Guardian is flight software for fault management in multi-spacecraft mission architectures wherein multiple vehicles work cooperatively and autonomously to achieve mission objectives. Design, development, and validation of Guardian algorithms and architecture implicitly assumes an environment in which inter-vehicle communication is intermittent.


Distributes system requirements among components with well-defined interfaces and functionality. Defines decentralized roles for components. Enables extension, reuse, and verification of functionality.


Fault isolation and recovery services are configurable enabling reuse for future mission architectures. Existing detection modules from previous mission quickly deploy to new missions.


Health definition, fault isolation, and recovery are extensible to new detection modules. Reference implementation is for guidance, navigation, and control of space vehicle clusters.


Components requirements are well-defined and verifiable. Regression test library is automated. New missions verify new detection algorithms, changes to isolation, and recovery actions.