Swarm Autonomy Hardware Research Platform

BLADE-SWARM Governance Node

BLADE-SWARM = Beam-Layer Authority for Directed Engagements, Swarm Node

A reference architecture and N=10 physical testbed that governs decision authority and audit across an attritable autonomous swarm. Each agent runs a Byzantine-fault-tolerant two-phase consensus, gated by computed peer trust (SATA), authority tier (HMAA), and weighted multi-agent voting (MAIVA), before the swarm commits to a coordinated action. The architecture is parameterised over N = 10 (physical testbed baseline), N = 50 (small-scale combined operation), and N = 500 (DAWG-class). It governs decision authority and audit; it does not govern weapons.

Reference Architecture (TRL 3-4 simulator and formal spec; TRL 2 testbed design) · Eighth BLADE Platform · DOI 10.5281/zenodo.20351198

This is NOT a weapon and not a swarm-control autopilot. It is an authority-gating governance layer that sits between the swarm autonomy stack and any coordinated action, computing peer trust, authority tier, and a tamper-evident distributed audit ledger. It tolerates up to f = (N-1)/3 compromised agents per quorum and defaults to a safe halt under denied or degraded radio-frequency conditions.

Launch Swarm Simulator Zenodo Record Repository Evaluation Protocol
Type: Attritable Swarm Authority Governance Testbed (X500 V2 quadrotor nodes) Focus: Byzantine-Fault-Tolerant Sub-Quorum Consensus · Tier-Bound Authority · Distributed Tamper-Evident Audit Status: TRL 3-4 (simulator and formal spec), TRL 2 (physical testbed design) DOI: 10.5281/zenodo.20351198 Document ID: ICD-SWARM-001 v1.0

Key Contributions

  • Eighth BLADE platform, and the first to extend the AUTHREX authority pipeline from a single governed node to a decentralized multi-agent swarm, the eighth governance domain
  • Byzantine-fault-tolerant two-phase consensus, refining MAIVA with sub-quorum decomposition that tolerates up to f = (N-1)/3 compromised agents per quorum with a quorum-intersection safety bound
  • Authority gating before commit: every coordinated action is gated by SATA peer trust, the four-tier HMAA authority state, and weighted MAIVA voting, with safe-halt-by-default under denied or degraded radio-frequency conditions
  • Per-node ECDSA P-256 root of trust on a Microchip ATECC608B secure element (private key never leaves the chip), feeding a hash-chained distributed audit ledger gossiped across the mesh
  • FLAME deliberation-window contraction and tier-downgrade asymmetry tuned for contested-RF and electronic-warfare resilience, with Sybil resistance via attested per-node identity
  • Scale-parameterised across N = 10 (physical testbed), N = 50 (combined operation), and N = 500 (DAWG-class) in a single discrete-event browser simulator with five scripted scenarios
  • TLA+ formal specification with five safety invariants and three liveness properties, model-checked on a reduced-scale instance; refines the AUTHREX_MAIVA module
  • COTS-only reference hardware: approximately $1,333 per node (Pixhawk 6X + Raspberry Pi 5 + LoRa SX1276 mesh radio + ATECC608B), approximately $13.3K for the N=10 testbed baseline. Governs decision authority and audit; it does not govern weapons.
7
Pipeline Stages
4
Authority Tiers
N=10/50/500
Scale Points
(N-1)/3
Byzantine Bound (f)
5+3
TLA+ Safety + Liveness
5
Scripted Scenarios
P-256
Per-Node Signing
~$1,333
Per-Node BOM
BLADE-SWARM reference node: a Holybro X500 V2 quadrotor carrying a Pixhawk 6X flight controller, a Raspberry Pi 5 companion computer, a LoRa mesh radio with a top-mounted whip antenna, a GPS module on a mast, and a status LED ring on the centre plate
Reference swarm node, a Holybro X500 V2 quadrotor instrumented with the BLADE-SWARM governance stack. The N=10 testbed baseline uses ten such nodes.
What This Is

An Authority Layer for Decentralized Swarms

BLADE-SWARM is the swarm-scale instantiation of the AUTHREX authority-governance architecture. Where the single-node BLADE platforms govern one autonomous system, BLADE-SWARM governs the collective decision: before a swarm commits to a coordinated action, a quorum of agents must agree, and that agreement must pass the same authority checks that govern a single node. The contribution is the protocol that makes this agreement Byzantine-fault-tolerant, authority-bound, and provable after the fact.

