EU AI Act Article 50 β€” 20 days to seal | Get passport

DEFONEOS User Portal & Role-Based Access

From field operator to defence secretary β€” one sovereign system, four distinct roles, and 47 granular RBAC controls. DEFONEOS employs progressive disclosure, ensuring every user sees exactly what they need for mission success, and nothing more. This protects operational security and simplifies complex interfaces.

4
Tiered User Roles
47
RBAC Controls
30
MCP Tool Permissions
6
Access Channels
2FA+
Min Authentication
JSP 936
Compliant

1. The Four Sovereign User Roles: Progressive Disclosure in Action

DEFONEOS dynamically adapts its interface, tool availability, and data granularity based on the authenticated user's role. This server-side enforcement is secured by Ed25519-signed JWT tokens and classification-aware scopes, preventing over-privilege and information overload.

πŸŽ–οΈ ROLE 1 Field Operator (DFO-OP)

Who: Front-line personnel: soldiers, police, emergency responders, border force agents, maritime patrol officers. Typically operating in austere or high-stress environments with limited connectivity.

Sees: A streamlined Cesium 3D globe showing only relevant entities (friendly, hostile, unknown) within their assigned Area of Responsibility (AOR). Real-time alerts for immediate threats. Contextual, one-click action buttons for rapid response (e.g., deploy drone, mark contact, request MEDEVAC, send SALUTE report). Pre-configured tool bundles via the defoneos-tak-mcp client, requiring no manual MCP configuration.

Cannot see: Strategic intelligence briefings, BFT council deliberations, system configuration panels, raw sensor data streams from outside their immediate AOR, detailed SIGIL chain internals, or session details of other operators.

Operational Use Case: During a maritime interdiction, an operator on a patrol vessel receives an alert of a dark vessel entering UK territorial waters. With one tap on their ruggedised tablet running ATAK, they can mark the contact, request ISR support from a nearby drone, and escalate to their commanderβ€”all without navigating complex menus.

Training required: DFO-CO Operator Certification (8 modules, 16 hours of blended learning, including simulator drills). Training & Certification Details β†’

Auth level: CAC/PIV card (or equivalent), 2FA + biometric scan (fingerprint/facial recognition). Session timeout 30 minutes, automatically re-authenticates for any privileged action. Max 1 active session to prevent session hijacking.

Typical device: ATAK on an Android tablet (ruggedised), WinTAK on a Windows rugged laptop, or the DEFONEOS Mobile TAK client on a secure smartphone.

πŸ“Š ROLE 2 Intelligence Analyst (DFO-AN)

Who: Specialized intelligence professionals: sensor operators, ISR coordinators, watch floor staff, cyber defenders. Requires deep data access and multi-source correlation capabilities.

Sees: A comprehensive Cesium 3D globe displaying all 17+ data layers (EO/IR, SAR, AIS, SIGINT, OSINT, Cyber Threat Feeds). Access to raw sensor feeds with advanced filtering and historical playback. The full MCP federation explorer, allowing direct access to all 30+ MCPs for custom queries and data fusion. Advanced pattern analysis, anomaly detection, and predictive analytics tools. The complete, immutable SIGIL audit chain with full source provenance and cryptographic verification.

Cannot see: Core system administration panels, BFT council voting mechanisms (can submit evidence and proposals, but cannot cast votes), direct user management, or critical infrastructure deployment configuration.

Operational Use Case: An analyst monitoring the North Sea detects a pattern of unusual AIS transponder behavior. They use the MCP federation explorer to pull satellite SAR imagery from sentinel-hub-mcp, cross-reference open-source maritime intelligence via gdelt-news-mcp, and run a behavioural anomaly detection model via defoneos-ml-mcp. This multi-source fusion allows them to identify a potential smuggling operation within minutes.

Training required: DFO-CD Developer Certification (12 modules, 32 hours focused on data science, AI tools, and multi-source fusion) or the DFO-CA Architect Track. Training & Certification Details β†’

Auth level: UK SC clearance verified. 2FA with hardware security token (YubiKey or equivalent). Session timeout 8 hours. Max 2 active sessions for concurrent research streams.

Typical device: Multi-monitor intelligence workstation (Windows/Linux), dedicated ISR terminal, secure virtual desktop environment.

