StasysOS is a deterministic safety kernel for autonomous systems. It provides trust-bounded rollback and bit-identical replay for platforms operating in GNSS-denied and comms-contested environments. It is designed for certification (SIL 2-3 / DAL C-B) and runs on embedded hardware from Cortex-M4 upward.

What evidence does StasysOS provide?

StasysOS provides comparative behavioral evidence across 800 deterministic runs, 8 scenarios, using a seeded PRNG for full reproducibility. Results show deterministic recovery outperforming standard failsafe baselines in GNSS-spoof scenarios: 100% DRC recovery rate vs 0% for standard failsafe. Results are verifiable live at drc.stasysos.eu.

How does StasysOS differ from a standard autopilot failsafe?

Standard failsafe systems act on degraded GNSS signals during spoofing — returning to a compromised 'home' position. StasysOS executes a trust-bounded rollback: returning to the last cryptographically-verified known-good position, then re-entering a validated mission segment. This is demonstrated not just in simulation but with comparative evidence across 8 distinct scenario types.

What is the Governed Autonomy Stack?

The Governed Autonomy Stack is a three-layer architecture: StasysOS provides the deterministic runtime safety kernel (floor), KiLU Authority provides external authorization and execution receipts, and AegisAI provides the deterministic control plane where LLMs suggest actions but the kernel decides. Each layer is independently verifiable.

Who operates StasysOS?

StasysOS is operated by KOHI BG LTD, based in Bulgaria. It is not an end-user product — it is positioned for integration by prime contractors or EU defence consortia under DG DEFIS / EDA frameworks. Contact: info@stasysos.eu

Regulatory Autonomy Layer

Deterministic Safety Kernel for Resilient Autonomous Operations

Predictable survivability in GNSS- and comms-denied environments. Designed for certification, auditability, and sovereign deployment.

View Comparative Evidence → Open Verification Environment

800 Deterministic runs

8 Scenarios

350/350 JS ↔ WASM parity

StasysOS is demonstrated not only through deterministic parity, but through comparative recovery behavior under degraded-condition simulation — showing where trust-bounded rollback outperforms standard failsafe policies in spoof-driven contested environments.

STASYS_V4 · COMPARATIVE EVIDENCE

$ stasys-sim --mode comparison --runs 800 09:14:02Z

INITIALIZING DETERMINISTIC ENGINE... [OK]

SEEDING PRNG: 0x4F29AC... [OK]

Standard Failsafe

0.0%

GNSS Spoof Recovery

StasysOS DRC

100.0%

GNSS Spoof Recovery

800/800 runs · 8 scenarios · seeded PRNG
5 DRC Advantage · 2 Parity · 1 Hard Limit

Evidence & Verification

Comparative Evidence Dashboard

Policy-level behavioral comparison: DRC vs standard failsafe baseline under spoof-driven contested conditions. 800 deterministic runs, seeded PRNG, reproducible by any reviewer.

8 scenarios: contested spoof, control, and hard-limit cases
Baseline outcome vs DRC outcome — narrative per scenario
Verdict column: DRC Advantage / Parity Case / Hard Limit
Live verification environment — same engine, bit-identical
Bit-identical replay from any snapshot

View Comparative Evidence → Open Live Verification Environment →

Simulation evidence only — not hardware-in-the-loop or field validation.

Technical Foundation

Determinism
by Design

StasysOS is not an autopilot. It's the safety layer that decides if flying should continue — independent of mission logic.

When navigation is compromised, standard failsafe policies act on degraded signals. DRC (Dynamic Recovery Core) does not return-to-home — it returns-to-trust: executing a bounded rollback to the last known-good breadcrumb and re-entering a verified mission segment.

✓

JS === WASM Parity Identical behavior across TypeScript and Rust implementations — 350/350 verified

✓

Trust-Bounded Rollback Returns to last known-good position, not assumed-safe position

✓

Embedded Ready 64KB RAM, 128KB Flash — runs on Cortex-M4

✓

Certification Path Designed for SIL 2–3 / DAL C–B compliance

determinism.proof

// Same seed → Same output. Always.
const seed = 0x4F29AC;

// Run 1 — JavaScript engine
const trace1 = simulate(seed);
// traceId: 64ab5883

// Run 2 — WASM / Rust kernel
const trace2 = wasm_simulate(seed);
// traceId: 64ab5883

✓ PARITY MATCH — 350 / 350 ticks
// DIV_TICK: —    JS === WASM
// Verified live: drc.stasysos.eu

Governed Autonomy Stack

A Layered Architecture for Governed Execution

Policy boundary → Authorization → Runtime safety

Policy Layer

AegisAI

Deterministic control plane. LLMs suggest — the kernel decides. Cryptographic chain of custody for every action.

aegisai.systems →

Authorization

KiLU Authority

External authorization layer. Verifiable execution receipts and intent-based authorization primitives for governed execution.

kilu.network →

You are here

Runtime Layer

StasysOS

Deterministic safety kernel. Trust-bounded rollback, bit-identical replay. The floor on which policy executes.

stasysos.eu

Active Kernel

Applications

Where StasysOS Operates

Defense & Security

Contested environments with GPS jamming and EW threats

Infrastructure Inspection

Autonomous pipeline, bridge, and power line surveys

Logistics & Delivery

Last-mile delivery in urban canyons and RF-challenged areas

Critical Infrastructure

Safety-critical monitoring where reliability is non-negotiable

Institutional Inquiries

Strategic & Institutional Contact

For institutional partnership discussions, integration inquiries, or strategic alignment under EU defence frameworks (DG DEFIS / EDA). Not positioned as an end-user product — integration by prime contractors or EU defence consortia.

✉

Email info@stasysos.eu

Comparative Evidence → AegisAI → KiLU Authority →

Institutional & Technical Inquiry

For direct technical engagement, NDA discussions, or integration pathway alignment. Response within 2 business days.

info@stasysos.eu →

NDA available on request.
Prepared for institutional review under DG DEFIS / EDA frameworks.