VSBS: Autonomous Vehicle Service Booking System
Project Report submitted for the partial fulfilment of the degree of
BACHELOR OF TECHNOLOGY (CSE)
Name of Student:
Divya Mohan
Registration Number:
GF202214698
Course with Specialization:
B.Tech CSE Cybersecurity
Capstone Mentor:
Dr. Kritika Rana

Acknowledgement

I would like to express my sincere gratitude to my capstone mentor at Shoolini University and the faculty of the Yogananda School of AI, Computers and Data Sciences for their consistent guidance through every stage of this project. Their feedback on architecture decisions, on safety claims, and on the realism of the simulation-policy framing was instrumental in shaping the final outcome.

I am grateful to the Department of Computer Science and Engineering for providing access to the development infrastructure that allowed this project to be exercised end-to-end on a constrained hardware envelope. The lab availability for late-evening builds, the network bandwidth for live API smoke runs, and the willingness to host the verification artefacts on a shared review system materially improved the quality of the final submission.

I acknowledge the open-source community whose work this project stands on. The maintainers of Hono, Bun, Next.js, React, Tailwind, LangGraph, Zod, OpenTelemetry, CARLA, and many others have produced primitives that allowed a small team to ship a system whose blueprint would otherwise need a very large engineering organisation. The research community whose peer-reviewed contributions are cited throughout this report, covering battery prognostics, sensor fusion, agentic verification, and automotive cybersecurity, gave this project its evidentiary backbone.

Finally, I thank my family and peers, whose patience during the long verification cycles and whose willingness to act as honest first reviewers kept the work grounded in real user needs rather than purely technical novelty.

Abstract

VSBS is a research-grade, production-shape reference platform that lets a vehicle owner book a service, receive an autonomous and verifiable recommendation, and, when the original-equipment manufacturer supports it, hand the vehicle over to an authorised service centre under a signed, scope-limited, time-bound capability token. The platform integrates a multi-language conversational concierge, a deterministic safety fence around large language model output, an extended Kalman filter sensor fusion pipeline, physics-of-failure remaining-useful-life models, a four-rung United Nations Economic Commission for Europe Regulation 157 takeover ladder, and a privacy-by-design compliance layer aligned with India's Digital Personal Data Protection Act 2023, the European General Data Protection Regulation, and the California Consumer Privacy Act.

The system is implemented as a twelve-package TypeScript monorepo running on Bun and Hono for the application interface, on Next.js 16 with React 19 and Tailwind 4 for the customer and operator surfaces, and on Google Cloud Platform with Cloud Run, Cloud Armor, Identity-Aware Proxy, Firestore, and Secret Manager for production deployment. Every architectural decision is grounded in peer-reviewed research, in international safety and security standards, or in vendor documentation, and is traceable through the docs/research corpus that ships in-tree with the source.

The platform was subjected to an external security audit which surfaced ten findings across authentication, authorisation, edge controls, and production wiring. Every finding was sealed end-to-end through a coordinated multi-agent fix that introduced a hash-based message authentication code signed bearer token at the over-the-phone one-time-password verification step, a real Identity-Aware Proxy signature verifier, a production-fail-closed environment schema, and a Cloud Armor-and-Identity-Aware-Proxy-attached Terraform module. The verification ladder spans typecheck, one thousand three hundred and two unit and specialised tests, live application-programming-interface smoke probes, a safety-fence-asserting concierge stream test, and a Playwright Chromium end-to-end suite. All audit proof-of-concept exploits now return four-zero-one or four-zero-three responses.

Keywords

Autonomous vehicles; service booking; LangGraph agent supervisor; safety fence; sensor fusion; remaining useful life; UNECE R157; CommandGrant capability token; defense in depth; DPDP Act 2023; Cloud Armor; Identity-Aware Proxy; production-fail-closed; multi-agent orchestration.

Table of Contents

Acknowledgementii
Abstractiii
List of Figuresv
List of Tablesvi
Chapter 1: Introduction & Problem Definition9
1.1 Background9
1.2 Problem Statement9
1.3 Objectives10
1.4 Scope and Limitations10
1.5 Significance10
1.6 Report Organization11
Chapter 2: System Requirements12
2.1 Functional Requirements12
2.2 Non-Functional Requirements12
2.3 Hardware Requirements13
2.4 Software Requirements13
2.5 User Personas13
Chapter 3: System Architecture & Design15
3.1 High-Level Architecture15
3.2 Component Boundaries15
3.3 Data Flow16
3.4 Database Design17
3.5 Application-Programming-Interface Design17
3.6 Security Architecture17
Chapter 4: Technology Stack19
4.1 Frontend19
4.2 Backend19
4.3 Infrastructure19
4.4 Large-Language-Model Layer19
4.5 Sensor Stack and Simulation19
4.6 Justification Summary20
Chapter 5: Implementation22
5.1 Monorepo and Build22
5.2 Authentication and Sessions22
5.3 Booking Workflow22
5.4 LangGraph Supervisor and Tool Registry22
5.5 Sensor Pipeline and Prognostics23
5.6 Autonomy Layer and CommandGrant24
5.7 Payment State Machine23
5.8 Compliance Layer24
Chapter 6: Algorithms and Models25
6.1 Sensor Fusion Extended Kalman Filter25
6.2 Remaining-Useful-Life Models26
6.3 Wellbeing Scoring26
6.4 Agent Verifier27
6.5 Out-Of-Distribution Detection27
6.6 UNECE R157 Takeover Ladder27
Chapter 7: Testing29
7.1 Strategy29
7.2 Test Pyramid29
7.3 Continuous Testing30
Chapter 8: Results and Performance Analysis31
8.1 Verification Run Summary31
8.2 Security Audit Closure31
8.3 Performance32
8.4 Test Coverage Trend32
Chapter 9: Deployment33
9.1 Cloud Build Pipeline33
9.2 Terraform Module33
9.3 Production Fail-Closed33
9.4 Observability34
Chapter 10: Challenges and Solutions37
10.1 Strict Content-Security-Policy versus Inline Style37
10.2 Tailwind 4 Length Hint37
10.3 Constrained Graphics-Processing-Unit Hardware37
10.4 Multi-Agent Security Fix Orchestration37
10.5 Mount-Order Race in Consent Gates37
Chapter 11: Conclusion and Future Scope39
11.1 Summary39
11.2 Achievements39
11.3 Limitations39
11.4 Future Scope39
11.5 Closing40
Reflection Questions41
References45

List of Figures

Figure 1.1: Customer landing page at /.9
Figure 2.1: Five user personas mapped to the surfaces they touch.14
Figure 3.1: High-level architecture of the VSBS platform.15
Figure 3.2: Concierge turn data flow with the verifier in line.17
Figure 3.3: Defense-in-depth security layers.18
Figure 4.1: Stack layers with pinned versions.20
Figure 5.1: Payment state machine, eleven states across four swim-lanes.24
Figure 6.1: Sensor fusion topology around the ExtendedKalman class.25
Figure 6.2: Severson 2019 knee-point traction-battery state-of-health.26
Figure 6.3: Wellbeing radar across ten weighted axes.27
Figure 6.4: UNECE R157 four-rung takeover ladder.28
Figure 7.1: Nine-layer verification ladder.30
Figure 8.1: Audit findings before and after fix.32
Figure 9.1: Autonomy dashboard at /autonomy/[id].34
Figure 9.2: Recordings page at /recordings (admin-gated).35
Figure 9.3: Consent management at /me/consent.35
Figure 9.4: Region selector at /region.36
Figure 11.1: Phased roadmap, P1 through P12.40

List of Tables

Table 2.1: Non-functional requirement targets and measurement approach.13
Table 3.1: Package inventory and responsibility.16
Table 4.1: Why each technology was chosen over the leading alternative.21
Table 7.1: Test ladder, what each layer catches, and the count at the most recent verification.29
Table 8.1: Audit findings, pre-fix runtime probe response, post-fix response.31

Chapter 1: Introduction & Problem Definition

1.1 Background

The Indian passenger vehicle parc has crossed forty million units. Service is the single largest unmet need: drivers travel long distances to authorised centres, wait without status updates, accept opaque diagnoses, and frequently agree to repairs they cannot independently verify. The same problem at lower density also affects the United States and the European Union; the global service market is over four hundred billion dollars annually. Original-equipment manufacturers have begun to publish autonomous parking and short-distance routing specifications such as the Mercedes-Benz and Bosch Intelligent Park Pilot deployment in the Stuttgart APCOA P6 garage, but no end-to-end customer-side platform composes those primitives into a verifiable service booking experience.

