concepts
Intended Documentation
What is Physical AI on Intended
How the Intended Authority Runtime layers on top of an existing safety stack to gate AI-issued commands at machine speed, with a tamper-evident audit trail.
What is Physical AI on Intended#
Intended is the authority layer for physical AI. When agentic robots, drones, AGVs, or autonomous machines are about to take a real-world action, Intended classifies the intent, mints a short-lived signed credential bound to the robot's identity, and falls back to a declared safe-default if the credential is denied or expires.
We sit above your existing safety PLC, not in place of it.
The picture#
The safety PLC continues to be the authority on physical safety hazards. Intended is the authority on whether the command should be issued in the first place.
What you get#
| What it is | Where it lives | |
|---|---|---|
| OIL v2 — Open Intent Layer | Open Apache-2.0 taxonomy of 173 categories across 29 domains (15 physical / embodied + 14 digital). The vocabulary your robot uses to describe what it's about to do. | github.com/intended-so/intended/tree/main/packages/open-intent-layer |
| Authority Runtime — cloud | Classifier, policy evaluator, signing issuer, audit chain. RS256 JWTs verifiable against published JWKS. | https://api.intended.so/v1/physical/* |
| Edge verifier — Rust | Sub-50ms local verification. JWKS offline cache (24h). Revocation list sync. Pre-computed authority cache. | github.com/intended-so/intended/tree/main/crates/intended-verifier |
| SDKs | Python, TypeScript, ROS2 ament. C++ and Rust customer-facing SDKs ship with first design partner. | github.com/intended-so/intended/tree/main/packages |
| Reference cobot | "Hello world" of physical-AI authority — ROS2 / MoveIt-shaped pick-and-place that runs on a laptop without a robot. | github.com/intended-so/intended/tree/main/examples/physical-ai/pick-and-place |
| Safety case template | GSN sketch of how to extend our certified primitive into your machine's safety case. | Safety-case writing |
What we do NOT do#
- Replace your safety PLC, safety bus, or safety-rated I/O
- Write controls code, ROS2 nodes, ladder logic, or PLC programs
- Read your PLC tags directly — you implement a
PhysicalStateProvider - Provide platform-specific adapters for ABB, FANUC, KUKA, UR, Boston Dynamics
- Decide where to grasp, what trajectory to plan, or which lane to merge into
- Currently certify under IEC 61508 / ISO 13849 / ISO 26262 — sales-funded when regulatory posture demands it. The primitive is buildable today; un-assessed safety-relevant SW is a defensible posture under your own SW lifecycle (the Linux-upstream model).
Where we fit in your safety case#
Customers ship a safety case for their machine. We provide a certified primitive their case can cite. The split:
| Component | Owner |
|---|---|
| Edge verifier binary | Intended |
| Cloud authority issuer | Intended |
| Robot / PLC / safety bus | Customer |
| Application logic + DAG | Customer |
| Safety bus → predicate bridge (PhysicalStateProvider) | Customer |
| Per-deployment safety case | Customer |
Safety-case writing walks through the GSN structure and what's defensible to claim.
Two-product framing#
Critical distinction we never collapse:
| Product | Open / closed | Pricing |
|---|---|---|
| OIL — the standard | Open, Apache 2.0, vendor-neutral | Free forever |
| Intended Authority Runtime + edge verifier | Commercial product | Per-device or per-cell, annual |
You can adopt OIL without buying our runtime. You buy our runtime when you want OIL enforced at machine speed with the safety, audit, and operational properties enterprises require. Same shape as Linux + Red Hat, Postgres + RDS, OAuth + Okta.
Next#
- Physical-AI quickstart — five minutes to first token
- ROS2 integration guide — canonical SDK for robotics agents
- PLC migration patterns — translating safety-PLC patterns into Intended policy clauses
- Safety-case writing — what to claim, what not to claim
- OIL v2 — the open standard — vocabulary your robot uses to describe what it's about to do