Fleet Orchestration
Aircraft inventory, status matrix, heartbeat monitoring, capability matching, and an operational readiness view. Every vehicle is under central registry.
Lydos Air is a sovereign enterprise drone platform for autonomous UAV and UAS fleets. Closed-source software, in-house edge compute hardware, and a sovereign security architecture are produced entirely by Lydos engineering. The platform is designed to align with FAA Part 107, EASA SORA, ICAO Annex 6, and SHGM İHA regulatory frameworks — so every flight stays structured, policy-bound, and institutionally accountable.
Software and hardware are 100% Lydos-built. Operational drone telemetry never leaves your jurisdiction — closed-source, on-premise, sovereign trust architecture with NIST FIPS 204 ML-DSA signing.
SCENARIO 01
Autonomous route · 28 km line · hot target detection
PRODUCTION MANIFESTO
Autonomous air operations demand sovereignty. We do not sit atop a vendor list — we produce the entire supply chain under institutional control.
01
Operations layer, mission architecture, telemetry pipeline, immune system and federated consensus are all written by Lydos engineers in-house.
02
The edge compute unit that accompanies every aircraft — chassis, protection layer, hardware identity architecture — is designed and produced entirely in the Lydos workshop.
03
Key management, signature chain and operational mode control are never delegated to a third-party service. Sovereignty is a design precondition.
Lydos Air is not a drone control panel. It is an end-to-end operations layer that covers the full mission lifecycle — fleet registration, mission planning, telemetry handling, and safety enforcement.
The platform was not built for a single vehicle. It manages institutional fleets, structures missions, coordinates edge units, and sustains operational readiness.
Aircraft inventory, status matrix, heartbeat monitoring, capability matching, and an operational readiness view. Every vehicle is under central registry.
A 20-phase mission lifecycle, waypoint editor, multi-layer approval flow, and controlled autonomous execution. Every transition is validated and logged.
Position, altitude, velocity, battery, GPS and IMU data processed at two-second intervals. Real-time streaming, historical queries, and anomaly detection.
13 automated preflight checks, an 8-policy engine, and a three-layer defense architecture. Flight-ready decisions are made by policy and operator together — never either alone.
Lydos Air manages autonomous systems across two deployment domains. Each domain has its own mission logic, fleet structure, and safety policies — but both operate on the same control layer, telemetry infrastructure, and operational discipline.
The domain managing institutional operations for autonomous aerial vehicles. Fleet registration, mission lifecycle, flight telemetry, edge unit coordination, and safety policy enforcement — all configured for aerial-specific operational requirements.
The platform representation for land and maritime autonomous systems. Edge agents, adapter layers, and surface operations are managed under this domain. IDA ensures diverse physical-environment assets operate within the same institutional discipline framework.
Both domains share Lydos Air's central command, safety policy, incident management, and analytics layers.
Every capability is designed to meet an institutional operational requirement. Not slogans — working structure.
Central inventory, live status monitoring, heartbeat-based connectivity verification, and a capability-matching matrix. The entire fleet managed from a single view.
A 20-phase state machine from draft to closure. Every transition validated, every approval logged, every deviation traceable.
Position, altitude, velocity, battery, GPS quality, and IMU data collected at two-second intervals. Real-time streaming and historical analysis.
A physical edge unit co-located with every aircraft, fully designed and produced in-house by Lydos. Local safety enforcement, offline buffering, hardware-bound operator identity, and automatic recovery.
13 automated validation checks before every takeoff. 8 policy engines running in real time. Geofence enforcement and emergency protocols active.
Autonomy is not uncontrolled freedom — it is a structured decision support layer. Every autonomous action is policy-approved, every decision traceable.
Every flight-impacting command — arm, takeoff, land, return-to-launch, emergency stop — is authorized through a cryptographic signature bound to the operator's device. The private key never leaves the device; verification happens inside a sovereign trust layer.
