From zero to sovereign defence AI in 30 minutes. One command. Five decisions. Done.
⏱️ Time estimate: 30 minutes · 🧠 Prerequisite: Python 3.11+, Docker, 16GB RAM, git · 💾 Storage: 8GB free · 🌐 Network: ~50MB download + per-MCP API calls (optional, can run offline)
That's it. The wizard handles: pre-checks, MCP discovery, SOV3 install, cesium self-host, BFT council init, SIGIL chain bootstrap, and SIGIL receipt.
The installer auto-detects: OS (macOS / Linux / WSL2), Python version, Docker availability, disk space, RAM, internet status. Outputs a one-line green/yellow/red matrix. Smart blocks on red (e.g. Python < 3.11), warns on yellow (e.g. low RAM), continues on green.
The wizard asks 5 questions to pick the right MCP bundle:
Where will SOV3 + MCP fleet run?
a) M4 / M2 Mac (local sovereign compute, recommended for individual operators)
b) GCP VM cluster (production scale, multi-user)
c) On-prem (air-gapped, MOD/UK sovereign deployment)
d) Hybrid (Mac edge + GCP cloud sync)
Which 12 domains do you need?
a) All 12 (Land/Sea/Air/Space/Cyber/EW/Underground/Cognitive/Bio/Quantum/Arctic/Urban)
b) Sensor + Defence only (10 MCPs)
c) Civil Services only (3 MCPs)
d) Custom (pick from MCP registry)
Real API access or sandbox mode?
a) Real (provide API keys for Sentinel Hub, Companies House, etc.)
b) Sandbox (pre-cached data, 30-day refresh)
c) Offline (synthetic data generators)
How strict is the AI governance?
a) Full 33-node council (recommended, default)
b) Reduced 11-node (faster decisions, less safety)
c) Single-agent mode (fastest, lowest safety — not recommended for defence)
How often to generate audit receipts?
a) Every action (highest audit, highest overhead)
b) Every 5 minutes (recommended, balanced)
c) Every hour (low overhead)
The installer runs these sub-commands:
The wizard runs the canonical 16-test E2E suite:
| # | Test | Outcome |
|---|---|---|
| 1 | SOV3 /mcp endpoint | 200 OK |
| 2 | Auth handshake | JWT issued |
| 3 | MCP discovery | All 30 listed |
| 4 | Tool invocation | All 188+ callable |
| 5 | BFT council vote | Quorum 22/33 reached |
| 6 | SIGIL receipt | Ed25519 generated |
| 7 | Cesium globe | localhost:8082 OK |
| 8 | TAK bridge | FreeTAKServer / cot OK |
| 9 | JSP 936 audit | 5 principles check |
| 10 | EU AI Act audit | Article 50 OK |
| 11 | OWASP ASI Top 10 | All 10 mitigations |
| 12 | GDPR right-to-erase | Data deleted + receipt |
| 13 | D3 offline mode | Mac edge node runs |
| 14 | Disaster recovery | RPO 5m / RTO 15m |
| 15 | Performance SLAs | <100ms p99 latency |
| 16 | SIGIL chain integrity | Hash verified ✓ |
On success, the wizard issues a SIGIL receipt:
Common issues:
brew install python@3.11 (macOS), apt install python3.11 (Linux), or use pyenv install 3.11.sudo systemctl start docker (Linux).defoneos install --port=3201.defoneos sandbox to use pre-cached data.defoneos install --offline --tarball=defoneos-2026-07.tar.gz.More: see defoneos-deploy.html for production deployments, defoneos-start.html for the 5-step quick start.