LD-OPS-002  ·  v2.4.6  ·  published  ·  2026-03-30  ·  CC BY-SA 4.0
docs  /  operations  /  libdrone — Drone Safety and Risk Assessment

libdrone — Drone Safety and Risk Assessment

About

System-specific safety and risk assessment for libdrone V2.4.6. Covers design risks, operational risks, payload interface risks, and mitigation measures. Intended to inform design decisions, operational procedures, maintenance planning, and regulatory compliance under EASA Open Category rules in the Czech Republic.

About

Drone Safety & Risk Assessment (DSRA). This document provides a system-specific safety and risk assessment for the libdrone V2.4.6 6‑inch drone platform. and is intended to inform:

  • Design decisions
  • Operational procedures
  • Maintenance planning
  • Regulatory compliance (EASA Open Category, Czech Republic)

It should be read together with: * reference/LD_-_Master_Specification_v246.md * reference/LD_-_Hardware_v246.md * reference/LD_-_Variables_v246.md * operations/LD_-_DMOM_v246.md * payloads/LD_-_Payload_SDK_v246.md

1. System Overview

  • Drone name: libdrone V2.4.6
  • Configuration: 6‑inch True‑X quadcopter (255 mm wheelbase)
  • Structure: 5-layer sandwich body (PETG 3mm / PCCF 3mm ×3 / PETG 4mm sealed platform); PETG arm shafts + tabs; ASA bumpers; 4 × 2.0 mm CF rods
  • Propulsion: 4 × 2507 1750 KV motors on 6S, 6" HQProp 6×3×3 props
  • Flight controller: Mateksys H7A3‑SLIM running Betaflight 4.5
  • ESC: Pilotix 75A AM32 4‑in‑1 6S (integrated TVS, RPM telemetry)
  • Video link: HDZero Freestyle V2 → HDZero Goggle 2
  • RC link: EdgeTX TX16S MKII + RadioMaster RP2 ELRS 2.4 GHz
  • Guidance: GPS (Matek M10Q‑5883), GPS Rescue 2.0 configured
  • Platform interface (V2.4.6):
  • GX12-7 dual connector (IP65, screw-lock) — permanent drone-side male panel mount (×2, A+B)
  • 2× M3 boss pads on sealed top surface — universal mechanical payload interface
  • Battery side-slide architecture — lateral exit RIGHT, no top layer removal required
  • Mission profile:
  • Cinematic surveillance
  • High‑intensity skatepark chase
  • Air quality mapping (SEN66 mast payload via GX12)
  • Video recording (Caddx Peanut payload via GX12)
  • Any sensor/camera payload conforming to Payload SDK v2.4.6
  • Weight class:
  • Dry (no payload): target < 410 g, gate < 440 g
  • With sensor payload: target < 470 g, gate < 500 g
  • With video payload: target < 450 g, gate < 480 g
  • With 6S 1800 mAh LiPo: MTOW ≈ 720–760 g (EASA Open A2 band)

2. Regulatory Context (EASA Open, CAA CZ)

  • EASA category: Open Category, Subcategory A2 (MTOW 250–900 g)
  • State: Czech Republic (CAA CZ)
  • Obligations (summary):
  • Operator registration with CAA CZ (registrace.caa.cz)
  • A2 Certificate of Competency for flying near people (skatepark use)
  • Third‑party liability insurance for >250 g UAS
  • Adherence to airspace restrictions (CTR, TRA, protected areas)
  • Max altitude 120 m AGL; VLOS maintained

libdrone V2.4.6 is explicitly tuned for A2 use in skateparks, with Betaflight low‑speed mode calibrated to ≤ 4.8 m/s to reduce kinetic risk in close‑proximity flight.

3. Hazard Identification (HAZID)

This section summarises key hazards. Detailed descriptions and mitigations are in operations/LD_-_DSRA_v246.md.

