Counter-Action Selection Under Hostility Classification

Mechanism

The mechanism rests on a deliberate decoupling of three operations that prior-art response architectures collapse into a single coupled event: (i) classification of an external entity as hostile; (ii) expansion of the admissibility envelope to include defensive and counter-active options; and (iii) selection within that expanded envelope of the action whose utility, conditioned on the prevailing intent, is maximal among admissible candidates. The hostility classification is itself a credentialed observation — emitted by a sensor-fusion classifier with a confidence interval, a provenance record, and a freshness timestamp — and is consumed by the admissibility evaluator on the same footing as a kinematic track, an environmental hazard report, or a mission-policy update.

When the admissibility evaluator ingests a hostility credential of sufficient confidence pertaining to a class-X entity, its policy specifies a structural envelope expansion: actions in set Y, which would be inadmissible under the baseline policy, are added to the candidate set. Set Y is policy-defined and may include sharp evasive maneuvers that violate normal comfort or fuel-economy constraints; broadcast emissions that would normally be suppressed for stealth; defensive posture changes that consume additional power; in defense configurations, weaponized counter-measures that are gated behind explicit rules-of-engagement (ROE) credentials. The expansion is structural — it modifies the candidate space — but it does not modify the selection criterion. Selection still runs through the standard utility-against-intent computation.

The selection step proceeds as follows. For each candidate action a in the expanded admissibility set A', the evaluator computes (1) a feasibility score F(a) reflecting whether the operating unit's capability envelope admits the action under current dynamic state; (2) an intent-alignment score I(a) reflecting how well the action's predicted outcome trajectory satisfies the active intent specification, which under hostility includes both the original mission intent and any defensive sub-intents the policy injected; (3) a collateral-cost score C(a) reflecting predicted impact on non-hostile entities, mission assets, and protected resources; and (4) a residual-risk score R(a) reflecting the predicted post-action threat state. The composite admissibility score is a policy-weighted combination, and the action with the highest composite score that satisfies hard constraints (ROE credentials present, kinematic envelope respected, collateral budget unexceeded) is selected for commit.

Crucially, the case in which no candidate counter-action satisfies the gating is itself a valid outcome. The evaluator may return a null-commit decision — meaning the hostility classification expanded the envelope, but no member of the expanded envelope passed gating, so the unit continues with its baseline action plan. Lineage records the considered candidates, their scores, and the constraint that disqualified each, so that post-mission audit can reconstruct exactly why counter-action was withheld despite hostility.

Operating Parameters

The operating parameters governing counter-action admissibility partition into four families. The first is the classification-confidence threshold family: a minimum credential confidence below which envelope expansion is suppressed entirely; a graduated-expansion schedule under which intermediate confidences expand only the soft (non-weaponized) subset of set Y; and a confidence-decay rate governing how rapidly an aging classification credential loses its envelope-expanding force in the absence of confirmatory observations.

The second is the envelope-shape family. Each policy-defined set Y is parameterized by the entity class it responds to (a stalker on foot, a road-rage driver, a hostile drone, an armed surface vessel), the geometric region in which the expansion applies (a defended perimeter, a mission corridor, a no-go zone), and the temporal window over which the expansion persists. Envelope shapes are composable: simultaneous hostility classifications of multiple entities produce union envelopes, with policy-defined precedence rules resolving conflicts when two expansions would admit mutually incompatible actions.

The third is the commit-staging family. Counter-actions are not all-or-nothing; the policy specifies, for each action in Y, whether it commits in a single step, in successive stages with intermediate verification gates, or only after explicit operator ratification of an advisory display. Staging parameters include the inter-stage dwell time, the verification observation set required at each gate, and the abort criterion under which a partially committed counter-action reverses to baseline posture. For weaponized counter-measures the staging is typically multi-gate with explicit human-on-the-loop ratification at the terminal commit.

The fourth is the collateral-budget family. A collateral budget caps the predicted impact on non-hostile entities and protected resources that any counter-action may incur; the cap is policy-defined and may be theatre-specific, mission-specific, or set by externally-supplied ROE. Counter-actions whose predicted collateral exceeds the budget are inadmissible regardless of their hostility-driven envelope membership. The budget parameters include the collateral-prediction model identifier, the confidence interval the prediction must meet, and the budget-replenishment schedule across mission phases.

Alternative Embodiments

A first alternative embodiment realises the architecture in a vehicular civilian-defense configuration. The operating unit is a passenger automobile; the hostility classifier ingests rear-camera, side-radar, and audio-tracking observations and emits a credential when a following vehicle's behaviour pattern matches a road-rage or pursuit signature. The expanded envelope set Y includes broadcasting an alert to a paired smartphone and emergency contacts, increasing speed beyond a normally-applied driver-comfort cap, executing route deviations through higher-traffic-density streets, locking external doors and windows, and engaging the highest-priority emergency-services channel. No weaponized member is present; the staging on each soft member is single-step with a brief operator-display window.

A second alternative embodiment realises the architecture in a maritime anti-piracy configuration. The unit is an autonomous or semi-autonomous surface vessel; the classifier fuses radar, AIS-anomaly detection, and approach-vector analysis to credential a hostile small-craft. The expanded envelope adds high-pressure water deflection, long-range acoustic warning, evasive maneuvering outside normal fuel-economy bounds, and (under explicit owner-authorised ROE) non-lethal disabling counter-measures. Staging is multi-gate; the terminal counter-measure gate requires a fresh credentialed authorisation from a remote operator within a bounded latency window.

