Structural Quarantine: Execution Prevention Until Authorized Remediation

Mechanism

A quarantine is created by committing a quarantine record to the chain. The record names the artifact under quarantine - by content UID, by action class, or by actor identifier as appropriate - and carries the basis for the quarantine, the scope of the restriction, the authority under which it was issued, and the conditions under which it may be released. The basis is a hash-linked reference to the evidence that motivated the quarantine: the execution records, the policy violation reports, the external attestations, or the operator declarations that constitute the case for restriction. The scope enumerates the action classes that are forbidden and any consumers that are forbidden from receiving the artifact. The authority is the policy object that authorized the issuance, recorded by hash. The release conditions enumerate the procedures that may lift the quarantine.

Once committed, the quarantine record is consulted by every authorization decision that touches the named artifact. Authorization is not allowed to proceed in the absence of a fresh view of the chain head, so a quarantine that has been committed cannot be evaded by authorizing against stale state. When an authorization request names a quarantined artifact, the authorization machinery refuses to instantiate any execution context for the forbidden action classes; the refusal is recorded in the chain alongside the request, so that the attempt itself becomes part of the audit trail. There is no path by which the artifact can be admitted to a downstream consumer without first lifting the quarantine through the declared release procedure.

The quarantine lineage is the append-only history of quarantine events for a given artifact. It records the issuance, any extensions or scope changes, the evidence that was added in support of the quarantine over time, the release attempts and their outcomes, and ultimately the lift, if any. Lineage is reconstructible from the chain alone; no participant must trust any other participant's account of the quarantine history. This is what allows quarantine to function across substrate migrations and across operational boundaries: the lineage travels with the artifact's identity, not with any particular operator's records.

Release follows a governed procedure declared in the quarantine record itself. The procedure may require verified remediation - for example, evidence that the suspect content has been replaced by a corrected canonical object whose lineage supersedes the original - or it may require temporal expiration after a declared period during which no further violations were observed, or it may require a quorum of authorities whose attestations together meet the declared release threshold. Whatever the procedure, the release event is itself committed to the chain and references the evidence that satisfied the procedure. A release cannot be effected by side-channel agreement; it must be expressed as a chain-committed event that any participant can verify against the procedure declared in the original quarantine.

Where the release procedure cannot be satisfied - because the evidence does not meet the declared threshold, because the authorities required for a quorum are unavailable, or because the temporal condition has not yet elapsed - the quarantine persists. There is no override path. An operator who believes the quarantine is unjustified must either supply the evidence required by the declared release procedure or initiate an amendment to the procedure itself, which is governed by a separate and audit-required process at the policy level. The structural property of the system is that no individual operator can lift a quarantine through unilateral action.

Operating Parameters

A deployment is characterized by the quarantine scope vocabulary, the evidence taxonomy, the release procedure templates, and the freshness requirements for authorization-time consultation. The scope vocabulary enumerates the action classes and consumer categories that may be restricted; a scope vocabulary that is too coarse forces over-broad quarantines that block legitimate operations, while a vocabulary that is too fine forces operators to enumerate many narrow scopes for each quarantine and increases the likelihood that a relevant scope is omitted.

The evidence taxonomy enumerates the kinds of evidence that may serve as the basis for a quarantine and the schema in which each is recorded. A well-defined taxonomy allows auditors to recognize at a glance whether the evidence cited in a quarantine record meets the structural standard for that quarantine class; a poorly defined taxonomy admits ad-hoc justifications that frustrate audit.

Release procedure templates are pre-declared procedures that quarantine records may reference by hash rather than restating in full. Templates encode common patterns - temporal expiration, verified remediation, quorum attestation - and ensure that quarantines of similar character are released by similar procedures. Operators may declare new templates, but the templates themselves are committed and audit-required, so that a quarantine cannot be released through an ad-hoc procedure invented at release time.

Freshness requirements for authorization-time consultation determine how recent a chain head an authorizing node must hold before refusing to instantiate an execution context. Tighter freshness requirements close the window during which a recently issued quarantine could be evaded but increase the load on the chain head distribution mechanism. Looser requirements reduce load but widen the evasion window. The freshness requirement is published per-policy.

