This is an advanced topic. Default risk configuration is already in place so you don't need to change anything to start working with KF.
Truke KF computes a numerical risk value and a discrete risk class for every event. Both are derived from a single risk configuration item that you edit through the admin panel at `/admin/conf`. There is no separate configuration file — the configuration lives in the database, is versioned like any other KF item, and its history is the audit trail for every risk calculation ever performed.
This page explains the configuration format and walks through several ready-to-use examples.
Go to Admin → Configuration (`/admin/conf`). The page shows the current configuration body as plain text. Click the edit icon to open the editor. On save, a new revision is created. Events created before the save retain their original risk interpretation; re-evaluation always uses the config revision that was current at the time the event was created.
The configuration is written in OGDL — the same indentation-based format used elsewhere in KF. Lines starting with `#` are comments. String values containing spaces must be enclosed in double quotes.
The top-level sections are:
| Section | Required | Purpose |
|---|---|---|
meta | no | Name, version, description, global parameters |
severity | yes | Severity scale and labels |
occurrence | yes | Probability-of-occurrence scale and labels |
detection | no | Detection or controllability scale |
controllability | no | Controllability scale (alternative to detection) |
risk_labels | yes | Named risk classes with display colors |
matrices | yes | One or more risk matrices; exactly one is active |
meta sectionmeta name "My risk configuration" version 1 description "Custom risk config for widget manufacturing" min_probability 1e-9
name, version, and description are documentation only and have no runtime effect.
min_probability sets a global floor for the log_normalized transform used on occurrence (and detection) scales. The typical value is 1e-9, which corresponds to 1 FIT — one failure per 10⁹ operating hours, a standard unit in automotive and semiconductor reliability. When set, this floor applies regardless of the smallest label value defined in the scale, giving the transform a physically meaningful lower bound.
The severity scale uses the identity transform — values enter the formula unchanged. The range is `-1.0 .. open` (values may slightly exceed 1.0 for safety-critical labels). Negative values represent opportunities (positive outcomes); positive values represent threats.
severity
range -1.0 .. open
transform identity
labels
OPP2
value -0.5
title "Significant opportunity"
OPP1
value -0.1
title "Minor opportunity"
1
value 0.1
title "Very minor"
5
value 0.5
title Moderate
10
value 1.0
title Hazardous
Labels are listed in order of increasing value. The order matters: rule predicates using S>=label compare ordinal positions in this list, not numeric values.
Two labels sharing the same value are aliases and must be listed consecutively. Either name is valid as input and both produce the same result. Example: ISO 26262 uses S1`–`S3 labels that share values with numeric severity labels.
The occurrence scale uses the log_normalized transform, which maps a probability in the range `(0, 1]` onto a linear `[0, 1]` scale using the formula:
\[ O_{norm} = \frac{\log_{10}(O) - \log_{10}(O_{min})}{-\log_{10}(O_{min})} \]
where \(O_{min}\) is min_probability from the meta section (or the smallest label value if min_probability is not set). This gives low probabilities a meaningful resolution — without the log transform, the difference between 1 ppm and 1 FIT would be invisible.
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
E1
value 0.001
title "Very rare"
E2
value 0.01
title Rare
E3
value 0.1
title Occasional
E4
value 1.0
title Frequent
The upper bound must be exactly 1.0. The smallest label value must be `> 0` (or min_probability must be set).
Detection represents the probability that a failure is identified before it causes harm. It accepts the same numeric input formats as occurrence and is typically processed with an identity transform when used as a direct probability estimate. Some methodologies (AIAG-VDA) use a reverse scale where high detection numbers mean poor detection; use inverse transform for that.
detection
range 0.0 .. 1.0
transform identity
labels
D1
value 0.9
title "Almost certain"
D2
value 0.5
title Moderate
D3
value 0.1
title "Unlikely"
Controllability represents the ability to control or mitigate an event. The inverse transform converts "ability to control" (high = good) into "non-controllability" (high = bad risk contribution):
controllability
range 0.0 .. 1.0
transform inverse
labels
C1
value 0.9
title Manageable
C2
value 0.5
title Difficult
C3
value 0.1
title Uncontrollable
Risk labels are the output classifications. Each has a name, a hex color, and an optional display title:
risk_labels
CRIT
color #b30000
title Critical
HIGH
color #e64500
title High
MED
color #f0a020
title Medium
LOW
color #f0d020
title Low
NEGL
color #c0c0c0
title Negligible
Label names used in matrix rules must be declared here. Order is the display order in the UI.
