MCP Federation Architecture

30 MCPs in 3 trust rings · inward-cascade data flow · SIGIL per tool invocation · BFT admission control · federation discovery via /.well-known/ manifest.

30
MCP Servers
3
Trust Rings
9
Admission Checks
23/33
BFT Quorum

1. Architecture Overview

The DEFONEOS MCP (Model Context Protocol) Federation is a constellation of 30 independent MCP servers, each providing tool capabilities to the sovereign AI inference layer. MCPs are organised into 3 trust rings based on data sensitivity and jurisdictional requirements.

Ring 0 — CORE SOVEREIGN (7 MCPs)
┃ UK-sovereign-only inference · No external API calls
┃ sigil · bft · compliance · seal · redteam · escrow · audit

┣━━ Ring 1 — DEFENCE SENSORS (11 MCPs)
┃ AUKUS-compatible · Inward-cascade data flow
┃ freetak · sentinel · ais · gdelt · rtsp · yolo · athena · mava · cesium · mqtt · openaq

┗━━ Ring 2 — CIVIL OPEN-DATA (12 MCPs)
Unrestricted · Publicly available data sources
os · govuk · companies · ons · met · nhs · env · transport · planning · parliament · ofcom · landreg

2. Ring 0 — Core Sovereign (7 MCPs)

The innermost ring. These MCPs handle governance, compliance, and cryptographic operations. UK-sovereign-only inference — no external API calls whatsoever.

#MCPFunctionTrust Level
1sigil-mcpSIGIL attestation ledger — every tool invocation is signed, timestamped, anchoredRing 0
2bft-mcp33-agent BFT governance council — voting, quorum, session managementRing 0
3compliance-mcpJSP 936, GDPR, EU AI Act compliance reporting automationRing 0
4seal-mcpDEFONEOS-SEAL credential issuance — requires 23/33 BFT voteRing 0
5redteam-mcpAdversarial red-team framework — continuous probing, severity classificationRing 0
6escrow-mcpSovereign data escrow protocol — 7-layer custody, release gates, destructionRing 0
7audit-mcpImmutable audit trail — SIGIL receipts, BFT session transcripts, red-team reportsRing 0

3. Ring 1 — Defence Sensors (11 MCPs)

These MCPs ingest sensor and intelligence data from external sources. Data flows inward (from source → DEFONEOS), never outward. AUKUS-compatible but UK-sovereign-controlled.

#MCPCategoryData Direction
8freetak-mcpC2 / TAK server bridgeInward
9sentinel-hub-mcpSatellite imagery (Copernicus, Sentinel)Inward
10ais-mcpMaritime AIS vessel trackingInward
11gdelt-mcpOSINT / global news eventsInward
12rtsp-mcpIP camera / RTSP video streamsInward
13yolo-mcpComputer vision (YOLOv8 object detection)Inward
14athena-mcpGeospatial query (OpenAthena)Inward
15mava-mcpSwarm intelligence / multi-agent coordinationInward
16cesium-mcp3D globe / digital twin visualizationInward
17mqtt-mcpIoT bridge / sensor telemetryInward
18openaq-mcpAir quality monitoringInward

4. Ring 2 — Civil Open-Data (12 MCPs)

These MCPs ingest publicly available UK civil data. No classified or sensitive data. Used for situational awareness, planning intelligence, and compliance automation.

#MCPCategory
19os-opendata-mcpOrdnance Survey open data
20data-gov-uk-mcpdata.gov.uk government open data
21companies-house-mcpCompanies House registry
22ons-mcpONS statistics and census
23met-office-mcpMet Office weather data
24nhs-mcpNHS data services
25env-agency-mcpEnvironment Agency data
26transport-mcpDepartment for Transport data
27planning-mcpPlanning application data
28parliament-mcpUK Parliament data (Hansard, committees)
29ofcom-mcpOfcom communications data
30land-registry-mcpHM Land Registry data

5. Inward-Cascade Data Flow

Data flows inward only — from external sources through the rings toward the core. Data never flows outward from Ring 0 to Ring 1 or Ring 2 without explicit BFT approval.

External Sources → Ring 2 (Civil) → sanitised → Ring 1 (Defence) → enriched → Ring 0 (Core)

Ring 0 ← NEVER sends data outward without BFT 23/33 approval
Ring 1 ← sends enriched intelligence inward only
Ring 2 ← ingests public data, sanitises, passes inward

At every ring boundary crossing, a SIGIL attestation is generated recording: source MCP, destination MCP, data type, timestamp, Ed25519 signature of approving agent.

6. SIGIL Per Tool Invocation

Every single tool invocation across all 30 MCPs generates a SIGIL receipt:

SIGIL FieldDescription
tickGlobal tick counter for ordering
mcp_idWhich MCP server was invoked
tool_nameWhich specific tool was called
callerEd25519 public key of the calling agent
timestampRFC3161 trusted timestamp
ringTrust ring of the MCP (0, 1, or 2)
data_hashSHA-256 of input + output data
signatureEd25519 signature of the calling agent
ots_proofBitcoin OpenTimestamps anchor

7. BFT Admission Control (9-Point Checklist)

Before any new MCP can join the federation, it must pass all 9 admission control checks, verified by the 33-agent BFT council (23/33 quorum):

#CheckDescription
1Source provenanceAll code dependencies traced to source, hash-verified
2Red-line complianceMCP contains no kinetic-targeting, no personal-surveillance patterns
3Data flow classificationInward-only data flow confirmed; no outbound data exfiltration
4Ring assignmentCorrect trust ring assigned based on data sensitivity
5SIGIL integrationAll tool invocations generate valid SIGIL receipts
6UK sovereigntyRing 0 MCPs: zero external API calls confirmed
7Supply chain integrityNo compromised dependencies; SIGIL-anchored on PyPI
8Adversarial test passRed-team framework: 12 vectors tested, no T1/T2 findings
9Escrow compatibilityAny data stored by the MCP is escrow-compatible (7-layer custody)

8. Federation Discovery

New deployments discover the MCP federation via a well-known manifest:

GET /.well-known/defoneos-manifest.json

The manifest contains: list of active MCPs, their trust rings, SIGIL verification endpoints, BFT council status, and federation version. This enables zero-config discovery for new AUKUS partner deployments.

9. Inference Routing

RingInference LocationExternal APIModel Access
Ring 0UK-sovereign MLX (local)NoneSOV3 sovereign models only
Ring 1UK-sovereign or AUKUS-partnerAUKUS partners only (BFT-approved)Sovereign + frontier bridge (BFT-gated)
Ring 2UK or cloud (unrestricted data)Any (data is public)Any model

10. Failover & Graceful Degradation

ScenarioResponse
Single MCP failureFederation continues. SIGIL records the failure. BFT notified.
Ring 0 MCP failureGovernance functions enter safe mode. All data releases frozen. Human-owner notified immediately.
Network partitionEach ring operates independently. Ring 0 maintains full governance. Data queued for sync.
BFT quorum lossIf <23 agents available, federation enters read-only mode. No new data releases until quorum restored.
Escrow breach detectedAll Ring 0 MCPs enter emergency freeze. BFT emergency session triggered (17/33).