Primary Customer
Operators of high-volume, multi-building fulfillment campuses. Facilities with dense racking, multi-level mezzanines, large conveyor systems, and nonstop inbound/outbound waves who must squeeze more throughput from the same footprint while keeping people safe. These sites run thousands of picks per hour across fast-moving SKUs, face sharp demand spikes during promotions and peak seasons, and field mixed fleets: lightweight aerial drones for rapid scanning and tote retrieval, and AMRs for heavier floor transport. Today, aisle congestion, elevator queues, and ad-hoc human interventions routinely stall flow, and legacy fleet managers treat each robot type in isolation, leaving capacity stranded. These operators need a coordination layer that understands both airspace and floor traffic, allocates tasks with battery and capability awareness, arbitrates shared resources like crossings and loading bays, and reacts instantly when associates enter safety zones; all without ripping and replacing existing conveyors, doors, or WMS integrations. By unifying planning and safety across modalities, they can hit aggressive SLA targets, cut deadheading and idle time, and scale reliably from a single building to a regional hub.
Intended Users
- Control room supervisors
- Floor associates
- Maintenance/IT
- Robotics engineers/partners
Out-of-Scope Work
This is a software-only initiative. We are not designing or procuring physical robots, airframes, AMR chassis, batteries, chargers, sensors, docking stations, or safety hardware, nor are we responsible for facility modifications such as networking, power, racking changes, or signage required to operate them. We do not assume ownership of the customer’s WMS/ERP or related master data governance, nor will we replace, replatform, or manage those systems beyond integrating through agreed interfaces. Full regulatory certification, compliance audits, and safety validation of specific robot models or facility configurations are outside scope. We will provide interface specifications, logs, and guidance to support the customer’s certification efforts. Also excluded are ongoing operations, on-site commissioning, preventive maintenance, and operator training beyond initial handoff materials. Any third-party licensing, infrastructure hosting, or SLAs for underlying networks and cloud services are the customer’s responsibility, with our deliverables limited to the CARP software, its APIs, and documentation.
Assumptions
The site provides reliable Wi-Fi or private network with quality-of-service guarantees suitable for low-latency control traffic. Fixed infrastructure such elevators, doors, and conveyors has wired backhaul for deterministic I/O and telemetry. Network segmentation and coverage planning are handled by the customer.
Each robot implements certified stop/land/loiter behaviors that can be invoked autonomously or via external command. CARP can trigger these behaviors through documented interfaces, but it does not replace the robots’ native safety controllers. Vendors must furnish evidence that these behaviors function independently of cloud connectivity.
Drones operate strictly within approved indoor volumes defined in the digital twin. Ceilings are geofenced, and transient “no-fly” zones can be activated for maintenance or human activity. Any operation outside these bounds is considered a policy violation and is blocked by CARP.
All third-party systems such as WMS, conveyor PLCs, elevator controllers, door I/O, and identity providers expose stable, versioned APIs or electrical I/O for control and feedback. Partners commit to change windows and deprecation schedules so CARP can maintain compatibility. Where only I/O is available, signal timing and protocols are documented and validated during integration.
High-level requirements (HLRs)
HLR-0.1 Provide a live, unified map of floor and airspace including aisles, shelves, human zones, and restricted “no-fly” volumes with sub-second updates.
HLR-02. Coordinate drones and AMRs for joint missions such as drone fetch to mezzanine, drone handoff to AMR.
HLR-03. Assign tasks based on capability, location, SoC, and duty cycles.
HLR-04. Dynamically slow/redirect/hold robots when humans enter safety zones; allow human overrides with audit trail.
HLR-05. Integrate with elevators, conveyors, doors/I/O to schedule shared resources and vertical moves.
HLR-06. Optimize for order-level SLAs and global flow, not individual robot utilization.
HLR-07. Degrade gracefully on comms loss; safe stopping/loiter behaviors.
HLR-08. Support common fleet/robot APIs and warehouse data systems.
Functional requirements (FR)
Task intake and orchestration
FR-001. Ingest tasks from WMS/host via API/queue; de-duplicate and prioritize by SLA and policy.
FR-002. Support pick, putaway, cycle count, inventory scan, cross-dock, inspection, and ad-hoc assist.
FR-003. Create multi-leg missions spanning drone and AMR with explicit handoff points.
FR-004. Enforce prerequisites and completion checks.
Allocation and scheduling
FR-010. Assign only to robots with required payload, reach, gripper/sensor, or flight clearance.
FR-011. Include SoC, cycle age, and projected mission energy in utility function.
FR-012. Penalize cross-warehouse deadheading in scoring.
FR-013. Re-assign mid-mission if incidents or better options arise; ensure safe handover.
Routing and deconfliction
FR-020. Compute time-expanded paths in 2D (floor) and 3D (air) with clearance envelopes.
