From 06e65d1128a5aa2805f83ae315630279a0c88ad3 Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 21 Apr 2026 19:15:02 +0200 Subject: [PATCH 1/7] initial vacp proposal doc --- docs/features/vacp/index.rst | 192 +++++++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 docs/features/vacp/index.rst diff --git a/docs/features/vacp/index.rst b/docs/features/vacp/index.rst new file mode 100644 index 00000000000..efc7a3e075a --- /dev/null +++ b/docs/features/vacp/index.rst @@ -0,0 +1,192 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _vacp_feature: + +VACP +#### + +.. document:: VACP + :id: doc__vacp + :status: draft + :safety: ASIL_B + :security: NO + :tags: feature_request + :realizes: wp__feat_request + +.. toctree:: + :maxdepth: 1 + :glob: + :titlesonly: + :hidden: + + */index + +Feature flag +============ + +To activate this feature, use the following feature flag: + +``experimental_vacp`` + +Abstract +======== + +This proposal introduces the Vehicle Agent Collaboration Protocol (VACP), a standardized framework for secure and interoperable +collaboration between vehicle on-board agents and infrastructure-based agents. The protocol enables agents to collaboratively +fulfill user intentions by discovering, negotiating, and orchestrating capabilities across vehicles and intelligent infrastructure. +VACP defines an end-to-end workflow including intention establishment, capability discovery and exchange, collaborative planning, and +execution of fulfillment plans. It further specifies constraints and guarantees such as deterministic execution, contextual awareness, +human-in-the-loop approval and intervention, and robust security and trust mechanisms. + +The protocol is designed to be extensible and transport-agnostic, allowing it to operate over various underlying communication channels. +Unlike traditional rule-based coordination systems, VACP is purpose-built for agentic systems, where autonomous agents dynamically reason, +plan, and adapt to achieve goals. + +Motivation +========== + +As the automotive and infrastructure ecosystems increasingly adopt AI-driven capabilities, there is a growing need for standardized collaboration +mechanisms between distributed intelligent agents. Today’s systems remain largely siloed: + +* vehicles operate independently with limited coordination, +* infrastructure provides static or reactive services, +and cross-domain orchestration is minimal or proprietary. + +This limits the realization of advanced scenarios such as: dynamically coordinated traffic systems, autonomous valet and parking ecosystems, +and collaborative safety response across vehicles and road infrastructure. VACP addresses this gap by enabling intent-driven, cross-entity +collaboration, allowing agents to jointly reason about goals and coordinate actions in real time. + + +Rationale +========= + +VACP is designed as a purpose-built semantic layer for agentic collaboration on top of existing service-oriented communication standards. +Traditional approaches rely on predefined message sets and static coordination rules, which are insufficient for the dynamic reasoning and adaptive +planning required by autonomous agents. By introducing a semantic layer with explicit phases for intention establishment, capability discovery, +collaborative planning, and execution, VACP enables flexible and extensible agent interactions. The transport-agnostic design ensures that VACP can +operate over diverse communication channels without imposing constraints on the underlying infrastructure. + +Specification +============= + +VACP defines a standardized end-to-end workflow for agent collaboration across vehicle and infrastructure boundaries. The protocol is structured around the +following core phases and components. An on-vehicle coordination agent (VCA) is responsible to drive the protocol execution. + +Intention Establishment +_______________________ + +An intention can be expressed in various form, ranging from natural language expressions to determinstic UI interactions (such as clicking on a specific menu), +to rule-based triggers. Hence, a sophsicated intention parsing and establishment mechanism, such as through generative AI, is not always required. However, an intention must be unambiguous, +self-contained, and verifiable. + +Collaborative Planning +______________________ + +Once an intention is established, the VCA plans for fulfillment of the intention by creating a fulfillment plan. The plan defines the sequence +and assignment of actions across agents, including fallback strategies and contingency handling. Note that VACP doesn't mandate intelligent, dynamic planning, +which allows the whole fulfillment process to be fully