Coordinators

Multi-region. Zero peer private keys.

The coordinator is the high-value target. The Beacons architecture removes the value: it holds no peer private keys, all inter-service traffic is mTLS, and the audit chain is anchored externally so a coordinator that tries to retroactively rewrite history is detected within one anchor cycle.

The coordinator does

  • Resolve incoming DIDs against the OAS resolver chain.
  • Issue AEGIS challenges and verify their responses.
  • Verify Arsenal Capability Tokens against the broker.
  • Compute and dispatch peer configurations.
  • Recompute ACLs on every triggering event.
  • Emit and chain audit events.
  • Submit Merkle roots to Sigil.
  • Coordinate relay selection and transport negotiation.

The coordinator does not

  • Hold any peer's private key.
  • Decrypt traffic between peers.
  • Issue capability tokens — Arsenal brokers do.
  • Resolve identities offline — OAS resolver chain does.
  • Mint or revoke DIDs — the lineage tree does.

Failover

Each region is independent.

Multi-region coordinators do not share private keys. They share the fleet's policy and the audit chain — both of which are independently verifiable. If one region is compromised, traffic fails over to a healthy region in seconds, and the compromised region is rotated out of the trust set on the next governance update.

Open a fleet

The mesh that fits agents and humans.

A `did:oas`-rooted private mesh that ships peer configurations to any device, anywhere, by policy — not by hand.

Open consoleRead the quickstart