The platform does not merely report anomalies — it adapts its operational mode. Based on threat intensity it transitions through OPERATIONAL → DEGRADED → SAFE_MODE → CRITICAL_LOCKDOWN, and any critical action can be vetoed in real time by the upper layer.
A pattern observed by one site becomes a shield for the entire fleet. Only digested, masked patterns travel between nodes — raw data, user identifiers and locations never leave the originating node.
Aircraft software updates only reach the field when role-diverse approvals, vendor signature, and binary-hash match are all present. If the match fails, the platform automatically rolls back to the previous version — there is no half-flown, unverified code.
Telemetry, immune events, and mission history are correlated to diagnose root cause within seconds. The system delivers the recommended parts list, work order, and audit trail to the operations team in a ready-to-action format.
A sovereign bridge that establishes a 50 Hz bidirectional real-time link between the aircraft and ground control. Commands travel signed, every telemetry frame is buffered without loss, and link heartbeat is continuously monitored.
Eleven surgical engines composed into a single decision pipeline: EPPO-coded insect vision classification, multispectral Pest Stress Index, wingbeat acoustic species matching, predator-modulated trophic forecast, ETL/EIL integrated pest-management decision, spot-spare nozzle 50 cm grid valve plan, hover-lock static dose interlock, Stokes drift/deposition model, plant-level signed application passport, beneficial-release drone-drop plan, and privacy-preserving federated species-detection sharing. Every decision is KSL-signed and chain-hashed; a beneficial colony or active natural suppression — even a single live beneficial detected at hover time — automatically vetoes the spray.
SOVEREIGN CAPABILITIES
The seven capabilities below were engineered, manufactured and field-validated by Lydos. Each visual reflects the real behaviour of the immune mode or the consensus pattern — not a slogan, but a working system in visual form.
U1 · Sovereign Signature Chain
An operator issues an arm command from the mission console. The command is signed with a key bound to the operator's personal device — only the signature reaches the server. The sovereign trust layer verifies, chains it into the audit log, and dispatches the authorised command to the aircraft.
The private key never leaves the device. A stolen identity alone cannot produce authorisation.
U2 · Aerial Immune System
An unusual attack signature is detected on an aircraft in the fleet. The system promotes its operational mode from OPERATIONAL to DEGRADED — and if needed, to SAFE_MODE or CRITICAL_LOCKDOWN. At these levels every critical command is vetoed instantly by the upper layer; the attacker is not retaliated against, but isolated.
The response to a threat is behavioural, not just informational. White-hat — never offensive.
U3 · Federated Anomaly Consensus
An attack pattern observed at one site is shared with other institutional nodes only as a digested, masked summary. Raw telemetry, user identifiers, and location data never leave the node. One site's lesson becomes a shield for every Lydos fleet worldwide.
Data sovereignty is preserved — only the mathematical essence of the pattern is shared.
U5 · Signed Software Update
When a new aircraft software release is prepared, vendor signature, role-diverse institutional approvals, and binary-hash comparison are all mandatory. The device refuses to launch until it has verified the hash on receipt; if the match fails, the platform automatically rolls back to the previous version.
No half-flown sortie. Unverified code never participates in a flight.
U6 · Autonomous Repair Intelligence
When an aircraft returns from a sortie, telemetry, immune events, and mission history are correlated into a single root-cause analysis. Within seconds the system produces a likely fault, a recommended parts list, a work order, and an audit trail. The operations team arrives on site already carrying the right part.
Fault discovery moves from hours to seconds; guesswork is replaced by an auditable decision.
U7 · Real-Time Flight Bridge
Between the aircraft and ground control, 50 telemetry frames per second flow lossless; every command travels signed. The link heartbeat is monitored continuously, drop-outs are flagged instantly, automatic reconnection is attempted. The operator sees the aircraft on the map in real time, tracking attitude with sub-second latency.
Real operational tempo: 50 Hz. Real operational discipline: signature plus audit trail.
