generated from coulomb/repo-seed
44 lines
1.2 KiB
Markdown
44 lines
1.2 KiB
Markdown
# Pattern: Kill Switch / Tenant Freeze
|
|
|
|
Status: seed
|
|
Readiness target: RL3 production
|
|
Primary owners: NetKingdom, product repos, Railiance platform
|
|
Genesis family: Detection and response
|
|
|
|
## Problem
|
|
|
|
Operators need a fast containment mechanism when a tenant, app, token,
|
|
or integration appears compromised or abusive.
|
|
|
|
## Context
|
|
|
|
Use this pattern for tenant compromise, runaway automation, abusive API
|
|
usage, malicious uploads, credential exposure, or legal/security holds.
|
|
|
|
## Forces
|
|
|
|
- Containment must be fast.
|
|
- Freezing a tenant can be high impact.
|
|
- Actions need scope, reason, approval, and audit.
|
|
- Recovery must be predictable and reversible where possible.
|
|
|
|
## Solution
|
|
|
|
Provide controlled kill-switch or tenant-freeze states that can block
|
|
login, API access, background jobs, credential vending, uploads, or data
|
|
mutation according to scoped policy.
|
|
|
|
## Verification
|
|
|
|
- Freeze actions take effect across API, jobs, credentials, and uploads.
|
|
- Scope and reason are recorded.
|
|
- Tenant-visible communication rules are defined.
|
|
- Unfreeze requires authorized review and audit.
|
|
|
|
## Related Patterns
|
|
|
|
- Tenant Isolation.
|
|
- Token Revocation Sweep.
|
|
- Incident Runbook Library.
|
|
- Central Audit Ledger.
|