Federation is mutual but unilateral — either side can initiate, both must accept. The handshake exchanges public keys, scopes, and a sync token.
Handshake
POST /v1/federate/handshake
{
"fromRegistry": "did:oas:yourorg:registry:internal",
"endpoint": "https://reg.yourorg.com",
"publicKey": "ed25519:…",
"scope": ["agent","tool","skill"]
}
{ "syncToken": "tok_3f9a…", "since": null }
Sync
POST /v1/federate/sync
{ "syncToken": "tok_3f9a…", "limit": 1000, "cursor": null }
{ "entries": [ /* 1000 entries */ ], "nextCursor": "..." }
Continue paging until nextCursor is null.
Conflict resolution
| Case | Winner |
|---|---|
| Same DID, different content hash | Lower Sigil sequence number |
| Same DID, same hash | Treated as identical (no duplication) |
| Revoked vs live | Revoked always wins |
Scoping
The scope array restricts replication. Use ["*"] to share everything,
or list specific kinds for finer control. Tags-based and publisher-based
deny lists are supported via Cedar policy attachments.