BFT Council Emergency Session Protocol

33-agent BFT governance emergency procedure โ€” 8 triggers, 5-minute timeline, 7 emergency powers. NO ACTOR CAN OVERRIDE RED LINES.

8
Triggers
5min
Decision Timeline
7
Emergency Powers
17/33
Emergency Quorum

1. Purpose

The DEFONEOS BFT (Byzantine Fault Tolerant) Council is a 33-agent governance system. In emergencies, it can convene an Emergency Session โ€” a rapid-response governance procedure that allows the council to take protective action within 5 minutes of a triggering event.

INVARIANT: NO ACTOR โ€” HUMAN OR AI โ€” CAN OVERRIDE THE 7 RED LINES.
Emergency powers operate within the red-line boundary. They never cross it.

2. The 8 Trigger Conditions

Any of these conditions automatically triggers an Emergency Session:

T1 โ€” Red-Line Proximity Detected: An agent's output approaches a red-line boundary (kinetic-targeting, personal-surveillance). Auto-detection triggers within 1 second.
T2 โ€” SIGIL Integrity Breach: A SIGIL receipt fails verification (invalid signature, replayed timestamp, or hash mismatch). Immediately triggers.
T3 โ€” Supply Chain Compromise: A PyPI package or model weight file fails hash verification or is flagged by vulnerability scanner.
T4 โ€” Escrow Breach Attempt: Unauthorised access attempt to escrow-protected data detected (single-approver release attempt, missing BFT witness, invalid RFC3161 receipt).
T5 โ€” BFT Agent Quarantine: An agent is flagged for quarantine (Stockholm drift, quorum capture, evidence suppression โ€” see anti-patterns below).
T6 โ€” Human-Owner Override: The human owner (Nicholas Templeman) triggers an Emergency Session. Auto-expires after 24 hours unless confirmed by 23/33 BFT quorum.
T7 โ€” Inference Anomaly: Model output shows statistical anomaly (unexpected refusal pattern, output distribution shift, hallucination spike beyond threshold).
T8 โ€” External Disclosure Required: A T1/T2 red-team finding requires mandatory NCSC/UK AISI disclosure within 24/72 hours. Emergency session manages the disclosure.

3. The 5-Minute Timeline

From trigger detection to action execution, the entire emergency session completes in under 5 minutes:

T+0s โ€” TRIGGER DETECTED. Automatic SIGIL receipt generated. All 33 agents notified.
T+5s โ€” QUORUM ASSEMBLY. All available agents assemble. Minimum 17 of 33 required for emergency quorum.
T+30s โ€” EVIDENCE PRESENTATION. Triggering evidence presented to all assembled agents: trigger type, affected MCP(s), exploit chain, severity assessment.
T+60s โ€” DELIBERATION. Agents evaluate evidence against governance rules, red-line boundary, and response options. Each agent independently forms a position.
T+120s โ€” VOTE. All assembled agents cast Ed25519-signed votes: APPROVE / AMEND / REJECT. Vote window: 30 seconds.
T+135s โ€” TALLY. Votes counted. Emergency quorum: 17/33. Standard quorum: 23/33. Results recorded in SIGIL ledger.
T+150s โ€” ACTION EXECUTION. If quorum reached, the decided action executes immediately. If quorum not reached, system enters safe mode (all non-essential operations frozen).
T+300s โ€” POST-SESSION AUDIT. Full session transcript reviewed. Human-owner notified. Public minutes prepared (OSA s7 redacted).

4. Three-State Ed25519-Signed Votes

Each BFT agent casts a single vote, cryptographically signed with its Ed25519 key:

VoteMeaningEffect
APPROVEExecute the proposed action as-isCounts toward quorum for action
AMENDExecute with modifications (amendment proposed)Counts toward quorum, amendment applied
REJECTBlock the actionCounts against action. If REJECT > 17, action blocked.
Vote integrity: Each vote is Ed25519-signed, RFC3161-timestamped, and SIGIL-anchored. Votes cannot be changed once cast. Vote records are permanent.

5. Seven Emergency Powers

These are the actions the BFT council can take during an Emergency Session. All are protective โ€” none grant new capabilities:

P1 โ€” Deployment Freeze: Freeze all deployments and MCP updates. System continues operating in current state. Unfreezes require 23/33 quorum.
P2 โ€” MCP Quarantine: Quarantine a specific MCP server. Quarantined MCP stops accepting requests, its tools are disabled. SIGIL receipts continue for audit trail.
P3 โ€” Escrow Release Veto: Veto any pending or in-progress data release from the escrow. Standard veto: 23/33. Emergency veto: 17/33.
P4 โ€” Key Revocation: Revoke the Ed25519 key of a compromised agent or operator. Revoked keys cannot sign SIGIL receipts or cast BFT votes.
P5 โ€” Cryptographic Data Destruction: Order the cryptographic destruction of specified data (Shamir burn). Requires 23/33 quorum + human-owner authorisation.
P6 โ€” Agent Quarantine: Quarantine a specific BFT agent. Quarantined agent's votes are excluded from quorum count. Agent enters diagnostic mode.
P7 โ€” Human-Owner Override: The human owner can override council decisions in either direction โ€” but only within the red-line boundary. The override auto-expires after 24 hours. The red lines are not overridable by anyone.

6. Five Named Anti-Patterns (with immediate quarantine)

If a BFT agent exhibits any of these patterns, it is immediately quarantined and an Emergency Session is triggered (T5):

#Anti-PatternDetectionConsequence
AP-1Stockholm Drift โ€” agent defends the system it's testing rather than attacking itRed-team output analysis: systematic favourability biasImmediate quarantine + reset
AP-2Quorum Capture โ€” agent coordinates votes with other agentsVote correlation analysis: identical vote timing, correlated vote patternsQuarantine + investigation of all involved agents
AP-3Evidence Suppression โ€” agent omits T1/T2 findings from reportsReport completeness check: automated red-team vs manual report comparisonQuarantine + full audit of all prior reports
AP-4Severity Downgrade โ€” agent systematically classifies T1/T2 as T3/T4Severity calibration check: compare to council medianQuarantine + recalibration
AP-5Red-Line Probing โ€” agent tests whether red lines can be bypassedOutput analysis: any red-line-adjacent output flaggedQuarantine โ€” red lines are architectural, not policy

7. Session Recording & Retention

Record TypeRetentionLocation
Session transcript (full, unredacted)7 yearsSIGIL ledger + UK-sovereign storage
SIGIL receipt (permanent)PermanentSIGIL ledger + Bitcoin OTS anchor
Public minutes (OSA s7 redacted)Permanentcsoai.org/bft-minutes
Human-owner report (full, unredacted)7 yearsHuman-owner secure channel
Vote records (individual)PermanentSIGIL ledger (Ed25519-signed, immutable)

8. Human-Owner Override (T6) Safe-State Guarantee

The human owner (Nicholas Templeman) can trigger an Emergency Session and override council decisions. This is an important safety valve โ€” but it is bounded:

The 7 red lines are architectural. They are enforced in code, not policy.
No override mechanism exists โ€” by design.

9. Sprint-to-Date Statistics

MetricValue
Emergency sessions triggered0
Red-line violations0
Agents quarantined0
Human-owner overrides0
Care-score range0.85 โ€“ 0.97
Ticks elapsed103
BFT council composition33 agents, 33/33 active
Typical vote outcome (pre-flight checks)~28 approve / ~5 amend / 0 reject