@peac/kernel 0.11.2 → 0.12.0-preview.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +45 -5
- package/dist/__tests__/registries.test.d.ts +2 -0
- package/dist/__tests__/registries.test.d.ts.map +1 -0
- package/dist/constants.cjs +35 -1
- package/dist/constants.cjs.map +1 -1
- package/dist/constants.d.ts +93 -10
- package/dist/constants.d.ts.map +1 -1
- package/dist/constants.mjs +26 -2
- package/dist/constants.mjs.map +1 -1
- package/dist/error-categories.generated.d.ts +2 -2
- package/dist/error-categories.generated.d.ts.map +1 -1
- package/dist/errors.cjs +182 -0
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.generated.d.ts +19 -1
- package/dist/errors.generated.d.ts.map +1 -1
- package/dist/errors.mjs +182 -0
- package/dist/errors.mjs.map +1 -1
- package/dist/index.cjs +218 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +4 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +209 -2
- package/dist/index.mjs.map +1 -1
- package/dist/types.cjs +1 -0
- package/dist/types.cjs.map +1 -1
- package/dist/types.d.ts +10 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.mjs +1 -0
- package/dist/types.mjs.map +1 -1
- package/dist/wire-02-types.d.ts +60 -0
- package/dist/wire-02-types.d.ts.map +1 -0
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -4,10 +4,12 @@
|
|
|
4
4
|
*
|
|
5
5
|
* @packageDocumentation
|
|
6
6
|
*/
|
|
7
|
-
export type { JsonPrimitive, JsonValue, JsonArray, JsonObject, NextAction, ErrorDefinition, ErrorCategory, PaymentRailEntry, ControlEngineEntry, TransportMethodEntry, AgentProtocolEntry, } from './types.js';
|
|
7
|
+
export type { JsonPrimitive, JsonValue, JsonArray, JsonObject, NextAction, ErrorDefinition, ErrorCategory, PaymentRailEntry, ControlEngineEntry, TransportMethodEntry, AgentProtocolEntry, Wire02Kind, EvidencePillar, } from './types.js';
|
|
8
8
|
export { ERROR_CATEGORIES } from './types.js';
|
|
9
9
|
export { WIRE_TYPE, WIRE_VERSION, ALGORITHMS, HEADERS, POLICY, ISSUER_CONFIG, DISCOVERY, // @deprecated - use POLICY instead
|
|
10
|
-
JWKS, RECEIPT, LIMITS, BUNDLE_VERSION, VERIFICATION_REPORT_VERSION, HASH, parseHash, formatHash, isValidHash, VERIFIER_LIMITS, VERIFIER_NETWORK, PRIVATE_IP_RANGES, VERIFIER_POLICY_VERSION, VERIFICATION_MODES, CONSTANTS, } from './constants.js';
|
|
10
|
+
JWKS, RECEIPT, LIMITS, BUNDLE_VERSION, VERIFICATION_REPORT_VERSION, HASH, parseHash, formatHash, isValidHash, VERIFIER_LIMITS, VERIFIER_NETWORK, PRIVATE_IP_RANGES, VERIFIER_POLICY_VERSION, VERIFICATION_MODES, CONSTANTS, WIRE_01_JWS_TYP, WIRE_02_JWS_TYP, WIRE_02_JWS_TYP_ACCEPT, WIRE_02_VERSION, WIRE_VERSIONS, ISS_CANONICAL, TYPE_GRAMMAR, POLICY_BLOCK, OCCURRED_AT_TOLERANCE_SECONDS, PEAC_ALG, } from './constants.js';
|
|
11
|
+
export type { WireVersion, VerificationStrictness } from './constants.js';
|
|
12
|
+
export type { PolicyBlock, RepresentationFields, VerificationWarning } from './wire-02-types.js';
|
|
11
13
|
