Autonomous Systems Incident Reconstruction — Patent‑Safe PoC Design (v0.1)
Community Article
Published
October 29, 2025
Original Source: https://huggingface.co/datasets/kanaria007/agi-structural-intelligence-protocols/blob/main/spec/supplements/autonomous-incident-reconstruction-v0.1.md
Purpose. Make autonomy decisions traceable, explainable, and reversible across perception → planning → control, so incidents can be reconstructed with court‑grade evidence and unsafe behavior can be frozen instantly.
Patent‑safety clarification. All performance figures are host‑visible, interop‑boundary SLOs (sensor‑ingest ack, decision‑frame emit, ethics‑halt, audit‑emit, revert). We do not prescribe model internals, training methods, safety envelopes, schedulers, micro‑architecture, or ECU layouts.
Licensing. Text CC BY 4.0. Code/pseudocode MIT. See SPEC‑LICENSE.
0 TL;DR
- What: A minimal Incident Forensics Layer for AV/UAV/robotics that records sensor frames, decisions, actuation, and ethics gates as a causal chain and supports safe freeze/rollback to a last‑known‑good model/params.
- How: Standardize SensorIngestReceipt, DecisionFrame, ActuationTrace, EthicsGateEvent, IncidentTombstone, RollbackReceipt; expose a tiny Orchestrator API.
- Why now: Regulations demand explainability & audit; SI’s Reflexia + Rollback + MEM/ETH closes the recurring gap between black‑box models and safety cases.
1 Problem → Gap → SI Mapping
| Problem (today) | Evidence gap | SI mapping |
|---|---|---|
| Post‑accident analysis is inconclusive | Missing synchronized view of sensor→decision→actuation | Reflexia causal ledger + MEM append‑only |
| Explanations are ad‑hoc | No normative DecisionFrame or proof bundle | Proof Objects with signed envelopes (SIS/WORM) |
| Unsafe behavior persists seconds too long | No instant, policy‑driven halt/freezing | ETH hooks with ethics_halt_p95 SLO |
| Model rollbacks are brittle | No canonical marks of model/thresholds | Rollback marks + RIR measurement |
| Multi‑vehicle incidents are fragmented | No cross‑unit protocol | 2PC‑style sync for fleet/cohort |
Mermaid overview
flowchart LR
A[Sensor Frames] --> B[/sensor/ingest]
B --> C[Provenance Ledger (MEM)]
C --> D[/decision/append]
D --> E[/actuation/mark]
D --> F[/ethics/evaluate]
F -- breach --> G[/incident/tombstone]
G --> H[/revert]
E --> C
F --> C
2 Normative Proof Objects (append‑only)
All envelopes are signed, time‑stamped, and WORM‑stored. Hashes follow the Algorithm Suite registry. Examples below are illustrative.
2.1 SensorIngestReceipt (calibrated frame arrival)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:00Z",
"unit_id":"UAV-42",
"case_id":"CASE-2025-10-20-001",
"sensors":[{"type":"camera","id":"cam_front","frame_hash":"sha256:...","fps":30},
{"type":"lidar","id":"ld_top","scan_hash":"sha256:...","hz":10}],
"sync":{"time_source":"GNSS+PTP","skew_ms":2},
"env_hash":"sha256:ENV...",
"calib_ref":"s3://calib/UAV-42/2025-10-01.json",
"sig":"ed25519:..."
}
2.2 DecisionFrame (perception→planning snapshot)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:00.054Z",
"unit_id":"UAV-42",
"case_id":"CASE-2025-10-20-001",
"frame_id":714205,
"model_ref":"model:navnet@sha256:...",
"params_ref":"kv://thresholds/2025-10-18.yaml",
"inputs":{"camera":"sha256:...","lidar":"sha256:..."},
"features":{"bbox_hash":"sha256:...","map_tile":"sha256:..."},
"decision":{"class":"avoid","target":"lat:...,lon:...","confidence":0.93},
"explanation":{"saliency_ref":"s3://exp/...","top_factors":["obstacle@x=23,y=51","wind"]},
"determinism":{
"level":"PDET",
"epsilon":1e-6,
"backend":"CUDA 12.x; cuDNN deterministic",
"seeds":{"prng":12345,"augment":678}
},
"sirrev":{"block":"DF","idx":142},
"sig":"ed25519:..."
}
2.3 ActuationTrace (control outputs)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:00.060Z",
"unit_id":"UAV-42",
"case_id":"CASE-2025-10-20-001",
"control":{"aileron":-0.12,"elevator":0.07,"throttle":0.65},
"latency_ms":6.1,
"sirrev":{"block":"AT","idx":143},
"sig":"ed25519:..."
