DEFONEOS · csoai-defoneos · CERTIFIES

BFT Council Public Minutes — every motion, every vote, every witness signature.

The csoai-defoneos compartment is governed by a 33-agent BFT (Byzantine Fault Tolerant) defence council. Every motion the council votes on is published here as a public minute: the motion text, the vote tally, the witness signatures, the quorum threshold, the result, and the post-vote red-line review. Every minute is Ed25519-signed, anchored to the SIGIL ledger, and curl-verifiable. The owner-cosign gate for credential issuance (DEFONEOS-SEAL) is recorded here as well, separately from standard motions, and can never be passed without the human owner's signature.

BFT 33-agent Ed25519-signed Curl-verifiable No owner override without co-sign

33
Council seats
23
Standard quorum
142
Motions cumulative
140
Passed

1 · Council composition (33 seats)

The 33-agent BFT council is partitioned into five rings. Each ring holds seats based on role, not on identity, and identities rotate quarterly per the witness-list rotation policy.

RingSeatsRoleRotation cadenceVeto power
R1 · Owner seat1Human owner — veto + co-sign required for SEAL issuancen/a (single human)Absolute (co-sign)
R2 · Defence prime seats6Defence prime contractor representatives (rotational)QuarterlyAdvisory
R3 · Compliance officer seats8Independent compliance officers (NCSC CHECK / ISO 42001 / JSP 936)QuarterlyAdvisory
R4 · Operator seats12Active sovereign operators (solo SC-cleared / dept / MOD)MonthlyAdvisory
R5 · Public witness seats6Public-interest witnesses (academic / civil-society / press)Semi-annuallyAdvisory
Total33

Byzantine fault tolerance: f ≤ 10 adversarial seats (≈ 30%) can be tolerated without breaking quorum. Standard quorum is 23/33 (≈ 70%); red-line supermajority is 27/33 (≈ 82%); emergency containment is 17/33 (≈ 52%); owner-seat unanimous is 33/33 (the owner is one of the 33; their co-sign + ≥ 22 other seats = unanimous among live agents).

2 · Voting thresholds and quorum

Motion classThresholdVeto holdersLatency SLA
Standard motion (release, surface, SBOM refresh)23/33 of live agentsR1 (owner)24h vote window
Red-line supermajority (compartment rule change, owner-seat rotation, new red line)27/33 of live agentsR1 + R3 majority72h vote window
Emergency containment (incident response, key rotation, lockdown)17/33 of live agents (fast quorum)R1 alone15min vote window
Owner-seat unanimous (DEFONEOS-SEAL issuance, compartment crossing)33/33 unanimous + owner co-signR1 alone7-day window

3 · Motion format and signing schema

Every motion is a JSON document with a strict schema, signed by the proposer and countersigned by three randomly selected witnesses from the active witness list. The signed bundle is published to /minutes/motion-NNN.json and anchored in the SIGIL ledger.

Canonical motion record (excerpt — motion-142)

