Embedded/Strategic Barrier

The strict separation between hardware control and high-level decision making that makes OctoMY™ safe for LLM integration.

Did You Know?

The embedded/strategic barrier is inspired by aviation and automotive safety systems. In aircraft, fly-by-wire systems have multiple redundant computers that can override pilot input to prevent dangerous maneuvers. OctoMY™ applies similar principles to robotics, ensuring that no high-level AI can bypass hardware safety limits.

The problem

Modern robotics wants to integrate Large Language Models for natural interaction and intelligent behavior. However, LLMs have properties that make direct hardware control dangerous:

• Non-deterministic - Same input can produce different outputs
• Latency-variable - Response times are unpredictable
• Hallucination-prone - Can generate plausible but incorrect outputs
• Context-dependent - Behavior changes based on conversation history

These properties are incompatible with real-time safety requirements for actuator control.

The solution: Two layers

OctoMY™ enforces a strict separation between two layers:

Embedded layer

The embedded layer handles direct hardware control with real-time guarantees.

Characteristics:

• Industrial/automotive/aviation-grade code patterns
• Deterministic, predictable behavior
• Low-latency response times
• Runs on limited hardware (Arduino, embedded controllers)
• Safety-critical with fail-safe defaults

Components:

• Lobes (locomotion controllers)
• Actuator drivers
• Sensor interfaces
• Real-time control loops

LLM Access: None. LLMs have zero direct access to this layer.

Strategic layer

The strategic layer handles high-level decision making and coordination.

Characteristics:

• Flexible, creative processing
• Can tolerate variable latency
• Handles complex reasoning
• Runs on capable hardware (phone, server)
• Interacts with users and external services

Components:

• Plan execution engine
• OPAL (Operator Permission and Access Layer)
• Event processing
• User interface

LLM Access: Full access within permission bounds.

The barrier

The barrier between layers is enforced by design:

Abstract targets

The strategic layer affects hardware only through abstract targets:

The embedded layer:

• Receives abstract targets
• Plans safe execution paths
• Executes with real-time guarantees
• Reports completion/failure back

What this prevents

Prevented: Direct motor control

LLM: "Set motor 1 to 255 PWM"
System: DENIED - No direct hardware access

Allowed: Abstract navigation

LLM: "Navigate to the kitchen"
System: Accepted → Path planning → Safe execution

Prevented: Raw sensor access

LLM: "Give me the raw I2C data from sensor 0x4A"
System: DENIED - No raw hardware access

Allowed: Semantic queries

LLM: "What obstacles are nearby?"
System: Accepted → Processed sensor data returned

Safety guarantees

The embedded layer provides guarantees that the strategic layer cannot override:

• Speed limits - Maximum velocities enforced in hardware
• Collision avoidance - Emergency stops independent of strategic layer
• Range limits - Actuators cannot exceed safe ranges
• Watchdog timers - System stops if strategic layer becomes unresponsive
• Fail-safe defaults - Known-safe state if communication is lost

Event flow

All platform events stream into an event database:

1. Sensors generate events (obstacle detected, position changed)
2. Events are stored with timestamps
3. Strategic layer (including LLMs) can read events
4. LLMs can react by issuing abstract commands
5. Commands go through the barrier as targets
6. Embedded layer executes safely

Why this matters

This architecture enables:

• Safe LLM integration - AI can control robots without safety risks
• Natural interaction - Users can speak naturally to their robots
• Autonomous behavior - Agents can operate independently
• Developer freedom - Strategic layer can be experimental
• Regulatory compliance - Clear safety boundaries for certification