To include opportunity labels, add them with green hues:
OPP_LOW
color #a0d0a0
title "Minor opportunity"
OPP_MED
color #40a060
title "Moderate opportunity"
OPP_HIGH
color #006030
title "Strong opportunity"
The matrices section holds one or more matrix definitions. The selected field names the active matrix. Switching matrices is a one-line edit and is fully audited through the config revision history.
matrices
selected default
default
title "Log-additive S+O risk"
formula "(S + O) / 2"
resolution first_match
rules
CRIT "R>=0.5"
HIGH "R>=0.25"
MED "R>=0.05"
LOW "R>0"
catch_all NEGL
Formula variables:
| Variable | Meaning |
|---|---|
| `S` | Severity (magnitude; sign is handled automatically) |
| `O` | Occurrence, post-transform |
| `D` | Detection, post-transform |
| `C` | Controllability, post-transform |
The formula may use `+`, `-`, `*`, `/`, parentheses, numeric literals, and `|...|` for absolute value (rarely needed — sign is separated automatically).
Sign separation. Because severity can be negative (opportunity), the formula always operates on the magnitude of S, and the sign is reapplied to the result. A formula `(S + O) / 2` with severity OPP2 (-0.5) and occurrence E3 (0.1, normalized ≈ 0.67) gives R ≈ −0.59, which a rule `"R<-0.25"` would match as a strong opportunity.
Rules use first_match resolution — the first rule that matches wins. Rules end with a mandatory catch_all fallback.
Predicates come in two forms:
R>=0.5 — compares the computed risk score against a numeric threshold.S>=MED — compares the ordinal position of the chosen label against a reference label name. This is independent of numeric values and of the transform.Multiple predicates in one rule are joined by AND:
OPP_LOW "R<0, R>=-0.05"
For occurrence and detection fields, users can type a measurement with a unit instead of selecting a label. The runtime converts it to a probability and picks the nearest label:
| Unit | Conversion | Example |
|---|---|---|
| `%` | ÷ 100 | `"5 %"` → 0.05 |
ppm | ÷ 10⁶ | `"1000ppm"` → 0.001 |
FIT | ÷ 10⁹ | `"1000000 FIT"` → 0.001 |
A space between the number and the unit is optional. Setting `min_probability 1e-9` in meta aligns the transform's lower bound with 1 FIT.
Suitable for general product risk, process FMEA, or quality management. Four severity levels, four occurrence levels, no detection scale.
meta
name "Simple S+O risk"
version 1
severity
range 0.0 .. open
transform identity
labels
1
value 0.1
title Minor
5
value 0.5
title Moderate
8
value 0.8
title Serious
10
value 1.0
title Critical
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
E1
value 0.001
title "Very rare"
E2
value 0.01
title Rare
E3
value 0.1
title Occasional
E4
value 1.0
title Frequent
risk_labels
HIGH
color #e64500
title High
MED
color #f0a020
title Medium
LOW
color #f0d020
title Low
NEGL
color #c0c0c0
title Negligible
matrices
selected default
default
title "S+O log-additive"
formula "(S + O) / 2"
resolution first_match
rules
HIGH "R>=0.4"
MED "R>=0.1"
LOW "R>0"
catch_all NEGL
Add negative severity labels for opportunities and extra risk labels for the green side of the risk spectrum.
meta
name "S+O with opportunities"
version 1
min_probability 1e-9
severity
range -1.0 .. open
transform identity
labels
OPP3
value -1.0
title "Catastrophic opportunity"
OPP2
value -0.5
title "Significant opportunity"
OPP1
value -0.1
title "Minor opportunity"
1
value 0.1
title "Very minor"
5
value 0.5
title Moderate
10
value 1.0
title Hazardous
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
E1
value 0.001
title "Very rare"
E2
value 0.01
title Rare
E3
value 0.1
title Occasional
E4
value 1.0
title Frequent
risk_labels
CRIT
color #b30000
title Critical
HIGH
color #e64500
title High
MED
color #f0a020
title Medium
LOW
color #f0d020
title Low
NEGL
color #c0c0c0
title Negligible
OPP_LOW
color #a0d0a0
title "Minor opportunity"
OPP_MED
color #40a060
title "Moderate opportunity"
OPP_HIGH
color #006030
title "Strong opportunity"
matrices
selected default
default
title "Log-additive S+O risk"
formula "(S + O) / 2"
resolution first_match
rules
CRIT "R>=0.5"
HIGH "R>=0.25"
MED "R>=0.05"
LOW "R>0"
OPP_LOW "R<0, R>=-0.05"
OPP_MED "R<-0.05, R>=-0.25"
OPP_HIGH "R<-0.25"
catch_all NEGL
Full automotive configuration with ISO 26262-compatible severity aliases, occurrence scale anchored to 1 FIT, and a conservative alternative matrix for safety-critical review.