export { ERROR_CODES, ERRORS, BUNDLE_ERRORS, DISPUTE_ERRORS, getError, isRetryable, type ErrorCode, } from './errors.js';
|
|
12
14
|
export { PAYMENT_RAILS, CONTROL_ENGINES, TRANSPORT_METHODS, AGENT_PROTOCOLS, REGISTRIES, findPaymentRail, findControlEngine, findTransportMethod, findAgentProtocol, } from './registries.js';
|
|
13
15
|
export { VARY_HEADERS, applyPurposeVary, getPeacVaryHeaders, needsPurposeVary } from './http.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EAEV,aAAa,EACb,SAAS,EACT,SAAS,EACT,UAAU,EAEV,UAAU,EACV,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EAEV,aAAa,EACb,SAAS,EACT,SAAS,EACT,UAAU,EAEV,UAAU,EACV,eAAe,EACf,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,kBAAkB,EAElB,UAAU,EACV,cAAc,GACf,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAG9C,OAAO,EACL,SAAS,EACT,YAAY,EACZ,UAAU,EACV,OAAO,EACP,MAAM,EACN,aAAa,EACb,SAAS,EAAE,mCAAmC;AAC9C,IAAI,EACJ,OAAO,EACP,MAAM,EACN,cAAc,EACd,2BAA2B,EAC3B,IAAI,EACJ,SAAS,EACT,UAAU,EACV,WAAW,EAEX,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,EACvB,kBAAkB,EAClB,SAAS,EAET,eAAe,EACf,eAAe,EACf,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,6BAA6B,EAC7B,QAAQ,GACT,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAG1E,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGjG,OAAO,EACL,WAAW,EACX,MAAM,EACN,aAAa,EACb,cAAc,EACd,QAAQ,EACR,WAAW,EACX,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,aAAa,EACb,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAGjG,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5E,YAAY,EACV,UAAU,EACV,aAAa,EACb,mBAAmB,EACnB,WAAW,EACX,uBAAuB,EACvB,cAAc,GACf,MAAM,cAAc,CAAC"}
|
package/dist/index.mjs
CHANGED
|
@@ -3,6 +3,7 @@ var ERROR_CATEGORIES = [
|
|
|
3
3
|
"attribution",
|
|
4
4
|
"bundle",
|
|
5
5
|
"control",
|
|
6
|
+
"cryptography",
|
|
6
7
|
"dispute",
|
|
7
8
|
"identity",
|
|
8
9
|
"infrastructure",
|
|
@@ -55,7 +56,8 @@ var DISCOVERY = {
|
|
|
55
56
|
};
|
|
56
57
|
var JWKS = {
|
|
57
58
|
rotationDays: 90,
|
|
58
|
-
|
|
59
|
+
/** Normative minimum overlap period (DD-148, v0.11.3+) */
|
|
60
|
+
overlapDays: 30,
|
|
59
61
|
emergencyRevocationHours: 24
|
|
60
62
|
};
|
|
61
63
|
var RECEIPT = {
|
|
@@ -152,6 +154,29 @@ var VERIFICATION_MODES = {
|
|
|
152
154
|
/** Allow network fetches for key discovery */
|
|
153
155
|
networkAllowed: "network_allowed"
|
|
154
156
|
};
|
|
157
|
+
var WIRE_01_JWS_TYP = "peac-receipt/0.1";
|
|
158
|
+
var WIRE_02_JWS_TYP = "interaction-record+jwt";
|
|
159
|
+
var WIRE_02_JWS_TYP_ACCEPT = [
|
|
160
|
+
"interaction-record+jwt",
|
|
161
|
+
"application/interaction-record+jwt"
|
|
162
|
+
];
|
|
163
|
+
var WIRE_02_VERSION = "0.2";
|
|
164
|
+
var WIRE_VERSIONS = ["0.1", "0.2"];
|
|
165
|
+
var ISS_CANONICAL = {
|
|
166
|
+
maxLength: 2048,
|
|
167
|
+
supportedSchemes: ["https", "did"],
|
|
168
|
+
/** Default port for https (rejected if explicit in iss). */
|
|
169
|
+
defaultPorts: { https: 443 }
|
|
170
