Complete architecture documentation, API reference, and developer guides for the UK's sovereign defence AI OS.
DEFONEOS is built as a 7-layer sovereign substrate. Each layer is independently deployable, independently auditable, and communicates only through cryptographically signed MCP messages.
| Server | Package | Tools | Badge | Description |
|---|---|---|---|---|
eu-ai-act-compliance | eu-ai-act-compliance-mcp | 12 | CORE | EU AI Act article-by-article compliance: risk classification, Article 50 watermarking, high-risk audit, prohibited practices |
meok-governance-engine | meok-governance-engine-mcp | 15 | GOV | 30-framework governance audit, crosswalks, charter enforcement, policy lab |
meok-king | meok-king-mcp | 3 | GOV | 28-hive king router, MoE+BFT, fan-out queen queries |
sov3-bridge | sov3-bridge-mcp | 8 | CORE | Multi-persona deliberation, cross-synthesis, strategic verdict |
article-50-watermarking | article-50-watermarking-mcp | 3 | CORE | EU Digital Omnibus Act watermarking passport issuance + HMAC/Ed25519 verification |
meok-mcp-injection-scan | meok-mcp-injection-scan-mcp | 4 | SEC | Prompt injection detection, supply-chain risk, Morris-II worm scan |
meok-compliance-passport | meok-compliance-passport-mcp | 5 | GOV | Signed, portable compliance credential with Ed25519 attestation |
federation-compliance-only | federation-compliance-only-mcp | 6 | GOV | EU AI Act, GDPR, HIPAA, SOC2, PCI-DSS, ISO 27001 compliance checks |
| Server | Package | Tools | Badge | Description |
|---|---|---|---|---|
sentinel-hub | sentinel-hub-mcp | 6 | DATA | Sentinel-1/2/3 satellite imagery, NDVI, flood detection, change analysis |
os-opendata | os-opendata-mcp | 5 | DATA | Ordnance Survey Open Names, Open Rivers, Open Roads, Boundaries |
data-gov-uk | data-gov-uk-mcp | 4 | DATA | data.gov.uk 60K+ datasets search, download, metadata |
companies-house | companies-house-mcp | 6 | DATA | UK company registry: search, filing history, officers, PSC |
ons-statistics | ons-statistics-mcp | 4 | DATA | ONS census, economic indicators, population, employment data |
aisstream-maritime | aisstream-maritime-mcp | 5 | DATA | Live AIS vessel tracking, port arrivals, maritime anomaly detection |
openaq-air | openaq-air-mcp | 4 | DATA | Global air quality monitoring, PM2.5/NO2/O3, CBRN detection |
gdelt-news | gdelt-news-mcp | 5 | DATA | GDELT OSINT: global news events, conflict tracking, sentiment |
rtsp-camera | rtsp-camera-mcp | 4 | DATA | RTSP IP camera capture, frame extraction, YOLOv8 object detection |
mqtt-bridge | mqtt-bridge-mcp | 4 | DATA | MQTT IoT bridge: sensor pub/sub, device management, telemetry |
| Server | Package | Tools | Badge | Description |
|---|---|---|---|---|
dorado-foreign-access | dorado-foreign-access-mcp | 5 | SEC | Foreign-access attempt detection, IP geolocation, block list |
dorado-pqc | dorado-pqc-mcp | 4 | SEC | NIST PQC key generation, rotation, verification (ML-DSA, ML-KEM) |
dorado-audit | dorado-audit-mcp | 6 | SEC | SIGIL chain audit, replay tool, customer report export |
dorado-soc | dorado-soc-mcp | 5 | SEC | SOC dashboard, bot detector, shift handoff, CISO escalation matrix |
The SIGIL chain is DEFONEOS's append-only, hash-chained, Ed25519-signed audit ledger. Every action by every agent is recorded.
