V1 Architecture Plan โ€” March 2026

One Brain.
Many Bots.

Hospital Robotics Operating System โ€” a cloud + edge hybrid platform that coordinates multi-vendor robot fleets for supply delivery, cleaning, disinfection, and logistics.

7
Core Modules
9
Vendor Adapters
24
Week Roadmap
HIPAA
Compliant by Design
Executive Summary

Platform Layer for Hospital Robotics

Accelerate sits between hospital operations and heterogeneous robot fleets โ€” TUG, Moxi, Pudu, Avidbots, UVD, Relay, Keenon, and more.

System Context

Nurses / Staff
Ops Managers
Maintenance
Hospital IT
Command Center
Web UI โ€” Task requests, fleet view, alerts, overrides
Edge Gateway (Per-Facility)
Task Engine
Local queue
Traffic Coord
Zone / elevator
Fleet Adapters
Per-vendor
TUG
Aethon
Moxi
Diligent
Pudu
 
Neo
Avidbots
UVD
Robots
Relay
 
Keenon
 
Bear
Robotics
Swisslog
TransCar
Building Systems: Elevators, Doors, Badge Readers, WiFi
Encrypted Tunnel (WireGuard / mTLS)
Accelerate Cloud Platform
Multi-Facility Fleet Mgmt
Analytics & Reporting
Identity / RBAC / Audit
Config & Provisioning
Compliance Engine
Support / Diagnostics
Foundation

Architecture Principles

Eight non-negotiable principles that guide every technical decision.

1

Edge-First Execution

Robots operate even if cloud is unreachable. All real-time tasking, traffic, and safety logic runs at the edge.

2

Vendor-Neutral Abstraction

Never leak vendor-specific concepts above the Fleet Abstraction Layer. Upper layers speak a universal robot language.

3

PHI Minimization

Operate on locations, tasks, and assets โ€” not patients. Where patient context is needed, use opaque references only.

4

Audit Everything

Every state transition, command, override, and access attempt is logged immutably. Non-negotiable for healthcare.

5

Graceful Degradation

Loss of any single component degrades capability, not halts operations. Robots fall back to vendor-native behavior.

6

Contract-First APIs

All inter-service communication defined by protobuf/OpenAPI schemas before implementation. No ad-hoc coupling.

7

Idempotent Operations

All commands to robots are idempotent. Network retries must be safe โ€” no duplicate deliveries or double-stops.

8

Observable by Default

Structured logging, distributed tracing (OpenTelemetry), and health metrics on every service from day one.

System Architecture

7 Core Modules

Each module is independently deployable, with clear API boundaries and an explicit edge vs cloud split.

Module 1 Python gRPC

Fleet Abstraction Layer

Vendor-neutral interface for connecting, monitoring, and commanding heterogeneous robot fleets. Everything above this layer doesn't know or care what vendor built the robot.

Services

  • Fleet Registry (Cloud + Edge)
  • 9 Vendor Adapters (Edge) โ€” hot-pluggable
  • Capability Discovery (Edge)
  • Heartbeat / Liveness Monitor (Edge)
  • ROS 2 Bridge (Edge)

Key Decisions

  • One process per vendor โ€” fault isolation
  • gRPC adapter interface โ€” type safety + streaming
  • SQLite edge cache โ€” simple, low footprint
  • JSONB vendor metadata โ€” forward compatible
Module 2 Python Redis Postgres

Task Orchestration Engine

The "brain" โ€” creates, prioritizes, assigns, monitors, and completes tasks across the fleet. Scoring-based assignment, not rules engine, for transparency and debuggability.

Services

  • Task Manager (Edge + Cloud read replica)
  • Task Assignment Engine โ€” weighted scoring
  • Task Queue (Redis sorted sets)
  • SLA & Escalation Service
  • Task Scheduler (recurring tasks)

Assignment Scoring

capability_match: 1.0
proximity: 0.9
battery: 0.85
queue_depth: 1.0
priority_affinity: 0.8
total_score: 0.94
Module 3 Python TypeScript Redis

Traffic / Facility Coordination

Hospital-aware movement coordination โ€” zone definitions, elevator/door integration, congestion awareness, restricted areas, priority routing. Prevents collisions and deadlocks.

