eclipse-score · Haishi2016 · Apr 21, 2026 · May 20, 2026 · May 20, 2026 · May 20, 2026
@@ -0,0 +1,190 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+.. _vacp_feature:
+
+VACP
+####
+
+.. document:: VACP
+   :id: doc__vacp
+   :status: draft
+   :safety: ASIL_B
+   :security: NO
+   :tags: feature_request
+   :realizes: wp__feat_request
+
+.. toctree::
+   :maxdepth: 1
+   :glob:
+   :titlesonly:
+   :hidden:
+
+   */index
+
+Feature flag
+============
+
+To activate this feature, use the following feature flag:
+
+``experimental_vacp``
+
+Abstract
+========
+
+This proposal introduces the Vehicle Agent Collaboration Protocol (VACP), a standardized framework for secure and interoperable
+collaboration between vehicle on-board agents and infrastructure-based agents. The protocol enables agents to collaboratively
+fulfill user intentions by discovering, negotiating, and orchestrating capabilities across vehicles and intelligent infrastructure.
+VACP defines an end-to-end workflow including intention establishment, capability discovery and exchange, collaborative planning, and
+execution of fulfillment plans. It further specifies constraints and guarantees such as deterministic execution, contextual awareness,
+human-in-the-loop approval and intervention, and robust security and trust mechanisms.
+
+The protocol is designed to be extensible and transport-agnostic, allowing it to operate over various underlying communication channels.
+Unlike traditional rule-based coordination systems, VACP is purpose-built for agentic systems, where autonomous agents dynamically reason,
+plan, and adapt to achieve goals.
+
+Motivation
+==========
+
+As the automotive and infrastructure ecosystems increasingly adopt AI-driven capabilities, there is a growing need for standardized collaboration
+mechanisms between distributed intelligent agents. Today’s systems remain largely siloed:
+
+* vehicles operate independently with limited coordination,
+* infrastructure provides static or reactive services,
+* cross-domain orchestration is minimal or proprietary.
+
+This limits the realization of advanced scenarios such as: dynamically coordinated traffic systems, autonomous valet and parking ecosystems,
+and collaborative safety response across vehicles and road infrastructure. VACP addresses this gap by enabling intent-driven, cross-entity
+collaboration, allowing agents to jointly reason about goals and coordinate actions in real time.
+
+
+Rationale
+=========
+
+VACP is designed as a purpose-built semantic layer for agentic collaboration on top of existing service-oriented communication standards.
+Traditional approaches rely on predefined message sets and static coordination rules, which are insufficient for the dynamic reasoning and adaptive
+planning required by autonomous agents. By introducing a semantic layer with explicit phases for intention establishment, capability discovery,
+collaborative planning, and execution, VACP enables flexible and extensible agent interactions. The transport-agnostic design ensures that VACP can
+operate over diverse communication channels without imposing constraints on the underlying infrastructure.
+
+Specification
+=============
+
+VACP defines a standardized end-to-end workflow for agent collaboration across vehicle and infrastructure boundaries. The protocol is structured around the
+following core phases and components. An on-vehicle coordination agent (VCA) is responsible to drive the protocol execution.
+
+Intention Establishment
+_______________________
+
+An intention can be expressed in various form, ranging from natural language expressions to determinstic UI interactions (such as clicking on a specific menu),
+to rule-based triggers. Hence, a sophsicated intention parsing and establishment mechanism, such as through generative AI, is not always required. However, an intention must be unambiguous,
+self-contained, and verifiable.
+
+Collaborative Planning
+______________________
+
+Once an intention is established, the VCA plans for fulfillment of the intention by creating a fulfillment plan. The plan defines the sequence
+and assignment of actions across agents, including fallback strategies and contingency handling. Note that VACP doesn't mandate intelligent, dynamic planning,
+which allows the whole fulfillment process to be fully determinstic. This allows common scenarios to be solidified and optimized in an offline planning process,
+while still allowing for dynamic reasoning and adaptation in more complex scenarios.
+
+Capability Discovery and Exchange
+_________________________________
+
+As the fulfillment plan is established, the VCA identifies and assembles required capabilities to fullfill the plan. VCA initiate capability discovery by
+broadcasting a capability request or querying a registry. Participating agents respond with capability offers that match the requested criteria, including
+both functional and non-functional attributes. VCA evaluates offers based on criteria such as availability, trustworthiness, and compatibility with the
+fulfillment plan.