⭐ ROLE 3 Commander (DFO-CMD)

Who: Senior decision-makers: Brigade commanders, operations directors, emergency coordinators, government officials. Requires a strategic common operating picture (COP) and robust governance tools.

Sees: A high-level strategic COP, aggregating critical intelligence into actionable insights. The BFT-33 council interface, enabling them to call emergency sessions, review proposals from analysts, and approve/veto actions that impact red lines or operational policy. Force readiness dashboards, dynamic resource allocation views, and multi-domain theatre overviews. Real-time compliance scores against JSP 936, the EU AI Act, and NATO AI Strategy. Mission outcome predictions and proactive red line monitoring with autonomous escalation paths.

Cannot see: Raw, unfiltered sensor data (unless explicitly requested and approved), individual MCP server configuration files, or deep system internal logs.

Operational Use Case: During a national flood crisis, a Commander uses the strategic COP to assess the impact on critical infrastructure. They initiate a BFT council session to approve the deployment of civilian AI assets (e.g., crowd-sourced imagery analysis) to rapidly assess damage, balancing operational urgency with data governance. The real-time compliance score reassures them that all AI use adheres to ethical and legal frameworks.

Training required: DFO-CC Commander Certification (8 modules, 20 hours focused on strategic decision-making, BFT governance, and multi-domain operations) + verified SC clearance. Training & Certification Details β†’

Auth level: Verified SC clearance + hardware security token + biometric scan. Session timeout 12 hours. Max 3 active sessions across different command centers. Emergency override actions require a BFT quorum (23/33 agents) to prevent single points of failure.

Typical device: Command headquarters terminal, secure tablet (e.g., Toughbook), VTC-integrated command wall, or dedicated crisis room display.

πŸ”§ ROLE 4 System Administrator (DFO-SA)

Who: Technical custodians: DevSecOps engineers, system administrators, security officers. Responsible for deployment, maintenance, auditing, and secure operation of the DEFONEOS infrastructure.

Sees: Full, unrestricted system access. Comprehensive MCP federation management (add, remove, configure 30+ MCPs). Robust user management (create roles, assign permissions, revoke access, enforce 2FA policies). SIGIL chain administration (verify integrity, export audit packages for regulators, manage Bitcoin anchoring). Full deployment management (Docker container orchestration, air-gap update procedures, hardware configuration). Advanced security dashboards (all alerts, all logs, real-time node health). BFT council node management and network topology. Root access to the sovereign substrate.

Cannot see: Classified mission data content in plaintext. Operational data is encrypted at rest with role-specific keys; administrators can manage the encryption infrastructure but cannot read operational data without the appropriate security clearance and decryption keys (which are separate from admin access).

Operational Use Case: An admin detects unusual network traffic attempting to exfiltrate data from a sensor MCP. They use the security dashboard to trace the anomaly, isolate the affected MCP, and deploy a hotfixβ€”all while monitoring the SIGIL chain for any integrity breaches. They can also manage user access, ensuring that new analysts have the correct RBAC permissions and existing users maintain their clearance status.

Training required: DFO-CS Security Certification (10 modules, 28 hours focused on cyber security, DevSecOps, and secure systems architecture) + SC clearance minimum (DV preferred). Training & Certification Details β†’

Auth level: Verified SC/DV clearance + hardware security token + biometric scan + IP allowlist enforcement. Session timeout 4 hours. Max 1 active session for critical operations. All actions are critically SIGIL-audited. Privileged actions (e.g., changing root passwords, deploying major updates) require BFT approval (23/33 quorum) and multi-factor authorization from Nick.

Typical device: Dedicated admin workstation, air-gapped console, secure SSH terminal, or hardened laptop for field deployments.

2. Granular RBAC Permission Matrix (47 Controls)

DEFONEOS implements 47 granular access controls across 6 primary permission categories, ensuring precise authorization for every action. Every operation is cryptographically SIGIL-audited. Crucially, immutable red lines are enforced at the MCP layer, meaning even a System Administrator cannot override them without a BFT quorum vote and Nick's explicit personal authorization.

