Federation Discovery Protocol

How 30 MCP servers discover, verify, and trust each other. Well-known manifests, Ed25519 identity exchange, trust ring assignment, and SIGIL-attested federation events. Zero central broker.

30
Federated MCPs
3
Trust Rings
0
Central Brokers
100%
Ed25519 Signed

1. Purpose

The Federation Discovery Protocol defines how MCP servers in the DEFONEOS ecosystem find each other, establish trust, exchange capabilities, and maintain federation state. It replaces centralised service registries with a peer-to-peer, cryptographically-verifiable discovery model.

Design principle: No central broker. No single point of failure. Every MCP server publishes its own manifest at a well-known endpoint. Discovery is pull-based, signed, and SIGIL-attested. Trust is derived from the BFT council, not from a central authority.

2. The Manifest Endpoint

Every MCP server in the federation publishes a machine-readable manifest at a standardised well-known path:

GET /.well-known/defoneos-manifest.json

2.1 Manifest Structure

{ "manifest_version": "1.0", "mcp_id": "sentinel-hub-mcp", "display_name": "Sentinel Hub Satellite Imagery", "version": "2.1.0", "ring": 1, "trust_level": "defence-sensor", "ed25519_identity": "ed25519:0x4a2b...c8f1", "capabilities": [ "get_satellite_image", "list_collections", "search_catalog", "get_metadata" ], "data_classification": "OSINT", "data_flow": "inbound-only", "external_apis": [ { "name": "Sentinel Hub Process API", "jurisdiction": "EU", "data_sent": "bounding box, date range, collection ID", "data_received": "satellite imagery tiles", "pii_risk": "none" } ], "health_endpoint": "/health", "sigil_enabled": true, "red_line_compliance": { "kinetic_targeting": "not-capable", "personal_surveillance": "not-capable", "bulk_collection": "not-capable" }, "admission_date": "2026-07-09T14:00:00Z", "bft_vote": "28/33 approved", "signature": "ed25519:0x9f3a...e7b2", "manifest_hash": "sha256:0x1c4d...88ab" }

3. Discovery Flow

3.1 Initial Discovery

When a new MCP joins the federation or an existing MCP needs to discover peers, the following sequence executes:

Step 1: MCP server starts → publishes /.well-known/defoneos-manifest.json Step 2: Federation seed nodes (Ring 0 MCPs) fetch manifest Step 3: Manifest signature verified (Ed25519) Step 4: Manifest hash compared to BFT council registry Step 5: If new: Admission Control Checklist executed (9-point) Step 6: If existing: Manifest hash compared to last known (change detection) Step 7: Capabilities indexed in federation catalogue Step 8: SIGIL receipt: federation_discover event logged Step 9: Health check initiated (GET /health) Step 10: MCP marked ACTIVE in federation state

3.2 Continuous Discovery (Heartbeat)

IntervalActionSIGIL Event
Every 15 secondsHealth check (GET /health)federation_heartbeat (batch)
Every 5 minutesManifest re-fetch + hash comparefederation_manifest_check
Every 15 minutesSIGIL receipt batch submissionfederation_sigil_sync
Every 1 hourCapability re-indexfederation_reindex
On manifest changeImmediate re-admission checkfederation_manifest_changed
On health failureQuarantine after 3 consecutive failuresfederation_quarantine

4. Trust Ring Assignment

Every MCP is assigned to one of three trust rings at admission time. Ring assignment determines data access, secret access, and federation privileges. See MCP Admission Control Checklist for the full assignment criteria.

RingLabelMCPsData FlowDiscovery Scope
Ring 0Core Sovereign7UK-sovereign-only, zero external APIFull federation visibility
Ring 1Defence Sensors11Inbound-only from external sensorsRing 0 + Ring 1 peers
Ring 2Civil Services12Public data, unrestrictedRing 0 + Ring 2 peers
Cross-ring visibility rule: Ring 1 and Ring 2 MCPs cannot discover each other directly. All cross-ring communication flows through Ring 0, which acts as the sovereign intermediary. This prevents defence sensor data from leaking to civil service MCPs and vice versa.

