docs(spec): document new error codes from AT-5324 epic

[jklein24]

Summary

Documents the ~11 server-side error codes added across the AT-5324 error-audit epic so SDKs and integrators have a way to learn them other than triggering them in production. Cross-cutting observation #3 in error-audit/FRESH_REVIEW.md flagged the gap.

Codes documented

Code	HTTP	Source PR	Ticket
WALLET_SIGNATURE_MISSING	401	lightsparkdev/webdev#27767	AT-5342
WALLET_SIGNATURE_MALFORMED	401	#27767	AT-5342
WALLET_SIGNATURE_BODY_MISMATCH	401	#27767	AT-5342
WALLET_SIGNATURE_INVALID	401	#27767	AT-5342
UMA_NOT_FOUND	404	#27758	AT-5345
METHOD_NOT_ALLOWED	405	#27747	AT-5325
CONFLICT (newly surfaced for duplicate platformCustomerId)	409	#27766	AT-5348
VASP_UNREACHABLE	502	#27758	AT-5345
VASP_INVALID_RESPONSE	502	#27758	AT-5345

NOT_IMPLEMENTED (501) was already documented; no change needed.

Files changed

• openapi/components/schemas/errors/Error401.yaml — adds the four WALLET_SIGNATURE_* codes
• openapi/components/schemas/errors/Error404.yaml — adds UMA_NOT_FOUND
• openapi/components/schemas/errors/Error409.yaml — adds CONFLICT
• openapi/components/schemas/errors/Error405.yaml (new) — METHOD_NOT_ALLOWED
• openapi/components/schemas/errors/Error502.yaml (new) — VASP_UNREACHABLE, VASP_INVALID_RESPONSE
• openapi/paths/receiver/uma/receiver_uma_{receiverUmaAddress}.yaml — adds 502 response, expands 404 description
• openapi/paths/customers/customers.yaml — adds 405 response, expands 409 description to mention CONFLICT
• openapi.yaml + mintlify/openapi.yaml — re-bundled

Constraints honored

• No error-envelope redesign — only enum extensions.
• No new endpoints, no semantic changes.
• make build regenerated the bundle; make lint passes (warnings only, all pre-existing).

Test plan

• make build succeeds
• make lint passes (no new errors, pre-existing warnings only)
• Bundle includes all new codes (grep -E "WALLET_SIGNATURE|UMA_NOT_FOUND|VASP_|METHOD_NOT_ALLOWED|CONFLICT" openapi.yaml)
• Mintlify renders the updated error tables without blank-page regressions

Related: epic AT-5324, error-audit/FRESH_REVIEW.md.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
grid-flow-builder	Ready	Preview, Comment	May 23, 2026 11:17pm

[github-actions]

✱ Stainless preview builds for grid

This PR will update the grid SDKs with the following commit messages.

cli

chore(internal): regenerate SDK with no functional changes

csharp

chore(internal): regenerate SDK with no functional changes

go

chore(internal): regenerate SDK with no functional changes

kotlin

chore(internal): regenerate SDK with no functional changes

openapi

feat(api): add Error405/502 models, wallet signature codes, UMA/VASP error codes

php

chore(internal): regenerate SDK with no functional changes

python

chore(internal): regenerate SDK with no functional changes

ruby

chore(internal): regenerate SDK with no functional changes

typescript

chore(internal): regenerate SDK with no functional changes

Edit this comment to update them. They will appear in their respective SDK's changelogs.

✅ grid-openapi studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗

✅ grid-ruby studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ⏭️ (prev: build ✅) → lint ❗ → test ✅

✅ grid-go studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ⏭️ (prev: build ✅) → lint ❗ → test ❗

go get github.com/stainless-sdks/grid-go@da0a3e254ede0f799de4020ec435cb49e413ab19

✅ grid-python studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ⏭️ (prev: build ✅) → lint ⏭️ (prev: lint ✅) → test ✅

✅ grid-kotlin studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ⏭️ (prev: build ✅) → lint ⏭️ (prev: lint ✅) → test ❗

✅ grid-typescript studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ⏭️ (prev: build ❗) → lint ⏭️ (prev: lint ❗) → test ❗

⏳ grid-csharp studio · code · diff

generate ❗ → build ⏭️ (prev: build ❗) → lint ⏭️ (prev: lint ❗) → test ⏳

⚠️ grid-php studio · code · diff

Your SDK build had a failure in the lint CI job, which is a regression from the base state.
generate ❗ → lint ❗ (prev: lint ✅) → test ✅

✅ grid-cli studio · code · diff

Your SDK build had at least one "error" diagnostic, but this did not represent a regression.
generate ❗ → build ❗ → lint ❗ → test ❗

⏳ These are partial results; builds are still running.