Permission Operator
(DFO-OP)
Analyst
(DFO-AN)
Commander
(DFO-CMD)
Admin
(DFO-SA)
SIGIL Audited Description
View Cesium globe (entities)βœ“βœ“βœ“βœ“βœ“Access to the 3D operational globe, showing classified and unclassified entities.
View raw sensor feedsβœ—βœ“β–³ on requestβœ— (encrypted)βœ“Direct access to raw Electro-Optical/Infrared (EO/IR) video, Synthetic Aperture Radar (SAR) imagery, Acoustic, SIGINT.
Deploy drone / swarmβ–³ with approvalβœ—βœ“βœ—βœ“Initiate and control unmanned aerial vehicle (UAV) or autonomous swarm deployments.
Mark contact / create entityβœ“βœ“βœ“βœ—βœ“Add new entities (hostile, friendly, unknown) to the Common Operating Picture (COP).
Request MEDEVACβœ“βœ“βœ“βœ—βœ“Issue 9-line Medical Evacuation requests for injured personnel.
Access MCP federation explorerβœ—βœ“β–³ read-onlyβœ“βœ“Browse and query the 30+ MCP marketplace servers for data and tools.
Configure MCP serversβœ—βœ—βœ—βœ“βœ“Modify settings, add new data sources, or update parameters for MCPs.
Call BFT-33 emergency sessionβœ—βœ—βœ“β–³ with 2 commandersβœ“Initiate a 33-agent Byzantine Fault Tolerant (BFT) council session for critical decisions.
Vote in BFT councilβœ—βœ—βœ“βœ—βœ“Cast a cryptographically signed vote on council proposals.
Submit evidence to BFTβœ“βœ“βœ“βœ“βœ“Submit data, reports, or findings for council review.
View SIGIL audit chainβ–³ own actions onlyβœ“βœ“βœ“βœ“Inspect the immutable, hash-chained ledger of all system actions.
Export SIGIL audit packageβœ—β–³ with approvalβœ“βœ“βœ“Generate a cryptographically verifiable package of SIGIL receipts for external audit.
Create / modify usersβœ—βœ—βœ—βœ“βœ“Add new user accounts, assign roles, or modify existing permissions.
Manage deployment (Docker, air-gap)βœ—βœ—βœ—βœ“βœ“Control the deployment and update of DEFONEOS components in Docker or air-gapped environments.
Override red linesβœ—βœ—βœ—βœ—NEVER β€” requires Nick + BFT 23/33Attempt to bypass the immutable ethical red lines, which is system-blocked.
View compliance scoreβ–³ summaryβœ“βœ“βœ“βœ“Access real-time compliance metrics against various defense and AI regulations.
Configure compliance frameworksβœ—βœ—βœ—βœ“βœ“Define and update the compliance frameworks monitored by DEFONEOS.
View system health / metricsβœ—β–³ ISR-specificβœ“βœ“βœ“Monitor CPU, memory, network, and application-specific metrics.
Access historical playbackβœ—βœ“βœ“βœ“βœ“Review past operational scenarios, alerts, and decisions.
Configure alert routingβœ—β–³ ISR feedsβœ“βœ“βœ“Manage how alerts are disseminated to various channels and roles.
Execute ethical review (AI)βœ—β–³ submit proposalβœ“βœ“βœ“Initiate a formal ethical review of AI model decisions or deployments.
Manage cryptographic keysβœ—βœ—βœ—βœ“βœ“Oversee key generation, rotation, and revocation for data encryption and signing.

Legend: βœ“ Full access Β· β–³ Conditional/approval required Β· βœ— No access. The full RBAC specification includes 47 distinct controls and is detailed in the DEFONEOS Deployment and Governance Guide.

3. Dashboard Layout β€” What Users Actually See

The DEFONEOS dashboard is a single pane of glass, dynamically configured for each role to provide immediate, actionable intelligence.

🌍 CESIUM 3D GLOBE (Center Panel β€” 60% Screen Real Estate)

This is the heart of the operational picture. A high-fidelity 3D globe displays live entities (drones via PX4 integration, ships via AIS feeds, ground vehicles, personnel markers) in real-time. Dynamic data overlays include weather patterns, high-resolution terrain, classified threat zones, and historical track data. Users can zoom seamlessly from satellite view to street level (supporting 30+ zoom levels) and toggle multi-domain data layers. A time slider enables historical playback of any mission. Operators see their AOR; Analysts and Commanders see a full theatre view.

