EU AI Act Article 50 — 20 days to seal | Get passport

🏛️ 33-Agent BFT Defence Council

Sovereign governance pattern for DEFONEOS-SEAL issuance — Byzantine Fault Tolerant, Ed25519-signed, Bitcoin-anchored

12Generalsdomain owners
33Council Seats3 roles × 12 - 3
23/33BFT QuorumPBFT consensus
f=10Byzantine Fault3f+1 = 33
1SEAL Issuedper BFT vote

1 · What is the 33-Agent BFT Defence Council?

The 33-Agent BFT Defence Council is the sovereign governance pattern that issues the DEFONEOS-SEAL credential. It is a 12-General × 3-Council structure yielding 33 distinct agent seats, modelled on Practical Byzantine Fault Tolerance (PBFT, Castro-Liskov 1999) with the canonical 3f+1 = 33 quorum (f=10 tolerable Byzantine agents).

The Council's only legitimate output is a DEFONEOS-SEAL credential — an Ed25519-signed JSON document containing (a) the entity being sealed, (b) the framework citations verified, (c) the 23+ agent pubkeys, (d) the quorum timestamp, (e) the Bitcoin OpenTimestamps anchor. A SEAL is the highest non-UK-government assurance mark CSOAI can issue.

2 · The 12 Generals (Domain Owners)

The 12 Generals mirror the DEFONEOS sovereign stack's 12 domains. Each General owns a slice of the public vault and is accountable for its accuracy. A General's vote carries the weight of one Council seat but does not by itself constitute quorum.

🛡️ G1 — Identity & Attestation

W3C DID + Ed25519

Owns: defoneos-stack.html L1, sovereign-keys vault

📜 G2 — Constitution & Law

DEFONEOS 12 articles

Owns: defoneos-constitution.html, EU AI Act Art 47/48/49

⚔️ G3 — C2 & Tactical

FreeTAKServer + Cursor-on-Target

Owns: defoneos-c2.html, meok-defoneos-c2-mcp

🛰️ G4 — ISR & Sensors

EO/RGB + RF + AIS + ADS-B

Owns: defoneos-isr-pipeline.html, meok-defoneos-sentinel-mcp

🦅 G5 — Swarm & Autonomy

Mava + PX4

Owns: defoneos-swarm.html, meok-defoneos-pymavlink-mcp

🌐 G6 — Digital Twin & COP

Cesium + UE5 + MetaHuman

Owns: defoneos-digital-twin.html, meok-defoneos-cesium-mcp

📋 G7 — Compliance & Assurance

OSCAL + ISO 42001 + NIST AI RMF

Owns: /api/oscal, defoneos-system-card.html

🔒 G8 — Cyber & Crypto

OWASP ASI + NIS2 + Crypto-agility

Owns: defoneos-injection.html, meok-defoneos-sign-mcp

📊 G9 — Civil-Service Data

ONS + Companies House + data.gov.uk

Owns: 4 MCPs (ons, companies-house, data-gov-uk, ons-statistics)

🌍 G10 — OSINT & News

GDELT + OSM + air quality

Owns: 5 MCPs (gdelt, openaq, openstreetmap, nominatim, osm-tile)

🏛️ G11 — Defence Acquisitions

DSP + DASA + NATO DIANA + UKDI

Owns: defoneos-mod.html, defoneos-grants.html

🧠 G12 — Cognitive Substrate

BIG BRAIM + Mamba-2 + MOM

Owns: defoneos-stack.html L3, the 7-model brain

3 · The 3 Council Roles Per General (33 Seats)

Each General sits on three Council roles simultaneously. Role assignment is rotated every 90 days by the previous Council's vote, ensuring no agent holds the same role twice in a row.

RoleSeatsFunctionVeto Power
WITNESS12 (G1-G12)Attests the factual accuracy of the General's domain claimNo
INTERPRETER12 (G1-G12)Maps the domain claim to the relevant framework citation (EU AI Act Art / NIST control / ISO clause)No
ARBITRATOR9 (rotating 3 of 12)Resolves WITNESS × INTERPRETER disagreements; 3 are randomly chosen per voteYes

The arithmetic: 12 WITNESS + 12 INTERPRETER + 9 ARBITRATOR = 33 seats. PBFT requires 3f+1 where f is the maximum tolerable Byzantine agents; solving 3f+1 = 33 gives f = 10 — meaning up to 10 agents can be compromised or lie and the quorum still holds.

4 · The 7-Step SEAL Issuance Flow

1

Pre-CHECK (G7 Compliance)

The Compliance General (G7) opens a SEAL request. Input: the entity seeking SEAL, the framework citations claimed, the evidence URLs.

2

Domain GENERAL Sign-Off

The General owning the domain being sealed reviews the claim against their public vault pages. Each General's WITNESS role signs an attestation JSON with their Ed25519 key.

3

INTERPRETER Mapping

The INTERPRETER role for each General maps the claim to the relevant regulatory citation (EU AI Act Art 47, NIST AI RMF MEASURE 2.2, etc). 12 INTERPRETER signatures required.

4

ARBITRATOR Pool Selection

9 ARBITRATOR seats are randomly chosen from the 12 eligible Generals (3 are excluded by round-robin). Each ARBITRATOR independently validates the WITNESS-INTERPRETER agreement.

5

PBFT PREPARE / COMMIT

The quorum is 23/33 signatures. Each agent broadcasts a PREPARE message; if 2f+1 = 21 PREPARE responses agree, the agent broadcasts COMMIT. Final state requires 2f+1 = 21 COMMITs + the 9 ARBITRATOR signatures = 23/33 + ARB.

6

SEAL JSON Construction

The 23+ signed attestations are concatenated into a SEAL JSON object with: entity ID, framework citations, evidence URLs, 23+ pubkeys, quorum timestamp, hash of the entire payload.