Services

  • Facility Map Service
  • Traffic Coordinator
  • Elevator Coordination
  • Door & Access Coord
  • Zone Policy Engine

Zone Types

Patient Care Clinical Support Public Restricted Staging

Policy Examples

  • "No robots in ICU 22:00โ€“06:00"
  • "Max 2 robots on pediatrics"
  • "Emergency: all return to staging"
Module 4 React TypeScript

Command Center / Operations Console

Hospital-facing web portal for operations managers, charge nurses, and administrators. Real-time map, fleet view, task management, alerts, and dashboards.

Map View
Fleet View
Task View
Alerts
Dashboard
Robot Detail
Admin
Audit Log
Module 5 Go Python TypeScript

Reliability / Support Engineering

Keep the fleet running โ€” health monitoring, battery management, preventive maintenance, remote diagnostics, incident management, and uptime tracking.

Health Monitor (Go)
Lightweight watchdog โ€” must be more reliable than what it monitors
Battery Manager
20% low / 10% critical / 30% min-assign thresholds
Incident Manager
P1-P4 severity, timeline, RCA, post-mortem tracking
Module 6 Go TypeScript

Compliance / Audit Layer

Healthcare-grade governance โ€” immutable hash-chained audit logs, PHI filtering, RBAC, approval workflows. Regulatory requirement, not optional.

Tamper-Evident Audit Chain

N-1 hash: a3f2...
N prev: a3f2... hash: b7e1...
N+1 prev: b7e1... hash: c9d4...

RBAC Roles (V1)

System Admin Full access
Ops Manager Tasks, fleet, alerts
Charge Nurse Create tasks, view
Maintenance Tech Diagnostics, maint
Audit Reviewer Read-only audit
Module 7 Go Python TypeScript

Integration Layer

Connect to hospital systems and building infrastructure โ€” elevators, doors, identity (AD/SSO), EMR, WiFi monitoring, RTLS. Each integration is a plugin behind a common interface.

๐Ÿ›—
Elevator
Otis, Schindler, KONE
๐Ÿšช
Door / Badge
Lenel, ASSA ABLOY, HID
๐Ÿ”
Identity
SAML 2.0, OIDC, LDAP
๐Ÿฅ
EMR (Read-only)
Epic FHIR, HL7 โ€” PHI-free signals
๐Ÿ“ถ
WiFi Monitor
Cisco, Aruba, Meraki
๐Ÿ“
RTLS (Optional)
CenTrak, Midmark
Critical Integration

Elevator Integration Deep Dive

The #1 make-or-break integration for multi-floor robot operations. A robot that can't use elevators is confined to a single floor.

View Full Elevator Integration Case Study โ†’
$1.42B market (2024) โ†’ $7.16B by 2033 โ€” 18.7% CAGR

4-Layer Elevator Integration Architecture

Fallback stack ensures every elevator in every hospital is reachable โ€” cloud API down to mechanical button push.

1

Unified Elevator Abstraction API

Internal

Single API all robots use regardless of elevator brand or integration method. Upper layers never know which OEM built the elevator.

requestElevator(fromFloor, toFloor, robotId, priority) โ†’ ElevatorGrant
getElevatorStatus(elevatorBankId) โ†’ { position, doors, occupancy }
holdDoors(elevatorId, durationMs) โ†’ Ack
releaseElevator(sessionId) โ†’ Ack
2

OEM Cloud API Adapters

Per-Brand

Dedicated adapter modules for each elevator manufacturer's cloud API. Hot-pluggable โ€” adding a new OEM means deploying a new adapter.

