Research Platform

Authority-Governed Assured Autonomy Rover Testbed

A research platform implementing SATA trust evaluation, HMAA mission authority control, and CARA recovery enforcement for resilient autonomous systems. The testbed enables controlled experiments on autonomy degradation, sensor trust evaluation, and mission recovery under contested operating conditions. The broader research program also extends these governance principles to manipulation systems, including authority-controlled robotic arms.

This platform represents an implemented experimental system integrating hardware architecture, governance software, and simulation-based validation. This testbed is part of a unified research framework for authority-governed autonomous systems spanning single-agent, multi-agent, and manipulation domains.

Design Complete · Implementation In Progress
Launch Governance Simulator Zenodo Record Repository Evaluation Protocol
Type: Autonomous Systems Research Focus: AI Governance · Robotics Safety · Trust Evaluation Status: Experimental Prototype DOI: 10.5281/zenodo.19143190

Key Contributions

  • Governance architecture for trust-aware autonomous systems
  • Authority control framework for degraded autonomy environments
  • Experimental testbed for adversarial sensor failure scenarios
  • Interactive simulation platform for autonomy safety validation
  • Reproducible research platform under $500
  • Extensible governance framework applicable to both autonomous navigation and robotic manipulation

Zenodo Publication: Oktenli, B. (2026). Authority-Governed Assured Autonomy Rover Testbed: System Architecture, Governance Design, and Reproducible Artifact Package (v1.0). Zenodo. https://doi.org/10.5281/zenodo.19143190

Authority-Governed Autonomy Rover Testbed 3D render showing dual-plate differential drive platform with Raspberry Pi 5, LiDAR, camera, IMU, and LoRa communication
Experimental platform render: dual-plate differential drive rover with onboard autonomy computer, safety controller, and multi-sensor array. Platform cost under $500.
Strategic Context

National Importance of Authority-Governed Autonomy

Autonomous systems increasingly operate in environments where sensor deception, communication disruption, and adversarial interference threaten mission safety. Current autonomy architectures typically rely on binary fail-safe triggers or simple threshold-based switching, lacking formal mechanisms for graded authority degradation and structured recovery.

Authority-governed autonomy addresses this gap by making trust assessment, authority computation, and recovery enforcement first-class components of the autonomy stack. Rather than asking "Is the AI correct?", authority-governed systems ask: "Under what constraints should the AI be allowed to act given current trust conditions?"

Research in resilient autonomy and trusted AI has been identified as a strategic priority by organizations including DARPA (Assured Autonomy program), NASA (autonomous planetary rover operations), and the National Science Foundation. The DoD Directive 3000.09 explicitly requires autonomous weapons systems to maintain appropriate levels of human judgment over the use of force.

Research Motivation

Research Testbed Purpose

The Authority-Governed Autonomy Testbed is designed to experimentally evaluate governance architectures for autonomous systems operating in safety-critical and adversarial environments.

The platform allows controlled experiments involving:

Sensor trust degradation under spoofing and noise
Authority revocation and downgrade events
Mission command override conditions
Recovery protocol activation and timing

The testbed provides a practical evaluation environment for the SATA, HMAA, and CARA architectures described in the associated patent disclosures and technical reports published on Zenodo. Unlike purely simulated environments, this experimental research platform is designed to validate governance behavior with physical sensors, real-time computation, and hardware safety interlocks.

Core Contribution

System Architecture

The testbed implements a complete authority-governed autonomy pipeline. Every autonomous decision must pass through trust evaluation, authority computation, and recovery logic before reaching actuators.

Sensors (LiDAR, ToF, IMU, Camera)Multi-modal environmental sensing
Sensor FusionCross-sensor consistency and disagreement detection
SATA Trust EvaluationWeighted belief function with Dempster-Shafer fusion, asymmetric decay/recovery
Mission PlannerPath planning and objective management under authority constraints
HMAA Authority ControlA = base x gate x damping x τ, six-tier authority spectrum enforcement
CARA Recovery EnforcementDeterministic recovery via GREP phases if authority enters lockout
Command GatePacket format, clamping, timeouts, authority-level enforcement
ESP32 Motor ControllerReal-time actuation with independent watchdog and E-stop
Framework Extension

Authority-Controlled Robotic Manipulation

Beyond rover navigation, the same authority-governed autonomy framework provides a generalizable governance layer for robotic manipulation systems performing safety-critical tasks. In this extension, manipulator actions are not executed directly from perception and planning outputs; they are gated through trust evaluation and authority governance before motion commands reach the robotic arm controller.

This manipulation-oriented extension is currently under development as a second application domain for the broader authority-governed autonomy research program.

