Federated Exchange
Anthropic's managed agents memory is single-tenant cloud — no protocol for two customers to exchange signed memory subsets with verifiable origin. Federations of sovereign nodes are structurally precluded on a cloud-only substrate. OMEGA Pro ships the primitive: two instances can trade memory subsets, each verifying the other's signed manifest without surrendering data to a hub.
This is the only path to multi-instance organizations without centralization. Defense partners, air-gapped peers, cross-org legal discovery — all become possible when the exchange substrate is sovereign-by-design.
How it works
Federation reuses the audit Ed25519 keypair (see Signed Audit Chain), so one local identity covers both audit-export and federation-export.
- Export: select a subset (by entity, date, tag), build a signed
manifest. Each memory in the manifest carries its
content_sha256for tamper detection. - Trust allowlist: incoming manifests are accepted only from peers whose Ed25519 public-key fingerprint you've registered.
- Verify runs a 3-layer integrity check: per-memory
leaf_hash+ content consistency, Merkle root rebuild, signature verify. - Import merges verified memories into the local store, recording
a
federation_originlineage block on each row so you can always trace where it came from. Dedup on(content_hash, entity_id)keeps the import idempotent — re-importing the same manifest is a no-op.
The six MCP tools
| Tool | Purpose |
|---|---|
omega_federation_export | Build a signed manifest containing a memory subset. Embeds the public key so peers can verify offline. |
omega_federation_verify | Verify a federation manifest. 3-layer integrity check (leaf consistency, Merkle root, signature). |
omega_federation_trust_add | Register a peer's Ed25519 public key in the local trusted-keys allowlist. |
omega_federation_trust_list | List trusted peers with their fingerprints, labels, and registration timestamps. |
omega_federation_trust_remove | Revoke trust for a peer by SHA-256 fingerprint. Future imports from that peer are refused. |
omega_federation_import | Verify, trust-check, and merge a signed manifest. Records federation_origin lineage on every imported row. |
A typical session
Two OMEGA instances — A and B — want to share their incident-response memories from the last quarter.
# On instance A: export the subset and ship the manifest file to B
omega_federation_export(
entity_id="incident-response",
since="2026-02-01",
)
→ wrote manifest-2026-Q1.json
152 memories, signed by key fingerprint A's-pubkey
# On instance B: first time accepting from A — register A's public key
omega_federation_trust_add(
public_key_pem="<A's public key>",
label="instance-A",
)
→ trusted peer added: fingerprint 9f1c… label instance-A
# Verify the manifest before importing
omega_federation_verify(path="manifest-2026-Q1.json")
→ leaf hashes consistent, root matches, signature OK, 152 leaves
# Import: trust-check + merge
omega_federation_import(path="manifest-2026-Q1.json")
→ 148 imported, 4 already_local (idempotent dedup)
each row carries federation_origin: A, manifest-2026-Q1.json
If A is later compromised, revoke trust to refuse future imports:
omega_federation_trust_remove(fingerprint="9f1c…full-256-hex…")
→ A removed from allowlist; imports refused
Trust modes
The default mode is trusted_keys_only: imports from peers not in the
allowlist are refused. This is the safe default — explicit trust
relationships only.
See also
- Signed Audit Chain — federation reuses the same Ed25519 keypair
- Tool Profiles — federation loads in the
teamprofile by default