Alternative Embodiments

The mechanism admits embodiments that differ in where authorization-time consultation occurs and how release procedures are evaluated. In a centralized embodiment, a single authorization service consults the chain head and refuses forbidden operations; the structural guarantee survives because the refusal and its basis are committed to the chain and are independently auditable. In a federated embodiment, authorization is performed by any consortium member, and the quarantine record is replicated across the consortium chain; release requires a quorum attestation drawn from the consortium membership.

In a decentralized embodiment, authorization is performed by any participant, and the quarantine record is committed to a public ledger; release procedures rely on public attestations whose validity any participant can verify. In an edge embodiment, authorizing nodes hold cached quarantine records along with the chain head freshness annotations; an authorizing node whose cache is too stale refuses to authorize any operation that names a recently active artifact, falling back to a safe-default behavior rather than risking a missed quarantine.

Embodiments may differ in the granularity of the quarantine. Artifact-level quarantines block specific content. Class-level quarantines block all artifacts of a declared class until the class is itself cleared. Actor-level quarantines block all operations issued by a specific actor across all artifacts. These granularities compose: an actor-level quarantine and an artifact-level quarantine over the same operation each independently suffice to refuse the authorization. The disclosure contemplates all such granularities and their compositions.

Composition with Other Mechanisms

Structural quarantine composes with the other mechanisms of the cryptographic governance framework. It is consumed by the authorization machinery, which refuses forbidden operations and records the refusal. It is fed by the enforcement-feedback machinery, which can emit a quarantine successor policy when observed violations cross a declared threshold. It composes with the resolution machinery of adjacent content-anchoring systems, which carry the quarantine marker on the resolution envelope so that consumers cannot inadvertently route around the quarantine by resolving through a different responder.

Quarantine also composes with the audit machinery of the anchored chain. The quarantine lineage, the basis evidence, the refusal records, and the release events together form a complete record of how a suspect artifact was handled by the system. This record satisfies the evidentiary requirements that legal, regulatory, and contractual regimes increasingly impose: it is reconstructible from the chain alone, it is tamper-evident, and it is interpretable by parties who were not operators of the system at the time of the events.

Finally, quarantine composes with the supersession machinery for canonical content. A quarantine on an artifact may be released specifically because a corrected canonical object has been ingested whose lineage supersedes the suspect original; the release record references both the supersession and the evidence that the supersession remediates the original concern. This is the structural pattern by which adversarial content is removed from circulation: not by deletion, which is unverifiable, but by supersession with quarantine on the antecedent, which is.

Prior-Art Distinctions

Conventional content-moderation and access-control systems address adversarial content through deletion, block lists, allow lists, and trust-based reputation systems. Deletion is unverifiable because the absence of an artifact is indistinguishable from suppression of evidence. Block lists are advisory and depend on the consumer's voluntary consultation; nothing structurally prevents a consumer from operating on a blocked artifact. Allow lists are inflexible and require enumerating every legitimate artifact in advance. Reputation systems depend on social trust assumptions that adversaries actively work to subvert.

Sandbox and capability-restriction systems exist in the operating-systems literature and prevent particular classes of operation, but they typically operate locally to a single host and do not survive substrate migration or consumer change of administrative domain. They also typically lack the cryptographic auditability that allows a third party to confirm that a restriction was correctly enforced at the moment of attempted operation.

The structural quarantine described here is distinguished from these by the combination of chain-committed quarantine records, audit-required release procedures, authorization-time consultation against fresh chain state, lineage that travels with artifact identity rather than with any operator's records, and composition with enforcement feedback so that quarantines can be issued automatically in response to observed violations. The combination forces quarantine to be a structural property of the artifact rather than a discretionary policy of any particular consumer.

Disclosure Scope

This disclosure covers the quarantine record schema, the quarantine lineage, the release procedure framework including templates and ad-hoc procedures, the authorization-time consultation requirements, and the composition with authorization, enforcement feedback, content resolution, supersession, and audit mechanisms. It covers operation under centralized, federated, decentralized, and edge embodiments, and across artifact-level, class-level, and actor-level granularities and their compositions.

The disclosure is not limited to any particular commitment scheme, chain structure, attestation format, or evidence taxonomy. It contemplates substitution of equivalent components so long as the structural properties - chain commitment, lineage reconstructibility, fresh consultation, and audit-required release - are preserved. The guarantee depends on the composition, not on any specific instantiation.