DEFONEOS · BUYER EVIDENCE · DUE DILIGENCE
The pre-purchase evidence vault that procurement officers, security architects, and compliance leads open before signing a PoC. 11 evidence domains · 38 verification artefacts · 0 vendor lock-in · 0 secret-keeping.
Sovereign buyers cannot evaluate a sovereign OS on a marketing page. DEFONEOS publishes every artefact a defender needs to verify our claims before a contract is signed — what the system is, what it isn't, how it was built, who reviewed it, and how it leaves.
We assume the buyer's three top risks are:
Each of those risks has a dedicated evidence domain below. Every claim links to a verifiable artefact — a static page, a SIGIL file, a signed hash, or a build receipt.
How every artefact is cryptographically attributed to its author and reviewed.
What runs where, on what hardware, under what connectivity.
Algorithms, key rotation, escrow rules, witness thresholds.
SBOMs, mirrors, red-line detection, signed dependencies.
JSP 936, NIS2, ISO 27001, NCSC Cloud, EU AI Act, OWASP ASI.
33-agent council, quorum rules, red-line protections, voting math.
Detect→Triage→Contain→Eradicate→Recover→PIR→Disclose.
Personas, exit gates, acceptance matrix, evidence freshness.
Apache-2.0 default, no telemetry, no per-seat, no re-exposure.
Data portability, key handover, MCP export, decommissioning.
33 named agents, NCSC-aligned threat intel, named pilots.
| # | Artefact | Domain | Path | Verify |
|---|---|---|---|---|
| 1 | Soft-launch readiness checklist | D5,D6 | defoneos-soft-launch-readiness-checklist | 12 release checks, owner-gated |
| 2 | Buyer evidence index | D1-D11 | sovereign-buyer-evidence-index | 27 evidence classes |
| 3 | Public operator handbook | D2,D7 | defoneos-public-operator-handbook | 8 bounded workflows |
| 4 | Buyer FAQ (top-25) | D9,D10 | defoneos-buyer-faq | 25 questions, evidence-anchored |
| 5 | Public changelog | D1 | defoneos-public-changelog | 60-day rolling, every tick |
| 6 | Operator troubleshooting | D7 | defoneos-operator-troubleshooting | 12 failure scenarios |
| 7 | Buyer acceptance test pack | D8 | defoneos-buyer-acceptance-test-pack | 6 personas × G/W/T |
| 8 | Live evidence freshness probe | D8 | defoneos-live-evidence-freshness-probe | 7 probes F1–F7 |
| 9 | Acceptance criteria matrix | D5,D8 | defoneos-acceptance-criteria-matrix | 25-row ACID table |
| 10 | Adversarial red-team framework | D6,D7 | adversarial-red-team-framework | Threat model + trials |
| 11 | Pilot ROI model | D8,D9 | pilot-roi-model | TCO vs US-cloud |
| 12 | AUKUS Pillar-2 explainer | D5,D11 | aukus-pillar-2-explainer | UK-US-AU trilat alignment |
| 13 | Procurement tracker | D5,D9 | procurement-tracker | G-Cloud / DPS / DASA pipeline |
| 14 | Sovereign data escrow protocol | D3,D10 | sovereign-data-escrow-protocol | Trust-third neutral escrow |
| 15 | MCP federation architecture | D2,D6 | mcp-federation-architecture | P2P manifest, Ed25519 |
| 16 | Sovereign data escrow deployment guide | D3,D10 | sovereign-data-escrow-deployment-guide | Operational runbook |
| 17 | BFT council emergency session protocol | D6,D7 | bft-council-emergency-session-protocol | SEV1 escalation |
| 18 | Deployment topology reference | D2 | deployment-topology-reference | 4 deployment patterns |
| 19 | Sovereign inference routing spec | D2,D7 | sovereign-inference-routing-spec | Local-first routing |
| 20 | MCP admission control checklist | D4,D6 | mcp-admission-control-checklist | 8-stage admission |
| 21 | SIGIL ledger specification | D1 | sigil-ledger-specification | Cryptographic chain |
| 22 | Sovereign secrets keystore spec | D3 | sovereign-secrets-keystore-spec | Shamir 3-share |
| 23 | Federation discovery protocol | D2,D6 | federation-discovery-protocol | P2P manifest 6-state |
| 24 | Escrow key rotation procedure | D3,D10 | escrow-key-rotation-procedure | Zero-downtime |
| 25 | Sovereign identity attestation spec | D1,D3 | sovereign-identity-attestation-spec | 3-witness BFT |
