v1.0.0-rc.0 · Apache 2.0 · release-candidate phase
The operating system for physical AI.
A coordination plane for distributed physical agents.
Real-time arbitration over scarce physical resources — kilowatts on a substation, square metres on a factory floor, signal-phase windows at an intersection, RF spectrum on a farm. Six normative resource types, four safety classes, graceful-taper preemption.
ACS v0.1 · 32 cases
11.2M TLA+ states
6 verticals · 6 resource types
1973/s · p99 6 ms
The Problem
Why physical AI is stuck at one site, one domain, one vendor
Every physical-AI vertical built its own protocol — OCPP for chargers, ROS for robots, OpenADR for grid demand response, IEEE 2030.5 for DER. None of them speak to each other. A site with chargers, batteries, robots, and signal heads has no common arbitration language.
Most fleet platforms collapse the moment connectivity dies. Site-wide load balancing, predictive maintenance, and emergency preemption all depend on a round-trip to a US-hyperscaler dashboard. 15–25% of public charger downtime traces back to this dependency.
Charge-point operators run one stack. Fleet operators run another. Site-energy ops run a third. Each reinvents auth, telemetry, RBAC, and OTA updates. The coordinator that decides which agent gets the kilowatt sits inside whichever vendor's silo claimed the contract.
When a hospital generator trips, an EV charger should taper before a chiller. When a robot crosses a forklift lane, the forklift should yield. Existing platforms have no notion of safety class, no graceful-taper specification, no audit trail proving the right thing happened — or didn't.
How It Works
Three layers, one coordination plane, the subsidiarity principle
~330 Go microservices on K8s — fleet analytics, model training, federated-learning aggregation, multi-tenant SaaS, OCPI 2.2.1 roaming. NATS JetStream + PostgreSQL/TimescaleDB. Owns long-horizon decisions that span sites and tenants: model distribution, ε-budget accounting under DP-SGD, Byzantine-robust aggregation. ~5% of total decisions.
~56 services on K3s — the resolver typically lives here. Site coordinator arbitrates claims atomically across the six ACS resource types. CCAR (Confidence-Calibrated Autonomous Resolution) fires at ≥90% confidence; ARA (Adaptive Retrieval-Augmented Reasoning) grounds every decision in authoritative technical documentation. P50 TTFT 28–48ms. Continues operating fully offline. ~30% of decisions.
Charger / robot / signal-head firmware. Holds local safety authority — a hardware ESTOP fires the contactor in <10 ms independently of any coordinator round-trip. AuralinkCharger in Rust (14 crates) for full-OS deployments; AuralinkAgent in Go as a non-invasive sidecar for existing OCPP-compliant equipment. ~65% of decisions execute here.
Conformance · what's verified
Three ACS conformance levels run end-to-end on every commit, against a TLA+ formal model that's been exhaustively model-checked. Every number maps to a path in tests/conformance/.
L1 · Reference
9/9
Resource taxonomy, BootClaim, claim/grant/preempt protocol
L2 · Safety
16/16
Four safety classes, TaperSpec preemption, coupling-group cascades
L3 · Federated
7/7
Cross-coordinator forwarding, witness anchoring, DP-SGD aggregation
11.2M states
TLA+ formal model · os/spec/formal/
1973 claims/s
L1+L2 load · p99 6 ms · 0 crashes · T8-LOAD-REPORT
805 tests
AuralinkCharger Rust firmware · 14 crates
Capabilities
What the coordination plane actually does, with the maturity honestly stated
11.2M
TLA+ states exhaustively model-checked (formal spec)
28–48ms
Edge inference P50 TTFT; <10ms safety-class preemption
72h+
Autonomous offline operation, full feature parity
5
Domains: EV charging, robotics, smart-city, energy, IIoT
6
Normative resource types in ACS v0.1 (Power, Workspace, SignalPhase, Spectrum, TimeSlot, Token)
4
Safety classes with graceful-taper preemption (TaperSpec) + SHA-256 audit chain
Domains
The same protocol arbitrates claims across all of these. Maturity is stated honestly per the ACS conformance matrix.
OCPP 2.0.1 (all 48 message types), OCPP 1.6J fallback, OCPI 2.2.1 roaming, ISO 15118-2/-20 framework. Power + Token resource types. Most operationally mature surface. Status: implemented (OCTT certification pending).
ROS 2 bridge runtime with stale-pose detection, failsafe, and e-stop integration. Workspace + Power resource types. Shipped 2026-05-08. Status: partial — documented gaps remain.
OpenADR 2.0b demand response, IEEE 2030.5 DER coordination. SignalPhase + Spectrum resource types. Megaproject playbooks for Hellinikon and NEOM-shaped deployments. Status: demo.
Energy Dance demo (`make demo-d1`) coordinates battery, solar, and charging loads under a single Power-type claim space. Status: partial.
Modbus TCP master reference adapter. OPC UA in the spec, planned for implementation. Spectrum + TimeSlot + Power resource types. Status: demo (OPC UA planned).
HVAC Power + Lighting SignalPhase composition. Smart-buildings SDK shipped May 2026 — coordinator arbitrates between heating/cooling power demand and lighting scheduling.
ACS v0.1 at a glance
The Auralink Coordination Specification (ACS v0.1) defines a small, normative vocabulary that every implementation — coordinator, charger, robot, signal head — speaks. Below: the primitives the spec arbitrates over.
