Hi all — I’m looking for feedback on a design question around actuator-boundary safety in ROS-based systems.
Once a planner (or LLM-backed stack) can issue actuator commands, failures become motion. Most safety work in ROS focuses on higher layers (planning, perception, behavior trees), but there’s less shared infrastructure around deterministic enforcement at the actuator interface itself.
I’m prototyping a small hardware interposer plus a draft “Safety Contract” spec (SSC v1.1) with three components:
-
A machine-readable contract defining caps (velocity / acceleration / effort), modes (development vs field), and stop semantics
-
A conformance harness (including malformed traffic handling + fuzzing / anti-wedge tests)
-
“Evidence packs” (machine-readable logs with wedge counts, latency distributions, and verifier tooling)
The goal is narrow:
Not “this makes robots safe.”
But: if someone claims actuator-boundary enforcement works, there should be a reproducible way to test and audit that claim.
Some concrete design questions I’m unsure about:
• Does ROS 2 currently have a standard place where actuator-boundary invariants should live?
• Should this layer sit at the driver level, as a node wrapper, or outside ROS entirely?
• What would make a conformance harness credible to you?
• Are there prior art efforts I should be aware of?
I’m happy to share more technical detail if useful. Mostly interested in whether this layer is actually leverageful or if I’m solving the wrong problem.