docs/protocols/common/http-error-codes.md

# HTTP Error Codes

This document is the source of truth for backend RFC7807 `code` values consumed by frontend.

## Auth

| code | status | meaning | frontend handling |
|---|---:|---|---|
| `AUTH_SERVICE_UNAVAILABLE` | 503 | Auth upstream unavailable | Show retry message and allow retry |
| `AUTH_TOO_MANY_REQUESTS` | 429 | OTP request throttled | Show wait message |
| `AUTH_VERIFICATION_CODE_INVALID` | 401 | Invalid OTP code | Prompt user to re-enter code |
| `AUTH_REFRESH_TOKEN_INVALID` | 401 | Invalid/expired refresh token | Clear local session and return login |
| `AUTH_REFRESH_TOKEN_MISSING` | 401 | Refresh token missing on logout | Treat as local logout and clear session |
| `AUTH_USER_NOT_FOUND` | 404 | User not found | Show not-found message where applicable |

## Agent Points

| code | status | meaning | frontend handling |
|---|---:|---|---|
| `POINTS_INSUFFICIENT_BALANCE` | 402 | Not enough points to start this run | Show recharge/insufficient-points prompt |

## Agent Session

| code | status | meaning | frontend handling |
|---|---:|---|---|
| `AGENT_SESSION_RUN_LIMIT_EXCEEDED` | 409 | Session already reached max run count (start + 3 follow-ups) | Show run-limit message and require starting a new session |
| `AGENT_DIVINATION_PAYLOAD_REQUIRED` | 422 | Missing required `forwardedProps.divinationPayload` in run request | Prompt user to restart casting flow and resubmit |
| `AGENT_OUTPUT_DIVINATION_INVALID` | 422 | Worker output contains invalid `divination_derived` payload shape | Show generic history parse error and suggest retrying latest run |

## Profile

| code | status | meaning | frontend handling |
|---|---:|---|---|
| `PROFILE_PAYLOAD_INVALID` | 422 | Profile update payload invalid (length/type/empty constraints) | Highlight invalid fields and block submit |
| `PROFILE_NOT_FOUND` | 404 | User profile row missing | Show retry and optionally trigger profile bootstrap |

## Avatar

| code | status | meaning | frontend handling |
|---|---:|---|---|
| `AVATAR_FILE_INVALID` | 422 | Avatar mime type or size is invalid | Show file validation hint and ask user to pick another image |
| `AVATAR_PATH_SCOPE_INVALID` | 422 | Avatar path does not belong to current user scope | Show generic security error and force refresh |
| `AVATAR_SIGNED_URL_FAILED` | 502 | Backend failed to generate avatar signed upload URL | Show retry toast and keep previous avatar |
| `AVATAR_UPLOAD_FAILED` | 502 | Backend failed to upload avatar bytes to storage | Show retry toast and keep previous avatar |

Compatibility strategy:

- Additive changes only for new codes.
- Existing codes must keep semantic meaning.
- Frontend must map by `code`, not by `detail` text.
feat: 切换邮箱认证并重构前后端启动与门禁 2026-04-02 18:39:35 +08:00			`# HTTP Error Codes`

			This document is the source of truth for backend RFC7807 `code` values consumed by frontend.

			`## Auth`

			`\| code \| status \| meaning \| frontend handling \|`
			`\|---\|---:\|---\|---\|`
			\| `AUTH_SERVICE_UNAVAILABLE` \| 503 \| Auth upstream unavailable \| Show retry message and allow retry \|
			\| `AUTH_TOO_MANY_REQUESTS` \| 429 \| OTP request throttled \| Show wait message \|
			\| `AUTH_VERIFICATION_CODE_INVALID` \| 401 \| Invalid OTP code \| Prompt user to re-enter code \|
			\| `AUTH_REFRESH_TOKEN_INVALID` \| 401 \| Invalid/expired refresh token \| Clear local session and return login \|
			\| `AUTH_REFRESH_TOKEN_MISSING` \| 401 \| Refresh token missing on logout \| Treat as local logout and clear session \|
			\| `AUTH_USER_NOT_FOUND` \| 404 \| User not found \| Show not-found message where applicable \|

feat: 实现起卦、设置与积分系统 2026-04-03 16:56:47 +08:00			`## Agent Points`

			`\| code \| status \| meaning \| frontend handling \|`
			`\|---\|---:\|---\|---\|`
			\| `POINTS_INSUFFICIENT_BALANCE` \| 402 \| Not enough points to start this run \| Show recharge/insufficient-points prompt \|

			`## Agent Session`

			`\| code \| status \| meaning \| frontend handling \|`
			`\|---\|---:\|---\|---\|`
			\| `AGENT_SESSION_RUN_LIMIT_EXCEEDED` \| 409 \| Session already reached max run count (start + 3 follow-ups) \| Show run-limit message and require starting a new session \|
feat: 接入起卦后端流程并完善积分扣减链路 2026-04-03 19:04:46 +08:00			\| `AGENT_DIVINATION_PAYLOAD_REQUIRED` \| 422 \| Missing required `forwardedProps.divinationPayload` in run request \| Prompt user to restart casting flow and resubmit \|
feat: 实现用户画像、占卜历史与后端用户管理模块 2026-04-06 01:28:10 +08:00			\| `AGENT_OUTPUT_DIVINATION_INVALID` \| 422 \| Worker output contains invalid `divination_derived` payload shape \| Show generic history parse error and suggest retrying latest run \|

			`## Profile`

			`\| code \| status \| meaning \| frontend handling \|`
			`\|---\|---:\|---\|---\|`
			\| `PROFILE_PAYLOAD_INVALID` \| 422 \| Profile update payload invalid (length/type/empty constraints) \| Highlight invalid fields and block submit \|
			\| `PROFILE_NOT_FOUND` \| 404 \| User profile row missing \| Show retry and optionally trigger profile bootstrap \|

			`## Avatar`

			`\| code \| status \| meaning \| frontend handling \|`
			`\|---\|---:\|---\|---\|`
			\| `AVATAR_FILE_INVALID` \| 422 \| Avatar mime type or size is invalid \| Show file validation hint and ask user to pick another image \|
			\| `AVATAR_PATH_SCOPE_INVALID` \| 422 \| Avatar path does not belong to current user scope \| Show generic security error and force refresh \|
			\| `AVATAR_SIGNED_URL_FAILED` \| 502 \| Backend failed to generate avatar signed upload URL \| Show retry toast and keep previous avatar \|
			\| `AVATAR_UPLOAD_FAILED` \| 502 \| Backend failed to upload avatar bytes to storage \| Show retry toast and keep previous avatar \|
feat: 实现起卦、设置与积分系统 2026-04-03 16:56:47 +08:00
feat: 切换邮箱认证并重构前后端启动与门禁 2026-04-02 18:39:35 +08:00			`Compatibility strategy:`

			`- Additive changes only for new codes.`
			`- Existing codes must keep semantic meaning.`
			- Frontend must map by `code`, not by `detail` text.