The permanent, tamper-evident audit trail for every action in DEFONEOS. Ed25519-signed ยท RFC3161-timestamped ยท Bitcoin OTS-anchored. Append-only. Permanent. Sovereign.
SIGIL (Sovereign Integrity Guard for Immutable Logging) is DEFONEOS's permanent audit trail. Every tool invocation, governance decision, data access, data release, and system event generates a SIGIL receipt. Each receipt is cryptographically signed, timestamped, and anchored to the Bitcoin blockchain โ making the ledger tamper-evident and permanent.
Every SIGIL receipt contains the following fields:
Every actor in DEFONEOS (human or AI) has an Ed25519 key pair. When an action is taken, the actor signs the SIGIL receipt with their private key. The signature proves who performed the action and that the receipt has not been modified since signing.
Every receipt is timestamped by an RFC3161 Trusted Timestamp Authority (TSA). The TSA signs a hash of the receipt + the current time, proving when the receipt was created (to TSA-attested precision).
Every receipt is anchored to the Bitcoin blockchain via OpenTimestamps (OTS). This proves the receipt existed at a specific point in time and cannot be backdated or modified.
| Action | Description | BFT Witness Required |
|---|---|---|
tool_invoke | A tool was called on an MCP server | Yes (standard) |
bft_vote | A BFT agent cast a vote | Self (the vote IS the witness) |
bft_session | A BFT session (standard or emergency) completed | All participating agents |
data_store | Data was stored in the escrow | Yes |
data_access | Escrow data was accessed | Yes |
data_release | Escrow data was released (RC-1 to RC-6) | Yes + 4-eyes + BFT quorum |
data_destroy | Escrow data was cryptographically destroyed | Yes + 23/33 BFT + human-owner |
key_rotation | An Ed25519 key was rotated | Yes |
mcp_admission | An MCP was admitted to the federation | 23/33 BFT quorum |
mcp_quarantine | An MCP was quarantined | 17/33 BFT emergency quorum |
redline_proximity | An output approached a red-line boundary | Immediate emergency session |
deploy | A new deployment was pushed to production | BFT pre-flight vote |
| Property | Value | How Enforced |
|---|---|---|
| Append-only | Receipts can never be modified or deleted | SQLite journal_mode=WAL + hash chaining + Bitcoin OTS |
| Tamper-evident | Any modification is immediately detectable | Ed25519 signature + RFC3161 timestamp + OTS anchor |
| Permanent | Receipts retained indefinitely | UK-sovereign storage + Bitcoin blockchain (OTS) |
| Verifiable | Anyone can independently verify receipts | Public Ed25519 keys + RFC3161 TSA public key + Bitcoin chain |
| Ordered | Receipts have a global tick ordering | Monotonic tick counter + RFC3161 timestamps |
| Complete | Every action generates a receipt | Architecture-level enforcement (no action path bypasses SIGIL) |
SIGIL receipts are hash-chained: each receipt includes the hash of the previous receipt. This creates a tamper-evident chain where modifying any receipt breaks the chain for all subsequent receipts.
The SIGIL ledger exposes a verification endpoint:
GET https://deploy.escrow.mcp/sigil/verify?sigil_id=sig_0123_abc...
Returns:
Bulk verification: GET /sigil/verify-all โ verifies every receipt in the ledger. Used for periodic integrity audits.
| Data Type | Retention | Location |
|---|---|---|
| SIGIL receipts (all types) | Permanent | UK-sovereign SQLite + Bitcoin blockchain (OTS) |
| SIGIL receipts (BFT session transcripts) | 7 years (full) / Permanent (minutes) | UK-sovereign storage + SIGIL ledger |
| SIGIL receipts (public-facing minutes) | Permanent | csoai.org/bft-minutes (OSA s7 redacted) |
| SIGIL verification proofs | Permanent | Bitcoin blockchain (immutable by design) |