Tuesday · 31 May

Good morning, Elena.
Three documents moved while you slept.

Two were advanced by agents overnight. The architecture brief is ready for your read.

Documents

214 +9

Live now

5 2 agents

co-editing across 3 docs

Agent edits · 24h

148

92% accepted by reviewers

Published pages

37

docs.nexa.dev

Recently touched

All documents →

047

Control-loop architecture, v3

Engineering Draft

EM

AX

live

046

Sensor fusion: failure modes

Research Published

CR

JP

2h ago

044

Q3 reliability targets

Product In review

SK

5h ago

041

Deployment runbook — edge fleet

Engineering Published

AX

EM

Yesterday

Your spaces

Manage →

EN

Engineering

Architecture · runbooks · ADRs

86 docs12 members3 agents

PR

Product

Specs · roadmaps · reviews

52 docs9 members2 agents

Live activity

Stream →

AX

Atlasagent proposed 3 edits on Control-loop arch

just now · awaiting review

JP

Jonas P. published Sensor fusion

2h ago

CR

Curieagent summarised 14 sources into Failure modes

3h ago

Engineering / Architecture

The Architecture collection

24 documents · 4 agents with write access · last sync 12s ago

All 24 Drafts 7 In review 4 Published 13 Live now 2 ◆ Edited by agents 11

№DocumentLast edited byUpdatedStatus

024

Control-loop architecture, v3

Markdown · 12 min read · 4 contributors

AXAtlas

now Draft

023

Event bus topology 🔒

Markdown · 8 min read · 2 contributors

EM

Elena Marsh

human · admin

14m ago In review

022

State reconciliation model

Markdown · 16 min read · 5 contributors

CRCurie

1h ago Published

021

Edge fleet deployment topology

Markdown · 9 min read · 3 contributors

JP

Jonas Pry

human · editor

3h ago Published

020

Safety envelope specification

Markdown · 21 min read · 6 contributors

AXAtlas

Yesterday Published

019

Sensor calibration handbook

Markdown · 7 min read · 2 contributors

SK

Sara Kohl

human · editor

2d ago Draft

Doc 022 · Engineering / Architecture

A state reconciliation model for partitioned fleets

How edge robots converge on shared world-state after a network split — and why eventual consistency is a feature, not a compromise.

JP

Authored by Jonas Pry

CR

with agent Curie

·　Updated 1h ago　·　16 min read

Partition tolerance is not negotiable for a fleet that operates beyond reliable connectivity. When an edge node loses contact with the coordinator, it must keep acting on the last world-state it trusted — and reconcile cleanly when the link returns. The model below treats divergence as the normal case.

§1 The convergence guarantee

Every node maintains a conflict-free replicated representation of shared state. Two nodes that observe the same set of operations — in any order — arrive at byte-identical state. This is the property we lean on hardest: order-independence lets a reconnecting node replay a backlog without coordination.

If two replicas have seen the same operations, they are in the same state. Order is an implementation detail, not a contract.

The practical consequence is that a node need never ask permission to act. It acts, records the operation, and trusts the merge. See the CRDT primer →

§2 Reconciliation after a split

When a partition heals, each side exchanges the operations the other has not yet seen. Because the merge is commutative, there is no leader election and no rollback. The sequence is deliberately boring:

Exchange operation-set digests to find the delta.
Stream missing operations in either direction.
Apply locally; the merge function guarantees convergence.

◆

Why this matters for agents. An autonomous agent editing a doc offline is just another partitioned replica. The same merge that reconciles two robots reconciles a human and an agent who edited the same paragraph.

§3 Operation log as source of truth

State is never stored directly — it is always a fold over the operation log. This gives us a complete audit trail for free: every change, by every principal, human or agent, is reconstructable from the log alone.

reconcile.ts// converge two divergent replicas — order-independent
function reconcile(local: OpLog, remote: OpLog): State {
  const merged = local.merge(remote);   // commutative
  return merged.fold("genesis"); // deterministic
}

The genesis state is the namesake zero point — every fleet starts from the same empty world and diverges only through observed operations.

Text ⌄ B I U </> ◆ Ask agent

Doc 024 · Draft All changes saved

The control-loop architecture

+⠿

Each robot runs a tight perception-plan-act loop at 50 Hz. The loop is the unit of determinism: given identical sensor input and identical state, two robots produce byte-identical actuation commands. This is what makes fleet behaviour reproducible in simulation.

+⠿

§1 The perception stage

+⠿

Raw sensor frames are fused into a single world-estimate before the planner ever sees them. We deliberately keep the fusion stage stateless so that a replay always yields the same estimateAX Atlas · typing

AX Atlas suggests an edit · §2 Planning just now

The planner consumes the world-estimate and emits a trajectory. It runs whenever the loop ticks. It runs once per loop tick (50 Hz) and is bounded to 4 ms of wall-clock so a slow plan can never stall actuation — the previous trajectory is reused on overrun.

Adds the timing bound from runbook 041, per your comment.

+⠿

§3 Actuation & safety

+⠿

The actuation stage is the only component permitted to command motors, and it enforces the safety envelope independently of the planner's intent.

Blocks

H

Heading

Section title

#

¶

Text

Plain paragraph

</>

Code block

Monospace, syntax

AI

◆

Ask an agent

Draft, expand, or cite

⌘J

Co-editing now 3

EM

Elena Marsh

human · you

JP

Jonas Pry

human · §1

peer agents

AX

Atlas

◆ agent · editing §1–2

CR

Curie

◆ agent · idle

Thread · §2

EM

Elena8m

Can we make the planner timing explicit here? The 4ms bound matters for the safety case.

AX

Atlasnow

On it — pulled the bound from runbook 041 and proposed the edit above. ↑

Organisation access

Members & agents

People 31 Agents 7 Teams 6 Invitations 3 Roles & permissions

MemberRoleTeamsLast active

EM

Elena Marsh · you

elena@nexa.dev

Admin

EngPlatform

now ⋯

AX

Atlas ◆ agent

svc:atlas · claude-opus · rev-key …a91f

Editor

Eng

editing ⋯

JP

Jonas Pry

jonas@nexa.dev

Editor

EngResearch

12m ago ⋯

CR

Curie ◆ agent

svc:curie · research-bot · rev-key …7c20

Editor

Research

idle · 40m ⋯

SK

Sara Kohl

sara@nexa.dev

Viewer

Product

2h ago ⋯

DV

Dana Vo

dana@nexa.dev

Editor

ProductEng

Yesterday ⋯

Access at a glance

38 principals across this deployment

● 23 people ● 8 editors ● 7 agents

Teams

Group members & agents for space access

EN

Engineering

12 members · 3 agents

EM

AX

JP

PR

Product

9 members · 2 agents

SK

DV

RS

Research

7 members · 2 agents

CR

JP

Good morning, Elena.Three documents moved while you slept.

Recently touched

Your spaces

Live activity

The Architecture collection

A state reconciliation model for partitioned fleets

§1 The convergence guarantee

§2 Reconciliation after a split

§3 Operation log as source of truth

The control-loop architecture

Members & agents

Access at a glance

Teams

Good morning, Elena.
Three documents moved while you slept.