After an incident involving an autonomous platform – an autonomous vehicle, drone, or industrial robot – investigators must determine what the system observed and decided at the moment of failure. Today this evidence typically comes from a manufacturer-controlled event data recorder. Autonomy-Ledger produces a parallel co-signed, third-party-verifiable cassette assembled in real time as the platform operates.

Posture: 🟣 Red & Blue (dual-use)   ·   Status: alpha

What it does

Autonomy-Ledger is a meta-dossier – it doesn't add a new detection primitive, it ORCHESTRATES seven existing Bureau programs into a single signed envelope per autonomous-platform per mission. The composed substrates are EMBODIED-LEDGER (motor command vs sensor frame), ICARUS (drone C2 + RemoteID), IGNITION (CAN/UDS/ECU integrity), KNOB (BLE / Classic pairing integrity), HIVE (LoRaWAN / Zigbee / Z-Wave / Thread / Matter), CELESTE (GPS / GNSS spoof + time tamper), and EVIDENCE-LOCKER (court-admissible exhibit chain).

The program collects red dots from each substrate, clusters cross-program co-fires inside a tight 5-minute window for the same platform, and produces a single FRE-902 court-admissible black-box cassette per mission. The dossier shape inherits from Election-Day-Watch – the universal meta-dossier template.

Who would use it

A Waymo or Cruise fleet ops engineer instrumenting every ride with a per-mission black-box cassette that survives subpoena.
An FAA drone-incident investigator reconstructing the C2 + RemoteID + GPS chain-of-custody after a near-miss with manned aircraft.
A used-car insurer or DMV inspector verifying VIN + odometer + ECU calibration history before signing off on a sale or registration.
A robotics OEM (Boston Dynamics, Agility) attesting motor-command + sensor-frame integrity across a logistics robot's mission so warehouse customers can audit failures.
An autonomous-vehicle plaintiff's attorney establishing what the AV actually saw + did at the moment of an accident – without depending on the manufacturer's cooperation.

What you'll need

The Pluck CLI installed (npm i -g @sizls/pluck-cli).
For real deployment: at least two of the seven substrate Bureau programs running on the platform (alpha runs against synthesized PlatformDot inputs). The hardware bridges are per-substrate.
A peer GOSSIP node (Verified Robotics, SAE J3197 working group, your own backup-attestation node) so the dossier carries a k-of-n cosign quorum.

Step-by-step

Shell

pluck bureau autonomy-ledger demo

The demo synthesizes one platform claim ("VIN-WAYMOJWX-001, Waymo SF Fleet Ops") and four substrate-program dots – an EMBODIED-LEDGER motor-command mismatch, a CELESTE GPS spoof, an IGNITION ECU calibration drift, and a KNOB BLE downgrade – all within a 5-minute window for the same platform. The cross-program clustering math fires, a 1-of-1 GOSSIP cosign lands, and the dossier finalizes.

autonomy-ledger/demo: cross-program-incident=<digest16>… programs=celeste,embodied-ledger,ignition,knob dots=4 window=2026-04-28T15:42:00.000Z→2026-04-28T15:46:30.000Z severity=red
autonomy-ledger/demo: dossier=<digest16>… platform=VIN-WAYMOJWX-001 root=<root12>… incidents=5 cosigns=1 finalizedAt=…
autonomy-ledger/demo: single-program-incidents=4 cross-program-incidents=1 dossiers=1 notarized (stub)=1

Production CLI (init to register a mission, record to subscribe to substrate dot streams, finalize to ship the cassette, verify to check a published dossier) lands in a follow-up.

Run it yourself

Drop this into a Node 18+ project (npm install @sizls/pluck-bureau-autonomy-ledger @sizls/pluck-bureau-core tsx).