---

This comment is auto-generated by GitHub Actions and is automatically kept up to date as you push.
If you push custom code to the preview branch, re-run this workflow to update the comment.
Last updated: 2026-05-23 23:27:53 UTC

[jklein24]

@greptile review

[greptile-apps]

Greptile Summary

This PR is a documentation-only change that extends the OpenAPI spec with 9 new server-side error codes from the AT-5324 error-audit epic, adding two new schemas (Error405, Error502) and expanding four existing ones. Both generated bundles (openapi.yaml, mintlify/openapi.yaml) are correctly regenerated via make build.

• New schemas: Error405 (METHOD_NOT_ALLOWED) and Error502 (VASP_UNREACHABLE, VASP_INVALID_RESPONSE) follow the same structure as existing error schemas; both VASP codes are consistently marked "Retryable." in the code table and in the path-level description.
• Existing schema extensions: Error401 gains four WALLET_SIGNATURE_* codes; Error404 gains UMA_NOT_FOUND; Error409 gains CONFLICT with a descriptive example tying it to platformCustomerId collisions.
• Path updates: customers.yaml adds the 405 response to both GET and POST operations (numerically ordered); receiver_uma_{receiverUmaAddress}.yaml adds the 502 response block and expands the 404 description with the UMA_NOT_FOUND code reference.

Confidence Score: 5/5

Documentation-only change; no application logic, migrations, or API contracts are altered — only enum extensions and new error schema stubs are added.

All changes are additive and limited to OpenAPI YAML: new enum values, two new schema files, and updated path-level response blocks. The generated bundles match their sources. No existing behaviour is modified.

No files require special attention.

Important Files Changed

Filename	Overview
openapi/components/schemas/errors/Error401.yaml	Adds four WALLET_SIGNATURE_* codes to the enum and description table; consistent with existing pattern of shared 401 schema covering all credential-related codes.
openapi/components/schemas/errors/Error404.yaml	Appends UMA_NOT_FOUND to the description table and enum list; consistent with existing pattern of adding all 404 codes to the shared schema.
openapi/components/schemas/errors/Error405.yaml	New schema for 405 responses with a single METHOD_NOT_ALLOWED code; structure and field ordering match other Error*.yaml files.
openapi/components/schemas/errors/Error409.yaml	Adds CONFLICT code with a descriptive example; enum and description table updated consistently.
openapi/components/schemas/errors/Error502.yaml	New schema for 502 responses; both VASP_UNREACHABLE and VASP_INVALID_RESPONSE are labelled "Retryable." in the code table, consistent with the path-level "Both are retryable" description.
openapi/paths/customers/customers.yaml	Adds 405 response (numerically ordered before 409/500) to both POST and GET operations, and expands 409 description to include the new CONFLICT code.
openapi/paths/receiver/uma/receiver_uma_{receiverUmaAddress}.yaml	Expands 404 description with UMA_NOT_FOUND code reference and adds a new 502 response block referencing Error502.yaml with a clear "Both are retryable" note.
openapi.yaml	Generated bundle; reflects all source changes correctly. Error405 and Error502 component schemas added; path-level responses updated.
mintlify/openapi.yaml	Generated bundle for Mintlify docs; identical changes to openapi.yaml, correctly regenerated via make build.

Sequence Diagram

sequenceDiagram
    participant C as Client
    participant G as Grid API
    participant V as Counterparty VASP

    C->>G: POST /customers (Embedded Wallet)
    alt Missing/malformed wallet signature
        G-->>C: 401 WALLET_SIGNATURE_MISSING / WALLET_SIGNATURE_MALFORMED
    else Body mismatch or invalid signature
        G-->>C: 401 WALLET_SIGNATURE_BODY_MISMATCH / WALLET_SIGNATURE_INVALID
    else platformCustomerId collision
        G-->>C: 409 CONFLICT
    else UMA address taken
        G-->>C: 409 UMA_ADDRESS_EXISTS
    else Unsupported HTTP method
        G-->>C: 405 METHOD_NOT_ALLOWED
    else Success
        G-->>C: 201 Customer created
    end

    C->>G: "GET /receiver/uma/{receiverUmaAddress}"
    G->>V: UMA lookup request
    alt Network/DNS/TLS failure
        V--xG: unreachable
        G-->>C: 502 VASP_UNREACHABLE (retryable)
    else Invalid/unparseable UMA response
        V-->>G: malformed response
        G-->>C: 502 VASP_INVALID_RESPONSE (retryable)
    else Address not found at VASP
        V-->>G: not found
        G-->>C: 404 UMA_NOT_FOUND
    else Success
        V-->>G: receiver info
        G-->>C: 200 Receiver details
    end

Loading

_{Reviews (2): Last reviewed commit: "address greptile review feedback (greplo..." | Re-trigger Greptile}

[jklein24]

@greptile review