feat: remote e-stop over 4G MQTT — safety-critical motor kill for outdoor autonomous #63

New Issue

Closed

opened 2026-03-01 00:35:58 -05:00 by sl-firmware · 1 comment

sl-firmware commented 2026-03-01 00:35:58 -05:00

Collaborator

Copy Link

Problem

SaltyBot is going outdoor autonomous (SIM7600X 4G, issue #58). We need a remote kill switch that an operator or automated system can trigger over cellular to cut motors immediately.

Requirements

STM32 firmware

• New CDC command E — immediate motor disable, latch ESTOP_REMOTE
• New CDC command Z — clear remote estop (still requires RC arm hold to re-arm)
• estop_state enum in safety.c: ESTOP_CLEAR=0, ESTOP_TILT=1, ESTOP_RC_KILL=2, ESTOP_REMOTE=3, ESTOP_CELLULAR_TIMEOUT=4
• Motor cutoff is immediate — bypass PID, zero PWM, latch flag
• LED: fast blink (200ms) during ESTOP_REMOTE / ESTOP_CELLULAR_TIMEOUT
• Re-arm: explicit Z clear + RC arm hold — cannot re-arm from MQTT alone

Jetson bridge (ROS2 node)

• Subscribe MQTT saltybot/estop
• {"kill":true} → send E\n to STM32 immediately
• {"kill":false} → send Z\n (still requires RC re-arm)
• Cellular watchdog: if 4G drops >5s during AUTONOMOUS mode → auto-estop (ESTOP_CELLULAR_TIMEOUT)

Telemetry

• Add "es" field to JSON: 0=clear, 1=tilt, 2=rc_kill, 3=remote, 4=cellular_timeout
• Web UI: red REMOTE E-STOP banner when es≥3

Config

• estop_params.yaml — mqtt_topic, cellular_timeout_s, auto_estop_on_disconnect

Safety rules

• Motor cutoff IMMEDIATE — no ramp, no delay, no confirmation
• Latch: once estopped, motors stay dead until explicit clear + RC arm
• Defense in depth: layer 4 (after IWDG, tilt, RC kill)
• Target latency: <500ms end-to-end (MQTT publish → motor zero)

Acceptance

• E\n over serial cuts motors, es=3 in telemetry
• Z\n clears latch, normal re-arm works
• Watchdog fires after 5s 4G drop during AUTO mode → es=4
• LED blinks fast (200ms) during remote estop
• Cannot re-arm via MQTT alone

## Problem SaltyBot is going outdoor autonomous (SIM7600X 4G, issue #58). We need a remote kill switch that an operator or automated system can trigger over cellular to cut motors immediately. ## Requirements ### STM32 firmware - New CDC command `E` — immediate motor disable, latch `ESTOP_REMOTE` - New CDC command `Z` — clear remote estop (still requires RC arm hold to re-arm) - `estop_state` enum in safety.c: `ESTOP_CLEAR=0`, `ESTOP_TILT=1`, `ESTOP_RC_KILL=2`, `ESTOP_REMOTE=3`, `ESTOP_CELLULAR_TIMEOUT=4` - Motor cutoff is **immediate** — bypass PID, zero PWM, latch flag - LED: fast blink (200ms) during `ESTOP_REMOTE` / `ESTOP_CELLULAR_TIMEOUT` - Re-arm: explicit `Z` clear + RC arm hold — cannot re-arm from MQTT alone ### Jetson bridge (ROS2 node) - Subscribe MQTT `saltybot/estop` - `{"kill":true}` → send `E\n` to STM32 immediately - `{"kill":false}` → send `Z\n` (still requires RC re-arm) - Cellular watchdog: if 4G drops >5s during AUTONOMOUS mode → auto-estop (`ESTOP_CELLULAR_TIMEOUT`) ### Telemetry - Add `"es"` field to JSON: 0=clear, 1=tilt, 2=rc_kill, 3=remote, 4=cellular_timeout - Web UI: red REMOTE E-STOP banner when `es≥3` ### Config - `estop_params.yaml` — mqtt_topic, cellular_timeout_s, auto_estop_on_disconnect ## Safety rules - Motor cutoff **IMMEDIATE** — no ramp, no delay, no confirmation - Latch: once estopped, motors stay dead until explicit clear + RC arm - Defense in depth: layer 4 (after IWDG, tilt, RC kill) - Target latency: <500ms end-to-end (MQTT publish → motor zero) ## Acceptance - [ ] `E\n` over serial cuts motors, `es=3` in telemetry - [ ] `Z\n` clears latch, normal re-arm works - [ ] Watchdog fires after 5s 4G drop during AUTO mode → `es=4` - [ ] LED blinks fast (200ms) during remote estop - [ ] Cannot re-arm via MQTT alone

seb closed this issue 2026-03-01 00:41:28 -05:00

seb commented 2026-03-01 00:41:28 -05:00

Owner

Copy Link

Duplicate of #60. Closing.

