HazardKit · Eyrie M2 tier add-on — requires or includes Eyrie Edge · for utilities, steel, refineries, forests & smart cities
HazardKit is a bolt-on hazard-detection tier for Eyrie — real-time fire, smoke, wildfire-spread, gas-leak, flood and industrial-spill detection on the camera, thermal, audio and LiDAR stack you already run. Every event carries a severity tier (gas leaks add a coarse rate-class), every suppression command passes a two-operator gate, and every event exports a Bharatiya Sakshya Adhiniyam Section 63-aligned evidence bundle — signed by a per-tenant Ed25519 key, re-verifiable years later. A fraction of incumbent per-site cost for broader, six-hazard scope — available in early access.
01 — Who it's for
A Honeywell XLS-3000 or Siemens Sinteso panel is excellent at in-shell point detection — where smoke or heat reaches a fixed sensor. The outdoor hazards (a coke-oven gas plume, a slag-pit smoulder, a jetty oil spill, a forest-fire ignition) don't reach a sensor for 8-22 minutes. HazardKit closes that gap on cameras you already have, and produces the signed evidence the insurer and the inspectorate now ask for.
— ICP · 01 · Steel & metallurgical
47 km² of plant area, ~3,200 cameras across coke ovens, blast furnaces and yards, ~14,000-detector panel for the in-shell hazards. Wants mean-time-to-detection cut from 8-22 minutes to under 90 seconds — and a BSA §63 trail to lock in the ICICI Lombard premium discount.
— ICP · 02 · Refinery & petrochemical
8 MMTPA, ~450 cameras, ATEX-rated detectors, FLIR GFx320 hand-held inspection on an 8-hour cycle. Wants continuous gas-leak coverage in the dead zones between OGI rounds, and an evidence pack that survives a PNGRB / PESO licence renewal.
— ICP · 03 · State forest department
14 fire-watch towers, manual lookout-binocular observation through the Feb-June fire season, ~80-140 detected fires a season. Wants ignition caught within 2-3 minutes plus a wind-and-terrain spread look-ahead to direct ground teams — and a tamper-evident, BSA §63-aligned post-fire record.
— ICP · 04 · Smart city / utility / port
2,400+ cameras, monsoon flood exposure, MIDC industrial incidents in the catchment. Wants the ICCC lifted from reactive screen-watching to proactive multi-hazard monitoring, fused across fire, flood and spill on one operator console.
02 — How it works
HazardKit is structurally a sensor lane — it sits alongside Eyrie's video, audio, LiDAR and thermal lanes. Detectors emit observations; the fuser collapses them into one event per scene; policy and cross-modal evidence set the tier; the two-operator gate guards any suppression; and the audit chain signs every step. Every detector is wrapped in the Protocol + StubAdapter + ProductionAdapter pattern — the deterministic stubs are what all 1,498 tests exercise.
For any ONVIF or thermal camera
RGB cameras over ONVIF Profile T + M, plus six thermal vendors (FLIR Lepton / Boson, Hikvision DS-2TD, Axis Q19xx, Teledyne Boson, Tonbo Spectro). Per-pixel temperature mapping and hot-spot stats feed the fire and gas-leak detectors.
For six hazard classes
Six detectors run on the edge appliance: fire, smoke, wildfire-spread, gas-leak, flood, spill. Each emits a HazardEventObservation with a confidence attenuated for stress — rain, dust, glare, fog all pull the score down rather than silently failing.
For N cameras, one incident
The same hazard seen by N cameras reconciles into one HazardEvent within a 25 m / 30 s window. Every per-camera detection is preserved as a linked observation; three-plus cameras auto-escalates to alarm tier.
For RGB + audio + LiDAR + thermal
Smoke on RGB + an alarm-siren on Eyrie's audio lane + smoke-obstructed LiDAR returns + a thermal hot-spot compose into elevated confidence. Each signal is recorded as HazardEventCrossModalEvidence with its delta to event confidence.
For operator-attention triage
Pre-alert (≥ 0.50, dashboard only) → alert (≥ 0.80, SMS + dashboard) → alarm (≥ 0.93, or 3+ cameras, or cross-modal-elevated). These are the default floors; the active India-state policy preset moves the thresholds. Every tier transition is audit-logged.