πŸ—‚οΈ DOMAIN SELECTOR (Left Rail β€” 15% Width)

Organized into 12 core operational domains: ISR (Intelligence, Surveillance, Reconnaissance), Maritime Security, Counter-Drone Operations, Cyber Defence, Emergency Response, Border Security, Critical Infrastructure Protection, Space Domain Awareness, Land Operations, Air Operations, Logistics, and Governance. Clicking a tab filters the globe's entities, active alerts, and available tools. Analysts and Commanders can activate multi-domain overlays for comprehensive fusion. Operators are typically restricted to their assigned domain(s) for clarity.

🚨 ALERT FEED (Right Rail β€” 20% Width)

A real-time stream of cryptographically signed SIGIL events, prioritized with the newest at the top. Each alert is color-coded: Red for critical (immediate action required), Amber for warning (monitor closely), Green for information (logged). Clicking an alert automatically centers and zooms the Cesium globe to the event location. Source attribution (e.g., "MCP: Sentinel-Hub," "Sensor: Border Camera 3") and a confidence score (0.0-1.0) are displayed. Contextual one-click action buttons are available for rapid response.

🏰 HIVE STATUS (Bottom Left Panel β€” 10% Height)

Displays the health and activity of the 33 sovereign AI hives. Shows agent count per hive, active task indicators, and a pheromone density heatmap representing computational intensity. Commanders can click on any hive to view its active agents and their current tasks, providing oversight into distributed AI operations. Operators only see the status of their assigned hive.

πŸ“‹ COMPLIANCE SCORE (Top Right Panel β€” 5% Height)

A real-time, dynamic compliance score against key defense and AI regulatory frameworks: JSP 936 (UK), EU AI Act (Article 50), NATO AI Strategy, and ISO 42001. Green indicates passing (β‰₯95% compliance), Amber for monitoring (85-94%), and Red for action needed (<85%). Clicking the score provides a detailed audit breakdown. Administrators see all 147 controls; other roles see an aggregated summary.

πŸ“œ AUDIT TRAIL (Bottom Right Panel β€” 10% Height)

A scrollable feed of recent SIGIL receipts, providing an immutable record of all significant system events. Each receipt includes an Ed25519 signature verifiable in-browser. Clicking any receipt reveals its full JSON detail: timestamp, actor (agent or human), action, parameters, result, cryptographic hash, digital signature, and previous hash. This data can be exported as a compliance evidence package (JSON + PDF) for regulatory audits.

4. Access Channels β€” 6 Secure Ways to Connect to DEFONEOS

DEFONEOS is designed for multi-platform access, ensuring operators can connect from anywhere with appropriate security and data classification.

ChannelBest ForAuth MechanismOffline CapabilityMax ClassificationDescription
Web Dashboard (Cesium)Analyst, Commander2FA + Ed25519 JWTβœ—UNCLASSIFIED β†’ SECRETPrimary browser-based interface for detailed analysis and strategic overview. Real-time updates.
ATAK / TAK ClientField OperatorCAC/PIV + mTLSβœ“ (sync on reconnect)UNCLASSIFIED β†’ SECRETRuggedized mobile client for Android (ATAK) and Windows (WinTAK), designed for tactical edge operations. CoT protocol integration.
Mobile App (iOS/Android)All roles (limited)Biometric + 2FAβ–³ read-only cacheUNCLASSIFIED onlyLightweight mobile application for essential alerts and simplified COP viewing. PII redacted.
REST API + SDKSystem IntegrationOAuth2 + Ed25519 Signed Requestsβœ—UNCLASSIFIED β†’ SECRETProgrammatic access for integrating DEFONEOS into existing defense systems or custom applications.
MCP Federation (JSON-RPC)Analyst, AdminmTLS + DID Authenticationβœ—UNCLASSIFIED β†’ SECRETDirect JSON-RPC interface for developers and advanced analysts to interact with individual MCPs securely.
CLI (sovereign-terminal)Admin, DevSecOpsSSH Key + 2FAβœ“ (air-gap mode)UNCLASSIFIED β†’ TOP SECRETCommand-line interface for system administration, scripting, and air-gapped deployments.

5. Robust Session Security & Authentication Chain

Authentication to DEFONEOS follows a stringent, multi-layered process, cryptographically secured and SIGIL-audited at every step. This ensures only authorized personnel with the correct clearance can access the system.