VSBS home page with a dark hero image of a car at a service bay, headline reading 'Your vehicle. Served.', and call-to-action buttons.
Figure 1.1. Customer landing page at /. The hero loads above the fold on the slowest mobile connection (LCP < 2.5 s); strict content-security-policy with per-request nonces; the demo-mode banner is a load-bearing safety signal until the homologation gates close.

1.2 Problem Statement

Build an autonomous vehicle service booking system that lets an owner request a service, accept or override an autonomous diagnostic recommendation, sign a scope-limited capability token that authorises the service centre to perform the agreed work, and watch the entire flow under a privacy-by-design compliance layer. The system must be safe by construction: no large language model output may bypass a hard-coded safety fence; no caller-controlled identity header may grant access to owner-scoped data; no simulated sensor sample may enter a real customer decision log; and no production deployment may run with the development-mode defaults that simplify local iteration.

1.3 Objectives

  1. Compose a twelve-package TypeScript monorepo whose architecture is grounded in peer-reviewed research, in international standards, and in vendor documentation, with every claim traceable through an in-tree research corpus.
  2. Implement a deterministic safety fence around the large-language-model conversational concierge so that the final user-visible output always carries the canonical no-safety-certification advisory regardless of the model's intermediate suggestions.
  3. Implement a sensor fusion and remaining-useful-life pipeline whose simulated and real drivers share an identical state machine, with provenance stamping that prevents simulated samples from contaminating real decision logs.
  4. Implement a CommandGrant capability token that is canonical-byte-encoded per RFC 8785, signed under the owner's passkey, witness-signed, and verifiable through a Merkle authority chain.
  5. Implement a privacy-by-design compliance layer that satisfies India's Digital Personal Data Protection Act 2023, the European General Data Protection Regulation, and the California Consumer Privacy Act, with explicit consent gates, real deletion, and a seventy-two-hour breach response runbook.
  6. Implement a defense-in-depth security posture that fails closed in production, fixes the ten findings raised by an external audit, and has every fix verified through a nine-layer test ladder that produces a non-repudiable witness report.

1.4 Scope and Limitations

VSBS is explicitly not a certified safety system. The README, the SAFETY-NOTICE, and the user interface banners state that no real autonomy is enabled and that the platform is a research and reference artefact. Production deployment is subject to legal, regulatory, insurance, and homologation gates that are out of scope for the capstone. The autonomy layer is implemented faithfully so that an integrator who has completed those gates can flip a single environment variable and operate live; until then the platform runs in simulation mode and refuses to mint live grants when the production-fail-closed environment schema detects a sim driver.

1.5 Significance

The capstone produces three artefacts that are usable beyond the academic submission. First, the architecture is documented at a level that enables a downstream integrator to understand every decision and its evidentiary basis without consulting the author. Second, the security audit and the coordinated multi-agent fix demonstrate a reproducible workflow for hardening a research-grade system to production-shape without breaking the existing test suite. Third, the simulation policy, under which simulated and live drivers share an identical state machine and are promoted by a single environment variable flip, is a generally applicable pattern for any safety-claimed system whose live drivers cannot be exercised in academic environments.

1.6 Report Organization

Chapter 2 enumerates functional and non-functional requirements. Chapter 3 describes the high-level architecture, the package boundaries, the data flow, and the security architecture. Chapter 4 justifies the technology stack against the stated requirements. Chapter 5 walks the implementation of authentication, the booking workflow, the LangGraph agent supervisor, the sensor pipeline, the autonomy layer, the payment state machine, and the compliance layer. Chapter 6 details the algorithms used for sensor fusion, prognostics, wellbeing scoring, agent verification, and out-of-distribution detection. Chapter 7 describes the test strategy and the test pyramid. Chapter 8 reports the results of the verification ladder. Chapter 9 covers deployment. Chapter 10 documents the challenges encountered and the solutions adopted. Chapter 11 summarises the work and outlines the future scope. The reflection-questions section answers ten standardised mentor questions in order. The references section gives a Vancouver-style bibliography of the corpus that grounds every architectural claim.

Chapter 2: System Requirements

2.1 Functional Requirements

  1. FR-1, Owner registration and authentication via mobile-number one-time-password, returning a HMAC-SHA-256-signed bearer session token.
  2. FR-2, Vehicle decoding through the National Highway Traffic Safety Administration vPIC API, returning make, model, year, body class, and engine attributes.
  3. FR-3, Conversational intake through a multilingual concierge that accepts free-form complaints, normalises them, and triggers safety, wellbeing, and dispatch tools.
  4. FR-4, Deterministic safety assessment with a hard-coded red-flag set whose output is non-overridable by the language model.
  5. FR-5, Service-centre dispatch with parts-availability, distance, and wellbeing-weighted shortlist.
  6. FR-6, Payment order creation, intent authorisation, capture, and refund through Razorpay or Stripe with idempotency keys and webhook verification.
  7. FR-7, Sensor ingest from Smartcar OEM cloud, ELM327 OBD-II Bluetooth Low Energy dongles, and live CARLA bridges, with per-channel arbitration and provenance stamping.
  8. FR-8, Prognostics and health monitoring with remaining-useful-life models for brake pads, the twelve-volt accessory battery, tyres, the high-voltage traction battery, engine oil, the drive belt, and wheel bearings.
  9. FR-9, CommandGrant minting, witness signing, action append, scope perform, heartbeat, offline envelope, and revocation, with per-grant ECDSA P-256, RSASSA-PKCS1-v1_5, Ed25519, or ML-DSA-65 signatures.
  10. FR-10, Consent management with explicit, granular, revocable purpose grants and a seventy-two-hour breach runbook.
  11. FR-11, Operator dashboard with a single-pane SIEM-style log viewer, booking timeline, autonomy live telemetry, and dispatch shortlist.
  12. FR-12, Owner-controlled data export and erasure across primary store, backups, logs, caches, and analytics.

2.2 Non-Functional Requirements

CategoryTargetMeasurement
PerformanceP50 < 100 ms; P95 < 250 ms; P99 < 500 ms on owner-scoped read pathsOpenTelemetry traces; per-route histograms scraped by Prometheus.
Availability99.9 percent monthly on the service-fulfilment pathUptime probes from two regions; Cloud Run health checker.
SecurityOWASP Top 10 mitigated; defense in depth on every route; production-fail-closedTrivy, OSV-scanner, Semgrep, pnpm audit; runtime probes against the audit PoC.
AccessibilityWCAG 2.2 AAA; 44x44-pixel touch targets; reduced motion; high contrastLighthouse CI; manual screen-reader walk-throughs.
PrivacyDPDP 2023 + GDPR + CCPA; AES-256-GCM at rest; TLS 1.3 in transitDPIA, FRIA, AI risk register; in-tree consent and erasure unit tests.
InternationalisationEnglish plus Hindi mandatory; seven additional regional languages readynext-intl message catalogues; right-to-left layout test.
Offline toleranceBooking and concierge function on degraded network with retry-and-replayService-worker queue; chaos test 'network-degraded'.

Table 2.1. Non-functional requirement targets and measurement approach.

2.3 Hardware Requirements

  • Development workstation with 16 GB random-access memory, four to eight cores, any modern operating system. The capstone was developed on a workstation with two gigabytes of video random-access memory; the live CARLA simulator was substituted by a deterministic chaos driver for verification.
  • Production: Google Cloud Platform Cloud Run with two virtual central processing units and one gigabyte of memory per container; one Firestore database in Asia-South1; one Artifact Registry repository.
  • Vehicle adapters: ELM327 V1.5 Bluetooth Low Energy dongle for owner-side OBD-II; Smartcar OEM cloud for over-the-air; CARLA 0.9.16 server for autonomy simulation.

2.4 Software Requirements

  • Node.js 22 long-term support; Bun 1.3 or newer; pnpm 9 or newer; Python 3.10 or newer for the CARLA bridge.
  • TypeScript 5.7 with strict mode, no-unchecked-indexed-access, and exact-optional-property-types.
  • Hono 4 on Bun; Next.js 16.2 with React 19; Tailwind CSS 4.
  • LangGraph supervisor; Zod 3 for every schema boundary.
  • Terraform 1.9 with the Google Beta provider; Cloud Build for the deployment pipeline.

