Quorum-Based Engagement Authorization for Defense Systems

Mechanism

The mechanism couples a multi-agent decision protocol to the cognition architecture's admissibility evaluation. An engagement proposal enters the quorum gate as a structured object containing target identification data, sensor provenance, rules-of-engagement (ROE) selectors, proportionality estimates, and collateral risk envelopes. The gate distributes the proposal to a quorum set, where each member is an independent agent or operator station holding its own admissibility evaluator. Each member evaluates the proposal against ROE compliance, target identity confidence, proportionality, and collateral risk, and emits a signed vote that includes a per-agent composite admissibility weight reflecting confidence, sensor lineage, and policy alignment.

The quorum aggregator collects votes within a policy-defined window and computes a weighted sum against a threshold. The composite admissibility weights are not uniform: an agent with degraded sensor inputs, stale ROE bindings, or recent disruption indicators carries reduced weight. Authorization is binding only when the weighted sum crosses the threshold and every contributing vote is verifiable against its signing key and policy lineage. If any required input is missing, expired, or unsigned, the gate refuses to bind and the proposal is returned to the originator with a structured rejection record.

Binding produces a single authorization artifact that the effector layer is structurally required to verify before actuation. The artifact carries the quorum tally, the weight vector, the ROE selector, and the lineage of each contributing vote. No alternate path exists from proposal to actuation; the architecture treats unauthorized engagement as a class of action that the effector cannot execute, not merely one that policy forbids.

Operating Parameters

The quorum threshold is parameterized by engagement class. Low-consequence actions, such as electronic countermeasures against an already-classified threat, may require a simple majority of two of three weighted votes. Higher-consequence actions, including kinetic engagement of contested or ambiguous targets, require supermajority weights or full unanimity, and may additionally require that at least one vote originate from a human-in-the-loop station. The threshold function is published as a policy artifact and is itself subject to versioned governance, so changes to the threshold are auditable events rather than configuration drift.

Voting windows are bounded by the operational tempo of the engagement class. Time-critical air defense scenarios use windows on the order of hundreds of milliseconds, with pre-staged quorum members that maintain warm admissibility evaluators. Deliberate strike scenarios use windows of seconds to minutes, allowing for richer evaluation. In denied- or degraded-communication environments, the protocol supports delayed validation: a subset of votes may be cached locally, the engagement may proceed under a contingent authorization, and the remaining votes are verified asynchronously when communications restore. If the asynchronous tally fails to reach quorum, the architecture records a binding-failure event and the contingent authorization is retroactively invalidated for after-action review.

Composite admissibility weights are recomputed per proposal. Inputs include sensor confidence, sensor lineage age, the agent's recent disruption profile, the freshness of its ROE binding, and any standing exclusions. Weights are clipped to a bounded range so that no single agent can dominate a quorum, and weights are zeroed when the agent's signing key fails freshness checks. The weight function is published as a versioned artifact alongside the threshold function, and adjustments to either are themselves binding events recorded in the lineage chain. This prevents a quorum from being silently weakened through unannotated changes to its weighting rule.

Alternative Embodiments

The same quorum architecture admits multiple deployment topologies. In a fully distributed embodiment, quorum members are physically dispersed platforms communicating over a tactical mesh, and the aggregator runs on each platform redundantly with consensus on the binding event. In a centralized embodiment, a command node hosts the aggregator while members remain distributed; this trades resilience for lower coordination latency and is appropriate for fixed installations. A hybrid embodiment partitions members into local and remote tiers, where local members provide tempo and remote members provide oversight, and the threshold function requires representation from both tiers.

The vote payload itself can be specialized. In sensor-rich domains, votes carry full evidence packages; in bandwidth-constrained domains, votes carry only the signed admissibility verdict and a hash commitment to the underlying evidence, with the evidence reconstructable on demand. The quorum gate is also embodiable for non-kinetic engagements, including cyber effects, electronic attack, and information operations, where the consequence calculus differs but the structural requirement for multi-party binding is identical.

Quorum membership itself can be static or dynamic. Static membership pre-registers a fixed roster of agents and stations, suitable for fixed installations and named platforms. Dynamic membership draws members from a pool at engagement time according to a selection policy that considers role, freshness, and disruption profile; this embodiment supports rotating crews, distributed task forces, and ad hoc coalitions where the participating agents are not known in advance. A federated embodiment further allows quorum members to belong to distinct administrative domains, with each domain operating its own admissibility evaluator under a shared meta-policy that defines acceptable cross-domain weights.