Multi-Factor Authentication Chain

1. CAC/PIV or Password (Initial Credential) β†’ 2. 2FA (TOTP/HOTP Hardware Token) β†’ 3. Biometric Scan (Optional Layer for Enhanced Security) β†’ 4. Clearance Verification (SC/DV Status Check) β†’ 5. Ed25519 Signed JWT Issued (Role + Scope) β†’ 6. Session Active (Cryptographically Bound)

Every authentication attempt, whether successful or failed, is immediately recorded as a SIGIL event. Failed attempts trigger adaptive rate limiting (e.g., 3 failed attempts within 5 minutes results in a 15-minute lockout and an automated administrator alert). Successful logins emit a SIGIL receipt containing IP address, device fingerprint, and assigned role, forming an undeniable audit trail.

Advanced Session Management & Control

SettingOperatorAnalystCommanderAdminDescription
Session timeout30 min8 hours12 hours4 hoursAutomatic session termination after inactivity.
Max concurrent sessions1231Limits simultaneous logins to prevent unauthorized access.
Idle timeout10 min30 min60 min15 minSystem locks after period of inactivity; requires re-authentication.
IP allowlistβœ—β–³ optionalβœ“βœ“Restricts access to specified IP ranges for enhanced security.
Device bindingβœ“β–³ optionalβœ“βœ“Ties sessions to specific hardware devices, preventing session cloning.
Re-auth for privileged actionβœ“βœ“βœ“βœ“Mandatory re-authentication for sensitive operations, even within an active session.

6. One-Click Actions for Field Operators

The field operator's interface is meticulously designed for speed, clarity, and decisive action in time-critical situations. Every alert is accompanied by contextual one-click actions, eliminating complex menus, multi-step configurations, or prior MCP knowledge requirements.

🚁 Deploy Drone / Swarm

One-click action dispatches the nearest available PX4-integrated drone or a pre-configured swarm to the alert location. Swarm size and composition are automatically calculated based on the perceived threat level and mission parameters. Estimated Time of Arrival (ETA) is displayed. All deployments are critically SIGIL-audited. The operator sees the live drone feed automatically populate within their Cesium globe view.

πŸ“ Mark Contact / Create Entity

Instantly drops a classified entity marker on the globe at the operator's current location or a designated point. Operators can quickly classify contacts as hostile, friendly, unknown, or civilian. The system automatically correlates with existing entities and propagates the information to all connected TAK clients via the Cursor on Target (CoT) protocol, ensuring real-time common situational awareness.

πŸš‘ Request MEDEVAC (Medical Evacuation)

A 9-line MEDEVAC request generator auto-populates with the operator's GPS coordinates and other relevant data. Operators rapidly input priority, patient count, and security situation. The request is routed to the nearest available medical asset via the defoneos-medevac-mcp, ensuring rapid response. A SIGIL receipt is generated for audit purposes.

πŸ“‘ Request ISR (Intelligence, Surveillance, Reconnaissance)

Initiates a request for enhanced sensor coverage over a specified grid reference or area. The system intelligently selects the best available asset: satellite (via sentinel-hub-mcp), aerial (drone), or ground-based (camera). The request is routed through the DEFONEOS ISR pipeline MCP, with priority queuing based on mission criticality.

⚠️ Escalate Alert

Instantly escalates a critical alert to the designated Commander. The system automatically attaches all relevant SIGIL context, raw sensor data, and operator notes. The Commander receives a push notification and the alert is prominently flagged on their dashboard. For extreme criticality, the BFT council can be auto-convened for immediate deliberation.

🎬 Send SALUTE/SALTA-J Report

Generates a structured SALUTE (Size, Activity, Location, Unit, Time, Equipment) or SALTA-J (Size, Activity, Location, Time, Appearance, Armament, Type, J-Code) report based on the current operational view. Auto-populates with entity data, timestamps, and location. The report is submitted to the command chain and is fully SIGIL-audited. Exportable as PDF or JSON for external dissemination.

7. Flexible Notification Preferences (7 Channels)

DEFONEOS provides comprehensive notification routing across seven distinct channels, configurable by each role. Crucially, critical alerts are configured to bypass "do not disturb" settings for Commander and System Administrator roles, ensuring essential information is never missed.

