Platform

Overview

How It Works

Beneficiary Identity

Policy Corridors

Deterministic Finality

Architecture

Security Model

Governance

Integration
Solutions

Corridors Overview

Institutional Overview

Pricing

All Scenarios

Humanitarian Impact Fund
Assurance

Technical Assurance

Verify Receipt

Receipt Example
Developers

Documentation

APIs & Bridges

Architecture Docs

Glossary

BID API
Company

About

Team

Partners

Roadmap

Investors

Contact

Blog

All Documentation
Schedule Consultation
← Back to Patent Claims
Patent Claim 14 All Patents →

Stateful Observation Windows

Per-Rule Per-Node Trigger Counters with Security Exception Override

Patent Claim JIL Sovereign February 2026 Claim 14 of 36

Executive Summary

The stateful observation window mechanism prevents false-positive remediation by requiring anomalies to persist across multiple consecutive inspection cycles before triggering action. Per-rule, per-node trigger counters track sustained anomalies while filtering transient spikes. A critical exception exists for security rules that bypass the observation window entirely.

Observation Window Mechanics

ParameterValuePurpose
Inspection cycle60 secondsMetric collection and rule evaluation interval
Required consecutive triggers3 cycles (~3 minutes)Sustained anomaly before remediation
Counter resetOn any non-triggering cycleTransient spike filtering
Security exceptionSEC_DIGEST_MISMATCHFires immediately, bypasses window

A rule must trigger on 3 consecutive 60-second inspection cycles (approximately 3 minutes of sustained anomaly) before generating a remediation recommendation. If any cycle does not trigger the rule, the counter resets to zero.

Counter State Machine

// Per-rule, per-node state
state = {
    rule_id: "PERF_CPU_HIGH",
    node_id: "validator-us",
    consecutive_triggers: 0,  // 0, 1, 2, or 3+
    last_evaluated: timestamp,
    fired: false
}

// Each inspection cycle:
if rule_triggers(node):
    state.consecutive_triggers += 1
    if state.consecutive_triggers >= 3:
        emit_remediation_recommendation()
        state.fired = true
else:
    state.consecutive_triggers = 0  // RESET
    state.fired = false

Security Exception

The SEC_DIGEST_MISMATCH rule (image tampering detection) is the sole exception to the observation window requirement. When a digest mismatch is detected, the remediation recommendation fires immediately on the first detection without waiting for consecutive triggers.

Rationale: A tampered container image represents an active supply-chain attack. Waiting 3 minutes (3 cycles) before responding gives an attacker time to sign fraudulent bridge withdrawals or corrupt consensus. Immediate isolation is the only safe response.

Benefits

  • False positive reduction: Network blips, brief CPU spikes, and momentary latency increases are filtered out by the 3-cycle requirement
  • Cascade prevention: Transient issues don't trigger unnecessary restarts that could themselves cause outages
  • Security responsiveness: Real threats (code tampering) are still addressed immediately
  • Observability: Counter states are visible in the fleet dashboard for operational insight

Patent Claim

Dependent Claim 14: The system of claim 11, further comprising stateful observation windows maintaining per-rule, per-node trigger counters, requiring 3 consecutive 60-second inspection cycles of sustained anomaly before generating a remediation recommendation, with counter reset on non-triggering cycles.