SYSTEM ONLINE|
REV 14.00
REL-00ENGINEERING RECORD

The engineering record of LYDOS AIR

Every release below is drawn from the project commit ledger with its authentic date. This is not a marketing timeline — it is the verifiable history of a sovereign, closed-source drone management platform, annotated with the sovereign capability each release materially advanced.

KSL key sovereignty · KURAL 22 fail-closed · KURAL 23 hashed federation · LSIA immunity · KURAL 27 14-region governance · white-hat structural boundary.

2026-04-04
Programme origin
45 days
Engineering span
418
Versioned commits
140+
Milestones shipped
14
Engineering phases
2026-05-16
First signed flight
DIF-00SOVEREIGN DIFFERENTIATORS

What LYDOS AIR does that the conventional posture does not

Each item below is an architectural decision, not a roadmap promise. It is implemented today and traceable to the phase ledger. The contrast is stated as a posture difference — provable in the commit record — never as an unverifiable claim about a named third party.

01

Client-only flight-command key sovereignty

KSLREAL HWFAIL-CLOSED

Flight-critical commands — ARM, DISARM, mission upload — are signed with a private key that exists only on the operator device. The server never holds the private key; it verifies a signature chain through a nonce proxy, end to end.

Evidence

M114 KSL Transition · M122–M123 canonical alignment + complete chain. The first real cryptographically signed ARM/DISARM was observed on a live MAVLink command link on 2026-05-16.

Posture difference

Conventional cloud fleet-ops platforms hold credentials server-side and authorise flight actions in the cloud. LYDOS AIR makes the operator the cryptographic root of every flight action.

02

Structural white-hat boundary — secrets cannot persist

WHITE-HATHASHED FED

Across the engine fleet, raw payloads, raw imagery, credentials and PII are physically absent from the schema. Every sprint proves it: a PRAGMA schema scan plus a substring database scan for a known classified marker that must return zero rows. Only sha256 digests and coarse buckets federate.

Evidence

M51–M74 white-hat boundary engines — each declares a `white_hat_boundary` stat and is gated by schema + substring DB scans in its test suite.

Posture difference

Where analytics platforms retain raw position tracks and operator PII, LYDOS AIR makes retention structurally impossible rather than policy-optional.

03

Fail-closed governance as doctrine, not a setting

FAIL-CLOSEDWHITE-HAT

Insufficient evidence resolves to blocked. Eligibility is denied by default. No airspace clearance ⇒ BVLOS mission blocked. Calibration drift beyond 5% ⇒ acquisition refused. SLAM covariance trace high ⇒ degraded then lost — the pessimistic state always wins.

Evidence

M52 multi-UTM clearance gate · M67 Vision-SLAM degraded/lost · M73 SAR/EO-IR calibration gate — fail-closed assertions are pinned in the regression baseline.

Posture difference

Best-effort autonomy treats safety gating as an optional layer. In LYDOS AIR it is an immutable rule (KURAL 22) enforced uniformly across every engine.

04

Privacy-preserving cross-node federation

HASHED FEDWHITE-HAT

Between nodes, only hashed patterns travel: sha256 digests, a /24 IPv4 (or /48 IPv6) prefix, and amount/distance buckets. Raw IP, e-mail, user identifiers and payloads never leave the node — this is an architectural invariant, not a configuration toggle.

Evidence

M61 defence-in-depth (hashed /24 prefix federation) and the hashed-pattern contract enforced across every boundary engine.

Posture difference

Most fleet telemetry backends centralise raw network and location data. LYDOS AIR federates intelligence while the raw record stays sovereign to its origin node.

05

Native 14-jurisdiction authority fabric

14-REGIONKSLFAIL-CLOSED

First-class adapters for SHGM (TR · SHT-İHA), EASA U-space (EU · 2021/664), FAA LAANC (US · Part 107), CAA UK (CAP 722), NAV CANADA (CARs IX) and Airservices AU (CASR 101), with strict region-match enforcement across 14 sovereign regions.

Evidence

M52 multi-UTM authority adapter · M80 FAA LAANC · M81 EASA U-space (ASTM F3548) — KSL-signed clearance flow with region matching.

