EU AI Act Article 50 — 20 days to seal | Get passport

🛠️ DEFONEOS Install Wizard

From zero to sovereign defence AI in 30 minutes. One command. Five decisions. Done.

⏱️ Time estimate: 30 minutes · 🧠 Prerequisite: Python 3.11+, Docker, 16GB RAM, git · 💾 Storage: 8GB free · 🌐 Network: ~50MB download + per-MCP API calls (optional, can run offline)

The One Command

# Download + run the wizard
curl -sSL https://csoai-static-deploy2.vercel.app/install.sh | bash

That's it. The wizard handles: pre-checks, MCP discovery, SOV3 install, cesium self-host, BFT council init, SIGIL chain bootstrap, and SIGIL receipt.

The 5-Step Flow

1 · Pre-Check 2 · Profile 3 · Install 4 · Verify 5 · Seal
1

Pre-Check — Environment Discovery

The installer auto-detects: OS (macOS / Linux / WSL2), Python version, Docker availability, disk space, RAM, internet status. Outputs a one-line green/yellow/red matrix. Smart blocks on red (e.g. Python < 3.11), warns on yellow (e.g. low RAM), continues on green.

2

Profile — 5 Decisions

The wizard asks 5 questions to pick the right MCP bundle:

❓ Decision 1: Deployment target

Where will SOV3 + MCP fleet run?

a) M4 / M2 Mac (local sovereign compute, recommended for individual operators)

b) GCP VM cluster (production scale, multi-user)

c) On-prem (air-gapped, MOD/UK sovereign deployment)

d) Hybrid (Mac edge + GCP cloud sync)

❓ Decision 2: Domain bundle

Which 12 domains do you need?

a) All 12 (Land/Sea/Air/Space/Cyber/EW/Underground/Cognitive/Bio/Quantum/Arctic/Urban)

b) Sensor + Defence only (10 MCPs)

c) Civil Services only (3 MCPs)

d) Custom (pick from MCP registry)

❓ Decision 3: API connectivity

Real API access or sandbox mode?

a) Real (provide API keys for Sentinel Hub, Companies House, etc.)

b) Sandbox (pre-cached data, 30-day refresh)

c) Offline (synthetic data generators)

❓ Decision 4: BFT council size

How strict is the AI governance?

a) Full 33-node council (recommended, default)

b) Reduced 11-node (faster decisions, less safety)

c) Single-agent mode (fastest, lowest safety — not recommended for defence)

❓ Decision 5: SIGIL frequency

How often to generate audit receipts?

a) Every action (highest audit, highest overhead)

b) Every 5 minutes (recommended, balanced)

c) Every hour (low overhead)

3

Install — pip + Docker + Cesium

The installer runs these sub-commands:

# 1. Install pip dependencies (MCP fleet)
pip install $DOMAIN_BUNDLE_MCPS

# 2. Pull Docker images (Cesium + Redis + Postgres)
docker pull redis:7-alpine
docker pull postgres:16
docker pull cesium/ion-self-hosted:latest

# 3. Initialize SOV3 substrate
defoneos init --gcp-project=$PROJECT --region=uk

# 4. Bootstrap BFT council
defoneos bft init --council-size=$COUNCIL_SIZE

# 5. Start SIGIL chain
defoneos sigil init --chain=mainnet --frequency=$FREQUENCY
4

Verify — 16 e2e tests

The wizard runs the canonical 16-test E2E suite:

#TestOutcome
1SOV3 /mcp endpoint200 OK
2Auth handshakeJWT issued
3MCP discoveryAll 30 listed
4Tool invocationAll 188+ callable
5BFT council voteQuorum 22/33 reached
6SIGIL receiptEd25519 generated
7Cesium globelocalhost:8082 OK
8TAK bridgeFreeTAKServer / cot OK
9JSP 936 audit5 principles check
10EU AI Act auditArticle 50 OK
11OWASP ASI Top 10All 10 mitigations
12GDPR right-to-eraseData deleted + receipt
13D3 offline modeMac edge node runs
14Disaster recoveryRPO 5m / RTO 15m
15Performance SLAs<100ms p99 latency
16SIGIL chain integrityHash verified ✓
5

Seal — Sovereign SIGIL receipt

On success, the wizard issues a SIGIL receipt:

✅ INSTALL COMPLETE — 5JUL22:30BST
Sovereign BFT Council: 33 nodes, 22/33 quorum active
SIGIL Receipt: a3c8f1e92b4d5073
Anchored to: Bitcoin block #000
SOV3 endpoint: https://localhost:3101/mcp
Cesium globe: http://localhost:8082
FreeTAKServer: ssl://localhost:8089

→ Next: defoneos demo --live

Troubleshooting

Common issues:

More: see defoneos-deploy.html for production deployments, defoneos-start.html for the 5-step quick start.