meta
name "Default automotive risk config"
version 1
description "AIAG-VDA aligned scales, log-additive risk with sign separation"
min_probability 1e-9
severity
range -1.0 .. open
transform identity
labels
OPP3
value -1.0
title "Catastrophic opportunity"
OPP2
value -0.5
title "Significant opportunity"
OPP1
value -0.1
title "Minor opportunity"
1
value 0.1
title "Very minor"
5
value 0.5
title Moderate
10
value 1.0
title Hazardous
S1
value 1.0
title "Minor harm"
S2
value 1.1
title "Major harm"
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
E1
value 0.001
title "Very rare"
E2
value 0.01
title Rare
E3
value 0.1
title Occasional
E4
value 1.0
title Frequent
risk_labels
CRIT
color #b30000
title Critical
HIGH
color #e64500
title High
MED
color #f0a020
title Medium
LOW
color #f0d020
title Low
NEGL
color #c0c0c0
title Negligible
OPP_LOW
color #a0d0a0
title "Minor opportunity"
OPP_MED
color #40a060
title "Moderate opportunity"
OPP_HIGH
color #006030
title "Strong opportunity"
matrices
selected default
default
title "Log-additive S+O risk"
formula "(S + O) / 2"
resolution first_match
rules
CRIT "R>=0.5"
HIGH "R>=0.25"
MED "R>=0.05"
LOW "R>0"
OPP_LOW "R<0, R>=-0.05"
OPP_MED "R<-0.05, R>=-0.25"
OPP_HIGH "R<-0.25"
catch_all NEGL
conservative
title "Stricter thresholds (safety review)"
formula "(S + O) / 2"
resolution first_match
rules
CRIT "R>=0.35"
HIGH "R>=0.15"
MED "R>=0.03"
LOW "R>0"
OPP_LOW "R<0, R>=-0.03"
OPP_MED "R<-0.03, R>=-0.15"
OPP_HIGH "R<-0.15"
catch_all NEGL
To switch to the conservative matrix, change `selected default` to `selected conservative` and save. All new events will use the conservative thresholds; existing events retain their original classification.
Add detection when failure modes can be intercepted before they cause harm, and you want the detection effectiveness to reduce the computed risk.
meta
name "S+O+D risk"
version 1
min_probability 1e-9
severity
range -1.0 .. open
transform identity
labels
OPP1
value -0.1
title "Minor opportunity"
1
value 0.1
title "Very minor"
5
value 0.5
title Moderate
10
value 1.0
title Hazardous
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
E1
value 0.001
title "Very rare"
E2
value 0.01
title Rare
E3
value 0.1
title Occasional
E4
value 1.0
title Frequent
detection
range 0.0 .. 1.0
transform identity
labels
D1
value 0.9
title "Almost certain"
D2
value 0.5
title Moderate
D3
value 0.1
title "Unlikely"
risk_labels
CRIT
color #b30000
title Critical
HIGH
color #e64500
title High
MED
color #f0a020
title Medium
LOW
color #f0d020
title Low
NEGL
color #c0c0c0
title Negligible
matrices
selected default
default
title "S+O weighted by detection"
formula "(S + O) / 2 * (1 - D/2)"
resolution first_match
rules
CRIT "R>=0.4"
HIGH "R>=0.2"
MED "R>=0.05"
LOW "R>0"
catch_all NEGL
Here detection D1 (0.9) reduces risk by up to 45%; D3 (0.1) reduces it by only 5%.
Rules can also fire based on label positions rather than computed R values. This is useful when a specific severity label should always trigger a certain risk class regardless of probability:
rules
CRIT "S>=10" # any event with severity 10 or above is always Critical
HIGH "R>=0.25"
MED "R>=0.05"
LOW "R>0"
catch_all NEGL
The predicate S>=10 compares the ordinal position of the chosen severity label against the position of the label named 10 in the severity scale. It fires when the chosen severity is at or after that label in the declaration order.
