Flightworks Sentinel sits between your AI layer and your autopilot. It does not replace your GCS or flight controller — it governs what AI is permitted to propose, issues typed verdicts, and preserves replayable evidence of every decision.
Flightworks Sentinel is the governed flight platform built on the SwiftVector and RustVector enforcement kernels. It does not compete with QGroundControl or any flight controller — it governs what any GCS executes.
Every state mutation flows through typed Actions, deterministic Law evaluation, pure-function Reducers, and an append-only SHA256 hash chain. The laws cannot be bypassed because they are the architecture.
Watch Station handles pre-flight authorization and post-flight evidence review. The GCS handles execution. This separation is intentional — governance runs before and after the flight, not during it.
Safety is not bolted on after the fact. FlightLaw’s nine laws (0–8) are evaluated before every state transition. Violations are not warnings — they are architectural constraints that prevent the transition from occurring.
Sentinel is four Rust crates composed in strict layers. Each crate has a single responsibility and cannot reach into a layer it does not own. The kernel enforces governance at the edge with zero cloud dependency.
Every evaluation produces exactly one of three verdicts. There is no fourth option. There is no grey area.
Action within all rule boundaries. Permitted without operator intervention. Frame forwarded to autopilot. Verdict logged with full evaluation trace.
Action violates one or more rules. Denied immediately. Frame blocked from reaching autopilot. Logged with violation detail and rule identifiers.
Action within boundaries but exceeds auto-approve threshold. Frame held pending explicit principal decision. Timeout enforced by risk tier.
Every jurisdiction inherits FlightLaw. These nine laws (0–8) are evaluated before every state transition. FlightLaw violations always take precedence over jurisdiction-specific laws.
System boundary enforcement. Defines the operational envelope. EMCON boundary in ISR jurisdictions.
Principal authentication. Verifies the authorized human decision-maker before any mission state transition.
WeatherKit environmental pre-flight gate. Operational thresholds evaluated deterministically. No override without principal authorization.
Telemetry quality, GPS lock, IMU calibration. The system must observe itself accurately before it can act.
Battery, compute, and link budget enforcement. Operations cannot exceed available resources. RTH reserve enforced.
Data classification at the state level. Active in ISRLaw jurisdictions. Determines handling, storage, and transmission constraints.
Authority contracts when comms degrade. Autonomy envelope contracts — never expands. Deterministic fallback chain.
Geofence, altitude ceiling, and no-fly zone enforcement. Corridor locked at mission authorization. Violations trigger immediate response.
Governance at wire speed means zero compromise between safety and latency. Every frame evaluated, every verdict logged, every session replayable.
Transparent MAVLink v2 forwarding with zero-copy parsing. Governance enforcement at wire speed.
Append-only log with SHA256 hash chain. Every frame logged without blocking the relay pipeline.
Deterministic replay of any audit log produces identical state transitions. Every time.
Every MAVLink frame logged and hashed. No sampling. No gaps. Complete chain of custody.
Sentinel exposes three subcommands. Each maps to a core capability of the governance engine.
Start the MAVLink proxy with governance enforcement. Binds to a UDP port, evaluates every frame against the active rule set, forwards permitted frames to the autopilot.
Replay an audit log file deterministically. Reproduce the exact sequence of evaluations and verdicts from a previous session.
Verify hash chain integrity of an audit log. Walk the chain from first entry to last. Any break in the hash sequence indicates tampering.
Sentinel’s architecture aligns with the direction of emerging regulatory and procurement requirements for autonomous drone operations. Deterministic enforcement and tamper-evident audit trails are designed as architectural primitives.
Proposed BVLOS frameworks point toward requirements for machine-enforceable geofencing and auditable decision trails. Sentinel provides both as architectural primitives.
Growing legislative emphasis on machine-readable, enforceable geofence boundaries. Sentinel evaluates polygon containment on every telemetry frame with full audit trail.
Defense procurement increasingly emphasizes deterministic, auditable governance for autonomous systems. Sentinel’s replay capability enables post-mission verification of every decision.
Sentinel is one layer of the Flightworks governance stack. Understand how the SwiftVector kernel, RustVector edge relay, FlightLaw, and the Watch Station principal interface compose into a complete mission governance platform.