Version 2.0 · Last updated: 30 March 2026 · Review cycle: Quarterly
This document explains how FeedOracle collects data, calculates scores, signs evidence, and attributes sources. All public claims are documented here with methodology and limitations.
| MCP Servers | 11 |
| MCP Tools | 206+ |
| Data Sources | 17 |
| Regulations Covered | DORA (EU 2022/2554) · MiCA (EU 2023/1114) · AMLR |
| Evidence Signing | ES256K (secp256k1) on every artifact |
| On-Chain Anchoring | XRPL + Polygon |
| Audit Trail | SHA-256 chain-linked, 590+ verified entries |
The DORA OS (49 MCP tools, AmpelOracle port 10101) assesses entity readiness across all 26 DORA articles using a traffic-light model.
Each DORA article is assessed via 1–3 automated checks (39 total checks, 67 controls). Each check returns GREEN (pass), YELLOW (partial), RED (fail), or GREY (not assessed). Article-level status is the worst-case of its checks. Entity readiness score = weighted average: GREEN=100, YELLOW=50, RED=0, GREY=excluded.
| Score ≥ 75% | HIGH readiness |
| Score 40–74% | MEDIUM readiness |
| Score < 40% | CRITICAL ATTENTION |
Check → Evidence → Finding → Owner Assignment → Remediation → Re-Test → Closure → Signed Report. Findings that exceed SLA trigger 3-level escalation (Owner → CISO → Board). Cross-regulation findings automatically propagate to MiCA and AMLR.
| Full Auto (23) | Art. 5–12, 17–21, 24–25, 28–31, 45 — system checks, creates findings, escalates, closes |
| Semi Auto (1) | Art. 26 TLPT — system generates scenarios, human coordinates Red Team |
| Manual (2) | Art. 14, Art. 27 — crisis communication and TLPT tester requirements |
MiCAOracle (24 tools, port 10201) assesses stablecoin compliance against EU 2023/1114. ESMA authorization status is binary — tokens are either authorized (in the ESMA register) or not. Compliance score combines authorization, reserve quality, peg stability, custody, and issuer transparency.
| ESMA Register | Live check against ESMA authorized stablecoin register |
| Reserve Quality (Art. 38) | Composition, custody (SIFI status), liquidity |
| Peg Stability | 30-day deviation history, max deviation, current delta |
| Significant Issuer (Art. 43) | Market cap thresholds, cross-border usage, interconnectedness |
Verdict: PASS (authorized + score ≥ 70) / WARN (pending or score 40–69) / BLOCK (not authorized or score < 40). 105+ stablecoins monitored.
AMLOracle (12 tools, port 8701) performs sanctions screening against 87,000+ names from EU, OFAC, and UN consolidated lists. PEP checks use publicly available political exposure databases. Adverse media monitoring covers major news sources.
| Sanctions Lists | EU Consolidated (5,900+), OFAC SDN (12,000+), UN SC (800+), plus country-specific lists |
| PEP Database | Politically Exposed Persons — heads of state, government officials, senior executives |
| GLEIF | Legal Entity Identifier lookup — entity verification and ownership structure |
| ESMA MiCA Register | Authorized stablecoins, CASPs, non-compliant entities |
| NVD / CISA KEV | CVE vulnerabilities, Known Exploited Vulnerabilities catalog |
| CERT-Bund | German BSI security advisories |
| MITRE ATT&CK | Threat actor techniques for TIBER-EU testing |
| EU/OFAC/UN Sanctions | 87,000+ sanctioned entities and individuals |
| FRED (St. Louis Fed) | 86 series — rates, inflation, GDP, employment, housing |
| ECB Statistical Data | 20 series — rates, FX, HICP, M3, bond yields |
| World Bank Open Data | GDP rankings, country profiles, 200+ countries |
| Bureau of Labor Statistics | US employment, CPI direct from BLS API |
| OECD SDMX API | GDP, unemployment, inflation, CLI for 38 countries |
| DeFiLlama | Protocol TVL, yields, stablecoins, DEX volumes |
| Chain RPCs | On-chain data from 12+ networks (ETH, SOL, TON, Base, etc.) |
| HaveIBeenPwned | Breach detection for DORA incident intelligence |
| Semantic Scholar | 200M+ academic papers, citation graphs |
| arXiv + Crossref | Preprints, DOI resolution, metadata |
Every evidence artifact produced by FeedOracle is cryptographically signed using ES256K (secp256k1) and content-hashed with SHA-256. Reports are additionally anchored on XRPL and Polygon for independent verification.
| Signing Algorithm | ES256K (ECDSA on secp256k1) |
| Content Hash | SHA-256 of evidence payload |
| Audit Trail | SHA-256 chain-linked log (genesis → current, 590+ entries) |
| On-Chain Anchor | XRPL memo transactions + Polygon attestation contract |
| Public Key | feedoracle.io/.well-known/jwks.json |
1. Check the ES256K signature against the JWKS public key. 2. Validate the SHA-256 content hash. 3. Confirm the audit chain integrity (each entry links to previous via hash). 4. Verify the on-chain anchor on XRPL or Polygon explorer.
The RWA Risk Oracle scores tokenized asset protocols across 9 independent risk dimensions. Each produces a normalized score (0–100), weighted and aggregated into a composite.
| 1. TVL Weight | Protocol size relative to category (DeFiLlama) |
| 2. Yield Spread | Deviation from risk-free rate (FRED T-Bill) |
| 3. Diversification | Asset type concentration |
| 4. Maturity Profile | Duration and redemption terms |
| 5. Regulatory Alignment | Jurisdiction registration status |
| 6. Institutional Backing | Known institutional participants |
| 7. DEX Liquidity | Secondary market depth (GeckoTerminal) |
| 8. On-Chain Activity | Transaction volume, holder count |
| 9. ESG / Carbon | Network energy and emissions (CCRI/EMBER) |
| DORA Assessments | Daily automated pipeline (04:00–07:00 UTC) |
| MiCA Stablecoin Monitoring | Continuous (peg every 15 min, ESMA daily) |
| Sanctions Lists | Daily update from EU/OFAC/UN sources |
| Macro Economic (FRED/ECB) | Daily API pull |
| OECD Data | Daily prefetch at 04:00 UTC, SQLite cache |
| CVE/KEV/CERT-Bund | Hourly monitoring |
| Evidence Freshness | Status: current / stale / superseded (lifecycle managed) |
| 30 Mar 2026 | v2.0 — Added DORA OS methodology (49 tools, closed-loop, scoring model), MiCA compliance methodology, AMLR screening, evidence signing, 17 data sources. Updated platform overview to 206+ tools / 11 servers. |
| 9 Feb 2026 | v1.0 — Initial methodology documentation (RWA risk scoring, TVL calculation, jurisdiction coverage, DNV attribution) |
Questions about our methodology?
We welcome scrutiny. Every claim is documented and verifiable.
FeedOracle Technologies · Bad Salzuflen, Germany · feedoracle.io · Not financial advice, compliance certification, or investment recommendation.