Nominal
The gray/black DAG resolves clean across the fleet. Kinetic writes are admitted — each still validated against the vehicle kinematics envelope.
cmd_vel ✓ · read ✓
RUNTIME LEGITIMACY ENGINE · SAFETY GOVERNOR
Fail‑closed trust for autonomous machines.
Kirra sits between your AI and your actuators. Every command — from an LLM, a planner, or an upstream orchestrator — is judged against live fleet posture before a single byte reaches hardware. If trust can't be proven, nothing moves.
A model that hallucinates 999 m/s, invents a non‑existent action, or issues a kinetic command while the fleet is degraded is stopped at the software layer — and the attempt is permanently recorded in a SHA‑256 hash‑chained ledger.
THE POSTURE ENGINE
Nominal
Degraded
Controlled decel‑to‑stop‑and‑HOLD. Speed may only converge to zero; re‑acceleration is denied. The governor never authors a restart.
cmd_vel ✗ · read ✓LockedOut
A cycle, depth breach, or unresolved trust locks the fleet. Everything is denied — down to telemetry. Recovery is a deliberate human reset.
cmd_vel ✗ · read ✗
Posture is recomputed by a coalescing worker over a real two‑set DAG traversal —
gray set for cycle detection, black set for diamond‑DAG memoization. A
LockedOut dependency propagates upward as LockedOut, never softened to degraded.
SECURITY INVARIANTS, NOT FEATURES
Trust is enforced,
Trust is enforced,
never assumed.
Each of these has been blocked or reverted in review more than once. They are invariants — the system fails closed if any one cannot hold.
Cryptographic attestation
Per‑node Ed25519 proof over a (node_id, nonce) challenge, checked against a
registered attestation key. No registered key, malformed proof, or bad signature → reject.
Constant‑time comparison
Every security‑critical token check runs in constant time. Plain == on secret bytes
is forbidden across the entire codebase.
Fail‑closed admin gate
Mutation routes require an admin token sourced only from the environment. Absent or empty →
503. There is no fail‑open path and no hardcoded fallback.
Tamper‑evident ledger
Every accepted report and denied command links into a SHA‑256 hash‑chained audit log — independently verifiable, append‑only, break‑detecting.
Kinematics envelope
The governor clamps to the absolute hard boundary first, then applies rate‑of‑change limits.
The envelope cap always wins. NaN/Inf are rejected before publish.
Bounded‑time verdict
An O(1) structural boundedness argument guards the governor verdict path, with a CI WCET gate. Host timing is indicative; only QNX‑target numbers feed an FTTI claim.
OCCY LINE · AUTONOMOUS DRIVING
An ASIL‑D governor for the planning & control loop.
A Safety Element out of Context that runs as a two‑rate checker, enforces drivable‑space containment against an HD map, and publishes a Minimal Risk Condition verdict the stack must honor before any trajectory reaches actuators.
SG1
Speed envelope
50 mph / 80 km/h hard cap.
ASIL DENFORCED
SG2
Lateral containment
Drivable‑space margin ≥ 0.40 m.
ASIL DENFORCED
SG3
RSS safety distance
Longitudinal & lateral separation.
ASIL DENFORCED
SG4
MRC publication
On any contract violation.
ASIL DENFORCED
FIVE‑MINUTE INTEGRATION
Compatible with OpenAI function calling, LangChain tools, or any agent that can POST.
Drop Kirra between your AI agent and your robot fleet. Every AI‑generated command is evaluated against the live posture before any hardware interaction occurs.
curl -fsSL kirra.sh/install | sh
import kirra
governor = kirra.Governor("https://verifier.fleet.local")
# LLM proposes an action — Kirra judges it against live posture
verdict = governor.evaluate(
node_id="robot-07",
action={"type": "cmd_vel", "linear": 2.0},
)
if verdict.allowed:
fleet.dispatch(verdict.action) # clamped to envelope
else:
log.warn(verdict.reason) # DegradedSpeedIncreaseDenied
ASIL D
Safety goals enforced end‑to‑end
0
Fail‑open paths in the codebase
0
Mutations behind a constant‑time gate
0
SHA hash‑chained audit ledger
Announcements & technical notes
Deep‑dives on fail‑closed trust, the posture engine, and shipping safety‑critical autonomy — written as the system is built.
Read & subscribe on SubstackIf trust can't be proven,
nothing moves.
Put a fail‑closed governor between your model and the world.