FIELD HARDENING · M1-M10
Each step below was written on a real date, persisted to a real database, deployed to a real VPS. The visuals are visual shorthands of the running system.
M1 · Pouring the underground steel
On day one, all forty-four tables landed in the sovereign database. Foreign keys are poured in topological order, column types are inferred from real samples, and critical commands no longer accept the unsigned path. The single source of truth comes online without legacy residue.
44 tables, idempotent migration, KSL requirement on — every one of 9 live tests green.
M2-M4 · Eight different aircraft, one contract
ArduPilot, PX4, DJI Cloud, generic MAVLink, edge agent, Olympe, JSON-RPC, and simulator — each vendor class obeys the same signed-request contract. Whatever airframe the operator launches, the command flows through one contract; the brand of the flight controller does not become an escape route.
Eight vendor adapters, one signed contract, UTM-TR conformance live.
M5-M6 · Flight does not break under 5G jamming
GPS and data links are continuously monitored; the moment an exponentially weighted average sees degradation, traffic shifts to the next priority link. The operator never loses the aircraft on the map — only the badge in the top-right flips from 5G to LTE. Field-proven.
Multi-link priority ladder, live GPS-jamming detection, automatic failover.
M7-M8 · One site's lesson, every fleet's shield
A jamming pattern caught at one site propagates across the network only as a mathematical fingerprint — never as raw data. Other Lydos fleets recognise the same attack signature before it touches them and automatically place the aircraft in return-to-launch mode. The attacker is isolated, never retaliated against.
Structural privacy guarantee: neither user identity nor raw data leaves the node.
M9 · Three tenants, zero leakage
Three different operators on the same platform; each one's flights, link records, and EW events are visible only to themselves. Even if an operator tries to register another's link under their own name, the protection layer preserves the original owner and silently aborts the takeover. Orphan records behave predictably, and the administrator can still see the whole fleet at a glance.
Every flight, every link, every event has an owner; administrator visibility is a separate lane.
M10 · There is no half-deploy
When a release goes out, the pipeline rebuilds the frontend alongside the backend, restarts both services in order, and waits for the health gate to ack on both. If acknowledgement does not arrive, the system rolls back to the previous version automatically; the operator never receives an unverified installation.
Health-gated rollout, automatic rollback, unverified code does not reach the field.
297/297 combined regression green · 6/6 brief gaps closed · iha.ailydian.com live.
FIELD 2026 · READY IN MAY
Lydos Air produces different value in different deployment contexts. For each sector, the platform aligns with that sector's workflows, regulatory frameworks, and safety requirements.
Persistent ISR, perimeter surveillance, reconnaissance, and domain awareness for sovereign defense UAS operations. Mission confidentiality, chain-of-command discipline, and operational security are protected by a closed-source architecture with NIST FIPS 204 ML-DSA signed command and audit chain. Structured to align with national airworthiness frameworks and Remote ID requirements where applicable.
Sovereign defense drone operations with cryptographically signed chain of command and tamper-evident audit trail.
Sector hubRoutine BVLOS inspection and asset integrity monitoring for power plants, dams, oil and gas pipelines, telecommunications towers, and water treatment facilities. The platform is structured for EASA SORA Specific category operations and FAA Part 107 waiver workflows, with multi-operator approval and geofence enforcement around hazard zones.
Scheduled critical-infrastructure drone inspection missions with automated anomaly detection and regulatory-grade reporting.
Sector hubAerial inspection of high-voltage transmission lines, wind turbine blades, solar PV arrays, and substation distribution infrastructure. Integrates thermal imaging payloads and supports IEC 61850 substation telemetry contexts. Designed for repeatable corridor surveys with full data sovereignty — no telemetry egress to third-party clouds.
Wind farm and power line UAV inspection scheduling with thermal anomaly capture and sovereign data residency.