Each agent independently computes peer trust (SATA), evaluates the current authority tier (HMAA), and casts a weighted vote (MAIVA). A two-phase commit then requires an intersecting quorum to agree before the action proceeds. The protocol tolerates up to f = (N-1)/3 compromised or faulty agents per quorum, resists Sybil attacks through attested per-node identity, and halts safely by default when the radio-frequency environment is denied or degraded. Every step writes a signed entry into a hash-chained distributed audit ledger that is gossiped across the mesh, so the swarm's decisions remain reconstructable and tamper-evident.

Research status: Design-specified and simulation-validated (TRL 2-4). Not operationally deployed. All evaluation uses synthetic data. Standards alignment is self-assessed and is not an official compliance, certification, or endorsement determination.
Strategic Context

National Importance

Attritable autonomy at scale has moved from concept to acquisition priority. Public programs and challenges in this area, including DAWG-class autonomous operations, the Replicator initiative, and open swarm-autonomy challenges, emphasise large numbers of low-cost autonomous platforms acting in coordination. As these systems scale, the unsolved problem shifts from flying the swarm to governing it: who, or what, is authorized to commit the collective to an action, on what evidence, and how is that decision proven afterward, especially when communications are contested and some agents may be compromised.

BLADE-SWARM is a fundamental-research contribution toward that authority-governance problem. It treats the swarm as a distributed decision-maker whose commits must be both Byzantine-fault-tolerant and authority-gated, and whose actions must leave a tamper-evident record. The architecture governs decision authority and audit; it does not govern weapons and makes no empirical claims about specific systems, operations, or named officials.

Consensus Architecture

Byzantine-Tolerant, Authority-Gated Commit

Each agent runs a two-phase consensus protocol gated by three of the seven AUTHREX architectures. The protocol is designed so that no single compromised agent, and no minority faction up to the Byzantine bound, can cause the swarm to commit to an unauthorized action or to escalate its authority tier without an intersecting quorum.

SATA, Peer Trust

Each agent computes a continuous trust score for every peer from attested identity, behavioural consistency, and audit-chain integrity. Low-trust peers are down-weighted in voting and excluded from quorum formation.

HMAA, Authority Tier

Four tiers (T3 autonomous, T2 supervised, T1 confirmed, T0 halt). Tier escalation requires quorum agreement; tier downgrade is asymmetric and can be triggered unilaterally for safety.

MAIVA, Weighted Voting

Sub-quorum decomposition with Dempster-Shafer weighted voting. A quorum-intersection bound guarantees safety as long as no more than f = (N-1)/3 agents per quorum are compromised.

FLAME + CARA, Timing and Recovery

FLAME contracts the deliberation window under threat density and expands it under ambiguity; CARA provides bounded-liveness recovery and isolates misbehaving agents with a corrective audit entry.

Scale-Out

One Protocol, Three Scales

The same protocol and simulator are parameterised over three operating scales. The physical testbed validates the N=10 baseline; the simulator extends the analysis to combined-operation and DAWG-class scales.

N = 10
Physical testbed baseline. Ten X500 V2 quadrotor nodes, the buildable reference platform.
N = 50
Small-scale combined operation. Multi-quorum decomposition and inter-quorum gossip.
N = 500
DAWG-class. Hierarchical sub-quorums; the simulator characterises consensus latency and audit-ledger growth.
Governance Pipeline

Seven-Stage AUTHREX Pipeline, Swarm Instantiation

BLADE-SWARM instantiates the AUTHREX governance pipeline at swarm scale. The pipeline runs once per proposed coordinated action; the consensus and authority stages require an intersecting quorum before the action is allowed to commit.

  1. SENSE, each agent gathers local state and peer telemetry over the mesh.
  2. SATA, per-peer trust scoring from attested identity and audit-chain integrity.
  3. ADARA + IFF, adversarial and identity checks; Sybil and spoofed-peer detection.
  4. HMAA, authority-tier evaluation; escalation requires quorum, downgrade is unilateral.
  5. MAIVA, weighted sub-quorum voting with the quorum-intersection safety bound.
  6. FLAME, deliberation window; two-phase commit only on intersecting-quorum agreement.
  7. ERAM + CARA, engagement-risk readout; bounded-liveness recovery and signed corrective audit on fault.
Formal Verification

TLA+ Specification

The protocol is specified in TLA+ (AUTHREX_SWARM.tla), refining the existing AUTHREX_MAIVA module with sub-quorum decomposition, Byzantine fault bounds, FLAME deliberation-window contraction, tier-downgrade asymmetry, and CARA bounded liveness. The specification was model-checked on a reduced-scale instance.

