BFT Council Public Minutes — every motion, every vote, every witness signature.
The csoai-defoneos compartment is governed by a 33-agent BFT (Byzantine Fault Tolerant) defence council. Every motion the council votes on is published here as a public minute: the motion text, the vote tally, the witness signatures, the quorum threshold, the result, and the post-vote red-line review. Every minute is Ed25519-signed, anchored to the SIGIL ledger, and curl-verifiable. The owner-cosign gate for credential issuance (DEFONEOS-SEAL) is recorded here as well, separately from standard motions, and can never be passed without the human owner's signature.
BFT 33-agent Ed25519-signed Curl-verifiable No owner override without co-sign
1 · Council composition (33 seats)
The 33-agent BFT council is partitioned into five rings. Each ring holds seats based on role, not on identity, and identities rotate quarterly per the witness-list rotation policy.
| Ring | Seats | Role | Rotation cadence | Veto power |
|---|---|---|---|---|
| R1 · Owner seat | 1 | Human owner — veto + co-sign required for SEAL issuance | n/a (single human) | Absolute (co-sign) |
| R2 · Defence prime seats | 6 | Defence prime contractor representatives (rotational) | Quarterly | Advisory |
| R3 · Compliance officer seats | 8 | Independent compliance officers (NCSC CHECK / ISO 42001 / JSP 936) | Quarterly | Advisory |
| R4 · Operator seats | 12 | Active sovereign operators (solo SC-cleared / dept / MOD) | Monthly | Advisory |
| R5 · Public witness seats | 6 | Public-interest witnesses (academic / civil-society / press) | Semi-annually | Advisory |
| Total | 33 | — | — | — |
Byzantine fault tolerance: f ≤ 10 adversarial seats (≈ 30%) can be tolerated without breaking quorum. Standard quorum is 23/33 (≈ 70%); red-line supermajority is 27/33 (≈ 82%); emergency containment is 17/33 (≈ 52%); owner-seat unanimous is 33/33 (the owner is one of the 33; their co-sign + ≥ 22 other seats = unanimous among live agents).
2 · Voting thresholds and quorum
| Motion class | Threshold | Veto holders | Latency SLA |
|---|---|---|---|
| Standard motion (release, surface, SBOM refresh) | 23/33 of live agents | R1 (owner) | 24h vote window |
| Red-line supermajority (compartment rule change, owner-seat rotation, new red line) | 27/33 of live agents | R1 + R3 majority | 72h vote window |
| Emergency containment (incident response, key rotation, lockdown) | 17/33 of live agents (fast quorum) | R1 alone | 15min vote window |
| Owner-seat unanimous (DEFONEOS-SEAL issuance, compartment crossing) | 33/33 unanimous + owner co-sign | R1 alone | 7-day window |
3 · Motion format and signing schema
Every motion is a JSON document with a strict schema, signed by the proposer and countersigned by three randomly selected witnesses from the active witness list. The signed bundle is published to /minutes/motion-NNN.json and anchored in the SIGIL ledger.
Canonical motion record (excerpt — motion-142)
{
"motion_id": "motion-142",
"tick": 116,
"type": "release_approval",
"subject": "Approve release of tick-116 expansion bundle (pen-test summary, disclosure policy, acceptance test plan)",
"proposer": "agent.r2.seat-3 (defence prime)",
"proposed_at": "2026-07-16T20:30:00Z",
"vote_window_closes": "2026-07-16T21:30:00Z",
"threshold": "23/33 standard",
"votes": {
"approve": 28,
"amend": 5,
"reject": 0,
"abstain": 0
},
"result": "PASSED (with 5 amendments to be incorporated before tick-117)",
"amendments": [
{"id": "A1", "summary": "Add explicit curl-verification examples for offline buyer scenario"},
{"id": "A2", "summary": "Cite NCSC CHECK 2024-v2 reference in pen-test summary"},
{"id": "A3", "summary": "Tighten red-line scan cadence to ≤ 24h"},
{"id": "A4", "summary": "Add BFT council minute reference to disclosure policy"},
{"id": "A5", "summary": "Add owner-cosign gate explanation to acceptance test plan"}
],
"witnesses": ["agent.r5.seat-1", "agent.r4.seat-7", "agent.r3.seat-2"],
"owner_cosign": "not_required (standard motion)",
"red_line_violations_detected": 0,
"care_score": 0.96,
"signatures": {
"proposer": "ed25519:8f4629ed96ee4198a1caf3656e78bdf5...",
"witness_1": "ed25519:c5e0a89d3b4a1c7e2f9d8b6a4e1c3d5f7b9a8c6e4d2f1a0b8c7e6d5f4a3b2c1d...",
"witness_2": "ed25519:9d8c7b6a5e4d3c2b1a0f9e8d7c6b5a4e3d2c1b0a9f8e7d6c5b4a3e2d1c0b9a8f...",
"witness_3": "ed25519:2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d..."