2.5 User Personas

  • Vehicle owner, primary persona. Uses the customer web or mobile application to book a service, review the autonomous diagnosis, and authorise a CommandGrant if required.
  • Service-centre operator, uses the operator dashboard to receive bookings, manage dispatch, and execute the agreed scope.
  • Original-equipment manufacturer integration partner, consumes the autonomy capability and CommandGrant interfaces to drive the vehicle for short scopes.
  • Compliance and audit reviewer, uses the SIEM log viewer, the AI risk register, the data protection impact assessment, and the verification witness reports.
  • Site-reliability engineer, uses the health dashboards, the structured log stream, the OpenTelemetry traces, and the chaos and red-team test outputs.
Figure 2.1. Five user personas mapped to the surfaces they touch. Each persona authenticates through a distinct credential type (session bearer, vehicle-token HMAC, or Identity-Aware Proxy assertion); no persona can impersonate another.
Figure 2.1. Five user personas mapped to the surfaces they touch. Each persona authenticates through a distinct credential type (session bearer, vehicle-token HMAC, or Identity-Aware Proxy assertion); no persona can impersonate another.

Chapter 3: System Architecture & Design

3.1 High-Level Architecture

VSBS is a twelve-package monorepo. The packages are split into shared, sensors, large language model, agents, security, compliance, telemetry, and knowledge-base libraries, plus four applications: the backend application-programming-interface, the customer web application, the operator administration console, and the owner mobile application. The application boundary is the only network boundary; every package is consumed in-process by exactly one application or by another package.

Figure 3.1. High-level architecture. Three client tiers proxy through the Cloud Armor and Identity-Aware Proxy edge to the Hono application, which composes eight packages and four external adapter families.
Figure 3.1. High-level architecture. Three client tiers proxy through the Cloud Armor and Identity-Aware Proxy edge to the Hono application, which composes eight packages and four external adapter families.

3.2 Component Boundaries

PackageResponsibilityLines of code (approx)
@vsbs/sharedZod schemas, safety, wellbeing, autonomy, payment state machine, sensor types6,400
@vsbs/sensorsScalar Kalman, cross-modal arbitration, deterministic simulator, RUL models3,800
@vsbs/llmProvider-agnostic large-language-model layer; six providers; profile-based defaults2,200
@vsbs/agentsLangGraph supervisor, verifier chain, tool registry, output filter4,100
@vsbs/securityQuantum-secure primitives, content-security policy helpers, signing1,900
@vsbs/complianceDPIA, FRIA, AI risk register, consent manager, erasure coordinator2,700
@vsbs/telemetryOpenTelemetry, structured logger, health checker, metrics1,500
@vsbs/kbKnowledge-base, OEM plug-in, embeddings, DTC corpus, ISO 2575 mapping1,800
apps/apiHono on Bun; routes, middleware, adapters12,400
apps/webNext.js customer application; intake wizard; status; consent; reports9,800
apps/adminOperator console; SIEM; dispatch board5,600
apps/mobileExpo owner application; passkeys; OBD-II4,200

Table 3.1. Package inventory and responsibility.

3.3 Data Flow

An owner submits a complaint through the customer web application. The browser-side proxy at /api/proxy strips inbound authentication headers and forwards to the application-programming-interface with a request identifier and the owner's HMAC-SHA-256 bearer token. The application validates the token through the requireSession middleware and dispatches to the route handler. For a concierge turn, the route loads prior messages bound to the owner subject, constructs a request-scoped LangGraph instance with the owner's bearer forwarded as a default header, and yields each agent event as a server-sent-event stream. Tool calls dispatch back to the application over the same authenticated transport. The verifier chain inspects each tool call against the conversation context and a deterministic agreement check before tools are executed. The final output passes through a hard-coded output filter that overrides any drive-suggestion the model emits with the canonical safety advisory.

Figure 3.2. Concierge turn data flow. The verifier sits between every model-emitted tool-call and the tool handler; the final SSE event always carries the canonical safety advisory, regardless of the model's intermediate suggestion.
Figure 3.2. Concierge turn data flow. The verifier sits between every model-emitted tool-call and the tool handler; the final SSE event always carries the canonical safety advisory, regardless of the model's intermediate suggestion.

3.4 Database Design

Firestore was chosen over a relational store because most read paths are document-shaped, the consistency model fits the booking and consent timelines, and the Asia-South1 regional residency satisfies the Digital Personal Data Protection Act 2023 cross-border data transfer constraint. Each booking is one document, indexed by owner subject. Consent records are append-only per owner and per purpose. Sensor sessions are ephemeral. Payment orders, intents, and refunds carry an idempotency key that is the primary lookup index. Erasure operations cascade through every collection in the same transaction.

3.5 Application-Programming-Interface Design

The application uses Hono on Bun. Every route is wrapped by request-identifier injection, OpenTelemetry trace, structured logging with personally-identifiable-information redaction, body-size limit, sliding-window rate limit, secure headers, and a unified error envelope. Every request body is validated by a Zod schema; types are inferred from schemas, never the other way around. The error envelope is the same shape on every failure: a JSON object containing an error code, a human-readable message, the request identifier, and optional details. Mutating endpoints accept idempotency keys. The interface is versioned at /v1; cursor-based pagination is used everywhere a list endpoint exists. Web hooks carry a hash-based message authentication code over the body and an idempotency key.

3.6 Security Architecture

Defense in depth is the architectural posture. The edge has Cloud Armor with sensitivity-1 OWASP Core Rule Set, scanner detection, and adaptive protection; the operator administration path is fronted by Identity-Aware Proxy. The application layer enforces a request-scoped HMAC-SHA-256 bearer token minted at one-time-password verification, a Cloud-Identity-Aware-Proxy ECDSA P-256 signature verifier on the operator path, a content-security policy with strict source allow-list, and a path-aware rate limit. Every owner-scoped route runs through the requireSession middleware before reaching the handler. Every external-side-effect adapter has a sim driver that faithfully reproduces latency, idempotency, web-hook ordering, and error classes. Production fails closed when any sim driver, any default signing key, or any missing audience is detected.

Figure 3.3. Defense-in-depth layers. A request must clear every concentric ring before reaching the route handler; each ring fails closed independently and emits a uniform error envelope.
Figure 3.3. Defense-in-depth layers. A request must clear every concentric ring before reaching the route handler; each ring fails closed independently and emits a uniform error envelope.

Chapter 4: Technology Stack

4.1 Frontend

The customer web application uses Next.js 16.2 with React 19 and Tailwind CSS 4. Next.js was chosen because it provides server-side rendering with strict content-security-policy support through dynamic nonces, full internationalisation through next-intl 4 with file-system routing, and a build-time route validator that catches handler shape mismatches at compile time rather than at first request. React 19 was chosen because the new server-action and use-client primitives eliminate most client-side state-management boilerplate. Tailwind 4 was chosen because the new JavaScript-driven configuration enables the design tokens to live in a TypeScript module and feed both the Tailwind generator and any framework-agnostic style consumer such as the report and the operator console.

4.2 Backend

The application-programming-interface uses Hono 4 on Bun 1.3. Hono was chosen because it is the only modern Web-Standards-API-shaped framework that runs unchanged on Bun, on Cloud Run, on Cloudflare Workers, and on Node, and because its middleware composition primitives map directly to the defense-in-depth posture demanded by the security architecture. Bun was chosen because its built-in TypeScript transpiler eliminates a build step in development and its server is two to three times the throughput of Node on the workloads measured.

4.3 Infrastructure

Google Cloud Platform Cloud Run was chosen because it satisfies the regional residency constraint with Asia-South1 single-region deployment, scales to zero between requests, and integrates natively with Cloud Armor, Identity-Aware Proxy, Secret Manager, and Firestore. Terraform manages the infrastructure as code with a global module for shared resources and a regional module that is applied per region. Cloud Build runs the container image and deployment pipeline. Artifact Registry hosts the container images. Cloud Identity-Aware Proxy gates the operator administration path with ECDSA P-256 signed assertions that the application verifies at the request boundary.

