feat: add BB.Safety system for centralised arm/disarm control #10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces a global safety controller that manages arm/disarm state for all robots on the node. Key features: - BB.Safety behaviour with `disarm/1` callback for hardware shutdown - BB.Safety.Controller GenServer in BB's application supervision tree - Two ETS tables: protected robots table, public handlers table - Handler registration writes directly to ETS (avoids mailbox bottleneck) - Safety state changes go through GenServer to ensure callbacks are triggered - Error state when disarm callbacks fail - robot cannot arm until force_disarm/1 - Runtime startup verification that all BB.Safety implementers are registered - Comprehensive safety documentation explaining BEAM limitations and hardware kill switch recommendations Safety states: - :disarmed - Robot safely disarmed, all callbacks succeeded - :armed - Robot armed and ready to operate - :error - Disarm failed, hardware may not be safe The software safety system provides best-effort safety management but is not suitable for safety-critical applications. Hardware safety controls are recommended for any system where actuator failures could cause harm.
- Run disarm callbacks concurrently with `Task.async_stream` (5s timeout) - Add `:disarming` state to reject commands while callbacks are running - Add `disarming?/1` for fast ETS reads of disarming state - Add `terminate/2` callback for emergency disarm on shutdown - Add tests for error state, `force_disarm/1`, timeouts, and transitions
…E.md - Extract `emergency_disarm_robot/1` to fix credo nesting depth warning - Add Safety System section to CLAUDE.md referencing documentation/topics/safety.md - Add safety pattern note to Key Patterns section
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Introduces a global safety controller that manages arm/disarm state for all robots on the node:
disarm/1callback for hardware shutdown:errorstate and cannot arm untilforce_disarm/1is calledSafety States
:disarmed:armed:errorArchitecture
Files Changed
lib/bb/safety.ex- Behaviour + APIlib/bb/safety/controller.ex- Global GenServerlib/bb/application.ex- Application supervision treelib/bb/robot/runtime.ex- Integration with runtime state machinelib/bb/command/arm.ex/disarm.ex- Updated to use BB.Safetydocumentation/topics/safety.md- Safety documentationTest plan
mix check --no-retrypasses (formatter, credo, dialyzer, reuse)