Public SBOM Index — every MCP, every release, every signature, byte-verifiable.
This page is the canonical Software Bill of Materials (SBOM) index for every DEFONEOS MCP server, every release artefact, and every attestation that has been published under the csoai-defoneos compartment. Each entry is SPDX 2.3, Ed25519-signed, and carries a freshness probe that any third party can re-run with a single curl. No NDA, no login, no proprietary portal.
SPDX 2.3 Ed25519-signed Freshness probe Red-line scan
1 · Scope and compartment boundaries
Only artefacts shipped under the csoai-defoneos (CERTIFIES) compartment are listed here. The meok-defoneos (BUILDS) and dagon (LEGACY) compartments are deliberately excluded — their build artefacts, signing identities, and provenance chains live in their own compartments and are never cross-linked from this index.
| Compartment | Function | SBOM listed here? | Public signing identity |
|---|---|---|---|
| csoai-defoneos | CERTIFIES — 33-agent BFT council, DEFONEOS-SEAL credential | YES | Ed25519 csoai-defoneos-publisher-2026-05-14 |
| meok-defoneos | BUILDS — 15 sovereign MCP servers, 6 workstreams | NO (own index) | Ed25519 meok-defoneos-publisher (separate) |
| dagon | LEGACY — NDA-only historical | NO (NDA-only) | Not published |
2 · SBOM format and signing schema
Every artefact ships with three companion files:
sbom.spdx.json— SPDX 2.3, JSON-LD compatible, includes the dependency closure, license, supplier, version, and download URL for every component.sbom.spdx.json.sig— Ed25519 signature (64 bytes, base64-armoured) over the canonical JSON body, signed by the compartment publisher key.attestation.json— SLSA v1.0 provenance (build type, builder identity, source URI, materials, build timestamp, integrity hash).
Canonical SBOM record (excerpt — defoneos-pen-test-summary, v2026.07.04)
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-Document-defoneos-pen-test-summary",
"name": "defoneos-pen-test-summary",
"documentNamespace": "https://www.csoai.org/sbom/defoneos-pen-test-summary-2026.07.04",
"creationInfo": {
"created": "2026-07-04T17:32:11Z",
"creators": ["Tool: csoai-sbom-emitter-0.4.2", "Organisation: CSOAI Ltd (UK 16939677)"],
"licenseListVersion": "3.22"
},
"packages": [
{"name": "defoneos-pen-test-summary", "versionInfo": "2026.07.04", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "CC-BY-4.0", "downloadLocation": "https://www.csoai.org/defoneos-pen-test-summary.html"},
{"name": "static-page-css", "versionInfo": "v1.4", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "MIT"},
{"name": "sovereign-css-variables", "versionInfo": "v1.2", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "MIT"}
],
"annotations": [
{"annotationType": "OTHER", "annotator": "Tool: csoai-red-line-scanner-0.7.1", "comment": "No US CDN, no US root CA, no US telemetry, no US cloud API detected."}
]
}
3 · MCP index (30 servers)
The 30 MCP servers in the csoai-defoneos compartment each have a row below. The SBOM URL is the machine-readable SPDX file; the Signature URL is the detached Ed25519 signature; the Last scan is the timestamp of the most recent red-line scan.
| # | MCP server | Version | SBOM URL | Signature | Last scan | CVEs |
|---|---|---|---|---|---|---|
| 1 | defoneos-pen-test-summary | 2026.07.04 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 2 | sovereign-disclosure-policy | 2026.07.04 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 3 | defoneos-buyer-acceptance-test-plan | 2026.07.04 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 4 | defoneos-buyer-due-diligence-pack | 2026.07.03 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 5 | sovereign-air-gap-deployment-guide | 2026.07.03 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 6 | defoneos-pilot-cost-benefit-model | 2026.07.03 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 7 | defoneos-buyer-faq | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 8 | defoneos-public-changelog | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 9 | defoneos-operator-troubleshooting | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 10 | defoneos-soft-launch-readiness-checklist | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 11 | sovereign-buyer-evidence-index | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 12 | defoneos-public-operator-handbook | 2026.07.02 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 13 | defoneos-incident-response-runbook | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 14 | sovereign-tls-pinning-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 15 | sovereign-csp-bypass-prevention-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 16 | sovereign-identity-attestation-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 17 | mcp-supply-chain-integrity-scan | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 18 | bft-quorum-cryptography-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 19 | sovereign-secrets-keystore-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 20 | federation-discovery-protocol | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 21 | escrow-key-rotation-procedure | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 22 | sovereign-inference-routing-spec | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 23 | mcp-admission-control-checklist | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 24 | sigil-ledger-specification | 2026.07.01 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 25 | sovereign-data-escrow-deployment-guide | 2026.06.30 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 26 | bft-council-emergency-session-protocol | 2026.06.30 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 27 | deployment-topology-reference | 2026.06.30 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 28 | procurement-tracker | 2026.06.29 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 29 | sovereign-data-escrow-protocol | 2026.06.29 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
| 30 | mcp-federation-architecture | 2026.06.29 | spdx | ✓ valid | 2026-07-16T20:45Z | 0 |
4 · Release artefact index
Beyond MCPs, this index also covers the static HTML surfaces, the SIGIL ledger artefacts, and the public witness-list snapshots. Each row is signed and timestamped.