Posture difference

Platforms typically integrate one authority (FAA or EASA). LYDOS AIR treats multi-authority, multi-region clearance as native infrastructure (KURAL 27).

06

GNSS-denied sovereign navigation with signed audit

FAIL-CLOSEDHASHED FEDWHITE-HAT

Visual-inertial SLAM localization with a Mahalanobis χ² consistency gate (NIST df = 6, 95% = 12.59) reaching sovereign GNSS-denied navigation parity. Drift trips degraded mode; severe drift trips lost mode and relocalisation — fail-closed throughout.

Evidence

M67 Vision-SLAM GNSS-denied localization — χ² gate thresholds verified by closed-form proofs in the test suite.

Posture difference

GNSS-denied capability elsewhere is rarely fused with a fail-closed safety state and a signed forensic audit trail in one engine.

07

Per-tenant sovereign isolation at the database boundary

TENANT RLSIMMUNITYFAIL-CLOSED

Tenant isolation is enforced as row-level security with a JWT tenant claim threaded through the request path, with per-tenant LSIA quarantine, per-tenant immunity-mode override, quota enforcement, an enterprise usage ledger and contract billing.

Evidence

M131–M140 multi-tenant phase — closed 10/10 with a cumulative penetration pass and single-command tenant onboarding.

Posture difference

Application-level tenancy can be bypassed by a single missed filter. LYDOS AIR enforces isolation at the data boundary and layers sovereign immunity on top.

08

Zero-mock, peer-reviewed real mathematics

FAIL-CLOSEDHASHED FEDKSL

Optimisation and sensing run on real, citable mathematics — Lin-Kernighan 2-opt, Clarke & Wright savings, Sinnott Haversine (R = 6371.0088 km, IUGG), ETX (De Couto, SIGCOMM 2003), Cumming & Wong SAR resolution, token-bucket (Cisco IOS 1986) — each validated against closed-form proofs.

Evidence

M72 mesh ETX · M73 SAR/EO-IR · M74 TSP/VRP optimizer — proofs (e.g. quarter-circle = π·R/2 ≈ 10007.5 km) are asserted in tests under KURAL 13 (no mock/fake/placeholder).

Posture difference

Marketing-grade ‘AI optimisation’ is replaced by literature-cited algorithms with mathematical test evidence — provable, not asserted.

SCN-00FIELD CAPABILITY SCENARIOS

Capabilities, told as real field operations

Agriculture, autonomy, sovereign defence, swarm, GNSS-denied flight and detect-and-avoid — each scenario below maps to a named engine in the codebase with a cited algorithm and milestone. Every scene is royalty-free inline SVG rendered in real time. No demo, no mock, no skeleton.

LIVE OPERATION· SCN-01
SVG · RT
94.6%
Coverage
4
Zones
PID
Flow corr.
SCN-01

Precision agriculture autonomy

NDVI-zoned coverage · adaptive flow · wind-compensated

A field boundary is clipped into treatment zones and flown as a boustrophedon coverage path. Flow rate adapts per zone in real time and the spray vector is wind-compensated — autonomy built on real control mathematics, not a scripted demo.

FAIL-CLOSEDWHITE-HAT14-REGION
Telemetry feed
  • Boundary clipped · 4 NDVI zones derived
  • Zone B low-vigour · flow +18% (PID)
  • Wind 4.2 m/s · spray vector compensated
  • Pass 7/9 · overlap 6% within tolerance
LIVE OPERATION· SCN-02
SVG · RT
5
Subsystems
AUTO
Gate
Resume
SCN-02

Autonomous mission core

Five subsystems · one authoritative AUTO gate

Telemetry trust, mission lifecycle, command execution, edge-agent heartbeat and the safety gate are arbitrated by a single cross-domain state owner. AUTO execution is checkpointed and resumable; nothing executes without passing the gate.

KSLFAIL-CLOSEDREAL HW
Telemetry feed
  • Telemetry trust 0.97 · within band
  • Mission lifecycle → EXECUTING
  • Edge heartbeat 1.0 Hz · nominal
  • Safety gate PASS · AUTO authorised
LIVE OPERATION· SCN-03
SVG · RT
LOCK
Track
UNAUTH
Class
NONE
Kinetic
SCN-03

Counter-UAS sovereign defence

Detect · track · classify — strictly kinetic-free

An unauthorised aircraft entering protected airspace is detected by RF and radar, tracked, and classified. Intercept geometry is computed for situational awareness only — there is no warhead, fuze or kinetic platform, by immutable rule.

