R-MANIFEST-FAILURE
When to use
A peer manifest, pinned key, or manifest rotation cannot be
verified. Trigger alert: manifest_rotation_failed. Supporting
signals: federation_handshake_failed, signature_mismatch,
transparency-log inclusion proof failure, peer public key differs
from the pinned key without prior notice.
Identifyโ
Fetch the peer declaration and compare it to your stored peer registration:
curl -s "https://peer-node.example.com/.well-known/stigmem" | jq .
curl -s "https://your-node.example.com/v1/federation/peers/<peer-id>" \
-H "Authorization: Bearer $STIGMEM_ADMIN_KEY" | jq .
Record the old key, new key, key ID if available, manifest timestamp, and the verification error.
Containโ
- Keep the current pin in place.
- Pause pulls from the peer until the rotation is explained.
- Do not auto-accept the new key from the failing manifest.
- Preserve the failing manifest body and audit event.
Investigateโ
Contact the peer operator out of band. Ask:
Intentional rotation?
Did they intentionally rotate the node key?
Expected new key?
What is the expected new public key?
Deployment time?
When did they deploy it?
Signing key / CI/CD?
Did their signing key or CI/CD pipeline change?
Other peers?
Are other peers seeing the same manifest?
If the peer cannot confirm the rotation, treat this as R-PEER-COMPROMISE.
Recoverโ
For an expected rotation:
- Verify the new public key out of band.
- Update the peer pin.
- Pull once manually and confirm success.
- Watch for
federation.pull.okand absence of signature errors.
For an unexpected or suspicious rotation:
- Keep federation disabled for the peer.
- Ask the peer to rotate from a known-good environment.
- Re-register only after the peer publishes a verified manifest.
Communicateโ
Tell the peer operator exactly which verification failed and include the audit event timestamp. If multiple peers report the same failure, coordinate a shared incident channel.