|
+
};
|
|
171
|
+
var TYPE_GRAMMAR = { maxLength: 256 };
|
|
172
|
+
var POLICY_BLOCK = {
|
|
173
|
+
/** Maximum length of the policy.uri HTTPS hint (chars). */
|
|
174
|
+
uriMaxLength: 2048,
|
|
175
|
+
/** Maximum length of the policy.version label (chars). */
|
|
176
|
+
versionMaxLength: 256
|
|
177
|
+
};
|
|
178
|
+
var OCCURRED_AT_TOLERANCE_SECONDS = 300;
|
|
179
|
+
var PEAC_ALG = ALGORITHMS.default;
|
|
155
180
|
var CONSTANTS = {
|
|
156
181
|
WIRE_TYPE,
|
|
157
182
|
WIRE_VERSION,
|
|
@@ -206,6 +231,12 @@ var ERROR_CODES = {
|
|
|
206
231
|
// Control error codes
|
|
207
232
|
E_CONTROL_DENIED: "E_CONTROL_DENIED",
|
|
208
233
|
E_CONTROL_REVIEW_REQUIRED: "E_CONTROL_REVIEW_REQUIRED",
|
|
234
|
+
// Cryptography error codes
|
|
235
|
+
E_JWS_B64_REJECTED: "E_JWS_B64_REJECTED",
|
|
236
|
+
E_JWS_CRIT_REJECTED: "E_JWS_CRIT_REJECTED",
|
|
237
|
+
E_JWS_EMBEDDED_KEY: "E_JWS_EMBEDDED_KEY",
|
|
238
|
+
E_JWS_MISSING_KID: "E_JWS_MISSING_KID",
|
|
239
|
+
E_JWS_ZIP_REJECTED: "E_JWS_ZIP_REJECTED",
|
|
209
240
|
// Dispute error codes
|
|
210
241
|
E_DISPUTE_DUPLICATE: "E_DISPUTE_DUPLICATE",
|
|
211
242
|
E_DISPUTE_EXPIRED: "E_DISPUTE_EXPIRED",
|
|
@@ -235,6 +266,7 @@ var ERROR_CODES = {
|
|
|
235
266
|
E_IDENTITY_NOT_YET_VALID: "E_IDENTITY_NOT_YET_VALID",
|
|
236
267
|
E_IDENTITY_PROOF_UNSUPPORTED: "E_IDENTITY_PROOF_UNSUPPORTED",
|
|
237
268
|
E_IDENTITY_SIG_INVALID: "E_IDENTITY_SIG_INVALID",
|
|
269
|
+
E_MVIS_INCOMPLETE: "E_MVIS_INCOMPLETE",
|
|
238
270
|
// Infrastructure error codes
|
|
239
271
|
E_CIRCUIT_BREAKER_OPEN: "E_CIRCUIT_BREAKER_OPEN",
|
|
240
272
|
E_INTERNAL: "E_INTERNAL",
|
|
@@ -285,18 +317,30 @@ var ERROR_CODES = {
|
|
|
285
317
|
E_INVALID_CURRENCY: "E_INVALID_CURRENCY",
|
|
286
318
|
E_INVALID_FORMAT: "E_INVALID_FORMAT",
|
|
287
319
|
E_INVALID_ISSUER: "E_INVALID_ISSUER",
|
|
320
|
+
E_INVALID_KIND: "E_INVALID_KIND",
|
|
321
|
+
E_INVALID_PILLAR_VALUE: "E_INVALID_PILLAR_VALUE",
|
|
288
322
|
E_INVALID_RAIL: "E_INVALID_RAIL",
|
|
289
323
|
E_INVALID_RECEIPT_ID: "E_INVALID_RECEIPT_ID",
|
|
290
324
|
E_INVALID_SUBJECT: "E_INVALID_SUBJECT",
|
|
325
|
+
E_INVALID_TYPE: "E_INVALID_TYPE",
|
|
326
|
+
E_ISS_NOT_CANONICAL: "E_ISS_NOT_CANONICAL",
|
|
291
327
|
E_MISSING_EXP: "E_MISSING_EXP",
|
|
292
328
|
E_MISSING_REQUIRED_CLAIM: "E_MISSING_REQUIRED_CLAIM",
|
|
293
329
|
E_NOT_YET_VALID: "E_NOT_YET_VALID",
|
|
330
|
+
E_OCCURRED_AT_FUTURE: "E_OCCURRED_AT_FUTURE",
|
|
331
|
+
E_OCCURRED_AT_ON_CHALLENGE: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
294
332
|
E_PARSE_ATTESTATION_INVALID: "E_PARSE_ATTESTATION_INVALID",
|
|
295
333
|
E_PARSE_COMMERCE_INVALID: "E_PARSE_COMMERCE_INVALID",
|
|
296
334
|
E_PARSE_INVALID_INPUT: "E_PARSE_INVALID_INPUT",
|
|
335
|
+
E_PILLARS_NOT_SORTED: "E_PILLARS_NOT_SORTED",
|
|
336
|
+
E_POLICY_BINDING_FAILED: "E_POLICY_BINDING_FAILED",
|
|
337
|
+
E_UNSUPPORTED_WIRE_VERSION: "E_UNSUPPORTED_WIRE_VERSION",
|
|
338
|
+