A third alternative embodiment realises the architecture in a contested-airspace UAV configuration. The classifier combines RF-emission signatures, kinematic intent inference, and IFF-absence to credential a hostile aerial entity. Set Y includes evasive descent, jamming-resistant routing, formation reorganisation, and (in defense variants) authorised counter-UAV measures. The collateral-budget family is set to be highly restrictive in proximity to civilian air corridors and is dynamically tightened by mission policy when populated areas are under-track.

A fourth alternative embodiment realises the architecture in a pedestrian personal-protection configuration. The unit is a wearable device paired with a smartphone; the classifier fuses gait-tracking, audio-pattern, and proximity-persistence signals to credential an apparent stalker. The expanded envelope contains exclusively soft, signalling, and routing actions: covertly broadcasting location to designated contacts, suggesting route changes, surfacing a duress-mode user interface, and pre-dialling emergency services. No physical counter-measure is admitted in any policy.

A fifth alternative embodiment realises the architecture in a networked-sensor critical-infrastructure configuration. The hostility classifier operates on cyber-physical observations — anomalous control-system commands, intrusion indicators, physical-perimeter breach signals — and credentials a hostile actor against a power-grid, water-treatment, or transportation asset. Set Y includes load-shedding to defensive postures, isolation of compromised segments, broadcast to paired infrastructure operators, and (where authorised) counter-cyber actions. Staging is heavily gated; the collateral-budget family models cascading-failure risk explicitly.

Composition With Other Architecture Primitives

Counter-action admissibility composes with the broader human-relatable-intelligence stack along well-defined seams. It consumes the hostility-classification credential produced by the risk-versus-hostility bifurcation primitive, which guarantees that the credential is intentional-adversarial in nature rather than a high-statistical-risk environmental flag. It uses the intent-envelope specification produced by the intent-as-first-class-citizen primitive to score the alignment of each candidate counter-action; intent envelopes that explicitly forbid certain actuation classes will cause those classes to be inadmissible even within an expanded envelope.

It composes with the lineage and audit-grade-recording primitive to produce a per-decision record containing the inbound hostility credential and its confidence, the policy-derived envelope expansion, the candidate set evaluated, the scores assigned to each candidate, the constraint outcomes, and the selected (or null) commit. It composes with the confidence-governed actuation primitive, which provides the staging machinery for any counter-action that requires multi-gate commitment.

It composes with mission-policy and ROE-credential ingestion: an ROE credential modifies the policy that defines set Y for a given entity class, allowing run-time tightening or loosening of the admissible counter-action subset without redeployment of the unit's software. Finally, it composes with the operator-display and ratification primitive, which surfaces advisory counter-action proposals for human ratification when policy requires it.

Prior-Art Distinction

Prior-art response architectures fall into two principal families, each of which fails to provide the structural decoupling that this primitive specifies. The first family — represented by classical rule-based defensive systems and most current autonomous-vehicle safety stacks — couples classification and response in a single conditional: if hostile, then react. The reaction is hard-coded per classification class and is not separately gated against environmental, mission, or collateral considerations. False-positive classifications produce inappropriate reactions; the architecture has no representational space in which to record that hostility was classified but counter-action was withheld for environmental reasons.

The second family — represented by some modern reinforcement-learning combatant agents and end-to-end neural defensive policies — collapses classification, gating, and selection into a single learned policy that maps observations to actions. While such systems can in principle learn context-sensitive responses, they do so without an explicit gating layer, without a structural envelope-expansion concept, and without an audit-grade per-decision lineage. The selected action cannot be decomposed into "the classifier said hostile" plus "the gate selected this option for these reasons," because the architecture provides no internal artefact corresponding to either step.

The present primitive is structurally distinct on three points. First, hostility classification is an envelope-expansion event, not a response-trigger event. Second, selection within the expanded envelope is a separate, audit-recorded, policy-governed computation that consults environmental, intent, and collateral variables that are not consulted by hostility classification itself. Third, the null-commit outcome — hostility classified, envelope expanded, no member of the envelope selected — is a first-class, recorded outcome rather than an architectural impossibility. No prior-art system exhibits all three properties.

Disclosure Scope

The present disclosure is to be read as describing a structural primitive, not a particular product. The primitive comprises: (a) a credentialed-observation ingestion path for hostility classifications; (b) a policy-driven envelope-expansion mechanism that adds policy-defined action sets to the admissibility candidate space conditioned on the credentials received; (c) a composite admissibility evaluator that scores each candidate against feasibility, intent-alignment, collateral, and residual-risk factors, gates against hard constraints, and selects a commit (possibly the null commit); (d) a staging mechanism providing single-step, multi-gate, or operator-ratified commit pathways; and (e) a lineage-recording mechanism producing an audit-grade per-decision record.

The primitive is disclosed as applicable to defense autonomy, civilian vehicular protection, maritime anti-piracy, contested-airspace UAV operation, pedestrian personal protection, critical-infrastructure cyber-physical defense, and any other configuration in which an operating unit must distinguish "an entity is hostile" from "the unit should counter-act now." The scope is intended to encompass implementations in which set Y is defined by static policy, learned policy, externally-supplied ROE credentials, or any combination thereof, and implementations in which the composite admissibility evaluator is realised as a rule-based system, a learned scoring network, or a hybrid. The decoupling — classification expands envelope, gating selects within envelope, null-commit is first-class — is the inventive substance, and the scope is to be construed accordingly.