TypeScript

// index.ts
import { createHash } from "node:crypto";
import {
  createAutonomyLedgerSystem,
  digestCanonicalJson,
  dossierMerkleRoot,
  fingerprintPrivateKey,
} from "@sizls/pluck-bureau-autonomy-ledger";
import { generateOperatorKey } from "@sizls/pluck-bureau-core";

const flush = (n = 60) =>
  new Promise<void>((r) => {
    let i = 0;
    const tick = () => (++i >= n ? r() : setImmediate(tick));
    setImmediate(tick);
  });

async function main() {
  const op = generateOperatorKey();
  const peer = generateOperatorKey();
  const opFp = fingerprintPrivateKey(op.privateKeyPem);
  const peerFp = fingerprintPrivateKey(peer.privateKeyPem);

  const ledger = createAutonomyLedgerSystem({
    signingKey: op.privateKeyPem,
    quorumK: 1,
    disablePausePoll: true,
    disableLogging: true,
  });

  try {
    const claimSkeleton = {
      schemaVersion: 1 as const,
      platformId: "VIN-WAYMOJWX-001",
      operator: "Waymo SF Fleet Ops",
      missionStart: "2026-04-28T13:00:00.000Z",
      missionEnd: "2026-04-28T21:00:00.000Z",
      observedAt: "2026-04-28T12:55:00.000Z",
      operatorFingerprint: opFp,
    };
    ledger.claimPlatform({
      ...claimSkeleton,
      claimId: digestCanonicalJson(claimSkeleton),
      signature: "demo-sig",
    });

    for (const [program, t] of [
      ["embodied-ledger", "2026-04-28T15:42:00.000Z"],
      ["celeste", "2026-04-28T15:43:30.000Z"],
      ["ignition", "2026-04-28T15:45:00.000Z"],
      ["knob", "2026-04-28T15:46:30.000Z"],
    ] as const) {
      const dotBody = {
        schemaVersion: 1 as const,
        program,
        platformId: "VIN-WAYMOJWX-001",
        observedAt: t,
        severity: "red" as const,
        citation: `rekor:${program}:vin-waymojwx-001`,
      };
      ledger.observeDot({ ...dotBody, dotId: digestCanonicalJson(dotBody) });
    }
    await flush();

    const incidents = ledger.facts.incidents();
    const root = dossierMerkleRoot(
      incidents.filter((i) => i.platformId === "VIN-WAYMOJWX-001"),
      [],
    );
    const cosignBody = {
      schemaVersion: 1 as const,
      platformId: "VIN-WAYMOJWX-001",
      dossierRoot: root,
      peerFingerprint: peerFp,
      observedAt: "2026-04-28T22:00:00.000Z",
    };
    ledger.receiveCosign({
      ...cosignBody,
      cosignId: digestCanonicalJson(cosignBody),
      signature: "demo-sig",
    });
    await flush();

    const dossiers = ledger.facts.dossiers();
    for (const d of dossiers) {
      console.log(
        `dossier=${d.dossierId.slice(0, 16)}… platform=${d.platformId} incidents=${d.incidentIds.length} cosigns=${d.cosignIds.length}`,
      );
    }
  } finally {
    await ledger.shutdown();
  }
}

main().catch((err) => {
  console.error(err);
  process.exit(1);
});

Run with tsx index.ts. Expected output:

dossier=<id>… platform=VIN-WAYMOJWX-001 incidents=5 cosigns=1

▶ Open in StackBlitz – runs in your browser, no install required.

What you get

A PlatformClaim envelope per platform per mission containing the platformId (VIN, drone serial, robot UUID), operator label, mission window, and an operator signature. A unified PlatformDot envelope per substrate-program red dot. An IncidentExhibit envelope per single-program or cross-program incident. A GossipCosign envelope per peer cosign. An AutonomyDossier envelope per finalized mission, Merkle-rolled over the entire mission's signed surface. All Rekor-anchored.

Three classes of red-team proof:

single-program-incident – any of the 7 substrate programs emits a red dot for this platform.
cross-program-incident – 2+ DISTINCT substrate programs co-fire within a 5-minute INCLUSIVE window for the same platform; higher-priority cassette + auto-route to the appropriate safety regulator (NHTSA / FAA / OSHA).
dossier-finalized – end-of-mission Merkle-rolled signed envelope with k-of-n GOSSIP cosign quorum; fail-closed paused gate.

What it can't do

Real-time C2 takeover prevention. ICARUS does that. Autonomy-Ledger is post-hoc cassette assembly – it does not interrupt the platform mid-mission.
Per-frame computer-vision attestation at 60 Hz. The substrate (EMBODIED-LEDGER) handles per-frame attest; the meta-dossier attests the dot stream, not the pixels.
Replacement for a platform's own EDR. Autonomy-Ledger is a Bureau cassette that sits ALONGSIDE the OEM EDR – it does not replace federally-mandated Event Data Recorders.
Wholly-firmware-suppressed events. No Bureau program can attest what was never measured. If the substrate doesn't see the event, no cassette will name it.
Real Sigstore Rekor notarize integration is stubbed.

