Skip to main content
Version: v0.10.13

Error Codes

PEAC Protocol defines 139 error codes across 12 categories. All errors follow the RFC 9457 (Problem Details for HTTP APIs) format, providing machine-readable error responses with stable error codes.

Error format

Every PEAC error response conforms to the RFC 9457 structure:

RFC 9457 Error Response
{
"type": "https://www.peacprotocol.org/errors/E_INVALID_SIGNATURE",
"title": "Invalid Signature",
"status": 400,
"detail": "Receipt signature verification failed",
"instance": "/api/verify",
"peac_error_code": "E_INVALID_SIGNATURE"
}
FieldDescription
typeCanonical URL for the error type
titleHuman-readable error title
statusHTTP status code
detailHuman-readable explanation of the specific error
instanceURI reference identifying the specific occurrence
peac_error_codeStable PEAC error code for programmatic handling

Categories

CategoryCountDescription
verification2Signature and key verification
validation16Format, claim, and field validation
infrastructure4JWKS fetch, rate limiting, circuit breaker
control2Policy engine authorization decisions
identity13Agent identity attestation
attribution14Source attribution and content hashing
bundle15Evidence bundle creation and validation
dispute14Dispute evidence and resolution
interaction14Interaction evidence schema
workflow8Workflow DAG and step validation
verifier17Verifier-side checks and policy
ucp20Universal Commerce Protocol signatures

Verification errors

CodeTitleHTTPRetriable
E_INVALID_SIGNATUREInvalid Signature400No
E_KEY_NOT_FOUNDKey Not Found400No

Validation errors

CodeTitleHTTPRetriable
E_INVALID_FORMATInvalid Format400No
E_EXPIREDReceipt Expired400No
E_NOT_YET_VALIDNot Yet Valid400Yes
E_INVALID_ISSUERInvalid Issuer400No
E_INVALID_AUDIENCEInvalid Audience400No
E_INVALID_AMOUNTInvalid Amount400No
E_INVALID_CURRENCYInvalid Currency400No
E_INVALID_RAILInvalid Payment Rail400No
E_MISSING_REQUIRED_CLAIMMissing Required Claim400No
E_EVIDENCE_NOT_JSONEvidence Not JSON-Safe400No
E_INVALID_SUBJECTInvalid Subject400No
E_INVALID_RECEIPT_IDInvalid Receipt ID400No
E_MISSING_EXPMissing Expiration400No

Infrastructure errors

CodeTitleHTTPRetriable
E_JWKS_FETCH_FAILEDJWKS Fetch Failed503Yes
E_RATE_LIMITEDRate Limited429Yes
E_CIRCUIT_BREAKER_OPENCircuit Breaker Open503Yes
E_INTERNALInternal Error500Yes

Control errors

CodeTitleHTTPRetriable
E_CONTROL_DENIEDControl Decision Denied403No
E_CONTROL_REVIEW_REQUIREDReview Required202Yes

Identity errors

CodeTitleHTTPRetriable
E_IDENTITY_MISSINGIdentity Missing401No
E_IDENTITY_INVALID_FORMATIdentity Invalid Format400No
E_IDENTITY_EXPIREDIdentity Expired401No
E_IDENTITY_NOT_YET_VALIDIdentity Not Yet Valid401Yes
E_IDENTITY_SIG_INVALIDIdentity Signature Invalid401No
E_IDENTITY_KEY_UNKNOWNIdentity Key Unknown401Yes
E_IDENTITY_KEY_EXPIREDIdentity Key Expired401No
E_IDENTITY_KEY_REVOKEDIdentity Key Revoked401No
E_IDENTITY_BINDING_MISMATCHIdentity Binding Mismatch400No
E_IDENTITY_BINDING_STALEIdentity Binding Stale401Yes
E_IDENTITY_BINDING_FUTUREIdentity Binding Future400No
E_IDENTITY_PROOF_UNSUPPORTEDIdentity Proof Unsupported400No
E_IDENTITY_DIRECTORY_UNAVAILABLEIdentity Directory Unavailable503Yes

Verifier errors

CodeTitleHTTPRetriable
E_VERIFY_RECEIPT_TOO_LARGEReceipt Too Large413No
E_VERIFY_MALFORMED_RECEIPTMalformed Receipt400No
E_VERIFY_ISSUER_NOT_ALLOWEDIssuer Not Allowed403No
E_VERIFY_KEY_FETCH_BLOCKEDKey Fetch Blocked403No
E_VERIFY_KEY_FETCH_FAILEDKey Fetch Failed502Yes
note

The verifier category contains 17 total error codes. The full list is available in the kernel specification.

Using error codes

error-handling.ts
import { PeacError, PEAC_ERRORS } from '@peac/kernel';
import { verifyReceipt } from '@peac/protocol';

try {
const result = await verifyReceipt(receipt, {
issuer: 'https://trusted.example.com',
});
} catch (err) {
if (err instanceof PeacError) {
console.log(err.code); // 'E_INVALID_SIGNATURE'
console.log(err.category); // 'verification'
console.log(err.message); // 'Invalid Signature'
console.log(err.retriable); // false

// Programmatic handling by error code
if (err.code === PEAC_ERRORS.E_JWKS_FETCH_FAILED.code) {
// Retry with backoff -- this error is transient
}
}
}
info

All 139 error codes are available as TypeScript constants via @peac/kernel. The normative source of truth is specs/kernel/errors.json -- the TypeScript constants are generated from this file, and CI checks for drift.