chore(deps):SP-4138 add error_message and error_code fields to Depend…

CHANGELOG.md

@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.32.0] - 2026-03-09
+### Added
+- Added `error_message` and `error_code` fields to `Dependencies` message in `DependencyResponse` for error handling at the individual dependency level
+- Updated `DependencyResponse` JSON schema description to reflect error fields inside the dependency block
+
 ## [0.31.0] - 2026-02-24
 ### Added
 - Added gRPC `GetComponentStatus` and REST endpoint GET `/v2/components/status/component` for retrieving lifecycle status of a single component
@@ -238,6 +243,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Vulnerabilities
 - Added REST endpoint support for each service also
 
+[0.32.0]: https://github.com/scanoss/papi/compare/v0.31.0...v0.32.0
 [0.31.0]: https://github.com/scanoss/papi/compare/v0.30.0...v0.31.0
 [0.30.0]: https://github.com/scanoss/papi/compare/v0.29.0...v0.30.0
 [0.29.0]: https://github.com/scanoss/papi/compare/v0.28.0...v0.29.0

protobuf/scanoss/api/dependencies/v2/README.md

@@ -139,8 +139,12 @@ Each dependency object includes:
 - `licenses`: Array of license information
 - `url`: Component homepage or repository URL
 - `comment`: Additional analysis notes
+- `error_message` (optional): Error message describing what went wrong during component processing
+- `error_code` (optional): Error code indicating the type of error encountered
 
-### Response Example
+### Response Examples
+
+#### Success
 ```json
 {
   "files": [
@@ -175,6 +179,37 @@ Each dependency object includes:
 }
 ```
 
+#### Error in dependency
+When a component cannot be processed, the dependency block includes `error_message` and `error_code` fields. The remaining fields will be empty since the component could not be resolved:
+```json
+{
+  "files": [
+    {
+      "file": "conanfile.txt",
+      "id": "dependency",
+      "status": "pending",
+      "dependencies": [
+        {
+          "component": "",
+          "purl": "pkg:conan/gtest",
+          "version": "",
+          "licenses": [],
+          "url": "",
+          "comment": "",
+          "requirement": "v1.17.0",
+          "error_message": "Component version not found",
+          "error_code": "VERSION_NOT_FOUND"
+        }
+      ]
+    }
+  ],
+  "status": {
+    "status": "SUCCESS",
+    "message": "Dependencies successfully retrieved"
+  }
+}
+```
+
 ## Echo
 
 Standard service health check endpoint for testing connectivity and API key validation.

protobuf/scanoss/api/dependencies/v2/scanoss-dependencies.proto

@@ -131,6 +131,7 @@ message DependencyResponse {
   option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
     json_schema: {
       example: "{\"files\":[{\"file\":\"package.json\",\"id\":\"dependency\",\"status\":\"pending\",\"dependencies\":[{\"component\":\"express\",\"purl\":\"pkg:npm/express\",\"version\":\"4.18.2\",\"requirement\":\"^4.18.0\",\"licenses\":[{\"name\":\"MIT\",\"spdx_id\":\"MIT\",\"is_spdx_approved\":true,\"url\":\"https://opensource.org/licenses/MIT\"}],\"url\":\"https://www.npmjs.com/package/express\",\"comment\":\"\"}]}],\"status\":{\"status\":\"SUCCESS\",\"message\":\"Dependencies successfully retrieved\"}}";
+      description: "Success example. For error cases, dependency block includes error_message and error_code fields, e.g.: {\\\"files\\\":[{\\\"file\\\":\\\"package.json\\\",\\\"id\\\":\\\"dependency\\\",\\\"status\\\":\\\"pending\\\",\\\"dependencies\\\":[{\\\"component\\\":\\\"\\\",\\\"purl\\\":\\\"pkg:npm/express\\\",\\\"error_message\\\":\\\"Component not found\\\",\\\"error_code\\\":\\\"COMPONENT_NOT_FOUND\\\"}]}],\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}";
     }
   };
 
@@ -148,7 +149,10 @@ message DependencyResponse {
     string url = 5;
     string comment = 6;
     string requirement = 7;
-//    string scope = 7;
+    // Optional error message describing what went wrong during component processing
+    optional string error_message = 8 [json_name = "error_message"];
+    // Optional error code indicating the type of error encountered
+    optional common.v2.ErrorCode error_code = 9  [json_name = "error_code"];
   }
   message Files {
     string file = 1;

protobuf/scanoss/api/dependencies/v2/scanoss-dependencies.swagger.json

@@ -173,8 +173,15 @@
           "type": "string"
         },
         "requirement": {
+          "type": "string"
+        },
+        "error_message": {
           "type": "string",
-          "title": "string scope = 7;"
+          "title": "Optional error message describing what went wrong during component processing"
+        },
+        "error_code": {
+          "$ref": "#/definitions/v2ErrorCode",
+          "title": "Optional error code indicating the type of error encountered"
         }
       }
     },
@@ -394,6 +401,7 @@
           "title": "Response status (required?)"
         }
       },
+      "description": "Success example. For error cases, dependency block includes error_message and error_code fields, e.g.: {\\\"files\\\":[{\\\"file\\\":\\\"package.json\\\",\\\"id\\\":\\\"dependency\\\",\\\"status\\\":\\\"pending\\\",\\\"dependencies\\\":[{\\\"component\\\":\\\"\\\",\\\"purl\\\":\\\"pkg:npm/express\\\",\\\"error_message\\\":\\\"Component not found\\\",\\\"error_code\\\":\\\"COMPONENT_NOT_FOUND\\\"}]}],\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}",
       "title": "Dependency response data (JSON payload)"
     },
     "v2DependencyResponseFiles": {
@@ -435,6 +443,18 @@
       },
       "description": "Echo Message Response."
     },
+    "v2ErrorCode": {
+      "type": "string",
+      "enum": [
+        "INVALID_PURL",
+        "COMPONENT_NOT_FOUND",
+        "NO_INFO",
+        "INVALID_SEMVER",
+        "VERSION_NOT_FOUND"
+      ],
+      "default": "INVALID_PURL",
+      "description": "Error code enum for component analysis operations.\nRepresents the various error conditions that can occur during component processing and validation.\n\n - INVALID_PURL: The provided Package URL (PURL) is invalid or malformed\n - COMPONENT_NOT_FOUND: The requested component could not be found in the database\n - NO_INFO: No information is available for the requested component\n - INVALID_SEMVER: The provided semantic version (SemVer) is invalid or malformed\n - VERSION_NOT_FOUND: Component version not found"
+    },
     "v2StatusCode": {
       "type": "string",
       "enum": [