Detachable Trust. Deterministic Safety.
demo.mp4
DAM is a detachable safety middleware that sits between any machine learning policy (or controller) and robot hardware. It intercepts every proposed action, evaluates it through a layered guard stack (L0–L3), and either passes, clamps, or rejects it — without modifying the policy weights or hardware drivers.
This design enables strong safety boundaries while keeping the learning/policy layer fully detachable and upgradable.
- 4-Layer Guard Stack: Progressive defense from perception (L0) → hardware (L3)
- Rust Data Plane: Deterministic, real-time-safe execution outside the Python GIL
- Stackfile-Driven: Swap hardware, policies, or safety rules via YAML. Zero Python code for simple tasks.
- Hot-Reload Boundaries: Update safety constraints without stopping the robot
- Fail-to-Reject: Any guard timeout, crash, or exception → immediate rejection
- MCAP Loopback Buffer: Capture ±30s of context around safety events for analysis
- Built-in Adapters: LeRobot (SO-ARM101) and ROS 2 support
Important Disclaimer: DAM is currently research and experimental-grade software. It is not certified for safety-critical or production use in human-collaborative or high-risk environments. Use at your own risk. We are actively working toward formal verification, worst-case timing analysis, and compliance-oriented documentation.
git clone https://github.com/ez945y/DAM.git
cd DAM
make setupmake run| Command | Description |
|---|---|
make setup |
Create venv, compile Rust extension, install dependencies |
make run |
Start backend (:8080) + frontend (:3000) |
make test |
Run full test suite (unit + integration + safety) |
make clean |
Remove build artifacts |
After starting, open http://localhost:3000 in your browser and select a configuration template:
- Quick Start — Simulation only (no hardware needed)
- SO-ARM101 — Pre-configured for SO-ARM101 robot
- Custom — Create your own Stackfile
DAM acts as a transparent safety layer:
Policy / Controller
│
▼
Proposed Action ──────▶ [ Guard Stack L0–L3 ] ──────▶ Validated Action
▲ │ │ │ │
│ │ │ │ ▼
Observations & State ─────────┘ │ └──────────▶ Fallback (Hold / Retreat / E-Stop)
│
▼
Decision: Pass / Clamp / Reject
Guard Layers
| Layer | Name | Responsibility | Status |
|---|---|---|---|
| L0 | OOD Detection | Out-of-distribution observation detection | Available |
| L1 | Physical Kinematics | Joint limits, workspace, velocity & dynamics | Available |
| L2 | Task Execution | Mission progress and boundary enforcement | Available |
| L3 | Hardware Monitoring | Temperature, current, heartbeat, following error | Available |
The final decision is the most restrictive outcome from all active layers.
v0.4.0 (Current focus)
- Runner-owned runtime lifecycle and control loop
- Image hub backed live preview and MCAP camera attachments
- ROS2 runner recheck and node preservation
v0.5.0
- More built-in boundary types
- Domain-specific bundles (manipulation, mobile manipulation, etc.)
- Extensive adversarial testing suite
Longer term
- Formal verification of critical safety paths
- Support for additional robot platforms
- Certification preparation artifacts
See CONTRIBUTING.md for details on:
- Setting up the development environment
- Code style and testing requirements
- How to propose new features or guard layers
We especially welcome help in the following areas:
- Safety testing and adversarial scenario development
- Real-time performance optimization
- Additional hardware adapters
- Documentation and example Stackfiles
DAM aims to make advanced robot safety modular, verifiable, and accessible to the embodied AI community.
Feedback and discussions are highly encouraged in GitHub Discussions.