EU AI Act Article 50 — 20 days to seal | Get passport

🐉 DEFONEOS — MOD 30/60/90 Day Onboarding Runbook

Won-buyer activation · 9 steps · 3 milestones · 3 gates · sovereign-by-construction

Owner: JEEVES @ MiniMax-M3 · Version: v1.0 · 10 Jul 2026 · Co-ordinates: /defoneos-mod-30-60-90-day-onboarding.html

9
Steps
3
Milestones
3
Gates
90
Days
Day 30
First SEAL
Day 90
First Audit

0. Pre-Conditions (Before Day 0)

Before this runbook starts, four things must already exist. They are not steps in the runbook — they are pre-conditions for it.

1. The 9-Step Runbook

#StepDaysOwnerDeliverableStatus
1Kick-off call (60 min)Day 0-2Nick + SROCharter signed · Stakeholder map · Success criteria locked
2Technical handover (2h walkthrough)Day 3-5Nick + Tech LeadVM access · SSH keys · MCP registry walk-through · BFT demo
3Compliance baseline (OSCAL SSP + JSP 936)Day 5-15Nick + IA LeadOSCAL SSP document drafted · JSP 936 gap-analysis complete
4M1: Pilot deployment liveDay 15-20Nick + Tech Lead3 MCPs running · 33-agent BFT council instantiated · First seal-candidate submitted
5BFT council convenes (Day 25)Day 20-25Nick + 33 agents + SRO observerCouncil vote on first 3 SEAL candidates · Quorum 23/33 confirmed
6G1: SC clearance verified + IA attestationDay 25-30IA Lead + NickBuyer-side SC cleared · IA attestation letter signed
7M2: First DEFONEOS-SEAL issuedDay 30Nick (BFT council chair)3 Ed25519-signed credentials delivered · OpenTimestamps Bitcoin-anchored
8Operational hand-over (60-day)Day 30-60Nick + Tech Lead10 more MCPs deployed · 240-test pytest passing · UK sovereign map live
9G2: First audit signed off + M3: 90-day retroDay 60-90Nick + SRO + External auditorAudit report · Customer-success review · Year-2 renewal terms discussed

2. The 3 Milestones (Hard Dates)

M1 — Day 20: Pilot Deployment Live

What it means: 3 MCPs running on the buyer's air-gapped VM. 33-agent BFT council instantiated and answering roll-call. First seal-candidate (an AI model the buyer wants credentialed) submitted into the queue.

How we know it worked:

If M1 slips: escalate to Nick + buyer's Tech Lead within 24h. Slip >5 days = commercial credit (£10k per day, capped at platform fee).

M2 — Day 30: First DEFONEOS-SEAL Issued

What it means: The BFT council has voted (≥23/33 quorum), the buyer's first AI model has been credentialed, the Ed25519-signed JSON-LD credential has been issued, and the OpenTimestamps proof has been Bitcoin-anchored.

How we know it worked:

If M2 slips: pause all further SEALs. The first one is the most important — re-convene the council with a fix-and-retry protocol.

M3 — Day 90: First Audit Signed Off

What it means: An external auditor (one of the 3 sovereign-tier firms — BABL UK / ForHumanity UK / Holistic AI UK) has reviewed the deployment, signed off on the audit report, and the customer-success retro has produced the Year-2 renewal terms.

How we know it worked:

3. The 3 Gates (Hard Stops)

G1 — Day 25-30: SC Clearance Verified

Why this is a gate: A DEFONEOS-SEAL can only be issued to a buyer whose Information Assurance Lead is SC-cleared and has signed the IA attestation letter. Without this, the credential is technically valid but commercially worthless — the buyer can't reference it in their own classification chain.

What we need:

If G1 fails: do not proceed to M2. Hold the BFT council vote results in escrow. The seal-candidate can be re-submitted once IA attestation is in place. No commercial workaround.

G2 — Day 90: First Audit Signed Off

Why this is a gate: The Year-2 renewal is contingent on a clean first audit. If the auditor flags critical findings, Year-2 terms are re-negotiated (lower platform fee, additional SEALs included, or 6-month probation).

What we need:

If G2 fails: trigger the remediation plan. Re-audit at Day 120. If Day 120 also fails, the contract enters a 6-month probation with reduced platform fee.

G3 — Day 30: SC Clearance Verified (Nick's Side)

Why this is a gate: Nick must hold an active UK SC clearance (Baseline Personnel Security Standard, or higher) before accessing the buyer's air-gapped VM in classified contexts. Without this, Nick can only deliver DEFONEOS via sovereign cloud (which some buyers won't accept for SECRET material).

