FieldSpaceFieldSpace
TECHNOLOGY · CONTROL & SAFETY

From scene state to safety evidence, in one deterministic path.

FieldSpace converts tracks, ego state, map context, and route intent into a deterministic risk field. In observer mode it emits replayable warnings and audit traces; in benchmark mode it can generate bounded trajectory candidates for closed-loop evaluation.

Three layers, observer budget under 50 ms

Every layer has a typed contract and a deadline. If any layer fails its contract, the observer emits a traceable fallback recommendation for review.

LAYER 1 · ROUTE CONTEXT

Route-relative risk

Projects scene actors and route context into the local risk field. In benchmark mode, this can also produce a trajectory candidate for closed-loop comparison.

  • lookahead: 4-12 m speed-adaptive
  • max_steer_rad: 0.52 (~30°)
  • max_steer_rate_rad_s: 0.5
LAYER 2 · RISK TIMING

TTC and risk thresholds

Risk timing comes from explicit thresholds and scene-derived quantities. The output is replayable, auditable, and comparable against partner or benchmark baselines.

  • kp / ki / kd: 0.4 / 0.05 / 0.01
  • target cruise: 8.33 m/s (30 km/h)
  • max_accel / decel: 2.0 / 5.0 m/s²
LAYER 3 · FALLBACK TRACE

Fallback recommendation

Finite-state machine that monitors upstream contracts. On violation it records the recommended fallback phase and trigger reason rather than emitting an opaque alert.

  • comfort_decel: 2.5 m/s²
  • emergency_decel: 5.0 m/s² (TTC < 2 s)
  • shoulder_drift: toggleable
MINIMUM-RISK MANEUVER

The part reviewers ask about first

Safety reviewers want to know what happens when inputs degrade, an ODD boundary is crossed, or collision risk rises. The observer keeps those trigger classes explicit and replayable.

PerceptionLossCamera blind frames exceed threshold or tracker staleness detected.
OddViolationEgo position leaves the mapped operational domain polygon.
ImminentCollisionTime-to-collision drops below the emergency threshold.
OperatorRequestRemote operator or in-vehicle handoff button invoked.
mrm.rs
pub enum MrmPhase {
    Idle,
    Decelerate,      // comfort ramp to near-stop
    HoldLane,        // maintain lane at low speed
    DriftToShoulder, // if shoulder is mapped
    Parked,          // wheels stopped, brake held
    Failed,          // timeout escalation
}

// Canonical demo transcript:
//   t=0.00s  phase=Decelerate       12.00 m/s
//   t=2.40s  phase=DriftToShoulder   1.00 m/s
//   t=8.95s  phase=Parked            0.00 m/s
//   [mrm] stopped after 8.95s

Reviewable because it's bounded

FieldSpace is not a certification by itself. It produces the bounded, replayable artifacts that make a safety review more concrete: inputs, thresholds, risk fields, trigger reasons, and output traces.

ISO 26262

Functional Safety

Supports decomposition review by keeping the observer path deterministic, scoped, and traceable.

ISO 21448

SOTIF

Helps structure edge-case review with explicit ODD assumptions, thresholds, and replayable scenarios.

UNECE R157

Fallback Behavior

Provides documented trigger classes and fallback-state traces for technical review.

Bounded claim. FieldSpace is a deterministic safety-evidence layer, not a completed vehicle certification program. Certification scope, assessor, target platform, and operational domain must be defined with the partner.

Safety evidence as a replay, not a black box.

Walk through MRM transitions with us against your own incident logs. You pick the scenario; we replay it deterministically.

Book a walkthrough →Perception layer →