One kernel. Deterministic safety certification for autonomous systems.
The Quotient Autonomy Engine (QAE) is a domain-agnostic safety certification platform. The same mathematical kernel — multi-channel constraint evaluation, binding-constraint decision logic, deterministic certificate hashing — instantiated across satellite constellation management, portfolio risk certification, and agentic AI safety.
A domain-agnostic safety certification kernel
Every autonomous system faces the same structural problem: proposed actions must be evaluated against multiple constraints, classified into safety zones, and certified with tamper-evident audit trails — all in real time. QAE Substrate solves this once.
Mapping
Evaluation
Decision
Certificate
Multi-Channel Constraint Evaluation
N constraint channels run in parallel — each returning a normalized margin in [0,1]. The binding constraint (minimum margin) drives all zone classification and decision logic. One architecture. Any constraint domain.
Four-Branch Safety Logic
Regime change override → Blocked → Escalate to Human → Certified with Warning → Certified. The same decision tree governs constellation allocations, portfolio trades, and AI tool calls. No probabilistic fallback.
Deterministic Certificate Hashing
Every certification produces a tamper-evident SHA-256 hash over a canonical representation: pipe-delimited fields, IEEE 754 16-digit scientific notation, BTreeMap lexicographic ordering. Bit-identical across runs.
Domain Adapter Trait
Each domain plugs into the kernel via a DomainAdapter trait — providing constraint channels, action-to-state mapping, and regime detection. The kernel never touches domain-specific types. New domains require zero kernel changes.
Autonomous systems are flying blind past their constraint boundaries
Every autonomous system — satellites, portfolios, AI agents — proposes actions against multiple safety constraints. Today, each domain builds bespoke validation from scratch. The result: fragmented tooling, non-deterministic outputs, and zero audit trails.
$15–40M/yr in custom software
Every mega-constellation operator builds proprietary constellation management from scratch. O(N²) solvers that break at scale. No shared architecture across the industry.
Monte Carlo is the wrong tool
Statistical simulation introduces sampling variance, requires GPU clusters, and produces non-reproducible results. Regulators demand determinism. Current tools deliver probabilities.
No pre-execution safety layer exists
AI agents execute tool calls, API requests, and database mutations with no constraint evaluation before action. Post-hoc logging is not safety certification. The gap is structural.
One kernel. Three instantiations. Each domain gets its own constraint channels.
The same mathematical architecture — multi-channel constraint evaluation, binding-constraint decision logic, deterministic certificate hashing — adapted per domain via the DomainAdapter trait.
Constellation Management
O(|S|) topology abstraction. 19,584 satellites in 82ms. Multi-operator coexistence certificates, ITU Appendix 4 integration, UNOOSA sustainability compliance. 50 patent claims.
Portfolio Risk Certification
5 parallel risk channels. 423× faster than Monte Carlo. Smooth barriers, eigenvalue regime detection, Basel III/FRTB compliance output. Deterministic — no sampling variance. 52 patent claims.
Agentic AI Safety
Pre-execution certification for autonomous agents. Scope, reversibility, rate, data sensitivity, and budget constraints — every tool call certified or blocked before execution. Hash-chained audit trail. 43 patent claims.
Production infrastructure. Not a prototype.
PostgreSQL persistence, Prometheus observability, CycloneDX SBOM, GPG-signed artifacts, and Stripe-hosted billing. Built for enterprise procurement, not demo day.
Fly.io PostgreSQL Backend
StorageBackend trait with async PostgreSQL implementation via sqlx and connection pooling. Gateway auth, usage tracking, and hash-chained audit trail all backed by Postgres 16. SQLite fallback for local development.
/metrics Endpoint
Circuit breaker state gauge, cache hit/miss counters, WebSocket active connections, rate limiter utilization, and certification duration histograms. Native Prometheus text format. Grafana-ready from day one.
CycloneDX + GPG Signing
CycloneDX software bill of materials generated in CI. Release binaries GPG-signed. Docker image labels include SBOM reference. Meets enterprise security review requirements out of the box.
Stripe-Hosted Checkout
Usage-based billing via Stripe-hosted checkout — lower PCI scope, automatic 3DS, dunning sequences. Free tier → usage threshold → upgrade email → Stripe Checkout → Pro activation. Webhook-driven tier management.
