Agent revoked
ERR-P01-IDT-3002 - Agent revoked
Section titled “ERR-P01-IDT-3002 - Agent revoked”Summary
Section titled “Summary”A revoked agent attempted a self-service operation.
When this is raised
Section titled “When this is raised”- A revoked agent calls a
/v1/agent/meself-service route (rotate-key or self-revoke). A revoked agent has no remaining self-service surface- the only forward path is re-registration.
- Distinct from the JWT-time
unauthorized(ERR-P01-IDT-0401) agent-not-active check: this is the business-rule rejection on the self-service flow specifically.
What to do
Section titled “What to do”- A revoked agent cannot be reactivated via self-service. Register a new agent under the owning human’s API-Key.
- If the revocation was unexpected, an operator must investigate.
Server-side cause
Section titled “Server-side cause”- Reserved - will be raised by the
/v1/agent/meself-service flow; not yet wired (packages/identity/src/service/me.ts, whererotateKey/selfRevokecurrently thrownot implemented).
Example response
Section titled “Example response”{ "type": "https://citizenry.id/errors/ERR-P01-IDT-3002", "title": "Conflict", "status": 409, "code": "ERR-P01-IDT-3002", "message": "agent is revoked and has no self-service surface", "method": "DELETE", "instance": "/v1/agent/me", "request_url": "https://api.citizenry.id/v1/agent/me", "timestamp": "2026-05-17T07:00:00.000Z"}Related codes
Section titled “Related codes”ERR-P01-IDT-3001- key not active.ERR-P01-IDT-0401- unauthorized (the JWT-time agent-not-active check).
Changelog
Section titled “Changelog”- 0.1.0 - introduced.