+Note the broadcasting is not necessarily implemented as a network broadcast, but can be implemented as a direct request to known registry services with a location-based scope,
+or a direct request to known agents in the vicinity. The exact discovery mechanism is not mandated by VACP and can be adapted to the deployment context.
+
+Execution and Monitoring
+________________________
+
+VCA exeutes the fulfillment plan by coordinating the involved agents to perform their assigned actions. The protocol includes mechanisms for monitoring execution progress,
+detecting faults or deviations, and triggering contingency plans as needed. Human-in-the-loop approval and intervention mechanisms allow for safety-critical actions to
+require explicit human approval, and for humans to override or abort.
+
+Security and Trust
+__________________
+
+All agent interactions must be authenticated and integrity-protected.
+Trust relationships between agents are established through verifiable credentials and attestation mechanisms.
+The protocol must support revocation and re-establishment of trust at runtime.
+
+Contextual Awareness
+____________________
+
+Agents must maintain and share contextual information relevant to the collaboration, such as environmental conditions,
+vehicle state, and infrastructure status.
+Context must be timestamped and validated to ensure consistency across collaborating agents.
+
+
+Requirements
+____________
+
+See :doc:`requirements/index` for the list of feature requirements derived from this specification.
+
+
+Backwards Compatibility
+=======================
+
+VACP is a new protocol and does not replace existing V2X or service-oriented communication mechanisms.
+Integration with existing systems is ensured by the transport-agnostic design, allowing VACP messages to be carried over established communication channels.
+
+
+Security Impact
+===============
+
+VACP introduces new attack surfaces related to inter-agent communication and collaborative decision-making.
+The following non-complete list highlights security considerations:
+
+- Agent Authentication
+   - All agents must be authenticated before participation in a collaboration session
+   - Credentials must be verified and revocable at runtime
+- Message Integrity
+   - All protocol messages must be integrity-protected to prevent tampering or replay attacks
+- Trust Management
+   - Trust relationships must be explicitly established and continuously validated
+   - Compromised agents must be detectable and isolatable
+
+
+Safety Impact
+=============
+
+VACP is designed to support safety-relevant collaborative scenarios up to ASIL-B.
+The following list gives an idea of safety considerations and is not complete. An in-depth safety analysis must be conducted in the future.
+
+- Deterministic Execution
+   - Fulfillment plans must be deterministic and reproducible to support safety analysis
+- Human-in-the-Loop
+   - Safety-critical actions must include human approval and intervention checkpoints
+- Fault Handling
+   - The protocol must handle agent failures, communication losses, and plan deviations gracefully without compromising safety
+
+License Impact
+==============
+
+VACP is expected to be implemented primarily using Free and Open Source Software (FOSS), in alignment with the Eclipse Foundation's licensing principles.
+
+- All new components developed under this feature shall be licensed under the Apache 2.0 License
+- No additional licensing constraints are introduced by this feature request beyond those already adopted in S-CORE
+
+How to Teach This
+=================
+
+The following sources are recommended for onboarding:
+
+- This feature request document and its linked requirements
+- The S-CORE platform documentation for related features such as Communication and AI Platform
@@ -0,0 +1,179 @@
+..
+   # *******************************************************************************
+   # Copyright (c) 2025 Contributors to the Eclipse Foundation
+   #
+   # See the NOTICE file(s) distributed with this work for additional
+   # information regarding copyright ownership.
+   #
+   # This program and the accompanying materials are made available under the
+   # terms of the Apache License Version 2.0 which is available at
+   # https://www.apache.org/licenses/LICENSE-2.0
+   #
+   # SPDX-License-Identifier: Apache-2.0
+   # *******************************************************************************
+
+.. _vacp_requirements:
+
+Requirements
+============
+
+.. feat_req:: Intention Establishment
+   :id: feat_req__vacp__intention_establishment
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   The platform shall provide a mechanism to establish an unambiguous, self-contained, and verifiable
+   user intention, supporting various input modalities including natural language, deterministic UI
+   interactions, and rule-based triggers.
+
+.. feat_req:: Collaborative Planning
+   :id: feat_req__vacp__collaborative_planning
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   The Vehicle Coordination Agent (VCA) shall create a fulfillment plan for an established intention,
+   defining the sequence and assignment of actions across collaborating agents, including fallback
+   strategies and contingency handling. The platform shall support both pre-defined deterministic
+   plans and dynamically generated plans.