Perception InputVision, depth sensing, and object-state estimation
Trust EvaluationConfidence scoring, sensor disagreement penalties, uncertainty assessment
Authority GovernanceAction permission, motion restrictions, and authority-level determination
Motion Planning ConstraintsTrajectory limitation, speed reduction, workspace restriction
Manipulator ControlCommand execution only within current authority envelope

Behavior Under Uncertainty

  • If perception confidence drops, authority level is reduced
  • Manipulator motion speed is constrained
  • Workspace or grasp actions can be restricted
  • Unsafe actions are suppressed
  • The system pauses or stops when trust falls below the safe threshold

This extension demonstrates that authority-governed autonomy is not limited to navigation systems, but can govern fine-grained manipulation tasks where incorrect actions may cause physical damage or safety risks. This highlights the framework's applicability to a broad class of autonomous systems operating under uncertainty.

Framework Extension

Sensor Trust Testing Platform

The testbed also functions as a reusable sensor trust testing platform designed to evaluate trust-aware autonomy systems under controlled adversarial and degraded conditions. This platform enables systematic injection of sensor faults to study trust degradation, disagreement detection, and authority response.

System Components

Multi-sensor array (camera, LiDAR, IMU, ToF), programmable fault injection mechanisms, embedded compute for trust evaluation, real-time telemetry and logging

Research Applications

Sensor spoofing detection and response, sensor degradation modeling, cross-sensor disagreement analysis, trust-based authority adjustment validation

This platform supports experimental research on resilient perception systems and provides a controlled environment for validating trust evaluation algorithms under adversarial conditions.

Together with the rover testbed and robotic manipulation extension, this platform demonstrates a unified authority-governed autonomy framework spanning perception, decision-making, and actuation layers.

Electrical Design

System Schematic

Full electrical schematic showing MCU, sensor, actuator, power, and module interconnections. Color-coded by node type: blue (MCU), teal (Sensor), orange (Actuator), yellow (Power), green (Module).

Authority-Governed Swarm Testbed full electrical schematic showing all component interconnections
Download Schematic (SVG) Download Full Blueprint (PDF)
Interactive Demonstration

Governance Simulation Environment

The rover testbed simulation environment provides a controlled experimental platform for evaluating authority-governed autonomy under adversarial and degraded sensor conditions. The simulator executes the complete SATA trust fusion, HMAA authority computation, and CARA recovery logic in real-time with configurable fault injection.

This simulation demonstrates executable validation of authority-governed autonomy rather than conceptual design alone. The simulation environment mirrors the physical rover hardware architecture, enabling direct transfer of validated governance behaviors from simulation to hardware testing.

Sensor Fault Injection

Camera occlusion, LiDAR spoofing, IMU drift, RF disruption, compound failures

Trust Dynamics

Real-time fused trust score, per-sensor values, Dempster-Shafer fusion, decay/recovery

Authority Response

Authority state transitions, command gating, CARA recovery activation, mission metrics

Simulation Capabilities

Simulation fidelityReal-time (~100 Hz) Sensor modelingLiDAR, ToF, IMU, Camera, Wheel Encoders Adversarial injectionCamera occlusion, LiDAR spoofing, IMU drift, RF loss Trust computationDempster-Shafer fusion with cross-sensor validation Authority enforcementSATA-HMAA-CARA full pipeline Recovery validationCARA GREP phases, safe-stop, return-safe Experiment modes7 defined fault scenarios with compound attacks Audit loggingSHA-256 chained authority decision trace

Experimental Simulation Environment (Research Use). This environment serves as a primary validation layer for testing authority transitions and recovery behaviors, enabling repeatable experimentation prior to physical hardware deployment.

Launch Governance Simulator
Governance Model

Authority State Machine

The testbed implements a four-level authority state machine with hysteresis guards, dwell timers, and oscillation prevention. Upgrade thresholds are set higher than downgrade thresholds to ensure the system does not prematurely restore autonomy after trust degradation.

A3: Full Autonomy

All sensors trusted. Autonomous navigation, planning, and mission execution. No operator input required.

A2: Constrained Autonomy

Partial trust degradation. Planner restricted to conservative paths. Speed limits enforced. Operator alerted.

A1: Limited Autonomy

Significant trust loss. Loiter or return-to-base mode. Operator supervision required for any action beyond safe hold.

A0: Safe Mode

Critical trust failure or watchdog timeout. All motors disabled. System awaits operator recovery command or physical reset.

Transition rules include configurable dwell timers (minimum time at each level before upgrade), asymmetric thresholds (downgrade at τ < 0.6, upgrade only at τ > 0.8), and an oscillation guard preventing more than 2 transitions within any 10-second window.

