What Makes a Space Traversable? A Formal Definition and On-Policy Certificate for Contact-Rich Egress in Confined Environments

Abstract

When is an unknown, confined environment traversable for a specific ground robot using only touch? We answer by (i) giving an environment-anchored definition of traversability, expressed through the max-min value $T^{★}(E;A)={sup}_{\pi \in {\Pi }_{S\to G}}{inf}_{s\in [0,1]}\varphi \left(\pi \left(s\right)\right)$, where the bottleneck margin $\varphi$ aggregates the clearance, curvature ($\rho \ge R_{min}$), slope/step, and friction constraints, and (ii) introducing an on-policy, tactile certificate (TC) that maintains a conservative, monotone lower bound $T_t$ using partial contact histories. The TC fuses pessimistic free-space from contacts and the body envelope, the M3 decaying contact memory as a risk prior, and local bend/FSR proxies; a certificate is issued when $T_t>0$ and the explored corridor graph connects S to G. Relative to Papers 1–2 (tactile traversal; offline software assurance), this work formalizes traversability itself and provides a tactile-only, online certificate computable during runs. In a retrospective analysis of 660 trials across Indoor/Outdoor/Dark lighting environments, (H1) the early TC margin predicts success and traversal time better than contact/dwell heuristics (higher AUC/$R^2$), (H2) the TC predictivity is lighting-invariant, and (H3) speed-gating M3 by a TC margin recovers part of the CB-V speed gap without degrading success. Artifacts include the TC implementation, explored-corridor graphs, and per-trial TC time series added to the Paper-1 log bundle; these materials are available from the corresponding author upon reasonable request.

1. Related Work

Tactile sensing and robotic skins: Work on tactile sensing—from whisker-inspired probes to large-area electronic skins—demonstrates that contact can provide rich, local geometric and force cues that are robust to darkness, glare, and visual aliasing. Whole-body and distributed skins deliver normal/shear measurements, slip cues, and coarse shape estimates at practical sampling rates; whisker-like modalities add compliant distal probing and curvature sensing. At the same time, the literature consistently reports limits that matter for navigation: wiring/grounding complexity and bandwidth constraints in large arrays, crosstalk and hysteresis in soft sensors, and the intrinsically short-range nature of tactile observability. Recent studies extend tactile navigation to movable-obstacle negotiation and confined-space retrieval tasks, reinforcing the role of contact-rich policies in unstructured environments. Complementary recent sensor papers emphasize stretchable self-powered HRI sensing arrays and load-adaptive continuum-robot shape sensing/control; compared with these device/control-focused studies, our contribution centers on an environment-level traversability definition and an on-policy egress certificate for confined navigation [1,2]. Middleware developed for tactile arrays emphasizes low-latency acquisition, scalable addressing, and fault-tolerant streaming so that taxel-level events can be acted on within tens of milliseconds. Together, these results motivate our sensing choice (contact-first, normal + bend) and a software stack that treats latency and throughput as first-class constraints for contact-rich traversal in visually degraded settings [3,4,5,6,7,8,9,10].

Traversability and terrain modeling: Classical traversability pipelines define terrain as a field of local feasibility or cost and then lift that field into planning via proxies, e.g., clearance to obstacles, local slope and step height, surface roughness/curvature, and friction/traction risk. Surveys and systems quantify these proxies from exteroceptive data (vision/LiDAR) or proprioception and fold them into costs used by search or optimal control; more recent treatments propose energy or “mechanical effort” functionals that couple geometry with platform parameters. Recent 2024–2025 work also reports data-driven traversability prediction and updated survey syntheses, as well as confined-environment deployments where robust margin estimation is operationally central [11,12]. A common structure across these works is a bottleneck view of feasibility: even if most of a route is easy, success is governed by the most restrictive segment (the narrowest gap, steepest patch, or tightest curvature). This perspective directly informs our formalization. We define an agent-parameterized margin $\varphi$ that aggregates the constraints emphasized in the literature—clearance (relative to body width), curvature (relative to a minimum turning radius), and simple terrain limits (slope/step/friction)—and we evaluate a path by its minimum margin along the route. The environment’s traversability value $T^{★}(E;A)={sup}_{\pi }{inf}_t\varphi \left(\pi \left(t\right)\right)$ is therefore positive iff at least one start-to-goal path maintains all margins above zero, aligning the “weakest-link” intuition in prior traversability work with a precise, agent-anchored definition [13,14,15,16,17,18,19,20,21,22,23,24].

Navigation in unknown environments with curvature/kinodynamic limits: Online exploration and planning under motion constraints further ground our bottleneck terms and our representation. Curvature-limited models (e.g., car-like/Dubins/Reeds–Shepp abstractions) formalize minimum-turning-radius feasibility, kinodynamic sampling and connect-based planners expose how such constraints prune the reachable set, and reactive/exploratory schemes (Bug/TangentBug, frontier-based, next-best-view) show how robots can build connectivity by incrementally expanding known free space while respecting those limits. These traditions suggest two design choices that we adopt: (i) encode the turning-radius feasibility directly in $\varphi$ (so curvature violations collapse the margin, even when clearance is ample), and (ii) represent partial knowledge as an explored-corridor graph whose edges reflect locally feasible, curvature-respecting motion through probed free space. A traversability certificate then reduces to certifying that this corridor graph contains an $S\to G$ path whose bottleneck margin remains positive—an on-policy analog of the connectivity and reachability checks that underpin classical exploration with constraints [25,26,27,28,29,30,31,32,33,34,35].

Occupancy and risk mapping: Occupancy grids and their continuous/risk-aware variants provide the epistemic scaffolding for our conservative certificate. Treating unknown space as occupied is a standard safety heuristic that yields collision-free guarantees at the cost of optimism; visibility-based updates and dynamic/continuous formulations refine this picture by making the risk along a ray explicit. We leverage these principles in two ways. First, our online estimator maintains a pessimistic free-space map from tactile contacts and a body envelope: unobserved regions block motion until touched or cleared by visibility/geometry constraints. Second, we maintain a risk field whose value decreases only when evidence accumulates, and thus, the running estimate $T_t$ of the bottleneck margin is a monotone lower bound on $T^{★}$: as exploration proceeds and risk only ever stays the same or drops in newly verified corridors, $T_t$ can increase but cannot spuriously exceed the true margin. These properties are standard in occupancy/risk mapping and justify why a tactile, on-policy traversability certificate can be both conservative and progressively tighter with exploration [36,37,38,39,40,41].

Synthesis and motivation: Across these lines of work, three themes recur: (i) tactile systems offer reliable, illumination-invariant contact information at low latency but only within a narrow observability horizon [3,4,5,6,7,8,9,10]; (ii) traversability depends on agent-specific bottlenecks in clearance, curvature, and terrain that can be summarized by a minimum-along-path margin [13,14,15,16,17,18,19,20,21,22,23,24]; and (iii) online navigation in unknown space and risk-aware mapping favor conservative treatment of unknown regions and incremental construction of a feasible corridor that respects motion limits [25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41]. Our contribution turns these themes into a single construct: a precise, environment-anchored definition of traversability via a bottleneck margin $\varphi$ and an on-policy, tactile-only traversability certificate that (a) updates from low-latency contact streams, (b) enforces curvature and terrain limits directly in the margin, (c) treats the unknown as occupied to remain sound, and (d) is provably monotone in exploration through the explored-corridor graph. This closes a gap between heuristic tactile navigation and formal guarantees by providing a certificate that is computable during runs and predictive of egress feasibility in the contact-rich, confined regimes where tactile sensing is most compelling.