E_WIRE_VERSION_MISMATCH: "E_WIRE_VERSION_MISMATCH",
|
|
297
339
|
// Verification error codes
|
|
298
340
|
E_INVALID_SIGNATURE: "E_INVALID_SIGNATURE",
|
|
299
341
|
E_KEY_NOT_FOUND: "E_KEY_NOT_FOUND",
|
|
342
|
+
E_KID_REUSE_DETECTED: "E_KID_REUSE_DETECTED",
|
|
343
|
+
E_REVOKED_KEY_USED: "E_REVOKED_KEY_USED",
|
|
300
344
|
// Verifier error codes
|
|
301
345
|
E_VERIFY_EXTENSION_TOO_LARGE: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
302
346
|
E_VERIFY_INSECURE_SCHEME_BLOCKED: "E_VERIFY_INSECURE_SCHEME_BLOCKED",
|
|
@@ -614,6 +658,52 @@ var ERRORS = {
|
|
|
614
658
|
next_action: "contact_issuer",
|
|
615
659
|
category: "control"
|
|
616
660
|
},
|
|
661
|
+
// Cryptography error codes
|
|
662
|
+
E_JWS_B64_REJECTED: {
|
|
663
|
+
code: "E_JWS_B64_REJECTED",
|
|
664
|
+
http_status: 400,
|
|
665
|
+
title: "JWS b64:false Rejected",
|
|
666
|
+
description: "JWS header contains b64:false (RFC 7797 unencoded payload); unencoded payloads are not supported",
|
|
667
|
+
retryable: false,
|
|
668
|
+
next_action: "abort",
|
|
669
|
+
category: "cryptography"
|
|
670
|
+
},
|
|
671
|
+
E_JWS_CRIT_REJECTED: {
|
|
672
|
+
code: "E_JWS_CRIT_REJECTED",
|
|
673
|
+
http_status: 400,
|
|
674
|
+
title: "JWS crit Header Rejected",
|
|
675
|
+
description: "JWS header contains a crit field; critical header extensions are not supported and are rejected",
|
|
676
|
+
retryable: false,
|
|
677
|
+
next_action: "abort",
|
|
678
|
+
category: "cryptography"
|
|
679
|
+
},
|
|
680
|
+
E_JWS_EMBEDDED_KEY: {
|
|
681
|
+
code: "E_JWS_EMBEDDED_KEY",
|
|
682
|
+
http_status: 400,
|
|
683
|
+
title: "JWS Embedded Key Rejected",
|
|
684
|
+
description: "JWS header contains an embedded key (jwk, x5c, x5u, or jku); embedded key material is rejected by the PEAC JOSE hardening rules",
|
|
685
|
+
retryable: false,
|
|
686
|
+
next_action: "abort",
|
|
687
|
+
category: "cryptography"
|
|
688
|
+
},
|
|
689
|
+
E_JWS_MISSING_KID: {
|
|
690
|
+
code: "E_JWS_MISSING_KID",
|
|
691
|
+
http_status: 400,
|
|
692
|
+
title: "JWS kid Missing or Invalid",
|
|
693
|
+
description: "JWS header kid field is absent, empty, or exceeds the maximum allowed length (256 characters)",
|
|
694
|
+
retryable: false,
|
|
695
|
+
next_action: "abort",
|
|
696
|
+
category: "cryptography"
|
|
697
|
+
},
|
|
698
|
+
E_JWS_ZIP_REJECTED: {
|
|
699
|
+
code: "E_JWS_ZIP_REJECTED",
|
|
700
|
+
http_status: 400,
|
|
701
|
+
title: "JWS zip Header Rejected",
|
|
702
|
+
description: "JWS header contains a zip compression field; payload compression is not supported",
|
|
703
|
+
retryable: false,
|
|
704
|
+
next_action: "abort",
|
|
705
|
+
category: "cryptography"
|
|
706
|
+
},
|
|
617
707
|
// Dispute error codes
|
|
618
708
|
E_DISPUTE_DUPLICATE: {
|
|
619
709
|
code: "E_DISPUTE_DUPLICATE",
|
|
@@ -859,6 +949,15 @@ var ERRORS = {
|
|
|
859
949
|
next_action: "retry_with_different_input",
|
|
860
950
|
category: "identity"