For dispute-defensible response
Alarm triggers the two-operator workflow before any suppression discharge; the event hands off to the Ed25519 chain; a BSA §63 bundle is exportable on demand and, where discount-relevant, pushed to the insurance carrier.
03 — The six detectors
Pano AI does wildfire only. FireNet does smoke only. Fike VID does fire + smoke. FLIR GFx320 does gas
leak only. Each is a single-purpose specialist — the customer ends up with three or four vendors and
three or four audit chains. HazardKit ships all six from one stack, with a published true-positive
target per class, a coarse rate-class on the gas-leak detector and a colour-shift class on the spill
detector. Each module name below is the real Python module in hazardkit.detectors.
Reference implementation / pilot-ready. Production AI model slots (YOLOv12 head
for fire; SWIR methane for gas) are not yet wired and raise NotImplementedError on live
inference paths — integration lands at the FY27 Q2 milestone. All accuracy figures below are
design targets, not independently measured results. All 1,498 tests exercise deterministic stub adapters.
vs Hikvision Smart Fire / Bosch AVIOTEC, bundled, no audit chain
Visible-flame detection with < 0.5 false positives per camera per day. When a thermal camera confirms a hot-spot above 350 °C on the same scene, confidence elevates straight to alarm tier. Graceful degradation under rain / dust / glare.
vs commodity NVR analytics that cry wolf on steam & dust
Distinguishes smoke from dust, steam, fog and exhaust plumes — < 8% false-positive on confounder scenes. An alarm-siren or glass-break on Eyrie's audio lane on the same scene elevates to alarm tier.
vs Pano AI / Insight Robotics, detection without spread look-ahead
On ignition, a custom heuristic spread model takes fire location, wind (IMD feed or local anemometer), terrain DEM and fuel-load classification, and returns predicted perimeters at four horizons within 60 s. Accuracy varies with terrain and fuel-load data quality. The input snapshot is signed into the chain as evidence.
vs FLIR GFx320 hand-held OGI units at a fraction of the cost
Schlieren detection on thermal cameras at 0-12 m and methane plume on a low-cost SWIR option at 0-25 m, in the dead zones between hand-held OGI rounds. Each detection carries a coarse RateClass — small / medium / large — qualitative, never a fraudulent quantification.
vs single-hazard incumbents with no unified audit chain
Tracks water-level rise against operator-configured scene anchors (kerb height, drainage posts) at a target ≥ 90% TPR, with an optional IMD or rain-gauge rate feed for cross-modal confirmation. Slower-onset hazard, < 120 s detection budget.
vs roving safety patrols, 6-9 minute response
Liquid-spread detection on hard surfaces (concrete jetty, asphalt) at a target ≥ 88% TPR, with colour-shift heuristics for oil sheen / white-powder / chemical residue. A thermal heat-anomaly on the same scene elevates to alarm — a warm chemical reaction.
A seventh support detector, hazardkit.detectors.thermal_anomaly, feeds the fire and
gas-leak detectors with hot-spot statistics. Production model integration (YOLOv12 head for fire;
SWIR methane for gas) lands at the FY27 Q2 milestone; until then, the production slots raise
NotImplementedError so a test run can never accidentally hit a real model.
04 — A tier on Eyrie, not a separate box
HazardKit is an Eyrie M2 tier add-on — not a standalone product. The marginal engineering cost is small because Eyrie already ships the audio, LiDAR, thermal and drone lanes, the Ed25519 audit chain, the federation gate and the compliance presets. HazardKit composes the cross-modal fusion patterns on top and hands every event off to Eyrie's existing chain. One audit chain, one auth surface, one operator console across Eyrie and its hazard tier.
HazardKit does not stand up its own chain — every HazardEvent, observation, cross-modal link, suppression command, evidence bundle, insurance push, two-operator approval, preset change and tamper event writes a hash-linked, signed AuditChainEntry.
The audio lane (alarm-siren, glass-break, scream) and the LiDAR lane (smoke-obstructed returns) feed HazardKit's cross-modal fusion through Eyrie's existing detector interfaces — co-temporal within 30 s, co-spatial on the same scene anchor.