WHITE-HATIMMUNITYFAIL-CLOSED
Telemetry feed
  • RF signature · OcuSync class detected
  • Radar correlation · track confirmed
  • Classified UNAUTHORISED · geometry only
  • EW: spoof attempt → VIO fallback armed
LIVE OPERATION· SCN-04
SVG · RT
4/5
Quorum
AUTO
Heal
1 Hz
Round
SCN-04

Byzantine swarm consensus

IBFT agreement · self-healing formation

A cooperative swarm reaches agreement through a four-phase Byzantine fault-tolerant round. When a node is lost, the formation heals itself under provable-stability control while consensus continues.

KSLFAIL-CLOSEDHASHED FED
Telemetry feed
  • Phase PROPOSE · leader 0x3f
  • PREVOTE 4/5 · quorum reached
  • Node 04 telemetry lost · heal armed
  • Formation re-converged · COMMIT
LIVE OPERATION· SCN-05
SVG · RT
NOMINAL
Mode
8.1
χ² gate
DENIED
GNSS
SCN-05

GNSS-denied navigation

Visual-inertial SLAM · fail-closed consistency gate

With GNSS denied, localisation continues on a visual-inertial map. A Mahalanobis χ² gate continuously checks consistency; drift trips degraded mode, severe drift trips lost mode and relocalisation — the pessimistic state always wins.

FAIL-CLOSEDHASHED FEDWHITE-HAT
Telemetry feed
  • GNSS lost · VIO localization engaged
  • Keyframe match 312 inliers
  • χ² 8.1 < 12.59 · gate kept
  • Map session signed · audit appended
LIVE OPERATION· SCN-06
SVG · RT
2
Traffic
0.4 NM
CPA
SIGNED
Action
SCN-06

Detect-and-avoid · 4D de-confliction

Closest-point-of-approach · signed avoidance

Crossing traffic is acquired from ADS-B and optical detection. The closest point of approach is computed in four dimensions; when well-clear is breached, a KSL-signed avoidance manoeuvre is issued and deconflicted against every other trajectory.

KSLFAIL-CLOSED14-REGION
Telemetry feed
  • ADS-B contact · 1090 MHz · FL045
  • CPA 0.4 NM in 38 s · well-clear breach
  • Avoidance computed · KSL signature ok
  • 4D deconfliction clear · resuming track
DOM-00CAPABILITY DOMAINS

The platform, by operational domain

Eight domains, each backed by named engines in the phase ledger. Engine references are real milestone identifiers — not illustrative.

DOM-01

Telemetry & flight link

WebSocket telemetry bus, autopilot/MAVLink real ingest pipeline, software-in-the-loop bridge and a flight-controller serial driver — a single authoritative telemetry source path.

M84 · M85 · M113 · M121 · M125
DOM-02

Mission lifecycle

Authoring, regulated clearance, AUTO execution, checkpoint & resume, and deterministic SITL/HITL after-action replay in one operator cockpit.

M77 · M79 · M111 · M124 · M128
DOM-03

Airspace & regulatory

Multi-UTM authority fabric, FAA LAANC, EASA U-space, polygon geofencing and authoritative multi-country RTK networks.

M51 · M52 · M80 · M81
DOM-04

Autonomy & perception

GNSS-denied Vision-SLAM, object/obstacle detection, AI sensor fusion and a SAR + EO/IR sensor catalog with sensor-physics enforcement.

M67 · M73 · M100 · M101 · M102
DOM-05

Optimisation & coordination

TSP/VRP mission optimisation, swarm coordination, OLSR/BATMAN-adv mesh radio relay and adaptive mission rerouting.

M72 · M74 · M87 · M97
DOM-06

Defence & resilience

Defence-in-depth hardening, DDoS scrubbing coordination, predictive safety scoring and fleet-readiness matching — strictly white-hat.