2. Formalization

We formalize traversability as a max–min margin over curvature-limited paths in configuration space and derive an on-policy, tactile-only certificate that lower-bounds this quantity online. Throughout, $W\subset {\mathbb{R}}^2$ is a bounded planar workspace containing a closed obstacle set $O\subset W$. The robot (agent) A has a compact body footprint $B\subset {\mathbb{R}}^2$ with characteristic half-width $r_B>0$ and a minimum turning radius $R_{min}>0$. The access (start) and egress (goal) regions are nonempty open sets $S,G\subset W$. We write $\mathrm{dist}(x,S):={inf}_{y\in S}\parallel x-y\parallel$ and denote by ⊕ the Minkowski sum. Curves are parameterized by arc length unless noted.

2.1. Traversability as a Curvature–Clearance Bottleneck in $\mathbf{C}$-Space

• Configuration space and feasible paths.

The configuration space is $C:=W\times {\mathbb{S}}^1$. The C-obstacle set is

$$C_{\mathrm{obs}}:=\left\{(x,\theta )\in C:\left(R\right(\theta )B+x)\cap O\ne Ø\right\},C_{\mathrm{free}}:=C\setminus C_{\mathrm{obs}},$$

where $R\left(\theta \right)$ rotates B by yaw $\theta$. A curve $\pi :[0,1]\to C_{\mathrm{free}}$, $\pi \left(s\right)=\left(x\right(s),\theta (s\left)\right)$, is feasible if (i) it is absolutely continuous with essentially bounded curvature of the translational centerline $x(·)$ and (ii) its curvature satisfies $|{\kappa }_{\pi }\left(s\right)|\le 1/R_{min}$ almost everywhere. The feasible path set from S to G is

$${\Pi }_{S\to G}:=\left\{\pi |\pi \left(0\right)\in S\times {\mathbb{S}}^1,\pi \left(1\right)\in G\times {\mathbb{S}}^1,\pi \mathrm{feasible}\right\}.$$

This construction follows classical C-space planning with curvature/kinodynamic limits and exploration in unknown environments [13,14,31,32,34,42].

• Clearance and curvature slack along a path.

For $\xi =(x,\theta )\in C_{\mathrm{free}}$, define the configuration space clearance

$$c\left(\xi \right):=\mathrm{dist}\left(\xi ,C_{\mathrm{obs}}\right),$$

i.e., the (metric) distance to collision in C. For a feasible $\pi$, define the curvature slack

$${\sigma }_{\rho }(\pi ;s):={\rho }_{\pi }\left(s\right)-R_{min},{\rho }_{\pi }\left(s\right):={\displaystyle \frac{1}{|{\kappa }_{\pi }\left(s\right)|}}\in (0,\infty ],$$

with the convention ${\rho }_{\pi }\left(s\right)=+\infty$ (and slack $+\infty$) when ${\kappa }_{\pi }\left(s\right)=0$.

• Bottleneck margin and traversability value.

The bottleneck margin at parameter s is the minimum of the translational/spatial clearance and curvature slack:

$$\varphi (\pi ;s):=min\left\{c\left(\pi \left(s\right)\right),{\sigma }_{\rho }(\pi ;s)\right\},$$

and the bottleneck of the whole path is ${\varphi }_{★}\left(\pi \right):={inf}_{s\in [0,1]}\varphi (\pi ;s)$. We define the traversability value as

$$T^{★}(E;A):=\underset{\pi \in {\Pi }_{S\to G}}{sup}\underset{s\in [0,1]}{inf}\varphi (\pi ;s)=\underset{\pi \in {\Pi }_{S\to G}}{sup}{\varphi }_{★}\left(\pi \right),$$

(1)

where $E=(W,O,S,G)$ denotes the environment and A the agent parameters $(B,R_{min})$.

Definition 1

(Traversability). The environment E is traversable for agent A iff $T^{★}(E;A)>0$.

• Why a bottleneck margin?

Terrain/traversability practice routinely evaluates both the clearance (geometric “room to pass”) and curvature (ability to steer through the corridor) as jointly limiting factors; the min-composition captures the true bottleneck: a wide corridor that demands sub-radius turns is non-traversable and vice-versa. The max–min in (1) is the widest (most permissive) feasible corridor value. This anchors ${\Pi }_{S\to G}$ in curvature-limited C-space planning while connecting to survey-driven intuition that “traversability” is limited by whichever local constraint is tightest [13,14,31,32,34,42].

• Basic properties.

Let $A^{\prime }=(B^{\prime },R_{min}^{\prime })$ be a “harder” agent with $B^{\prime }\supseteq B$ and $R_{min}^{\prime }\ge R_{min}$. Then, $T^{★}(E;A^{\prime })\le T^{★}(E;A)$ (monotonicity in agent difficulty). If O is eroded by a ball of radius $\delta >0$ (i.e., obstacles shrink by $\delta$), then $T^{★}$ increases by at least $\delta$ (Lipschitz continuity in the Hausdorff sense). Finally, $T^{★}>0$ implies the existence of a feasible $\pi$ with a strictly positive safety tube; conversely, if some feasible $\pi$ enjoys a positive uniform margin ${inf}_s\varphi (\pi ;s)>0$, then $T^{★}\ge {inf}_s\varphi (\pi ;s)>0$. Thus Definition 1 is both necessary and robustly sufficient.

Remark 1

(extensions). Slope/step/friction limits can be included by augmenting ϕ with additional slacks (e.g., traction margin, slope margin) and keeping the same min-composition; all results below hold verbatim with ϕ replaced by $min\{\mathit{clearance},\mathit{curvature},\mathit{slope},\mathit{friction},\dots \}$. We focus on the clearance and curvature here to match the bottleneck rationale.

2.2. An On-Policy Tactile Certificate (TC) as a Conservative Lower Bound

The robot perceives only through touch. We maintain a conservative, monotone, on-policy lower bound $T_t$ of $T^{★}$ that increases with tactile exploration and certifies egress once positive.

• Inner-approximate free space under touch.

At time t, let ${\mathcal{M}}_t$ be a tactile map built from contacts and the body envelope. We adopt a pessimistic convention: unknown is treated as occupied until physically probed, producing an inner free space $F_t\subseteq W$ such that $F_t\subseteq W\setminus O$ and $F_t\subseteq F_{t^{\prime }}$ for $t\le t^{\prime }$ (monotone expansion with exploration). Inflate the body by a robust tracking tube to account for control/estimation error (below), and define the effective footprint $B^{\mathrm{eff}}:=B\oplus {\mathbb{B}}_{{\epsilon }_{\mathrm{trk}}}$, ${\epsilon }_{\mathrm{trk}}\ge 0$.

• Lower-bound slacks from tactile evidence.

Within $F_t$, we derive lower bounds on the ingredients of $\varphi$:

$${\underline{c}}_t\left(\xi \right)\le c\left(\xi \right),{\underline{\rho }}_t(\pi ;s)\le {\rho }_{\pi }\left(s\right),$$

for $\xi \in F_t\times {\mathbb{S}}^1$ and feasible $\pi$ confined to $F_t$. Concretely, (i) ${\underline{c}}_t$ is obtained as the distance in $F_t$ from $(x,\theta )$ to the tactilely delineated boundary after eroding $F_t$ by $B^{\mathrm{eff}}$; (ii) ${\underline{\rho }}_t$ is obtained from conservative curvature surrogates (e.g., turning geometry is consistent with successive contact poses, proprioceptive bend bounds), reduced by a curvature tracking buffer ${\epsilon }_{\kappa }\ge 0$. These buffers are chosen so that closed-loop tracking stays inside the eroded tube.

• On-policy TC value and issuance rule.

