---
active: true
derived: false
header: 'Safety Manager'
level: 1.1
normative: true
reviewed: null
links:
  - SWE-007
  - SWE-008
  - SWE-009
  - SWE-010
  - SWE-011
  - SWE-012
asil: D
---

# SWA-001: Safety Manager

## Verantwortung

Hoechste Sicherheitsschicht. Erkennt Motor-Aus, aktiviert Hill-Hold,
triggert Auto-Apply. Lebenswichtige Logik mit redundanter Pruefung.

## Statische Sicht

```plantuml
@startuml
package "Safety Manager" {
  [Engine State Monitor]
  [Hill-Hold Logic]
  [Auto-Apply Logic]
}
[Safety Manager] ..> [Apply Controller] : Apply-Anforderung
[Wheel Speed Plausi] --> [Safety Manager] : v_vehicle
[Inclinometer Filter] --> [Safety Manager] : grade
@enduml
```

## Schnittstellen (Provided)

```c
Status safety_mgr_init(void);
void   safety_mgr_step_50ms(const SafetyInputs* in);
```

## Dynamisches Verhalten

```plantuml
@startuml
[*] --> Idle
Idle --> HillHoldArmed : grade>5% & v=0 & brake
HillHoldArmed --> HillHoldActive : brake released
HillHoldActive --> Idle : v>2 km/h
Idle --> AutoApplyArmed : engine_off & v=0
AutoApplyArmed --> AutoApplyTriggered : t>=2s
AutoApplyTriggered --> Idle : applied
@enduml
```

## Ressourcen

- Stack: <= 256 B
- Worst-Case Timing: 200 us / Aufruf

## Mapping auf Anforderungen

| Anforderung | Wie abgedeckt |
|-------------|---------------|
| SWE-007 | engine_off + v<0.5 in step_50ms |
| SWE-008 | 2s-Filter und Trigger |
| SWE-009 | Hill-Hold-Aktivierung |
| SWE-010 | Brake-Released-Detektion |