Counter-Action Selection Under Hostility Classification

Mechanism

Counter-action selection operates as a structured second-pass admissibility evaluation triggered when the first-pass candidate fails the operator-intent envelope. The mechanism comprises four sequential stages: candidate rejection, envelope-bounded enumeration, utility ranking, and first-class outcome logging. Each stage is governed by the same credentialed observation framework that governs any other actuation in the operating unit, so counter-action selection is structurally indistinguishable from ordinary action selection except for its provenance lineage and its triggering condition.

In the first stage, a candidate action arrives at the admissibility evaluator carrying its full lineage — sensor observations, classifier outputs, mission-policy bindings, capability-envelope predicates, and environmental constraints. The evaluator computes the composite admissibility score, including the operator-intent overlay. If the operator-intent envelope marks the candidate as forbidden — for example, the candidate would commit force outside the operator-authorized engagement zone, would expend a resource the operator has frozen, or would enter a region the operator has declared off-limits — the candidate is rejected with a structured rejection token. The token names the specific intent predicate that produced the forbid verdict, the lineage segment that intersects that predicate, and the time-bounded scope of the prohibition.

In the second stage, the rejection token is consumed by a counter-action enumerator that produces the set of admissible counter-actions consistent with the operator-intent envelope. The enumerator does not search the full action space. It is bounded by the same envelope that produced the rejection: every candidate it emits is, by construction, satisfying the intent predicate that vetoed the original. Counter-actions include defensive maneuvers, evasive routing, hardened postures, broadcast advisory traffic to allied units, sensor-mode shifts, scheduled re-evaluation under tighter conditions, and explicit no-act commits. The enumerator also produces a null-counter token representing the explicit decision not to substitute, which itself is a valid first-class outcome.

In the third stage, each counter-action candidate is scored under the standard composite-admissibility evaluator. The score combines mission-utility, capability-envelope feasibility, environmental coherence, predicted side-effects on allied units, and confidence-weighted projection of outcome. The highest-scoring counter-action that still satisfies the operator-intent envelope is selected. If two counter-actions tie on utility, deterministic tie-breaking proceeds by lower-side-effect, lower-resource-expenditure, and lower-irreversibility heuristics, in that order, with each tie-break decision logged.

In the fourth stage, the selected counter-action is committed through the same actuation pipeline that any ordinary action would traverse, and a structured outcome record is written. The record names: the original candidate, the rejection token, the enumerated counter-action set, the scoring of each member, the selected counter-action, and the lineage of every observation and policy that fed the selection. The record is signed under the unit's credentialed observation framework and is available to downstream auditors as a first-class outcome — not as a footnote to a failed primary action.

Operating Parameters

The counter-action enumeration window is bounded in both time and computational budget. The window opens at the moment of original-candidate rejection and closes at one of three terminating conditions: the operator-intent envelope is updated and the original candidate becomes admissible; the environmental conditions that drove the original candidate cease to obtain; or a configured staleness deadline expires. Typical deadlines range from milliseconds for kinetic-defense contexts to minutes for navigation and routing contexts to hours for resource-allocation contexts. The deadline is itself part of the operator-intent envelope.

The enumeration cardinality is bounded by a policy-configured ceiling, typically between four and sixteen counter-action candidates per rejection. Beyond the ceiling, the enumerator applies dominated-action pruning: candidates that are strictly dominated by another enumerated candidate on every scoring axis are discarded before utility ranking. The ceiling and pruning policy are themselves credentialed configurations with their own lineage.

The utility scorer operates on the same numeric scale as the primary admissibility evaluator, so counter-action utilities are directly comparable to the original candidate's utility. The scorer accepts a counter-action discount factor, typically in the range 0.6 to 1.0, that reflects the operator's preference for primary-action commitment over substitution. A discount factor of 1.0 signals indifference; lower values signal preference for the original action when feasible. The discount factor does not alter envelope-satisfaction; it only alters the relative ranking of counter-actions against the original candidate when the original candidate is reconsidered after envelope updates.

The first-class outcome record is sized in proportion to the enumeration cardinality and the lineage depth of the contributing observations. Typical records range from a few kilobytes to a few hundred kilobytes. Records are written to the operating unit's tamper-evident outcome log and are also broadcast on the unit's audit channel for downstream observers.

Alternative Embodiments

In a stage-gated embodiment, the selected counter-action is not committed in a single step. The actuation pipeline decomposes the counter-action into successive commit stages, each of which re-enters the admissibility evaluator with updated observations before advancing. This embodiment is appropriate for counter-actions whose side-effects are sensitive to changing environmental conditions — for example, an evasive route that traverses a region whose hostility classification may evolve during traversal.

