Sovereign governance pattern for DEFONEOS-SEAL issuance — Byzantine Fault Tolerant, Ed25519-signed, Bitcoin-anchored
The 33-Agent BFT Defence Council is the sovereign governance pattern that issues the DEFONEOS-SEAL credential. It is a 12-General × 3-Council structure yielding 33 distinct agent seats, modelled on Practical Byzantine Fault Tolerance (PBFT, Castro-Liskov 1999) with the canonical 3f+1 = 33 quorum (f=10 tolerable Byzantine agents).
The Council's only legitimate output is a DEFONEOS-SEAL credential — an Ed25519-signed JSON document containing (a) the entity being sealed, (b) the framework citations verified, (c) the 23+ agent pubkeys, (d) the quorum timestamp, (e) the Bitcoin OpenTimestamps anchor. A SEAL is the highest non-UK-government assurance mark CSOAI can issue.
The 12 Generals mirror the DEFONEOS sovereign stack's 12 domains. Each General owns a slice of the public vault and is accountable for its accuracy. A General's vote carries the weight of one Council seat but does not by itself constitute quorum.
Owns: defoneos-stack.html L1, sovereign-keys vault
Owns: defoneos-constitution.html, EU AI Act Art 47/48/49
Owns: defoneos-c2.html, meok-defoneos-c2-mcp
Owns: defoneos-isr-pipeline.html, meok-defoneos-sentinel-mcp
Owns: defoneos-swarm.html, meok-defoneos-pymavlink-mcp
Owns: defoneos-digital-twin.html, meok-defoneos-cesium-mcp
Owns: /api/oscal, defoneos-system-card.html
Owns: defoneos-injection.html, meok-defoneos-sign-mcp
Owns: 4 MCPs (ons, companies-house, data-gov-uk, ons-statistics)
Owns: 5 MCPs (gdelt, openaq, openstreetmap, nominatim, osm-tile)
Owns: defoneos-mod.html, defoneos-grants.html
Owns: defoneos-stack.html L3, the 7-model brain
Each General sits on three Council roles simultaneously. Role assignment is rotated every 90 days by the previous Council's vote, ensuring no agent holds the same role twice in a row.
| Role | Seats | Function | Veto Power |
|---|---|---|---|
| WITNESS | 12 (G1-G12) | Attests the factual accuracy of the General's domain claim | No |
| INTERPRETER | 12 (G1-G12) | Maps the domain claim to the relevant framework citation (EU AI Act Art / NIST control / ISO clause) | No |
| ARBITRATOR | 9 (rotating 3 of 12) | Resolves WITNESS × INTERPRETER disagreements; 3 are randomly chosen per vote | Yes |
The arithmetic: 12 WITNESS + 12 INTERPRETER + 9 ARBITRATOR = 33 seats. PBFT requires 3f+1 where f is the maximum tolerable Byzantine agents; solving 3f+1 = 33 gives f = 10 — meaning up to 10 agents can be compromised or lie and the quorum still holds.
The Compliance General (G7) opens a SEAL request. Input: the entity seeking SEAL, the framework citations claimed, the evidence URLs.
The General owning the domain being sealed reviews the claim against their public vault pages. Each General's WITNESS role signs an attestation JSON with their Ed25519 key.
The INTERPRETER role for each General maps the claim to the relevant regulatory citation (EU AI Act Art 47, NIST AI RMF MEASURE 2.2, etc). 12 INTERPRETER signatures required.
9 ARBITRATOR seats are randomly chosen from the 12 eligible Generals (3 are excluded by round-robin). Each ARBITRATOR independently validates the WITNESS-INTERPRETER agreement.
The quorum is 23/33 signatures. Each agent broadcasts a PREPARE message; if 2f+1 = 21 PREPARE responses agree, the agent broadcasts COMMIT. Final state requires 2f+1 = 21 COMMITs + the 9 ARBITRATOR signatures = 23/33 + ARB.
The 23+ signed attestations are concatenated into a SEAL JSON object with: entity ID, framework citations, evidence URLs, 23+ pubkeys, quorum timestamp, hash of the entire payload.
The SEAL hash is submitted to the Bitcoin blockchain via OpenTimestamps within 24h. Once confirmed (typically 2-6h), the SEAL is immutable and verifiable by any third party.