It is possible to encode both the AIAG-VDA Action Priority system and ISO 26262 ASIL in a single configuration so that classification is routed per-event based on which labels the analyst picks. Two new features make this clean:
class attribute on labels — tags a subset of labels as belonging to a named group (e.g. `class asil`). Labels within a class must be monotonically ordered among themselves; no cross-class ordering constraint is imposed. This allows ASIL labels to carry their authentic physical values without conflicting with AP label values.| Dimension | ASIL inputs | AIAG-VDA AP inputs |
|---|---|---|
| Severity | S1, S2, S3 (with `class asil`) | 1 – 10 |
| Occurrence | E1–E4 (with `class asil`) | 1 – 10 (occurrence rate) |
| Third input | C1, C2, C3 (controllability) | 1 – 10 (detection) |
| Output | QM / ASIL A–D | AP: Low / Medium / High |
The ASIL labels appear after the AP labels in the flat list (S1=1.0, S2=1.1, S3=1.2 sit naturally above the AP range ceiling of 1.0). Routing uses S:asil — a class predicate that is true for any label tagged `class asil` and false for all others.
meta
name "AIAG-VDA AP + ISO 26262 ASIL combined"
version 2
min_probability 1e-9
severity
range 0.0 .. open
transform identity
labels
# AIAG-VDA AP severity labels (ordinals 0–9)
1
value 0.1
title "1 – No effect"
2
value 0.2
3
value 0.3
4
value 0.4
5
value 0.5
6
value 0.6
7
value 0.7
title "7 – High, vehicle operable"
8
value 0.8
9
value 0.9
title "9 – Hazardous with warning"
10
value 1.0
title "10 – Hazardous without warning"
# ISO 26262 ASIL labels — class asil, values ≥ 1.0, ordinals 10–12
# S1 and AP "10" share value 1.0 but are not aliases (different classes)
S1
value 1.0
class asil
title "S1 – Slight injury"
S2
value 1.1
class asil
title "S2 – Serious injury"
S3
value 1.2
class asil
title "S3 – Life-threatening"
occurrence
range 0.0 .. 1.0
transform log_normalized
labels
# AIAG-VDA AP occurrence labels (ordinals 0–9)
1
value 0.0000007
title "O1 – ≤1 in 1,500,000"
2
value 0.000007
title "O2 – 1 in 150,000"
3
value 0.00007
title "O3 – 1 in 15,000"
4
value 0.0005
title "O4 – 1 in 2,000"
5
value 0.003
title "O5 – 1 in 400"
6
value 0.012
title "O6 – 1 in 80"
7
value 0.05
title "O7 – 1 in 20"
8
value 0.12
title "O8 – 1 in 8"
9
value 0.33
title "O9 – 1 in 3"
10
value 1.0
title "O10 – ≥1 in 2"
# ISO 26262 ASIL exposure labels — class asil, ordinals 10–13
# Authentic ISO 26262 exposure fractions; no cross-class monotonicity required
E1
value 0.001
class asil
title "E1 – Very low exposure (<1%)"
E2
value 0.01
class asil
title "E2 – Low exposure (1–10%)"
E3
value 0.1
class asil
title "E3 – Medium exposure (10–90%)"
E4
value 0.9
class asil
title "E4 – High exposure (>90%)"
detection
range 0.0 .. 1.0
transform identity
labels
1
value 0.05
title "D1 – Almost certain"
2
value 0.15
3
value 0.25
4
value 0.35
5
value 0.45
6
value 0.55
7
value 0.65
8
value 0.75
9
value 0.85
10
value 0.95
title "D10 – Absolute uncertainty"
controllability
range 0.0 .. 1.0
transform identity
labels
C1
value 0.01
title "C1 – Simply controllable"
C2
value 0.50
title "C2 – Normally controllable"
C3
value 0.99
title "C3 – Difficult to control"
risk_labels
ASIL_D
color #7b0000
title "ASIL D"
ASIL_C
color #b30000
title "ASIL C"
ASIL_B
color #e64500
title "ASIL B"
ASIL_A
color #f0a020
title "ASIL A"
QM
color #a0d0a0
title "Quality Managed"
AP_H
color #b30000
title "AP: High"
AP_M
color #f0a020