Duplicate of #60. Closing.

sl-webui referenced this issue from a commit 2026-03-01 00:57:02 -05:00

feat(safety): remote e-stop over 4G MQTT (Issue #63)

sl-firmware referenced a pull request that will close this issue 2026-03-01 00:57:22 -05:00

feat(safety): remote e-stop over 4G MQTT (Issue #63) #69

sl-webui referenced this issue from a commit 2026-03-01 04:55:59 -05:00

feat(safety): remote e-stop over 4G MQTT (Issue #63)

sl-jetson referenced this issue from a commit 2026-03-01 04:59:00 -05:00

Merge pull request 'feat(safety): remote e-stop over 4G MQTT (Issue #63)' (#69) from sl-firmware/remote-estop into main

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

sl-firmware/ota-esp32

sl-perception/bd-1hyn-orin-autostart

sl-jetson/bd-9kod-ota-ci

sl-firmware/bd-66hx-esp32-uart-orin

sl-perception/bd-p47c-here4-can-gps

sl-perception/bd-wim1-orin-uart-esp32

sl-jetson/here4-dronecan-driver

serkan/parking-marking

max/fix-anchor-dst-filter

sl-jetson/issue-681-wss-rosbridge

sl-jetson/issue-681-ios-gps-bridge

sl-webui/fix-tracker-rename

sl-webui/issue-681-ios-gps-rosbridge

sl-webui/issue-681-fix-gps-topics

sl-firmware/cleanup-legacy-hw

sl-mechanical/cleanup-legacy-hw

sl-controls/esp32-can-bridge-update

sl-uwb/saul-tee-system-reference

sl-perception/cleanup-legacy-hw

sl-webui/esp32-final-rename

sl-android/cleanup-legacy-hw

sl-firmware/arch-esp32-migration

sl-webui/esp32-protocol-specs

sl-webui/issue-709-gps-tracker

sl-perception/issue-696-slam-map-persistence

sl-webui/robot-gps-map

salty/uwb-tag-display-wireless

sl-firmware/issue-694-can-watchdog

sl-controls/issue-693-pid-tuning

sl-uwb/issue-698-anchor-discovery

sl-mechanical/issue-699-vesc-mount

sl-jetson/issue-695-can-e2e-test

sl-webui/issue-697-websocket-bridge

sl-android/issue-700-ble-pairing-ui

sl-uwb/issue-690-tag-ble-config

sl-uwb/issue-689-tag-power-mgmt

sl-firmware/issue-672-bme280-baro-temp

sl-firmware/issue-682-hw-button

sl-webui/issue-681-can-monitor

sl-jetson/issue-651-vesc-health

sl-firmware/issue-658-diagnostics-aggregator

sl-controls/issue-652-smooth-velocity

sl-perception/issue-646-vesc-odometry

sl-controls/issue-644-vesc-can-driver

sl-jetson/issue-643-canable-bringup

sl-controls/issue-667-configurable-can-ids

sl-jetson/issue-681-vesc-telemetry-publish

sl-jetson/issue-683-read-cb-fix

sl-jetson/issue-674-can-bus-orin

sl-firmware/issue-597-can-driver

sl-firmware/issue-678-pitch-threshold

sl-jetson/issue-669-vesc-topic-fix

sl-perception/issue-655-nav2-integration

sl-uwb/issue-657-geofence-speed-limit

sl-webui/issue-653-vesc-panel

sl-android/issue-656-vesc-mqtt-relay

sl-mechanical/issue-654-canable-mount

sl-firmware/issue-645-vesc-telemetry

sl-firmware/vesc-uart-transport

sl-jetson/issue-631-system-monitor

sl-controls/issue-632-encoder-odom

sl-uwb/issue-634-uwb-logger

sl-firmware/issue-629-uart-protocol

sl-perception/issue-627-aruco-docking

sl-webui/issue-630-main-dashboard

sl-android/issue-633-voice-commands

sl-mechanical/issue-628-cable-tray

sl-firmware/issue-613-battery-voltage

sl-jetson/issue-615-bag-recorder

sl-controls/issue-616-steering-pid

sl-perception/issue-611-obstacle-detect

sl-webui/issue-614-settings-panel

sl-uwb/issue-618-espnow-relay

sl-android/issue-617-waypoint-logger

sl-mechanical/issue-612-jetson-mount

sl-controls/issue-600-slope-compensation

sl-uwb/issue-602-anchor-calibration

sl-jetson/issue-599-nav2-uwb

sl-perception/issue-595-pose-fusion

sl-android/issue-601-mqtt-ros2-bridge

sl-mechanical/issue-596-rplidar-mount

sl-webui/issue-598-gamepad-teleop

