# Pattern: Kill Switch / Tenant Freeze Status: seed Readiness target: RL3 production Primary owners: NetKingdom, product repos, Railiance platform Genesis family: Detection and response ## Problem Operators need a fast containment mechanism when a tenant, app, token, or integration appears compromised or abusive. ## Context Use this pattern for tenant compromise, runaway automation, abusive API usage, malicious uploads, credential exposure, or legal/security holds. ## Forces - Containment must be fast. - Freezing a tenant can be high impact. - Actions need scope, reason, approval, and audit. - Recovery must be predictable and reversible where possible. ## Solution Provide controlled kill-switch or tenant-freeze states that can block login, API access, background jobs, credential vending, uploads, or data mutation according to scoped policy. ## Verification - Freeze actions take effect across API, jobs, credentials, and uploads. - Scope and reason are recorded. - Tenant-visible communication rules are defined. - Unfreeze requires authorized review and audit. ## Related Patterns - Tenant Isolation. - Token Revocation Sweep. - Incident Runbook Library. - Central Audit Ledger.