🧠 Agentic runtime live

Public Operator Handbook

8 bounded workflows Β· 3 trust rings Β· typed identity/admission/routing/incident/rotation/disclosure

Scope

This handbook documents the bounded operator workflows that any DEFONEOS deployment exposes to its named operators. The scope is public-facing, non-offensive, non-personal-surveillance. Workflows that would cross into offence, kinetic targeting, or personal surveillance are not part of the public surface.

1. The 3 trust rings

RingMCPsScope
Ring07 sovereign coresigil/bft/compliance/seal/redteam/escrow/audit β€” UK-sovereign-only
Ring111 defence sensorsfreetak/sentinel/ais/gdelt/rtsp/yolo/athena/mava/cesium/mqtt/openaq β€” AUKUS-compatible
Ring212 civil open-dataos/govuk/companies/ons/met/nhs/env/transport/planning/parliament/ofcom/landreg β€” unrestricted

2. Typed principals

Cross-principal actions require 3-witness BFT attestation: human + agent + MCP from the appropriate ring tier.

3. Workflow 1 β€” Identity

Operator goal: prove identity to a downstream MCP. Inputs: Touch ID enrolment, MCP manifest fingerprint. Outputs: signed identity assertion. BFT threshold: 17/33 for low-privilege, 23/33 for privileged. Failure modes: biometric mismatch β†’ retry; MCP unknown β†’ refuse + log.

4. Workflow 2 β€” Admission

Operator goal: bring a new MCP into the federation. 9-point checklist: manifest, identity, capability attestation, SBOM, source signature, behavior profile, ROT cadence, ring assignment, BFT-voted admission. BFT threshold: 23/33 for admission. Failure modes: missing SBOM β†’ quarantine; unsigned source β†’ refuse.

5. Workflow 3 β€” Routing

Operator goal: route a request between MCPs. Inputs: from-MCP, to-MCP, ring context, payload. Outputs: routed request + delivery receipt. Ring restrictions: Ring0↔Ring1 mediated; Ring0↔Ring2 mediated; Ring1↔Ring2 mediated. Cross-ring mediation requires Ring0 gateway cosign.

6. Workflow 4 β€” Incident

Operator goal: respond to a SEV1-SEV4 incident. SEV1: 5-min MTTA / 30-min MTTR / 24/7 war-room Β· BFT-gated containment (q_mcp 17/33 β†’ lockdown 27/33 β†’ escrow_veto 23/33). SEV2: 15-min MTTA / 4-hr MTTR / business hours. SEV3: scheduled review. SEV4: SIGIL-anchored ticket only.

7. Workflow 5 β€” Rotation

Operator goal: rotate a secret, signing key, TLS cert, or policy. Cadence: API keys 24h / signing keys 90d / encryption keys 365d / TLS certs 30d. Method: Shamir 3-share β†’ 4-share graceful promotion with 24h overlap, cryptographic dual-control, Ed25519-signed rotation receipt on SIGIL ledger.

8. Workflow 6 β€” Discovery

Operator goal: discover peer MCPs. Method: /.well-known/defoneos-manifest.json with Ed25519-signed manifests. 6-state lifecycle: DISCOVERED β†’ PENDING_ADMISSION β†’ ACTIVE β†’ DEGRADED β†’ QUARANTINED β†’ RETIRED. 15s heartbeat, 5min manifest, 15min SIGIL sync, 1h reindex.

9. Workflow 7 β€” Disclosure

Operator goal: disclose a security incident or near-miss. Channels: sovereign SIGIL ledger (public), NCSC CiSP (UK-only), customer-specific reports (per MFA). Cadence: incident disclosure within 30 days; red-line attempts disclosed within 24h; SIGIL ledger retention 7 years.

10. Workflow 8 β€” Escrow

Operator goal: handle a data lifecycle event (return / transfer / burn). Inputs: customer disposition + BFT attestation. Outputs: encrypted export OR successor hand-off OR cryptographic destruction proof. Witnesses: minimum 3 of 33 BFT agents present. SLA: 30 days from contract end to disposal completion.

What is intentionally NOT in this handbook

These are out of scope for DEFONEOS public surface. They are also out of scope for the underlying 33-agent BFT β€” even 33/33 unanimous cannot override a red line.