M61 · M66 · M96 · M99
DOM-07

Sovereign security

Key Sovereignty Layer, LSIA immunity, ASR audit, hashed-pattern federation, token lifecycle and exactly-once command idempotency.

M114 · M115 · M116 · M136 · M137
DOM-08

Multi-tenant enterprise

Database-boundary RLS isolation, runtime quota enforcement, an enterprise usage ledger, contract billing and single-command onboarding.

M131 · M132 · M138 · M139 · M140
REL-LDGPHASE LEDGER

Every phase, with its real dates and closure

The capabilities above did not appear at launch — they were engineered phase by phase, each closed under its own validation gate and regression baseline. The ledger is drawn from the project commit history; the dates are authentic.

REL-01BASELINE
FOUNDATION

Enterprise surface & operational baseline

2026-04-04 → 2026-04-10

The standalone LYDOS AIR platform was established: an institutional operations console on a FastAPI backend, an aerospace-grade public surface, and a hardened delivery pipeline behind iha.ailydian.com.

  1. FND-012026-04-04

    Standalone platform — enterprise dashboard + backend

    Initial LYDOS AIR build separated from the orchestrator: enterprise operations dashboard, FastAPI service layer, maintenance and adapter routes.

    WHITE-HAT
  2. FND-022026-04-05

    Brand system, cockpit HUD & access gate

    Proprietary aerospace visual language, English-first console, cockpit HUD landing surface and server-side access gate.

    WHITE-HAT
  3. FND-032026-04-09

    Live telemetry, geofence & RBAC operator system

    WebSocket telemetry bus, polygon geofencing, RBAC operator roles, edge agents, incident tracking, mission templates and pipeline Kanban — fifteen dashboard pages wired to real API hooks.

    WHITE-HATFAIL-CLOSED
  4. FND-042026-04-10

    Enterprise hardening & delivery pipeline

    CSP, HSTS preload, rate limiting, server-fingerprint removal, self-hosted fonts, Docker + CI/CD, nginx site config for iha.ailydian.com and a Next.js Server Components DoS patch.

    WHITE-HATHASHED FED
REL-02CLOSED
FAZ 3 · SOVEREIGN BOUNDARY

Authoritative network & airspace coordination

2026-05-08

The sovereign white-hat boundary doctrine was instituted: engines validate, audit and federate hashed patterns only — raw secrets are never written to schema.

  1. M512026-05-08

    Multi-RTK network registry

    Six-country authoritative RTK coordination (TUSAGA-AKTİF, EUREF-IP, NGS CORS, OS Net, NRCan, Geoscience AU) with health-driven failover and a region-availability eligibility gate.

    FAIL-CLOSEDHASHED FED14-REGION
  2. M522026-05-08

    Multi-UTM authority adapter

    Authority adapters for SHGM (TR), EASA U-space, FAA LAANC, CAA UK, NAV CANADA and Airservices AU, with a KSL-signed clearance flow and strict region matching.

    KSLFAIL-CLOSED14-REGION
  3. M58–M602026-05-08

    FAZ 3 closure — white-hat boundary engines

    Phase 3 closed with the structural boundary proven across engines: PRAGMA schema scans and substring DB scans confirm raw payloads never persist.

    WHITE-HATHASHED FED
REL-03CLOSED
FAZ 4 · DEFENCE IN DEPTH

Military-grade layered defence

2026-05-08

A defensive perimeter with real rate-limiting mathematics, CIDR governance and anonymised threat federation — strictly white-hat, no offensive counter-action.

  1. M612026-05-08

    Defence-in-depth hardening

    Token-bucket rate limiter (exact refill mathematics), IPv4/IPv6 CIDR allowlist, threat-event ledger, WAF rule registry and SIEM destination registry — raw IPs federate only as hashed /24 prefixes.

    FAIL-CLOSEDHASHED FED
  2. M662026-05-08

    DDoS scrubbing coordinator — FAZ 4 closure

    Phase 4 closed with a scrubbing coordinator that delegates real mitigation to industry-standard services while keeping the structural audit boundary.

    WHITE-HATFAIL-CLOSED
REL-04CLOSED
FAZ 5 · FIELD SOVEREIGNTY

GNSS-denied autonomy & sensor sovereignty

2026-05-08 → 2026-05-09

Field-grade capability with peer-reviewed mathematics: GNSS-denied localization, mesh routing, synthetic-aperture sensing and operations-research mission optimisation — sovereign GNSS-denied navigation parity.