3.1 Mechanical Hazards

  • Rotating propellers (high‑energy blades)
  • Arm or rod structural failure (inadequate wall thickness, PETG wear)
  • Loose fasteners (motor mount, rod pinch clamp, standoff nuts)
  • Motor overheating (blocked airflow, misconfigured ESC)

3.2 Electrical Hazards

  • Battery fire / thermal runaway (incorrect charging, physical damage)
  • Short circuits (moisture ingress, damaged wiring)
  • VBAT spikes (aggressive throttle, insufficient filtering)
  • Connector failure (XT60, MR30, JST signal connectors)
  • GX12 connector fault (V2.4.6): partial seating, bent pin, or lock ring failure causing intermittent payload power or signal loss in flight

3.3 Operational Hazards

  • Loss of control link (ELRS interference, misconfig)
  • Loss of video (HDZero link drop, antenna damage)
  • GPS/compass failure (poor lock, interference, incorrect configuration)
  • Pilot overload / mis‑orientation (FPV situational awareness)

3.4 Environmental Hazards

  • Cold weather (PETG arms more brittle near 0 °C)
  • High wind (6" props → strong sail effect)
  • Rain/fog (moisture ingress into electronics)
  • RF‑noisy environments (urban, industrial)

3.5 Mission‑specific Hazards

  • Skatepark:
  • People moving unpredictably
  • Obstacles (ramps, rails, concrete)
  • Metal structures (compass disturbance)
  • Air quality mapping:
  • Low‑altitude flight over urban areas
  • Sustained operation near obstacles
  • Payload operations (V2.4.6 — all missions with payload fitted):
  • GX12 connector not fully seated → payload loss or partial electrical fault in flight
  • Mast mechanical failure (M3 fastener, boss pad crack) → payload detachment
  • Battery rail failure → battery ejection under crash or G-load
  • Payload CG shift → altered handling requiring pilot awareness
  • GX12 chimney PETG crack → connector instability under lateral load
  • Payload master enable left ON accidentally → parasitic battery drain pre-flight

4. Risk Matrix

A simple 3×3 matrix is used:

  • Severity:
  • Low (L): Minor damage, no injury
  • Medium (M): Significant property damage or minor injury

  • High (H): Serious injury or major property damage

  • Likelihood:

  • Low (L): Unlikely in normal operation
  • Medium (M): Could occur sometimes
  • High (H): Likely to occur without mitigation

A hazard is High Risk if it lands in: * H×M, H×H, or M×H cells

The goal is to implement mitigations that move all hazards to M×L or L×L.

5. Key Risks & Mitigations (System‑specific)

The following table summarises the most critical libdrone‑specific risks.

5.1 Structural & Design Risks

  1. R-DES-01 — Passive cover short‑circuiting floating mount
  2. Risk level (pre‑mitigation): Severity: M, Likelihood: M → High
  3. Mitigation:
    • Mandatory CAD section‑view verification
    • Feeler gauge / backlight check in physical assembly
    • Reject any arm/cover where air gap is not visible in head region

  4. Residual risk: L×L → Low

  5. R-DES-02 — Rod channel wall too thin

  6. Risk level (pre): H×M → High
  7. Mitigation:
    • Enforce minimum 2.0 mm wall (channel→exterior), 1.5 mm (groove→channel)
    • Section offsets locked via reference/LD_-_Variables_v246.md

  8. Residual: M×L → Medium/Low (monitor via crashes)

  9. R-DES-03 — Incorrect rod channel diameter

  10. Risk level (pre): M×M → High
  11. Mitigation:
    • Variables split: #RodDia = 2.0 mm, #RodDiaChannel = 2.2 mm
    • Coupon verification

  12. Residual: L×L → Low

  13. R-DES-04 — Improper arm orientation

  14. Risk level (pre): H×M → High
  15. Mitigation:
    • Clear orientation labels in assembly docs
    • Rod threading test in DMOM before first flight

