Drone.Safety (ex_drone v0.1.0)

View Source

Safety validation for drone commands.

Drone.Safety.check/3 is the primary entry point. It receives a command, a safety policy, and the current vehicle state, and returns either {:ok, command} if the command is approved, {:ok, command, warnings} if approved with warnings, or {:error, :safety, reason} if rejected.

The safety pipeline is a pure function with no side effects. It is called by the Drone.Vehicle GenServer before sending any command to the adapter.

Emergency commands bypass all safety checks.

Summary

Types

rejection_reason()
vehicle_state()
warning()

Functions

check(cmd, policy, state)

Validates a command against a safety policy and vehicle state.

Types

rejection_reason()

@type rejection_reason() :: Drone.Error.safety_reason()

vehicle_state()

@type vehicle_state() :: %{
  mode: :idle | :sdk_mode | :flying | :emergency,
  x: integer(),
  y: integer(),
  z: integer(),
  yaw: integer(),
  battery: integer(),
  flying: boolean()
}

warning()

@type warning() :: :low_battery | :no_prop_guards

Functions

check(cmd, policy, state)

@spec check(Drone.Command.t(), Drone.Safety.Policy.t(), vehicle_state()) ::
  {:ok, Drone.Command.t()}
  | {:ok, Drone.Command.t(), [warning()]}
  | {:error, :safety, rejection_reason()}

Validates a command against a safety policy and vehicle state.

Returns:

  • {:ok, command} -- the command is approved
  • {:ok, command, warnings} -- the command is approved with warnings
  • {:error, :safety, reason} -- the command is rejected

Emergency commands always pass.