4.4 Large-Language-Model Layer

The package @vsbs/llm provides a provider-agnostic abstraction with one Llm.complete interface and six concrete providers: scripted for sim, Google AI Studio for demo, Vertex Gemini and Vertex Claude for production, Anthropic and OpenAI for ad-hoc evaluation. The profile environment variable LLM_PROFILE selects which provider each agent role uses; sim is fully deterministic and does not require an API key.

4.5 Sensor Stack and Simulation

The package @vsbs/sensors implements an extended Kalman filter with constant-turn-rate-and-velocity motion model, the Plett 2004 state-of-charge model for high-voltage cells, and remaining-useful-life models for brake pads, twelve-volt battery, tyres, high-voltage traction battery, engine oil, drive belt, and wheel bearings. Sensor samples are typed by channel and tagged by origin. The CARLA bridge produces ten-hertz frames matching the sensor schema; on hardware that cannot run CARLA, a deterministic chaos driver produces wire-identical frames so the dashboard renders end-to-end without a graphics processing unit.

Figure 4.1. Stack layers with pinned versions from the lockfile on 2026-05-11. Edge controls (Cloud Armor + Identity-Aware Proxy + strict CSP + TLS 1.3) sit above the three client surfaces; the application tier hosts Hono on Bun and the eight library packages; the data tier is Google Cloud Run + Firestore in asia-south1; external adapters all run a sim/live parity contract.
Figure 4.1. Stack layers with pinned versions from the lockfile on 2026-05-11. Edge controls (Cloud Armor + Identity-Aware Proxy + strict CSP + TLS 1.3) sit above the three client surfaces; the application tier hosts Hono on Bun and the eight library packages; the data tier is Google Cloud Run + Firestore in asia-south1; external adapters all run a sim/live parity contract.

4.6 Justification Summary

LayerChosenAlternative consideredReason
Frontend frameworkNext.js 16RemixStrict content-security-policy with dynamic nonces and built-in next-intl 4 internationalisation.
Backend frameworkHono on BunExpress on NodeWeb-Standards Request and Response shape; sub-100-millisecond cold start; runs on every modern runtime.
DatabaseFirestorePostgreSQL on Cloud SQLDocument shape, regional residency, transaction-scoped erasure cascade.
SchemasZodYup or io-tsType inference is upstream of the runtime parser; one schema yields runtime, OpenAPI, and OpenTelemetry tags.
Agent supervisorLangGraphAutoGen or LangChain AgentsExplicit StateGraph; verifier chain composes naturally; deterministic in sim profile.
Edge securityCloud Armor and Identity-Aware ProxySelf-hosted Web Application FirewallNative Cloud Run integration; ECDSA P-256 signed identity-aware-proxy assertions.

Table 4.1. Why each technology was chosen over the leading alternative.

Chapter 5: Implementation

5.1 Monorepo and Build

The repository is a pnpm workspace. Each package is built by the TypeScript compiler with strict mode and exact-optional-property-types. The api application is built by Bun in production. The web application is built by Next.js with a strict content-security-policy that uses per-request nonces. The continuous-integration pipeline runs typecheck, unit tests, the agent evaluation, the property suite, and the chaos suite on every push. The continuous-deployment pipeline runs Cloud Build with the deploy/cloudbuild.yaml manifest, which builds api and web container images in parallel, pushes them to Artifact Registry, and triggers two parallel gcloud run deploy invocations against the regional service.

5.2 Authentication and Sessions

Authentication is one-time-password over the registered mobile number. The /v1/auth/otp/start route accepts a phone in E.164 form and dispatches the code through the configured driver: Twilio Verify, Msg91, or sim. The /v1/auth/otp/verify route mints a HMAC-SHA-256 signed bearer token whose payload contains the subject, the issued-at timestamp, the expiry, and a version field. The token format is a compact JSON-Web-Signature shape; the signature algorithm is HS256; verification is constant-time through SubtleCrypto.verify. The middleware requireSession reads the Authorization Bearer header, verifies the signature, checks expiry, and sets c.var.ownerSubject for the route handler. Three error codes are returned: SESSION_REQUIRED for missing tokens, SESSION_INVALID for malformed or bad-signature tokens, and SESSION_EXPIRED for tokens past expiry.

5.3 Booking Workflow

The customer web application's intake wizard is a four-step plus one-step flow: vehicle, complaints, owner, locale, and confirm. On confirm, the wizard streams a concierge turn that runs the LangGraph supervisor with the user's complaints, decoded vehicle, and locale as input. The supervisor calls the safety, wellbeing, and dispatch tools, the verifier chain inspects each call, and the output filter ensures the final assistant message carries the canonical no-safety-certification advisory regardless of the model's intermediate suggestions. On submit, the booking is persisted to the bookings store with the owner subject, vehicle, complaints, dispatch shortlist, and the verifier chain's grounded-or-not verdict.

5.4 LangGraph Supervisor and Tool Registry

The package @vsbs/agents provides buildVsbsGraph, which constructs a StateGraph supervisor that orchestrates the language model, the tool registry, the verifier chain, and the output filter. Ten tools are registered: decodeVin, assessSafety, scoreWellbeing, driveEta, resolveAutonomy, commitIntake, createPaymentOrder, createPaymentIntent, authorisePayment, and capturePayment. Every tool is registered with a Zod argument schema and a handler that calls the application over the configured base URL. The graph forwards an Authorization Bearer header per request so that any tool callback against an authenticated endpoint carries the same identity.

5.5 Sensor Pipeline and Prognostics

The sensors pipeline accepts ingest from three producers: Smartcar OEM cloud, ELM327 Bluetooth Low Energy dongles, and live CARLA bridges. Each sample carries a channel, a timestamp, an origin, a vehicle identifier, and a value. The arbitration layer fuses cross-modal samples, weights them by health score, and emits a fused observation with an origin summary. The prognostics layer feeds the fused observation through the remaining-useful-life models for brake pads, twelve-volt battery, tyres, high-voltage traction battery, engine oil, drive belt, and wheel bearings; each model emits a remaining-useful-life estimate, a confidence interval, and a recommended action.

5.6 Autonomy Layer and CommandGrant

A CommandGrant is a scope-limited, time-bound, owner-signed capability token. It contains a grant identifier, the vehicle identifier, the grantee service-centre identifier, the autonomy tier, the allowed scopes, the not-before and not-after timestamps, the geofence centre and radius, the maximum auto-pay limit in currency units, the must-notify event list, and the owner signature algorithm. The signed bytes are the canonical RFC 8785 encoding of the grant minus the signature fields. The package @vsbs/shared provides four signature schemes: ECDSA P-256, RSASSA-PKCS1-v1_5 SHA-256, Ed25519, and ML-DSA-65 for post-quantum operation. The verifier supports a sim mode in which the signature is the SHA-256 of the canonical bytes and a live mode that runs WebCrypto.verify against the supplied JsonWebKey. The router gates sim verifier behind a non-production environment check; in production a sim signature returns 503 AUTONOMY_NOT_AVAILABLE.

5.7 Payment State Machine

The shared payment state machine has eleven states and an explicit transition table at packages/shared/src/payment.ts. The states are order-created, intent-created, awaiting-customer, authorised, captured, settled, refund-pending, refunded, failed, cancelled, and expired. The Razorpay sim and live drivers implement the same interface and produce identical state transitions for the same inputs. Every transition is property-tested with fast-check; webhook events are verified with HMAC over the raw body and an idempotency key.

Figure 5.1. Payment state machine. Eleven Zod-typed states grouped into four swim-lanes (order intake, customer flow, settlement, reversal); blue = intake, emerald = active, deep-navy = settled, copper = reversal, crimson = terminal failure. Every transition is gated by canTransition() in packages/shared/src/payment.ts.
Figure 5.1. Payment state machine. Eleven Zod-typed states grouped into four swim-lanes (order intake, customer flow, settlement, reversal); blue = intake, emerald = active, deep-navy = settled, copper = reversal, crimson = terminal failure. Every transition is gated by canTransition() in packages/shared/src/payment.ts.

5.8 Compliance Layer

The package @vsbs/compliance provides the consent manager, the erasure coordinator, the data-protection-impact-assessment template, the fundamental-rights-impact-assessment template, and the artificial-intelligence risk register. The consent manager records grants and revocations per owner and per purpose with version pinning, and supports per-purpose effectiveness checks. The erasure coordinator is an interface with a sim driver that walks the in-memory store; the live driver walks Firestore primary store, scheduled backups, log retention, cache layer, and analytics export, with a verification step that the receipt cannot be issued unless every step succeeded.

