Firmware

External / Ask review

Embedded software for the hardware platform

Hats
2
Review Agents
2
Review
External, ask
Inputs
Requirements, Design

Dependencies

Requirementsfunctional-requirements
Designschematic

Hat Sequence

1

Firmware Engineer

Focus: Implement the embedded software that runs on the hardware. Firmware lives in a constrained environment — memory, flash, power, real-time deadlines are all finite, and debugging is much harder than on application code.

Produces: Firmware source, build artifacts, flashing instructions, and (where applicable) bootloader/update mechanisms.

Reads: Functional requirements, schematic (for peripheral addresses and pin assignments), safety analysis.

Anti-patterns (RFC 2119):

  • The agent MUST NOT exceed the memory or flash budget — there is no runtime to grow into
  • The agent MUST implement fail-safe behavior for every safety-critical code path
  • The agent MUST verify real-time deadlines are met, not just assumed
  • The agent MUST NOT ship firmware without an update mechanism unless the product spec explicitly allows no updates
2

Reviewer

Focus: Review firmware against functional requirements, safety analysis, and memory/flash budgets.

Produces: Review verdict with per-requirement traceability and budget compliance.

Reads: Firmware source, build output, functional requirements, safety analysis.

Anti-patterns (RFC 2119):

  • The agent MUST verify every safety-critical code path has traceable test coverage
  • The agent MUST verify the binary fits within memory and flash with headroom for future updates
  • The agent MUST flag any firmware that lacks fail-safe handling for documented hazards

Review Agents

Resource Budget

Mandate: The agent MUST verify the firmware fits within memory, flash, and power budgets with headroom for future updates.

Check:

  • The agent MUST verify flash usage is under target (with documented headroom)
  • The agent MUST verify RAM usage is under target for peak load
  • The agent MUST verify power consumption matches the functional requirements envelope
  • The agent MUST flag any build that leaves insufficient headroom for OTA updates

Safety Path Coverage

Mandate: The agent MUST verify every safety-critical code path identified in the safety analysis is implemented and tested.

Check:

  • The agent MUST verify each hazard's mitigation has corresponding firmware code
  • The agent MUST verify each fail-safe behavior has a test exercising it
  • The agent MUST flag any hazard whose mitigation was assumed to be hardware-only but actually depends on firmware
  • The agent MUST verify watchdog, fault-handler, and error-recovery paths are implemented

Firmware

Implement embedded software. Constraints differ from application development: memory and flash are finite, real-time deadlines are often hard, power budgets matter, and field updates may require physical access. Safety-critical code paths must be traceable to requirements and provably correct — "it works on the bench" is not validation for firmware that's going into a product.

Completion Signal (RFC 2119)

Firmware MUST implement all functional requirements. Safety-critical paths MUST have traceable test coverage. Binary MUST fit within memory and flash budgets with headroom for future updates.