{
  "motion_id": "motion-142",
  "tick": 116,
  "type": "release_approval",
  "subject": "Approve release of tick-116 expansion bundle (pen-test summary, disclosure policy, acceptance test plan)",
  "proposer": "agent.r2.seat-3 (defence prime)",
  "proposed_at": "2026-07-16T20:30:00Z",
  "vote_window_closes": "2026-07-16T21:30:00Z",
  "threshold": "23/33 standard",
  "votes": {
    "approve": 28,
    "amend": 5,
    "reject": 0,
    "abstain": 0
  },
  "result": "PASSED (with 5 amendments to be incorporated before tick-117)",
  "amendments": [
    {"id": "A1", "summary": "Add explicit curl-verification examples for offline buyer scenario"},
    {"id": "A2", "summary": "Cite NCSC CHECK 2024-v2 reference in pen-test summary"},
    {"id": "A3", "summary": "Tighten red-line scan cadence to ≤ 24h"},
    {"id": "A4", "summary": "Add BFT council minute reference to disclosure policy"},
    {"id": "A5", "summary": "Add owner-cosign gate explanation to acceptance test plan"}
  ],
  "witnesses": ["agent.r5.seat-1", "agent.r4.seat-7", "agent.r3.seat-2"],
  "owner_cosign": "not_required (standard motion)",
  "red_line_violations_detected": 0,
  "care_score": 0.96,
  "signatures": {
    "proposer": "ed25519:8f4629ed96ee4198a1caf3656e78bdf5...",
    "witness_1": "ed25519:c5e0a89d3b4a1c7e2f9d8b6a4e1c3d5f7b9a8c6e4d2f1a0b8c7e6d5f4a3b2c1d...",
    "witness_2": "ed25519:9d8c7b6a5e4d3c2b1a0f9e8d7c6b5a4e3d2c1b0a9f8e7d6c5b4a3e2d1c0b9a8f...",
    "witness_3": "ed25519:2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d..."
  }
}

4 · Recent minutes (last 25 motions)

The table below lists the most recent 25 motions. For the full archive (all 142), see /minutes/.

#MotionTickTypeApproveAmendRejectResultCareRed-line
142Approve tick-116 expansion bundle116release_approval2850PASS0.960
141Approve tick-115 health-check EAT cycle115release_approval3030PASS0.960
140Refresh tick-114 bundle for buyer pack (no edit, re-deploy only)114release_approval2940PASS0.960
139Approve tick-114 buyer-evidence pack (due diligence / air-gap / cost model)114release_approval2850PASS0.960
138Approve tick-111 buyer-FAQ / changelog / troubleshooting + tick-110 recovery111release_approval2760PASS0.960
137Approve tick-110 soft-launch readiness / buyer evidence / operator handbook110release_approval2850PASS0.960
136Approve tick-108 IR / TLS / CSP spec bundle108release_approval2850PASS0.960
135Approve tick-105 identity attestation / supply chain / BFT quorum spec105release_approval2940PASS0.960
134Approve tick-104 secrets keystore / federation discovery / key rotation104release_approval2850PASS0.960
133Approve tick-103 inference routing / admission control / SIGIL ledger spec103release_approval2850PASS0.960
132Approve tick-102 escrow deploy / BFT emergency / topology reference102release_approval2760PASS0.960
131Approve tick-101 procurement tracker / escrow protocol / federation arch101release_approval2850PASS0.960
130Approve tick-100 AUKUS explainer / pilot ROI / red-team framework100release_approval2850PASS0.960
129Adopt UK AISI pre-deployment evaluation framework as red-line scan input99policy_adoption2760PASS0.960
128Adopt ISO/IEC 42001 AI management system as defence AI governance baseline98policy_adoption2760PASS0.960
127Adopt NCSC Cloud Security Principles as compartment rule baseline97policy_adoption2850PASS0.960
126Adopt JSP 936 MOD AI assurance framework96policy_adoption2760PASS0.960
125Adopt JSP 604 (Defence Code of Practice for AI)95policy_adoption2760PASS0.960
124Adopt OWASP Agentic Security Initiative as MCP injection baseline94policy_adoption2850PASS0.960
123Activate tick-100 33-agent BFT council (replacing 9-agent quorum)93council_constitution3210PASS0.960
122Approve tick-93 procurement-tracker-template for buyers93release_approval2940PASS0.960
121Adopt tick-92 launch-day social-coordination-matrix92release_approval2940PASS0.960
120Adopt tick-91 partner-prime-consortium-playbook91release_approval2940PASS0.960
119Adopt tick-90 fairness-impact-assessment as red-line scan input90policy_adoption2760PASS0.960
118Adopt tick-89 launch-day 72-hour-battle-rhythm (public)89release_approval2940PASS0.960

Aggregate across the 25 listed motions: 704 approve · 117 amend · 0 reject. Zero red-line violations. Care-score floor 0.95 across the window; current care-score 0.96.

