Platform

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration
Solutions

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund
Assurance

Technical Assurance

Verify Receipt

Receipt Example
Developers

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API
Company

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation
Schedule Consultation
← Back to Patent Claims
Patent Claim 11 All Patents →

Dual-Policy Fleet Remediation

Quorum-Protected Remediation with Security Exception Override

Patent Claim JIL Sovereign February 2026 Claim 11 of 36

Executive Summary

JIL Sovereign's dual-policy remediation model resolves a fundamental tension in automated fleet management: acting on threats risks cascading failures (taking too many nodes offline), while not acting risks undetected compromise. The solution uses different policies for different threat categories.

Core Innovation: First system implementing category-dependent quorum policies: operational threats respect availability, while cryptographic integrity violations override quorum protection for immediate isolation.

Problem Statement

Automated remediation systems face a fundamental design conflict. All existing systems use a single policy - either always respect availability (missing security threats) or always prioritize security (risking availability cascades). Neither approach is adequate for networks securing billions in bridged assets.

  • Prometheus + Alertmanager: No auto-remediation, no quorum awareness
  • Kubernetes PDB: Single policy, always respects budget
  • AWS Auto Scaling: No composite threat model, no category-dependent policy

Dual-Policy Architecture

Policy 1: Operational Threats

For operational issues (container down, high CPU, memory pressure, performance degradation), auto-remediation is permitted ONLY IF the action would not reduce healthy nodes below the quorum minimum: max(7, ceil(total_validators * 0.70)).

Policy 2: Security Threats

For cryptographic integrity violations (image digest mismatch indicating possible tampering), auto-remediation overrides quorum protection and executes immediately. A compromised node inside the network is a greater threat than the availability cost of removing it.

Threat CategoryExamplesPolicyQuorum Check
OperationalContainer down, high CPU, memoryQuorum-protectedYes - blocked if below minimum
PerformanceLatency spike, throughput dropQuorum-protectedYes - blocked if below minimum
SecurityImage digest mismatch, key expiryOverrideNo - immediate isolation

Quorum Computation

The quorum minimum is dynamically computed based on the current validator set size:

quorum_minimum = max(7, ceil(total_validators * 0.70))

// With 20 validators: max(7, ceil(20 * 0.70)) = max(7, 14) = 14
// With 20 validators: max(7, ceil(10 * 0.70)) = max(7, 7) = 7
// With 5 validators:  max(7, ceil(5 * 0.70))  = max(7, 4) = 7

The absolute minimum of 7 ensures that even with a small validator set, sufficient redundancy is maintained for consensus safety.

Rate Limiting

Multi-level rate limiting prevents remediation storms:

  • Per-node cooldown: Minimum 5-minute interval between actions on the same node
  • Per-action burst limit: Maximum 3 of the same action type per inspection cycle
  • Global fleet cap: Maximum 2 nodes remediated per 60-second inspection cycle

Patent Claim

Independent Claim 4: A computer-implemented system for autonomous fleet monitoring and remediation comprising: a threat scoring engine evaluating a configurable set of rules across security, performance, availability, and fleet categories to produce per-node composite threat scores; and a dual-policy remediation controller wherein: for operational threat categories, auto-remediation is permitted only when the resulting healthy node count would remain at or above a quorum minimum; and for cryptographic integrity threat categories, auto-remediation overrides the quorum minimum and executes immediately.