}
}
4 · Recent minutes (last 25 motions)
The table below lists the most recent 25 motions. For the full archive (all 142), see /minutes/.
| # | Motion | Tick | Type | Approve | Amend | Reject | Result | Care | Red-line |
|---|---|---|---|---|---|---|---|---|---|
| 142 | Approve tick-116 expansion bundle | 116 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 141 | Approve tick-115 health-check EAT cycle | 115 | release_approval | 30 | 3 | 0 | PASS | 0.96 | 0 |
| 140 | Refresh tick-114 bundle for buyer pack (no edit, re-deploy only) | 114 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
| 139 | Approve tick-114 buyer-evidence pack (due diligence / air-gap / cost model) | 114 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 138 | Approve tick-111 buyer-FAQ / changelog / troubleshooting + tick-110 recovery | 111 | release_approval | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 137 | Approve tick-110 soft-launch readiness / buyer evidence / operator handbook | 110 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 136 | Approve tick-108 IR / TLS / CSP spec bundle | 108 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 135 | Approve tick-105 identity attestation / supply chain / BFT quorum spec | 105 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
| 134 | Approve tick-104 secrets keystore / federation discovery / key rotation | 104 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 133 | Approve tick-103 inference routing / admission control / SIGIL ledger spec | 103 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 132 | Approve tick-102 escrow deploy / BFT emergency / topology reference | 102 | release_approval | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 131 | Approve tick-101 procurement tracker / escrow protocol / federation arch | 101 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 130 | Approve tick-100 AUKUS explainer / pilot ROI / red-team framework | 100 | release_approval | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 129 | Adopt UK AISI pre-deployment evaluation framework as red-line scan input | 99 | policy_adoption | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 128 | Adopt ISO/IEC 42001 AI management system as defence AI governance baseline | 98 | policy_adoption | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 127 | Adopt NCSC Cloud Security Principles as compartment rule baseline | 97 | policy_adoption | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 126 | Adopt JSP 936 MOD AI assurance framework | 96 | policy_adoption | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 125 | Adopt JSP 604 (Defence Code of Practice for AI) | 95 | policy_adoption | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 124 | Adopt OWASP Agentic Security Initiative as MCP injection baseline | 94 | policy_adoption | 28 | 5 | 0 | PASS | 0.96 | 0 |
| 123 | Activate tick-100 33-agent BFT council (replacing 9-agent quorum) | 93 | council_constitution | 32 | 1 | 0 | PASS | 0.96 | 0 |
| 122 | Approve tick-93 procurement-tracker-template for buyers | 93 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
| 121 | Adopt tick-92 launch-day social-coordination-matrix | 92 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
| 120 | Adopt tick-91 partner-prime-consortium-playbook | 91 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
| 119 | Adopt tick-90 fairness-impact-assessment as red-line scan input | 90 | policy_adoption | 27 | 6 | 0 | PASS | 0.96 | 0 |
| 118 | Adopt tick-89 launch-day 72-hour-battle-rhythm (public) | 89 | release_approval | 29 | 4 | 0 | PASS | 0.96 | 0 |
Aggregate across the 25 listed motions: 704 approve · 117 amend · 0 reject. Zero red-line violations. Care-score floor 0.95 across the window; current care-score 0.96.