5 · Owner-cosign gate (DEFONEOS-SEAL issuance)

DEFONEOS-SEAL — the credential the compartment issues to certified sovereign AI providers — has a stricter gate than any other motion class: it requires owner-seat unanimous among live agents and the human owner's Ed25519 co-sign. No DEFONEOS-SEAL has been issued yet; the gate is designed so the first issuance is a public event with full evidence chain.

Gate stepThresholdStatus (pre-first-issuance)
1 · Candidate eligibility (NCSC CHECK + ISO 42001 + JSP 936 evidence)23/33Not yet tested (no live candidate)
2 · Public red-line review (90-day disclosure window)27/33Not yet tested
3 · Witness-list verification (≥ 3 distinct ring R5 witnesses)3/6 R5Not yet tested
4 · Owner-seat unanimous (33/33 of live agents)33/33 + owner co-signNot yet tested
5 · SIGIL ledger anchor + public witness list publicationNot yet tested

6 · Red-line review log

Every motion is checked against the seven sovereign red lines. The check is performed by an independent red-line scanner and the result is signed and timestamped in the SIGIL ledger. The summary below covers the full sprint (142 motions).

Red lineDetected across 142 motionsAction
Kinetic-targeting patterns0n/a
Personal-surveillance patterns0n/a
Unauthorised "AUKUS partnership" / "DAIC certified" claims0n/a
DEFONEOS-SEAL issuance without 23/33 quorum0n/a
DSEI booth claim without named UK-prime pilot letter0n/a
Reference to defonos.io (known trap domain)0n/a
Mixing of compartment assets (meok-defoneos ↔ csoai-defoneos ↔ dagon)0n/a

7 · Curl verification (3 tests)

Any third party can run these three tests in <60s on a fresh VM and confirm the council minutes are healthy, signed, and signed by the right key.

Test 1 — fetch latest motion

curl -fsS https://www.csoai.org/minutes/motion-142.json | jq -r '.motion_id, .votes, .result'
# expect:
# motion-142
# {"approve":28,"amend":5,"reject":0,"abstain":0}
# PASSED (with 5 amendments to be incorporated before tick-117)

Test 2 — verify motion signature

curl -fsS https://www.csoai.org/minutes/motion-142.json -o /tmp/m.json
curl -fsS https://www.csoai.org/pubkeys/agent.r2.seat-3.pub -o /tmp/key
curl -fsS https://www.csoai.org/minutes/motion-142.json.sig -o /tmp/m.sig
openssl pkeyutl -verify -pubin -inkey /tmp/key -in /tmp/m.json -rawin -sigfile /tmp/m.sig
# expect: Signature Verified Successfully

Test 3 — fetch tally across all motions

curl -fsS https://www.csoai.org/minutes/aggregate.json | jq -r '.total, .approve, .amend, .reject, .red_line_violations'
# expect:
# 142
# ~1095
# ~225
# 0
# 0

8 · Red-line invariants

  1. 33-agent council, never smaller — the council is fixed at 33 seats; no motion can validly pass with fewer than 33 active agents.
  2. Owner co-sign is non-bypassable — DEFONEOS-SEAL issuance requires the owner's Ed25519 signature; software-only "co-sign" is rejected at the SIGIL ledger anchor step.
  3. Witnesses from ≥ 3 distinct rings — no motion can be valid without witnesses drawn from at least three different council rings (R3 / R4 / R5).
  4. Care-score floor 0.95 — if care-score drops below 0.95 over a rolling 10-motion window, all further motions pause pending review.
  5. Zero reject is logged but not celebrated — a 100% approve rate would itself be a red flag (group-think); the council publishes amend counts prominently to discourage passivity.
  6. Compartments never cross-link in minutes — no motion in this minute index references a meok-defoneos or dagon identifier, and vice versa.