Sector hubDrone-based site surveillance, stockpile volumetric inventory, and construction progress tracking for factories, open-pit mines, container ports, and large-scale construction sites. Mission templates align with ISO 45001 occupational safety zoning and support photogrammetry pipelines for cm-grade digital terrain models.
Industrial site drone monitoring with volumetric inventory accuracy and safety-zoned mission templates.
Sector hubSearch-and-rescue, disaster response, crowd monitoring, and tactical airspace awareness for emergency services. Multi-operator surge mode, rapid mission instantiation, and integration with national emergency airspace channels. Designed to operate alongside ICAO Annex 11 air traffic services and U-Space USSP coordination where deployed.
Public-safety drone deployment with multi-operator surge support and emergency airspace coordination.
Sector hubIntegrated Pest Management drone operations covering EPPO-coded entomovision classification, NDVI / NDRE / thermal multispectral stress index, ETL / EIL economic threshold decisions, and biocontrol drone-drop planning. Pollinator corridor mapping uses RFC 7946 GeoJSON; pest acoustics use 40 kHz MEMS wingbeat spectrometry. Federated learning shares only hashed embeddings — no raw imagery leaves the farm.
Precision-agriculture drone platform with EPPO pest classification, multispectral stress index, and federated agricultural intelligence.
Sector hubReal field deployments. Each scenario shows how platform capabilities combine into concrete operational output.
Continuous or periodic aerial surveillance of critical facilities, borders, or sensitive areas. Automated flight plans, live telemetry, and anomaly alerts.
Scheduled aerial inspection of power plants, factories, construction sites, or infrastructure. Visual and thermal data collection, change comparison.
Routine aerial monitoring of assets in hard-to-reach or hazardous locations — pipelines, power lines, communication towers.
Real-time monitoring and supervision of active missions. Operator observation panel, live telemetry stream, and intervention capability.
Pre-operation field assessment and readiness. Airspace verification, geofence validation, communications testing, and equipment checks.
Independent operation via an edge unit in locations with limited cloud connectivity. Offline buffering and synchronization.
Pest / beneficial / neutral arthropod classification in canopy imagery. Every detection is EPPO-coded (Bayer open standard), role-attributed, and chain-hashed against a KSL-signed taxonomy ledger. Raw images never enter the relational store — only a sha256 reference, bounding box and confidence per detection.
NDVI, NDRE, and canopy thermal readings compose into a transparent operator-readable Pest Stress Index (0.5·NDRE deficit + 0.3·thermal excess + 0.2·NDVI deficit). RFC 7946 GeoJSON polygon beneficial corridors are evaluated with Jordan-curve ray-casting point-in-polygon, and each cell is classified HEALTHY / WATCH / STRESSED / CRITICAL with a chain-hashed audit trail.
Operator-extracted dominant wingbeat frequency from a 40 kHz MEMS-mic recording is matched against a KSL-signed signature library — Apis 230 Hz, Bombus 150 Hz, Helicoverpa 60 Hz, Tuta 80 Hz peer-reviewed seed values — using transparent bandwidth-aware linear-decay confidence. Night-operations critical when vision is degraded.
Predator-modulated first-order decay forecast over the predator-prey + parasitoid-host directed graph (Coccinella → Aphis, Trichogramma → Helicoverpa eggs). 24-hour observation window baseline, 1–168 hour horizon; a suppression factor ≥ 0.40 emits a natural-control spray veto recommendation for the IPM pipeline.
EPPO/EFSA ETL/EIL-threshold pure deterministic decision matrix fuses upstream signals (entomovision counts + multispectral PSI + corridor + wingbeat role + trophic veto) into one of five operator-readable codes: NO_SPRAY_ZONE / MONITOR_ONLY / BIOCONTROL_RECOMMENDED / SPRAY_APPROVED_CAUTION / SPRAY_APPROVED_URGENT. Every decision carries its reason codes, is chain-hashed, and is KSL signed.