Self-serve API for agentic safety certification.
OpenAPI 3.0 spec. Developer portal with interactive sandbox, playground, and full documentation. Usage-based pricing — pay per certification, not per seat. Constellation and FinRisk domains are available via custom engagements.
- 1,000 certifications/month
- 10 requests/second
- Full v2 API access
- Interactive sandbox
- Supplementary analysis included
- Community support
- 100,000 certifications/month
- 100 requests/second
- Full audit trail access
- Prometheus metrics endpoint
- Usage analytics dashboard
- Priority email support
- Unlimited certifications
- 1,000 requests/second
- Custom constraint channels
- CycloneDX SBOM + GPG-signed artifacts
- Dedicated support engineer
- On-premise deployment option
- SLA guarantees
pip install qae-safety
BSL-1.1 licensed kernel and agentic adapter (converts to Apache 2.0 in 2032). Three lines to certify an AI agent action. Full type stubs for IDE autocomplete. Extend with custom constraint channels.
from qae_safety import AgenticAdapter, certify_action # Initialize with budget and rate limits adapter = AgenticAdapter(budget_limit=100.0, rate_limit=50.0) # Certify before execution cert = certify_action( adapter, "send-email-42", "support-agent", deltas={"scope_score": 0.9, "sensitivity": 0.3} ) if cert.decision == "Certified": execute_action() # Safe to proceed
# Certify a portfolio position change curl -X POST https://api.qaesubstrate.com/api/v2/certify \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d '{ "portfolio": { "positions": [ {"asset": "AAPL", "quantity": 1000}, {"asset": "GOOGL", "quantity": 500} ] }, "market_data": { ... } }' # Returns: SafetyCertificate with decision, # margins, binding constraint, SHA-256 hash
6,000+ live satellites. 50 orbital classes. 82 milliseconds.
Real constellation parameters. 19 constraint channels across spectrum, thermal, routing, multi-operator, UNOOSA sustainability, and link budget. Live failure injection and sub-millisecond recovery.
Measured, not estimated
All benchmarks run on the production Rust engine with Criterion statistical validation. Real measurements, not theoretical projections.
| Metric | Result | Context |
|---|---|---|
| Full Constellation Solve | 82 ms | 6,000+ live satellites (CelesTrak), 50 orbital classes, 6 RF bands (Ku/Ka/V), 8-core parallel |
| Failure Recovery | 0.6 ms | Mid-constellation satellite failure, 3 affected classes re-solved incrementally |
| Combined Overlay | 19,584 sats | Live Starlink + synthetic 10K constellation, all managed, all nominal |
| Parallel Speedup | 6.0× | 8-core Rayon work-stealing scheduler |
| Constellation Channels | 19 channels | 5 core + 2 routing + 3 multi-operator + 4 UNOOSA sustainability + 5 link budget — all parallel |
| Risk Channel Evaluation | 5 channels | Market, credit, liquidity, concentration, regulatory capital — all parallel |
| Portfolio Certification | < 50ms | Full 5-channel constraint evaluation, binding-constraint decision, certificate generation |
| vs. Monte Carlo | 423× | Deterministic algebraic approach vs. statistical Monte Carlo simulation — same accuracy, no sampling variance |
| Agentic Certification | 5 channels | Budget, rate, scope, reversibility, data sensitivity — evaluated per agent action before execution |
| Supplementary Analysis | Enabled | Binding constraint detection + barrier certificate verification in every v2 response. Opaque terminology. |
| Test Coverage | 1,600+ | 1,200+ Rust + 400+ Python tests. All deterministic. CI pipeline: fmt → clippy → audit → test → integration → license check |
| Certificate Hashing | SHA-256 | Deterministic, pipe-delimited canonical form. BTreeMap ordering. Bit-identical across runs |
18–24 months and $3–5M to replicate internally
QAE Substrate is a production Rust engine with patent-pending architecture, validated benchmarks, and full claim traceability across two domains. The alternative is building it yourself.
Deterministic safety certification. Three domains. One kernel.
Start with the free tier — 1,000 certifications/month, full API access, interactive sandbox. For enterprise licensing, acquisition, or strategic integration, talk directly to the founder.