Chapter 6: Algorithms and Models

6.1 Sensor Fusion Extended Kalman Filter

The motion model is constant turn rate and velocity. The state vector contains the planar position in the local east-north-up frame, the heading angle, the linear velocity, and the yaw rate. The process noise is tuned from CARLA-truth on the demo town map and is held constant across maps. The measurement model has two channels: a global navigation satellite system position with a five-metre standard deviation in dense urban canyons and a three-metre standard deviation in open sky, and an inertial measurement unit accelerometer plus gyroscope with the bias states recursively estimated. The implementation is in packages/sensors/src/fusion.ts (class ExtendedKalman) and is exercised by the @vsbs/sensors property tests.

Figure 6.1. Sensor fusion topology. Five producers feed the ExtendedKalman class in packages/sensors/src/fusion.ts; the filter emits a fused pose, a cell-level SoC + SoH estimate, an RUL feature vector, and a typed FusedObservation. O(1) per measurement step.
Figure 6.1. Sensor fusion topology. Five producers feed the ExtendedKalman class in packages/sensors/src/fusion.ts; the filter emits a fused pose, a cell-level SoC + SoH estimate, an RUL feature vector, and a typed FusedObservation. O(1) per measurement step.

6.2 Remaining-Useful-Life Models

  • Brake pads, residual-pad-thickness model with stop-event accumulation and rotor-temperature derating, exported as BrakePadRul from packages/sensors/src/rul.ts.
  • Twelve-volt accessory battery, state-of-health drift model with cold-cranking-amperage decay, exported as Battery12vRul.
  • Tyres, wear-rate model fed from per-corner pressure, temperature, and tread depth, conditioned on driving-style profile (TyreTreadRul).
  • High-voltage traction battery, Severson 2019 knee-point model with feature vector derived from voltage curves over the first one hundred cycles and the cell-level imbalance state from the extended Kalman filter (HvBatterySohRul).
  • Engine oil, Society of Automotive Engineers J300 viscosity drift model with thermal cycling penalty and miles-since-change tracking (EngineOilRul).
  • Drive belt, wear and tension model with pulley-temperature signal and serpentine-routing-specific factor (DriveBeltRul).
  • Wheel bearings, International Organization for Standardization 10816 vibration severity classes with rotational-speed-conditioned thresholds (WheelBearingRul).
Figure 6.2. High-voltage traction battery state-of-health under three estimators. The dashed emerald curve is the calendar baseline; the navy curve is the Severson 2019 knee-point multi-layer-perceptron P50; the crimson curve is the last-ninety-day field measurement. The copper marker is the predicted knee at ≈ 820 equivalent full cycles, which triggers a replacement booking before the SoH crosses the 80% replace-soon band.
Figure 6.2. High-voltage traction battery state-of-health under three estimators. The dashed emerald curve is the calendar baseline; the navy curve is the Severson 2019 knee-point multi-layer-perceptron P50; the crimson curve is the last-ninety-day field measurement. The copper marker is the predicted knee at ≈ 820 equivalent full cycles, which triggers a replacement booking before the SoH crosses the 80% replace-soon band.

6.3 Wellbeing Scoring

Wellbeing is a weighted composite of ten axes: safety, wait, customer-treatment-index, time-accuracy, service-quality, trust, continuity, customer-effort-score, customer-satisfaction, and net promoter score. The weights are derived from a literature review of automotive customer-experience research. The composite is bounded in zero to one and binned into four bands: poor, fair, good, and excellent.

Figure 6.3. Wellbeing radar showing the ten axes with their weights (sum = 1.00) as encoded in packages/shared/src/constants.ts. The polygon plots a pure-safety scenario where every axis returns 1.0; the vertex distance from the centre is proportional to the axis weight, so safety (0.25) reaches the outer ring while nps (0.03) sits near the centre.
Figure 6.3. Wellbeing radar showing the ten axes with their weights (sum = 1.00) as encoded in packages/shared/src/constants.ts. The polygon plots a pure-safety scenario where every axis returns 1.0; the vertex distance from the centre is proportional to the axis weight, so safety (0.25) reaches the outer ring while nps (0.03) sits near the centre.

6.4 Agent Verifier

The verifier chain inspects each tool call before execution. It checks that the call is grounded, that the arguments are consistent with the prior conversation and the owner's stated symptoms. It returns a verdict object with a grounded boolean and a free-text reason. The deterministic sim verifier is implemented in TypeScript and is the same code path the production verifier wraps; the production verifier also runs a small grounded-check model.

6.5 Out-Of-Distribution Detection

The out-of-distribution score is the Mahalanobis distance between the observed feature vector and the empirical mean of the training distribution, scaled by the inverse covariance estimated on the autonomy demo dataset. A score above the configured threshold raises a perception event and increments the safety-of-the-intended-functionality rung; sustained out-of-distribution above the threshold for the configured dwell time triggers the next takeover rung.

6.6 UNECE R157 Takeover Ladder

The four-rung takeover ladder is informational, warning, urgent, and emergency-minimum-risk-manoeuvre. Each rung has a dwell time and an escalation predicate. Informational warns the driver of a non-critical degradation; warning indicates a degradation that requires driver awareness; urgent indicates a degradation that will require driver intervention if not resolved within the configured window; emergency-minimum-risk-manoeuvre indicates that the system has detected a fault that cannot be resolved without driver intervention and is executing a safe-state transition such as a controlled lateral creep to the kerb.

Figure 6.4. UNECE R157 four-rung takeover ladder. Each rung escalates dwell and risk; the colour gradient maps to the operational design domain compliance state.
Figure 6.4. UNECE R157 four-rung takeover ladder. Each rung escalates dwell and risk; the colour gradient maps to the operational design domain compliance state.

Chapter 7: Testing

7.1 Strategy

The test strategy is a nine-layer ladder that catches a different class of failure at each rung. Each layer is necessary; none is sufficient on its own. Per the in-tree skill at .claude/skills/vsbs-verification, every verification request runs the full ladder and produces a written witness under docs/verification.

7.2 Test Pyramid

LayerToolCatchesCount
1 Typechecktsc --noEmit across 12 workspacesType and contract drift12 workspaces clean
2 Unit testsVitest on 12 workspacesLogic regression in pure functions1,136 tests
3 SpecialisedAgent eval (BFCL plus tau2 plus red-team), property, chaosAgent drift, property violations, chaos resilience166 tests
4 Live HTTP smokeCurl probes against the running applicationRoute wiring, schema drift, consent gates19 probes
5 Concierge streamServer-sent-event captureSafety fence working under adversarial input1 chain
6 Live CARLA or chaos driverPython bridge against the applicationPhysics composition, takeover, dispatch22 calls per replay
7 End-to-endPlaywright on ChromiumUser-interface rendering, accessibility, manual flow21 cases
8 WitnessMarkdown report with raw logsNon-repudiable evidence for the next reviewer1 report
9 CleanupProcess pkillResource leak0 outstanding

Table 7.1. Test ladder, what each layer catches, and the count at the most recent verification.

Figure 7.1. Nine-layer verification ladder. The bar width tapers down the ladder to indicate cumulative coverage; the count at each layer is the most recent verification.
Figure 7.1. Nine-layer verification ladder. The bar width tapers down the ladder to indicate cumulative coverage; the count at each layer is the most recent verification.

7.3 Continuous Testing

Layers 1, 2, and 3 run on every push through the continuous-integration workflow .github/workflows/ci.yml. Layers 4 through 9 are run before every merge to main and before every deployment to production. The witness is committed to docs/verification with the trigger and the exact build identifier.

Chapter 8: Results and Performance Analysis

8.1 Verification Run Summary

The most recent verification on 11 May 2026 ran the full nine-layer ladder. Layer 1 returned clean across twelve workspaces. Layers 2 and 3 returned one thousand three hundred and two passing tests. Layer 4 returned the expected status code on every probe, including the five security regression probes from the audit proof-of-concept. Layer 5 confirmed the canonical no-safety-certification advisory in the final assistant message. Layer 6 confirmed the vehicle-producer hash-based message authentication code contract. Layer 7 returned eighteen passing, one skipped, and two failing of twenty-one cases; one failure is a known pre-existing flake and the other is an out-of-date e2e test that anonymous-called the now-admin-gated recordings start route. The witness is at docs/verification/2026-05-10-security-fixes.md.