RESOURCEWatts on a substation, a busbar, a feeder, or a single charger contactor. Claims compose across hierarchical buses with hard physical caps.
RESOURCECubic metres on a factory floor or square metres at an intersection. The primitive for robot AGV reservations and traffic preemption.
RESOURCETime windows on a traffic signal head. Arbitrates emergency-vehicle preemption, transit-priority requests, and demand-responsive timing.
RESOURCERF channel + bandwidth + time. The primitive for shared-radio environments — farms, ports, megaprojects with mixed 5G/LoRa/Wi-Fi.
RESOURCEDiscrete scheduled intervals on a shared physical asset (production cell, robot arm, dock). Composable with Power for energy-aware schedules.
RESOURCEBookkeeping primitive for OCPI roaming, virtual energy credits, V2G settlement, carbon allocation. The 'soft' resource type.
CLASS 1Hardware ESTOPs, hospital backup load, life-safety preemption. Fires under 10 ms, bypasses the coordinator round-trip.
CLASS 2Thermal runaway prevention, collision avoidance, grid stability holds. Preempts priority + routine immediately, with full audit trail.
CLASS 3Transit-vehicle signal priority, fleet-charger SLAs, megaproject delivery windows. Gracefully tapers routine claims via TaperSpec.
CLASS 4Background charging, idle robot reservations, off-peak demand. First to taper when higher classes claim. Default for opt-in workloads.
Supply chain trust
Image signing
Every Release-built image is cosign-signed. Sigstore admission controller blocks unsigned deploys at the cluster level.
Provenance + SBOM
SLSA-provenance attestation on every image. SBOM attestation. scripts/verify-image.sh chains both checks for downstream verification.
Audit chain
Every claim+grant+preemption is SHA-256-chained per tenant. Periodic Ed25519 witness anchors published over NATS for external attestation.
Key custody
Witness anchor signer is pluggable. Sealed-at-rest Ed25519 key file with operator-managed wrap key. Hardware-pluggable: TPM 2.0 / KMS / Vault Transit all front the same interface.
Transport
SDK + coordinator + distro all use paired file-PEM mounts. coord_tls_enabled Prometheus metric.
Secrets
Adapter credential resolution via URI dispatcher (vault:// · file:// · env:// · literal:). K8s ExternalSecret with ESO + Vault.
Deep Dive
Deep-dive into Auralink. NDA required for access.
These documents contain proprietary architecture details, benchmarks, and implementation specifics. A quick NDA protects both parties.
Why a coordination plane is the missing primitive for distributed physical AI, and what it unlocks across EV / robotics / smart-city / IIoT.
ACS v0.1 — six normative resource types, four safety classes, graceful-taper preemption, federated learning under differential privacy. With the TLA+ formal model.
Full system architecture: ~330 cloud services, ~56 edge services, charger OS in Rust, agent bundle in Go, deployment topology, RAG backbone, megaproject playbooks.
Source Code
View the GitHub repositories and HuggingFace models. Requires NDA acceptance first.
Please sign the NDA first before requesting code access.
Partnership
Apache 2.0, OCPP 2.0.1 + 1.6J today, ROS 2 bridge shipped, OpenADR 2.0b + IEEE 2030.5 in flight — looking for partners across the five operationally mapped domains.
OCPP 2.0.1 / 1.6J support today, OCPI 2.2.1 roaming, ISO 15118-2/-20 framework. The EV-charging domain is the most operationally mature surface — ready for live network deployment with CPO partners.
ROS 2 bridge shipped 2026-05-08 with stale-pose / failsafe / e-stop. OpenADR 2.0b + IEEE 2030.5 demos run. Megaproject playbooks for Hellinikon-shaped (Mediterranean mixed-use) and NEOM-shaped (hyper-scale industrial) deployments live under apps/city/.
The coordination spec (ACS v0.1) is normative and stable; breaking changes require an RFC and a 90-day window. Build your own coordinator, embed our SDKs, or run the reference implementation — Apache 2.0, no field-deployment lock-in.
Roadmap
Auralink v1.0 shipped open-source in 2026 under Apache 2.0. Where the coordination plane goes next.
Normative spec for six resource types, four safety classes, taper preemption. Reference coordinator in Go. TLA+ formal model checked across 11.2M states. OCPP 2.0.1 + 1.6J, OCPI 2.2.1 roaming, ISO 15118 framework. ROS 2 bridge with failsafe. Apache 2.0 licensed.
Live OCPP 2.0.1 network testing with CPO partners. OCTT certification and ISO 15118 interop. Hardware validation on NXP i.MX8M Plus (charger), AMD Ryzen AI Max+ and NVIDIA DGX Spark (edge). First megaproject playbook field run.
Smart-city OpenADR 2.0b + IEEE 2030.5 promoted from demo to implemented. IIoT OPC UA adapter from planned to demo. BESS+solar site-wide energy from partial to implemented. Developer SDKs (Python / TypeScript / Go) for embedding ACS clients.
V2G orchestration (bidirectional power), federated learning with differential privacy at scale, Byzantine-robust aggregation across thousands of sites, carbon tracking (Scope 1/2/3), quantum-safe cryptography (NIST PQC migration).
Building production physical-AI infrastructure or deploying Auralink on a live network? Hyperion consulting covers pilot validation, production hardening, EU AI Act compliance, and full integration engagements.
70% of AI pilots never reach production. Get the playbook for the 30% that does.
Unsubscribe anytime. No spam, ever.