ChannelOperatorAnalystCommanderAdminDND OverrideDescription
Dashboard Toastβœ“βœ“βœ“βœ“β€”In-app visual notification banner (persistent until dismissed).
Audio Alarmβœ“βœ“βœ“β–³Critical onlyAudible alert for immediate attention (configurable tones).
Push Notification (Mobile)βœ“βœ“βœ“βœ“Critical onlyStandard mobile push notifications to iOS/Android devices.
SMS Messageβ–³ criticalβ–³ criticalβœ“βœ“Critical onlyText message notification for key alerts, especially in low-bandwidth areas.
Email Digestβœ—βœ“βœ“βœ“βœ—Aggregated summary of non-critical events and system status (daily/hourly).
TAK CoT Broadcastβœ“βœ“β–³βœ—Critical onlyCursor on Target (CoT) XML broadcast for integration with TAK clients.
WebSocket Streamβœ—βœ“βœ“βœ“β€”Real-time, persistent connection for programmatic alert consumption (APIs).

8. Secure API Key Management (Analyst + Admin)

DEFONEOS employs Ed25519-signed JWTs (JSON Web Tokens) for API key authentication, providing robust security and granular control over programmatic access. These keys are crucial for integrating DEFONEOS with external systems and automation tools.

{ "api_key": "dfo_sk_ed25519_9f2a...c7e1", "role": "analyst", "scopes": [ "mcp:isr:read", "mcp:maritime:read", "mcp:cyber:read", "sigil:read", "sigil:export", "globe:entity:create", "alert:acknowledge", "report:submit" ], "rate_limit": "1000 req/min", "expires_at": "2026-10-05T12:00:00Z", "ip_allowlist": ["10.0.0.0/8", "192.168.1.0/24"], "signed_by": "dfo_sa_root_ed25519_3b1c...8f4d", "created_at": "2026-07-05T08:00:00Z", "last_used": "2026-07-06T07:42:15Z", "sigil_ref": "H|dfo-sa|dfo-an|api-key-issued|2026-07-05T08:00:00Z" }

Each API key is an Ed25519-signed JWT, embedding specific role-based permissions (scopes). System Administrators have the capability to instantly revoke any key, with revocation propagating across the system within 5 seconds via WebSocket. All API key usage, including generation, revocation, and individual calls, is meticulously SIGIL-audited. Keys are configured with auto-expiry based on role policy, and any indication of compromise triggers an immediate session kill and alert cascade throughout the system.

9. Seamless Mobile & TAK Client Experience

DEFONEOS is engineered for integration with existing tactical systems, prioritizing the field operator's experience through ATAK/WinTAK clients and a responsive mobile application.

ATAK / TAK Client Integration (Tactical Edge)

The Android Team Awareness Kit (ATAK) and WinTAK are the primary interfaces for field operators. DEFONEOS achieves seamless integration via the standard Cursor on Target (CoT) protocol, managed through the dedicated defoneos-tak-mcp.

TAK FeatureDEFONEOS IntegrationOperational Benefit
Map ViewDEFONEOS entities (friendly, hostile, unknown) appear as standard CoT icons, color-coded by type and with opacity indicating confidence.Unified situational awareness; familiar interface for tactical users.
ChatDEFONEOS alerts are broadcast into TAK team chat channels. Operators can acknowledge and respond directly from the chat interface.Rapid dissemination of critical information; streamlined communication workflow.
Video FeedLive drone feeds (from PX4-integrated UAVs) stream directly into the TAK video panel, with Picture-in-Picture (PiP) support.Real-time aerial reconnaissance; enhanced sensor-to-shooter links.
Route Planning ToolsDEFONEOS provides threat-avoidance route suggestions based on real-time ISR pipeline data and intelligence overlays.Optimized mission planning; reduced risk for ground/air/maritime assets.
AlertsDEFONEOS critical alerts trigger TAK audio alarms and visual notifications, ensuring immediate attention.Instantaneous threat notification; faster reaction times.
Offline SyncTAK clients cache last-known entity states locally. Upon network reconnection, a full sync is performed via delta-SIGIL, ensuring data consistency.Resilience in disconnected environments; continuous operations in austere conditions.

10. Comprehensive Training & Certification Integration

Access to DEFONEOS is conditional upon successful completion of a user's role-specific certification track. The user portal integrates directly with the DEFONEOS Certification Academy, ensuring a highly skilled and compliant operational force.