KONE
WebSocket + REST
OAuth 2.0
Otis OID
Azure Cloud API
Since 1990 compat
TK Elevator
Touchless API
WiFi/4G
Schindler
REST via local server
BuilT-In
Hyundai
Cloud Open API
40+ robots active
Mitsubishi
Partnership only
No public API
3

Universal Hardware Adapter

Relay I/O

For elevators without cloud APIs โ€” older models, Fujitec, Hitachi, small OEMs. Relay module with WiFi/cellular simulates button presses via dry contacts. Partner with M2MTech for their ELSA IoT Gateway.

Dry contact I/O IR door sensors Magnetic floor position WiFi/MQTT to edge Any elevator, any age
4

Mechanical Fallback

Last Resort

Camera vision + arm/actuator physically presses buttons. Proven at hospital scale by Diligent/Moxi (110,000+ autonomous rides). For emergency/temporary situations or elevators that cannot be modified.

Elevator OEM Integration Readiness

Company API Protocol Developer Portal Hospital Proof Priority
KONE Best โ€” WebSocket + REST OAuth 2.0, OPC dev.kone.com Multiple, Open-RMF adapter #1
Otis Yes โ€” OID Azure Cloud API developers.otis.com MMUH UK, many US hospitals #2
TK Elevator Yes โ€” Touchless WiFi/4G via TAC developer.ea.tkelevator.com Calgary Cancer Centre (30 elevators) #3
Schindler Yes โ€” BuilT-In REST via local server developer.schindler.com Rice Robotics (HK) #4
Hyundai Yes โ€” Open API Cloud API Unknown 30+ buildings (Korea) #5
Mitsubishi Partnership only Proprietary None Cartken partnership TBD
Hitachi No Patent-based None None public Relay
Fujitec No None None None Relay

Technical Protocols

Cloud-to-Cloud (REST/WebSocket)
The future. KONE, Otis, Schindler, TKE all offer this. No custom hardware. Group-level dispatch. Rich status data.
Primary
OPC (Data Access)
Industrial standard. KONE has Open-RMF adapter via Windows OPC server. Works with existing building automation systems.
Destination Dispatch (HLI)
Ideal for robots โ€” specify origin + destination, system assigns optimal car. Schindler PORT, Otis Compass, KONE Destination, TKE AGILE.
Relay Dry Contact I/O
Universal fallback. Works with ANY elevator, any age, any brand. No OEM cooperation required. Simulates button presses.
Fallback
DESfire/NFC/RFID
Robot carries virtual credential for access-controlled elevators. Handles authorization layer alongside control layer.
CANopen CiA 417 / RS-485
Low-level elevator bus protocols. Too deep for robot companies โ€” relevant for middleware partners like M2MTech.

🔗 Middleware & Strategic Partners

M2MTech / ELSA Platform
Top Target
Closest to universal elevator-robot middleware. Manufacturer-independent. CoAP protocol, edge computing. Backed by Bear Robotics. Covers Otis, TKE, Mitsubishi, KONE, Hyundai, Schindler.
Open-RMF / OSRA
Open-source lift adapter architecture (Lift Node โ†’ Lift Adapter โ†’ Lift Controller). KONE OPC adapter exists on GitHub. Reference design for Accelerate's abstraction.
Relay Robotics (Gen 3)
Evolved hardwired โ†’ button pusher โ†’ cloud multi-OEM. Covers all major brands. Proves cloud-to-cloud integration works at scale.
Diligent/Moxi (Mechanical)
110,000+ autonomous elevator rides in US hospitals via physical arm. Proves mechanical fallback works at hospital scale. 20K+ rides/month.
Aethon TUG (ReadyElevator)
Deepest US hospital elevator deployment (hundreds of hospitals since ~2004). Proprietary, locked to TUG. WiFi-based robot-elevator server comm.