8.2 Security Audit Closure

FindingPre-fixPost-fix
F1 Forged Identity-Aware-Proxy admin assertion200401 ADMIN_TOKEN_INVALID
F2 Spoofed x-vsbs-owner header for /v1/me/data-export200 with victim payload401 SESSION_REQUIRED
F3 Unauth POST /v1/payments/orders201401 SESSION_REQUIRED
F4 Sim-signed POST /v1/autonomy/grant/sign201401 SESSION_REQUIRED; 503 in production
F5 Public GET /v1/concierge/threads/:id200 with personally-identifiable information401 SESSION_REQUIRED; 403 cross-subject
F6 Public consent bootstrap with caller-controlled userId202401 SESSION_REQUIRED; 404 in production
F7 Anonymous POST /v1/recordings/start200 plus subprocess spawn401 ADMIN_REQUIRED
F8 Cloud Armor not attached to backendsabsentattached to api, api_admin, web, region_router
F9 Production environment fall-through to sim defaultssoftproduction-fail-closed superRefine
F10 Mobile transitive dependency advisories7 highmonitored; not on direct exploit path

Table 8.1. Audit findings, pre-fix runtime probe response, post-fix response.

Figure 8.1. Audit findings before and after fix. Crimson bars show pre-fix status against the audit proof-of-concept; emerald bars show post-fix status against the same probes.
Figure 8.1. Audit findings before and after fix. Crimson bars show pre-fix status against the audit proof-of-concept; emerald bars show post-fix status against the same probes.

8.3 Performance

Per-route latency is measured by the OpenTelemetry tracer and aggregated by Prometheus into a per-endpoint histogram. The most-loaded owner-side read path returns at less than one hundred milliseconds at the median and at less than two hundred and fifty milliseconds at the ninety-fifth percentile on the regional Cloud Run instance. The producer ingest path returns at less than fifty milliseconds at the median for ten-hertz frames. Cold start is under one second; warm start is under one hundred milliseconds.

8.4 Test Coverage Trend

Coverage at project start was zero. Coverage at the most recent verification is one thousand three hundred and two unit and specialised tests, plus twenty-one Playwright cases, plus the live HTTP smoke battery. The new coverage from the security workstream alone added one hundred and thirty-three tests across thirteen files: thirteen for the session middleware, twelve for the admin verifier, three for the cloud-armor middleware, nine for the concierge thread store, and the rest for the route-level authorization changes.

Chapter 9: Deployment

9.1 Cloud Build Pipeline

The deployment manifest deploy/cloudbuild.yaml runs seven steps. Step one installs the workspace dependencies under pnpm. Step two builds the libraries via the TypeScript compiler. Step three builds the api container image with a multi-stage Dockerfile based on oven/bun:1.2 in build and bun:1.2-slim in runtime. Step four builds the web container image with a node:22-alpine image running next start. Step five pushes both images in parallel to Artifact Registry. Steps six and seven run gcloud run deploy in parallel against the api and web services respectively. Service-level environment variables are owned by Terraform; the cloud-build manifest only swaps the image tag.

9.2 Terraform Module

The Terraform module infra/terraform is organised into root, global, and per-region modules. The global module manages shared resources: the Cloud Armor policy, the Identity-Aware Proxy brand and client, the URL map, and the global Artifact Registry. The per-region module manages the Cloud Run services, the regional load balancer back ends, the Firestore database, and the per-region Secret Manager secrets. Cloud Armor is attached to every back end via security-policy reference. The Identity-Aware Proxy gates the operator administration path through a separate api-admin back end that re-uses the same Cloud Run network endpoint group.

9.3 Production Fail-Closed

The application environment schema runs a Zod superRefine that rejects production startup if any sim driver, any default signing key, or any unset Identity-Aware Proxy audience is present. The application logs the offending variables and exits with a non-zero status; Cloud Run treats this as a failed revision and rolls back to the previous healthy revision. This is the load-bearing safety property: a production deployment will never run with sim drivers regardless of how many environment variables the operator forgot to set.

Autonomy dashboard showing Mercedes-Benz EQS en route with sim telemetry, speed, heading, and brake pad health tiles.
Figure 9.1. Autonomy dashboard at /autonomy/[id]. Live sensor tiles bind to the producer-token-authenticated SSE stream; the AUTONOMOUS and SIM TELEMETRY pills make the operational mode unambiguous, so an operator cannot confuse the research artefact with a production-certified system.

9.4 Observability

Every request emits an OpenTelemetry trace through the Cloud Run trace integration, a structured log line through the makeVsbsLogger pipeline with personally-identifiable-information redaction, and a per-route histogram through the metrics initialiser. The administration console at /admin/logs exposes a single-pane SIEM-style log viewer with a real-time feed, filterable by request identifier, service, region, and severity. The dashboard at /admin and at /autonomy/:id exposes booking timeline, dispatch shortlist, and live autonomy telemetry.

Recordings page listing CARLA demo clips with start, duration, and download buttons.
Figure 9.2. Recordings page at /recordings. The page is admin-gated through the same Identity-Aware Proxy verifier as the SIEM; the only callers that can start a CARLA orchestrator subprocess are operators with a verified admin assertion.
Consent management screen at /me/consent showing per-purpose toggles with current version pins.
Figure 9.3. Consent management at /me/consent. Each purpose toggle reads from packages/compliance and writes through the erasure-coordinator interface; revocation cascades through primary store, backups, logs, caches, and analytics.
Region selector showing India and United States data planes with the active region pinned.
Figure 9.4. Region selector at /region. The page surfaces the regional residency contract directly to the owner: which data plane the booking, consent, and payment records will live in, and the legal basis under which they may move.

These four operator-facing surfaces (autonomy dashboard, recordings, consent management, region) round out the runtime story. Behind every screen sits the same defense-in-depth ring stack from Figure 3.3.

Chapter 10: Challenges and Solutions

10.1 Strict Content-Security-Policy versus Inline Style

The customer web application enforces a strict content-security-policy in production. React JavaScript-syntax-extension components carry inline-style props that the browser refuses under strict style-source. The first build-out attempted to remove every inline style; this proved infeasible because Tailwind 4 relies on dynamic Cascading-Style-Sheets variables emitted at the element level. The adopted solution keeps unsafe-inline on the style-source while every script-source remains nonced. The tradeoff is documented in the strict content-security-policy memo and is accepted because the threat model considers cross-site-scripting through script injection more impactful than style injection.

10.2 Tailwind 4 Length Hint

Tailwind 4 silently no-ops length utilities when a Cascading-Style-Sheets variable is supplied without the length hint. The first build-out used class names that wrapped CSS variables in the bracket arbitrary-value syntax without an explicit length type hint, which produced no font size at all. The adopted solution prefixes every CSS-variable size utility with the length type hint across two hundred and eleven call sites; a code-mod replaced every occurrence in one pass.

10.3 Constrained Graphics-Processing-Unit Hardware

Live CARLA cannot run on a two-gigabyte-video-random-access-memory graphics processing unit. The first build-out attempted off-screen rendering with quality-level low; the simulator returned a Vulkan device-lost error after a few minutes. The adopted solution implements a deterministic chaos driver in tools/carla that produces wire-identical telemetry and event frames at the same ten-hertz cadence the live CARLA bridge would produce. Verification on the constrained hardware uses the chaos driver; production verification uses live CARLA on a two-graphics-processing-unit instance.

10.4 Multi-Agent Security Fix Orchestration

The external security audit surfaced ten findings whose fixes spanned authentication, authorisation, edge controls, and production wiring. A single-agent fix would have taken multiple sequential days and would have been hard to verify because every change required the others. The adopted solution dispatched a four-agent team: an authentication-foundations agent that delivered the session middleware, the Identity-Aware Proxy verifier, and the production-fail-closed environment schema; two route-authorization agents that worked in parallel against disjoint route trees; and an infrastructure agent that consolidated Cloud Armor, wired Identity-Aware Proxy, set production environment variables, and added Cloud Build. The team coordinated through a shared file-ownership boundary and a strict contract delivered by the foundations agent.