  16. Residual: M×L → Medium (requires pilot awareness)

  17. R-DES-05 — T-lock tab pull-out under crash load (V2.4.6)

  18. Risk level (pre): H×L → Medium
  19. Mitigation:
    • Coupon 8 (T-lock fit) mandatory before X body production
    • T-lock clearance 0.2 mm per side — slide fit, not loose
    • Inspect T-lock seating after every crash before next flight

  20. Residual: L×L → Low

  21. R-DES-06 — PCCF T-slot fracture (V2.4.6)

  22. Risk level (pre): M×L → Low/Medium
  23. Mitigation:
    • Minimum 3 mm wall around all T-slot features — enforced in CAD
    • Section view verification in Onshape Assembly before printing
    • T-slot positioned in X extension zone, not central core

  24. Residual: L×L → Low

  25. R-DES-07 — Rod channel misalignment across sandwich layers (V2.4.6)

  26. Risk level (pre): M×M → Medium
  27. Mitigation:
    • Thread rods as alignment step during assembly — self-aligning
    • Verify channel alignment in Onshape Assembly cross-section before printing

  28. Residual: L×L → Low

  29. R-DES-08 — GX12 chimney clearance failure (V2.4.6)

  30. Risk level (pre): M×M → Medium/High
  31. Context: The GX12 chimney (Ø18mm OD) passes downward through the PETG top layer into the electronics zone. If positioned too close to the FC/ESC stack or battery rail inner wall, it can foul on components or crack under lateral crash load, potentially damaging wiring or the connector itself.
  32. Mitigation:
    • Three-point clearance check mandatory in Onshape Assembly before committing to print (Cookbook §6.7 step 45)
    • Minimum clearance: 5mm from chimney OD to nearest stack hole; 3mm from chimney to battery rail inner wall
    • Coupon 10 (PRUSA guide) validates chimney bore print quality before full top layer print
    • Post-print: insert GX12 female dry before any wiring — verify connector seats flush and lock ring threads without force

  33. Residual: L×L → Low (if clearance check performed)

  34. R-DES-09 — Battery rail ejection under crash load (V2.4.6)

  35. Risk level (pre): H×L → Medium
  36. Context: The battery side-slides into PETG rails and is retained by a single lateral strap. Under a hard lateral impact, the strap buckle could open or the battery could slide past the endstop wall, ejecting a charged 6S LiPo in flight or on impact.
  37. Mitigation:
    • Endstop wall: 3mm PETG solid wall at LEFT end of right rail — battery cannot exit left under any load
    • Strap buckle positioned RIGHT side — oriented so crash forces (typically forward/down) do not unclip it
    • Coupon 11 (PRUSA guide) validates rail geometry and endstop before full top layer print
    • Pre-flight: strap buckle check is explicit item in DMOM Appendix B
    • Battery strap: use dedicated LiPo strap with non-slip surface — not a generic cable tie

  38. Residual: M×L → Medium/Low

  39. R-DES-10 — Payload mast detachment in flight (V2.4.6)

    • Risk level (pre): H×L → Medium
    • Context: Payload mast attaches via 2× M3 screws into heat-set inserts in the PETG top layer boss pads. Under vibration or crash, insufficient torque or boss pad cracking could release the mast, which then becomes a projectile while the GX12 cable remains attached.
    • Mitigation:
    • M3 × 8mm stainless button head screws — correct length to avoid bottoming on insert
    • Torque: finger tight + ¼ turn — sufficient for PETG; do not over-torque (strip risk)
    • Pre-flight: check both screws by hand — any play requires re-tightening before flight
    • Boss pad design: 7mm tall PETG integral boss — solid infill in boss zone (PRUSA guide §2I)
    • Inspect boss pads after any crash — PETG can crack invisibly at boss base; replace top layer if cracking found
    • GX12 cable should NOT be primary mechanical retention — the two M3 screws carry all load
    • Residual: L×L → Low

