Skip to content
DiveSuite Docs

Safety

DiveSuite is life-critical software. Incorrect decompression calculations can cause serious injury or death. This section documents our safety architecture, principles, and practices.

Safety Principles

Section titled “Safety Principles”
  1. Deco Engine Isolation — All decompression calculations happen in a single, isolated Rust module with 95%+ test coverage
  2. AI Never Overrides — AI is advisory only. AI cannot generate, modify, or override decompression schedules
  3. Disclaimers Always Visible — Every plan output includes mandatory safety disclaimers
  4. Validation Required — Deco calculations are validated against reference implementations before release
  5. Offline Must Work — Core safety features work without internet. AI features degrade gracefully when offline

Documents

Section titled “Documents”
DocumentDescription
Safety PrinciplesCore safety architecture and rules
Deco EngineBuhlmann implementation, testing, validation
AI BoundariesWhat AI can and cannot do
DisclaimersRequired disclaimer text and placement

Safety Architecture

Section titled “Safety Architecture”
graph TB
    subgraph "User Input"
        UI[User Interface]
        AI[AI Suggestions]
    end


    subgraph "Validation Layer"
        V[Parameter Validation]
    end


    subgraph "Deco Engine"
        DE[Rust/WASM<br/>Buhlmann ZHL-16C]
    end


    subgraph "Output"
        D[Disclaimer]
        P[Plan Output]
    end


    UI --> V
    AI -->|"treated as<br/>unverified input"| V
    V -->|"validated params"| DE
    DE --> D
    D --> P


    style AI fill:#fff3cd
    style DE fill:#d4edda
    style D fill:#f8d7da
Section titled “Risk Register (Safety-Related)”
RiskSeverityStatus
RISK-01: Deco calculation incorrectnessCriticalOpen
RISK-04: AI safety boundary violationHighPartial
RISK-06: PADI validation claim mismatchMediumOpen
RISK-09: No independent deco reviewHighOpen

Testing Requirements

Section titled “Testing Requirements”

Deco Engine (Mandatory)

Section titled “Deco Engine (Mandatory)”
  • 95%+ branch coverage
  • Property-based tests (proptest) for invariants:
    • NDL always decreases with depth
    • Gas consumption always positive
    • No-fly time >= 0
    • Tissue loading increases during descent
  • Validation against reference implementations:
    • Subsurface (same algorithm)
    • MultiDeco (commercial reference)
  • Cross-reference with published tables (for sanity check, not exact match)

AI Safety (Mandatory)

Section titled “AI Safety (Mandatory)”
  • AI cannot suggest exceeding MOD
  • AI cannot suggest exceeding NDL
  • AI cannot suggest ppO2 > limits
  • All AI output includes disclaimer
  • Kill switch (CC-15) completely disables AI

Incident Response

Section titled “Incident Response”