}
2.4 EthicsGateEvent (policy evaluation & halts)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:00.061Z",
"unit_id":"UAV-42",
"case_id":"CASE-2025-10-20-001",
"policy_profile":"strict",
"evaluation":{"status":"pass","rules_checked":17},
"mitigation":null,
"sig":"ed25519:..."
}
2.5 IncidentTombstone (proof‑preserving incident record)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:05.000Z",
"incident_id":"INC-2025-10-20-007",
"case_id":"CASE-2025-10-20-001",
"symptoms":["altitude_drop","no‑fly‑zone proximity"],
"policy":{"public_receipt":false},
"mitigation":"freeze mission; RTH",
"sig":"ed25519:..."
}
2.6 RollbackReceipt (model/params revert evidence)
// SPDX-License-Identifier: MIT
{
"v":"1",
"ts":"2025-10-20T10:01:05.180Z",
"incident_id":"INC-2025-10-20-007",
"case_id":"CASE-2025-10-20-001",
"reverted_to":{"model":"model:navnet@sha256:OLD","params":"kv://thresholds/2025-09-30.yaml"},
"outcome":{"status":"restored","errors":0},
"metrics":{"revert_latency_ms":180},
"sirrev":{"block":"RB","idx":151},
"sig":"ed25519:..."
}
3 Minimal Orchestrator API (extract)
openapi: 3.0.3
info: { title: SI Autonomous Incident Orchestrator, version: 0.1.0 }
paths:
/case/start: { post: { summary: start a new case (unit/session), responses: { '201': { description: case_id }}}}
/sensor/ingest: { post: { summary: register a synchronized sensor batch, responses: { '201': { description: receipt }}}}
/decision/append: { post: { summary: append a DecisionFrame (DET‑ready), responses: { '201': { description: frame accepted }}}}
/actuation/mark: { post: { summary: record control outputs and latency, responses: { '201': { description: trace recorded }}}}
/ethics/evaluate: { post: { summary: evaluate policy (allow/deny/freeze), responses: { '200': { description: decision returned }}}}
/incident/tombstone: { post: { summary: issue incident tombstone and freeze policy, responses: { '201': { description: tombstone appended }}}}
/revert: { post: { summary: revert model/params to last good mark (2PC optional for fleets), responses: { '202': { description: reverted }}}}
/audit/export: { get: { summary: export append‑only envelopes (jsonl), responses: { '200': { description: jsonl stream }}}}
4 Performance SLOs & KPIs (host‑visible)
Notes. p95 over ≥30 runs (exclude first 3 warm‑ups). Values are interop latency at the orchestrator/host boundary. PoC targets are normative for v0.1; Stretch are guidance.
| Metric | Definition | PoC Target | Stretch |
|---|---|---|---|
| sensor_ingest_ack_p95 | /sensor/ingest → ack |
≤ 10 ms | ≤ 5 ms |
| decision_frame_emit_p95 | inference end → DecisionFrame envelope | ≤ 20 ms | ≤ 10 ms |
| actuation_trace_emit_p95 | decision → control trace | ≤ 10 ms | ≤ 5 ms |
| ethics_halt_p95 | breach → freeze/mitigation execution | ≤ 50 ms | ≤ 20 ms |
| xai_faithfulness | Δ(decision) when top-k factors removed | ≥ 0.85 | ≥ 0.90 |
| xai_consistency | corr(expl_t, expl_{t+1}) over stable scenes | ≥ 0.90 | ≥ 0.95 |
| xai_coverage | % decisions with valid explanation_ref |
≥ 0.99 | 1.00 |
| replay_RIR | deterministic replay success / 1k | ≥ 0.9995 | ≥ 0.9999 |
| determinism_CAS | identical inputs (DET) → same decisions | ≥ 0.999 | ≥ 0.9995 |
| decision_delta_p95 | ‖decision_t − decision_replay‖ (norm) | ≤ 1e-6 | ≤ 1e-7 |
| obs_quality_pass | sensor quality gate pass ratio | ≥ 0.995 | ≥ 0.999 |
| audit_gap_rate | missing envelopes / all events | ≤ 1e-5 | ≤ 1e-6 |
| SCover | traced blocks / total | ≥ 0.90 | ≥ 0.95 |
| EAI | ethics pass ratio on effectful ops | ≥ 0.995 | ≥ 0.997 |
Telemetry keys: sensor_ingest_ack_p95, decision_frame_emit_p95, actuation_trace_emit_p95, ethics_halt_p95, xai_faithfulness, xai_consistency, xai_coverage, replay_RIR, determinism_CAS, decision_delta_p95, obs_quality_pass, audit_gap_rate, SCover, EAI.