What we need:

If G3 fails: DEFONEOS is delivered via sovereign cloud only. Some buyers will accept this; others (especially Navy / RAF) will not. Mitigation: partner with an SC-cleared delivery sub-contractor (e.g., a BAE / QinetiQ partner).

4. The 30-Day Detail (Step-by-Step)

DayActionOwnerOutput
Day 0Contract countersigned · Payment clearedNick + Buyer SROContract PDF in audit log
Day 1Kick-off call scheduled (60 min)NickCalendar invite
Day 2Kick-off call held · Charter signed · Stakeholders mappedNick + SRO + Tech Lead + IA Lead + Commercial LeadCharter PDF + stakeholder map (Notion)
Day 3Technical handover #1 — VM access + SSH keysNick + Tech LeadSSH key installed · MFA enabled
Day 4Technical handover #2 — MCP registry walk-throughNick + Tech Lead30 MCPs catalogued + 3 chosen for pilot
Day 5Technical handover #3 — BFT council demo (live)Nick + IA Lead33-agent council demonstrated · roll-call verified
Day 6OSCAL SSP draft started (use template)Nick + IA LeadDraft SSP v0.1
Day 7-9OSCAL SSP review + JSP 936 gap-analysisIA Lead + NickSSP v0.2 + JSP 936 gap-report
Day 10Pilot MCP deployment — choose 3 (sentinel-hub-mcp / os-opendata-mcp / data-gov-uk-mcp)Nick + Tech Lead3 MCPs running on buyer's VM
Day 11-14Integration testing · 240-test pytest suite passingNick + Tech Lead240/240 tests green
Day 15-19BFT council instantiation on buyer's VM · Roll-call verifiedNick33/33 agents responding
Day 20M1: Pilot deployment live — first seal-candidate submittedNick + Tech LeadSeal-candidate JSON in /var/lib/defoneos/seal-queue/
Day 21-24Council pre-vote deliberation · Each agent reviews the seal-candidate33-agent BFT councilPre-vote ballots cast
Day 25BFT council convenes · Quorum check · Formal vote33-agent BFT council + SRO observerCouncil vote record · 23+/33 approve
Day 26-29SC clearance verification · IA attestation letter drafted + signedIA Lead + SROSC ref number + signed IA attestation
Day 30M2: First DEFONEOS-SEAL issued — Ed25519-signed JSON-LD + OpenTimestamps anchorNick (BFT council chair)3 DEFONEOS-SEAL credentials delivered to SRO + IA Lead

5. The 60-Day Detail (Operational Hand-over)

DayActionOwnerOutput
Day 31-40Deploy 10 more MCPs (sensors + civil service category)Nick + Tech Lead13 MCPs running
Day 41-45240-test pytest integration on full registryNick240/240 tests passing
Day 46-50UK sovereign map live — 12+ UK cities plotted on Cesium globeNick + Tech LeadUK map accessible at https://defoneos.{{buyer}}.mod.uk/map
Day 51-55First SEAL cohort expansion — 5 more seal-candidates submittedBuyer + Nick5 more seal-candidates in queue
Day 56-60BFT council convenes for SEAL cohort #2 · 5 SEALs issued33-agent BFT councilTotal 8 SEALs issued by Day 60

6. The 90-Day Detail (Audit + Renewal)

DayActionOwnerOutput
Day 61-70External auditor onboarded · Audit scope agreedNick + Buyer SRO + AuditorAudit charter signed
Day 71-80Auditor reviews BFT council vote log + OSCAL SSP + SEAL chainAuditorAudit findings draft
Day 81-85Findings reviewed · Remediation plan agreedNick + Buyer SRO + AuditorRemediation plan signed
Day 86-89Customer-success retro · Year-2 terms draftedNick + Buyer SRO + Commercial LeadRetro minutes + Year-2 order form draft
Day 90M3: First audit signed off · Year-2 renewal signed by SROAllAudit report PDF + Year-2 order form signed

7. The Stakeholder Cadence

StakeholderFrequencyFormatGoal
SRO (Senior Responsible Owner)Weekly Day-30, then monthly30-min callStrategic alignment · Risk escalation · Renewal signal
Technical LeadDaily Day-0-30, then weeklySlack + 60-min weekly callTechnical execution · Integration health · Issue resolution
Commercial LeadBi-weekly30-min callInvoicing · Change requests · Year-2 terms
Information Assurance LeadWeekly Day-0-30, then monthly60-min callOSCAL SSP · JSP 936 · SC verification · Audit prep
33-agent BFT councilPer SEAL batchAuto-conveneSEAL issuance · Audit-grade votes
External auditorDay-60 to Day-90Working sessionsAudit findings · Remediation · Sign-off

8. The 30/60/90 Communication Pack

Nick sends a written status update at the end of every 30-day window. The format is fixed — 8 lines, 1 page.