<OP>|<actor>|<target>|<message>|<timestamp>|<prev_hash>|<signature>
| Code | Operation | Use Case |
|---|---|---|
C | Command | Direct instruction to an agent |
P | Proposal | BFT council proposal submission |
V | Vote | BFT council vote (for/against/abstain) |
M | Memory | Memory write/recall |
Q | Query | Information request |
H | Handoff | Inter-agent task handoff |
S | State | System state change |
A | Assertion | Compliance assertion (L3 OrgKernel) |
hash(n) = SHA-256(entry_n || hash(n-1)) signature = Ed25519.sign(private_key, hash(n))
Each entry's hash includes the previous entry's hash, making the chain tamper-evident. Any modification to a historical entry invalidates all subsequent hashes. Signatures are verifiable by anyone with the agent's public key (L1 identity registration).
| Type | Threshold | Scope |
|---|---|---|
| Standard | 22/33 (67%) | Normal operational decisions, tool calls above risk threshold |
| Supermajority | 27/33 (82%) | Charter amendments, red-line overrides (never used — red lines are immutable) |
| Unanimous | 33/33 (100%) | DEFONEOS-SEAL credential issuance, new agent admission |
| Veto | 1 agent | Any single agent can veto a red-line violation. Veto is cryptographic and non-overridable. |
Compliance · Security · ISR · Swarm · Cyber · Logistics · Medical · Space · Maritime · Land · Air · Civil Resilience — each domain has 2-3 council agents, ensuring no single domain dominates.
DEFONEOS includes a defence-grade semantic knowledge graph. RDF/OWL-compatible. SPARQL-queryable. Entities, relationships, actions, and rules.
Entities (Objects):
Relationships (Links):
IF confidence > 0.85 AND BFT_quorum = true THEN escalateIF vessel.hasAIS = false AND RF_detected = true THEN classify(threat)IF drone.distance < 500m AND restricted_airspace = true THEN alert(security)IF cyber.threat_level = critical THEN activate(incident_response) + notify(BFT_council)IF red_line.violated = true THEN veto(agent) + log(SIGIL) + halt(operation)
# 1. Clone
git clone https://github.com/CSOAI-ORG/defoneos.git
cd defoneos
# 2. Install
pip install -r requirements.txt
# 3. Generate Ed25519 keypair (L1 Identity)
python -c "from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey; k=Ed25519PrivateKey.generate(); print(k.private_bytes_raw().hex(), k.public_key().public_bytes_raw().hex())"
# 4. Start SOV3 hub
python -m sov3.hub --port 3101 --host 0.0.0.0
# 5. Verify
curl -X POST localhost:3101/mcp -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
| Mode | Network | Use Case | Components |
|---|---|---|---|
| Local Development | localhost | Dev, testing, demos | SOV3 hub + Ollama + 5 core MCPs |
| Production (Cloud) | Internet | SaaS, commercial | Full stack + Vercel + GCP VM + 30 MCPs |
| Air-Gapped | No internet | Classified, SCIF | Full stack + local models + USB data diode |
| Coalition | Secure WAN | Five Eyes, NATO | Federated BFT + A2A protocol + STANAG |
| Edge (Field) | Mesh radio | Tactical edge | M2 Mac + Ollama + essential MCPs + DIL |
SOV3_HOST=0.0.0.0 SOV3_PORT=3101 BFT_COUNCIL_PORT=3200 SIGIL_CHAIN_PATH=/var/defoneos/sigil.jsonl ED25519_PRIVATE_KEY=<hex> ED25519_PUBLIC_KEY=<hex> BFT_QUORUM=22 OLLAMA_HOST=http://localhost:11434 VERCEL_TOKEN=<optional> DATABASE_URL=postgresql://...