Definitions (normative) for obs_quality_pass = 1 per batch:
- Calibration current (≤ 7 days old) and matching
calib_ref. - Time sync skew
skew_ms ≤ 10(GNSS + PTP) across contributing sensors. - No drops: zero missing frames within the synchronized batch window.
- Env bounds: ambient luminance/wind/temperature within declared operating envelope (vendor-agnostic telemetry), else fail.
5 Methodology (measurement)
- Modes: baseline (no provenance) → audit‑only → DET‑only → audit+DET → audit+DET+ethics → fleet 2PC.
- Scenarios (sim or HIL): pedestrian crossing, stop sign occlusion, tail‑wind landing (UAV), GNSS dropout.
- Synchronization: GNSS + PTP; record
time_source,skew_mson every envelope; reject runs with skew > 10 ms. - Replay: capture inputs + model/params;
si-bench replaymust reproduce DecisionFrames under DET; compute CAS and decision_delta_p95. - Ethics tests: policy rule‑sets (standard/strict/research); inject violations; measure ethics_halt_p95.
- Export/Bundle:
nos audit export --window 24h > eval.jsonl
si-bench collect eval.jsonl --out autonomy_bench.json
Bundles include CAS/SCI/SCover/EAI/RBL/RIR alongside SLOs.
5.1 Multi‑unit / Fleet incidents (normative)
- Cohort = vehicles/robots in incident radius; orchestrator acts as coordinator.
- Protocol: 2PC‑style PREPARE/COMMIT/ABORT for /revert and /freeze; idempotent messages with
xid. - Safety: if any cohort aborts, none commit; on coordinator loss, cohorts reconcile via WORM ledger.
- SLOs:
fleet_prepare_p95 ≤ 80 ms,fleet_commit_p95 ≤ 80 ms,global_revert_RIR ≥ 0.9995.
5.2 Explanation Quality (normative)
XAI metrics.
- Faithfulness: effect size on the decision when top-k factors are masked/removed. Compute by re-evaluating the pipeline with factors excised; report normalized Δ on logits or calibrated score.
- Consistency: Pearson correlation between explanations for frames t and t+1 over stable scenes (no label/state change). Use identical seeds.
- Coverage: ratio of decisions that include a valid
explanation_ref(saliency or structured rationale) per §2.2.
Validation.
- Persist saliency/rationale artifacts with checksums and size; record generator version in
env_hash. - Ensure
top_factorsextraction is deterministic under DET (§5.3); store extraction seed. - (If ground truth exists) report human alignment score (Likert or rubric) with inter-rater reliability (κ ≥ 0.7).
Targets. xai_faithfulness ≥ 0.85, xai_consistency ≥ 0.90, xai_coverage ≥ 0.99 (PoC). Stretch: 0.90 / 0.95 / 1.00.
5.3 Determinism Constraints (normative for DET mode)
Forbidden or constrained ops (DET).
- CUDA atomics / non-associative reductions unless proven commutative and order-stable.
- Non-deterministic dropout or data-dependent control flow without fixed seeds and bounded loops.
- Asynchronous kernels that reorder floating-point accumulation without deterministic reduction trees.
Required settings.
- Use deterministic cuDNN/oneDNN modes; enforce IEEE-754 strict or fixed-point arithmetic where applicable.
- Record all seeds (PRNG, data shuffles, augmentation) in DecisionFrame.
- Pin library versions in
env_hash; disallow implicit autotuning in DET runs.
Test protocol.
- Replay N = 30 with identical inputs; compare decision hashes.
- Compute CAS and decision_delta_p95; require
determinism_CAS ≥ 0.999anddecision_delta_p95 ≤ 1e-6(PoC) else fail. - Publish failure trace (op names, kernels) to aid remediation.
5.4 Determinism Capability Levels (DCL)
Define and report determinism.level ∈ {DCL-0, DCL-1, DCL-2, DCL-3, DCL-4} on every DecisionFrame:
- DCL-0 (NONE): no determinism guarantees; audit-only.
- DCL-1 (PDET): probabilistic determinism on commodity stacks (pinned seeds/versions); CAS ≥ 0.99 and
decision_delta_p95 ≤ 1e-5. - DCL-2 (DET-Host): strict determinism on host/CPU pipeline.
- DCL-3 (DET-GPU): deterministic library paths; reproducible reductions; CAS ≥ 0.999.
- DCL-4 (SI-GSPU): hardware-enforced determinism with reversible execution (sirrev) and barrier-scheduled reductions; bitwise replay.
Reporting. The orchestrator aggregates DCL histograms per run and exposes them in the bench bundle.
5.5 SI-GSPU Path (non-normative, forward-looking)
- What improves: barrier-ordered FP reductions, transactionally captured execution (sirrev blocks), and rollback-safe model swaps.