Subject: DEFONEOS {{buyer}} — Day {{N}} Status 1. Top-line: [green/amber/red] — {{1-line headline}} 2. Milestones reached: [M1 / M2 / M3 — yes/no] 3. Gates cleared: [G1 / G2 / G3 — yes/no] 4. MCPs deployed: [n / 30] 5. SEALs issued: [n] 6. Audit findings (if any): [Critical: 0 / Major: 0 / Minor: 0 / Obs: 0] 7. Open risks: [list] 8. Next 30 days: [top 3 priorities] — Nick

9. The 30/60/90 Escalation Path

If a milestone slips, this is the escalation chain — keep it tight, defence buyers hate long escalation trees.

  1. Tech Lead flags issue in the Slack channel
  2. Nick responds within 4h business hours
  3. If unresolved at 24h: Commercial Lead + IA Lead join a 30-min triage call
  4. If still unresolved at 72h: SRO + Nick have a 60-min strategic call
  5. If strategic call doesn't resolve: commercial credit issued (£10k/day M1 slip, £20k/day M2 slip)

10. The Renewal Pipeline (Day 90 → Year 2)

The 30/60/90 runbook ends with a signed Year-2 renewal order form. The Year-2 cadence:

PeriodAction
Year-2 Day 0-30Year-1 retro applied to Year-2 setup
Year-2 Day 30-180Steady-state: monthly SEAL batches (5-10 per month)
Year-2 Day 180-270Mid-year review · Expansion conversation
Year-2 Day 270-330Year-3 renewal terms drafted
Year-2 Day 330-365Year-3 order form signed

11. The 30/60/90 Failure Modes

Three named failure modes with pre-planned recovery.

Failure Mode A — M1 Slip (Pilot Deployment)

Likely cause: Buyer's air-gapped VM environment is more constrained than expected (no internet, locked-down DNS, no pip access).

Recovery: Pre-bundle a sovereign-offline pip wheel pack + a sovereign DNS resolver. Add 1 week to M1. Notify SRO on Day 5 if this looks likely.

Failure Mode B — M2 Slip (First SEAL)

Likely cause: BFT council cannot achieve 23/33 quorum (some agents' underlying LLMs are unavailable in the buyer's air-gapped environment).

Recovery: Run a "starter council" of 12 agents (quorum 9/12) for the first SEAL. Document the deviation in the audit log. Scale to 33-agent council at Year-2 when more sovereign LLMs are available.

Failure Mode C — G2 Slip (First Audit)

Likely cause: External auditor flags a Major finding (e.g., insufficient IA attestation evidence).

Recovery: 30-day remediation plan + Day-120 re-audit. If Day-120 also fails, contract enters 6-month probation with 50% reduced platform fee.


🟥 8-Line Honesty Register

  1. This runbook is theoretical until the first buyer signs. Real-world defence procurement will surface gaps not anticipated here.
  2. The 9-step structure assumes a fully-staffed sovereign team. Nick is solo — steps 3-9 require sub-contractor support or partnership with a UK prime.
  3. The 30-day first SEAL is aggressive. Real-world BFT council cycles take 45-60 days. We may need to relax M2 to Day 45.
  4. The external auditor tier assumes BABL UK / ForHumanity UK / Holistic AI UK. All three are US-headquartered. A genuinely UK-sovereign auditor is harder to find — perhaps DNV UK or LRQA.
  5. The £10k/day commercial credit is unmodelled. It comes out of Nick's margin, not the buyer's pocket. Worst-case slip = £300k Y1 credit.
  6. The 33-agent BFT council availability is not guaranteed. Each agent runs on a specific LLM; if any LLM is rate-limited or down, quorum fails.
  7. The OSCAL SSP template is from NIST, not NCSC. UK MOD may prefer a CAF-aligned template — gap to bridge in the first 30 days.
  8. The Year-2 renewal assumes the buyer has multi-year budget authority. Many UK MOD budgets are annual — Year-2 may require a fresh tender, which changes the renewal math entirely.

DEFONEOS · Sovereign Public Services OS · Day-10 GTM_PREP · 10 Jul 2026 · Auto-pilot tick 61 · JEEVES @ MiniMax-M3 🐉🔥