTED_WIRE_VERSION",
|
|
1337
|
+
http_status: 400,
|
|
1338
|
+
title: "Unsupported Wire Version",
|
|
1339
|
+
description: "Receipt peac_version field specifies a wire version that is not supported by this implementation",
|
|
1340
|
+
retryable: false,
|
|
1341
|
+
next_action: "abort",
|
|
1342
|
+
category: "validation"
|
|
1343
|
+
},
|
|
1344
|
+
E_WIRE_VERSION_MISMATCH: {
|
|
1345
|
+
code: "E_WIRE_VERSION_MISMATCH",
|
|
1346
|
+
http_status: 400,
|
|
1347
|
+
title: "Wire Version Mismatch",
|
|
1348
|
+
description: "JWS header typ value and peac_version payload claim indicate different wire versions; the receipt is incoherent",
|
|
1349
|
+
retryable: false,
|
|
1350
|
+
next_action: "abort",
|
|
1351
|
+
category: "validation"
|
|
1352
|
+
},
|
|
1189
1353
|
// Verification error codes
|
|
1190
1354
|
E_INVALID_SIGNATURE: {
|
|
1191
1355
|
code: "E_INVALID_SIGNATURE",
|
|
@@ -1205,6 +1369,24 @@ var ERRORS = {
|
|
|
1205
1369
|
next_action: "retry_with_different_key",
|
|
1206
1370
|
category: "verification"
|
|
1207
1371
|
},
|
|
1372
|
+
E_KID_REUSE_DETECTED: {
|
|
1373
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1374
|
+
http_status: 400,
|
|
1375
|
+
title: "Kid Reuse Detected",
|
|
1376
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1377
|
+
retryable: false,
|
|
1378
|
+
next_action: "abort",
|
|
1379
|
+
category: "verification"
|
|
1380
|
+
},
|
|
1381
|
+
E_REVOKED_KEY_USED: {
|
|
1382
|
+
code: "E_REVOKED_KEY_USED",
|
|
1383
|
+
http_status: 400,
|
|
1384
|
+
title: "Revoked Key Used",
|
|
1385
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1386
|
+
retryable: false,
|
|
1387
|
+
next_action: "retry_with_different_key",
|
|
1388
|
+
category: "verification"
|
|
1389
|
+
},
|
|
1208
1390
|
// Verifier error codes
|
|
1209
1391
|
E_VERIFY_EXTENSION_TOO_LARGE: {
|
|
1210
1392
|
code: "E_VERIFY_EXTENSION_TOO_LARGE",
|