+
+.. feat_req:: Capability Discovery
+   :id: feat_req__vacp__capability_discovery
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   The platform shall provide a transport-agnostic mechanism for the VCA to discover capabilities
+   offered by vehicle on-board and infrastructure-based agents, supporting broadcast, registry-based,
+   and direct query discovery patterns.
+
+.. feat_req:: Capability Exchange and Evaluation
+   :id: feat_req__vacp__capability_exchange
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   The platform shall allow agents to respond to capability requests with offers describing functional
+   and non-functional attributes, and shall enable the VCA to evaluate offers based on availability,
+   trustworthiness, and compatibility with the fulfillment plan.
+
+.. feat_req:: Plan Execution and Monitoring
+   :id: feat_req__vacp__plan_execution
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   The VCA shall coordinate execution of the fulfillment plan across the assigned agents, monitor
+   execution progress, detect faults or deviations, and trigger contingency plans as required.
+
+.. feat_req:: Deterministic Execution
+   :id: feat_req__vacp__deterministic_execution
+   :reqtype: Non-Functional
+   :security: NO
+   :safety: ASIL_B
+   :satisfies: stkh_req__ai_platform__runtime_determinism
+   :status: valid
+
+   Fulfillment plans designated as safety-relevant shall be executable in a deterministic and
+   reproducible manner to support safety analysis.
+
+.. feat_req:: Human-in-the-Loop Approval
+   :id: feat_req__vacp__human_in_the_loop
+   :reqtype: Functional
+   :security: NO
+   :safety: ASIL_B
+   :satisfies: stkh_req__dependability__safe_state
+   :status: valid
+
+   The protocol shall provide approval and intervention checkpoints that require explicit human
+   confirmation for safety-critical actions, and shall allow humans to override or abort an
+   in-progress fulfillment plan.
+
+.. feat_req:: Fault Handling
+   :id: feat_req__vacp__fault_handling
+   :reqtype: Functional
+   :security: NO
+   :safety: ASIL_B
+   :satisfies: stkh_req__dependability__error_reaction
+   :status: valid
+
+   The protocol shall handle agent failures, communication losses, and plan deviations gracefully
+   without compromising the safety of the overall system.
+
+.. feat_req:: Agent Authentication
+   :id: feat_req__vacp__agent_authentication
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__dependability__security_features
+   :status: valid
+
+   All agents participating in a VACP collaboration session shall be authenticated prior to
+   participation, using credentials that can be verified and revoked at runtime.
+
+.. feat_req:: Message Integrity
+   :id: feat_req__vacp__message_integrity
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__communication__secure
+   :status: valid
+
+   All VACP protocol messages shall be integrity-protected to prevent tampering and replay attacks.
+
+.. feat_req:: Trust Management
+   :id: feat_req__vacp__trust_management
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__dependability__security_features
+   :status: valid
+
+   The protocol shall support explicit establishment, continuous validation, revocation, and
+   re-establishment of trust relationships between collaborating agents at runtime, including the
+   detection and isolation of compromised agents.
+
+.. feat_req:: Contextual Awareness
+   :id: feat_req__vacp__contextual_awareness
+   :reqtype: Functional
+   :security: YES
+   :safety: ASIL_B
+   :satisfies: stkh_req__overall_goals__enable_cooperation
+   :status: valid
+
+   Agents shall maintain and share contextual information relevant to the collaboration, such as
+   environmental conditions, vehicle state, and infrastructure status. Shared context shall be
+   timestamped and validated to ensure consistency across collaborating agents.
+
+.. feat_req:: Transport-Agnostic Communication
+   :id: feat_req__vacp__transport_agnostic
+   :reqtype: Non-Functional
+   :security: NO
+   :safety: ASIL_B
+   :satisfies: stkh_req__communication__extensible_external
+   :status: valid
+
+   The protocol shall be transport-agnostic and capable of operating over diverse underlying
+   communication channels without imposing constraints on the underlying infrastructure.
+
+.. feat_req:: Extensibility
+   :id: feat_req__vacp__extensibility
+   :reqtype: Non-Functional
+   :security: NO
+   :safety: ASIL_B
+   :satisfies: stkh_req__communication__extensible_external
+   :status: valid
+
+   The protocol shall be extensible to accommodate new agent capabilities, message types, and
+   collaboration patterns without breaking backward compatibility with existing agents.
@@ -17,6 +17,7 @@
    :security: YES
    :safety: QM
    :status: valid
+   :belongs_to: feat__os
 
 EB corbos Linux for Safety Applications (EBcLfSA)
 #################################################