A system that relies on optional sensors must run without them. Graceful degradation is not an option, it is a design constraint set from the very first diagram.
A multi-sensor system rarely fails all at once. A biometric layer drops out, a secondary stream goes silent, latency spikes. If the product halts on every loss, it will never survive production. The rule is simple. The full system must run on the primary source alone.
The primary carries the contract
We define a minimal source of truth that is enough to deliver the function. Everything else is optional enrichment. Biometric layers refine the decision, but their absence breaks nothing. The nominal path never depends on a signal that may be missing.
Cadences are decoupled. Each stream has its own rhythm, its own buffer, its own clock. We do not synchronize a slow sensor onto a fast one. We consume the last valid value and move on. A delay on a secondary stream does not freeze the primary stream.
Smooth without oscillating
Noise is handled with an exponential weighted moving average, the EWMA. It tracks the signal without storing the full history and costs almost nothing. State transitions go through hysteresis. Two distinct thresholds prevent flicker around a boundary value.
The debounce filters transitions too brief to be real. A layer that returns for a fraction of a second must not retrigger a decision. The principle to keep is one sentence. Reliability does not come from the sensors present, it comes from the behavior when they are missing.