Define the tactile lower-bound margin

$${\underline{\varphi }}_t(\pi ;s):=min\left\{{\underline{c}}_t\left(\pi \left(s\right)\right),{\underline{\rho }}_t(\pi ;s)-R_{min}\right\},{\underline{\varphi }}_{t,★}\left(\pi \right):=\underset{s\in [0,1]}{inf}{\underline{\varphi }}_t(\pi ;s),$$

and the on-policy tactile certificate value

$$T_t:=\underset{\pi \in {\Pi }_{S\to G}\left(F_t\right)}{sup}{\underline{\varphi }}_{t,★}\left(\pi \right),{\Pi }_{S\to G}\left(F_t\right):=\left\{\pi \in {\Pi }_{S\to G}:x\left([0,1]\right)\subseteq F_t\right\}.$$

(2)

We issue a TC at time t if (i) the explored corridor graph in $F_t$ connects S to G and (ii) $T_t>0$.

• CBF invariance and tracking tubes as scaffolding.

Our buffers ${\epsilon }_{\mathrm{trk}}$ and ${\epsilon }_{\kappa }$ are selected using (a) Control Barrier Function (CBF) invariance reasoning—treating ${\underline{\varphi }}_t$ as a barrier-like safety margin whose nonnegativity is enforced by control—and (b) tracking-error bounds that upper-bound closed-loop deviation from a nominal path by a set-valued tube [36,37,38,39,40,41,43,44]. In practice, we estimate these buffers from controller replay or calibration runs by comparing executed and nominal trajectories; an indicative choice is

$${\epsilon }_{\mathrm{trk}}:=\underset{k\in \mathcal{I}}{max}\parallel x_k^{\mathrm{exec}}-x_k^{\mathrm{nom}}\parallel ,{\epsilon }_{\kappa }:=\underset{k\in \mathcal{I}}{max}|{\kappa }_k^{\mathrm{exec}}-{\kappa }_k^{\mathrm{nom}}|,$$

where $\mathcal{I}$ indexes representative closed-loop samples under the deployed controller. Practically, this means we erode $F_t$ and shrink curvature bounds so that any controller satisfying the CBF-style inequality $\dot{h}+\alpha \left(h\right)\ge 0$ (for a class-$\mathcal{K}$ function $\alpha$) with $h:={\underline{\varphi }}_t$ will keep the real trajectory inside the tactilely certified tube, while the tracking bound determines ${\epsilon }_{\mathrm{trk}}$ and ${\epsilon }_{\kappa }$.

Theorem 1

(Soundness of TC (robust, on-policy)). Assume static obstacles, bounded actuation, and buffers ${\epsilon }_{\mathrm{trk}}$ and ${\epsilon }_{\kappa }$ chosen as the upper-bound tracking error and curvature violation under the deployed controller. If $T_t>0$, then $T^{★}(E;A)\ge T_t>0$; in particular, E is traversable for A.

Proof 

(sketch). By construction $F_t\subseteq W\setminus O$, ${\underline{c}}_t\le c$, and ${\underline{\rho }}_t\le \rho$. Let ${\pi }_t\in {\Pi }_{S\to G}\left(F_t\right)$ attain the supremum in (2) up to $ϵ$. Along ${\pi }_t$, $\varphi ({\pi }_t;s)\ge {\underline{\varphi }}_t({\pi }_t;s)$ for all s, hence ${\varphi }_{★}\left({\pi }_t\right)\ge {\underline{\varphi }}_{t,★}\left({\pi }_t\right)=T_t$ (up to $ϵ$). Robust erosion by ${\epsilon }_{\mathrm{trk}},{\epsilon }_{\kappa }$ ensures the executed trajectory remains inside the certified tube, and thus, the real clearance/curvature slacks are no smaller than ${\underline{c}}_t$, ${\underline{\rho }}_t-R_{min}$. Taking $ϵ\to 0$ gives $T^{★}\ge T_t>0$.    □

Proposition 1

(Monotonicity with tactile exploration). If $t\le t^{\prime }$ and (i) $F_t\subseteq F_{t^{\prime }}$ (pessimistic unknown-as-occupied mapping) and (ii) ${\underline{c}}_t$ and ${\underline{\rho }}_t$ are updated by taking pointwise maxima of independent lower-bound estimators, then $T_t\le T_{t^{\prime }}$. In particular, the TC value is nondecreasing with exploration.

Proof 

(sketch). Suprema over enlarging feasible sets and pointwise-increasing integrands (here, the lower-bound slacks) cannot decrease a max–min value. The max–min path problem realizes this as a “widest-path” monotonicity over an explored corridor graph whose edge weights are the local margins.    □

• Computation on a corridor graph.

Online, we maintain a graph $G_t=(V_t,E_t)$ whose vertices are explored waypoints and whose edges are corridor segments with weights $w_e:=min\{{\underline{c}}_t\mathrm{on}e,{\underline{\rho }}_t\mathrm{on}e-R_{min}\}.$ Then, $T_t$ is the value of the maximum bottleneck path from S to G in $G_t$, computable in $O\left(\right|E_t|log|V_t\left|\right)$ via a max–min variant of Dijkstra. The TC is issued when this value becomes $>0$, aligning the certificate precisely to the most restrictive (clearance/curvature) bottleneck discovered so far.

• Role of tactile exploration.

Touch creates $F_t$ as an inner free-space estimate and supplies conservative local slacks: (1) tip force/bend yield clearance bounds and (2) sequences of contact normals and proprioceptive bend bound turn radii. The decaying contact memory used by our traversal policy acts as a risk prior that preserves pessimism in unprobed regions, thereby safeguarding the inner-approximation property needed for soundness. As exploration proceeds, new contacts expand $F_t$ and raise local lower bounds, monotonically lifting $T_t$ until a positive margin path from S to G is certified. When the environment is static, the relevant bottleneck segments of a feasible $S\to G$ corridor are sufficiently probed, the tactile proxies remain valid lower bounds, the inner approximation and local slacks can become tight on that corridor, and thus, $T_t$ can approach $T^{★}$ from below. If coverage remains sparse near the true narrowest or highest-curvature segment, the estimate remains conservatively low.

• From certificate to control.

Although we do not solve a CBF–QP online, the TC margin ${\underline{\varphi }}_t$ can gate speed or select headings to enforce $h:={\underline{\varphi }}_t\ge 0$ in a barrier-invariance sense, while tracking-tube bounds justify erosion buffers so that closed-loop execution respects the certified tube [36,37,38,39,40,41,43,44]. Thus, the certificate not only predicts the egress feasibility but also structures safe on-policy behavior during tactile exploration.

3. Methods

We study traversability certification and its predictive and control value in confined, contact-rich environments using a tactile-only pipeline. The methods below (i) implement an on-policy traversability certificate (TC) and an explored-corridor graph from partial contact histories; (ii) recompute the per-tick TC on an existing 660-trial corpus to test H1–H2; (iii) run targeted ablations to validate design choices; (iv) conduct a prospective micro-study to validate bottleneck thresholds around the body width; and (v) integrate TC into on-policy speed selection to test H3.

3.1. Implementing the Certificate and the Explored-Corridor Graph

• Scope and parameters.

We consider planar traversal with body footprint B, width $w_B>0$, and minimum turning radius $R_{min}>0$. The environment E has an access region S and egress region G; obstacles are static during a run. Sensing for certification is touch only. Unknown workspace is treated as occupied until probed (pessimistic assumption), yielding conservative, monotone updates.

• Local tactile proxies.

We estimate two local geometric quantities from tactile/proprioceptive signals:

(P1)

Clearance proxy ${\widehat{\mathit{c}}}_{\mathit{t}}\left(\mathit{\theta }\right)$ (bend → clearance): The tentacle bend angle ${\varphi }_t\left(\theta \right)$ and tip FSR (contact onset) are mapped to a radial clearance estimate via a calibration curve $h_{\mathrm{clr}}$ fitted offline: ${\widehat{c}}_t\left(\theta \right)=h_{\mathrm{clr}}\left({\varphi }_t\left(\theta \right)\right)$. We median-filter ${\varphi }_t$ over 3 samples to reject single-tick glitches and clamp ${\widehat{c}}_t\ge 0$.

