burakoktenli / blade-space-governance-node Public

BLADE-SPACE Governance Node: Beam-Layer Authority for Directed Engagements, Space-Edge Node. Authority-governed orbital governance node for autonomous LEO platforms beyond ground-loop latency. 9-stage governance pipeline on radiation-tolerant compute (Microchip RTG4 FPGA + Aitech S-A1760 Venus SBC, hot-redundant with <200 ms failover). 91 components, 134 electrical connections (53 power + 81 data), 117 mechanical connections, LEO 400-1200 km, 30 krad TID, 5-year design life, $505,440 reference BOM. TRL 2-3 Preliminary Design Phase, NASA SBIR EXPAND.3.S26B aligned.

blade-spaceorbitalleo-400-1200kmrad-tolerantrtg4-fpgaaitech-sbcspacewiresatahmaaadaramaivaflamecara30krad-tidecdsa-p256nasa-expand-3-s26b
269KB simulation 21 files CC BY 4.0 DOI: 10.5281/zenodo.20183269
main 21 files · v1.0 · May 2026
Zenodo Open Simulator Project Page
blade-space-simulation.htmlInteractive governance simulator · 9-stage pipeline v1.0 · 6 scenarios (orbital governance)May 2026
blade-space-schematic.pdfSystem schematic (91 components, node-graph view)May 2026
blade-space-BOM.csv91-component BOM with manufacturer part numbers, qualification levels, lead times (CSV)May 2026
blade-space-repo.zipComplete engineering package (15 engineering design documents)May 2026
SystemRequirementsDocument.md25 traceable system requirements (functional, performance, environmental, safety)May 2026
RequirementsTraceabilityMatrix.mdRequirements-to-component traceability mappingMay 2026
FMEA.mdFailure Modes & Effects Analysis: 35 failure modes, 7 catastrophic, mitigationsMay 2026
HazardAnalysis.md10 hazards identified, 3 critical with three-fault-tolerant mitigationsMay 2026
VerificationValidationPlan.md20-test V&V campaign specification (analysis, inspection, demonstration, test)May 2026
PowerBudget.md28V bus, 134 W nominal / 193 W peak, eclipse margin analysisMay 2026
MassPropertiesStatement.md11.0 kg / 12.0 kg allocation, CG/MOI for 6U+ SmallSat envelopeMay 2026
ThermalAnalysisReport.md-40°C to +85°C operating range, hot/cold case analysis, radiator sizingMay 2026
RadiationHardnessAssurance.md30 krad TID, SEU/SEL/SEFI analysis, part-level qualification levelsMay 2026
MechanicalICD.mdMechanical Interface Control Document: 117 mechanical connections, fasteners, torque specsMay 2026
ElectricalICD.mdElectrical Interface Control Document: 134 connections (53 power + 81 data), protocols, voltagesMay 2026
SoftwareArchitecture.mdBare-metal RTOS + FPGA bitstream architecture, partitioning, schedulingMay 2026
ReliabilityAnalysis.mdMTBF estimation, MIL-HDBK-217F parts-count method, mission survival probabilityMay 2026
AssemblyIntegrationPlan.mdAI&T flow, clean-room procedures, harness installation, EMC/EMI screeningMay 2026
ConfigurationManagementPlan.mdVersion control, baseline management, change control board, ECN processMay 2026
RiskRegister.mdRisk identification, likelihood/consequence matrix, mitigation trackingMay 2026
LICENSECC BY 4.0May 2026
README.md

BLADE-SPACE Governance Node

Beam-Layer Authority for Directed Engagements, Space-Edge Node - Preliminary Design Specification

An authority-governed orbital governance node for autonomous LEO platforms operating beyond ground-loop latency. Implements the 9-stage governance pipeline (SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA → BDA → EFFECTOR) on radiation-tolerant compute (Microchip RTG4 FPGA + Aitech S-A1760 Venus SBC) with hot-redundant SpaceWire bridge voting and <200 ms cross-string failover. Targeted for 6U+ SmallSat payload module form factor, LEO 400-1200 km, 5-year design life (7-year stretch). Hardware-enforced three-fault-tolerant safety interlock gates all effector commands (thruster firing, magnetorquer torque, pyrotechnic initiation).

This is a Preliminary Design specification (TRL 2-3). No flight qualification, no in-orbit operational demonstration, and no NASA/ESA endorsement is claimed. The engineering package specifies design intent and V&V protocols; physical build, environmental qualification, and orbital demonstration are future work.

Publication

DOI: 10.5281/zenodo.20183269
Author: Burak Oktenli · Georgetown University, MPS Applied Intelligence
ORCID: 0009-0001-8573-1667
License: CC BY 4.0 · Version: v1.0 · May 2026