5.2 Manufacturing & Assembly Risks

  1. R-MFG-01 — PETG interlayer adhesion failure
  2. Risk level (pre): H×M → High
  3. Mitigation:
    • Enclosed printing, correct temps, break‑test coupons

  4. Residual: M×L → Medium/Low

  5. R-ASM-01 — Insufficient rod pre‑tension

  6. Risk level (pre): M×M → High
  7. Mitigation:
    • Pinch bolt torque procedure in DMOM
    • Acoustic ping check (2.2–2.6 kHz)

  8. Residual: L×L → Low

  9. R-ASM-02 — Over‑tightening motor mount screws

  10. Risk level (pre): M×M → High
  11. Mitigation:
    • Use torque driver or calibrated hand torque (0.4–0.5 N·m)
    • Replace silicone sleeves every 20–30 hours
  12. Residual: L×M → Medium

5.3 Operational Risks

  1. R-OPS-01 — Operating with damaged o‑rings/sleeves
  2. Risk level (pre): M×M → High
  3. Mitigation:
    • Routine inspection intervals in DMOM
    • Clear replacement policy

  4. Residual: L×M → Medium

  5. R-OPS-02 — PETG arm brittleness in cold

  6. Risk level (pre): H×M → High
  7. Mitigation:
    • Avoid < 0 °C operation in baseline
    • If winter operation desired, re‑evaluate material choice and re‑qualify

  8. Residual: L×L → Low (if cold operation is disallowed)

  9. R-OPS-03 — Low satellite count before arming

    • Risk level (pre): H×M → High
    • Mitigation:
    • Hard rule: ≥ 8 sats before arming
    • Disallow "arm without fix" in Betaflight
    • Residual: M×L → Medium/Low

  10. R-OPS-04 — GX12 connector not fully seated before flight (V2.4.6)

    • Risk level (pre): M×M → Medium/High
    • Context: GX12 connector requires deliberate screw-lock engagement. A connector mated but not locked can vibrate loose, causing intermittent payload power loss or — if payload mass is significant — partial mechanical disconnection.
    • Mitigation:
    • GX12 lock ring check is explicit pre-flight checklist item (DMOM Appendix B)
    • Procedure: fit connector, screw lock ring finger-tight, confirm no rotation possible by hand
    • OSD payload active confirmation at power-on — if payload not confirmed active, investigate before arming
    • GX12 IP65 rating provides weather sealing only when locked — unlocked connector is not waterproof
    • Residual: L×L → Low

  11. R-OPS-05 — CG shift from payload alters handling (V2.4.6)

    • Risk level (pre): M×L → Low/Medium
    • Context: All payload mass sits aft of CG (boss pads are rear of top surface). Heavy payloads shift CG rearward, requiring Betaflight pitch trim and potentially reducing forward flight authority at low speed.
    • Mitigation:
    • Weigh and measure CG after fitting any new payload for the first time
    • If CG shifts >10mm rearward from nominal: apply pitch offset trim in Betaflight
    • First hover with new payload: bench-verify level attitude, then low hover check before mission flight
    • Payload weight budget enforced: <80g target, <150g maximum — see Payload SDK §9
    • Residual: L×L → Low

5.4 Environmental & Electrical Risks

  1. R-ENV-01 — Moisture ingress

    • Risk level (pre): M×M → High
    • Mitigation:
    • Full conformal coating
    • No flight in heavy rain; careful in fog
    • Thorough drying after any wet event
    • Residual: L×M → Medium

  2. R-ENV-02 — VBAT spikes

    • Risk level (pre): H×M → High
    • Mitigation:
    • Pilotix 75A AM32 with integrated TVS
    • 1000 µF 35 V capacitor close to ESC
    • Residual: L×L → Low

6. Operational Safety Procedures

High‑level procedures; detailed checklists live in DMOM.