sl-firmware/issue-565-fault-handler

sl-controls/issue-584-motor-current

sl-perception/issue-586-visual-odom

sl-android/issue-585-video-bridge

sl-webui/issue-587-map-view

sl-uwb/issue-merge-uwb-tag-display

sl-mechanical/issue-588-battery-holder

sl-mechanical/issue-564-uwb-anchor-mount

sl-jetson/issue-577-bringup-launch

sl-uwb/issue-573-uwb-imu-fusion

sl-perception/issue-575-safety-zone

sl-webui/issue-576-event-log

sl-android/issue-574-sensor-dashboard

sl-controls/issue-550-pid-scheduling

sl-uwb/issue-545-tag-firmware

sl-jetson/issue-566-health-monitor

sl-uwb/issue-544-anchor-firmware

sl-perception/issue-546-uwb-ros2

sl-webui/issue-562-diagnostics

sl-android/issue-545-uwb-tag

sl-mechanical/issue-561-rplidar-mount

sl-firmware/issue-547-gimbal-servo

sl-jetson/issue-548-gimbal-ros2

sl-webui/issue-551-gimbal-webui

sl-perception/issue-549-head-tracking

sl-mechanical/issue-552-gimbal-mount

sl-android/issue-553-voice-command

sl-jetson/issue-503-audio-pipeline

sl-controls/issue-533-battery-adc

sl-firmware/issue-531-pid-autotune

sl-perception/issue-532-depth-costmap

sl-webui/issue-534-teleop-webui

sl-mechanical/issue-535-phone-mount

sl-android/issue-536-flash-script

sl-firmware/issue-520-imu-calibration

sl-webui/issue-504-integration-tests

sl-android/issue-521-esc-debug-cleanup

sl-jetson/issue-523-motor-daemon

sl-controls/issue-522-usart6-truncation

sl-mechanical/issue-524-usb-cdc-tx

sl-perception/issue-469-terrain-classification

sl-controls/issue-506-launch-profiles

sl-android/issue-513-phone-joystick

sl-firmware/issue-512-autonomous-arming

sl-mechanical/issue-505-charging-dock

sl-jetson/issue-502-headscale-vpn

sl-firmware/issue-503-audio-pipeline

sl-webui/issue-491-voice-router

sl-controls/issue-489-docking

sl-firmware/issue-488-bag-recording

sl-perception/issue-490-sensor-fusion

sl-jetson/issue-492-ota-update

sl-controls/issue-475-nav2-config

sl-android/issue-493-person-following

sl-mechanical/issue-494-tts-personality

sl-firmware/issue-480-map-persistence

sl-jetson/issue-477-urdf

sl-webui/issue-482-behavior-tree

sl-perception/issue-478-costmaps

sl-mechanical/issue-479-recovery-behaviors

sl-android/issue-483-monitoring-dashboard

sl-controls/issue-467-power-mgmt

sl-perception/issue-468-object-detection

sl-android/issue-470-curiosity

sl-webui/issue-471-param-server

sl-jetson/issue-473-event-logger

sl-webui/issue-453-obstacle-map

sl-jetson/issue-456-photo-capture

sl-android/issue-458-wifi-handoff

sl-perception/issue-454-gestures

sl-controls/issue-455-smooth-velocity

sl-firmware/issue-459-estop

sl-mechanical/issue-457-sound-effects

sl-jetson/issue-447-full-launch

sl-firmware/issue-445-diagnostics

sl-controls/issue-441-geofence

sl-mechanical/issue-444-night-mode

sl-webui/issue-443-social-memory

sl-perception/issue-442-weather

sl-android/issue-446-patrol

sl-android/issue-420-termux-openclaw

sl-mechanical/issue-432-led-controller

sl-jetson/issue-431-tricks

sl-webui/issue-429-emotion-engine

sl-perception/issue-430-audio-direction

sl-controls/issue-433-gamepad-teleop

sl-firmware/issue-408-health-monitor

sl-controls/issue-422-nav2-slam

sl-jetson/issue-424-remote-monitor

sl-perception/issue-423-multi-person

sl-mechanical/issue-421-tts-service

sl-webui/issue-413-sensor-hud

sl-webui/issue-412-ops-dashboard

sl-mechanical/issue-410-auto-dock

sl-perception/issue-409-voice-commands

sl-controls/issue-407-vesc-balance

sl-jetson/issue-411-bag-recording

sl-mechanical/issue-400-encounter-queue

sl-firmware/issue-400-encounter-enrollment