Vote semantics can also be specialized for proportional or tiered authorization. Rather than a single binary binding event, the architecture supports tiered binding in which the quorum can authorize a constrained subset of an engagement envelope, such as a tracking action, a non-lethal effect, or a lethal effect, with each tier requiring its own threshold. This avoids the all-or-nothing structure of single-threshold authorization and matches the graduated nature of real engagements.

Composition

Quorum-based engagement authorization composes with the broader cognition architecture rather than standing alone. Each member's admissibility evaluator is the same evaluator used elsewhere for action governance, training governance, and disclosure governance, so a single policy lineage governs what an agent will assert across all contexts. The lineage recorder that captures training provenance also captures vote provenance, producing a unified audit chain from the data that shaped an agent's judgment to the engagement it authorized. The disruption-modeling subsystem feeds into the weight function: agents exhibiting personality-analog disruption patterns or coherence-axis instability have their weights reduced or zeroed automatically, without requiring human intervention to remove them from the quorum.

Composition with the depth-selective training governance subsystem ensures that the layers responsible for an agent's ROE interpretation and target-recognition behavior are themselves bound to versioned policy artifacts. A change to the ROE substrate cannot occur silently; it produces a lineage entry that propagates into the agent's signing key freshness state, which in turn is consumed by the quorum aggregator when computing weights. Composition with the retention subsystem allows the architecture to reinforce critical safety behaviors and to suppress withdrawn target-classification heuristics without disturbing the agent's broader operational competence. The result is a single governance fabric in which engagement authorization is the binding step at the end of a chain that begins at the data used to train the agents and ends at the actuator command, with no ungoverned segment in between.

Finally, the architecture composes with external command authority. The threshold function can require, for designated engagement classes, that one of the contributing votes carry a credential issued by an external command-authority service, and the quorum aggregator can refuse to bind unless that credential is present, current, and signed by the appropriate authority. This externalization preserves the chain of command as a structural requirement on engagement, rather than as a procedural overlay.

Prior-Art Distinction

Existing multi-party authorization systems in defense contexts are predominantly procedural: two-person rules, command-approval chains, and permissive action links enforce policy through human discipline and access controls rather than through structural binding of the actuating command. Cryptographic multi-signature schemes from financial and key-management contexts provide threshold signing but do not embed admissibility evaluation, ROE selectors, or weighted composite votes; they answer only whether enough keys signed, not whether each signer's judgment was admissible under current policy. The quorum-based engagement authorization described here differs in that the threshold function operates on policy-aware composite weights, the votes are bound to admissibility evaluations rather than to raw approvals, and the effector layer treats unauthorized actuation as structurally impossible rather than as a policy violation to be detected after the fact.

Distributed consensus protocols from systems engineering, including Paxos, Raft, and Byzantine fault-tolerant variants, address agreement under failure but assume that any quorum of correct nodes is sufficient regardless of the content of the agreement. The architecture described here inverts that assumption: agreement on an inadmissible proposal is itself a failure mode, and the protocol explicitly refuses to bind even when a numerical majority of signers is present. The composite weight, the policy-aware threshold function, and the evidence-bearing vote payload have no analog in those protocols. Likewise, consent-based access control frameworks address authorization for read and modify operations on data resources, not for actuation events with kinetic consequences, and they do not provide the binding semantics required to treat actuation refusal as the architectural default.

Disclosure Scope

The disclosure scope encompasses the quorum gate, the composite admissibility weight function, the threshold function as a versioned policy artifact, the delayed-validation protocol for denied-communication environments, the binding authorization artifact, and the structural coupling between binding and actuation. It encompasses the alternative deployment topologies, the specialization of vote payloads to sensor-rich and bandwidth-constrained domains, and the extension to non-kinetic engagement classes. The scope expressly contemplates use in autonomous, semi-autonomous, and human-supervised systems, and the architecture is intended to preserve human oversight and multi-party accountability across the full autonomy spectrum. The scope further contemplates federated deployments across allied or coalition forces, dynamic-membership embodiments in which quorum participants are selected at engagement time from a qualified pool, and tiered-authorization embodiments in which graduated engagement envelopes carry their own thresholds. The lineage chain produced by the architecture is itself within the scope, including the recording of contingent authorizations, asynchronous tally outcomes, and binding-failure events for after-action review.