Troubleshooting

Consult this guide for common implementation issues and security resolution steps.

Q: Received 403 Access Denied on Execute.

This is almost always due to Domain Whitelisting. Verify that the targetUrl matches the whitelist set on your Phantom Key or Ephos Token. Note: Whitelisting for subdomains must be explicit or use a wildcard (e.g., *.openai.com).

Q: Agent returns 401 Unauthorized.

Check the expiration status of your Ephos Token. If the token was manually revoked or reached its TTL, you must mint a new one in the Dashboard. Also ensure your Bearer token is prefixed correctly: Authorization: Bearer et_live_xxx.

Q: Identity Vault is "Frozen".

A "Security Freeze" can only be lifted by an Organization Administrator. If your vault is frozen, it means the master decryption keys are temporarily disabled in the enclave to prevent exfiltration during a suspected compromise.

Q: I lost my Master Passphrase.

Immediate Action: There is no recovery mechanism. Because Ephos is zero-knowledge, we do not store your passphrase. If lost, your Phantom Keys cannot be decrypted. You must delete the vault and recreate your keys.

Q: MCP Tool Discovery is failing.

Ensure your Ephos Token has the necessary scopes for the tools you're trying to use. The MCP gateway filters available tools based on the permissions granted to the provided token.