Emerging Standards

SS 713:2025 โ€” Singapore standard, being elevated to ISO (global benchmark)
Japan RRI โ€” Robot-Elevator Linkage Interface (Otis OID compatible)
AMRA-271:2025 โ€” AMR Alliance communication protocol for robots + elevators + doors

Elevator Integration Build Order

Phase 1 โ€” Week 13
KONE Adapter
  • Most open API, free dev access
  • WebSocket API v2 + OAuth 2.0
  • Existing Open-RMF OPC adapter
  • Start here โ€” validates architecture
Phase 2 โ€” Week 14
Otis OID Adapter
  • Largest US hospital installed base
  • Covers elevators back to 1990
  • Group-level dispatch (gold standard)
  • Contact: sales-oid@otis.com
Phase 3 โ€” Week 15
TKE + Schindler
  • TKE: proven hospital deploy (Calgary)
  • Schindler: REST, PORT for newer builds
  • Proves multi-OEM abstraction works
  • Register at both dev portals
Phase 4 โ€” Week 16
Universal Relay
  • Covers Fujitec, Hitachi, all others
  • Dry contact I/O + WiFi/MQTT
  • Partner with M2MTech/ELSA
  • No OEM cooperation required
๐Ÿฅ
Multi-OEM Coverage
No robot company today covers all elevator brands seamlessly. This is the moat.
๐Ÿšจ
Hospital-Specific Logic
Code blue priority, emergency recall, fire alarm coordination, patient transport priority.
๐Ÿค–
Fleet-Level Optimization
Coordinate dozens of robots across multiple elevator banks. Not just one robot, one elevator.
๐Ÿ”„
Full Fallback Stack
Cloud API โ†’ Relay I/O โ†’ Mechanical push. Always have a path, even when the API is down.
End-to-End

Data Flow: Supply Delivery

"Nurse requests supply delivery from pharmacy to Room 412" โ€” traced through every system component.

T+0s
Nurse creates task in Command Center
Origin: Pharmacy โ†’ Destination: Room 412 โ†’ Priority: Normal
Command Center
T+0.2s
Task validated, RBAC checked, created
Nurse has "tasks.create" permission. Task status: CREATED โ†’ QUEUED. Audit entry written.
Task Manager RBAC Audit
T+0.5s
Assignment Engine scores available robots
TUG-01: Floor 1, 85% battery, near pharmacy โ†’ score 0.94
Relay-03: Floor 2, 60% battery โ†’ score 0.78
Task Assignment
T+0.7s
Command translated to vendor-native API
gRPC ExecuteTask โ†’ Aethon REST API โ†’ TUG-01 begins navigating to Pharmacy
Fleet Adapter
T+100s
Elevator requested for Floor 1 โ†’ Floor 4
Integration Gateway โ†’ Otis API โ†’ Elevator arrives โ†’ TUG enters โ†’ Rides to Floor 4
Traffic Coord Elevator Integration
T+165s
Badge door unlocked for robot entry
Room 412 has badge-access โ†’ Door Adapter sends unlock โ†’ Door opens โ†’ TUG arrives
Door Integration
T+210s
Task COMPLETED โ€” 3m 30s (within 30min SLA)
8 audit entries created. Dashboard updated. Nurse notified via WebSocket.
Task Manager Audit Dashboard
Robot Fault Mid-Delivery

Adapter detects fault โ†’ Task reassigned to next-best robot โ†’ Alert generated โ†’ Maintenance record created โ†’ Full audit trail preserved

Elevator Unavailable

5-min timeout โ†’ Check alternate routes โ†’ Escalate to Ops Manager if no alternative โ†’ Priority auto-escalates as SLA approaches

WiFi Drop in Corridor

3 missed heartbeats (15s) โ†’ OFFLINE status โ†’ Robot continues on vendor-native nav โ†’ Resync on reconnect โ†’ Alert if >2min

HIPAA Compliant by Design

Security Architecture

Business Associate-grade security. PHI minimization as the primary defense, with defense in depth at every layer.