Sensor Trust

Sensor-Anchored Trust Assessment (SATA)

The trust evaluation subsystem computes a continuous trust scalar from multi-sensor fusion using a weighted Dempster-Shafer belief model with cross-sensor validation:

Trust(s_i) = weighted belief function with cross-sensor consistency checks, disagreement penalties, asymmetric decay (fast) and recovery (slow), and single-sensor veto capability

Key properties: trust decays rapidly when sensors disagree but recovers slowly when consistency returns. A single sensor producing readings inconsistent with all others triggers an immediate trust penalty regardless of its historical reliability. This asymmetry prevents the system from trusting potentially spoofed inputs too quickly after an anomaly.

Experimental Platform

Hardware Architecture

The testbed uses a dual-compute architecture separating high-level autonomy (Raspberry Pi 5) from real-time safety control (ESP32), connected via UART with hardware time synchronization.

Autonomy Computer

Raspberry Pi 5 8GB: ROS 2 nodes, SATA trust, HMAA authority, CARA recovery, mission planner, sensor fusion

Safety Controller

ESP32-DevKitC-32D: motor PWM, encoder feedback, watchdog heartbeat, LoRa comms, command gate enforcement

Sensor Array

RPLIDAR A1M8 (USB), VL53L1X ToF (I2C), BNO085 IMU (I2C), RPi Camera v3 (CSI), magnetic wheel encoders (GPIO)

Safety Systems

TPL5110 watchdog, mushroom E-stop, ATECC608B secure element, RFM95W LoRa 900MHz, MicroSD audit logger

Key Components

Component Model Purpose
Main ComputeRaspberry Pi 5 (8GB)Autonomy stack, sensor fusion, ROS 2
Safety ControllerESP32-DevKitC-32DReal-time control, watchdog, command gate
LiDARSlamtec RPLIDAR A1M8360-degree obstacle sensing
IMUAdafruit BNO085 9-DOFOrientation and motion fusion
CameraRaspberry Pi Camera v3Visual perception (Sony IMX708)
ToF SensorAdafruit VL53L1XClose-range obstacle detection
CommunicationAdafruit RFM95W (900 MHz)LoRa long-range telemetry
Secure ElementATECC608B TrustFLEXCryptographic key storage
Motor DriverPololu Dual G2 18v18Dual high-power motor control (18A/ch)
Drive MotorsPololu 12V 75:1 Gearmotor (x2)High-torque differential drive
SafetyE-stop + TPL5110 WatchdogHardware safety interlock layer
Power3S 11.1V 5000mAh LiPo + 10A UBECMobile platform power with regulation

Platform Cost Breakdown

Compute and sensors~$260 Power and control electronics~$120 Mechanical platform and chassis~$40 Miscellaneous hardware and 3D prints~$30
Total system cost: ~$450-$500

37 components verified. All commercially available. Full BOM available as downloadable CSV.

Evidence

Validation Metrics

37
Hardware components integrated
76
Electrical connections defined
7
Adversarial experiments designed
4
Authority states (A3-A0)
5+
Sensor modalities fused
<$500
Total platform cost
Research Methodology

Experimental Program

Seven experiments designed to validate the authority-governed autonomy thesis. Each experiment injects a specific fault condition and measures authority response, mission behavior change, and recovery activation.

  1. Sensor Spoofing Test: Inject false LiDAR returns. Measure SATA trust drop and HMAA authority downgrade timing.
  2. Sensor Disagreement Test: Create inconsistency between camera and LiDAR. Verify cross-sensor penalty and trust fusion behavior.
  3. Authority Degradation Experiment: Gradually reduce trust inputs. Measure transition through A3, A2, A1, A0 with dwell timer compliance.
  4. Recovery Activation Test: Trigger CARA recovery from A0. Measure GREP phase transitions and time to mission-capable state.
  5. Planner Constraint Test: Verify planner respects authority-imposed speed limits, path restrictions, and action prohibitions at each level.
  6. Communication Loss Scenario: Sever LoRa link. Verify watchdog activation, motor disable, and authority downgrade sequence.
  7. Autonomous Recovery Validation: Full scenario: spoofing attack, trust collapse, authority degradation, recovery, mission resumption. End-to-end measurement.

Each experiment requires minimum 30 trials for statistical significance. Metrics collected: trust scores, authority transitions, recovery activation events, mission success rate, unsafe action count (baseline vs. governed).

Current Status

Project Status

System architecture design
Hardware specification (37 components)
Electrical wiring (76 connections)
Bill of materials verified
Software architecture specified
Authority FSM with hysteresis
Experiment program defined
Hardware procurement and assembly
ROS 2 software implementation
Physical testing and data collection

The platform design and specification are complete. Hardware procurement and implementation are currently underway. The architecture, authority model, trust evaluation method, and experimental methodology are fully defined and documented.