In an operator-ratification embodiment, the selected counter-action is presented to the operator as an advisory before commit. The operator may ratify, modify the intent envelope (potentially admitting the original candidate), or reject the counter-action and request another enumeration. The advisory presentation includes the rejection token, the enumeration, the scoring, and the projected outcome of the selected counter-action.

In a federated embodiment, counter-action enumeration is distributed across allied units. Each ally proposes counter-actions consistent with its local capability envelope and with the broadcast intent envelope of the originating unit. The originating unit aggregates the proposals, scores them under its own composite admissibility, and selects the highest-utility ally-proposed counter-action when it dominates locally enumerated alternatives.

In a learning embodiment, the outcome records are consumed by a downstream training process that updates the enumerator's prior over likely-useful counter-actions for each rejection-token class. The training does not alter the envelope-satisfaction guarantee; it only narrows the enumeration cardinality by promoting historically high-utility candidates to the front of the enumeration order.

In a civilian embodiment scaled for non-defense protective contexts — vehicular evasion against road-rage attackers, drone evasion in contested airspace, anti-piracy maritime response, anti-stalker personal protection — the same mechanism applies with a narrower default envelope. The civilian embodiment forbids escalation actions by default and admits only evasion, broadcast-alert, and hardening counter-actions unless explicit credentialed authorization expands the envelope.

Composition

Counter-action selection is not a standalone subsystem; it composes with every other governance and observation primitive in the operating unit. The composition surfaces are explicit and lineage-preserving, so each composition is itself auditable as a structural relationship rather than as an emergent behavior. The architecture's correctness depends on the composition surfaces being respected at every interface.

Counter-action selection composes with operator-intent envelope updates, with mission-policy revision, with capability-envelope reconfiguration, and with downstream outcome auditors. Envelope updates re-trigger evaluation of any in-flight counter-action whose commit has not completed. Policy revision propagates through the credentialed observation framework and is reflected in the next admissibility pass. Capability reconfiguration — for example, sensor degradation or actuator loss — narrows the enumeration but does not alter the envelope.

The first-class outcome record composes with the unit's tamper-evident lineage log, with broadcast audit channels to allied units, and with offline forensic-replay infrastructure. Every counter-action commit is reproducible from its outcome record alone, given the lineage of the contributing observations.

Prior-Art Distinction

Conventional rule-based defense systems treat hostility classification as a direct trigger for counter-attack, with no architectural separation between classification and response. The naive pattern produces predictable failure modes under false-positive classification and under environmental contexts in which counter-attack is contraindicated. Conventional planners that do separate classification from response typically treat the substitution as an exception path, logged as a failure of the primary action rather than as a first-class outcome. Reinforcement-learning policies that admit substitution typically lack envelope guarantees and provide no auditable lineage of the substitution decision.

The architecture disclosed here treats the substitution as the design point. The counter-action is enumerated, scored, selected, committed, and logged as a first-class outcome with full lineage. The operator-intent envelope is the architectural boundary, and envelope satisfaction is structurally guaranteed rather than statistically approximated. The disclosure is owned by the parent Cognition Patent.

Disclosure Scope

The disclosure covers any operating unit in which a candidate action rejected by an operator-intent envelope produces a structured rejection token, an envelope-bounded counter-action enumeration, a utility-ranked selection, and a first-class outcome record with full lineage. The disclosure is independent of the specific physical actuation modality, the specific sensor stack, and the specific deployment context. Defense, civilian protective, autonomous-vehicle, robotic-surgery, industrial-safety, and financial-execution embodiments are all within scope.

The substitution mechanism is applicable wherever an authority — human operator, regulatory rule, mission-policy generator, or automated supervisor — establishes a bounded envelope of admissible behavior and where the cost of silently aborting a vetoed action is operationally unacceptable. In contested-airspace drone defense, in emergency-vehicle convoy escort, in offshore-platform shutdown sequencing, in robotic agricultural intervention, in patient-safety overrides during automated treatment delivery, in algorithmic-trading risk vetoes, and in autonomous-vessel maritime-collision avoidance, the same substitution primitive applies under different envelope semantics. The disclosure also covers compositions in which multiple operator-intent envelopes are layered — a mission envelope, a rules-of-engagement envelope, a regulatory envelope, and a personal-safety envelope — with the rejection token naming the binding envelope and the counter-action enumeration bounded by the conjunction of all admitted envelopes.

The first-class status of the counter-action outcome is the load-bearing claim. Conventional architectures treat a substitution as the residue of a primary failure; the disclosed architecture treats it as a designed outcome class with the same audit, replay, and accountability footprint as any other action commit. Forensic auditors, certification authorities, and incident-review boards evaluate counter-action outcomes against the same evidentiary standard as primary-action outcomes, and the structural symmetry between primary and counter outcomes is itself a claim of the disclosure.