Network Security Topology

Hospital Network
Accelerate Edge VLAN โ€” Isolated Segment
Edge Gateway Robot Network Bridge Building System Bridge
WireGuard Tunnel Accelerate Cloud
Robot Fleet VLANs โ€” Per-Vendor Segments
mTLS minimum between edge and robots

๐Ÿ” Authentication & Authorization

User authSAML 2.0 / OIDC + Hospital AD
Service-to-servicemTLS (SPIFFE/SPIRE)
Edge-to-cloudmTLS over WireGuard
Sessions15min JWT + 24hr refresh
EmergencyBreak-glass + enhanced audit

๐Ÿ”’ Data Encryption

In transit (edge-cloud)WireGuard (ChaCha20-Poly1305)
In transit (internal)mTLS (TLS 1.3)
At rest (cloud)AES-256 (Postgres TDE)
At rest (edge)LUKS full-disk encryption
SecretsHashiCorp Vault + SOPS/age

๐Ÿ›ก PHI Controls

  • No PHI in data model by design โ€” tasks reference rooms, not patients
  • PHI Filter Service scans all logs and API responses
  • EMR data consumed as ephemeral operational signals only
  • Audit logs PHI-filtered before write
  • BAA required with every hospital customer

๐Ÿ“‹ HIPAA Safeguards

Access Control ยง164.312(a)RBAC
Audit Controls ยง164.312(b)Hash-chained, 7yr
Integrity ยง164.312(c)Hash chain verify
Transmission ยง164.312(e)TLS 1.3 + WireGuard
Authentication ยง164.312(d)SSO + MFA
Hybrid Architecture

Edge vs Cloud Topology

Real-time operations at the edge, analytics and management in the cloud. Offline-resilient by design.

Edge (Per-Facility)
Intel NUC 13 Pro, 32GB RAM, K3s
Fleet Adapters (2-4) Python
Task Manager + Queue Python
Traffic Coordinator Python
Health Monitor Go
Audit Logger + PHI Filter Go
Integration Gateway Go
Postgres + Redis + NATS ~3GB
Total: ~8GB RAM โ€” fits in 32GB with headroom
Cloud (Centralized)
AWS โ€” ECS/EKS, RDS Multi-AZ
Fleet Registry (primary) Python
Command Center BFF TypeScript
Dashboard / Analytics Python + TS
RBAC + Identity TypeScript
Audit Log (durable store) Go
Compliance + Maintenance TypeScript
RDS + ElastiCache + S3 + NATS Managed
All data stores in private subnets, no public access

Edge-Cloud Synchronization

Data Type Direction Mechanism Frequency
Robot statusEdge โ†’ CloudNATS โ†’ gRPC batchEvery 10s
Task eventsEdge โ†’ CloudNATS โ†’ gRPC batchReal-time (buffered)
Audit entriesEdge โ†’ CloudgRPC streamReal-time (buffered)
Health metricsEdge โ†’ CloudPrometheus remote writeEvery 15s
Robot registryCloud โ†’ EdgegRPC syncOn change + 5min
Facility mapCloud โ†’ EdgegRPC syncOn publish
RBAC permissionsCloud โ†’ EdgegRPC syncOn change + 5min
24-Week Plan

Build Roadmap

Five phases from foundation to pilot-ready, each with clear exit criteria.

Phase
0

Foundation

Weeks 1โ€“4

Infrastructure, contracts, and scaffolding โ€” audit, RBAC, PHI filter.

Protobuf/OpenAPI contracts for all APIs
CI/CD pipeline (GitHub Actions)
Cloud + Edge infrastructure (Terraform)
Audit Log + RBAC + PHI Filter (Go)
Exit: Infra running. Audit + RBAC + PHI filter operational.
Phase
1

Fleet Abstraction MVP

Weeks 5โ€“8

Connect to first robot fleet, see robots on a map.

