A safety-first engineering treatment of an affordable open-source autonomous mobile robot — mobile base + dual robotic arms + adjustable linear lift, with LiDAR SLAM navigation, depth-camera perception, autodocking and wireless charging.
This repository pairs an open-source AMR platform with a full concept-phase safety engineering
package: a multi-standard safety case, a design FMEA, a traced requirements baseline, an
architecture description, and a V-model test plan. The engineering work lives in safety/
and is the focus of this repository.
This repository does not certify OpenAMR as safe to deploy. It is a concept-stage platform: several safety-critical subsystems — the carrier PCB, the hub-motor drivetrain, dual-arm integration, autodocking and wireless charging, and ML-based computer vision — are still on the roadmap. No HARA, FMEA, ISO 13849-2 validation report, ISO 3691-4 stopping-distance test data, ISO/TS 15066 power-and-force-limiting (PFL) measurements, or IEC 61496 LiDAR-scanner validation have been published upstream.
Provisional acceptance applies only to OE-1 — R&D / lab, supervised, in a bounded test area, with no bystanders. Operation in intralogistics or any shared, human-occupied space is BLOCKED pending closure of the high-severity gaps tracked in the safety-case workbook.
Mobile robots that drive autonomously near people, and that carry two arms on a height-adjustable lift, sit at the intersection of several safety regimes — driverless industrial trucks, industrial mobile robots, collaborative robot arms, and electro-sensitive protective equipment. An affordable open-source platform makes that capability widely accessible, which makes a rigorous, honest safety treatment valuable before anyone runs one near people.
This repository provides that treatment: it identifies the hazards, derives the safety functions, analyses the failure modes, writes the requirements, describes the architecture, plans the verification, and — most importantly — states plainly what is not yet proven.
Everything below lives in safety/. Start with safety/README.md
for the full index and reading order.
| Artefact | What it is |
|---|---|
OpenAMR_Safety_Case.xlsx |
15-tab safety case — item definition, 41-hazard catalogue, HARA, system FMEA, functional safety concept (46 safety functions), GSN argument, evidence + gap registers (29 gaps) |
OpenAMR_Safety_Case_Report.docx |
Narrative safety case |
OpenAMR_Safety_Case_Summary.pdf |
2-page executive summary |
OpenAMR_DFMEA.xlsx |
AIAG-VDA 2019 Design FMEA — 33 failure modes (20 High Action-Priority) |
OpenAMR_Requirements.xlsx |
SyRS + SRS + HwRS — 117 requirements (58 safety, 6 cyber), bidirectionally traced |
OpenAMR_Architecture.docx |
Five architectural views with embedded diagrams |
OpenAMR_TestPlan.xlsx |
V-model test plan — 153 cases, with ISO 13849-2 and standards V&V matrices |
OpenAMR_Trace_Memo.docx |
Cross-package traceability verification |
OpenAMR_Engineering_Bundle.pdf |
Single-file stakeholder bundle |
| Item | Count |
|---|---|
| Hazards catalogued | 41 |
| Safety functions (FSC) | 46 |
| Standards-clauses examined | 28 |
| Open gaps | 29 (9 Very-High · 12 High · 8 Med) |
| Requirements (SyRS + SRS + HwRS) | 117 |
| DFMEA failure modes | 33 (20 High Action-Priority) |
| Test cases | 153 |
| Standard | Role in this analysis |
|---|---|
| ISO 12100:2010 | Master risk-assessment method |
| ISO 3691-4:2023 | Driverless industrial trucks — primary standard for the mobile base |
| ANSI/RIA R15.08-1:2020 | Industrial mobile robots — the combined base + manipulator system |
| ISO 10218-1/-2:2011 | Industrial robot safety — the dual arms |
| ISO/TS 15066:2016 | Collaborative robots — power-and-force-limiting (PFL) |
| ISO 13849-1:2023 / -2:2012 | Safety-related parts of control systems — PL determination & validation |
| IEC 61496-1/-3:2020 | Electro-sensitive protective equipment — the LiDAR safety scanner |
| ISO 13855:2010 | Positioning of safeguards w.r.t. approach speeds |
| IEC 60204-1:2018 | Electrical equipment of machines |
| ISO 9001:2015 | Quality management — design control, NCR, CAR |
| IEC 62133-2 / IEC 61980 (ref.) | Li-ion battery safety; wireless power transfer |
| EU 2023/1230 (ref.) | EU Machinery Regulation — conformity framework |
| ISO/IEC/IEEE 29148 / 42010 | Requirements engineering; architecture description |
| Operating envelope | Acceptance | Reason |
|---|---|---|
| OE-1 R&D / lab — supervised, bounded test area, no bystanders | Provisional YES | Trained researcher, no bystanders, low hazard profile |
| OE-2 Light intralogistics | Not yet — 14 gaps | Speed/brake data, validated scanner and zoning required |
| OE-3 Mixed-traffic intralogistics | Not yet — 21 gaps | Combined-system risk assessment, PFL, Cat 3, ISO 13849-2 validation |
| OE-4 Public-facing / last-mile | Not at any near-term revision | 25 gaps + regulatory engagement (EU 2023/1230, CE, local) |
The single most critical gap is the absence of a validated personnel-detection safeguard — no IEC 61496-certified safety scanner specification, no protective-field design, and no ISO 13855 calculation tying field size to stopping distance. Until that exists, autonomous motion near people cannot be justified. The other Very-High gaps: no ISO 3691-4 speed / braking / stopping-distance data, no ISO/TS 15066 PFL measurement for the dual arms, no MTTFD/DC/CCF figures for any safety channel, no ISO 13849-2 validation report, an unspecified carrier PCB and E-Stop topology, and an undeclared battery chemistry / BMS architecture.
- 5 minutes —
safety/OpenAMR_Safety_Case_Summary.pdf - 30 minutes —
safety/OpenAMR_Engineering_Bundle.pdf - Deciding whether to deploy — the narrative report, then the
12_Gapsand15_Dashboardtabs of the safety-case workbook, then the DFMEA Action Plan tracker, then the test-plan V&V matrices.
OpenAMR is an affordable open-source autonomous mobile robot for small and medium enterprises: a
hub-motor mobile base with suspension, a dual robotic-arm upper module on an adjustable linear lift,
LiDAR SLAM navigation, depth-camera perception, autodocking with wireless charging, and a
ROS2 / Linorobot / Teensy software stack with OpenRMF fleet management. The platform's hardware
(CAD, schematics, BOM) and software (UI, ROS, firmware) sources are in docs/.
This repository is a fork of the upstream openAMRobot/openamr
project (BHT University Berlin Mechatronics Lab / Botshare). The platform itself is upstream work;
the safety/ engineering package is an independent concept-phase analysis added in this
fork and is not produced or endorsed by the upstream maintainers.
Upstream OpenAMR is released under the MIT licence. This fork — including the safety/
engineering package — is released under the same MIT licence, with attribution to the upstream
openAMRobot project retained. See LICENSE.
The safety/ engineering package was prepared by Jherrod Thomas — fork maintainer
and independent assessor. Issues, comments and corrections are welcome via the GitHub Issues tab on
this fork. Corrections to the platform itself should go upstream to
openAMRobot/openamr.
The safety analysis in this repository is preliminary and provided in good faith for engineering review. It is not a certification, a conformity assessment, or a substitute for the site-specific risk assessment that any deploying organisation must perform.