CertificationAssociated Role(s)ModulesHoursLabsRenewal CycleDescription
DFO-COOperator8164AnnualFocuses on basic system operation, entity tracking, and one-click actions.
DFO-CDDeveloper/Analyst12328Bi-annualCovers advanced data fusion, MCP interaction, and pattern analysis.
DFO-CAArchitect9246Bi-annualEmphasizes system design, integration, and scaling of DEFONEOS components.
DFO-CSSecurity/Admin10285AnnualDeep dive into cyber security, audit trails, and infrastructure management.
DFO-CCCommander8203Annual + BFT reviewStrategic decision-making, BFT governance, and mission planning.

All certification records are Ed25519-signed and cryptographically verifiable via the DEFONEOS API, providing an immutable record of training compliance. Commander certifications undergo an additional review by the BFT council. Lapsed certifications automatically trigger a revocation of role-specific access, with a 7-day read-only fallback period before full lockout.

11. Core UX Principles: Designed for Mission-Critical Operations

1. Progressive Disclosure. The core principle: present only relevant information. The field operator receives a simplified globe and critical alerts; the intelligence analyst has access to all data layers and the MCP explorer; the commander sees a strategic Common Operating Picture and BFT governance tools; the system administrator has full system oversight. Same sovereign system, four tailored views, zero unnecessary complexity.

2. One-Click Action. In high-stakes environments, speed is paramount. Every alert features contextual one-click actions: deploy drone, mark contact, request MEDEVAC, escalate, send report. This eliminates buried menus and multi-step configurations for time-critical decisions, all transparently SIGIL-audited.

3. Universal Access. DEFONEOS is accessible across all platforms: desktop workstations, ruggedized tablets, smartphones, and dedicated TAK clients. The web dashboard is fully responsive. ATAK/WinTAK integration is via the CoT protocol. A powerful CLI is available for administrators and automation. This ensures no platform lock-in and maximizes operational flexibility.

4. Fail Safe & Resilient. Redundancy is built-in. If DEFONEOS experiences temporary network loss, operators retain the last-known entity state for up to 24 hours. TAK clients locally cache critical data. Air-gap deployment modes preserve full functionality for disconnected operations. Alerts are queued and synchronized upon reconnection. This multi-layered resilience eliminates any single point of failure.

5. Audit Everything. Transparency and accountability are non-negotiable. Every system interactionβ€”login, action, alert, drone deployment, BFT voteβ€”is immediately recorded as an Ed25519-signed SIGIL receipt. This creates a legal-grade, immutable chain of custody, verifiable by third parties and exportable as compliance evidence.

6. Ethical AI & Accessibility. DEFONEOS is designed with an ethical framework from the ground up. All AI model decisions are explainable and auditable. Furthermore, the system is WCAG 2.1 AA compliant, supporting screen readers, keyboard-only navigation, high-contrast modes, font size adjustments, and voice control integration. DEFONEOS is for everyoneβ€”accessibility is a fundamental design pillar, not an afterthought.

12. Immutable Red Lines β€” User Portal Enforcement

The sovereign nature of DEFONEOS is underpinned by a set of immutable red lines. These are non-negotiable ethical and operational boundaries enforced deeply within the MCP layer and the BFT council. No user, regardless of their role or clearance, can bypass these hard stops without a BFT quorum and Nick's explicit personal authorization.

RED LINE 1: No Kinetic Targeting Automation. The system is absolutely forbidden from any kinetic-targeting patterns, strike packages, find-fix-finish sequences, or automated kill orders. Decision authority for lethal force always resides with human operators, with DEFONEOS providing only intelligence and decision support.

RED LINE 2: No Personal Surveillance. DEFONEOS cannot be used for individual tracking, facial recognition of private citizens, or direct location tracking of personal mobile devices without explicit, legally compliant authorization for specific, defined threats. PII is redacted at the sensor layer.

RED LINE 3: No SIGIL Chain Modification. No user can delete, modify, or falsify SIGIL receipts. The audit chain is append-only and cryptographically secured. Any corrections or amendments must be submitted as new, compensating receipts that explicitly reference the original entry. Chain integrity is verifiable by any authorized party.

RED LINE 4: No Data Exfiltration. Classified data cannot be exfiltrated from the sovereign substrate without explicit BFT council approval and a cryptographically verifiable export process. This prevents unauthorized transfer of sensitive information.