|
|
861
951
|
},
|
|
952
|
+
E_MVIS_INCOMPLETE: {
|
|
953
|
+
code: "E_MVIS_INCOMPLETE",
|
|
954
|
+
http_status: 400,
|
|
955
|
+
title: "MVIS Incomplete",
|
|
956
|
+
description: "Identity receipt missing one or more Minimum Viable Identity Set required fields (issuer, subject, key_binding, time_bounds, replay_protection)",
|
|
957
|
+
retryable: false,
|
|
958
|
+
next_action: "retry_with_different_input",
|
|
959
|
+
category: "identity"
|
|
960
|
+
},
|
|
862
961
|
// Infrastructure error codes
|
|
863
962
|
E_CIRCUIT_BREAKER_OPEN: {
|
|
864
963
|
code: "E_CIRCUIT_BREAKER_OPEN",
|
|
@@ -1277,6 +1376,24 @@ var ERRORS = {
|
|
|
1277
1376
|
next_action: "retry_with_different_input",
|
|
1278
1377
|
category: "validation"
|
|
1279
1378
|
},
|
|
1379
|
+
E_INVALID_KIND: {
|
|
1380
|
+
code: "E_INVALID_KIND",
|
|
1381
|
+
http_status: 400,
|
|
1382
|
+
title: "Invalid Kind",
|
|
1383
|
+
description: "Wire 0.2 receipt kind field is missing or not one of the accepted structural kinds (evidence, challenge)",
|
|
1384
|
+
retryable: false,
|
|
1385
|
+
next_action: "abort",
|
|
1386
|
+
category: "validation"
|
|
1387
|
+
},
|
|
1388
|
+
E_INVALID_PILLAR_VALUE: {
|
|
1389
|
+
code: "E_INVALID_PILLAR_VALUE",
|
|
1390
|
+
http_status: 400,
|
|
1391
|
+
title: "Invalid Pillar Value",
|
|
1392
|
+
description: "Wire 0.2 pillars array contains an unrecognized pillar value outside the closed 10-value taxonomy",
|
|
1393
|
+
retryable: false,
|
|
1394
|
+
next_action: "abort",
|
|
1395
|
+
category: "validation"
|
|
1396
|
+
},
|
|
1280
1397
|
E_INVALID_RAIL: {
|
|
1281
1398
|
code: "E_INVALID_RAIL",
|
|
1282
1399
|
http_status: 400,
|
|
@@ -1304,6 +1421,24 @@ var ERRORS = {
|
|
|
1304
1421
|
next_action: "retry_with_different_input",
|
|
1305
1422
|
category: "validation"
|
|
1306
1423
|
},
|
|
1424
|
+
E_INVALID_TYPE: {
|
|
1425
|
+
code: "E_INVALID_TYPE",
|
|
1426
|
+
http_status: 400,
|
|
1427
|
+
title: "Invalid Type",
|
|
1428
|
+
description: "Wire 0.2 receipt type field is missing or does not conform to the required grammar (reverse-DNS or absolute URI)",
|
|
1429
|
+
retryable: false,
|
|
1430
|
+
next_action: "abort",
|
|
1431
|
+
category: "validation"
|
|
1432
|
+
},
|
|
1433
|
+
E_ISS_NOT_CANONICAL: {
|
|
1434
|
+
code: "E_ISS_NOT_CANONICAL",
|
|
1435
|
+
http_status: 400,
|
|
1436
|
+
title: "Issuer Not Canonical",
|
|
1437
|
+
description: "Wire 0.2 iss claim does not conform to canonical form: must be an https:// ASCII origin (no default port, no path) or a did: identifier",
|
|
1438
|
+
retryable: false,
|
|
1439
|
+
next_action: "abort",
|
|
1440
|
+
category: "validation"
|
|
1441
|
+
},
|
|
1307
1442
|
E_MISSING_EXP: {
|
|
1308
1443
|
code: "E_MISSING_EXP",
|
|
1309
1444
|
http_status: 400,
|
|
@@ -1331,6 +1466,24 @@ var ERRORS = {
|
|
|
1331
1466
|
next_action: "retry_after_delay",
|
|
1332
1467
|
category: "validation"
|
|
1333
1468
|
},
|
|
1469
|
