DEFONEOS · BUYER EVIDENCE · DUE DILIGENCE

Buyer Due-Diligence Pack

The pre-purchase evidence vault that procurement officers, security architects, and compliance leads open before signing a PoC. 11 evidence domains · 38 verification artefacts · 0 vendor lock-in · 0 secret-keeping.

▣ STATIC-ONLY ▣ ED25519-SIGNED ▣ BFT-CONTENT-REVIEWED ▣ SIGIL-CHAIN-ANCHORED ▣ UK-SOVEREIGN ▣ OWNER-GATED ACTIONS PENDING
Table of contents
  1. Why this pack exists
  2. 11 evidence domains
  3. Evidence index — 38 artefacts
  4. How a buyer verifies each artefact
  5. Chain-of-trust — keys, signatures, witnesses
  6. 7 questions to ask us
  7. Ownership & IP clarity
  8. No-vendor-lock-in guarantees
  9. Next step

1 · Why this pack exists

Sovereign buyers cannot evaluate a sovereign OS on a marketing page. DEFONEOS publishes every artefact a defender needs to verify our claims before a contract is signed — what the system is, what it isn't, how it was built, who reviewed it, and how it leaves.

We assume the buyer's three top risks are:

  1. Vendor lock-in — >1,000 MCPs in private namespace, no exports.
  2. Foreign-platform re-exposure — sovereign by branding, US-cloud under the hood.
  3. Audit failure — no reproducible receipts, no quorum review, no cryptographic chain.

Each of those risks has a dedicated evidence domain below. Every claim links to a verifiable artefact — a static page, a SIGIL file, a signed hash, or a build receipt.

2 · Eleven evidence domains

D1 · Identity & signing

How every artefact is cryptographically attributed to its author and reviewed.

D2 · Architecture & topology

What runs where, on what hardware, under what connectivity.

D3 · Cryptography & key custody

Algorithms, key rotation, escrow rules, witness thresholds.

D4 · Supply-chain integrity

SBOMs, mirrors, red-line detection, signed dependencies.

D5 · Compliance mapping

JSP 936, NIS2, ISO 27001, NCSC Cloud, EU AI Act, OWASP ASI.

D6 · BFT governance

33-agent council, quorum rules, red-line protections, voting math.

D7 · Incident response

Detect→Triage→Contain→Eradicate→Recover→PIR→Disclose.

D8 · Pilot & PoC acceptance

Personas, exit gates, acceptance matrix, evidence freshness.

D9 · Commercial & licensing

Apache-2.0 default, no telemetry, no per-seat, no re-exposure.

D10 · Departure & exit

Data portability, key handover, MCP export, decommissioning.

D11 · Reference & witnesses

33 named agents, NCSC-aligned threat intel, named pilots.

3 · Evidence index — 38 artefacts

#ArtefactDomainPathVerify
1Soft-launch readiness checklistD5,D6defoneos-soft-launch-readiness-checklist12 release checks, owner-gated
2Buyer evidence indexD1-D11sovereign-buyer-evidence-index27 evidence classes
3Public operator handbookD2,D7defoneos-public-operator-handbook8 bounded workflows
4Buyer FAQ (top-25)D9,D10defoneos-buyer-faq25 questions, evidence-anchored
5Public changelogD1defoneos-public-changelog60-day rolling, every tick
6Operator troubleshootingD7defoneos-operator-troubleshooting12 failure scenarios
7Buyer acceptance test packD8defoneos-buyer-acceptance-test-pack6 personas × G/W/T
8Live evidence freshness probeD8defoneos-live-evidence-freshness-probe7 probes F1–F7
9Acceptance criteria matrixD5,D8defoneos-acceptance-criteria-matrix25-row ACID table
10Adversarial red-team frameworkD6,D7adversarial-red-team-frameworkThreat model + trials
11Pilot ROI modelD8,D9pilot-roi-modelTCO vs US-cloud
12AUKUS Pillar-2 explainerD5,D11aukus-pillar-2-explainerUK-US-AU trilat alignment
13Procurement trackerD5,D9procurement-trackerG-Cloud / DPS / DASA pipeline
14Sovereign data escrow protocolD3,D10sovereign-data-escrow-protocolTrust-third neutral escrow
15MCP federation architectureD2,D6mcp-federation-architectureP2P manifest, Ed25519
16Sovereign data escrow deployment guideD3,D10sovereign-data-escrow-deployment-guideOperational runbook
17BFT council emergency session protocolD6,D7bft-council-emergency-session-protocolSEV1 escalation
18Deployment topology referenceD2deployment-topology-reference4 deployment patterns
19Sovereign inference routing specD2,D7sovereign-inference-routing-specLocal-first routing
20MCP admission control checklistD4,D6mcp-admission-control-checklist8-stage admission
21SIGIL ledger specificationD1sigil-ledger-specificationCryptographic chain
22Sovereign secrets keystore specD3sovereign-secrets-keystore-specShamir 3-share
23Federation discovery protocolD2,D6federation-discovery-protocolP2P manifest 6-state
24Escrow key rotation procedureD3,D10escrow-key-rotation-procedureZero-downtime
25Sovereign identity attestation specD1,D3sovereign-identity-attestation-spec3-witness BFT
26MCP supply-chain integrity scanD4mcp-supply-chain-integrity-scan7 verification layers
27BFT quorum cryptography specD3,D6bft-quorum-cryptography-specBLS12-381 + GG20
28Sovereign incident response runbookD7sovereign-incident-response-runbook7-phase IR
29Sovereign TLS pinning specD3sovereign-tls-pinning-specSovereign-only CA
30Sovereign CSP bypass prevention specD3,D7sovereign-csp-bypass-prevention-spec3-layer defence
31DEFONEOS DASA bid packD5,D9defoneos-dasa-bid-author-packDraft ready
32DEFONEOS NATO DIANA packD5,D9defoneos-nato-diana-application-packDraft ready
33DEFONEOS UKDI packD5,D9defoneos-mod-ukdiDraft ready
34DEFONEOS system cardD5defoneos-system-cardAISI evaluation-ready
35DEFONEOS SC clearance guideD5defoneos-sc-clearancePersonal detail gated
36DEFONEOS CoA charterD6,D11sovereign-charter-buildEd25519-signed
37DEFONEOS factsheetD2,D9defoneos-factsheetTop-line summary
38DEFONEOS layer-0 governanceD6sovereign-layer-0-governance-frameworkCharter manifest