FR-021. Enforce dynamic “no-fly/ no-drive” zones for manual, sensor, or policy-triggering.
FR-022. Reserve/lock aisle crossings, elevator cars, conveyors, and loading bays with time-window tokens.
FR-023. Apply cross-modal right-of-way rules such as emergency drone descent yields to human zone.
FR-024. Onboard collision avoidance complements global plan; report deviations.
Human-in-the-loop safety
FR-030. Create caution/slow/stop zones with different behaviors for drone vs AMR.
FR-031. Consume inputs from vision, badges, LIDAR, BLE to detect human presence.
FR-032. Apply speed caps/hold states within milliseconds of detection.
FR-033. Supervisors can freeze/resume individual robots, zones, or whole site with reason logging.
FR-034. Capture who/when/why for every override and outcome.
Energy and maintenance
FR-040. Schedule opportunistic charges/swaps; avoid peak resource contention.
FR-041. Track temps, vibration, battery health, motor currents; raise alerts on thresholds.
FR-042. Create maintenance tickets upon anomaly patterns.
Infrastructure integration
FR-050. Call cars, select floors, ensure door interlocks; confirm capacity/weight.
FR-051. Trigger automatic doors, beacons, and warning lights tied to reservations.
FR-052. Synchronize merge timings and tote handoffs; confirm barcode/weight accept.
Data, maps and localization
FR-060. Maintain warehouse digital twin: static (shelves) + dynamic layers (obstacles/zones).
FR-061. Provide NTP/PTP time sync reference for fleet.
FR-062. Fuse UWB/VIO/LIDAR/IMU/GNSS (if any) for per-robot pose with covariance.
FR-063. Version maps; support scheduled reconfiguration windows.
Interfaces and UX
FR-070. Web UI with live map, alarms, KPIs, drill-downs, playback.
FR-071. Northbound REST/gRPC + event bus; southbound robot adapters.
FR-072. Incident/SLA alerts to Slack/Email/SMS per policy.
FR-073. Simulate plans against recorded traffic before go-live.
KPIs and reporting
FR-080. Orders/hour, lines/hour, mission latency, resource utilization, zone downtime.
FR-081. Near-miss counts, override frequency, zone entries, MTBF/MTTR.
FR-082. kWh/mission, charge queue times, battery aging.
Security and governance
FR-090. Roles for Associate, Supervisor, Engineer, Admin; least-privilege defaults.
FR-091. Immutable logs for commands, config, and data access.
FR-092. Rotate robot credentials; certificate-based mutual auth.
Critical non-functional requirements (NFR)
Performance and scale
NFR-001. New task → assignment decision ≤500 ms p95 under 200 concurrent tasks.
NFR-002. Path replan after obstruction ≤300 ms p95; local avoidance reaction ≤50 ms on-robot.
NFR-003. Zone changes propagate to all active planners ≤200 ms p95.
NFR-004. Support up to 300 AMRs + 150 drones per site; 10 sites per control plane.
Safety and reliability
NFR-010. Control plane ≥99.95% monthly; on-robot safety behaviors independent of cloud.
NFR-011. Loss of comms: AMR safe stop within < 1 s; drone loiter/land in < 2 s per policy.
NFR-012. Maintain minimum separation: floor ≥0.5 m, air ≥1.5 m unless docked/hand-off.
NFR-013. Fleet clocks synchronized to ≤1 ms p99 to support reservation windows.
NFR-014. Pose error ≤10 cm floor p95; ≤20 cm air p95 in mapped zones.
Security and privacy
NFR-020. TLS 1.3 in transit; AES-256 at rest; FIPS-compliant options for regulated sites.
NFR-021. MFA for privileged roles; service-to-service mTLS; per-robot identity.
NFR-022. Store only operational telemetry; redact PII from video/vision payloads.
Interoperability & extensibility
NFR-030. ROS2 Foxy/Humble compatible; OpenAPI-described northbound APIs; OPC-UA adapter for industrial I/O.
NFR-031. New robot vendor adapter deliverable in ≤4 weeks with provided SDK scaffold.
NFR-032. Backward-compatible event schemas for 12 months.
Operability & maintainability
NFR-040. Metrics, logs, and traces exposed via OpenTelemetry; 30-day hot retention.
NFR-041. Zero-downtime rolling controller updates; robot firmware staged with blue/green and canary cohorts.
NFR-042. All zones/policies map-versioned and Git-tracked.
Compliance and environment
NFR-050. OSHA-aligned floor safety policies; facility-specific airspace policies documented and enforced.
NFR-051. Audible/visual cues meet facility standards; night-shift safe-lighting modes.
NFR-052. Average mission energy consumption reduced ≥10% vs. baseline single-modality operations in pilot.