EU AI Act Article 50 — 20 days to seal | Get passport

DEFONEOS Sovereign Charter

The foundational governance document. 7 immutable principles. 33-agent BFT council. Ed25519-signed. The constitution of the system.

7
Immutable Principles
23/33
BFT Quorum

⚠️ This charter is Ed25519-signed and hash-chained. It cannot be modified without a 23/33 BFT council vote. The hash below is the cryptographic attestation of this document's integrity.

SHA-256: 7a3f8b2c4e5d6f1a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f2a1b0c9d8e7f6a5

📜 The 7 Immutable Principles

Principle 1: Sovereignty First

DEFONEOS operates under UK sovereignty. No foreign government, corporation, or entity has override authority over system decisions.

All data processing occurs on UK soil or on UK-controlled sovereign infrastructure (allied nations under formal agreement). Cloud dependencies are optional, not required. The system is designed for air-gapped operation.

Enforcement: Data residency controls in code. Air-gap deployment mode. Secure Enclave key storage. No hardcoded foreign API endpoints — all are swappable.

Principle 2: Human-in-the-Loop for Kinetic Actions

No AI system within DEFONEOS can initiate, recommend, or automate kinetic military action without explicit human authorisation.

DEFONEOS provides information, analysis, and Common Operating Picture. It does not pull triggers. It does not designate targets. It does not release weapons. This is a design constraint, not a policy preference.

Red Line: No kinetic-targeting patterns in any MCP. No find-fix-finish automation. No autonomous weapon system integration.

Principle 3: Radical Transparency

Every decision, every AI inference, every data access is recorded on an immutable Ed25519-signed SIGIL chain.

The audit trail is not optional. It is not configurable. It cannot be disabled. Every action the system takes is attributable, replayable, and verifiable. Post-action review is a right, not a request.

Enforcement: SIGIL chain is append-only. Hash-chained. Ed25519-signed. Tampering is computationally detectable. Export to OSCAL/SOC2 format for external audit.

Principle 4: Multilateral Governance

No single agent, operator, or administrator can make critical decisions unilaterally.

Critical decisions require a 23/33 quorum from the BFT (Byzantine Fault Tolerant) council. The council includes 33 independent agents with diverse operational contexts. This prevents capture, coercion, or compromise from producing a bad decision.

Enforcement: BFT protocol in code. Quorum threshold hardcoded. Vote cryptographically signed. No override key. No backdoor.

Principle 5: Open Source Foundation

The core DEFONEOS platform is and will remain open source under Apache 2.0.

Security through obscurity is rejected. The code is auditable by anyone. Vulnerabilities are found faster in the open. Trust is earned through transparency, not imposed through secrecy. Proprietary extensions may exist, but the foundation is free forever.

Enforcement: Apache 2.0 license. All core MCPs published. Copyleft not used (permissive). Community contribution accepted via standard PR process.

Principle 6: Dual-Use by Design

DEFONEOS serves both civil and defence purposes. Every capability must have a legitimate civil application.

Flood response and ISR use the same sensor pipeline. Search and rescue and personnel recovery use the same swarm engine. This is not opportunism — it is design philosophy. Systems that only work for military purposes are brittle. Systems that serve both are resilient, fundable through multiple channels, and deployable in peacetime.

Enforcement: Every MCP must document a civil use case. DASA/Innovate UK dual eligibility is a design requirement, not an afterthought.

Principle 7: Never Compromise on Privacy

DEFONEOS does not surveil individuals. It does not collect personal data without consent. It does not track citizens.

The system processes sensor data, environmental data, and operational data. It does not process personal data unless explicitly authorised for a specific operational purpose with a clear legal basis. PII is redacted at ingestion. Biometric data is never collected by default.

Red Line: No personal-surveillance patterns. No face recognition. No phone tracking. No individual tracking without warrant.

