sl-controls
4dd52b47dc
Safety systems implementation: IWDG Hardware Watchdog (50ms timeout, config.h WATCHDOG_TIMEOUT_MS): - safety_init() configures IWDG at PSC/32 (0.8ms tick), reload=62 - safety_refresh() must be called every loop iteration - Cannot be disabled once started — MCU resets if loop hangs - Started after 3s USB init delay (avoids spurious startup reset) Arm Hold Interlock (3s, config.h ARMING_HOLD_MS): - Arm command starts a hold timer, not immediate motor enable - Motors only enable after ARMING_HOLD_MS consecutive hold - Disarm or tilt > 10° cancels pending arm - Prevents accidental arm from single keypress Tilt Fault Alert: - safety_alert_tilt_fault() fires one-shot buzzer on TILT_FAULT edge - Rider hears alarm when tilt cutoff triggers - Edge-detected (buzzer only fires once per fault event) RC Timeout (infrastructure): - safety_rc_alive() checks crsf_state.last_rx_ms vs RC_TIMEOUT_MS - RC disarm wired but guarded (no CRSF yet) — remove guard when wired - Compatible with future CRSF implementation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>