title "AP: Medium"
AP_L
color #f0d020
title "AP: Low"
NEGL
color #c0c0c0
title Negligible
matrices
selected combined
combined
title "AIAG-VDA AP + ISO 26262 ASIL"
formula "0"
resolution first_match
rules
# ASIL events: when "S:asil" fires for any severity label tagged class asil
# Inputs: severity S1–S3, occurrence E1–E4, controllability C1–C3
# Rules derived from ISO 26262 Part 3, Table B.1, most restrictive first
when "S:asil"
ASIL_D "S>=S3, O>=E4, C>=C3"
ASIL_C "S>=S3, O>=E4, C>=C2"
ASIL_C "S>=S3, O>=E3, C>=C3"
ASIL_C "S>=S2, O>=E4, C>=C3"
ASIL_B "S>=S3, O>=E4"
ASIL_B "S>=S3, O>=E3, C>=C2"
ASIL_B "S>=S3, O>=E2, C>=C3"
ASIL_B "S>=S2, O>=E4, C>=C2"
ASIL_B "S>=S2, O>=E3, C>=C3"
ASIL_B "S>=S1, O>=E4, C>=C3"
ASIL_A "S>=S3, O>=E3"
ASIL_A "S>=S3, O>=E2, C>=C2"
ASIL_A "S>=S3, O>=E1, C>=C3"
ASIL_A "S>=S2, O>=E4"
ASIL_A "S>=S2, O>=E3, C>=C2"
ASIL_A "S>=S2, O>=E2, C>=C3"
ASIL_A "S>=S1, O>=E4, C>=C2"
ASIL_A "S>=S1, O>=E3, C>=C3"
catch_block QM
# AP events: no block guard needed — ASIL events are fully consumed above.
# Ordinal comparisons against AP label names naturally exclude ASIL labels:
# ordinal("9") = 8 < ordinal(S1) = 10, so "S>=9" can't fire for S1/S2/S3
# if they somehow escaped the when block.
# Inputs: severity 1–10, occurrence 1–10, detection 1–10
AP_H "S>=9"
AP_H "S>=7, O>=7, D>=7"
AP_H "S>=5, O>=9, D>=9"
AP_M "S>=7, O>=4"
AP_M "S>=5, O>=7, D>=5"
AP_M "S>=3, O>=9, D>=8"
AP_L "S>=5, O>=4"
AP_L "S>=3, O>=7"
AP_L "S>=1"
catch_all NEGL
Spot checks against ISO 26262 Table B.1: S2+E3+C2 → ASIL_B ✓ (enters `when "S:asil"`, matches `S>=S2, O>=E3, C>=C2`). S3+E4+C3 → ASIL_D ✓ (first rule inside the block). S1+E1+C1 → QM ✓ (no specific ASIL rule matches, `catch_block QM` fires).
1. No placeholder values. S1=1.0, S2=1.1, S3=1.2 carry their authentic ISO 26262 severity magnitudes; they sit naturally at or above the AP range ceiling (AP "10" = 1.0). E1–E4 carry authentic ISO 26262 exposure fractions (0.001–0.9); no cross-class monotonicity constraint applies.
2. Class routing is structural. S:asil is true for any label tagged `class asil`; it does not depend on label values or ordinal positions. Adding or reordering labels inside a class does not silently break the routing.
3. AP classification is an approximation. The authentic AIAG-VDA AP table is a 3D discrete lookup (S×O×D). The nine AP rules above approximate the table's structure. Teams requiring exact AP compliance should expand the AP section to enumerate the full boundary conditions as ordered ordinal rules.
4. Input convention. ASIL events provide S1/S2/S3 + E1/E2/E3/E4 + C1/C2/C3. AP events provide 1–10 for all three of S, O, D. The system does not enforce this — mixing label types produces a result but is meaningless.
5. Controllability values represent non-controllability. C1=0.01 (low risk contribution), C3=0.99 (high risk contribution). This is opposite to the common reading of C-numbers in ISO 26262, where higher C means more controllable. The ordinal predicates are correct regardless of how the values read.
The system validates the configuration on every save. Hard errors (such as a missing catch_all rule, a scale threshold ordering problem, or a rule referencing an undeclared label) prevent the save from completing and are reported with a line number. Warnings (dead rules, a catch_all that dominates most of the matrix, partial range coverage) are shown but do not block the save.