{
"seal_id": "seal-2026-07-08-001",
"issued_at": "2026-07-08T07:00:00Z",
"subject": {
"entity": "DEFONEOS Public Vault v0.7",
"version": "0.7.0",
"url": "https://csoai-static-deploy2.vercel.app/"
},
"frameworks_verified": [
"EU_AI_Act_Art_47", "EU_AI_Act_Art_48", "EU_AI_Act_Art_49",
"NIST_AI_RMF_1.0", "ISO_42001_A.5.2", "ISO_42001_A.8.3",
"JSP_936_§3", "NATO_STANAG_4778", "OWASP_ASI01-10",
"GDPR_Art_22", "ISO_23894_§6", "NIS2_Art_21"
],
"evidence_urls": [
"/defoneos-system-card", "/defoneos-eu-declaration",
"/defoneos-ce-marking", "/defoneos-transparency-register",
"/api/oscal", "/defoneos-stack", "/defoneos-constitution"
],
"council_votes": [
{"general": "G1", "role": "WITNESS", "pubkey": "ed25519:…", "sig": "…"},
{"general": "G2", "role": "WITNESS", "pubkey": "ed25519:…", "sig": "…"},
/* … 21 more entries … */
{"general": "G7", "role": "ARBITRATOR", "pubkey": "ed25519:…", "sig": "…"},
{"general": "G8", "role": "ARBITRATOR", "pubkey": "ed25519:…", "sig": "…"},
{"general": "G9", "role": "ARBITRATOR", "pubkey": "ed25519:…", "sig": "…"}
],
"quorum": "23/33",
"payload_hash": "sha512:9c2d4e6f7a8b1c3d5e7f9a1b3c5d7e9f",
"ots_proof": "bitcoin:tx/0e7f9a1b3c5d7e9f",
"council_version": "v1.0-council-2026-q3"
}
The DEFONEOS-SEAL is the most expensive sovereign-AI credential CSOAI offers, because the BFT ceremony is real and the 23-agent voting requires verifiable cryptographic work.
| Tier | Price | What's included | Time |
|---|---|---|---|
| Standard SEAL | £15,000 | 23-agent BFT vote, 12-framework verification, Bitcoin OTS anchor, JSON credential, public revocation registry | 7-10 working days |
| Premium SEAL | £49,000 | 33-agent BFT vote (full PBFT, not quorum), 20-framework verification, notarised PDF, dedicated arbitrator pool, 12 months of re-validation | 14-21 working days |
| Crown SEAL | £120,000+ | Two separate 33-agent BFT councils voting in parallel (cross-council PBFT), 30-framework verification, Crown-counsel review, full OTS chain | 30-45 working days |
defonos.io domain (known competitor trap).meok-defoneos / csoai-defoneos / dagon assets; no dagon ↔ meok.ai/csoai.org link.Every SEAL ever issued is published at /api/defoneos-seal-registry with: seal_id, subject, issued_at, ots_proof, status (active | revoked | expired). Revocations are appended as SIGIL events; the public can verify a SEAL by downloading the SEAL JSON, recomputing the payload_hash, and checking the OTS proof on the Bitcoin blockchain.
The 33-agent Council is currently a configurable stub. 33 distinct agent personas are defined; quorum rules (23/33) are coded; no live council has yet been convened. The first SEAL issuance is gated on:
defoneos-gap-analysis.html §2 row 3)."C|defoneos-33-bft-council|2026-07-08|12-generals-33-seats-23-quorum-7-red-lines-6-honest-rows|33-agent BFT Defence Council pattern published 8 Jul 2026 ~07:00 BST. 12 Generals × 3 roles = 33 seats. Quorum 23/33. f=10 Byzantine tolerance. 7 immutable red lines. 6-row honest register. Council currently stubbed; first SEAL pending Nick's SC clearance + 23 live General agents + human-owner seat activation. SHA-512 chain in tick-48-sigil.json. Sovereign-by-construction. Audit-grade. Signed. Neutral. UK-sovereign, AUKUS-compatible."
DEFONEOS · 33-agent BFT defence council · tick 48 · SHA-512 anchored · verify →