| 26 | MCP supply-chain integrity scan | D4 | mcp-supply-chain-integrity-scan | 7 verification layers |
| 27 | BFT quorum cryptography spec | D3,D6 | bft-quorum-cryptography-spec | BLS12-381 + GG20 |
| 28 | Sovereign incident response runbook | D7 | sovereign-incident-response-runbook | 7-phase IR |
| 29 | Sovereign TLS pinning spec | D3 | sovereign-tls-pinning-spec | Sovereign-only CA |
| 30 | Sovereign CSP bypass prevention spec | D3,D7 | sovereign-csp-bypass-prevention-spec | 3-layer defence |
| 31 | DEFONEOS DASA bid pack | D5,D9 | defoneos-dasa-bid-author-pack | Draft ready |
| 32 | DEFONEOS NATO DIANA pack | D5,D9 | defoneos-nato-diana-application-pack | Draft ready |
| 33 | DEFONEOS UKDI pack | D5,D9 | defoneos-mod-ukdi | Draft ready |
| 34 | DEFONEOS system card | D5 | defoneos-system-card | AISI evaluation-ready |
| 35 | DEFONEOS SC clearance guide | D5 | defoneos-sc-clearance | Personal detail gated |
| 36 | DEFONEOS CoA charter | D6,D11 | sovereign-charter-build | Ed25519-signed |
| 37 | DEFONEOS factsheet | D2,D9 | defoneos-factsheet | Top-line summary |
| 38 | DEFONEOS layer-0 governance | D6 | sovereign-layer-0-governance-framework | Charter manifest |
Every numbered artefact above links to a static HTML page at https://www.csoai.org/<slug>.html. The verification protocol is identical across all 38:
$ curl -sI https://www.csoai.org/<slug>.html | head -1
HTTP/2 200
$ curl -s https://www.csoai.org/<slug>.html | wc -c
<N> # <N> matches the byte-count declared in the SIGIL ledger
$ curl -s https://www.csoai.org/sitemap.xml | grep <slug>
<url>...<slug>.html</loc>...</url>
# Optional — full hash verification
$ curl -s https://www.csoai.org/tick-114-sigil.json | jq '.artefacts[] | select(.path | contains("<slug>"))'
If the byte-count matches between disk and fetch, and the artefact appears in the live sitemap and the latest SIGIL file, the page is fresh and signed.
DEFONEOS signs every released surface with a 4-layer chain of trust:
tick-N-sigil.json — with back-references to the prior tick's hash (Merkle-style) and 7-year retention.sovereign-data-escrow-protocol.sovereign-secrets-keystore-spec.sovereign-data-escrow-deployment-guide.sovereign-csp-bypass-prevention-spec.sovereign-incident-response-runbook.bft-quorum-cryptography-spec.procurement-tracker.Everything in DEFONEOS that does not depend on a third-party upstream is licensed Apache-2.0. You, the buyer, own:
DEFONEOS retains copyright on its own source code (Apache-2.0 grants you a perpetual, royalty-free, worldwide licence to run, modify, and re-distribute). We do not retain any claim on your data, your derivatives, or your downstream services.
Every claim we make on www.csoai.org is verifiable without our involvement:
vercel-deploy-via-oidc-token deploys without our intervention.escrow-key-rotation-procedure.sovereign-data-escrow-deployment-guide.If DEFONEOS ceases to exist tomorrow, you retain the source, the keys, the evidence, and the right to operate every shipped artefact forever, royalty-free.
This page is the entrance to the buyer evidence vault. Each numbered artefact is a verification anchor. We invite you to challenge any claim on any artefact by replaying the curl commands above or emailing procurement@defoneos.com with the artefact path.
For a 30-day structured pilot, see defoneos-buyer-acceptance-test-pack (6 personas × G/W/T × exit gates).
View acceptance criteria matrix View buyer evidence index Read the buyer FAQ
https://www.csoai.org/<slug>.html. No claims here are confidential; all are within the public-knowledge perimeter. Owner-gated actions (DSP registration, SC clearance, Cyber Essentials application, DASA filing, NATO DIANA filing, UKDI email, PyPI publish, and DEFONEOS-SEAL issuance) are explicitly excluded from autonomous execution and require Nicholas Templeman. Last verified against tick-114 SIGIL: expected byte-count 7658.