  1. M672026-05-08

    Vision-SLAM GNSS-denied localization

    Visual-inertial SLAM localization with a Mahalanobis χ² consistency gate; degraded and lost modes are fail-closed (the pessimistic state always wins).

    FAIL-CLOSEDHASHED FEDWHITE-HAT
  2. M722026-05-09

    Mesh radio relay

    OLSR / BATMAN-adv referenced routing with an ETX link metric (De Couto et al., SIGCOMM 2003); path eligibility gated on ETX and hop-count ceilings.

    FAIL-CLOSEDHASHED FED
  3. M732026-05-09

    SAR + EO/IR sensor catalog

    Cumming & Wong SAR resolution mathematics and EO/IR optical geometry with radiometric-drift classification and real sensor-physics enforcement.

    FAIL-CLOSEDHASHED FED14-REGION
  4. M742026-05-09

    TSP/VRP mission optimizer

    Lin-Kernighan 2-opt, Clarke & Wright savings and Sinnott Haversine (R = 6371.0088 km) — verified against closed-form geometric proofs.

    KSLFAIL-CLOSEDHASHED FED
  5. M77–M782026-05-09

    SITL/HITL replay harness — FAZ 5 closure (12/12)

    Phase 5 closed with a deterministic replay harness across software- and hardware-in-the-loop scenarios.

    WHITE-HATFAIL-CLOSED
REL-05CLOSED
FAZ 6 · ENTERPRISE READINESS

Mission lifecycle & enterprise validation

2026-05-09 → 2026-05-13

The mission lifecycle cockpit, regulated airspace integrations and the real autopilot/MAVLink ingest pipeline reached a validated, twelve-sprint enterprise-readiness closure.

  1. M792026-05-09

    Mission lifecycle cockpit

    Operator cockpit covering the full mission lifecycle from authoring through execution and after-action.

    KSLFAIL-CLOSED
  2. M80–M812026-05-09

    FAA LAANC & EASA U-space integration

    FAA LAANC instant authorisation and an EASA U-space service-provider integration aligned to ASTM F3548.

    KSL14-REGION
  3. M82–M892026-05-13

    Autonomy core, real ingest & fleet bus

    Autonomy core gate, edge-agent runtime hardening, autopilot/MAVLink real ingest pipeline, fleet WebSocket bus, forensic replay persistence, swarm coordination and map/geo redesign.

    FAIL-CLOSEDHASHED FEDWHITE-HAT
  4. M922026-05-13

    Final enterprise-readiness validation — FAZ 6 closure (12/12)

    Phase 6 closed with a full enterprise-readiness validation pass across all twelve sprints.

    WHITE-HATFAIL-CLOSED
REL-06CLOSED
FAZ 7–9 · INTELLIGENCE

Operational, sensor & forensic intelligence

2026-05-14

Three intelligence phases delivered in cadence: operational decisioning, sensor & edge fusion, and replay/forensic validation — each closed under its own validation gate.

  1. M93–M992026-05-14

    FAZ 7 — operational intelligence

    Full-stack reality audit engine, mission health & confidence scoring, predictive safety, adaptive mission rerouting, event correlation and fleet readiness matching.

    FAIL-CLOSEDWHITE-HAT
  2. M100–M1032026-05-14

    FAZ 8 — sensor & edge intelligence

    AI sensor-ingestion architecture, object/obstacle detection foundation, edge-AI coordination and agriculture autonomy — Phase 8 closure.

    FAIL-CLOSEDHASHED FED
  3. M104–M1072026-05-14

    FAZ 9 — replay & forensic intelligence (4/4)

    Replay/forensic intelligence, command-intelligence surface, performance & distributed scale, and operational validation — Phase 9 closure.

    WHITE-HATFAIL-CLOSEDHASHED FED
REL-07CLOSED
FAZ 11 · FOUNDATIONAL TRUTH

Truth reconciliation across the stack

2026-05-15 → 2026-05-16

A foundational-truth phase that reconciled schema, telemetry source-of-truth, KSL transition, token lifecycle, command idempotency and endpoint authentication into a verified 9/9 closure.