sl-jetson/issue-400-encounter-launch

sl-perception/issue-393-real-wake-word

sl-webui/issue-400-encounter-ui

sl-controls/issue-394-face-bridge

sl-webui/issue-392-meshpeer-fix

sl-perception/issue-393-wake-word

sl-firmware/issue-364-obstacle-avoidance

sl-webui/issue-371-accessibility

sl-mechanical/issue-300-watchdog

sl-perception/issue-366-follow-me

sl-firmware/issue-388-esc-abstraction

sl-firmware/fix-bno055-include

sl-controls/issue-384-pan-tilt

sl-controls/issue-383-vesc

sl-controls/issue-337-build-fix

sl-firmware/issue-337-build-fix

sl-controls/issue-371-accessibility

sl-webui/issue-370-salty-face

sl-perception/issue-325-battery-coulomb

sl-jetson/issue-362-uart-verify

sl-webui/issue-374-cage-kiosk

sl-controls/issue-364-lidar-avoidance

sl-perception/issue-375-camera-power-modes

sl-perception/issue-350-velocity-ramp

sl-webui/issue-369-display-setup

sl-perception/issue-365-uwb-tracking

sl-perception/issue-363-person-tracking

sl-perception/issue-359-face-emotion

sl-perception/issue-353-audio-scene

sl-jetson/issue-355-sysmon

sl-webui/issue-354-settings

sl-perception/issue-348-obstacle-size

sl-webui/issue-349-camera-viewer

sl-jetson/issue-332-rosbag-recorder

sl-perception/issue-342-hand-tracking

sl-webui/issue-344-hand-viz

sl-perception/issue-339-path-edges

sl-webui/issue-340-diagnostics

sl-perception/issue-326-obstacle-velocity

sl-controls/issue-333-pure-pursuit

sl-webui/issue-329-import-fix

sl-perception/issue-322-person-reid

sl-mechanical/issue-325-coulomb-counter

sl-jetson/issue-320-camera-hotplug

sl-controls/issue-321-battery-speed

sl-webui/issue-319-teleop

sl-mechanical/issue-185-phone-mount

sl-perception/issue-184-wheel-odom

sl-mechanical/issue-301-dust-cover

sl-jetson/wake-word-detect

sl-controls/velocity-smooth-filter

sl-webui/node-list-viewer

sl-jetson/issue-310-personal-space

sl-perception/issue-307-sky-detect

sl-webui/issue-308-temp-gauge

sl-controls/issue-309-gain-schedule

sl-perception/issue-296-terrain-rough

sl-firmware/issue-300-watchdog

sl-jetson/issue-299-topic-memory

sl-webui/issue-297-motor-graph

sl-controls/issue-298-geofence

sl-firmware/issue-290-rgb-fsm

sl-jetson/issue-289-volume-adjust

sl-perception/issue-286-blur-detect

sl-webui/issue-287-bandwidth

sl-controls/issue-288-cliff-stop

sl-mechanical/issue-264-cable-clips

sl-jetson/issue-279-face-track-servo

sl-webui/issue-280-battery-chart

sl-controls/issue-278-imu-cal

sl-perception/issue-274-color-segment

sl-controls/issue-262-wheel-slip

sl-webui/issue-275-log-viewer

sl-jetson/issue-270-greeting-trigger

sl-perception/issue-268-depth-holes

sl-webui/issue-269-status-header

sl-firmware/issue-263-fan-pwm

sl-webui/issue-261-waypoint-editor-fix

sl-perception/issue-260-vo-drift

sl-jetson/issue-252-ambient-sound

sl-firmware/issue-253-buzzer

sl-perception/issue-249-floor-classifier

sl-webui/issue-250-map-viewer

sl-mechanical/issue-254-rain-shield

sl-controls/issue-251-battery-speed

sl-jetson/issue-242-vad

sl-controls/issue-241-smooth-accel

sl-firmware/issue-243-ultrasonic

sl-webui/issue-240-conversation-history

sl-perception/issue-239-lidar-clustering

sl-webui/issue-234-audio-meter

sl-perception/issue-233-qr-reader

sl-controls/issue-235-compass

sl-perception/issue-227-landmark-smooth

sl-controls/issue-228-cmd-vel-mux

sl-webui/issue-229-pose-viewer

sl-controls/issue-223-motor-protection

sl-perception/issue-221-pointing

sl-webui/issue-222-network

sl-firmware/issue-214-ina219

sl-perception/issue-211-height-filter

sl-controls/issue-216-odom-fusion

