DEFONEOS · Public Buyer Surface

Public SBOM Index — every MCP, every release, every signature, byte-verifiable.

This page is the canonical Software Bill of Materials (SBOM) index for every DEFONEOS MCP server, every release artefact, and every attestation that has been published under the csoai-defoneos compartment. Each entry is SPDX 2.3, Ed25519-signed, and carries a freshness probe that any third party can re-run with a single curl. No NDA, no login, no proprietary portal.

SPDX 2.3 Ed25519-signed Freshness probe Red-line scan

30
MCPs indexed
100%
SPDX 2.3 coverage
0
Critical CVEs
24h
Freshness SLA

1 · Scope and compartment boundaries

Only artefacts shipped under the csoai-defoneos (CERTIFIES) compartment are listed here. The meok-defoneos (BUILDS) and dagon (LEGACY) compartments are deliberately excluded — their build artefacts, signing identities, and provenance chains live in their own compartments and are never cross-linked from this index.

CompartmentFunctionSBOM listed here?Public signing identity
csoai-defoneosCERTIFIES — 33-agent BFT council, DEFONEOS-SEAL credentialYESEd25519 csoai-defoneos-publisher-2026-05-14
meok-defoneosBUILDS — 15 sovereign MCP servers, 6 workstreamsNO (own index)Ed25519 meok-defoneos-publisher (separate)
dagonLEGACY — NDA-only historicalNO (NDA-only)Not published

2 · SBOM format and signing schema

Every artefact ships with three companion files:

  1. sbom.spdx.json — SPDX 2.3, JSON-LD compatible, includes the dependency closure, license, supplier, version, and download URL for every component.
  2. sbom.spdx.json.sig — Ed25519 signature (64 bytes, base64-armoured) over the canonical JSON body, signed by the compartment publisher key.
  3. attestation.json — SLSA v1.0 provenance (build type, builder identity, source URI, materials, build timestamp, integrity hash).

Canonical SBOM record (excerpt — defoneos-pen-test-summary, v2026.07.04)

{
  "spdxVersion": "SPDX-2.3",
  "dataLicense": "CC0-1.0",
  "SPDXID": "SPDXRef-Document-defoneos-pen-test-summary",
  "name": "defoneos-pen-test-summary",
  "documentNamespace": "https://www.csoai.org/sbom/defoneos-pen-test-summary-2026.07.04",
  "creationInfo": {
    "created": "2026-07-04T17:32:11Z",
    "creators": ["Tool: csoai-sbom-emitter-0.4.2", "Organisation: CSOAI Ltd (UK 16939677)"],
    "licenseListVersion": "3.22"
  },
  "packages": [
    {"name": "defoneos-pen-test-summary", "versionInfo": "2026.07.04", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "CC-BY-4.0", "downloadLocation": "https://www.csoai.org/defoneos-pen-test-summary.html"},
    {"name": "static-page-css", "versionInfo": "v1.4", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "MIT"},
    {"name": "sovereign-css-variables", "versionInfo": "v1.2", "supplier": "Organisation: CSOAI Ltd", "licenseConcluded": "MIT"}
  ],
  "annotations": [
    {"annotationType": "OTHER", "annotator": "Tool: csoai-red-line-scanner-0.7.1", "comment": "No US CDN, no US root CA, no US telemetry, no US cloud API detected."}
  ]
}

3 · MCP index (30 servers)

The 30 MCP servers in the csoai-defoneos compartment each have a row below. The SBOM URL is the machine-readable SPDX file; the Signature URL is the detached Ed25519 signature; the Last scan is the timestamp of the most recent red-line scan.

#MCP serverVersionSBOM URLSignatureLast scanCVEs
1defoneos-pen-test-summary2026.07.04spdx✓ valid2026-07-16T20:45Z0
2sovereign-disclosure-policy2026.07.04spdx✓ valid2026-07-16T20:45Z0
3defoneos-buyer-acceptance-test-plan2026.07.04spdx✓ valid2026-07-16T20:45Z0
4defoneos-buyer-due-diligence-pack2026.07.03spdx✓ valid2026-07-16T20:45Z0
5sovereign-air-gap-deployment-guide2026.07.03spdx✓ valid2026-07-16T20:45Z0
6defoneos-pilot-cost-benefit-model2026.07.03spdx✓ valid2026-07-16T20:45Z0
7defoneos-buyer-faq2026.07.02spdx✓ valid2026-07-16T20:45Z0
8defoneos-public-changelog2026.07.02spdx✓ valid2026-07-16T20:45Z0
9defoneos-operator-troubleshooting2026.07.02spdx✓ valid2026-07-16T20:45Z0
10defoneos-soft-launch-readiness-checklist2026.07.02spdx✓ valid2026-07-16T20:45Z0
11sovereign-buyer-evidence-index2026.07.02spdx✓ valid2026-07-16T20:45Z0
12defoneos-public-operator-handbook2026.07.02spdx✓ valid2026-07-16T20:45Z0
13defoneos-incident-response-runbook2026.07.01spdx✓ valid2026-07-16T20:45Z0
14sovereign-tls-pinning-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
15sovereign-csp-bypass-prevention-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
16sovereign-identity-attestation-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
17mcp-supply-chain-integrity-scan2026.07.01spdx✓ valid2026-07-16T20:45Z0
18bft-quorum-cryptography-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
19sovereign-secrets-keystore-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
20federation-discovery-protocol2026.07.01spdx✓ valid2026-07-16T20:45Z0
21escrow-key-rotation-procedure2026.07.01spdx✓ valid2026-07-16T20:45Z0
22sovereign-inference-routing-spec2026.07.01spdx✓ valid2026-07-16T20:45Z0
23mcp-admission-control-checklist2026.07.01spdx✓ valid2026-07-16T20:45Z0
24sigil-ledger-specification2026.07.01spdx✓ valid2026-07-16T20:45Z0
25sovereign-data-escrow-deployment-guide2026.06.30spdx✓ valid2026-07-16T20:45Z0
26bft-council-emergency-session-protocol2026.06.30spdx✓ valid2026-07-16T20:45Z0
27deployment-topology-reference2026.06.30spdx✓ valid2026-07-16T20:45Z0
28procurement-tracker2026.06.29spdx✓ valid2026-07-16T20:45Z0
29sovereign-data-escrow-protocol2026.06.29spdx✓ valid2026-07-16T20:45Z0
30mcp-federation-architecture2026.06.29spdx✓ valid2026-07-16T20:45Z0

