Delay before the retry, in milliseconds. Honors error.retry_after when present.
Maximum attempts (including the original) before escalating.
Caller MUST replay with the same idempotency_key.
Suggested pre-retry delay in milliseconds. Lightweight jitter so fleet
operators don't all hit the seller in the same instant after a
correlated storm (e.g., PROPOSAL_EXPIRED across thousands of
campaigns at once).
Maximum attempts (including the original) before escalating.
Caller MUST mint a fresh idempotency_key because the payload changes.
Optionalfield?: stringThe field the seller flagged. Mirrors error.field.
Optionalsuggestion?: stringThe seller's correction hint. Mirrors error.suggestion.
Human-facing message. Mirrors error.message.
Optionaldetails?: Record<string, unknown>Safe code-specific details for UX routing. Currently populated for
AUTHORIZATION_REQUIRED after the same allowlist/sanitizer used on
server error envelopes.
Optionalmissing_connections?: unknown[]Convenience mirror of details.missing_connections for auth UX handoffs.
Optionalauthorization_url?: stringConvenience auth URL, from top-level details or the first missing connection that provides one.
Optionalauthorization_instructions?: stringConvenience auth instructions, from top-level details or the first missing connection that provides them.
What the buyer agent should do next. Discriminated by
action.retry: replay with the SAMEidempotency_keyafterdelayMs. Use for server-side transients (RATE_LIMITED,SERVICE_UNAVAILABLE,CONFLICT).mutate-and-retry: apply the seller's correction hint (readerror.field/error.suggestion), then call again with a FRESHidempotency_keybecause the payload is now semantically different.escalate: stop the agent loop and surface to a human. Includes commercial-relationship signals, auth failures, terminal errors, attempt-cap exhaustion, and unknown vendor codes.