Fleet Registry (cloud + edge)
First adapter: Aethon/TUG
Facility Map Service (GeoJSON)
Command Center: Auth + Fleet + Map View
Exit: TUG robots on map with live status. SSO login works.
Phase
2

Task Orchestration MVP

Weeks 9โ€“12

Create, assign, and complete delivery tasks end-to-end.

Task Manager + Queue (Redis)
Task Assignment scoring algorithm
Battery & Charging Manager
End-to-end: nurse โ†’ task โ†’ TUG โ†’ complete
Exit: Full delivery cycle with audit trail. Battery management live.
Phase
3

Traffic & Building Integration

Weeks 13โ€“16

Multi-floor operations with elevator and door integration.

Traffic Coordinator + Zone Policy Engine
Integration Gateway (Go)
Elevator + Door Integration (1st vendor)
Cross-floor delivery end-to-end test
Exit: Robots use elevators, badge-doors, respect zone policies.
Phase
4

Multi-Vendor & Reliability

Weeks 17โ€“20

Second vendor adapter validates abstraction. Support tooling and analytics.

2nd vendor adapter (Relay or Pudu)
Alert system + Incident Manager
Remote Diagnostics + Maintenance
Dashboard + Uptime Reporter
Exit: Two vendor fleets operational. Remote diagnostics. Dashboard live.
Phase
5

Pilot Hardening

Weeks 21โ€“24

Production-ready for first hospital pilot. Security audit, chaos engineering, documentation.

Offline resilience testing
Compliance reporting (HIPAA audit)
Load testing + chaos engineering
Security audit + pen testing
Exit: Passes security audit. Offline resilience validated. Pilot-ready.
Technology

Technology Stack

Three languages, each chosen for where it excels. No ML in V1 โ€” predictability over optimality.

๐Ÿ
Python 3.12+
Business Logic
  • Fleet adapters (vendor SDK compat)
  • Task orchestration
  • Traffic coordination
  • Analytics & EMR integration
  • ROS 2 native (rclpy)
Go
Go 1.22+
Infrastructure
  • Health monitor (watchdog)
  • Audit logger (bulletproof)
  • PHI filter (fast, inline)
  • Integration gateway
  • Diagnostics collector
TS
TypeScript
UI + Cloud Services
  • Command Center (React 19)
  • BFF (Node.js / Fastify)
  • RBAC, notifications, maintenance
  • Incident management
  • Identity integration

Databases

Postgres 16 โ€” Primary relational (cloud + edge)
SQLite โ€” Edge cache (fleet registry)
Redis 7 โ€” Queue, cache, traffic state

Messaging

NATS โ€” Edge event bus + cloud sync
gRPC โ€” Inter-service (protobuf)
WebSocket โ€” Real-time UI push
ROS 2 DDS โ€” Robot-facing

Infrastructure

K3s โ€” Edge Kubernetes
ECS / EKS โ€” Cloud orchestration
WireGuard โ€” Edge-cloud VPN
Terraform โ€” IaC

Observability

OpenTelemetry โ€” Distributed tracing
Prometheus โ€” Metrics + alerting
Grafana โ€” Internal dashboards
Vector โ€” Edge log collection
Beyond V1

Post-V1 Roadmap

Features deliberately deferred to maintain V1 focus and predictability.

V1.5 EMR Integration

Discharge โ†’ cleaning, diet order โ†’ meal delivery. Requires hospital-specific FHIR work.

V1.5 Mobile App (Native)

PWA or native app for floor staff โ€” web works for V1, mobile is a UX improvement.

V2 Advanced Traffic

Full trajectory planning via Open-RMF. Zone-based is sufficient for <30 robots.

V2 ML-Based Assignment

Need 6+ months of operational data before ML assignment makes sense.

V2 Multi-Facility Optimization

V1 is single-facility focused. Cross-campus task routing requires new coordination layer.

V3+ Patient-Touching & Humanoids

Mobility, transport, humanoid support โ€” regulatory complexity, higher liability.