A fire is not a person — most hazard events carry no personal data. When workers are visible responding to an incident, HazardKit reuses Eyrie's privacy-masking layer and the DPDP compliance preset. No standalone person-identification during incident response, by policy.
At v0.1.0 the supported surface is the hazardkit CLI plus the in-process Python package. REST API integration is not available at launch. In v0.2 (planned FY27 Q2) the REST routers mount into Eyrie's existing FastAPI /v1/… app rather than standing up a second server — keeping a single chain, auth and console.
05 — Severity model + two-operator gate
Three escalation tiers allocate operator attention; a closed SeverityTier taxonomy keeps
the model auditable. Alarm-tier events, suppression activations, disputed-evidence pushes and
federation grants all require two-operator concurrence within five minutes — either rejection cancels
the action; a timeout cancels it with an audit-logged record. A non-reversible suppression discharge
can only be forced by an emergency override requiring three signatures plus an after-the-fact memo
within 24 hours.
# A fused, thermal-confirmed fire event at a coke-oven bank, # elevated to alarm and handed off to the Ed25519 chain. # (Illustrative example — not a reference customer.) { "event_id": "hz-9f2c1a7b0e44d3128c5a", "tenant_id": "acme-steel-jsr", "site_id": "jsr-coke-oven-bank-3", "appliance_id": "acme-jsr-coke-01", "hazard_class": "fire", "tier": "alarm", # pre_alert | alert | alarm "confidence": 0.97, "source_observation_ids": [ # 3 cameras — no evidence lost (FR-07) "obs-fire-1a2b", "obs-fire-3c4d", "obs-fire-5e6f" ], "cross_modal_evidence_ids": [ "xmod-thermal-7a8b", # hot-spot > 350 degC → alarm (FR-01 AC5) "xmod-audio-9c0d" # alarm-siren on Eyrie audio lane (FR-08) ], "resolution_status": "open", "audit_entry_id": "chain:acme-steel-jsr:1842" }
→ HazardEvent rows are frozen, slotted dataclasses. Every identifier is a string so the
same row serialises unchanged against the edge SQLite WAL store and the cloud Postgres control plane
(M2+). The TenantScope façade enforces per-tenant isolation fail-closed on every read.
06 — BMS, SCADA, suppression & notification
Pano AI, FireNet and Hikvision Smart Fire ship cloud-only or locked into their parent panel (Bosch into Bosch, Siemens into Sinteso, Honeywell into Notifier). HazardKit decouples: every external dependency is wrapped in the Protocol + StubAdapter + ProductionAdapter pattern, so the stubs pass every test with no SDK installed and the production slot plugs in at deploy time. Thirty-eight adapter packages ship at GA — nine camera, six thermal, four BMS, three SCADA, seven suppression and five notification — plus four insurance carriers.
# Export a BSA Section 63 evidence bundle for one event: # signed PDF + signed JSON manifest + per-event JSON, all in one tar. # (Illustrative example — not a reference customer.) hazardkit bundle hz-9f2c1a7b0e44 \ --tenant-id acme-steel-jsr \ --site-id jsr-coke-oven-bank-3 \ --site-name "Acme Steel Jamshedpur (JSR) Coke Oven Bank 3" \ --state-code JH \ --policy-preset UP_FACTORY_RULES_1948 \ --out-dir /var/lib/hazardkit/evidence \ --key-file /etc/hazardkit/audit_key.json \ --db /var/lib/hazardkit/hazardkit.db \ --operator-id site.safety.officer \ --operator-role site_safety_officer # Response: { "bundle_id": "hk-bundle-3c9e1f2a4b6d", "sha256": "9b1c…", "tar_path": "/var/lib/hazardkit/evidence/hk-bundle-3c9e1f2a4b6d.tar" } # Verify the per-tenant audit chain (offline auditor uses the Python # verify_chain for the per-entry verdict): hazardkit verify-chain --db /var/lib/hazardkit/hazardkit.db \ --tenant-id acme-steel-jsr
Suppression commands fire only through the two-operator gate, over BACnet, Modbus, OPC UA or the vendor-proprietary protocol; the same protocols monitor per-zone status, sprinkler-head faults and deluge-pump health. Full closed-loop auto-suppression is out of scope at v1.0, by stated policy.
