Observe
Receive policy state, proposed action, sensor context, and active operating constraints.
Technology
Intervene now.
Learn for later.
Zahavi places immediate hazard suppression and persistent policy adaptation inside one observable runtime, while leaving certified hardware and safety PLCs as independent final boundaries.
Runtime sequence
A single decision loop with explicit authority.
The safety signal does not merely average with the policy. Once a configured threshold is crossed, the intervention pathway has dominant authority over the proposed action.
Estimate
Calculate hazard using proximity, force, velocity, geometry, and domain-specific estimators.
Intervene
Reduce, replace, or veto the proposed action before it reaches the actuator command layer.
Attribute
Write an eligibility trace across the state-action sequence that preceded the intervention.
Audit
Log the estimator output, intervention, replacement action, trace, and policy update.
Integration model
Drop in around the policy, not through the entire controller.
The runtime is designed as middleware between perception, policy inference, and action execution. It does not replace certified emergency-stop systems, physical guarding, or required safety PLC logic.
- Policy wrapper for PPO, SAC, TD3, and custom policies
- Sensor adapters for force-torque, RGB-D, LiDAR, and proximity
- Configurable action replacement and veto logic
- Event logging for engineering and incident review
from zahavi import Runtime, HazardEstimator runtime = Runtime( estimator=HazardEstimator( sources=["force_torque", "rgb_d"], threshold=0.72 ), fast_gain=4.0, trace_horizon=120 ) safe_policy = runtime.wrap(your_policy) action = safe_policy.act(observation)
Observability
A safety runtime should explain what it changed.
Every event should be reconstructable from the input state through the intervention and resulting policy update.
Decision trace
Record the proposed action, risk estimate, threshold state, and executed replacement.
Policy attribution
Identify which precursor state-action pairs received trace weight after an intervention.
Operational audit
Export intervention histories for workcell review, testing, and incident reconstruction.
Comparison
Why the architecture is different.
The distinction is not that Zahavi is the only system capable of stopping an unsafe action. The distinction is the intended coupling between intervention, attribution, and future policy behavior.
| Capability | Separate shield | Zahavi model |
|---|---|---|
| Immediate action veto | Common | Core pathway |
| Persistent precursor-state attribution | Implementation dependent | Built into intervention loop |
| Shared action substrate | Usually separate | Designed as one runtime |
| Event observability | Variable | Required design objective |
| Certified hardware replacement | No | No |