Public Alpha • Gate-Scoped Results Only

Verifiable Actuator-Bound Safety Infrastructure

Invariant Governor Systems (IGS) develops an actuator-bound enforcement architecture: an executable safety contract (SSC), a conformance harness, and reproducible evidence artifacts. Obex is the reference interposer implementation of SSC v1.1.

Claim Discipline
IGS does not declare “safety.” Public claims are gate-scoped and supported by reproducible logs + test artifacts. Not a certification authority.
Read SSC v1.1 View Architecture GitHub
Status: TRL-4 prototype / TRL-5 development — not a certified functional safety device.
Problem

Software Guardrails Stop at the Compute Graph.

Embodied AI fails physically. When safety checks run inside the same compute graph as the planner or model, they can fail in the same ways (wedge, out-of-distribution behavior, or compromise) and often produce no audit trail that independent reviewers can trust.

The boundary that matters

SSC is designed to close the “black box control gap” by defining deterministic limits and evidence requirements at the actuator interface — outside the untrusted compute graph.

Key claim
Safety enforcement must hold at the actuator boundary and be supported by reproducible artifacts.
Architecture

Actuator-Bound Enforcement Boundary

Obex is a reference interposer implementation of SSC v1.1 that enforces deterministic limits outside the AI compute graph. The system produces machine-readable artifacts to support gate-scoped claims.

INVARIANT GOVERNOR SYSTEMS Actuator-Bound Enforcement Architecture Figure 1 • v1.1 • Public Alpha • Gate-scoped results only • Not a certification authority AI Compute Graph (LLM / Planner / ROS2) • Untrusted execution environment • May wedge / fail OOD / compromise OBEX Interposer Reference Implementation of SSC v1.1 • Deterministic enforcement boundary • Outside the compute graph • Emits machine-readable artifacts Motor Controllers / Actuators (PWM / STO / Fieldbus) • Physical motion boundary • Limits must hold here Command Stream Enforced Commands Encoder / Torque Feedback (optional) Hardware-Enforced Invariants • Max velocity • Max torque / force • Joint bounds / limits Latency Target: < 10 ms IGS publishes gate-scoped results backed by reproducible artifacts. No safety or certification claims are made on this basis.

Figure 1 (v1.1): Actuator-bound enforcement boundary (IGS). Public alpha. Gate-scoped results only. Not a certification authority.

Components

What IGS Provides

SSC v1.1 (Contract)

Executable safety contract defining deterministic limits, modes, and required evidence fields.

Conformance Harness

Reproducible tests that validate SSC semantics and generate comparable results across platforms.

Evidence Artifacts

Machine-readable artifacts (logs + distributions) intended for independent review. Evidence packs are gate-aligned and on the roadmap.

SSC v1.1

Safety Specification Contract

SSC defines units, semantics, modes, stop behavior, and required evidence fields. Obex is the reference implementation of SSC v1.1 at the actuator boundary.

Naming (canonical)

  • Organization: Invariant Governor Systems (IGS)
  • Contract/spec: SSC (Safety Specification Contract)
  • Reference implementation: Obex Interposer (SSC v1.1)
  • Evidence artifacts: Evidence Packs (EP-series) — gate-aligned roadmap
SSC v1.1 (Canonical Spec) Repo SSC v1.1 (PDF)

Canonical spec lives on GitHub (versioned). PDF provided for review convenience.

Core Caps (example)

  • V_CAP: velocity cap (ticks/sec)
  • A_CAP: acceleration cap (ticks/sec²)
  • EFFORT_CAP: effort/current limit (where available)
  • Field behavior: rewrite/clamp + log (default)
  • Safe stop default: HOLD (effort-limited hold + latch)
TRL-6+ requires independent witness + physically enforced field posture (gate-locked).

Modes (Teach / Field / Maintenance)

  • Teach: configuration + calibration; everything logged
  • Field: default deny; caps/policy locked from upstream software (gate-locked)
  • Maintenance: controlled fault clearing (physical action + audit log)

Example configuration:

{
  "caps": {
    "global": { "v_cap": 1000, "a_cap": 5000, "mode": "rewrite" },
    "overrides": {
      "joint_shoulder": { "v_cap": 800, "a_cap": 3000 },
      "joint_gripper":  { "v_cap": 1500, "a_cap": 8000 }
    }
  }
}
Evidence

Conformance + Evidence Artifacts

Adoption is driven by reproducibility: spec → harness → artifacts → independent replication. Evidence Packs (EP-series) are on the gate-aligned roadmap; until then, public claims remain gate-scoped and artifact-backed.

Conformance Harness

Repeatable test suite validating SSC semantics: allowlist policy, rewrite behavior, malformed packet handling, fuzzing robustness, and stop ladder semantics.

Evidence Artifacts

Standardized machine-readable artifacts (configuration + logs + latency distributions). Designed for reproducibility.

Integrity (Gate-Locked)

Hash-chained logs + verifier tooling required for TRL-5+. Signatures and device identity binding are gate-locked for field units.

Explore the Repo
Proof of Concept (TRL-4)

Bench Demo: Clamp + Log

This proof-of-concept shows SSC-style positional containment: a safe range is configured (10°–170°). A valid command (85°) is allowed. An out-of-range command (999°) is clamped to the configured maximum (170°) and the enforcement event is logged.

Gates

Evidence-First Gate Framework

IGS does not “declare safety.” We publish gate-scoped results backed by reproducible artifacts.

Phase A — Standard + Harness (Adoption Wedge)

  • Gate 0: MCU sanity (Teensy + SG90)
  • Gate 1: actuator characterization + calibration constants
  • Gate 2: MITM passthrough + protocol fuzzing (no wedge)
  • Gate 3: TRL-4 containment conformance (default deny + rewrite)

Phase B — TRL-5 Evidence (Witness + Integrity)

  • Gate 4: telemetry witness + stop ladder metrics (report distributions)
  • Gate E: evidence integrity (hash-chained logs + verifier)
  • Regression rule: enforcement changes require re-running Gates 2–4

Phase C — Fieldable (TRL-6 Gate)

  • Gate 5: Interlock-LV prototype + trip curves + thermal protection
  • Gate 5.5: Field posture physical enforcement + tamper/bypass tests
  • Gate 6: SSC-P1 conformance + mainstream traffic compatibility
  • Gate 7: Independent witness (external encoder) + tolerance characterization

Claim discipline: advanced demos and any external functional safety review occur only after gate-locked evidence exists.

Developers

Developer Quick-Start

Clone the reference implementation and reproduce the bench test. If it can’t be reproduced, it doesn’t count. 

# Clone the repo
git clone https://github.com/repozilla2/sentinel-proxy
cd sentinel-proxy
// Example: caps in ticks/sec and ticks/sec²
#define V_CAP_TICKS_PER_SEC 1000
#define A_CAP_TICKS_PER_SEC2 5000
// Field default policy: rewrite/clamp + log

Design Partners

If you run LeRobot-style stacks or actuator buses in a lab, we want you as a reproduction partner. Partners who run the harness and publish artifacts are prioritized.

Apply for Partner Batch Support (Manifund)