---
active: true
derived: false
header: 'Safety Manager'
level: 1.1
normative: true
reviewed: null
links:
  - SWE-007
  - SWE-008
  - SWE-009
  - SWE-010
  - SWE-011
  - SWE-012
asil: D
---

# SWA-001: Safety Manager

## Responsibility

Highest safety layer. Detects engine-off, activates hill-hold,
triggers auto-apply. Life-critical logic with redundant checks.

## Static view

```plantuml
@startuml
package "Safety Manager" {
  [Engine State Monitor]
  [Hill-Hold Logic]
  [Auto-Apply Logic]
}
[Safety Manager] ..> [Apply Controller] : apply request
[Wheel Speed Plausi] --> [Safety Manager] : v_vehicle
[Inclinometer Filter] --> [Safety Manager] : grade
@enduml
```

## Provided interfaces

```c
Status safety_mgr_init(void);
void   safety_mgr_step_50ms(const SafetyInputs* in);
```

## Dynamic behaviour

```plantuml
@startuml
[*] --> Idle
Idle --> HillHoldArmed : grade>5% & v=0 & brake
HillHoldArmed --> HillHoldActive : brake released
HillHoldActive --> Idle : v>2 km/h
Idle --> AutoApplyArmed : engine_off & v=0
AutoApplyArmed --> AutoApplyTriggered : t>=2s
AutoApplyTriggered --> Idle : applied
@enduml
```

## Resources

- Stack: <= 256 B
- Worst-case timing: 200 us per call

## Mapping to requirements

| Requirement | How covered |
|-------------|-------------|
| SWE-007 | engine_off + v<0.5 in step_50ms |
| SWE-008 | 2 s filter and trigger |
| SWE-009 | hill-hold activation |
| SWE-010 | brake-released detection |