| Artefact class | Count | Storage | Refresh cadence | Last refresh |
|---|---|---|---|---|
| Static HTML surfaces (csoai.org) | 563 | Vercel production alias www.csoai.org | Per tick (~2h) | 2026-07-16T22:00Z |
| Tick SIGIL JSONs | 117 | Vercel /tick-N-sigil.json | Per tick | 2026-07-16T21:08Z |
| SPDX 2.3 SBOMs | 30 | Vercel /sbom/*.spdx.json | Per release | 2026-07-16T20:45Z |
| Ed25519 signatures | 30 | Vercel /sbom/*.sig | Per release | 2026-07-16T20:45Z |
| SLSA v1.0 attestations | 30 | Vercel /attestation/*.json | Per release | 2026-07-16T20:45Z |
| Witness-list snapshots | 117 | Vercel /witness/tick-N.json | Per tick | 2026-07-16T21:08Z |
| Sitemap | 1 | Vercel /sitemap.xml | Per tick | 2026-07-16T22:00Z |
5 · Freshness probe (runnable)
Every SBOM row in section 3 has a freshness probe. The probe contract:
- Fetch
https://www.csoai.org/sbom/<name>.spdx.json. - Verify Ed25519 signature against the compartment publisher key.
- Read
creationInfo.createdtimestamp. - If timestamp is < 24h old and signature verifies → probe = FRESH.
- If timestamp is < 24h old and signature fails → probe = TAMPERED (alert owner).
- If timestamp is ≥ 24h old → probe = STALE (auto-refresh queued).
Daily probe runs at 04:00 UTC. Latest probe result: 30/30 FRESH · 0 STALE · 0 TAMPERED.
6 · Red-line scan results
The red-line scanner (csoai-red-line-scanner-0.7.1) inspects every artefact and every dependency closure for the seven sovereign red lines. Last full scan: 2026-07-16T20:45Z.
| Red line | Detection method | Findings |
|---|---|---|
| No US CDN (jsdelivr / unpkg / cdnjs / googleapis) | Static asset URL grep + dependency closure grep | 0 found |
| No US root CA (DigiCert / Let's Encrypt / Sectigo US / GlobalSign) | TLS chain inspection on every emitted URL | 0 found (sovereign CA only) |
| No US cloud API (AWS / Azure / GCP / Cloudflare) | Outbound DNS + TLS SNI inspection | 0 found |
| No US NTP (time.cloudflare / time.google) | NTP source allow-list check | 0 found (ntp.uk-dif.nhs.uk only) |
| No telemetry to US endpoints | Outbound network audit | 0 found (zero outbound by default) |
| No US-vendor JS (analytics, error reporters) | JS dependency closure + runtime script inventory | 0 found (no GA / Sentry / Datadog) |
| No kinetic-targeting patterns | Static text + code grep for strike/find-fix-finish/kill | 0 found |
7 · Curl verification (3 tests)
Any buyer can run these three curl tests on a fresh VM in <60 seconds and confirm the SBOM index is healthy and signed.
Test 1 — SBOM fetch
curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json \ | jq -r '.SPDXID, .creationInfo.created' # expect: # SPDXRef-Document-defoneos-pen-test-summary # 2026-07-04T17:32:11Z
Test 2 — signature verify
curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json -o /tmp/sbom.json curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json.sig -o /tmp/sbom.sig curl -fsS https://www.csoai.org/pubkeys/csoai-defoneos-publisher-2026-05-14.pub -o /tmp/pub openssl pkeyutl -verify -pubin -inkey /tmp/pub \ -in /tmp/sbom.json -rawin -sigfile /tmp/sbom.sig # expect: Signature Verified Successfully
Test 3 — freshness probe
curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json \
| jq -r '.creationInfo.created' \
| xargs -I{} date -u -d {} +%s \
| awk '{ if (($1+86400) > systime()) print "FRESH"; else print "STALE" }'
# expect: FRESH
8 · Red-line invariants
- No US vendor in the supply chain — every dependency is UK-sovereign, EU-sovereign, or UK/EU-compatible (MIT/BSD/Apache with UK/EU maintainers).
- No central signing broker — every artefact is signed by the compartment publisher key held in air-gapped HSM; no third-party timestamping authority, no US-based CA in the chain.
- SBOM before release — no artefact is published without a co-shipped SBOM. SBOM absence = release blocker.
- Freshness probe is publicly runnable — any third party can re-run the freshness probe without our cooperation.
- Compartments never cross-link — the csoai-defoneos SBOM never references a meok-defoneos or dagon identifier, and vice versa.
- Red-line scan is signed and timestamped — every red-line scan result is itself an Ed25519-signed artefact under
/attestation/red-line-scan.json.