Per-cell IPM decisions map deterministically to per-nozzle OPEN / OPEN_REDUCED / CLOSED valve actions. Unknown or unmapped decisions fail closed (CLOSED) — engineering safety against accidental opening. The latency estimate is transparent (5 ms base + 0.2 ms/nozzle) and flags warnings against an 80 ms target budget.
The drone holds a static hover over a single target (tree / plant / weed cluster / disease focus); the IPM decision, the live beneficial-insect count at hover time, the wind-drift gate and the tank alarm fuse into one deterministic verdict: APPROVED / APPROVED_REDUCED / BLOCKED. If a live beneficial or active pollinator is over threshold the dose is cancelled regardless of the IPM verdict (pollinator-safe interlock). The approved dose maps to a linear PWM (RC 1000–2000 µs) with deterministic CAUTION / wind-WARN / low-tank reduction factors. Every verdict is chain-hashed and KSL-signed; the engine never sprays — it hands the target PWM to the MAVLink gateway.
Droplet-drift prediction from real classical physics: Stokes terminal velocity (v = Δρ·g·d² / 18μ) + settling time + horizontal drift = wind × time + off-target fraction = clamp(drift / 2R, 0, 1)·(1 − deposition gain). The result becomes an ALLOW / WARN / VETO verdict that feeds the static-dose interlock — high drift risk vetoes the dose. ASABE S572.1 droplet-size (VMD) classes are an open standard; an optional electrostatic deposition gain reduces escape. No hardcoded constants — every result derives from an explicit formula.
A hash-chained, KSL-signed application passport for every target cell: dose applied (mL), coverage, the M262 drift estimate, the interlock verdict and a beneficial-protected proof — i.e. when a live beneficial was detected and the dose cancelled, that too is recorded as evidence. Sealing a mission makes its passport immutable; verify_chain re-computes the SHA-256 chain to detect tampering; export is raw-data-free for regulators / food traceability (farm-to-fork) / ESG — raw GPS, coordinates and email never enter the ledger.
Per-pass drop plan for biological-control agents (parasitoid wasp cards, ladybird vials, lacewing larva, predatory mite sachets, aphid parasitoid capsules — open peer-reviewed entomological categories, no commercial brand). Regulatory clearance reference is hashed; target_pest_eppos must be a subset of the agent allow-list; biological agents are living so the fail-closed default is NOT_DISPATCHED.
Privacy-preserving federation across farms. Each insight shares only an EPPO code, a broad region prefix (TR-W, EU-S, …), a sha256 embedding fingerprint, confidence in [0, 1], and an anonymised participant hash — raw images, GPS, IP, email never enter the database. A federated round emits a deterministic aggregate signature; participants verify it against their own ledger before running local federated averaging in their own training pipeline.
Explore world-first capabilities
Twelve individually documented capability hubs — post-quantum lineage, multi-modal fusion, GNSS anti-spoofing, hostile environment twin, and more.
Procurement, agronomy, and compliance leaders raise the same questions before institutional drone programmes. The answers below reflect how Lydos Air is actually built — not marketing positioning.
A sovereign enterprise drone platform is software for managing autonomous UAV and UAS fleets where the source code, edge compute hardware, cryptographic keys, and operational telemetry remain under the operator's institutional control. Lydos Air is built end-to-end in-house — closed-source, on-premise deployable, with no third-party cloud telemetry egress and no external dependency on the autonomy stack.
The platform is structured for FAA Part 107 commercial operations and EASA SORA Specific category risk assessments. Mission lifecycle phases, preflight validation checks, geofence enforcement, multi-operator approval, and chain-hashed audit ledgers map directly onto Part 107 operational requirements and SORA ConOps / SAIL evidence. Remote ID metadata is captured per flight. The platform is not itself a certification — it is engineering designed to produce the artefacts a Part 107 waiver or SORA submission requires.