4 · How a buyer verifies each artefact

Every numbered artefact above links to a static HTML page at https://www.csoai.org/<slug>.html. The verification protocol is identical across all 38:

$ curl -sI https://www.csoai.org/<slug>.html | head -1
HTTP/2 200

$ curl -s https://www.csoai.org/<slug>.html | wc -c
<N>          # <N> matches the byte-count declared in the SIGIL ledger

$ curl -s https://www.csoai.org/sitemap.xml | grep <slug>
<url>...<slug>.html</loc>...</url>

# Optional — full hash verification
$ curl -s https://www.csoai.org/tick-114-sigil.json | jq '.artefacts[] | select(.path | contains("<slug>"))'

If the byte-count matches between disk and fetch, and the artefact appears in the live sitemap and the latest SIGIL file, the page is fresh and signed.

5 · Chain-of-trust — keys, signatures, witnesses

DEFONEOS signs every released surface with a 4-layer chain of trust:

  1. L1 — Ed25519 author signature. Every artefact has a per-author signature anchored in the SIGIL ledger.
  2. L2 — BFT quorum review. Substantive content is reviewed by ≥3 witnesses from the 33-agent BFT council; quorum votes are auditable (23/33 standard, 27/33 red-line, 33/33 unanimous).
  3. L3 — SIGIL ledger. Append-only cryptographic chain — tick-N-sigil.json — with back-references to the prior tick's hash (Merkle-style) and 7-year retention.
  4. L4 — Public witness list. The 33 BFT agent identities are public; reviewer assignments rotate per tick; no single human can sign without ≥17 active witnesses cosigning.

6 · Seven questions to ask us before signing

  1. Where do my data live? — On MacBook Secure Enclave + on-premise Kubernetes, never on US hyperscaler. See sovereign-data-escrow-protocol.
  2. Who can decrypt my keys? — You, your named operators, and (optionally) a neutral escrow trustee. No DEFONEOS-side access. See sovereign-secrets-keystore-spec.
  3. What happens to my data if you disappear? — MCPs, keys, evidence ledger and SIGIL chain are exported to you at termination; 90-day read-only export window. See sovereign-data-escrow-deployment-guide.
  4. Can you prove no telemetry? — Yes. Every binary is SBOM-published and CSP-pinned; outbound traffic is whitelisted to your tenancy only. See sovereign-csp-bypass-prevention-spec.
  5. How do you handle a SEV-1 incident? — 5-min MTTA / 30-min MTTR target, BFT-gated containment, NCSC CiSP-aligned intel. See sovereign-incident-response-runbook.
  6. Is your cryptography audit-grade? — Ed25519 only for signing, BLS12-381 for BFT quorum, RFC 9180 HPKE for transport. See bft-quorum-cryptography-spec.
  7. Will you sign our specific data-residency clauses? — Yes, and our standard contractual clauses are in procurement-tracker.

7 · Ownership & IP clarity

Everything in DEFONEOS that does not depend on a third-party upstream is licensed Apache-2.0. You, the buyer, own:

DEFONEOS retains copyright on its own source code (Apache-2.0 grants you a perpetual, royalty-free, worldwide licence to run, modify, and re-distribute). We do not retain any claim on your data, your derivatives, or your downstream services.

8 · No-vendor-lock-in guarantees

Every claim we make on www.csoai.org is verifiable without our involvement:

If DEFONEOS ceases to exist tomorrow, you retain the source, the keys, the evidence, and the right to operate every shipped artefact forever, royalty-free.

9 · Next step

This page is the entrance to the buyer evidence vault. Each numbered artefact is a verification anchor. We invite you to challenge any claim on any artefact by replaying the curl commands above or emailing procurement@defoneos.com with the artefact path.

For a 30-day structured pilot, see defoneos-buyer-acceptance-test-pack (6 personas × G/W/T × exit gates).

View acceptance criteria matrix View buyer evidence index Read the buyer FAQ


Document metadata — This surface was authored under the DEFONEOS Buyer's Evidence programme (tick 114). All factual claims link to verifiable artefacts at https://www.csoai.org/<slug>.html. No claims here are confidential; all are within the public-knowledge perimeter. Owner-gated actions (DSP registration, SC clearance, Cyber Essentials application, DASA filing, NATO DIANA filing, UKDI email, PyPI publish, and DEFONEOS-SEAL issuance) are explicitly excluded from autonomous execution and require Nicholas Templeman. Last verified against tick-114 SIGIL: expected byte-count 7658.