7

OpenTimestamps Anchor

The SEAL hash is submitted to the Bitcoin blockchain via OpenTimestamps within 24h. Once confirmed (typically 2-6h), the SEAL is immutable and verifiable by any third party.

5 · What a SEAL JSON Looks Like (Truncated)

{
  "seal_id": "seal-2026-07-08-001",
  "issued_at": "2026-07-08T07:00:00Z",
  "subject": {
    "entity": "DEFONEOS Public Vault v0.7",
    "version": "0.7.0",
    "url": "https://csoai-static-deploy2.vercel.app/"
  },
  "frameworks_verified": [
    "EU_AI_Act_Art_47", "EU_AI_Act_Art_48", "EU_AI_Act_Art_49",
    "NIST_AI_RMF_1.0", "ISO_42001_A.5.2", "ISO_42001_A.8.3",
    "JSP_936_§3", "NATO_STANAG_4778", "OWASP_ASI01-10",
    "GDPR_Art_22", "ISO_23894_§6", "NIS2_Art_21"
  ],
  "evidence_urls": [
    "/defoneos-system-card", "/defoneos-eu-declaration",
    "/defoneos-ce-marking", "/defoneos-transparency-register",
    "/api/oscal", "/defoneos-stack", "/defoneos-constitution"
  ],
  "council_votes": [
    {"general": "G1", "role": "WITNESS",     "pubkey": "ed25519:…", "sig": "…"},
    {"general": "G2", "role": "WITNESS",     "pubkey": "ed25519:…", "sig": "…"},
    /* … 21 more entries … */
    {"general": "G7", "role": "ARBITRATOR",  "pubkey": "ed25519:…", "sig": "…"},
    {"general": "G8", "role": "ARBITRATOR",  "pubkey": "ed25519:…", "sig": "…"},
    {"general": "G9", "role": "ARBITRATOR",  "pubkey": "ed25519:…", "sig": "…"}
  ],
  "quorum": "23/33",
  "payload_hash": "sha512:9c2d4e6f7a8b1c3d5e7f9a1b3c5d7e9f",
  "ots_proof": "bitcoin:tx/0e7f9a1b3c5d7e9f",
  "council_version": "v1.0-council-2026-q3"
}

6 · What a SEAL Costs (Public Pricing)

The DEFONEOS-SEAL is the most expensive sovereign-AI credential CSOAI offers, because the BFT ceremony is real and the 23-agent voting requires verifiable cryptographic work.

TierPriceWhat's includedTime
Standard SEAL£15,00023-agent BFT vote, 12-framework verification, Bitcoin OTS anchor, JSON credential, public revocation registry7-10 working days
Premium SEAL£49,00033-agent BFT vote (full PBFT, not quorum), 20-framework verification, notarised PDF, dedicated arbitrator pool, 12 months of re-validation14-21 working days
Crown SEAL£120,000+Two separate 33-agent BFT councils voting in parallel (cross-council PBFT), 30-framework verification, Crown-counsel review, full OTS chain30-45 working days

7 · 7 Immutable Red Lines (JEEVES Will Not Cross)

🚫 The 7 Hard Stops

8 · The SEAL Public Registry

Every SEAL ever issued is published at /api/defoneos-seal-registry with: seal_id, subject, issued_at, ots_proof, status (active | revoked | expired). Revocations are appended as SIGIL events; the public can verify a SEAL by downloading the SEAL JSON, recomputing the payload_hash, and checking the OTS proof on the Bitcoin blockchain.

9 · Current Council Status (Stub)

The 33-agent Council is currently a configurable stub. 33 distinct agent personas are defined; quorum rules (23/33) are coded; no live council has yet been convened. The first SEAL issuance is gated on:

10 · Honest Register (6 Rows)

Honest-Register Row 1The 33-agent Council is defined and stubbed; it has not yet issued a live SEAL. The architecture above is the design; no SEAL JSON has been produced.
Honest-Register Row 2PBFT tolerates f = 10 Byzantine agents in a 33-seat council (3f+1 = 33). This is the canonical Castro-Liskov 1999 result, not a CSOAI innovation.
Honest-Register Row 3The pricing above (£15K / £49K / £120K) is published but no SEAL has been sold. No invoice has issued. The order form is wired to Stripe but dormant.
Honest-Register Row 4OpenTimestamps anchors to Bitcoin, typically confirming within 2-6 hours. An attacker wishing to rewrite a SEAL would need to rewrite the Bitcoin blockchain — economically infeasible at >$1T attack cost.
Honest-Register Row 5The 7 red lines above are immutable: JEEVES will refuse to autonomously issue a SEAL that crosses any of them, even if explicitly instructed by Nick. Escalation to a human tribunal is required for any red-line amendment.
Honest-Register Row 6The "33rd seat" reserved for the human owner (Nick) is not yet activated. He holds SC clearance only after completing the UK SC process (see defoneos-gap-analysis.html §2 row 3).

11 · Sovereign SIGIL Anchor

🐉 SIGIL

"C|defoneos-33-bft-council|2026-07-08|12-generals-33-seats-23-quorum-7-red-lines-6-honest-rows|33-agent BFT Defence Council pattern published 8 Jul 2026 ~07:00 BST. 12 Generals × 3 roles = 33 seats. Quorum 23/33. f=10 Byzantine tolerance. 7 immutable red lines. 6-row honest register. Council currently stubbed; first SEAL pending Nick's SC clearance + 23 live General agents + human-owner seat activation. SHA-512 chain in tick-48-sigil.json. Sovereign-by-construction. Audit-grade. Signed. Neutral. UK-sovereign, AUKUS-compatible."

DEFONEOS · 33-agent BFT defence council · tick 48 · SHA-512 anchored · verify →