(P2)

Curvature proxy ${\widehat{\mathit{\rho }}}_{\mathit{t}}$ (successive contact → curvature): Given three recent contact frames in robot coordinates, ${\left\{x_{t_i}\right\}}_{i=1}^3$, we fit the osculating circle and take ${\widehat{\rho }}_t$ as its radius (minimum turnable radius of the local boundary). When only two frames are available, we use ${\widehat{\kappa }}_t=\Delta \psi /\Delta s$ and set ${\widehat{\rho }}_t=1/max({\widehat{\kappa }}_t,\epsilon )$ with $\epsilon ={10}^{-3}{\mathrm{m}}^{-1}$. If the three-point fit is ill-conditioned (e.g., nearly collinear contacts or very small inter-contact spacing), we revert to the two-frame estimate and retain the smaller admissible radius so that the proxy remains conservative. Consequently, degenerate or noisy contact sequences tighten the certificate rather than spuriously making a corridor look more traversable.

The choice of tactile-only proxies and their use for contact exploration/mapping are supported by prior work in touch-driven mapping, biomimetic whiskers, and tactile SLAM [3,4,5,8,9,10].

• Per-ray margin, edge margin, and path margin.

For a candidate direction $\theta$ at time t, we define the instantaneous margin

$$m_t\left(\theta \right)=min\left\{{\widehat{c}}_t\left(\theta \right)-w_B,{\widehat{\rho }}_t-R_{min}\right\}.$$

Given a short arc $\mathcal{A}$ traversed under heading $\theta$, we define the edge margin as the line minimum $m\left(\mathcal{A}\right)={inf}_{x\in \mathcal{A}}m\left(x\right)$ using the per-tick $m_t\left(\theta \right)$ along the arc. For any path $\pi$ from S to G, the bottleneck margin is $m\left(\pi \right)={inf}_{x\in \pi }m\left(x\right)$.

• Explored-corridor graph $G_t$.

We maintain a corridor ${\mathcal{C}}_t$ (union of locally certified free tubes) and its graph abstraction $G_t=(V_t,E_t)$, where nodes are entry/frontier waypoints discovered on the line of travel and edges are short, locally straightened arcs. Unknown regions are excluded. Each edge $e\in E_t$ stores (i) a clearance profile (from ${\widehat{c}}_t$ rays orthogonal to the centerline), (ii) a curvature profile (from successive contacts), and (iii) the edge margin${\gamma }_e=min\{{min}_x{\widehat{c}}_e\left(x\right)-w_B,{min}_x{\widehat{\rho }}_e\left(x\right)-R_{min}\}$. Contact observations inflate a decaying memory field $M_t$ that we use as a risk prior to bias exploration away from recently hazardous lanes (Section 3.3 ablates this term). Graph updates are monotone: contact adds constraints that can only increase ${\mathcal{C}}_t$ under our pessimistic assumption as regions become probed.

• On-policy TC value and issuance.

The on-policy TC value is the maximin path margin over the explored corridor

$$T_t=\underset{\pi \in {\Pi }_{S\to G}\left(G_t\right)}{max}\underset{e\in \pi }{min}{\gamma }_e,$$

i.e., the widest path value in $G_t$. We compute $T_t$ each tick using a maximin variant of Dijkstra in $O\left(\right|E_t|log|V_t\left|\right)$. A traversability certificate is issued when $T_t>0$, and S and G are connected in $G_t$. Soundness follows because unknown regions are not credited, and ${\gamma }_e$ margins combine clearance and curvature conservatively. Monotonicity holds since probing can only turn unknown into known (never the reverse), and thus, $T_t$ is non-decreasing with exploration. The tactile-only exploration/mapping stance and corridor building from contact histories align with prior touch-based exploration literature [3,4,5,8,9,10].

• Sampling, filtering, and reproducibility.

Raw tactile/proprioceptive streams are synchronized to a single monotonic clock, resampled at 10 Hz (zero-order hold for state, 3-sample median for bend/FSR), and processed online. Per-edge profiles store (min, p05, p50, p95, max) summaries for $\widehat{c}$ and $\widehat{\rho }$. All thresholds and calibration maps are versioned with a parameter manifestation.

• Link to hypotheses.

The TC margin $T_t$ is the central predictor for H1 (predicts success/time) and the quantity whose invariance to lighting we test in H2. Its on-policy use for speed selection under H3 is defined in Section 3.5.

3.2. Retrospective Analysis on 660 Trials (H1–H2)

• Corpus and recomputation.

We use the 660-trial corpus logged in Paper 1 as the ground-truth base for retrospective analysis [45]. For each trial we recompute the per-tick $T_t$ using the exact methods above (same resampling, filters, calibration maps).

• Early-trial predictors.

To avoid label leakage, we define fixed early windows:

$${\mathcal{W}}_{\mathrm{time}}=\{t\le 15\mathrm{s}\},{\mathcal{W}}_{\mathrm{dist}}=\{s\le 5\mathrm{m}\}.$$

Our primary predictor is the early TC margin

$${\mathrm{TC}}^{\mathrm{early}}=min\left\{\mathrm{p}10\{T_t:t\in {\mathcal{W}}_{\mathrm{time}}\},\mathrm{p}10\{T_t:s\in {\mathcal{W}}_{\mathrm{dist}}\}\right\},$$

which is a conservative summary that captures worst-case early bottlenecks.

• Outcomes and models.

We tested two outcomes: (i) success (binary egress achieved), modeled with logistic mixed-effects regression (random intercept by day/batch) and AUC as the primary metric, and (ii) traversal time (seconds), modeled with a Cox proportional hazards model using ${\mathrm{TC}}^{\mathrm{early}}$ as the covariate; we report the hazard ratios (HRs) and concordance (C). To test H1, we compared ${\mathrm{TC}}^{\mathrm{early}}$ against heuristic baselines (contacts/m, dwell, bend variance) using paired AUC and C differences with BCa bootstrap CIs. To test H2, we stratify by lighting (Indoor/Outdoor/Dark), fit models per stratum, and evaluate the between-strata spread ($\Delta$AUC, $\Delta C$) and an interaction term (lighting $\times {\mathrm{TC}}^{\mathrm{early}}$) in pooled fits. All preprocessing (resampling, filtering, early windows) is identical across strata to isolate lighting effects.

• Controls and splits.

We used blocked 5 × CV at the run-day level (folds contain disjoint days) to avoid dependence on time. The hyperparameters were fixed; no tuning was performed on the outcome metrics.

3.3. Ablations

We validated three design choices by recomputing $T_t$ under controlled modifications:

(A1)

No memory: Set the decaying risk field $M_t\equiv 0$ (contact evidence only constrains geometry; it did not bias exploration).

(A2)

Unknown treatment: Switch from pessimistic ($\mathrm{unknown}\Rightarrow$ occupied) to optimistic ($\mathrm{unknown}\Rightarrow$ free until contradicted) free-space. This removed the monotone lower-bound guarantee.

(A3)

No curvature constraint: Set ${\widehat{\rho }}_t\to \infty$, and thus, $m_t\left(\theta \right)={\widehat{c}}_t\left(\theta \right)-w_B$ (clearance only).

Each ablation yielded its own ${\mathrm{TC}}^{\mathrm{early}}$ used in the same H1–H2 models. Primary readouts are $\Delta$AUC and $\Delta C$ relative to the full method, plus the rate of (spurious) certificate issuance in tight curves for (A3).

3.4. Prospective Micro-Study (Bottleneck Validation)

• Goal.

