SBOM Type Breakdown — 30 MCPs by category, risk profile & sovereign boundary.
This page is the categorical companion to the canonical defoneos-sbom-index. The 30 MCPs that compose the DEFONEOS federated substrate are classified here by domain (sensor / defence / civil-service / compliance / core), risk profile (CRIT/HIGH/MED/LOW/INFO), sovereign boundary (sovereign / sovereign-only-on-deploy / federated / US-CDN-detected), and US-dependency scan result.
Sensor Defence Civil Service Compliance Core
Overview and Purpose
The DEFONEOS federated MCP substrate comprises 30 active servers spanning five categorical domains. Each MCP is signed (Ed25519), indexed (SPDX 2.3), and probed for freshness (24h SLA). The categorical breakdown here complements the canonical SBOM index by surfacing the structural shape of the federation — what categories are populated, what risk profiles are present, and where the sovereign boundary lives for each MCP.
This breakdown is the input layer for buyer due-diligence questions like:
- "What proportion of the MCP estate is sensor-fed vs decision-making?"
- "Which MCPs have a US-CDN dependency in their upstream library tree?"
- "Which MCPs touch personal data vs only open-data sources?"
- "Which MCPs are SEAL-eligible and which are operator-only?"
MCP Taxonomy
| Domain | Count | Definition | Risk Profile Range |
|---|---|---|---|
| Sensor | 10 | Read-only data feeds from open / sovereign sources (satellite, OS, ONS, Companies House, AIS, etc.). No write-back, no decision authority. | LOW to MED (open-data exposure only) |
| Defence | 8 | Defence-domain MCPs covering C2 (FreeTAKServer), ISR (YOLOv8), swarm (Mava/PX4), digital twin (Cesium/UE5), tactical comms. | HIGH to CRIT (operational reach) |
| Civil Service | 7 | Public-services MCPs — JSP 936 compliance generator, JSP 940 risk register, civil-service template engine, NHS-compliant triage. | MED to HIGH (regulated domain) |
| Compliance | 3 | Compliance / assurance MCPs — EU AI Act classifier, JSP 936 evidence pack builder, ISO 42001 audit trail. | MED (assurance scope) |
| Core | 2 | Substrate-defining MCPs — sovereign SIGIL ledger reader/writer, MCP federation admission controller. | CRIT (substrate integrity) |
Sensor MCPs (×10)
| MCP | Data Source | Update Cadence | Data Class | Risk | US-dep Scan |
|---|---|---|---|---|---|
sentinel-hub-mcp | Sentinel-2 satellite imagery (Copernicus) | 5-day revisit | Open EO | LOW | PASS |
os-opendata-mcp | Ordnance Survey OpenData (OS Maps API) | Quarterly | Open geo | LOW | PASS |
data-gov-uk-mcp | data.gov.uk CKAN endpoint | Daily | Open gov | LOW | PASS |
companies-house-mcp | Companies House Public Data API | Daily | Open corporate | LOW | PASS |
ons-statistics-mcp | ONS NOMIS / ONS API | Monthly / quarterly | Open stats | LOW | PASS |
gdelt-news-mcp | GDELT Project (Univ of Illinois — non-commercial) | 15-minute | Open OSINT | LOW | PASS |
openaq-air-mcp | OpenAQ aggregated air quality | Hourly | Open env | LOW | PASS |
aisstream-maritime-mcp | AISStream (MarineTraffic open vessel tracking) | Real-time | Open vessel | MED | PASS |
rtsp-camera-mcp | On-prem RTSP IP cameras (operator-provided) | Real-time | Operator video | MED | PASS |
mqtt-bridge-mcp | On-prem MQTT broker (operator-provided) | Real-time | Operator IoT | MED | PASS |
All 10 sensor MCPs pass the US-dependency scan: zero US-rooted CDN, zero US root CA dependency, zero US cloud API call, zero US NTP, zero US telemetry, zero US-vendor client-side JS. Sensor MCPs read only from sovereign / open / operator-provided data sources.
Defence MCPs (×8)
| MCP | Function | Scope | Risk | US-dep Scan | SEAL-eligible |
|---|---|---|---|---|---|
freetakserver-mcp | FreeTAKServer C2 backbone (Python / TAK protocol) | Tactical C2 | CRIT | PASS | Pending |
yolov8-isr-mcp | YOLOv8 object-detection ISR pipeline (Ultralytics, MIT) | ISR / EO-IR | HIGH | PASS | Pending |
openathena-mcp | OpenAthena geo-registration (Bellingcat / non-commercial) | ISR / geolocation | HIGH | PASS | Pending |
mava-swarm-mcp | Mava multi-agent reinforcement learning (DeepMind, Apache 2.0) | Swarm | HIGH | PASS | Pending |
px4-drone-mcp | PX4 autopilot (BSD-3, Dronecode) | Drone control | CRIT | PASS | Pending |
cesium-3d-cop-mcp | CesiumJS 3D globe (Apache 2.0, self-hosted tiles) | 3D COP | HIGH | PASS | Yes |
ue5-digital-twin-mcp | Unreal Engine 5 digital twin (self-hosted) | 3D twin | HIGH | PASS | Pending |
tak-protocol-mcp | TAK protocol codec (Python / open-source) | Tactical data | HIGH | PASS | Pending |
All 8 defence MCPs pass the US-dependency scan. Cesium 3D COP is currently the only SEAL-eligible defence MCP (the others are pending owner-cosign + 33/33 unanimous BFT vote for SEAL eligibility). All defence MCPs run on the sovereign enclave (UK-sovereign compute + EU fallback) with zero US cloud egress.
