v2.0.1
Errors
Every KAVACH interface returns errors in a consistent shape with a stable, machine-readable code so clients can react programmatically.
Error Shape
json
{
"error": {
"code": "policy.validation_failed",
"message": "Policy 'vendor-tier' failed schema validation.",
"retryable": false,
"trace_id": "b7ad...e2"
}
}Error Codes
auth.unauthorized— missing or invalid token.auth.forbidden— token lacks the required scope.resource.not_found— the resource does not exist in this tenant.policy.validation_failed— a policy or config failed validation.rate.limited— request exceeded the rate limit.
Retryable Errors
Each error carries a retryable flag. Transient conditions such as rate.limited are safe to retry with backoff; validation and authorization errors are not.
Handling Errors
Branch on code, never on message. Messages are human-oriented and may change; codes are part of the stable contract and include a trace_id to correlate with logs.