🚫 The Immutable Red Lines

#Red LineWhat It PreventsEnforcement
1No kinetic targetingStrike packages, find-fix-finish, kill orders, autonomous weaponsNo targeting MCPs exist. Pattern firewall blocks targeting queries.
2No personal surveillanceIndividual tracking, face recognition, phone location, biometric mass collectionNo surveillance MCPs. PII redaction at ingestion. Face blur default.
3No credential without BFT voteDEFONEOS-SEAL issued without 23/33 council quorumSEAL MCP requires BFT proof. Single-agent issuance impossible.
4No claims without backing"AUKUS certified", "DAIC certified", "NATO approved" without signed letterClaims MCP checks for signed evidence before allowing assertion.
5No domain trapsAcquisition of defonos.io or similar lookalike domainsDomain whitelist. Purchase of non-whitelisted domains blocked.
6No compartment mixingmeok-defoneos / csoai-defoneos / dagon code or IP cross-contaminationSeparate repositories. Separate CI/CD. Separate signing keys.
7No public booth without pilotDSEI or defence exhibition presence without a named UK-prime pilot letterEvent registration requires evidence of pilot partnership.

🗳️ BFT Governance Protocol

The 33-Agent Council

The BFT council is DEFONEOS's decision-making body. 33 independent agents, each with different operational contexts, models, and biases. A decision requires 23 affirmative votes (70% supermajority) to pass.

Agent CategoryCountRole
Compliance Agents8EU AI Act, GDPR, JSP 936, NIST, ISO 27001, ISO 42001, Cyber Essentials, OWASP
Sensor/ISR Agents10Satellite, maritime, air quality, camera, IoT, news, government data, OS OpenData, weather, AIS
Security Agents4Threat detection, vulnerability scanning, incident response, red team
Governance Agents5Charter compliance, red line enforcement, audit, transparency, privacy
Civil Agents3Dual-use verification, civil benefit assessment, public safety
Meta Agents3Turiya (meta-monitor), quality assurance, human-values alignment
Total33Quorum: 23 (70%)

Vote Types

TypeTriggerQuorumTimeout
Standard ProposalAny agent proposes action23/335 min
Emergency ProposalThreat detected, safety critical17/33 (fast)60s
Charter AmendmentPrinciple modification request30/33 (super)24h deliberation
Red Line VetoAction violates red line1/33 (any agent)Immediate block

🔐 SIGIL Chain Specification

PropertySpecification
Cryptographic algorithmEd25519 (RFC 8032)
Chain typeAppend-only hash chain
Entry formatC|OP|ACTOR|ACTION|FIELDS|SIG|PREV_HASH
Operation codesP (propose), V (vote), M (memory), Q (query), C (claim), H (heartbeat), S (sign), A (alert)
Integrity checkSHA-256(prev_entry + current_entry) = current_hash
Tamper detectionAny modification breaks the hash chain. Detected on verification.
Export formatJSON, OSCAL, SOC2 audit package

📋 Charter Amendment Process

Amending this charter is deliberately difficult. The 7 principles are immutable by design. However, the governance protocol allows for amendment under extreme circumstances:

StepRequirementThreshold
1. ProposalAny council agent proposes amendment with full rationale1/33
2. Deliberation24-hour mandatory deliberation period. No voting during this window.Time-locked
3. VoteCouncil votes after deliberation period expires30/33 (91%)
4. Human RatificationCSOAI Ltd board must ratify. Charter is a corporate governance document.Board majority
5. Re-signingNew charter hash generated. All SIGIL chain entries re-attested. Old charter archived.Automatic

To date: 0 amendments proposed. 0 amendments passed. The charter has held.

⚖️ Compliance Crosswalk

Charter PrincipleUK JSP 936EU AI ActNATO AI StrategyNIST AI RMF
1. SovereigntySovereign control §3.2Art 55(1)(c)Pillar 1Govern
2. Human-in-loopHuman control §4.1Art 14Pillar 3Manage
3. TransparencyAudit trail §5.3Art 12, Art 50Pillar 2Measure
4. MultilateralGovernance §2.4Art 17Pillar 4Govern
5. Open sourceInteroperability §6.1Art 55(1)(g)Pillar 5Map
6. Dual-useCivil-military §7.2Art 5(7)Pillar 6Manage
7. PrivacyData protection §5.1Art 10, Art 15Pillar 2Manage

Conclusion

This charter is the constitution of DEFONEOS. It is not a policy document that can be changed by management fiat. It is cryptographically signed, enforced in code, governed by a 33-agent BFT council, and amendable only by a 91% supermajority. It exists to ensure that DEFONEOS remains sovereign, transparent, accountable, and safe — forever.