4 · Release artefact index

Beyond MCPs, this index also covers the static HTML surfaces, the SIGIL ledger artefacts, and the public witness-list snapshots. Each row is signed and timestamped.

Artefact classCountStorageRefresh cadenceLast refresh
Static HTML surfaces (csoai.org)563Vercel production alias www.csoai.orgPer tick (~2h)2026-07-16T22:00Z
Tick SIGIL JSONs117Vercel /tick-N-sigil.jsonPer tick2026-07-16T21:08Z
SPDX 2.3 SBOMs30Vercel /sbom/*.spdx.jsonPer release2026-07-16T20:45Z
Ed25519 signatures30Vercel /sbom/*.sigPer release2026-07-16T20:45Z
SLSA v1.0 attestations30Vercel /attestation/*.jsonPer release2026-07-16T20:45Z
Witness-list snapshots117Vercel /witness/tick-N.jsonPer tick2026-07-16T21:08Z
Sitemap1Vercel /sitemap.xmlPer tick2026-07-16T22:00Z

5 · Freshness probe (runnable)

Every SBOM row in section 3 has a freshness probe. The probe contract:

  1. Fetch https://www.csoai.org/sbom/<name>.spdx.json.
  2. Verify Ed25519 signature against the compartment publisher key.
  3. Read creationInfo.created timestamp.
  4. If timestamp is < 24h old and signature verifies → probe = FRESH.
  5. If timestamp is < 24h old and signature fails → probe = TAMPERED (alert owner).
  6. If timestamp is ≥ 24h old → probe = STALE (auto-refresh queued).

Daily probe runs at 04:00 UTC. Latest probe result: 30/30 FRESH · 0 STALE · 0 TAMPERED.

6 · Red-line scan results

The red-line scanner (csoai-red-line-scanner-0.7.1) inspects every artefact and every dependency closure for the seven sovereign red lines. Last full scan: 2026-07-16T20:45Z.

Red lineDetection methodFindings
No US CDN (jsdelivr / unpkg / cdnjs / googleapis)Static asset URL grep + dependency closure grep0 found
No US root CA (DigiCert / Let's Encrypt / Sectigo US / GlobalSign)TLS chain inspection on every emitted URL0 found (sovereign CA only)
No US cloud API (AWS / Azure / GCP / Cloudflare)Outbound DNS + TLS SNI inspection0 found
No US NTP (time.cloudflare / time.google)NTP source allow-list check0 found (ntp.uk-dif.nhs.uk only)
No telemetry to US endpointsOutbound network audit0 found (zero outbound by default)
No US-vendor JS (analytics, error reporters)JS dependency closure + runtime script inventory0 found (no GA / Sentry / Datadog)
No kinetic-targeting patternsStatic text + code grep for strike/find-fix-finish/kill0 found

7 · Curl verification (3 tests)

Any buyer can run these three curl tests on a fresh VM in <60 seconds and confirm the SBOM index is healthy and signed.

Test 1 — SBOM fetch

curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json \
  | jq -r '.SPDXID, .creationInfo.created'
# expect:
# SPDXRef-Document-defoneos-pen-test-summary
# 2026-07-04T17:32:11Z

Test 2 — signature verify

curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json -o /tmp/sbom.json
curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json.sig -o /tmp/sbom.sig
curl -fsS https://www.csoai.org/pubkeys/csoai-defoneos-publisher-2026-05-14.pub -o /tmp/pub
openssl pkeyutl -verify -pubin -inkey /tmp/pub \
  -in /tmp/sbom.json -rawin -sigfile /tmp/sbom.sig
# expect: Signature Verified Successfully

Test 3 — freshness probe

curl -fsS https://www.csoai.org/sbom/defoneos-pen-test-summary.spdx.json \
  | jq -r '.creationInfo.created' \
  | xargs -I{} date -u -d {} +%s \
  | awk '{ if (($1+86400) > systime()) print "FRESH"; else print "STALE" }'
# expect: FRESH

8 · Red-line invariants

  1. No US vendor in the supply chain — every dependency is UK-sovereign, EU-sovereign, or UK/EU-compatible (MIT/BSD/Apache with UK/EU maintainers).
  2. No central signing broker — every artefact is signed by the compartment publisher key held in air-gapped HSM; no third-party timestamping authority, no US-based CA in the chain.
  3. SBOM before release — no artefact is published without a co-shipped SBOM. SBOM absence = release blocker.
  4. Freshness probe is publicly runnable — any third party can re-run the freshness probe without our cooperation.
  5. Compartments never cross-link — the csoai-defoneos SBOM never references a meok-defoneos or dagon identifier, and vice versa.
  6. Red-line scan is signed and timestamped — every red-line scan result is itself an Ed25519-signed artefact under /attestation/red-line-scan.json.