A real-world example

At 15:42 PT on April 28th, 2026, a Waymo Jaguar I-Pace, VIN VIN-WAYMOJWX-001, is mid-mission on a downtown San Francisco loop. The fleet operations engineer has the Autonomy-Ledger daemon running against the substrate stack. EMBODIED-LEDGER records a motor-command frame in which the steering output diverged from the world-model-predicted output by 11° over 280ms, outside the 3° envelope. CELESTE flags a GPS fix that contradicts the on-vehicle inertial dead-reckoning by 18m within a 0.4-second window, consistent with a GPS-spoofer near a parking garage the vehicle was passing. Two distinct substrate programs co-fire 90 seconds apart, inside the 5-minute window.

By 15:46:30, IGNITION has flagged an ECU calibration ID that does not match the OEM-attested SBOM-AI registry, and KNOB has flagged a downgraded LE-Legacy BLE pairing handshake on the infotainment system. Four substrate programs co-fire within a 4-minute, 30-second span. The cross-program incident escalates at priority 90.

At 21:00 the mission ends. A Verified Robotics node, an SAE J3197 working-group node, and the operator's own backup-attestation node each cosign over the dossier root. With 3-of-5 quorum reached, Autonomy-Ledger finalizes the dossier – Merkle-rolled over the platform claim, 4 cross-program incidents, and 3 cosigns – and routes an .intoto.jsonl cassette to NHTSA's Standing General Order EDR data portal at 21:14. NHTSA investigators receive verifiable exhibits aligned with the morning's incident report. Plaintiff's counsel in any subsequent litigation receives an FRE-902-compatible chain of custody.

For developers

Predicate URIs

URI	What it attests
`https://pluck.run/AutonomyLedger.PlatformClaim/v1`	Operator's signed declaration that they're ledgering platform X over mission Y.
`https://pluck.run/AutonomyLedger.IncidentExhibit/v1`	A red dot from any of the 7 substrate programs, OR a cross-program co-fire incident with multi-program citations.
`https://pluck.run/AutonomyLedger.Dossier/v1`	The end-of-mission Merkle-rolled signed envelope containing all incidents + cosigns for that platform.

The signed body never carries raw substrate payloads – only the upstream signed-body digest (the dotId) plus opaque citation strings. Passenger / pedestrian / bystander PII is redacted via redactBureauPayload before any body is signed.

Programs composed

EMBODIED-LEDGER – robot/AV/drone motor-command + sensor-frame attestation.
ICARUS – drone C2 + RemoteID authentication ledger.
IGNITION – automotive CAN/UDS/ECU integrity Bureau.
KNOB – Bluetooth pairing-integrity attestor (BLE + Classic).
HIVE – LoRaWAN / Zigbee / Z-Wave / Thread / Matter pairing forensics.
CELESTE – GPS / GNSS spoof + time-source tamper attestor.
Evidence-Locker – court-admissible deepfake + expert-witness AI disclosure.
Gossip – peer cross-attest so Pluck-Inc never holds singular keys.

Threat model + adversary

The adversary is a manufacturer or fleet operator whose interest is to reshape what the platform appears to have done at the moment of failure – between the time the substrate observed the event and the time investigators get the data. The protocol does not stop the manipulation – it produces a co-signed, Rekor-anchored cassette in real time so any later "we never saw that" claim can be cryptographically falsified.

What's stubbed (alpha)

Real subscription to live EMBODIED-LEDGER / ICARUS / IGNITION / KNOB / HIVE / CELESTE / EVIDENCE-LOCKER system instances. The alpha accepts unified-shape PlatformDot JSON inputs.
Production CLI surface (init / record / finalize / verify).
Studio routes.
dsseSign / notarizeAttestation Rekor integration is stubbed – the alpha "notarize" by appending to notarizedDossiers.
Real safety-regulator wiring (NHTSA Standing General Order, FAA UAS-incident, OSHA industrial-robot-incident channels) is logged-only.

Verify a published cassette