07 — Evidence & compliance
A fire-claim litigation can run 14-26 months and turns on the integrity of the CV footage. Since the Bharatiya Sakshya Adhiniyam came into force on 1 July 2024, Section 63 sets the technical bar for electronic records — hash, algorithm, chain of custody, device identity, operator. HazardKit produces a tamper-evident, BSA 2023 §63-aligned evidence bundle engineered to satisfy those technical requirements, signed by a per-tenant Ed25519 key and counter-signed by the requesting operator. Tamper any file and the manifest signature fails. Admissibility in any proceeding is determined by the court.
vs mutable NVR footage that cannot satisfy §63 technical requirements
A tar bundle with the Section 63 PDF certificate, a signed JSON manifest, raw video (5 min pre + 10 min post), the frozen pre-incident buffer, cross-modal evidence and per-camera crops. Generated in < 90 s for one event; signed and re-verifiable years later. Admissibility in any proceeding is determined by the court.
vs post-incident-only review tools
A rolling 10-minute per-camera buffer — high-density for the first five minutes, reduced sampling for the next five. On any pre-alert / alert / alarm it freezes to permanent storage with a per-frame SHA-256 hash, and rides into the evidence bundle.
vs incumbents shipping US / EU / China defaults
Six India-state presets (Maharashtra, Karnataka, Tamil Nadu, MP, Gujarat and UP factory / fire rules) plus OSHA-US and CE-EU — eight total. One toggle per site sets thresholds, retention windows, audit verbosity, suppression-trigger threshold and the per-state regulator template. A forest-department extension layers on top.
vs incumbents with no automated carrier submission path
The ICICI Lombard August 2024 discount programme (pilot) rewards a tamper-evident CV chain-of-custody — material savings at large integrated-steel-plant premium scale. HazardKit pushes the per-incident bundle to ICICI Lombard (carrier integration in sandbox at GA), with Bajaj Allianz, HDFC Ergo and New India Assurance targeted to follow; eligibility is tracked per site and chained.
Compliance posture is inherited from Eyrie: BSA §63 alignment, CERT-In empanelment (in progress), STQC security audit (planned FY27 Q1), the DPDP closed-set preset, NDMA escalation-tree alignment and Factories Act 1948 audit hooks — no incremental certification cost for HazardKit. PNGRB and PESO licence-renewal evidence packs are FR-19 bundles on a per-regulator template.
08 — Operator console
HazardKit ships server-side view-models that surface inside Eyrie's console — no separate SPA, no
second login. Each is a real module in hazardkit.ui, backed by the same cloud control-plane
services the CLI and Python API use.
Open events ranked by tier and confidence, with the contributing observations and cross-modal evidence inline. Acknowledge, resolve, or mark false-positive — each transition is chained.
The five-minute approval window for alarms and suppression — first operator action, second operator affirm or reject, and the emergency-override path that demands a third signature plus a memo.
Request a BSA §63 bundle for an event or a window, watch it build, and download the signed tar. Counter-sign as the requesting operator before it is pushed anywhere.
The 15-second health beacon aggregated per tenant and site — camera and thermal-camera health, NTP drift, storage and compute utilisation, suppression and BMS / SCADA adapter status, offline-since indicators.
Per-site discount-eligibility status against the carrier programme, the bundles pushed, and the carrier confirmation references — the trail an underwriter needs to credit the premium discount.
Pick the India-state preset for a site and layer the forest-department extension where it applies. The change is persisted in tenant config and audit-chain anchored.
09 — How to engage
HazardKit is available in early access — bolt-on to an existing Eyrie deployment or as a greenfield Eyrie Edge + HazardKit installation. Reach out and we will scope the right configuration for your site, hazard classes and compliance requirements.
10 — Start
Six hazard classes, a severity tier on every event, a two-operator gate on every discharge, and a BSA §63-aligned evidence bundle per event — all in code, with 1,498 stub-adapter tests passing (pipeline and integration coverage; not a measure of model recognition accuracy). Production model integration lands FY27 Q2; available in early access. Book a demo and we will walk the test suite live, on your own site corpus if you can share one.