RED LINE 5: Clearance-Bound Data Access. No user can view data above their current security clearance level. Data is encrypted at rest with role-specific, hierarchical keys. System Administrators manage the infrastructure but cannot decrypt or read operational data without the appropriate, separately managed, classification clearance.

RED LINE 6: Temporal Session Limits. No user session persists beyond the role-specific timeout. There is no "remember me" functionality for classified access. Re-authentication is strictly enforced for every privileged action, mitigating risks from unattended sessions or compromised credentials.

RED LINE 7: Un-Consented Digital Twins. No i-character (digital twin) can be generated, trained, or deployed without the explicit, verifiable, and revocable consent of the individual being twinned. This upholds personal sovereignty and ethical AI principles.

13. Honesty Register: Transparency in Development & Deployment

The DEFONEOS Honesty Register provides transparent status updates on key claims, distinguishing between design specifications, working demonstrations, integrated components, and live production deployments. This ensures clear communication about the system's current capabilities.

ClaimStatusEvidence
4 user roles with 47 RBAC controlsLIVERole-based access is enforced in the MCP gateway. The full 47-control matrix is a configurable deployment policy, not a separate binary. Ed25519-signed JWTs manage access.
Cesium 3D globe dashboardDEMOA working Cesium demo is live at defoneos-globe.html. Live entity feeds require sensor MCPs to be wired to real-time data sources and active deployment.
ATAK/TAK CoT integrationLIVEdefoneos-tak-mcp is built, fully tested (10/10 tests passed), and deployed. Live FreeTAKServer integration has been verified.
SIGIL audit chainLIVE49,000+ SIGIL receipts are in production on the sovereign substrate. All are Ed25519 v2 signed and Bitcoin OP_RETURN anchored for immutability.
BFT-33 councilLIVEA 33-node BFT council is operational on the GCP VM, leveraging HotStuff consensus with a 23/33 quorum for critical decisions.
5-track certification academyCURRICULUMThe 47 modules and 120 hours of curriculum are fully defined at defoneos-training-cert.html. Formal accreditation is pending awarding body partnerships.
Mobile app (iOS/Android)PLANNEDArchitecture for PHASE 135 (native mobile app) is defined. Development has commenced on core components. The web dashboard offers mobile responsiveness as an interim solution.
One-click actions (Operator)LIVEImplemented and tested with defoneos-tak-mcp. Configurable via MCP policies and tied to BFT-approved workflows.
Real-time compliance scoreDEMOIntegration with JSP 936 and EU AI Act compliance engines provides dynamic scoring. Requires full system deployment for real-time aggregation across all MCPs.

Legend: βœ“ Full access Β· β–³ Conditional/approval required Β· βœ— No access. DESIGN = specification exists, implementation partial. DEMO = working demonstration, not production-deployed. INTEGRATED = code built and tested, needs live deployment. LIVE = running in production with real data. PLANNED = architecture defined, not yet built.

14. Getting Started with DEFONEOS

Each role has a clear onboarding path to ensure proficiency and compliance.

For Field Operators (DFO-OP)

1. Complete DFO-CO Certification (16 hours). 2. Receive CAC/PIV credentials from your unit. 3. Install the DEFONEOS TAK client on your ruggedized device. 4. Connect to the secure DEFONEOS endpoint. 5. Begin mission operations using one-click actions.

For Intelligence Analysts (DFO-AN)

1. Complete DFO-CD (32 hours) or DFO-CA (24 hours) Certification. 2. Obtain verified UK SC clearance. 3. Request API key and role assignment from a System Administrator. 4. Access the web dashboard or REST API for in-depth analysis. 5. Begin multi-source intelligence fusion.

For Commanders (DFO-CMD)

1. Complete DFO-CC Certification (20 hours). 2. Ensure SC clearance is verified. 3. The BFT council assigns your commander seat and activates your voting rights. 4. Access the strategic Common Operating Picture (COP) and BFT council interface. 5. Command operations with sovereign oversight.

For System Administrators (DFO-SA)

1. Complete DFO-CS Certification (28 hours). 2. Ensure SC/DV clearance is verified. 3. Admin credentials issued by an existing System Administrator and approved by the BFT council. 4. Deploy and configure DEFONEOS infrastructure (refer to the Deployment Guide). 5. Manage MCPs, user roles, and compliance frameworks.