Inactivity watchdog (dead man switch)

Sentinel tracks each node’s last valid GPS fix in the database (`last_gps_fix_at`). When telemetry arrives without fresh coordinates and the previous fix is older than the configured threshold (`SENTINEL_DEAD_MAN_MINUTES`, default 30 minutes), the backend may insert a warning row in the fleet event log.

This is an operational dead man switch: it does not replace an explicit SOS, but helps surface units that stopped reporting position for too long while still sending other payloads.

A dead man switch (DMS) is a classic mechanism in operational safety: the system expects periodic evidence the worker is OK and, if that evidence doesn't arrive in time, assumes something bad happened and escalates. Especially relevant in lone worker operations: night security, remote tower maintenance, small teams on isolated sites.

Sentinel implements an operational version of DMS based on each node's last valid GPS fix. The backend monitors the last_gps_fix_at column. When telemetry arrives without fresh coordinates and the previous GPS fix exceeds the threshold configured by SENTINEL_DEAD_MAN_MINUTES (default 30 minutes), a warning event can be recorded in the fleet log.

This signal is complementary to explicit SOS, not a replacement. SOS is fired by the operator when there's an identified emergency; DMS detects when the operator can't or won't fire SOS, but the inactivity pattern suggests something is happening. That's why most SOPs use DMS as a second layer: if it fires, the operations center attempts direct contact (radio, call) before mobilizing response.

Threshold is adjustable at server level per organization. For office-bound or slow-mobility operations, higher thresholds (60-90 min) may suit; for dynamic or high-risk tasks, lower (15-20 min). Warnings are deduplicated per node to avoid history clutter. Document the chosen threshold in your SOP and review periodically with HSE to ensure the policy remains reasonable.