FireLaw governs a fleet of drones performing continuous thermal perimeter monitoring with deterministic escalation when conditions change. The operator sets the mission parameters — the system maintains coverage autonomously, escalating only when governance requires human judgment.
Active wildfire perimeters require continuous monitoring, especially overnight when ground crews withdraw and wind shifts create the highest risk of perimeter escape.
Smoke obscures visual scouting. Ground crews have delayed, incomplete perimeter views, leading to reactive rather than proactive tactics.
Manual line patrol and hot-spotting expose crews to blowups and spotting. Workforce shortages and long shifts compound the risk.
Strategy shifts suffer from incomplete real-time data. MAP triggers and escalation decisions lag hours behind actual fire behavior.
FireLaw governs the complete operational lifecycle from incident setup through after-action evidence generation.
Operator defines perimeter, sectors, priorities, and loads SOP template with all escalation thresholds locked.
Fleet deploys to assigned sectors via governed task leases. Law 8 requires explicit launch authorization.
Continuous thermal scanning with deterministic hotspot classification. Every detection committed to immutable state.
Detections trigger risk-proportional escalation from Routine through Emergency. Same inputs always produce the same tier.
Battery swaps and task handoffs maintain coverage through the night. Predictive gap management prevents stale sectors.
Evidence package generated with SHA-256 hash chain. Deterministically replayable timeline for after-action review.
Sensor data is probabilistic. Governance decisions are deterministic. FireLaw draws a clear boundary between what is uncertain and what is auditable.
The system never pretends certainty it does not have. Stochastic sensor outputs are recorded as-is. The governance layer applies deterministic rules to produce auditable, replayable decisions.
Deterministic escalation from sensor inputs to authority requirements. The escalation function is pure: same inputs always produce the same tier.
Pre-authorized by SOP. System operates autonomously, logging all actions.
Operator notified. Review queued. System continues mission while awaiting response.
Operator approval required before action. System recommends but does not act.
IC notification. Conservative mode: hold positions, present situation summary.
Timeout ladder: Unacknowledged events auto-promote to the next tier. No detection is silently dropped due to operator unavailability.
The GCS does not command drones to perform tasks. It leases task authority under constrained terms: bounded in time, bounded in scope, revocable by the GCS.
A drone cannot acquire authority its lease does not grant. A scan lease cannot become a verify lease without re-authorization.
When a lease expires, the task returns to the unassigned pool. The drone enters a holding state and awaits re-tasking.
The GCS can revoke any lease at any time. This enables re-prioritization when critical detections demand resource reallocation.
When Drone A's lease expires and Drone B takes over, the audit trail records the complete chain with no gap in accountability.
When communications degrade, the system's autonomy envelope contracts. This is a constitutional principle of governed autonomy.
In full partition, FireLaw cannot govern because it requires fleet-wide state awareness. The system falls back to FlightLaw — which operates entirely onboard — and guarantees that each individual drone remains safe. FlightLaw provides the safety floor. FireLaw provides the mission ceiling.
FireLaw composes FlightLaw's universal safety kernel with fire-specific governance: Law 2 (Delegation) for multi-asset task leases and Law 6 (Persistence) for immutable detection records.
Required because FireLaw governs multiple autonomous agents that must hand off tasks without operator intervention. Task leases ensure delegated authority cannot escalate — Drone B inherits exactly the permissions Drone A held, no more.
Required because fire perimeter state is safety-critical world knowledge. A sector marked as scanned cannot be retroactively reclassified. If new information contradicts prior state, it creates a new event — it does not mutate the historical record.
The audit trail is not a diagnostic afterthought — it is what fire agencies are paying for. Every state transition from incident activation to mission end is deterministically replayable.
Every state transition, SOP acceptance, launch authorization, escalation event, operator decision, and automated action.
Each hotspot with GPS, thermal imagery, raw confidence, severity band, escalation tier, verification status.
Per-sector scan history showing freshness over time, gaps, and the decisions that led to any gap.
Per-drone tasks, battery consumption, comms quality, degraded mode transitions, RTL events.
Every escalation with trigger conditions, tier, notification sent, operator response, and resulting action.
Comms outages, GPS degradation, sensor anomalies, failsafe activations, degraded mode transitions.
All evidence is linked to a SHA-256 hash chain (Law 3). The evidence package includes the hash chain itself, enabling independent verification that no entries were added, removed, or modified after the fact.
FireLaw can be developed and demonstrated entirely in SITL simulation. The governance layer is pure logic that does not depend on physical sensors.
Synthetic detections drive the complete escalation model through all four tiers with deterministic verification.
Configurable fleet sizes and perimeter complexity test coverage governance under resource constraints.
Simulated comms failures at precise moments verify authority contraction at every degradation level.
Complex multi-asset scenarios replayed to confirm identical state hash output across runs.
FireLaw is Flightworks Control's lead demo target. We are actively seeking SBIR topic alignment and domain validation partnerships with fire agencies.