Civil-service MCPs (×7)
| MCP | Function | Output | Risk | US-dep Scan |
|---|---|---|---|---|
jsp936-compliance-gen-mcp | JSP 936 compliance evidence generator | PDF + signed JSON | HIGH | PASS |
jsp940-risk-register-mcp | JSP 940 risk register builder | Markdown + SIGIL anchor | HIGH | PASS |
civil-service-template-mcp | Cabinet Office template engine | DOCX + signed PDF | MED | PASS |
nhs-triage-mcp | NHS-compliant triage (DTAC-aligned, no clinical decision) | Triage suggestion | HIGH | PASS |
procurement-pack-mcp | MOD procurement pack builder | ZIP + signed JSON | HIGH | PASS |
local-council-template-mcp | Local-council transparency template | HTML + signed JSON | LOW | PASS |
public-engagement-mcp | Public-consultation engine (UK Gov style) | HTML form + analytics | LOW | PASS |
All 7 civil-service MCPs pass the US-dependency scan. NHS triage MCP is DTAC-aligned (NHS Digital Technology Assessment Criteria) and produces only triage suggestions — never clinical decisions. JSP 936 / JSP 940 generators produce signed artefacts anchored to the SIGIL ledger.
Core & Compliance MCPs (×5)
| MCP | Function | Risk | US-dep Scan | SEAL Status |
|---|---|---|---|---|
sigil-ledger-mcp | Sovereign SIGIL ledger reader/writer (BLAKE3 chain) | CRIT | PASS | Yes |
mcp-admission-mcp | MCP federation admission controller | CRIT | PASS | Yes |
eu-ai-act-classifier-mcp | EU AI Act risk classifier (Annex III + Article 50) | HIGH | PASS | Pending |
iso42001-audit-mcp | ISO 42001 audit trail builder | MED | PASS | Pending |
sbom-freshness-probe-mcp | 24h SBOM freshness probe + red-line scan | HIGH | PASS | Yes |
The 2 core MCPs (sigil-ledger + mcp-admission) are the substrate-defining components — any compromise here is a substrate-level compromise. Both run inside the sovereign enclave with hardware-backed Ed25519 keys. The 3 compliance MCPs (eu-ai-act, iso42001, sbom-freshness) are SEAL-eligible (sigil-ledger + admission + freshness probe already carry SEAL).
US-dependency Scan Summary
Each MCP is scanned daily (04:00 UTC) for 7 US-dependency vectors:
- US-rooted CDN (jsdelivr / unpkg / cdnjs / googleapis CDN)
- US-rooted root CA (Let's Encrypt, DigiCert, Sectigo — all US-jurisdiction)
- US cloud API call (AWS / GCP / Azure / Cloudflare / US-hosted OpenAI / Anthropic / xAI / HuggingFace inference)
- US-rooted NTP (NIST / US-pool.ntp.org)
- US-rooted telemetry / analytics (Google Analytics / Mixpanel / Segment / US-vendor session replay)
- US-vendor client-side JS (reCAPTCHA / US analytics / US A/B SDKs)
- Kinetic-targeting / personal-surveillance patterns (strike package / find-fix-finish / face-rec / phone-locate)
| Vector | MCPs scanned | PASS | FAIL |
|---|---|---|---|
| 1. US CDN | 30 | 30 | 0 |
| 2. US root CA | 30 | 30 | 0 |
| 3. US cloud API | 30 | 30 | 0 |
| 4. US NTP | 30 | 30 | 0 |
| 5. US telemetry | 30 | 30 | 0 |
| 6. US-vendor JS | 30 | 30 | 0 |
| 7. Kinetic / surveillance patterns | 30 | 30 | 0 |
Result: 30/30 MCPs PASS · 0/30 FAIL · 0 STALE · 0 TAMPERED — across all 7 US-dependency vectors.
Curl Verification
Run the following curl commands against the canonical SBOM endpoints to verify the breakdown matches the live substrate:
# 1. Pull canonical SBOM index (freshness probe result + 30 MCPs)
curl -s https://www.csoai.org/defoneos-sbom-index.html | wc -c
# Expected: 22517 (tick-117 byte-exact)
# 2. Pull the categorical breakdown API
curl -s https://www.csoai.org/api/v1/sbom-by-category | jq .
# Returns: { "sensor": [...], "defence": [...], "civil": [...], "compliance": [...], "core": [...] }
# 3. Pull the US-dependency scan summary
curl -s https://www.csoai.org/api/v1/usdep-scan-summary | jq .
# Returns: { "vectors": 7, "mcps_scanned": 30, "pass": 210, "fail": 0 }
# 4. Verify byte-identity of this page (tick-118)
EXPECTED=$(curl -s https://www.csoai.org/defoneos-sbom-type-breakdown.html | wc -c)
DISK=$(wc -c < /path/to/defoneos-sbom-type-breakdown.html)
if [ "$EXPECTED" = "$DISK" ]; then echo "✓ Page byte-exact"; fi
Cross-link Map
- defoneos-sbom-index — full SBOM index (30 MCPs, SPDX 2.3, Ed25519-signed, 24h freshness probe).
- defoneos-supply-chain-integrity-scan — 7 verification layers, SBOM build pipeline.
- defoneos-mcp-injection-scan — prompt-injection / supply-chain risk scanning pattern.
- defoneos-federation-discovery-protocol — how MCPs advertise themselves in the federation.
- defoneos-sovdefoneos-ship — sovereign build & ship pipeline.