from defoneos import DEFONEOSClient
client = DEFONEOSClient(host="localhost", port=3101)
# List all tools
tools = client.list_tools()
print(f"{len(tools)} tools available")
# Call a tool
result = client.call("sigil_emit", {
"line": "C|operator|sov3|begin ISR scan sector alpha-7"
})
# Query the knowledge graph
tracks = client.call("sparql_query", {
"query": "SELECT ?v WHERE { ?v rdf:type def:Vessel . ?v def:hasAIS false }"
})
# BFT vote
vote = client.call("bft_vote", {
"proposal": "deploy-counter-drone-jammer-sector-7",
"choice": "for"
})
import { DEFONEOSClient } from '@defoneos/sdk';
const client = new DEFONEOSClient('http://localhost:3101');
// List tools
const tools = await client.listTools();
// Call a tool
const result = await client.call('sigil_emit', {
line: 'C|operator|sov3|begin ISR scan sector alpha-7'
});
// Subscribe to SIGIL stream
client.subscribe('sigil', (entry) => {
console.log('New SIGIL:', entry);
});
# List tools
curl -X POST localhost:3101/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'
# Call a tool
curl -X POST localhost:3101/mcp \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"threat_detect","arguments":{"text":"suspicious payload"}}}'
DEFONEOS uses exclusively Open Government Licence (OGL) data. No proprietary data, no foreign-sourced classified data, no data without provenance.
| Source | Type | Licence | Volume |
|---|---|---|---|
| Ordnance Survey Open Names | Geographic | OGL v3 | ~3 GB |
| Companies House | Business registry | OGL v3 | ~12 GB |
| ONS Statistics | Demographics | OGL v3 | ~4 GB |
| data.gov.uk | Multi-domain | OGL v3 | 60K+ datasets |
| Sentinel Hub | Satellite imagery | Copernicus (free) | On-demand |
| AIS Stream | Maritime tracking | aisstream.io (free tier) | Real-time |
| GDELT Project | OSINT | CC-BY | ~500 GB |
| Met Office | Weather | OGL v3 | On-demand |
| OpenAQ | Air quality | CC-BY | Global |
Total data moat: 49 GB on GCP VM. All OGL/CC-BY. No lock-in.
| Event | Trigger | SIGIL OP | Consumer |
|---|---|---|---|
vessel_detected | AIS gap + RF detection | S (State) | Cesium COP, ISR pipeline |
drone_intrusion | RF signature + distance < 500m | S (State) | Counter-drone module, alert |
cyber_threat | IDS/SIEM alert | S (State) | DORADO, incident response |
bft_proposal | Action above risk threshold | P (Proposal) | BFT council |
bft_vote_cast | Agent votes | V (Vote) | BFT tally, consensus engine |
sigil_chain_append | Any action | All | Audit chain |
red_line_violation | Red-line pattern detected | A (Assertion, compliant=false) | Veto, halt, alert |
compliance_assertion | Action completed | A (Assertion) | OrgKernel L3, audit export |
key_rotation | 90-day timer | S (State) | DORADO PQC |
foreign_access_attempt | Non-sovereign IP | S (State) | DORADO SOC |
A: DEFONEOS is open-source (Apache 2.0), costs £0-£9,999/mo vs Palantir's $50M/year, runs air-gapped, has BFT governance built-in, and every action is cryptographically signed. Palantir is a black box; DEFONEOS is a glass box.
A: Yes. The air-gapped deployment mode runs entirely offline — local Ollama models, local PostgreSQL, local MCPs. Data is transferred via USB with Ed25519 signature verification and quarantine VM processing.
A: The action is deferred. The system enters a safe state — defensive posture, no new actions, existing operations continue with cached parameters. Quorum can be re-established by waking dormant agents or through human override (logged as a SIGIL entry with supermajority requirement).
A: The chain itself uses SHA-256 + Ed25519. DORADO PQC module provides ML-DSA-65 (Dilithium) and ML-KEM-768 (Kyber) for quantum-resistant signatures. The 90-day key rotation ensures forward secrecy even against future quantum adversaries.
A: Yes. Fork the repo, build your MCP following the integration guide, submit a PR. Every contribution is SIGIL-signed and goes through BFT review.
A: Tested with 33 agents, 30 MCPs, 188+ tools, 49 GB data. The architecture is horizontally scalable — more agents = more fault tolerance, more MCPs = more sensor coverage, more VMs = more compute. Coalition mode supports cross-organization federation.