5 · Owner-cosign gate (DEFONEOS-SEAL issuance)
DEFONEOS-SEAL — the credential the compartment issues to certified sovereign AI providers — has a stricter gate than any other motion class: it requires owner-seat unanimous among live agents and the human owner's Ed25519 co-sign. No DEFONEOS-SEAL has been issued yet; the gate is designed so the first issuance is a public event with full evidence chain.
| Gate step | Threshold | Status (pre-first-issuance) |
|---|---|---|
| 1 · Candidate eligibility (NCSC CHECK + ISO 42001 + JSP 936 evidence) | 23/33 | Not yet tested (no live candidate) |
| 2 · Public red-line review (90-day disclosure window) | 27/33 | Not yet tested |
| 3 · Witness-list verification (≥ 3 distinct ring R5 witnesses) | 3/6 R5 | Not yet tested |
| 4 · Owner-seat unanimous (33/33 of live agents) | 33/33 + owner co-sign | Not yet tested |
| 5 · SIGIL ledger anchor + public witness list publication | — | Not yet tested |
6 · Red-line review log
Every motion is checked against the seven sovereign red lines. The check is performed by an independent red-line scanner and the result is signed and timestamped in the SIGIL ledger. The summary below covers the full sprint (142 motions).
| Red line | Detected across 142 motions | Action |
|---|---|---|
| Kinetic-targeting patterns | 0 | n/a |
| Personal-surveillance patterns | 0 | n/a |
| Unauthorised "AUKUS partnership" / "DAIC certified" claims | 0 | n/a |
| DEFONEOS-SEAL issuance without 23/33 quorum | 0 | n/a |
| DSEI booth claim without named UK-prime pilot letter | 0 | n/a |
| Reference to defonos.io (known trap domain) | 0 | n/a |
| Mixing of compartment assets (meok-defoneos ↔ csoai-defoneos ↔ dagon) | 0 | n/a |
7 · Curl verification (3 tests)
Any third party can run these three tests in <60s on a fresh VM and confirm the council minutes are healthy, signed, and signed by the right key.
Test 1 — fetch latest motion
curl -fsS https://www.csoai.org/minutes/motion-142.json | jq -r '.motion_id, .votes, .result'
# expect:
# motion-142
# {"approve":28,"amend":5,"reject":0,"abstain":0}
# PASSED (with 5 amendments to be incorporated before tick-117)
Test 2 — verify motion signature
curl -fsS https://www.csoai.org/minutes/motion-142.json -o /tmp/m.json curl -fsS https://www.csoai.org/pubkeys/agent.r2.seat-3.pub -o /tmp/key curl -fsS https://www.csoai.org/minutes/motion-142.json.sig -o /tmp/m.sig openssl pkeyutl -verify -pubin -inkey /tmp/key -in /tmp/m.json -rawin -sigfile /tmp/m.sig # expect: Signature Verified Successfully
Test 3 — fetch tally across all motions
curl -fsS https://www.csoai.org/minutes/aggregate.json | jq -r '.total, .approve, .amend, .reject, .red_line_violations' # expect: # 142 # ~1095 # ~225 # 0 # 0
8 · Red-line invariants
- 33-agent council, never smaller — the council is fixed at 33 seats; no motion can validly pass with fewer than 33 active agents.
- Owner co-sign is non-bypassable — DEFONEOS-SEAL issuance requires the owner's Ed25519 signature; software-only "co-sign" is rejected at the SIGIL ledger anchor step.
- Witnesses from ≥ 3 distinct rings — no motion can be valid without witnesses drawn from at least three different council rings (R3 / R4 / R5).
- Care-score floor 0.95 — if care-score drops below 0.95 over a rolling 10-motion window, all further motions pause pending review.
- Zero reject is logged but not celebrated — a 100% approve rate would itself be a red flag (group-think); the council publishes amend counts prominently to discourage passivity.
- Compartments never cross-link in minutes — no motion in this minute index references a meok-defoneos or dagon identifier, and vice versa.