Error code catalog
Scope
This catalog standardizes domain and platform error signaling.
| Code | Class | Meaning |
|---|---|---|
K7_AUTH_401 | auth | Authentication missing or invalid |
K7_TENANT_403 | tenant | Tenant boundary violation detected |
K7_DOMAIN_409 | domain | Command conflicts with current state |
K7_POLICY_422 | policy | Policy engine rejected the input |
K7_ORCH_503 | orchestration | Workflow service temporarily unavailable |
K7_UNSUPPORTED_400 | contract | Requested feature is not supported in current version |
Invariants
- Every error must include stable code + short operator-safe message.
- Internal stack traces must never be returned to API clients.
- Retriable vs non-retriable class must be explicit.
Failure Modes
- Unstable or reused error codes across releases.
- Sensitive system details leaking in error messages.
Out of Scope
- Full internal troubleshooting playbooks.
- Vendor-specific transport error mappings.