  1. M112–M1132026-05-15

    Migration reconciliation & telemetry source truth

    Schema-truth reconciliation across migrations and a single authoritative telemetry source path.

    WHITE-HATFAIL-CLOSED
  2. M114–M1162026-05-15

    KSL transition, token lifecycle & command idempotency

    KSL transition mode, a full token-lifecycle engine and exactly-once command idempotency keys.

    KSLFAIL-CLOSED
  3. M117–M1192026-05-16

    Replay honesty, CI migration gate & auth reality test

    Replay-honesty reset, a migration-runner CI gate and an endpoint authentication reality test against the live surface.

    FAIL-CLOSEDWHITE-HAT
  4. M1202026-05-16

    FAZ 11 closure (9/9) — authentication hole fixed

    Phase 11 closed with a discovered authentication gap remediated and a formal closure document.

    FAIL-CLOSEDKSL
REL-08CLOSED
FAZ 12 · REAL HARDWARE

Signed flight on real hardware

2026-05-16

The platform crossed from simulation to hardware: software-in-the-loop simulation and a real flight controller over MAVLink, with the first cryptographically signed ARM/DISARM observed on a live command link.

  1. M1212026-05-16

    SITL MAVLink live bridge

    A live MAVLink bridge to software-in-the-loop simulation with KSL enforcement flipped on and the bridge deployed to the VPS.

    REAL HWKSL
  2. M122–M1232026-05-16

    KSL chain complete — first real signed ARM/DISARM

    Canonical KSL alignment, nonce proxy and a complete signature chain — the ceremonial moment where the first real signed ARM/DISARM was observed.

    REAL HWKSLFAIL-CLOSED
  3. M124–M1282026-05-16

    Live mission upload, flight-controller driver & cockpit UI

    Live mission upload with arm-state observation, a flight-controller serial driver and the AUTO-mode cockpit operator UI.

    REAL HWKSLFAIL-CLOSED
REL-09CLOSED
FAZ 13 · MULTI-TENANT

Sovereign multi-tenant isolation

2026-05-16 → 2026-05-18

Full per-tenant isolation: row-level security, per-tenant immunity quarantine, quota enforcement and contract billing — closed 10/10 with a cumulative penetration pass and single-command onboarding.

  1. M131–M1322026-05-16

    Multi-tenant foundation & RLS enforcement

    Tenant foundation with row-level security enforcement and a JWT tenant claim threaded through the request path.

    TENANT RLSFAIL-CLOSED
  2. M133–M1352026-05-17

    Repository/route tenant injection & KSL device scope

    Tenant injection across the repository and route layers, plus per-device KSL identity, idempotency and dispatch tenant scoping.

    TENANT RLSKSL
  3. M136–M1382026-05-17

    Per-tenant immunity, mode override & quota enforcement

    LSIA per-tenant quarantine, per-tenant immunity-mode override with tenant-scoped ASR audit, and runtime quota enforcement with a soft-warning frontend panel.

    IMMUNITYTENANT RLSFAIL-CLOSED
  4. M139–M1402026-05-18

    Enterprise billing & FAZ 13 closure (10/10)

    Enterprise usage ledger with contract billing, then a cumulative penetration pass, single-command tenant onboarding and formal phase closure.

    TENANT RLSIMMUNITYHASHED FED
REL-10ACTIVE
FAZ 14 · FEDERATION DB

PostgreSQL :5434 federation migration

2026-05-18 → active

The federation database migration is in progress: a PostgreSQL schema mirror with RLS, an opt-in dual-write adapter, a backfill CLI and a staged read-cutover — SQLite stays primary until cutover completes (no silent fallback).

  1. M141–M1422026-05-18

    PG :5434 schema mirror + RLS apply hook

    A 13-table PostgreSQL DDL mirror (JSONB + TIMESTAMPTZ, fully idempotent) and an RLS policy apply hook — inert until the federation DSN is exported.

    TENANT RLSHASHED FED
  2. M141b · M1442026-05-18

    Dual-write adapter + SQLite→PG backfill CLI

    An opt-in dual-write helper engines call after a successful SQLite commit, plus an idempotent one-shot backfill CLI with content-hash parity.