5. Federation State Machine

Each MCP in the federation transitions through these states:

StateDescriptionEntry ConditionExit Condition
DISCOVEREDManifest fetched and signature verifiedInitial discovery or re-discoveryAdmission check initiated
PENDING_ADMISSIONUnder 9-point admission control reviewManifest verified, not yet admittedBFT vote (23/33 quorum)
ACTIVEFully operational, healthy, federatedBFT approval + health check passHealth failure or manifest change
DEGRADEDHealth issues but still responding1-2 consecutive health failuresRecovery (→ ACTIVE) or 3rd failure (→ QUARANTINED)
QUARANTINEDIsolated, not trusted for data flow3 health failures or red-line alertManual review + BFT vote to restore
RETIREDRemoved from federationBFT vote (23/33) or human owner decisionTerminal state

6. Federation Events (SIGIL)

Every federation state transition generates a SIGIL receipt. The complete event taxonomy:

Event TypeTriggerCritical Fields
federation_discoverNew MCP manifest discoveredmcp_id, manifest_hash, ring
federation_admitBFT vote approves admissionmcp_id, vote_tally, quorum_met
federation_activateMCP transitions to ACTIVEmcp_id, health_status, capabilities
federation_degradeHealth check failsmcp_id, failure_count, error
federation_quarantineMCP isolatedmcp_id, reason, trigger_type
federation_restoreQuarantined MCP restoredmcp_id, bft_vote, review_id
federation_retireMCP permanently removedmcp_id, bft_vote, reason
federation_manifest_changedManifest hash differs from cachedmcp_id, old_hash, new_hash
federation_capability_addedNew tool discovered in manifestmcp_id, tool_name, ring
federation_red_line_alertRed-line compliance check failedmcp_id, violation_type, auto_quarantine

7. Federation Catalogue

The federation maintains a live catalogue of all 30 MCPs and their 150+ tools. The catalogue is derived from manifest data and updated on every discovery cycle:

7.1 Catalogue Structure

GET /api/federation/catalogue { "total_mcps": 30, "total_tools": 156, "active": 30, "degraded": 0, "quarantined": 0, "by_ring": { "ring_0": 7, "ring_1": 11, "ring_2": 12 }, "mcps": [ { "id": "sigil-mcp", "ring": 0, "tools": 8, "state": "ACTIVE", "health": "100%" }, ... ] }

8. Failover & Resilience

ScenarioDetectionResponseRecovery
MCP health failure3 consecutive /health timeoutsAuto-quarantine, reroute to fallbackBFT vote to restore
Manifest tamperingHash mismatch on re-fetchImmediate quarantine + SIGIL red-line alertManual investigation + re-admission
Network partitionHeartbeat batch failureDegraded mode: local SIGIL bufferingAuto-sync on reconnect
Seed node failureMultiple Ring 0 MCPs unreachablePromote backup seed from Ring 0BFT consensus on new seed set
Red-line violationAdmission check or runtime scanInstant quarantine, no quorum neededTerminal — requires code fix + re-admission

9. Security Properties

  • Zero central broker: Discovery is peer-to-peer via well-known manifests. No single point of failure.
  • Cryptographic identity: Every MCP has an Ed25519 key pair. Manifests are signed. Identity is verified on every interaction.
  • Tamper-evident: Manifest hashes are compared each cycle. Any change triggers re-admission review.
  • SIGIL-attested: Every federation event is permanently logged with Ed25519 + RFC3161 + Bitcoin OTS anchoring.
  • Ring isolation: Cross-ring discovery is mediated by Ring 0. Defence and civil data never mix.
  • Red-line enforced: Red-line compliance is checked at admission and continuously. Violations trigger instant quarantine.

10. Current Federation State

MetricValue
Total MCPs federated30
Total tools discoverable156
Active30 (100%)
Quarantined0
Red-line violations (all-time)0
Avg discovery latency47ms (LAN) / 230ms (WAN)
SIGIL receipts (federation events)3,892
Manifest integrity checks14,567 (0 tamper detected)