determinstic. This allows common scenarios to be solidified and optimized in an offline planning process, +while still allowing for dynamic reasoning and adaptation in more complex scenarios. + +Capability Discovery and Exchange +_________________________________ + +As the fulfillment plan is established, the VCA identifies and assembles required capabilities to fullfill the plan. VCA initiate capability discovery by +broadcasting a capability request or querying a registry. Participating agents respond with capability offers that match the requested criteria, including +both functional and non-functional attributes. VCA evaluates offers based on criteria such as availability, trustworthiness, and compatibility with the +fulfillment plan. +Note the broadcasting is not necessarily implemented as a network broadcast, but can be implemented as a direct request to known registry services with a location-based scope, +or a direct request to known agents in the vicinity. The exact discovery mechanism is not mandated by VACP and can be adapted to the deployment context. + +Execution and Monitoring +________________________ + +VCA exeutes the fulfillment plan by coordinating the involved agents to perform their assigned actions. The protocol includes mechanisms for monitoring execution progress, +detecting faults or deviations, and triggering contingency plans as needed. Human-in-the-loop approval and intervention mechanisms allow for safety-critical actions to +require explicit human approval, and for humans to override or abort. + +Security and Trust +__________________ + +All agent interactions must be authenticated and integrity-protected. +Trust relationships between agents are established through verifiable credentials and attestation mechanisms. +The protocol must support revocation and re-establishment of trust at runtime. + +Contextual Awareness +____________________ + +Agents must maintain and share contextual information relevant to the collaboration, such as environmental conditions, +vehicle state, and infrastructure status. +Context must be timestamped and validated to ensure consistency across collaborating agents. + + +Requirements +____________ + +.. note:: + + Requirements for this feature are under development. + + +Backwards Compatibility +======================= + +VACP is a new protocol and does not replace existing V2X or service-oriented communication mechanisms. +Integration with existing systems is ensured by the transport-agnostic design, allowing VACP messages to be carried over established communication channels. + + +Security Impact +=============== + +VACP introduces new attack surfaces related to inter-agent communication and collaborative decision-making. +The following non-complete list highlights security considerations: + +- Agent Authentication + - All agents must be authenticated before participation in a collaboration session + - Credentials must be verified and revocable at runtime +- Message Integrity + - All protocol messages must be integrity-protected to prevent tampering or replay attacks +- Trust Management + - Trust relationships must be explicitly established and continuously validated + - Compromised agents must be detectable and isolatable + + +Safety Impact +============= + +VACP is designed to support safety-relevant collaborative scenarios up to ASIL-B. +The following list gives an idea of safety considerations and is not complete. An in-depth safety analysis must be conducted in the future. + +- Deterministic Execution + - Fulfillment plans must be deterministic and reproducible to support safety analysis +- Human-in-the-Loop + - Safety-critical actions must include human approval and intervention checkpoints +- Fault Handling + - The protocol must handle agent failures, communication losses, and plan deviations gracefully without compromising safety + +License Impact +============== + +VACP is expected to be implemented primarily using Free and Open Source Software (FOSS), in alignment with the Eclipse Foundation's licensing principles. + +- All new components developed under this feature shall be licensed under the Apache 2.0 License +- No additional licensing constraints are introduced by this feature request beyond those already adopted in S-CORE + +How to Teach This +================= + +The following sources are recommended for onboarding: + +- This feature request document and its linked requirements +- The S-CORE platform documentation for related features such as Communication and AI Platform From 3130f9740d0f32dad8b1315cf333fd9c0e58444a Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 20:30:16 -0700 Subject: [PATCH 2/7] clean doc --- docs/features/vacp/index.rst | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docs/features/vacp/index.rst b/docs/features/vacp/index.rst index efc7a3e075a..54c6f88ed12 100644 --- a/docs/features/vacp/index.rst +++ b/docs/features/vacp/index.rst @@ -25,14 +25,6 @@ VACP :tags: feature_request :realizes: wp__feat_request -.. toctree:: - :maxdepth: 1 - :glob: - :titlesonly: - :hidden: - - */index - Feature flag ============ From 21046116d8acbff7fa0a78b9dc45516fb2cdb16e Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 20:34:28 -0700 Subject: [PATCH 3/7] minor format fix --- docs/features/vacp/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/vacp/index.rst b/docs/features/vacp/index.rst index 54c6f88ed12..0a5a5b244a5 100644 --- a/docs/features/vacp/index.rst +++ b/docs/features/vacp/index.rst @@ -54,7 +54,7 @@ mechanisms between distributed intelligent agents. Today’s systems remain larg * vehicles operate independently with limited coordination, * infrastructure provides static or reactive services, -and cross-domain orchestration is minimal or proprietary. +* cross-domain orchestration is minimal or proprietary. This limits the realization of advanced scenarios such as: dynamically coordinated traffic systems, autonomous valet and parking ecosystems, and collaborative safety response across vehicles and road infrastructure. VACP addresses this gap by enabling intent-driven, cross-entity From bf48b26d816e3828eebba32df3d62f2c18503e89 Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 20:48:01 -0700 Subject: [PATCH 4/7] add requirements --- docs/features/vacp/index.rst | 12 +- docs/features/vacp/requirements/index.rst | 165 ++++++++++++++++++++++ 2 files changed, 174 insertions(+), 3 deletions(-) create mode 100644 docs/features/vacp/requirements/index.rst diff --git a/docs/features/vacp/index.rst b/docs/features/vacp/index.rst index 0a5a5b244a5..6c04152afb9 100644 --- a/docs/features/vacp/index.rst +++ b/docs/features/vacp/index.rst @@ -25,6 +25,14 @@ VACP :tags: feature_request :realizes: wp__feat_request +.. toctree:: + :maxdepth: 1 + :glob: + :titlesonly: + :hidden: + + */index + Feature flag ============ @@ -126,9 +134,7 @@ Context must be timestamped and validated to ensure consistency across collabora Requirements ____________ -.. note:: - - Requirements for this feature are under development. +See :ref:`vacp_requirements` for the list of feature requirements derived from this specification. Backwards Compatibility diff --git a/docs/features/vacp/requirements/index.rst b/docs/features/vacp/requirements/index.rst new file mode 100644 index 00000000000..5a7ff29e4bc --- /dev/null +++ b/docs/features/vacp/requirements/index.rst @@ -0,0 +1,165 @@ +.. + # ******************************************************************************* + # Copyright (c) 2025 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # SPDX-License-Identifier: Apache-2.0 + # ******************************************************************************* + +.. _vacp_requirements: + +Requirements +============ + +.. feat_req:: Intention Establishment + :id: feat_req__vacp__intention_establishment + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The platform shall provide a mechanism to establish an unambiguous, self-contained, and verifiable + user intention, supporting various input modalities including natural language, deterministic UI + interactions, and rule-based triggers. + +.. feat_req:: Collaborative Planning + :id: feat_req__vacp__collaborative_planning + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The Vehicle Coordination Agent (VCA) shall create a fulfillment plan for an established intention, + defining the sequence and assignment of actions across collaborating agents, including fallback + strategies and contingency handling. The platform shall support both pre-defined deterministic + plans and dynamically generated plans. + +.. feat_req:: Capability Discovery + :id: feat_req__vacp__capability_discovery + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The platform shall provide a transport-agnostic mechanism for the VCA to discover capabilities + offered by vehicle on-board and infrastructure-based agents, supporting broadcast, registry-based, + and direct query discovery patterns. + +.. feat_req:: Capability Exchange and Evaluation + :id: feat_req__vacp__capability_exchange + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The platform shall allow agents to respond to capability requests with offers describing functional + and non-functional attributes, and shall enable the VCA to evaluate offers based on availability, + trustworthiness, and compatibility with the fulfillment plan. + +.. feat_req:: Plan Execution and Monitoring + :id: feat_req__vacp__plan_execution + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The VCA shall coordinate execution of the fulfillment plan across the assigned agents, monitor + execution progress, detect faults or deviations, and trigger contingency plans as required. + +.. feat_req:: Deterministic Execution + :id: feat_req__vacp__deterministic_execution + :reqtype: Non-Functional + :security: NO + :safety: ASIL_B + :status: draft + + Fulfillment plans designated as safety-relevant shall be executable in a deterministic and + reproducible manner to support safety analysis. + +.. feat_req:: Human-in-the-Loop Approval + :id: feat_req__vacp__human_in_the_loop + :reqtype: Functional + :security: NO + :safety: ASIL_B + :status: draft + + The protocol shall provide approval and intervention checkpoints that require explicit human + confirmation for safety-critical actions, and shall allow humans to override or abort an + in-progress fulfillment plan. + +.. feat_req:: Fault Handling + :id: feat_req__vacp__fault_handling + :reqtype: Functional + :security: NO + :safety: ASIL_B + :status: draft + + The protocol shall handle agent failures, communication losses, and plan deviations gracefully + without compromising the safety of the overall system. + +.. feat_req:: Agent Authentication + :id: feat_req__vacp__agent_authentication + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + All agents participating in a VACP collaboration session shall be authenticated prior to + participation, using credentials that can be verified and revoked at runtime. + +.. feat_req:: Message Integrity + :id: feat_req__vacp__message_integrity + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + All VACP protocol messages shall be integrity-protected to prevent tampering and replay attacks. + +.. feat_req:: Trust Management + :id: feat_req__vacp__trust_management + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + The protocol shall support explicit establishment, continuous validation, revocation, and + re-establishment of trust relationships between collaborating agents at runtime, including the + detection and isolation of compromised agents. + +.. feat_req:: Contextual Awareness + :id: feat_req__vacp__contextual_awareness + :reqtype: Functional + :security: YES + :safety: ASIL_B + :status: draft + + Agents shall maintain and share contextual information relevant to the collaboration, such as + environmental conditions, vehicle state, and infrastructure status. Shared context shall be + timestamped and validated to ensure consistency across collaborating agents. + +.. feat_req:: Transport-Agnostic Communication + :id: feat_req__vacp__transport_agnostic + :reqtype: Non-Functional + :security: NO + :safety: ASIL_B + :status: draft + + The protocol shall be transport-agnostic and capable of operating over diverse underlying + communication channels without imposing constraints on the underlying infrastructure. + +.. feat_req:: Extensibility + :id: feat_req__vacp__extensibility + :reqtype: Non-Functional + :security: NO + :safety: ASIL_B + :status: draft + + The protocol shall be extensible to accommodate new agent capabilities, message types, and + collaboration patterns without breaking backward compatibility with existing agents. From 3db36470d0f9f34de0c99eb0e305f53f89d392ef Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 20:55:32 -0700 Subject: [PATCH 5/7] requirement format fixes --- docs/features/vacp/requirements/index.rst | 42 +++++++++++++++-------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/docs/features/vacp/requirements/index.rst b/docs/features/vacp/requirements/index.rst index 5a7ff29e4bc..02b0507dd08 100644 --- a/docs/features/vacp/requirements/index.rst +++ b/docs/features/vacp/requirements/index.rst @@ -22,7 +22,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid The platform shall provide a mechanism to establish an unambiguous, self-contained, and verifiable user intention, supporting various input modalities including natural language, deterministic UI @@ -33,7 +34,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid The Vehicle Coordination Agent (VCA) shall create a fulfillment plan for an established intention, defining the sequence and assignment of actions across collaborating agents, including fallback @@ -45,7 +47,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid The platform shall provide a transport-agnostic mechanism for the VCA to discover capabilities offered by vehicle on-board and infrastructure-based agents, supporting broadcast, registry-based, @@ -56,7 +59,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid The platform shall allow agents to respond to capability requests with offers describing functional and