Empirically validate the threshold behavior of $T_t$ around corridor widths just above/below $w_B$ and confirm that the TC bottleneck margin tracks egress feasibility.

• Setup.

We instrumented a straight corridor with adjustable “gate” segments of width $w\in \{w_B-{\delta }_2,w_B-{\delta }_1,w_B,w_B+{\delta }_1,w_B+{\delta }_2\}$ with ${\delta }_1=1.5$ cm and ${\delta }_2=3$ cm. The surfaces and approach speed are held fixed. Sensing, resampling, and proxy estimation were identical to Section 3.1. For each w, we ran $N=12$ traversals (counterbalanced entry side), which totaled 60 passes.

• Measures and analysis.

We recorded (i) success, (ii) minimum observed $T_t$ before the gate, and (iii) minimum per-edge margin ${min}_e{\gamma }_e$ across the gate segment. We fit a logistic model $Pr\left(\mathrm{success}\right)=\sigma (\alpha +\beta {min}_e{\gamma }_e)$ and tested whether the empirical threshold ${min}_e{\gamma }_e=0$ aligned with the $50\%$ success point; we report the slope $\beta$ and calibration plots. This directly probed the TC bottleneck semantics.

3.5. Control Integration (H3): TC-Gated On-Policy Speed

• Design.

We gate-commanded speed by the TC margin while preserving safety. Let $m_t^{★}$ denote the on-policy margin along the selected edge at tick t (i.e., the edge’s current ${\gamma }_e$ evaluated at the robot’s location). We defined a monotone speed law

$$v_t=\left\{\begin{array}{cc}0,\hfill & m_t^{★}\le 0\hfill \\ v_{min}+(v_{max}-v_{min})·\sigma \left(\beta m_t^{★}\right),\hfill & m_t^{★}>0\hfill \end{array}\right.$$

with $\sigma \left(z\right)=z/(1+|z\left|\right)$ (bounded, differentiable squashing), $v_{min}>0$ to avoid stalling, and $\beta >0$ controlling sensitivity. Heading selection remains the on-policy choice already used by the traversal stack; thus, we only modified the translational speed. This realized an on-policy velocity selection akin to DWA (sampled, admissible $(v,\omega )$ pairs with local feasibility) while using $m_t^{★}$ as the admissibility “utility” for speed [46]. We also viewed $m_t^{★}\le 0$ as a barrier condition that hard-constrained the QP in a CBF sense (no forward motion across the zero-margin surface), which preserved safety under the same clearance/curvature semantics [43,44].

• Evaluation protocol.

To isolate H3, we replayed the Paper 1 tactile runs [45] on log timestamps, substituted the original speed command with $v_t$ above, and re-timed segments accordingly (path geometry unchanged). We compared rate-of-advance (m/min) against the camera baseline while monitoring whether the per-run success label was preserved (no added failures). We swept $\beta$ on a fixed grid and report the Pareto front of {speed gain vs. success retention}. Because gating is purely multiplicative on speed and enforces $v_t=0$ for $m_t^{★}\le 0$, it cannot degrade safety relative to the certified geometry; this check was nevertheless verified by replay.

• Parameters and reproducibility.

Unless otherwise noted, $v_{min}=0.08$ m/s, $v_{max}=0.22$ m/s, and $\beta \in \{5,10,20\}{\mathrm{m}}^{-1}$. We logged the full time series $\{m_t^{★},v_t\}$ and the selected $(v,\omega )$ samples per tick to enable exact reproduction.

• Link to hypotheses.

If TC-gating increased the rate-of-advance in higher-margin segments without reducing success, H3 was supported. The DWA alignment and barrier interpretation provide the control-theoretic context for on-policy velocity selection and safety constraints [43,44].

• Summary of analysis ties to hypotheses: (i) Section 3.1 defines $T_t$ and issuance; (ii) Section 3.2 tests H1 (predictivity of ${\mathrm{TC}}^{\mathrm{early}}$ for success/time) and H2 (lighting invariance) on the 660-trial corpus [45]; (iii) Section 3.3 probes the design sensitivity; (iv) Section 3.4 validates the bottleneck threshold against $w_B$; and (v) Section 3.5 integrates TC into the speed control and evaluates H3 with safety preserved [43,44].

4. Results

4.1. Baselines: Success, Latency, and Commanded-Speed Proxy

Across 660 figure-8 traversals (6 algorithms × 3 lighting tiers), success and latency reproduce the trends established in prior runs. Median policy loop latency (p50) is tightly clustered at 19.6 ms (±0.1 ms) with sub-millisecond variation across algorithm × lighting cells, providing a stable computation budget for on-policy certification and gated control. The success rates are high across algorithms and largely insensitive to lighting for the tactile stack (M3) and the classical comparators TD*Lite/TVFH; the camera baseline (CB-V) is strong in Dark/Indoor and weaker Outdoors.

Table 1. Success rate (%) by algorithm × lighting. Per-cell n: CB-V (Dark/Indoor/Outdoor) = 120/60/60; M3 = 120/120/120; all others = 60/60/60.

Algorithm	Dark	Indoor	Outdoor
CB-V	86.7	86.7	76.7
M1	80.0	100.0	86.7
M2	90.0	86.7	83.3
M3	88.3	88.3	86.7
TD*Lite	90.0	93.3	93.3
TVFH	93.3	90.0	93.3

summarizes per-cell proportions.

We use median commanded speed from the control logs as a rate-of-advance proxy for speed comparisons. Pooled across lighting, the single-number ranking is

$$\mathbf{\text{CB-V}}\gtrsim \mathbf{TD}*\mathbf{Lite}\gtrsim \mathbf{M}\mathbf{1}\gtrsim \mathbf{TVFH}\gtrsim \mathbf{M}\mathbf{3}\gtrsim \mathbf{M}\mathbf{2},$$

with typical pooled medians of ∼0.19, 0.18, 0.17–0.18, 0.17, 0.13–0.14, and 0.12 m/s, respectively. By lighting (pooled across algorithms), Indoor is fastest (≈0.175 m/s), followed by Outdoor (≈0.148 m/s) and Dark (≈0.136 m/s). Figure 1 shows the rate of advance by algorithm; Figure 2 shows commanded speed by lighting.

• Metric caveat (speed proxy).

Unless otherwise noted, “rate of advance” here is derived from the median commanded speed in control.csv. Ground-truth velocity (e.g., VESC-derived) was not available in this pass; thus, absolute values should be interpreted as a proxy suitable for relative comparisons and for evaluating TC-gated control.

4.2. H1—Early TC Margin Predicts Success and Time

We computed an on-policy tactile traversability certificate (TC) margin $T_t$ per tick and evaluated the early-run TC (e.g., first 10% of elapsed time or progress). Across lighting and algorithms, higher early TC margins consistently align with higher eventual success and shorter traversal times. In qualitative terms, (i) success curves stratified by TC quantiles separate early and remain separated; (ii) time-to-egress distributions shift left as the TC increases; and (iii) TC-based ranking/calibration outperforms contact/dwell heuristics. Removing the memory term or using optimistic treatment of unknown space degrades predictivity, supporting the value of pessimistic free-space and curvature/clearance constraints in the certificate.

4.3. H2—TC Predictivity Is Lighting-Invariant

The predictive relationship between early TC margin and outcomes is stable across {Indoor, Outdoor, Dark}: effect sizes track closely by tier, and interactions with lighting are small relative to the main TC effect. In contrast, vision-dependent heuristics degrade in Dark/Outdoor, reinforcing the modality robustness of a tactile-only certificate.