    TENANT RLSFAIL-CLOSEDHASHED FED
  3. M141.1–M141.22026-05-18

    Schema reconciliation & DDL parity drift gate

    Engine-source-truth schema reconciliation with a drift gate that catches every new engine column before ship.

    WHITE-HATTENANT RLS
  4. M143 · M141c2026-05-18

    Read-cutover infrastructure & per-engine wiring

    A three-state read-cutover (off / shadow / primary) with fail-surface honesty, and the per-engine dual-write wiring batches (telemetry, predictive, companion, dispatch, geofence, immunity, KSL provisioning).

    TENANT RLSFAIL-CLOSEDHASHED FED
DOC-00ENGINEERING DOCTRINE

The rules that cannot be overridden

These are immutable. They are enforced in code, in tests and in the commit gate — not aspirational values. They are why every capability above can be trusted.

KURAL 13

Zero mock, fake, dummy or placeholder. Real mathematics and real validation only — every claim carries a test proof.

KURAL 18

A critical action does not execute without a KSL signature. Unsigned ARM/DISARM/mission requests are rejected, never silently passed.

KURAL 22

Fail-closed. Insufficient evidence resolves to blocked; eligibility is denied by default across every engine.

KURAL 23

Hashed federation only. Raw IP, PII, credentials and payloads never leave the originating node.

WHITE-HAT

Structural boundary: raw secrets are absent from the schema and proven so by PRAGMA + substring scans. No offensive counter-action — ever.

KURAL 17

Clean provenance. No AI-assistant signature in the commit history — the engineering record is auditable and human-owned.

POS-00WHERE LYDOS AIR STANDS APART

Conventional posture versus the sovereign posture

A truthful, architecture-level comparison. The left column describes the common industry posture in general terms; the right column is the LYDOS AIR decision, each traceable to an immutable rule and to the phase ledger.

Server-side credentials authorise flight in the cloud
Operator device is the cryptographic root; every flight command is client-signed and chain-verified
KSL · KURAL 18
Single airspace authority integration
Native 6-authority, 14-region clearance fabric with strict region matching
KURAL 27
Raw position tracks and PII retained for analytics
Raw records structurally absent; only hashed patterns and buckets federate
WHITE-HAT · KURAL 23
Safety gating is an optional, best-effort layer
Fail-closed is an immutable doctrine enforced uniformly across the engine fleet
KURAL 22
Tenant separation handled at the application layer
Isolation enforced at the database boundary with per-tenant sovereign immunity
RLS · LSIA
Optimisation marketed as opaque ‘AI’
Literature-cited algorithms with closed-form mathematical test proofs
KURAL 13

No demo. No mock. No skeleton. Every statement on this page is implemented in the closed-source platform and verifiable against the phase ledger and the regression baseline. Proprietary · access by invitation.

CAP-00SOVEREIGN CAPABILITY LEGEND

What the tags on each release mean

KSL

Key Sovereignty Layer — the private key never resides on the server; every critical command is client-signed and chain-verified.

FAIL-CLOSED

KURAL 22 — insufficient evidence resolves to blocked. Eligibility is denied by default, never silently granted.

HASHED FED

KURAL 23 — only hashed patterns federate. Raw IP, PII, credentials and payloads never leave the node.

IMMUNITY

LSIA — sovereign immunity engine: per-tenant quarantine, veto and sacrifice override every other layer.

WHITE-HAT

Structural white-hat boundary — engines validate and audit; raw secrets are never persisted, only sha256 digests.

14-REGION

KURAL 27 — sovereign regional governance across 14 jurisdictions (TR/EU/US/GB/CA/AU/JP/KR/SG/AE/SA/BR/IN/EG).

TENANT RLS

Row-level multi-tenant isolation enforced at the database boundary with JWT tenant claims.

REAL HW

Verified against live flight hardware — software-in-the-loop simulation and a real flight controller over the standard MAVLink protocol with signed command links.

CTA-00ENGAGEMENT

Request the full engineering dossier

Each phase ships with a formal closure document, a regression baseline and a live-surface validation record. Institutional briefings are arranged on request.

Proprietary · closed-source · access by invitation