non-functional attributes, and shall enable the VCA to evaluate offers based on availability, @@ -67,7 +71,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid The VCA shall coordinate execution of the fulfillment plan across the assigned agents, monitor execution progress, detect faults or deviations, and trigger contingency plans as required. @@ -77,7 +82,8 @@ Requirements :reqtype: Non-Functional :security: NO :safety: ASIL_B - :status: draft + :satisfies: stkh_req__ai_platform__runtime_determinism + :status: valid Fulfillment plans designated as safety-relevant shall be executable in a deterministic and reproducible manner to support safety analysis. @@ -87,7 +93,8 @@ Requirements :reqtype: Functional :security: NO :safety: ASIL_B - :status: draft + :satisfies: stkh_req__dependability__safe_state + :status: valid The protocol shall provide approval and intervention checkpoints that require explicit human confirmation for safety-critical actions, and shall allow humans to override or abort an @@ -98,7 +105,8 @@ Requirements :reqtype: Functional :security: NO :safety: ASIL_B - :status: draft + :satisfies: stkh_req__dependability__error_reaction + :status: valid The protocol shall handle agent failures, communication losses, and plan deviations gracefully without compromising the safety of the overall system. @@ -108,7 +116,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__dependability__security_features + :status: valid All agents participating in a VACP collaboration session shall be authenticated prior to participation, using credentials that can be verified and revoked at runtime. @@ -118,7 +127,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__communication__secure + :status: valid All VACP protocol messages shall be integrity-protected to prevent tampering and replay attacks. @@ -127,7 +137,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__dependability__security_features + :status: valid The protocol shall support explicit establishment, continuous validation, revocation, and re-establishment of trust relationships between collaborating agents at runtime, including the @@ -138,7 +149,8 @@ Requirements :reqtype: Functional :security: YES :safety: ASIL_B - :status: draft + :satisfies: stkh_req__overall_goals__enable_cooperation + :status: valid Agents shall maintain and share contextual information relevant to the collaboration, such as environmental conditions, vehicle state, and infrastructure status. Shared context shall be @@ -149,7 +161,8 @@ Requirements :reqtype: Non-Functional :security: NO :safety: ASIL_B - :status: draft + :satisfies: stkh_req__communication__extensible_external + :status: valid The protocol shall be transport-agnostic and capable of operating over diverse underlying communication channels without imposing constraints on the underlying infrastructure. @@ -159,7 +172,8 @@ Requirements :reqtype: Non-Functional :security: NO :safety: ASIL_B - :status: draft + :satisfies: stkh_req__communication__extensible_external + :status: valid The protocol shall be extensible to accommodate new agent capabilities, message types, and collaboration patterns without breaking backward compatibility with existing agents. From 888d1b4f52abcb28c52bf469f8039204db450583 Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 21:04:53 -0700 Subject: [PATCH 6/7] try different reference format --- docs/features/vacp/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features/vacp/index.rst b/docs/features/vacp/index.rst index 6c04152afb9..8d0bb970f8d 100644 --- a/docs/features/vacp/index.rst +++ b/docs/features/vacp/index.rst @@ -134,7 +134,7 @@ Context must be timestamped and validated to ensure consistency across collabora Requirements ____________ -See :ref:`vacp_requirements` for the list of feature requirements derived from this specification. +See :doc:`requirements/index` for the list of feature requirements derived from this specification. Backwards Compatibility From ebf4220b2eaafb3ad1d7a9f189a09759ca9aba73 Mon Sep 17 00:00:00 2001 From: Haishi Bai Date: Tue, 19 May 2026 21:11:54 -0700 Subject: [PATCH 7/7] try to fix build errors --- docs/modules/os/operating_systems/docs/community/ebclfsa.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/modules/os/operating_systems/docs/community/ebclfsa.rst b/docs/modules/os/operating_systems/docs/community/ebclfsa.rst index 38594c6c5e9..4223d7f7451 100644 --- a/docs/modules/os/operating_systems/docs/community/ebclfsa.rst +++ b/docs/modules/os/operating_systems/docs/community/ebclfsa.rst @@ -17,6 +17,7 @@ :security: YES :safety: QM :status: valid + :belongs_to: feat__os EB corbos Linux for Safety Applications (EBcLfSA) #################################################