Current Limitations: Multi-agent coordination not yet implemented in hardware. Some adversarial scenarios validated at simulation level only. Real-time performance optimization ongoing. Full system integration under continued development.
Downloads

Project Documentation

Complete engineering documentation for the Authority-Governed Autonomy Testbed. All files are original work by Burak Oktenli.

Complete Project Repository (tar.gz) — Python source, simulation, TLA+ spec, tests, CI pipeline, documentation Research Paper (PDF) Governance Simulator (HTML) Full Blueprint (PDF) System Schematic (SVG) Bill of Materials (CSV) Electrical Connections (JSON) System Configuration (JSON) Assembly Guide (MD) Schematic Diagram (PNG) Platform Render (PNG)
Open Research

Reproducible Research Artifacts

This project provides reproducible artifacts enabling researchers to replicate the autonomy governance experiments and system architecture. All documentation, schematics, and specifications are available for download.

System Design

Complete blueprint PDF, electrical schematic SVG, wiring connections JSON, system configuration JSON

Hardware

37-component BOM with verified sources. All commercially available. Total cost under $500. Assembly guide included.

Experiment Protocol

7 defined experiments with fault injection procedures, expected results, and statistical requirements (30+ trials each).

Metrics

Fused trust scores, per-sensor trust values, authority state transitions, recovery latency, mission success rate.

Resilience Engineering

Power Architecture

The rover testbed operates from a 7.4V 2S LiPo battery with 5V and 3.3V regulated rails for compute and sensor modules.

Primary Power

7.4V 2S LiPo battery → 5V buck converter (RPi5) → 3.3V regulator (ESP32). Motor driver powered directly from battery.

Safety

Emergency stop cuts motor power via CARA-controlled GPIO. RPi5 and ESP32 remain powered for governance state preservation and audit logging.

Security Architecture

Trust & Verification Chain

The testbed implements a simplified security chain appropriate for a research platform while maintaining governance integrity.

TLA+ Verification

48,751 states explored, 8 safety properties verified. Complete formal model of SATA-HMAA-CARA pipeline state transitions.

98-Test Suite

42-file Python engineering baseline with 98 unit tests and 200,000 FSM conformance comparisons.

Governance Audit

Complete governance state log with timestamps. Every authority transition recorded for post-mission analysis.

Cost Analysis

Bill of Materials: ~$484

SubsystemCost% of Total
Compute (Raspberry Pi 5 + ESP32-S3)$9520%
Sensors (ultrasonic + IMU + camera)$6513%
Drive System (motors + driver + wheels)$12025%
Chassis & Structure$8518%
Power (battery + regulators)$459%
Wiring, connectors, misc$7415%

Lowest-cost governance testbed demonstrating the complete SATA-HMAA-CARA pipeline at ~$484. All COTS components.

Specifications

Physical Specifications

ParameterValue
Components37 (dual-compute: RPi5 + ESP32-S3)
Simulation runs350 across 7 fault scenarios, zero unsafe actions
Formal verificationTLA+ (48,751 states, 8 safety properties)
Test suite98 tests, 200,000 FSM conformance comparisons
Governance pipelineSATA → HMAA → CARA (8-stage)
Power7.4V 2S LiPo
BOM~$484
Research Roadmap

Future Work

This testbed represents the first phase of a broader research program in authority-governed autonomy. Future research directions include:

Multi-Robot Governance

Authority coordination across multiple autonomous agents with distributed trust aggregation (MAIVA integration)

Adversarial Deception Defense

Integration of ADARA deception probability engine for proactive authority adjustment under sensor manipulation

Real-World Deployment

Field experiments in outdoor contested environments with GPS spoofing, communication jamming, and multi-sensor failure injection

Latency Control Integration

FLAME deliberation windows applied to physical actuator command chains with measured response timing

Authority-Controlled Robotic Arm

Extension of the governance framework to robotic manipulation, where perception uncertainty dynamically constrains motion authority, action permissions, and manipulator behavior

Researcher

About This Project

This project is part of ongoing research on authority-governed autonomy and resilient AI systems conducted by Burak Oktenli at Georgetown University (M.P.S. Applied Intelligence). The testbed implements the same governance architectures published in the SATA, HMAA, and CARA patent disclosures and technical reports on Zenodo. Current work focuses on the rover testbed as an early physical platform, with planned extensions to robotic manipulation systems and additional authority-governed autonomy domains.

Related research architectures: SATA (sensor trust), HMAA (authority computation), CARA (recovery), MAIVA (multi-agent trust), FLAME (latency control), ADARA (deception-aware risk).

View full research portfolio →