NIST FIPS 204 standardised the ML-DSA (Module-Lattice Digital Signature Algorithm, Dilithium) post-quantum signature scheme in 2024. Lydos Air signs every critical command — payment, settlement, policy change, node removal, engine mutation — with a device-bound ML-DSA key held in the Key Sovereignty Layer (KSL). Private keys never leave the device; the server only verifies. This makes the command and audit chain resistant to quantum cryptanalysis and gives every operational action a non-repudiable proof.
EPPO Bayer codes (e.g. HELIAR for Helicoverpa armigera, TUTAAB for Tuta absoluta, APISME for Apis mellifera) are the open European Plant Protection Organisation taxonomy. The Entomovision engine runs an ONNX-format vision model at the drone edge, classifies arthropods into EPPO codes, attributes a beneficial / pest / neutral role, and writes a chain-hashed detection record. The classification feeds the Integrated Pest Management decision matrix and the federated insight round — without raw imagery ever leaving the farm.
Integrated Pest Management uses Economic Threshold Level (ETL) and Economic Injury Level (EIL) thresholds to choose between five actions: NO_SPRAY_ZONE, MONITOR_ONLY, BIOCONTROL_RECOMMENDED, SPRAY_APPROVED_CAUTION, SPRAY_APPROVED_URGENT. The Lydos Air IPM Decision engine combines EPPO-coded entomovision counts, wingbeat acoustic species matches, NDVI / NDRE / thermal multispectral stress, pollinator corridor maps, and predator-prey forecast vetoes into a single KSL-signed spray decision per 50 cm grid cell.
No. All operational telemetry — flight position, mission state, sensor capture, audit ledgers — remains inside the operator's deployment perimeter. Lydos Air is on-premise deployable; cloud-hosted SaaS is not the default. Federated intelligence across operators shares only hashed pattern fingerprints and broad geographic region prefixes (no GPS, no raw IP, no email, no user identifiers). Data sovereignty is structural, not configurable.
Lydos Air is not a drone control panel — it is a platform layer built for air operations. That difference is not cosmetic; it is architectural.
Built not to control a single vehicle but to manage institutional drone fleets. Inventory, missions, telemetry, safety — all integrated.
Operational security, IP protection, and institutional trust. The codebase is not open — that is a deliberate architectural decision.
A physical edge unit co-located with every aircraft. Even when cloud connectivity is lost, local safety policies are enforced and telemetry is buffered.
Interfaces are not raw commands — they are action surfaces structured in operational context. Every action passes through the policy engine.
The platform guarantees 'readiness' before 'operation.' Preflight validation, policy compliance, and operational readiness are sustained and observable.
Approval chains, audit trails, role-based access, and traceable decision processes. Aligned with institutional workflow requirements.
Lydos Air runs on a layered architecture of six foundational layers. Each layer can operate independently and carries a clear operational responsibility.
Operator interface, command surfaces, real-time observation panel, and decision support system. All actions carry an audit trail.
Policy engine, preflight validation, geofence enforcement, and emergency protocols. All safety decisions are made at this layer.
Mission lifecycle management. 20-phase state machine, waypoint engine, approval workflow, and autonomous execution controller.
Multi-vehicle coordination. Inventory, status matrix, capability matching, heartbeat monitoring, and operational readiness.
Real-time data collection, processing, and distribution. Position, altitude, velocity, battery, GPS and IMU data processed at 2 s intervals.
Physical edge unit infrastructure. MAVLink bridge, local safety, offline buffering, and automatic recovery.
Trust is not a feature added on top — it is structural. Every command is validated, every mission moves through approval, every telemetry point is on record.
Every command is validated. Every mission moves through approval. Every telemetry point is logged. Every decision is traceable. Disciplined process is mandatory.
Operational state, telemetry streams, mission progress, and safety status are visible at all times. It does not hide — it shows.
Commands cannot be executed directly. Every action passes through the policy engine, requires preflight validation, and carries an audit trail.
The source code is not public. That is a deliberate architectural decision for operational security, IP protection, and institutional trust.