10.5 Mount-Order Race in Consent Gates

The post-fix integration test surfaced a mount-order race where the application-level consent gate ran before the router-level optional-session middleware on the sensors ingest route. The gate fired OWNER_REQUIRED before the bearer token could populate the owner subject in the request context. The adopted solution lifted the consent check inside the route handler conditional on bearer authentication; vehicle-token-authenticated producer ingest is consent-bound through the booking-bound hash-based message authentication code at mint time and does not need a per-frame consent re-check.

Chapter 11: Conclusion and Future Scope

11.1 Summary

VSBS is a research-grade, production-shape reference platform that composes a multilingual conversational concierge, a deterministic safety fence, an extended Kalman filter sensor fusion pipeline, physics-of-failure remaining-useful-life models, a four-rung United Nations Economic Commission for Europe Regulation 157 takeover ladder, a CommandGrant capability token, and a privacy-by-design compliance layer into a twelve-package monorepo running on Bun and Hono with a Next.js 16 customer surface and a Google Cloud Platform deployment. The platform was subjected to an external security audit; every finding was sealed end-to-end, and the closure was verified through a nine-layer test ladder.

11.2 Achievements

  • One thousand three hundred and two unit and specialised tests passing across twelve workspaces with zero failures.
  • All five audit-proof-of-concept exploits returning four-zero-one or four-zero-three responses against the live application.
  • A production-fail-closed environment schema that refuses to start when any sim driver or any default signing key is detected.
  • A Cloud Armor and Identity-Aware Proxy attached Terraform module that satisfies the regional residency constraint for the Digital Personal Data Protection Act 2023.
  • A defensive publication dated 15 April 2026 that establishes prior art for twelve inventive concepts.
  • A non-repudiable witness report that documents the verification ladder and serves as evidence for the next reviewer.

11.3 Limitations

  • Live autonomy is gated behind safety, regulatory, insurance, and homologation gates that are out of scope for the capstone.
  • Live CARLA cannot be exercised on the development workstation; the chaos driver is a wire-identical substitute.
  • The mobile application is implemented and typechecks clean but has not been live-tested on an end-user device under network-degraded conditions.
  • The post-quantum signature scheme ML-DSA-65 is implemented in the verifier but is not yet enabled by default; the operator must opt in through the owner signature algorithm field.

11.4 Future Scope

  1. Phase 2, AlloyDB knowledge graph with pgvector, GraphRAG ingestor, full diagnostic-trouble-code corpus, and Indic natural-language processing.
  2. Phase 3, original-equipment-manufacturer adapter tier expansion: Tesla, Hyundai, Maruti Suzuki, Tata Motors, Mahindra; the Mercedes-Benz and Bosch Intelligent Park Pilot adapter is the reference.
  3. Phase 4, fleet operator surface for taxi aggregators with multi-vehicle CommandGrant orchestration.
  4. Phase 5, predictive maintenance subscription tier with proactive booking and parts pre-staging.
  5. Phase 6, full live autonomy launch in a controlled-access service-centre yard, conditional on completion of the safety, regulatory, insurance, and homologation gates documented in SAFETY-NOTICE.
  6. Phase 7, open-source the platform under Apache 2.0 with the NOTICE preserved; partner channel for original-equipment-manufacturer integration.
Figure 11.1. Phased roadmap from docs/roadmap-prod-deploy.md. Phases P1 through P11 are shipped (emerald); P12 pilot is in progress (copper) and gated on the safety, regulatory, insurance, and homologation reviews enumerated in SAFETY-NOTICE.md; the AlloyDB knowledge graph and the OEM adapter expansion sit in the queued lane.
Figure 11.1. Phased roadmap from docs/roadmap-prod-deploy.md. Phases P1 through P11 are shipped (emerald); P12 pilot is in progress (copper) and gated on the safety, regulatory, insurance, and homologation reviews enumerated in SAFETY-NOTICE.md; the AlloyDB knowledge graph and the OEM adapter expansion sit in the queued lane.

11.5 Closing

The capstone produces an architecture, a working implementation, a verified security posture, and a body of cited research that together constitute a credible blueprint for an autonomous vehicle service booking platform. The platform is not a certified safety system; it is a research and reference artefact whose safety claims are bounded by an explicit notice and whose live autonomy is gated by external homologation. The work is positioned for partnership with original-equipment manufacturers and service-centre networks who have completed those gates and who are seeking a reference customer-side implementation aligned with India-first privacy law and global vehicle-cybersecurity standards.

Reflection Questions

Q1. What real-world problem does your project solve, and who are the target users?

The Indian passenger vehicle parc has crossed forty million units. Service is the largest unmet need: drivers travel long distances, wait without status updates, accept opaque diagnoses, and frequently agree to repairs they cannot independently verify. The same problem at lower density also affects the United States and the European Union; the global service market is over four hundred billion dollars annually. The target users are vehicle owners, service-centre operators, original-equipment-manufacturer integration partners, compliance reviewers, and site-reliability engineers. The platform compresses a multi-step, opaque process into a single auditable flow grounded in cited research and verified through a nine-layer test ladder.

Q2. Why did you choose this technology stack over other alternatives?

Hono on Bun was chosen over Express on Node because the Web-Standards request and response shape runs unchanged on every modern runtime including Cloud Run, Cloudflare Workers, and Node, and because Bun's built-in TypeScript transpiler eliminates a build step. Next.js 16 was chosen over Remix because of its strict content-security-policy with dynamic nonces and its built-in next-intl 4 internationalisation. Firestore was chosen over PostgreSQL because the read paths are document-shaped and the regional residency satisfies the Digital Personal Data Protection Act 2023 cross-border data transfer constraint. Zod was chosen over Yup or io-ts because type inference is upstream of the runtime parser. LangGraph was chosen over AutoGen or LangChain Agents because its explicit StateGraph and verifier-chain composition is deterministic in sim profile. Cloud Armor and Identity-Aware Proxy were chosen over a self-hosted web-application firewall because they integrate natively with Cloud Run and provide ECDSA P-256 signed identity-aware-proxy assertions.

Q3. Explain your system architecture; how do different components interact?

The architecture is a twelve-package TypeScript monorepo with eight library packages (shared, sensors, large-language-model, agents, security, compliance, telemetry, knowledge-base) and four applications (api, web, admin, mobile). The application boundary is the only network boundary. Customer requests enter the web application, are server-side proxied to the api, are validated by Zod schemas at every boundary, are dispatched to route handlers, and emit OpenTelemetry traces. The api calls into the language-model package for conversational turns, the sensors package for fusion and prognostics, the agents package for the LangGraph supervisor, and the compliance package for consent and erasure. Outbound side-effect adapters (Smartcar, Mercedes-Benz Intelligent Park Pilot, Razorpay, Twilio) are sim-driver-and-live-driver pairs that share an identical state machine. Edge security is Cloud Armor and Identity-Aware Proxy on the operator path; the customer path is open under the application's own session middleware.

Q4. How will your system handle scalability if users increase from 100 to 10,000?

Cloud Run scales horizontally to zero or to a configured concurrency without operator intervention. The application is stateless on every owner-scoped request; state lives in Firestore which auto-scales reads and writes. The path-aware rate limiter applies separate budgets to high-volume autonomy ingest, to metrics scrape, and to the global call surface, so a burst on the producer surface does not starve the customer surface. The session middleware is constant-time per-request because verification is HMAC-SHA-256 with no database round-trip. The language-model layer fans out across providers; the sim profile is fully deterministic and bears no provider cost. The Firestore index design is per-owner-subject for owner-scoped reads, by idempotency-key for payment writes, and by booking-identifier for autonomy reads, so every hot path is an O(1) keyed lookup. At ten thousand users the platform's cost is dominated by language-model token spend; the sim profile is exercised in continuous integration to keep that bound predictable.

Q5. What security measures have you implemented (authentication, data protection, etc.)?

Defense in depth is the architectural posture. The edge has Cloud Armor with sensitivity-1 OWASP Core Rule Set, scanner detection, and adaptive protection. The operator administration path is fronted by Identity-Aware Proxy with ECDSA P-256 signature verification at the application boundary. Authentication is one-time-password at /v1/auth/otp/start and /v1/auth/otp/verify; verification mints a HMAC-SHA-256 signed bearer token consumed by the requireSession middleware on every owner-scoped route. The autonomy producer ingest authenticates through a per-vehicle hash-based message authentication code over the booking identifier and the request body. Owner data is encrypted at rest with AES-256-GCM and in transit with Transport Layer Security 1.3. Personally-identifiable information is redacted from every log line. Consent is explicit, granular, and revocable per purpose; erasure cascades through primary store, backups, logs, caches, and analytics. The post-quantum signature scheme ML-DSA-65 is implemented for forward security. Production fails closed when any sim driver or any default signing key is detected.