6.1 Pre‑Flight Checklist (Summary)

Airframe: - Check arm shafts for cracks or delamination - Check tab T-lock engagement — zero lateral play required - Replace shaft if cracked; inspect tab before reuse - Check X body PCCF layers for cracking around T-slots - Check rods, covers, bumpers for cracks or deformation - Verify rod pre‑tension, no play by hand - Confirm motor screws tight (visual + touch) - Battery rail: strap buckle closed and secure; rail inner surfaces visually clear - Boss pads (if payload fitted): no visible cracking at base; both M3 screws tight by hand

Payload interface (V2.4.6 — when payload is fitted): - GX12 lock ring screwed tight — no rotation possible by hand - Physical master switch on mast: ON - OSD confirms payload active after drone battery connect - Caddx Peanut (if fitted): internal battery confirmed charged - Payload mass and CG acceptable — no excessive pitch offset on bench

Payload interface (V2.4.6 — when NO payload fitted): - GX12 dust cap fitted and screwed tight - No exposed pins on drone-side connector

Electronics: - Battery voltage & physical condition - FC/ESC/VTX/RX conformal coating intact - Antennas undamaged and secured

Navigation & Control: - GPS: ≥ 8 satellites, home position set - RC link: ELRS LQ and RSSI healthy - Video link: good HDZero signal, DVR ready

Software: - Correct Betaflight profile (CHASE vs CIN) for the props installed - Low‑speed mode configured for skatepark flights - Failsafe: GPS Rescue or Land configured - AUX channel assignments match fitted payload (if any)

Environment: - Area clear of people within required radius (A2 rules) - Wind / weather acceptable for mission

6.2 In‑Flight Safety

  • Maintain VLOS where required by regulation
  • Monitor battery and ESC temperature telemetry
  • Abort flight if:
  • Unusual vibrations appear
  • GPS count drops below 6 and distances are large
  • RC link LQ/RSSI degrade significantly

6.3 Emergency Procedures

Loss of video: - If FC still under control and GPS Rescue configured, trigger Rescue - If near home, perform controlled landing based on last heading

Loss of RC link: - Betaflight failsafe should trigger GPS Rescue or Land - Verify correct behaviour at low altitude during test flights

Battery fire / thermal event: - Drop or place battery in non‑flammable area (outdoors) - Do not inhale fumes; allow pack to burn out in safe location

Crash with unknown attitude: - Disarm immediately - Approach only once props have fully stopped - Perform post‑crash checklist in DMOM before next flight

7. Documentation & Continuous Improvement

  • All incidents, near‑misses, and anomalies should be logged in the Maintenance Logbook (DMOM Chapter 3)
  • For each event:
  • Record: date, location, conditions, pilot, configuration
  • Describe: what happened, suspected cause, any damage
  • Action: design change, tuning change, maintenance change

This DSRA should be reviewed whenever: * The hardware architecture changes (new ESC, different arm material, etc.) * The software configuration changes significantly (new firmware, new modes) * The operational environment changes (different sites, regulatory updates)

8. Revision History

Date Version Description Author
2026-03-06 3.0.1 Initial libdrone V2.4.6 DSRA baseline Jakub / Copilot
2026-03-08 3.2.0 V2.4.6 platform architecture: system overview updated, payload hazards added to HAZID §3.2/3.5, four new design risks R-DES-08 through R-DES-10 (GX12 chimney, battery rail ejection, mast detachment), two new operational risks R-OPS-04/05 (connector not seated, CG shift), pre-flight checklist updated with payload items Jakub / Copilot

END OF FILE

Revision History

Version Date Author Summary
3.4.3 2026-03-27 JS Platform version updated V2.4.6→V2.4.6 throughout. Cross-references updated to LD_ naming.
3.3.0 2025-12 JS GX12-7 risks added. Three-layer architecture risks updated.
3.2.0 2025-09 JS Initial DSRA.