Limits Designed In, Not Bolted On
Each joint has a safety-rated force and speed envelope enforced in firmware below the application controller. Exceeding the envelope is treated as a fault, not a soft warning — the system halts and requires acknowledgement.
These limits are not the same as the operational limits the policy uses. The policy stays well inside the safety envelope; the safety envelope is the floor below which physical harm could occur.
Two-Channel by Default
The e-stop circuit is dual-channel with monitored contacts. A failure of one channel is detected at the next system check; a press of the e-stop in any state cuts motor power within milliseconds. This is the standard service-robot pattern; we are calling it out because it is non-negotiable for operator trust.
Detecting People in a Busy Bay
Wash bays have bystanders: operators, customers walking past, occasionally children. The safety classifier described in the latency post runs at higher rate than the main policy and has authority to preempt motion. Detected human presence inside the work envelope triggers a controlled stop with the arm held in a known-safe pose.
The Path Through ISO 13482
ISO 13482 is the international safety standard for personal-care robots and is the most relevant published standard for service robots that operate near people without a fixed safety enclosure. Our certification roadmap targets compliance against the relevant clauses for commercial service deployment. We will publish the certification scope when the work is complete; describing in-progress certification as if it were finished would be exactly the kind of overclaim this series is meant to avoid.
Download the safety brief
Visit handybot.ai →How natural-language operator instructions become a sequenced plan: Inspect → Pick → Sort → Vacuum → Wipe → Verify.