Five Safety Invariants

Tier ceiling, no-unauthorized-commit, quorum intersection, audit-chain integrity, and the Byzantine bound (S1 through S5). Each holds across all reachable states in the checked instance.

Three Liveness Properties

Eventual commit-or-abort, eventual tier restoration, and CARA termination (L1 through L3), establishing that the protocol makes progress and recovers under fault.

Model checking on a reduced-scale instance establishes the safety and liveness properties for that instance; it is not a proof for arbitrary N. The full specification, configuration, and verification report are included in the repository and the Zenodo deposit.

Standards Alignment

Policy and Standards Context

BLADE-SWARM is framed against the public policy and standards instruments that govern autonomous systems and AI risk. These are cited as context that the architecture is designed to support; no empirical claims are made about specific programs or officials.

Reference Hardware

Per-Node Bill of Materials

The reference node is a Holybro X500 V2 quadrotor with a COTS governance stack. One node is approximately $1,333; the N=10 testbed baseline is approximately $13.3K. The full parts list, electrical and mechanical connection maps, and assembly guide are in the repository.

SubsystemComponentCost
Frame + propulsionHolybro X500 V2 kit (motors, ESCs, props, PDB)~$400
Flight controllerPixhawk 6X autopilot~$300
Companion computeRaspberry Pi 5 8GB + active cooler~$120
Mesh radioLoRa SX1276 (915 MHz) + Wi-Fi 6 USB~$55
NavigationHolybro M9N GNSS + magnetometer~$60
Root of trustMicrochip ATECC608B secure element~$15
Power4S 5000 mAh LiPo + monitor~$80
Indicator + mountingAddressable LED ring, dampers, hardware, masts~$53
Per-node totalapprox. (optional camera +$50)~$1,333
Electrical Design

Electrical Design System Schematic

The node electrical design, power rails, data interfaces, and the governance-bus level shifter that bridges the Pixhawk 6X, the Raspberry Pi 5, and the ATECC608B secure element. The full-resolution schematic is available as a download.

BLADE-SWARM electrical design system schematic showing the power distribution from the 4S LiPo battery through the power distribution board to the flight controller, companion computer, motors and ESCs, and the data interfaces between the Pixhawk 6X, Raspberry Pi 5, LoRa mesh radio, GNSS module, ATECC608B secure element, and status LED ring
BLADE-SWARM per-node electrical schematic. Power lines in amber, data interfaces in teal.
Download Schematic (PDF)
Interactive Simulator

Browser Swarm Simulator

A single-file, deterministic discrete-event simulator runs the full consensus and authority protocol in the browser, parameterised over N = 10, 50, and 500, with five scripted scenarios from nominal operation through denied and degraded conditions. It visualises the live pipeline, the per-node tier state, and the growing distributed audit ledger.

Launch Swarm Simulator
Downloads

Reproducibility Artifacts

BLADE Family

Related Platforms

BLADE-SWARM is the eighth platform in the BLADE family, each instantiating the AUTHREX authority pipeline in a different domain. It develops the swarm-governance direction first set out in the single-agent Authority-Governed UAV Platform (HMAA-UAV) program, carrying the shared SATA-HMAA-CARA governance lineage from one autonomously governed drone to coordinated swarms of N = 10 to N = 500 agents; the two platforms are intended to complement each other, HMAA-UAV as the single-agent foundation and BLADE-SWARM as the multi-agent extension.

BLADE-EDGE BLADE-AV BLADE-MARITIME BLADE-INFRA BLADE-SPACE BLADE-CUAS BLADE-AGENT-HSM BLADE-INFRA-OT BLADE-FINANCE

Single-agent foundation: Authority-Governed UAV Platform (HMAA-UAV) · Authority-Governed Rover Testbed

Citation

If you reference BLADE-SWARM in scholarly or policy work, please cite as follows.

Oktenli, B. (2026). BLADE-SWARM Governance Node: Authority-Governed Decentralized Swarm Consensus for Byzantine-Tolerant, Contested-RF Multi-Agent Coordination. Zenodo. DOI 10.5281/zenodo.20351198. ORCID 0009-0001-8573-1667.