Q6. What are the biggest challenges you faced during development, and how did you solve them?

The five most consequential challenges were strict content-security-policy versus React inline-style props, Tailwind 4 length hints across two hundred and eleven call sites, the constrained two-gigabyte graphics processing unit that cannot run live CARLA, the ten-finding security audit, and a mount-order race introduced by the security fix integration. The content-security-policy was solved by accepting unsafe-inline on style-source while keeping every script-source nonced; the threat model justifies this. Tailwind 4 was solved by a one-pass code-mod that prefixed every CSS-variable size utility with the length type hint. The graphics-processing-unit constraint was solved by a deterministic chaos driver that produces wire-identical telemetry. The audit was solved through a four-agent team that delivered the session middleware, the Identity-Aware Proxy verifier, the route-level authorization changes, and the infrastructure changes in parallel under a strict contract. The mount-order race was solved by lifting the consent check inside the sensors route handler conditional on bearer authentication.

Q7. How did you test your system, and how do you ensure it is reliable?

Reliability is enforced by a nine-layer verification ladder pinned in the in-tree skill at .claude/skills/vsbs-verification. Layer one is typecheck across twelve workspaces. Layer two is per-package Vitest unit tests. Layer three is the specialised suites: agent evaluation with one hundred and two cases drawn from BFCL, tau2, and a red-team set; thirty-seven property tests with fast-check; twenty-seven chaos scenarios. Layer four is live HTTP smoke against the running application with the audit proof-of-concept probes embedded. Layer five is the concierge server-sent-event chain with the safety-fence final assertion. Layer six is live CARLA or the chaos-driver substitute. Layer seven is Playwright end-to-end on Chromium. Layer eight is the witness report. Layer nine is process cleanup. The most recent verification, on 11 May 2026, returned one thousand three hundred and two passing tests, all five audit regression probes sealed, and the witness committed at docs/verification/2026-05-10-security-fixes.md.

Q8. If your system fails in production, how will you handle debugging and recovery?

Every request emits an OpenTelemetry trace with a unique request identifier and a personally-identifiable-information-redacted structured log line. The administration console at /admin/logs exposes a real-time SIEM-style log feed filterable by request identifier, service, region, and severity. The /readyz endpoint returns the health-checker verdict over four dependency probes (AlloyDB, Firestore, Secret Manager, language-model provider) every five seconds with a two-second timeout. The Cloud Run service is configured to roll back to the previous healthy revision on a failed-health threshold; the rollback is under sixty seconds. Feature flags gate every new behaviour so a regression can be disabled without redeployment. The kill-switch in the configuration manager disables the platform end-to-end if the safety fence ever returns a failure-mode that the verifier chain did not catch. The on-call runbook is at the project Confluence; the seventy-two-hour Digital-Personal-Data-Protection-Act breach runbook is at docs/compliance.

Q9. What are the limitations of your project, and how can it be improved further?

The platform is not a certified safety system. The README, the SAFETY-NOTICE, and the user-interface banners state that no real autonomy is enabled and that the platform is a research and reference artefact. Live CARLA cannot be exercised on the development workstation; the chaos driver is a wire-identical substitute. The mobile application has been typechecked and unit-tested but has not been live-tested on an end-user device under network-degraded conditions. The post-quantum signature scheme is implemented but is not the default. The future-scope roadmap addresses each limitation: the AlloyDB knowledge graph and the GraphRAG ingestor in Phase 2; the original-equipment-manufacturer adapter tier expansion in Phase 3; the predictive-maintenance subscription tier in Phase 5; the live autonomy launch conditional on completion of the safety, regulatory, insurance, and homologation gates in Phase 6.

Q10. If you had to deploy this as a real product or startup, what would be your next steps?

Step one is to complete the safety, regulatory, insurance, and homologation gates documented in SAFETY-NOTICE; the platform's autonomy code path is wired but is gated behind these gates. Step two is to sign a partnership with one original-equipment manufacturer, beginning with the Mercedes-Benz and Bosch Intelligent Park Pilot deployment in Stuttgart for which the adapter is already implemented. Step three is to sign a service-centre network for the pilot, with a clear scope-of-work and a CommandGrant lifecycle that the network's operations staff can audit. Step four is the Phase 2 deployment of the AlloyDB knowledge graph and the GraphRAG ingestor, which unlocks the predictive-maintenance subscription tier. Step five is the regulatory submission to the relevant authority for India, the United States, and the European Union, building on the Fundamental Rights Impact Assessment and the AI Risk Register that ship with the platform. Step six is the open-source release under Apache 2.0 with the attribution NOTICE preserved as a benefit to adopters; the partner channel for original-equipment-manufacturer integration follows.

References

  1. Severson KA, Attia PM, Jin N, et al. Data-driven prediction of battery cycle life before capacity degradation. Nature Energy. 2019;4(5):383-391.
  2. Plett GL. Extended Kalman filtering for battery management systems of LiPB-based HEV battery packs. Journal of Power Sources. 2004;134(2):252-292.
  3. United Nations Economic Commission for Europe. Regulation No. 157, Uniform provisions concerning the approval of vehicles with regard to Automated Lane Keeping Systems. Geneva: UNECE; 2021.
  4. International Organization for Standardization. ISO 21434:2021, Road vehicles, Cybersecurity engineering. Geneva: ISO; 2021.
  5. International Organization for Standardization. ISO 26262, Road vehicles, Functional safety. Geneva: ISO; 2018.
  6. International Organization for Standardization. ISO 21448:2022, Road vehicles, Safety of the intended functionality. Geneva: ISO; 2022.
  7. International Organization for Standardization. ISO 10816, Mechanical vibration, Evaluation of machine vibration. Geneva: ISO; 1995.
  8. Society of Automotive Engineers. SAE J300, Engine Oil Viscosity Classification. Warrendale, PA: SAE International; 2021.
  9. Society of Automotive Engineers. SAE J1979, E/E Diagnostic Test Modes. Warrendale, PA: SAE International; 2017.
  10. Government of India. The Digital Personal Data Protection Act, 2023. Gazette of India. 2023.
  11. European Parliament. Regulation (EU) 2016/679 (General Data Protection Regulation). Brussels: EU; 2016.
  12. European Parliament. Regulation (EU) 2024/1689 (Artificial Intelligence Act). Brussels: EU; 2024.
  13. State of California. California Consumer Privacy Act of 2018, as amended by CPRA 2020. Sacramento: California Legislature; 2020.
  14. Lewis P, Perez E, Piktus A, et al. Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. NeurIPS. 2020.
  15. Yao S, Zhao J, Yu D, et al. ReAct: Synergizing Reasoning and Acting in Language Models. ICLR. 2023.
  16. Wu Q, Bansal G, Zhang J, et al. AutoGen: Enabling Next-Gen LLM Applications via Multi-Agent Conversation. arXiv. 2023.
  17. LangChain. LangGraph. https://langchain-ai.github.io/langgraph/ (accessed 2026-05-10).
  18. Hono. https://hono.dev/ (accessed 2026-05-10).
  19. Vercel. Next.js documentation. https://nextjs.org/docs (accessed 2026-05-10).
  20. Anthropic. Claude API documentation. https://docs.anthropic.com (accessed 2026-05-10).
  21. Google Cloud. Cloud Run, Cloud Armor, Identity-Aware Proxy, Firestore documentation. https://cloud.google.com/docs (accessed 2026-05-10).
  22. OpenWorm Project, CARLA. CARLA Simulator 0.9.16 documentation. https://carla.org (accessed 2026-05-10).
  23. RFC 8785. JSON Canonicalization Scheme. Internet Engineering Task Force; 2020.
  24. NIST. FIPS 204, Module-Lattice-Based Digital Signature Standard (ML-DSA). Gaithersburg, MD: NIST; 2024.
  25. OWASP. OWASP Top 10, 2021. https://owasp.org/Top10/ (accessed 2026-05-10).