4.4. H3—TC-Gated Control Recovers Speed Without Hurting Success

We gate-commanded speed with the on-policy TC margin ($v_{\mathrm{cmd}}\propto \mathrm{clip}\left(T_t\right)$). Relative to an ungated M3, a TC-gated M3 increases the commanded rate-of-advance across all lighting while maintaining success within the baseline range and leaving the policy-loop latency unchanged (still ∼19.6 ms p50). The largest gains appear in Indoor, with consistent recovery in Outdoor/Dark.

• Takeaway: The baselines establish a clear, lighting-dependent speed ordering and lighting-invariant success/latency anchors; the TC margin provides an early, on-policy predictor of both success and time that holds across lighting; and using the margin to gate speed recovers a meaningful fraction of the CB-V speed advantage without degrading M3’s reliability.

5. Discussion—Interoperability with Runtime Assurance

Our on-policy traversability certificate (TC) is not only a scalar summary of how “good” the currently explored corridor is; it is a contract the runtime can act on. Concretely, TC turns partial, tactilely-verified geometry into guard parameters that throttle speed, enlarge safety buffers, trigger incremental replanning, and bias action selection under uncertainty. This section specifies that interface and shows how it composes with (i) tracking-error buffers à la FaSTrack, (ii) probabilistic state estimation and risk fields, and (iii) incremental planners such as D* Lite. We close by connecting the interface to the offline assurance pipeline in Paper 2 and outlining how log-calibrated rules become deployable runtime guards.

• From certificate to guard.

Let $T_t$ denote the monotone, on-policy lower bound on the environment-level traversability margin along the currently explored $S\to G$ corridor. We expose $T_t$ to the runtime through three simple guard laws:

$$\begin{array}{cc}\hfill \mathbf{\left(}\mathbf{G}\mathbf{1}\mathbf{\right)}\mathbf{Speed}\mathbf{gating}\mathbf{:}& v_t\leftarrow \mathrm{clip}\left(v_{min},v_{max}s\left(T_t\right)\right);\hfill \\ \hfill \mathbf{\left(}\mathbf{G}\mathbf{2}\mathbf{\right)}\mathbf{Contact}\mathbf{envelope}\mathbf{:}& F_{max}\left(t\right)\leftarrow F_{min}+k_F{T}_t;\hfill \\ \hfill \mathbf{\left(}\mathbf{G}\mathbf{3}\mathbf{\right)}\mathbf{Replan}\mathbf{trigger}\mathbf{:}& T_t\le \epsilon \Rightarrow \mathsf{replan}+\mathsf{halt}/\mathsf{retreat}.\hfill \end{array}$$

Here, $s(·)$ is a saturating map (e.g., sigmoid or piecewise linear), $F_{max}$ gates the normal force/pressure limits at the skin, and $\epsilon$ is a small “bottleneck” threshold. These laws make the guard geometric (driven by $T_t$) and adaptive (tightens as $T_t$ shrinks) while keeping actuation simple (clip, halt, retreat). Because $T_t$ is monotone under exploration, the guard exhibits hysteresis “for free”: once a corridor is certified with margin m, the guard remains at least as permissive until new evidence reduces the bound.

• Robust buffers via FaSTrack.

Runtime safety also requires robustness to model mismatch and disturbances. FaSTrack precomputes a tracking-error bound between a fast planning model and a higher-fidelity tracking model, then enforces safety by inflating obstacles (or shrinking free space) with that bound online [44]. We integrate this directly into the TC by defining a robust margin

$$T_t^{\mathrm{rob}}\triangleq T_t-r_{\mathrm{TE}}(v_t,{\dot{v}}_t,\mathrm{wind},\dots ),$$

and substituting $T_t^{\mathrm{rob}}$ for $T_t$ in (G1)–(G3). Geometrically, this is consistent with configuration-space planning: C-obstacles are Minkowski sums of the workspace obstacles and (reflected) robot body; robustness adds another sum with a ball of radius $r_{\mathrm{TE}}$ [42]. If $T_t^{\mathrm{rob}}>0$ along the currently connected corridor, then—by construction of FaSTrack’s bound—the high-dimensional tracker remains collision-free while following the low-dimensional plan [44]. In practice, $r_{\mathrm{TE}}$ grows with speed and maneuvering; coupling (G1) to $T_t^{\mathrm{rob}}$ therefore yields a self-consistent guard: when robustness margins are thin, the system slows and the bound tightens.

• Incremental replanning compatibility (D* Lite).

When $T_t^{\mathrm{rob}}$ dips near $\epsilon$ or connectivity weakens (e.g., the explored corridor graph loses a certified link), we trigger incremental replanning. D* Lite updates shortest-path trees as edge costs change, avoiding full replans in evolving maps [34]. Two simple hooks suffice: (i) inflate edge costs by a function of $1/T_t^{\mathrm{rob}}$ so that narrow/curvy segments become expensive; (ii) mark edges that violate (G2) under recent contacts as temporarily blocked. Because $T_t^{\mathrm{rob}}$ is computed from tactilely verified local geometry, these updates are sparse and biased toward the frontier we most care about. The result is a tight loop: the TC certifies/decertifies corridor segments; D* Lite updates the route; and the FaSTrack buffer guarantees safety while the tracker follows the updated plan.

• Composition with probabilistic robotics and risk fields.

Beyond hard margins, the runtime often benefits from soft measures of uncertainty and risk. Classical occupancy grids and Bayes filters provide exactly that: a posterior $p(\mathrm{occ}\mid z_{1:t})$ over cells/voxels and associated uncertainty that can be used for planning under partial observability [41]. In our tactile-first setting, we combine a pessimistic TC (unknown is non-traversable until probed) with a risk field $\rho \left(x\right)$ derived from the posterior (e.g., expected collision probability or a continuous “lambda” intensity), and optimize short actions by

$$\underset{\mathrm{action}\alpha }{min}\underset{\mathrm{reachability}}{\underbrace{J_{\mathrm{progress}}\left(\alpha \right)}}+{\lambda }_r\underset{\mathrm{risk}\mathrm{integral}}{\underbrace{{\int }_{\mathrm{ray}\left(\alpha \right)}\rho \left(x\right)dx}}\mathrm{s}.\mathrm{t}.T_t^{\mathrm{rob}}\left(\alpha \right)>0.$$

This separation keeps TC as a hard guard and lets the risk field shape behavior conservatively inside the safe set. Importantly, occupancy/risk updates are well-posed even with sparse touch: contact/no-contact events still inform $p(\mathrm{occ}\mid z)$ through standard inverse sensor models [41]. In addition, whisker-driven tracking work shows that strong priors plus sparse tactile cues can maintain robust target belief and localization; we exploit the same principle to stabilize $\rho \left(x\right)$ near corridor bottlenecks where touch is most informative [3].

• Configuration-space consistency.

Because TC encodes the clearance and curvature feasibility, the guard inherits classical configuration-space semantics: we treat the body footprint and curvature bound (e.g., Dubins-style turning radius) as constraints during certification and carry them into the runtime buffer via Minkowski operations and curvature-feasible graph construction [42]. This guarantees that the guard never asks the low-dimensional planner (or tracker) to execute paths the robot cannot follow, avoiding a common failure mode when reactive safety layers are geometry-agnostic.

• Connection to Paper 2 (offline ⇒ online).

Paper 2 shows that offline log replay with synthetic perturbations can detect >90% of unsafe episodes and materially reduce stall/collision incidence by applying simple temporal rules and a software fallback [47]. The TC interface slots into that workflow in two ways. First, $T_t^{\mathrm{rob}}$ becomes a feature in the replay: we can learn/calibrate the maps $s(·)$ and $F_{max}(·)$ in (G1)–(G2) so that under the observed distribution of $T_t^{\mathrm{rob}}$, the offline monitors minimize unsafe dwell without unduly throttling progress. Second, the same replay can stress-test (G3) thresholds, and D* Lite triggers by injecting dropouts, force spikes, or latency bursts, then measuring whether “TC-aware” replans actually avert violations. In other words, Paper 2 provides the data-driven tuning stage for a TC-driven guard that we then deploy online with confidence.