+
E_OCCURRED_AT_FUTURE: {
|
|
1470
|
+
code: "E_OCCURRED_AT_FUTURE",
|
|
1471
|
+
http_status: 400,
|
|
1472
|
+
title: "occurred_at in Future",
|
|
1473
|
+
description: "Wire 0.2 occurred_at is more than the tolerance window ahead of the current time; the timestamp appears to be in the future",
|
|
1474
|
+
retryable: false,
|
|
1475
|
+
next_action: "retry_after_delay",
|
|
1476
|
+
category: "validation"
|
|
1477
|
+
},
|
|
1478
|
+
E_OCCURRED_AT_ON_CHALLENGE: {
|
|
1479
|
+
code: "E_OCCURRED_AT_ON_CHALLENGE",
|
|
1480
|
+
http_status: 400,
|
|
1481
|
+
title: "occurred_at on Challenge",
|
|
1482
|
+
description: "Wire 0.2 occurred_at field is present on a challenge-kind receipt; occurred_at is only permitted on evidence-kind receipts",
|
|
1483
|
+
retryable: false,
|
|
1484
|
+
next_action: "abort",
|
|
1485
|
+
category: "validation"
|
|
1486
|
+
},
|
|
1334
1487
|
E_PARSE_ATTESTATION_INVALID: {
|
|
1335
1488
|
code: "E_PARSE_ATTESTATION_INVALID",
|
|
1336
1489
|
http_status: 400,
|
|
@@ -1358,6 +1511,42 @@ var ERRORS = {
|
|
|
1358
1511
|
next_action: "retry_with_different_input",
|
|
1359
1512
|
category: "validation"
|
|
1360
1513
|
},
|
|
1514
|
+
E_PILLARS_NOT_SORTED: {
|
|
1515
|
+
code: "E_PILLARS_NOT_SORTED",
|
|
1516
|
+
http_status: 400,
|
|
1517
|
+
title: "Pillars Not Sorted",
|
|
1518
|
+
description: "Wire 0.2 pillars array is not in ascending lexicographic order or contains duplicates",
|
|
1519
|
+
retryable: false,
|
|
1520
|
+
next_action: "abort",
|
|
1521
|
+
category: "validation"
|
|
1522
|
+
},
|
|
1523
|
+
E_POLICY_BINDING_FAILED: {
|
|
1524
|
+
code: "E_POLICY_BINDING_FAILED",
|
|
1525
|
+
http_status: 400,
|
|
1526
|
+
title: "Policy Binding Failed",
|
|
1527
|
+
description: "Wire 0.2 policy.digest does not match the computed digest of the provided policy document",
|
|
1528
|
+
retryable: false,
|
|
1529
|
+
next_action: "none",
|
|
1530
|
+
category: "validation"
|
|
1531
|
+
},
|
|
1532
|
+
E_UNSUPPORTED_WIRE_VERSION: {
|
|
1533
|
+
code: "E_UNSUPPORTED_WIRE_VERSION",
|
|
1534
|
+
http_status: 400,
|
|
1535
|
+
title: "Unsupported Wire Version",
|
|
1536
|
+
description: "Receipt peac_version field specifies a wire version that is not supported by this implementation",
|
|
1537
|
+
retryable: false,
|
|
1538
|
+
next_action: "abort",
|
|
1539
|
+
category: "validation"
|
|
1540
|
+
},
|
|
1541
|
+
E_WIRE_VERSION_MISMATCH: {
|
|
1542
|
+
code: "E_WIRE_VERSION_MISMATCH",
|
|
1543
|
+
http_status: 400,
|
|
1544
|
+
title: "Wire Version Mismatch",
|
|
1545
|
+
description: "JWS header typ value and peac_version payload claim indicate different wire versions; the receipt is incoherent",
|
|
1546
|
+
retryable: false,
|
|
1547
|
+
next_action: "abort",
|
|
1548
|
+
category: "validation"
|
|
1549
|
+
},
|
|
1361
1550
|
// Verification error codes
|
|
1362
1551
|
E_INVALID_SIGNATURE: {
|
|
1363
1552
|
code: "E_INVALID_SIGNATURE",
|
|
