Home
Learn

How It Works

Tokenomics

Roadmap

Humanitarian Impact Fund

FAQ
Products

Wallet

DEX

LaunchPad

Token Factory

Vaults
Company

About

Contact
Buy JIL
← Back to Patent Claims
Patent Claim 11 All Patents →

Dual-Policy Fleet Remediation

Quorum-Protected Remediation with Security Exception Override

Patent Claim JIL Sovereign February 2026 Claim 11 of 36

Executive Summary

JIL Sovereign's dual-policy remediation model resolves a fundamental tension in automated fleet management: acting on threats risks cascading failures (taking too many nodes offline), while not acting risks undetected compromise. The solution uses different policies for different threat categories.

Core Innovation: First system implementing category-dependent quorum policies: operational threats respect availability, while cryptographic integrity violations override quorum protection for immediate isolation.

Problem Statement

Automated remediation systems face a fundamental design conflict. All existing systems use a single policy - either always respect availability (missing security threats) or always prioritize security (risking availability cascades). Neither approach is adequate for networks securing billions in bridged assets.

  • Prometheus + Alertmanager: No auto-remediation, no quorum awareness
  • Kubernetes PDB: Single policy, always respects budget
  • AWS Auto Scaling: No composite threat model, no category-dependent policy

Dual-Policy Architecture

Policy 1: Operational Threats

For operational issues (container down, high CPU, memory pressure, performance degradation), auto-remediation is permitted ONLY IF the action would not reduce healthy nodes below the quorum minimum: max(7, ceil(total_validators * 0.70)).

Policy 2: Security Threats

For cryptographic integrity violations (image digest mismatch indicating possible tampering), auto-remediation overrides quorum protection and executes immediately. A compromised node inside the network is a greater threat than the availability cost of removing it.

Threat CategoryExamplesPolicyQuorum Check
OperationalContainer down, high CPU, memoryQuorum-protectedYes - blocked if below minimum
PerformanceLatency spike, throughput dropQuorum-protectedYes - blocked if below minimum
SecurityImage digest mismatch, key expiryOverrideNo - immediate isolation

Quorum Computation

The quorum minimum is dynamically computed based on the current validator set size:

quorum_minimum = max(7, ceil(total_validators * 0.70))

// With 20 validators: max(7, ceil(20 * 0.70)) = max(7, 14) = 14
// With 20 validators: max(7, ceil(10 * 0.70)) = max(7, 7) = 7
// With 5 validators:  max(7, ceil(5 * 0.70))  = max(7, 4) = 7

The absolute minimum of 7 ensures that even with a small validator set, sufficient redundancy is maintained for consensus safety.

Rate Limiting

Multi-level rate limiting prevents remediation storms:

  • Per-node cooldown: Minimum 5-minute interval between actions on the same node
  • Per-action burst limit: Maximum 3 of the same action type per inspection cycle
  • Global fleet cap: Maximum 2 nodes remediated per 60-second inspection cycle

Patent Claim

Independent Claim 4: A computer-implemented system for autonomous fleet monitoring and remediation comprising: a threat scoring engine evaluating a configurable set of rules across security, performance, availability, and fleet categories to produce per-node composite threat scores; and a dual-policy remediation controller wherein: for operational threat categories, auto-remediation is permitted only when the resulting healthy node count would remain at or above a quorum minimum; and for cryptographic integrity threat categories, auto-remediation overrides the quorum minimum and executes immediately.