- Effect: raises feasible DCL from 1–3 → 4, turning DET from an emulation into a property of the platform.
- Interop: this spec remains host-visible; SI-GSPU conformance just increases SLO headroom and reduces decision_delta_p95 to ~0.
6 Compliance & Ecosystem mapping
- ISO 26262 / UL 4600: safety case evidence; traceability from requirement → test → field event.
- DO‑178C / DO‑330: for avionics‑grade logging and tool qualification guidance (evidence only).
- EU AI Act (High Risk): logging, transparency, and human‑in‑the‑loop review hooks.
- Data protection: proof‑preserving redaction for bystanders (see GDPR supplement); configurable
policy_profile.
7 PoC Plan (6–8 weeks)
Week 1: Pin env; provision WORM; define schemas; integrate ROS 2/RTPS or MAVLink bridge to /sensor/ingest.
Weeks 2–3: Implement /decision/append (model‑agnostic wrapper) and /actuation/mark; add obs_quality_pass gates.
Weeks 4–5: Implement /ethics/evaluate (profiles: standard/strict/research); add IncidentTombstone and /revert with model/params marks.
Weeks 6–8: Scenario drills in sim/HIL; fleet 2PC; publish bench bundle + incident runbook.
Exit criteria: All PoC SLOs met; replay_RIR ≥ 0.9995; ethics_halt_p95 ≤ 50 ms; audit completeness 100%.
8 Security & Safety
- Tamper‑evidence: every envelope signed; clock sync; root‑of‑trust pinned.
- Access control: tiered access to frames/explanations; optional redaction receipts.
- Dual control: production freeze/revert requires two‑person approval; break‑glass logged.
- Abuse prevention: rate‑limit orchestrator; per‑unit quotas; audit on admin ops.
Appendix A — JSON Schemas (sketch)
// sensor-ingest.schema.json (excerpt)
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"required": ["v","ts","unit_id","case_id","sensors","sig"],
"properties": {
"v": {"const":"1"},
"ts": {"type":"string","format":"date-time"},
"unit_id": {"type":"string"},
"case_id": {"type":"string"},
"sensors": {"type":"array"},
"sync": {"type":"object"},
"env_hash": {"type":"string"},
"calib_ref": {"type":"string"},
"sig": {"type":"string"}
}
}
// decision-frame.schema.json (excerpt)
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"required": ["v","ts","unit_id","case_id","frame_id","model_ref","inputs","decision","sig"],
"properties": {
"v": {"const":"1"},
"ts": {"type":"string","format":"date-time"},
"unit_id": {"type":"string"},
"case_id": {"type":"string"},
"frame_id": {"type":"integer"},
"model_ref": {"type":"string"},
"params_ref": {"type":"string"},
"inputs": {"type":"object"},
"features": {"type":"object"},
"decision": {"type":"object"},
"explanation": {"type":"object"},
"determinism": {"type":"object"},
"sirrev": {"type":"object"},
"sig": {"type":"string"}
}
}
// incident-tombstone.schema.json (excerpt)
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"type": "object",
"required": ["v","ts","incident_id","case_id","sig"],
"properties": {
"v": {"const":"1"},
"ts": {"type":"string","format":"date-time"},
"incident_id": {"type":"string"},
"case_id": {"type":"string"},
"symptoms": {"type":"array","items":{"type":"string"}},
"policy": {"type":"object"},
"mitigation": {"type":"string"},
"sig": {"type":"string"}
}
}
Appendix B — Baseline Stack for Fair Comparisons
- Middleware: ROS 2/RTPS or MAVLink; PTP time sync; deterministic logging mode on.
- Sim/HIL: vendor‑neutral sim (e.g., CARLA/AirSim) or HIL rigs; fixed seeds and maps.
- Runtime: RT‑kernel or low‑latency profile pinned; autopilot firmware version pinned.
- Disclosure: unit type, sensors, map versions, policy profile, tracer versions, time source.
Appendix C — Integration Examples
C.1 ROS 2 (Python rclpy) hook
# SPDX-License-Identifier: MIT
from si_autonomy import Orchestrator
orch = Orchestrator(auto_capture=True)
with orch.case(unit_id="UAV-42") as case:
# ingest synchronized sensor batch
orch.sensor_ingest(frames)
# after inference
orch.decision_append(model_ref, params_ref, inputs, decision, explanation)
# record actuation
orch.actuation_mark(controls, latency_ms)
C.2 MAVLink event bridge (shell)
si-bridge mavlink listen --unit UAV-42 | si-orch send --case CASE-2025-10-20-001
Author’s Note
Vendor‑neutral and patent‑safe by constraining interfaces and proof objects only. Concrete models, planners, and ECU stacks are intentionally left open.