Key Specifications

  • Compute (hot-redundant): Microchip RTG4 RT4G150 FPGA × 2 (150K LEs, rad-hard by design, 100+ krad TID); Aitech S-A1760 Venus SBC × 2 (QorIQ T2080, 1.8 GHz quad-core PowerPC, 30 krad TID)
  • Memory: 3D-Plus 3DFP4G16VS4080 DDR4 ECC SDRAM × 2 (8 GB with on-chip ECC, SEU scrubbing every 30 s); Cypress S25FL512S QSPI NOR Flash × 2 (rad-screened, 512 Mb, boot/golden/working images)
  • Sensors: Blue Canyon NST100 star trackers × 2 (8″ accuracy); NovAtel OEM7600-RG GNSS × 2 (rad-tolerant L1/L2); Sensonor STIM-300 IMU (tactical-grade); Honeywell HG1700 backup IMU (rad-hard); Adcole sun sensors × 2; ZARM fluxgate magnetometers × 2; vacuum-rated pressure sensor; cumulative TID dosimeter
  • Communications: Syrlinks EWC27 S-band TT&C × 2 (4-8 kbps uplink / 256 kbps downlink); Mynaric CONDOR Mk3 optical ISL transceiver (100 Mbps, 1550 nm); Cobham UT200SpW SpaceWire × 2; Microchip ATECC608B + AES-256-GCM FPGA IP link encryptors × 2
  • Security: Microchip CEC1712 + Tropic Square TROPIC01 TPM 2.0 × 2 (ECDSA P-256 secure boot root of trust); Macronix MX25L51245G-RH rad-tolerant secure key-storage flash; custom electronic tamper mesh controller; ECDSA-signed audit chain across reboots
  • Power: Saft VES16 8S1P Li-Ion × 2 (main + redundant, 135 Wh per pack - 270 Wh combined eclipse/safe-mode reserve); VPT VSC50 DC-DC converters (28V→12V/5V/3.3V/1.2V); 4× CAES ARM-LCL-28 Latching Current Limiters (trip on SEU latch-up); Infineon IRHM7064 rad-hard MOSFET array; Maxwell BMOD0058 supercapacitor ride-through bank for thruster-firing transients
  • Effectors (interlocked): Sensitron SSR-28V-5A thruster firing relay (hardware GPIO interlock); CAES MD-3X-28 magnetorquer driver (3-axis, 50 mNm·m); Microchip MCP2515 + RH-CAN PHY reaction wheel interface (up to 4 RWAs); Pacific Scientific 11-PIC-1A NSI-class pyrotechnic initiator with ARM/SAFE plug; TE Connectivity FCB-200 normally-open payload safety interlock × 2 in series
  • Environment: LEO 400-1200 km; 5-year design life / 7-year stretch; 30 krad TID; SEU/SEL/SEFI tolerant; -40°C to +85°C operating range
  • Mass & Power: 11.0 kg allocated / 12.0 kg max; 134 W nominal / 193 W peak on 28V bus
  • BOM: $505,440 reference (91 components, including QML/QPL-qualified rad-hard parts)

9-Stage Governance Pipeline (v1.0)

  • SATA: Dempster-Shafer fusion over star tracker, GNSS, IMU, sun sensor, and magnetometer trust channels
  • ADARA: Multi-constellation GNSS spoofing detection (GPS/Galileo/GLONASS cross-check); telemetry anomaly pattern matching
  • IFF: Ground station authentication via ECDSA P-256 with CCSDS authenticated TC frames
  • HMAA: Trust-proportional authority over effector commands (thruster firing, magnetorquer torque, RWA, payload activation)
  • MAIVA: Cross-string consensus between main + redundant compute paths with SpaceWire bridge voting (<200 ms divergence detection)
  • FLAME: Mandatory deliberation windows before propulsive maneuvers and payload firing (configurable hold period, default 5 s)
  • CARA: Safe-state enforcement on hardware fault (sun-pointing, low-power, deselect effector commands); CCSDS event logging
  • BDA: Post-event trust revalidation and orbit determination refresh after maneuver completion
  • EFFECTOR: Hardware-enforced three-fault-tolerant safety interlock with normally-open payload relay; pyrotechnic ARM/SAFE plug-pull required

Validation Scenarios (Simulator)

  • GNSS spoofing during station-keeping maneuver under degraded star tracker availability
  • Compute string failure (FPGA SEU latch-up) with hot failover to redundant string under attitude maneuver
  • Adversarial uplink command injection with TPM-enforced ECDSA signature mismatch
  • Sensor drift over orbital eclipse cycles with thermal cycling-induced IMU bias accumulation
  • Multi-fault scenario: TID-degraded sensor + cross-string SpaceWire bridge anomaly + uplink contact loss
  • Operator-in-the-loop override: ground command authority intervention during autonomous maneuver

Standards Alignment

  • NASA SBIR EXPAND.3.S26B (Autonomous Spacecraft Health Management)
  • NASA-STD-8729.1 (Reliability and Maintainability)
  • NASA-STD-8739.8 (Software Assurance and Safety)
  • ECSS-Q-ST-30C (Dependability), ECSS-Q-ST-60C (EEE Components)
  • MIL-STD-1540E (Test Requirements for Launch and Space Vehicles), MIL-STD-461G (EMI/EMC)
  • MIL-PRF-38535 (QML Class V for rad-hard ICs)
  • CCSDS protocol stack (SpaceWire, AOS, USLP, authenticated TC)

Related Work

  • SATA: 10.5281/zenodo.18936251
  • HMAA: 10.5281/zenodo.18861653
  • CARA: 10.5281/zenodo.18917790
  • ADARA: 10.5281/zenodo.19043924
  • MAIVA: 10.5281/zenodo.19015517
  • FLAME: 10.5281/zenodo.19015618
  • BLADE-EDGE (defense): 10.5281/zenodo.19177472
  • BLADE-AV (automotive): 10.5281/zenodo.19232130
  • BLADE-MARITIME (maritime): 10.5281/zenodo.19246785
  • BLADE-INFRA (critical infrastructure): 10.5281/zenodo.19277887

Author

Burak Oktenli
Georgetown University, M.P.S. Applied Intelligence
ORCID: 0009-0001-8573-1667
Website: burakoktenli.com