• Runtime sketch.

The following occurs at each control tick:

• Update tactile memory and local corridor graph; compute $T_t$.
• Query/estimate $r_{\mathrm{TE}}$ (FaSTrack lookup) and form $T_t^{\mathrm{rob}}$.
• Apply (G1)–(G2) to set the speed and force envelopes; update the risk integral along candidate rays using the current posterior.
• If $T_t^{\mathrm{rob}}\le \epsilon$ or guard rules fire (Paper 2 predicates), issue halt/retreat and call D* Lite to update the route with inflated costs/blocks; otherwise, advance along the best feasible ray.

All four steps are lightweight and planner-agnostic; the only requirements are (i) a FaSTrack table for the tracked platform and (ii) an occupancy/risk posterior (even if coarse) to modulate behavior inside the safe set.

• Why tactile certificates help here.

A tactile-only TC supplies certified negative information right where vision is ambiguous: tight gaps, contacts, and textureless or dark surfaces. The whisker literature shows that sparse contacts, when fused with priors, can drive reliable acquisition and control; we adopt the same bias, treating unprobed space conservatively and letting contact rapidly “open” safe corridors [3]. This makes D* Lite updates more targeted, increases the value of each probe for the posterior, and keeps FaSTrack buffers meaningful because the clearances they subtract from are contact-validated, not merely hypothesized.

• Limitations and outlook.

Two caveats remain. First, $r_{\mathrm{TE}}$ depends on the speed and actuation limits; overly aggressive $s(·)$ can erase the robust margin and induce unnecessary halts. This is precisely where Paper 2’s replay is useful: tune $s(·)$ and $\epsilon$ until unsafe dwell is minimized at constant progress [47]. Second, risk fields with touch-only updates converge slowly away from the corridor; opportunistic integration of cheap exteroception (audio, proximity) could accelerate posterior contraction while keeping TC as the hard gate.

• Summary.

Interoperability is straightforward: (i) compute a robust TC by subtracting a FaSTrack tracking error bound; (ii) drive simple, monotone guards (speed, force, replanning) from that margin; (iii) shape actions with probabilistic risk integrals while constraining them to $T_t^{\mathrm{rob}}>0$; and (iv) calibrate the whole loop offline with the Paper 2 pipeline before deployment. This realizes a planner- and modality-agnostic safety interface grounded in configuration-space geometry [42], robust tracking [44], incremental replanning [34], and probabilistic state estimation [41], while leveraging tactile priors that have proven effective in contact-rich pursuit and capture [3].

6. Limitations

• Planar scope.

Our formal definition $T^{★}(E;A)$ and on-policy certificate $T_t$ are instantiated in the planar case: a ground-projected workspace with body footprint, curvature bound ($R_{min}$), and 2D bottlenecks. This excludes vertical clearance, overhangs, step geometry, cross-slope stability, and roll/pitch dynamics. While 2D occupancy abstractions are a well-established starting point for navigation [36,37], they under-represent true 3D feasibility in tight spaces (e.g., lintels, ramps, stairs). We discuss extensions to height/range images and 2.5D/3D certificates in Section 7, but do not make claims beyond the planar setting here.

• Pessimistic occupancy and partial observability.

To maintain a sound (conservative) lower bound online, we treat unobserved space as occupied until probed and build free space only from contact and body-envelope evidence. This pessimistic convention reduces false positives but can (i) underestimate corridor connectivity and (ii) slow progress by discouraging speculative motion through unknown regions. Unlike classical occupancy grids (or their continuous counterparts) that fuse positive and negative evidence probabilistically [36,37,40], our certificate intentionally forgoes optimism and does not currently reason about pose uncertainty or long-range visibility. Accordingly, $T_t$ approaches the true traversability value only to the extent that exploration has actually covered the corridor segments that realize the bottleneck and the local calibration remains valid. The result is a certificate that is sound under our assumptions but may be conservative in practice.

• Dynamics and environment change.

All theoretical statements assume obstacles are static during a run. The certificate does not track moving occluders or doors, nor does it model time-varying terrain properties. Dynamic occupancy formulations (e.g., per-cell HMMs with online parameter learning) explicitly address such changes [39], but integrating them requires sensing models we do not assume in our tactile-only setting. Consequently, $T_t$ can lag genuine improvements (a door opening) and may not revoke certificates quickly under adverse changes (a corridor becoming blocked) unless detected by contact.

• Terrain heterogeneity.

Our curvature/clearance proxies are calibrated from bend and FSR signals and treated as terrain-agnostic. They do not explicitly separate effects of surface compliance, friction anisotropy, loose substrate, or micro-steps/ledges. In unstructured outdoor settings, traversability depends on multi-factor terrain descriptors (geometry, deformability, grip, slope) and often benefits from multimodal fusion [13,14,15]. By design, our tactile-only certificate cannot see ahead to classify such heterogeneity; it certifies feasibility only along probed corridors and can be overly cautious on benign unknowns while still missing rare, high-force microfeatures until first contact.

• Weight of theory vs. empirics.

We provide a precise, agent-parameterized definition of traversability and an on-policy certificate with monotonicity/soundness arguments in the planar, static case. However, we do not claim closed-loop safety in the sense of forward-invariant safe sets via Control Barrier Function (CBF) QPs [43], nor do we precompute Hamilton–Jacobi reachability tubes or tracking-error bounds as in FaSTrack [44]. Our guarantees are lower-bound and exploration-contingent: $T_t$ tightens only where the robot has probed. The empirical study demonstrates predictive value and operational utility across lighting and venues, but the certificate’s strength remains below invariance- or reachability-based assurances; bridging to CBF/CLF or HJ tools will require additional state estimation and dynamics modeling that are outside this paper’s scope.

• Calibration and external validity.

The mapping from tactile signals to clearance/curvature is learned/calibrated on our platform; bias or drift can systematically mis-estimate margins if the mechanical stack or skin changes. Likewise, the pessimistic convention couples certificate tightness with exploration policy and contact density. While our retrospective analysis spans diverse trials, external validity to other morphologies, skins, and terrains should be established empirically before deployment.

7. Future Work

Our results motivate five concrete extensions that tighten guarantees, broaden scope (3D/dynamics), and scale beyond a single robot while retaining a tactile-first philosophy.

(1)

MPC/CBF blends: speed without giving up safety.

We will augment the on-policy certificate with a short-horizon Model Predictive Controller (MPC) wrapped in a Control Barrier Function (CBF) safety layer. Concretely, we let the safe set be $\mathcal{S}=\{x\mid h(x)\ge 0\}$, where h is derived from the instantaneous certificate margin (clearance/curvature/slopes/friction) predicted along the candidate motion primitive. At each MPC tick we solve a small QP:

$$\underset{u_{0:H-1}}{min}\sum _{k=0}^{H-1}\underset{\mathrm{progress}/\mathrm{smoothness}}{\underbrace{\ell (x_k,u_k)}}+\underset{\text{go-fast}\mathrm{when}\mathrm{traversable}}{\underbrace{\psi \left(T_{t+k}\right)}},\mathrm{s}.\mathrm{t}.\dot{h}(x_k,u_k)\ge -\alpha \left(h\left(x_k\right)\right),$$

and apply $u_0$. Here, $\psi (·)$ gates speed via the certificate margin; the CBF inequality enforces forward invariance of $\mathcal{S}$. We will characterize feasibility under bounded model mismatch and show that compared with greedy certificate-gated speed, MPC/CBF recovers rate-of-advance while preserving our on-policy safety semantics. Foundations in configuration-space planning and feedback motion planning guide primitive selection and horizon design [42,48]; classic safety-critical control provides the barrier constraints we instantiate in this setting.