Drone telemetry and mission data never leave your jurisdiction. No third-party dependency. On-premise deployment supported.
The platform is equipped with safety layers that enforce the difference between 'can do' and 'should do.' Autonomy is not uncontrolled freedom.
Engineering is structured to align with FAA Part 107, EASA SORA Specific category, ICAO Annex 6 / Annex 11, and SHGM İHA frameworks. Cryptographic surface uses NIST FIPS 204 ML-DSA and NIST FIPS 180-4 SHA-256. Drone interoperability is built on MAVLink 2.0; geospatial data follows RFC 7946 GeoJSON; pest taxonomy follows EPPO Bayer codes; UTM coordination follows ASTM F3548. ArduPilot and PX4 are interoperable peers, not dependencies.
Learn more about the platform, start an evaluation process, or request a technical partnership discussion.
A summary document covering Lydos Air's core capabilities, architectural approach, and enterprise drone deployment value.
REQUEST BRIEFINGAssessment of platform fit for your organization's drone fleet deployment requirements.
START EVALUATIONDirect discussion with the engineering team for integration, co-development, or technology partnership.
REQUEST DISCUSSIONAssess where Lydos Air fits inside your enterprise drone programme with the people who built it. Closed-source. No funnel.
Every inquiry is reviewed directly by engineering. No automated sales funnel.
Submit an institutional inquiry for fleet evaluation, technical partnership, defense integration, or research collaboration.
First signed ARM accepted by ArduPilot SITL — 2026-05-16T16:14:01Z · audit_seq=3
No marketing renderings. Six are in service today; four autonomy capabilities are proven end to end against a live ArduPilot SITL and marked accordingly. Each card links to the operator-facing page behind the claim.
Every mutating command is Ed25519-signed end-to-end and verified live against the device key chain.
ArduPilot Copter-4.5 SITL streams at 4 Hz; the is_synthetic=0 flag separates real frames from baseline.
asr_decisions is sha256-chained with verifiable head_hash; broken_at=null is operator-checkable on demand.
M115 token TTL lifecycle paired with M116 Stripe-grade idempotency dedup keeps every mutation replay-safe.
FAA LAANC, EASA U-space, SHGM and eleven more regions — fourteen jurisdictions wired into the same audit path.
477 of 477 mutations return 401 when auth is missing — CI-gated, zero unprotected critical endpoints.
A single signed mission arms, switches to guided, takes off, flies its waypoints and returns — proven end to end against a live ArduPilot Copter SITL, every leg confirmed by the vehicle's own position telemetry.
Seven read-only checks — GPS 3-D fix, IMU, battery, sensor health, plus battery/RC failsafe and geofence configuration read over the parameter protocol — run against a live autopilot before any flight.
No-fly zones enter the cost surface as volumes; the planner detours horizontally or steps altitude over a keep-out, whichever is cheaper — flown around a live SITL no-fly polygon and fed straight into the mission.
A fleet is allocated to objectives one-to-one and flies its planned routes at the same time, separated by altitude band — three autopilots proven flying concurrent missions in SITL.
This is the line between a working platform and marketing theater. We list both sides on the same page so an operator can hold us to either.
KSL Ed25519 cryptographic command chain (verified live 2026-05-16).
ArduPilot Copter-4.5 SITL telemetry pipeline at 4 Hz, real frames.
sha256-chained audit ledger (asr_decisions), verifiable head_hash.
1,078-route platform, 477 mutations, 0 unauthorized endpoints.
Autonomy stack proven end to end in ArduPilot Copter SITL: signed backend missions, pre-flight acceptance, 3-D obstacle routing, and altitude-deconflicted concurrent swarm.
Physical Pixhawk hardware integration.
FAZ 12 · M125 (hardware budget pending)
Multi-tenant isolation (RLS + per-tenant LSIA quarantine).
FAZ 13 sprint chain
Deterministic SITL replay execution.
M124+ (M117 ledger-only honest-naming applied)