sl-controls/issue-213-autotune

sl-webui/issue-212-joystick

sl-mechanical/issue-195-gopro-mount

sl-firmware/issue-206-servo

sl-perception/issue-201-person-reid

sl-jetson/issue-205-thermal

sl-controls/issue-203-watchdog

sl-controls/issue-194-speed-limiter

sl-jetson/issue-171-mesh-comms

sl-perception/issue-198-camera-health

sl-perception/issue-191-apriltag

sl-firmware/issue-193-led-driver

sl-jetson/issue-161-emotion

sl-perception/issue-190-depth-filter

sl-jetson/issue-167-multilang

sl-firmware/issue-178-power-mgmt

sl-webui/issue-183-battery-chart

sl-webui/issue-177-camera-viewer

sl-perception/issue-176-dynamic-obstacles

sl-controls/issue-169-emergency

sl-mechanical/issue-170-payload-bay

sl-perception/issue-168-night-vision

sl-firmware/issue-143-audio-amp

sl-webui/issue-160-settings

sl-controls/issue-158-docking

sl-perception/issue-157-visual-odom

sl-mechanical/issue-159-charging-dock

sl-jetson/issue-140-gestures

sl-webui/issue-145-mission-planner

sl-controls/issue-142-terrain

sl-perception/issue-141-scene-understanding

sl-mechanical/issue-144-weatherproofing

sl-firmware/issue-124-ota

sl-mechanical/issue-138-sensor-rail

sl-firmware/issue-135-bno055

sl-webui/issue-139-fleet-dashboard

sl-controls/issue-136-adaptive-pid

sl-jetson/issue-137-voice-commands

sl-perception/issue-134-multi-robot-slam

sl-jetson/issue-125-battery-management

sl-firmware/issue-120-serial-protocol

sl-mechanical/issue-121-tank-chassis

sl-webui/issue-126-telemetry-dash

sl-perception/issue-123-map-persistence

sl-jetson/issue-119-cmd-protocol

sl-controls/issue-122-tank-driver

sl-controls/issue-110-rover-driver

sl-jetson/issue-108-integration-tests

sl-mechanical/issue-109-rover-chassis

sl-perception/issue-105-equirect

sl-controls/issue-104-mode-switch

sl-perception/issue-106-calibration

sl-webui/issue-107-dashboard

sl-firmware/issue-103-crsf-rc

sl-jetson/social-speech-llm-tts

sl-jetson/social-orin-dev

sl-controls/tracking-fusion

sl-controls/social-personality

sl-firmware/social-expression

sl-perception/social-enrollment

sl-perception/social-face-detection

sl-firmware/uwb-integration

sl-perception/social-nav

sl-perception/social-person-state

sl-firmware/remote-estop

saltyrover-dev

sl-mechanical/rover-chassis

sl-jetson/sidewalk-segmentation

sl-controls/rover-drive

sl-perception/route-record-replay

sl-jetson/full-stack-launch

sl-firmware/web-ui-overhaul

sl-webui/issue-43-ui-overhaul

sl-firmware/gyro-recal-button

sl-firmware/crsf-elrs

sl-firmware/robot-3d-model

sl-firmware/yaw-fix

sl-perception/orin-slam-update

sl-jetson/command-protocol

sl-controls/mode-switch

sl-firmware/bme280-full

sl-firmware/branch-strategy

saltylab

saltylab-dev

saltyrover

saltytank

saltytank-dev

sl-firmware/mag-baro-detect

sl-firmware/status-leds

sl-controls/gyro-calibration

sl-mechanical/prototype-baseplate

sl-firmware/fix-axis-orientation

sl-controls/motor-driver

sl-perception/bd-a2j-sensor-drivers

sl-jetson/stm32-serial-bridge

sl-firmware/fix-orientation-telemetry

sl-firmware/bd-3ulu-usb-dcache-fix

sl-controls/bd-3qh-safety-systems

sl-controls/bd-18i-pid-tuning

sl-controls/bd-2dv-imu-fusion

sl-jetson/bd-1hcg-jetson-platform

sl-mechanical/bd-1iy5-chassis-frame

sl-firmware/bd-1lo-usb-cdc-fix

sl-perception/bd-wax-slam-setup

No results found.

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

shaytac sl-controls sl-firmware sl-jetson sl-mechanical sl-perception sl-uwb sl-webui seb

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: seb/saltylab-firmware#63

No description provided.