| OTP email never arrives | SMTP misconfig / rate limit | Check API logs; click Resend code |
OAuth invalid_redirect | Provider redirect URI mismatch | Update Google/GitHub OAuth app to your callback URL |
| DID resolve returns 404 | DID never anchored or wrong network | Confirm RPC chain ID; redeploy if local |
| Credential signature invalid | Issuer key rotated since signing | Verifier should fetch latest DID Document |
| Schema mismatch on verify | Schema version drift | Pin schema version in the credential and the verifier |
| ZKP generation OOM | Browser tab memory limit | Use the mobile wallet, or run snarkjs in a Web Worker |
ZKProofVerifier.verify reverts | Public signals don’t match circuit | Confirm circuit version matches verifier; regenerate proof |
| Agent delegation rejected | Chain depth >5 | Restructure delegation chain |
| MCP-I tool call denied | IBCT expired or wrong scope | Mint a fresh IBCT with the required capability |
| DIDComm decryption fails | Recipient key mismatch (post key-rotation) | Sender refresh DID Document and re-pack |
| RPC connection error | Chain endpoint unreachable | Check BLOCKCHAIN_RPC |
429 Too Many Requests | Rate limit hit | Back off — authenticated quota is 600 req/min/user |
| JWT expired loop | Clock drift on client device | Sync NTP |
| Wallet recovery stuck | Custodian Share 3 not released | Re-authenticate, contact recovery custodian |
| CORS error in browser | Origin not in allowlist | Add origin to CORS_ALLOWED_ORIGINS |