@@ -1377,6 +1566,24 @@ var ERRORS = {
|
|
|
1377
1566
|
next_action: "retry_with_different_key",
|
|
1378
1567
|
category: "verification"
|
|
1379
1568
|
},
|
|
1569
|
+
E_KID_REUSE_DETECTED: {
|
|
1570
|
+
code: "E_KID_REUSE_DETECTED",
|
|
1571
|
+
http_status: 400,
|
|
1572
|
+
title: "Kid Reuse Detected",
|
|
1573
|
+
description: "Same kid value used with different key material within the retention window",
|
|
1574
|
+
retryable: false,
|
|
1575
|
+
next_action: "abort",
|
|
1576
|
+
category: "verification"
|
|
1577
|
+
},
|
|
1578
|
+
E_REVOKED_KEY_USED: {
|
|
1579
|
+
code: "E_REVOKED_KEY_USED",
|
|
1580
|
+
http_status: 400,
|
|
1581
|
+
title: "Revoked Key Used",
|
|
1582
|
+
description: "Receipt signed with a key listed in the issuer revoked_keys set",
|
|
1583
|
+
retryable: false,
|
|
1584
|
+
next_action: "retry_with_different_key",
|
|
1585
|
+
category: "verification"
|
|
1586
|
+
},
|
|
1380
1587
|
// Verifier error codes
|
|
1381
1588
|
E_VERIFY_EXTENSION_TOO_LARGE: {
|
|
1382
1589
|
code: "E_VERIFY_EXTENSION_TOO_LARGE",
|
|
@@ -1855,6 +2062,6 @@ function needsPurposeVary(purposeEnforced) {
|
|
|
1855
2062
|
var PEAC_RECEIPT_HEADER = "PEAC-Receipt";
|
|
1856
2063
|
var PEAC_RECEIPT_URL_HEADER = "PEAC-Receipt-URL";
|
|
1857
2064
|
|
|
1858
|
-
export { AGENT_PROTOCOLS, ALGORITHMS, BUNDLE_ERRORS, BUNDLE_VERSION, CONSTANTS, CONTROL_ENGINES, DISCOVERY, DISPUTE_ERRORS, ERRORS, ERROR_CATEGORIES, ERROR_CODES, HASH, HEADERS, ISSUER_CONFIG, JWKS, LIMITS, PAYMENT_RAILS, PEAC_RECEIPT_HEADER, PEAC_RECEIPT_URL_HEADER, POLICY, PRIVATE_IP_RANGES, RECEIPT, REGISTRIES, TRANSPORT_METHODS, VARY_HEADERS, VERIFICATION_MODES, VERIFICATION_REPORT_VERSION, VERIFIER_LIMITS, VERIFIER_NETWORK, VERIFIER_POLICY_VERSION, WIRE_TYPE, WIRE_VERSION, applyPurposeVary, findAgentProtocol, findControlEngine, findPaymentRail, findTransportMethod, formatHash, getError, getPeacVaryHeaders, isRetryable, isValidHash, needsPurposeVary, parseHash };
|
|
2065
|
+
export { AGENT_PROTOCOLS, ALGORITHMS, BUNDLE_ERRORS, BUNDLE_VERSION, CONSTANTS, CONTROL_ENGINES, DISCOVERY, DISPUTE_ERRORS, ERRORS, ERROR_CATEGORIES, ERROR_CODES, HASH, HEADERS, ISSUER_CONFIG, ISS_CANONICAL, JWKS, LIMITS, OCCURRED_AT_TOLERANCE_SECONDS, PAYMENT_RAILS, PEAC_ALG, PEAC_RECEIPT_HEADER, PEAC_RECEIPT_URL_HEADER, POLICY, POLICY_BLOCK, PRIVATE_IP_RANGES, RECEIPT, REGISTRIES, TRANSPORT_METHODS, TYPE_GRAMMAR, VARY_HEADERS, VERIFICATION_MODES, VERIFICATION_REPORT_VERSION, VERIFIER_LIMITS, VERIFIER_NETWORK, VERIFIER_POLICY_VERSION, WIRE_01_JWS_TYP, WIRE_02_JWS_TYP, WIRE_02_JWS_TYP_ACCEPT, WIRE_02_VERSION, WIRE_TYPE, WIRE_VERSION, WIRE_VERSIONS, applyPurposeVary, findAgentProtocol, findControlEngine, findPaymentRail, findTransportMethod, formatHash, getError, getPeacVaryHeaders, isRetryable, isValidHash, needsPurposeVary, parseHash };
|
|
1859
2066
|
//# sourceMappingURL=index.mjs.map
|
|
1860
2067
|
//# sourceMappingURL=index.mjs.map
|