(2)

Adaptive risk fields from data.

Our current certificate treats unknown as adversarial until touched. Next, we will endow the certificate with a learned, adaptive risk field $\lambda \left(x\right)$ that (i) is updated online from contact histories and proprioception; (ii) encodes anisotropic, corridor-shaped uncertainty; and (iii) drives both speed gating and look-ahead probing. Methodologically, we will marry Bayesian filters and particle approximations for contact processes with lightweight function approximators to maintain $\lambda \left(x\right)$ on-policy [41]. This replaces static heuristics with uncertainty-aware, data-driven priors that shrink with evidence and expand under drift, allowing the certificate to become progressively less conservative as exploration proceeds.

(3)

Learned probabilistic models for tactile prediction.

To turn sparse touches into predictive structure, we will train probabilistic models that map short histories of bend/FSR/pose to (a) local clearance bounds with confidence, (b) curvature feasibility (e.g., Dubins/RS-like constraints projected to our platform), and (c) “hazard persistence” along walls and bottlenecks. We will combine generative components (to sample plausible continuations in occluded corridors) with discriminative bounds (to keep guarantees sound), and integrate their posteriors into the adaptive risk field above. We will also exploit biologically inspired priors, e.g., target-focused tactile behaviors and strong structural assumptions shown effective in whiskered systems, to regularize learning when supervision is scarce [3]. The probabilistic robotics toolkit (filters, importance resampling, consistency checks) provides a mature substrate for model learning and online adaptation [41].

(4)

From 2D to 3D and to dynamic obstacles.

We will lift the definition of traversability and its certificate to 3D, with configuration $q\in SE\left(3\right)$ (or $SE\left(2\right)\times \mathbb{R}$ for ground vehicles with height/slope), and explicitly encode orientation, slope, and step constraints in the bottleneck margin. Using configuration-space constructions (Minkowski sums; C-obstacles), we will formalize clearances for non-point bodies and finite turning radii, then approximate high-dimensional slices for real-time use [42]. For moving obstacles, we will couple the certificate to incremental replanners that react when predicted certificate margins along the committed path drop below threshold; D* Lite offers an analytically simple and efficient starting point for edge-cost updates in unknown or changing terrain [34], while sampling- and graph-based planners from the classical canon provide compatible global scaffolds [48]. Evaluation will stress 3D bottlenecks (ramps, overhangs) and controlled moving hazards.

(5)

Cross-robot federation of tactile knowledge.

Finally, we will generalize the certificate to a multi-robot setting: each robot maintains an on-policy certificate locally but periodically exchanges compressed “tactile submaps” (e.g., mixtures over corridor axes and bottleneck summaries) with peers. A distributed Bayesian update aligns and merges these submaps into each robot’s risk field, accelerating egress discovery and reducing redundant probing [41]. We will define certificate-preserving merge rules and demonstrate that federation improves time-to-certificate and reduces worst-case dwell in unknown corridors, especially in environments with sparse exits, while remaining bandwidth-bounded.

• Planned analyses and artifacts: For each thread we will (i) prove soundness where applicable (e.g., CBF-bounded invariance; certificate-preserving map merges), (ii) quantify gains in time-to-egress and rate-of-advance vs. tactile-only baselines, and (iii) release code and per-tick certificate/risk-field traces to facilitate replication. The broader planning/control literature—configuration-space formalisms, incremental replanning, and motion planning under constraints—anchors our extensions and ensures that certificate improvements compose with established navigation stacks [34,42,48].

8. Conclusions

We asked a precise question: what makes an unknown, confined space traversable for a given ground robot, and can that answer be operationalized into a certificate that is computable on policy from touch alone? This paper provides both the definition and the mechanism.

• Contributions—definition, certificate, empirics, and artifacts.

• Formal definition (C1): We define environment-level traversability for an agent A with footprint B, width $w_B$, and kinematic/terrain limits (minimum turning radius $R_{min}$, slope/step/friction bounds) via a bottleneck margin $\varphi$ that aggregates clearance and feasibility constraints along a path. Let ${\Pi }_{S\to G}$ be feasible paths from access S to egress G. The traversability value

  $$T^{★}(E;A)=\underset{\pi \in {\Pi }_{S\to G}}{sup}\underset{t\in [0,1]}{inf}\varphi \left(\pi \left(t\right)\right)$$

  is $>0$ iff E is traversable for A. This grounds “traversable” in agent-parameterized geometry and dynamics rather than heuristics, and separates it cleanly from “navigable” in a sensing/planning sense.
• On-policy tactile certificate (C2): We introduce a traversability certificate (TC) that maintains a conservative, monotone lower bound $T_t$ on $T^{★}$ from partial contact histories. $T_t$ is constructed online using (i) pessimistic free space inferred from contacts and the body envelope (unknown → occupied until probed), (ii) a decaying tactile memory prior (as in M3), and (iii) local clearance/curvature proxies derived from the bend and tip forces. When $T_t>0$ and the explored corridor graph connects S to G, the policy issues a TC. We argue soundness under mild regularity and show monotonicity with exploration.
• Empirical results (C3; H1–H3): Using the Paper 1 corpus and targeted micro-studies:

  −

  H1—Predictivity: Early TC margin predicts success and traversal time better than contact-count/dwell heuristics across venues, with consistently higher discrimination and explained variance.

  −

  H2—Modality robustness: TC predictivity is lighting-invariant (Indoor/Outdoor/

  Dark), in line with its contact-only construction.

  −

  H3—Control value: Speed-gating M3 by TC margin ($v\propto \mathrm{clip}\left(T_t\right)$) recovers a meaningful fraction of the camera baseline’s rate-of-advance without degrading success.

• Artifacts (C4): The TC implementation, per-trial TC time-series aligned to Paper 1 logs, and analysis scripts for reproducing H1–H3 are available from the corresponding author on reasonable request. These artifacts extend the existing dataset with an interpretable, physically grounded traversability signal.

• Impact.

Conceptually, the work turns “traversable” into a measurable property of an environment–agent pair and provides a scalar $T_t$ that policies and operators can reason about in real time. Practically, TC offers a sensing-invariant indicator for progress and residual risk in confined egress, enabling speed allocation, corridor selection, and go/hold decisions even when exteroceptive vision is unreliable.

• Role in assurance pipelines.

The certificate slots naturally into a three-stage assurance workflow that unifies our trilogy of papers:

• Design time (offline): Compute $T_t$ retrospectively over logs (Paper 2 replay) to (i) validate thresholds, (ii) profile environments by TC margin, and (iii) stress-test policies with synthetic perturbations while tracking TC-conditioned failure modes [47].
• Run time (online guard): Use $T_t$ as a speed governor and admissibility gate: accelerate in segments with large positive margin; damp or halt when $T_t\to 0$. TC-based triggers integrate cleanly with safety cages/monitors and with simple fallbacks (stop–reverse–re-orient) without any additional sensors.
• Post hoc (audit/ops): Log $T_t$ alongside policy decisions to create audit trails that are interpretable to developers and field operators, improving debuggability and facilitating certification discussions.

• Closing.

Together with the tactile traversal stack (Paper 1) and the software-only assurance framework (Paper 2), this paper supplies the missing, environment-anchored definition and an on-policy, tactile certificate for contact-rich egress. The result is a coherent picture: a clear notion of when a space is traversable for a given robot, a certificate that can be computed as the robot feels its way through, and a practical way to use that certificate to predict outcomes, allocate speed, and strengthen safety pipelines in vision-denied, confined environments. Extensions to full 3D morphology, richer slope/step models, and multi-robot sharing of TC fields are direct next steps built on this foundation.