System Design: OSCP Flexibility Provider Domain¶

TLDR (Solution Summary)¶

bf-manage-core will implement a separate OSCP Flexibility Provider domain that owns OSCP connection lifecycle, group_id bindings, and protocol message handling, while using the microgrid domain only through protocol-agnostic microgrid contracts.

OSCP Domain Contract + introduce OscpConnection, OscpGroupBinding, OscpConnectionState, and OscpCapacityForecastEnvelope + keep all OSCP-specific identity and lifecycle outside the microgrid domain.
Group Binding Model + map external group_id values to canonical microgrid_id + node_id targets in the OSCP domain + allow deterministic protocol routing without polluting microgrid aggregates.
Connection Lifecycle Contract + define registration, handshake, heartbeat, and offline-state handling aligned to OSCP 2.0 connection sections + make inbound and outbound OSCP conversations implementation-safe.
Forecast Intake Contract + define how UpdateGroupCapacityForecast messages are received, validated, audited, and translated into generic microgrid-facing OperatingEnvelope inputs + keep protocol semantics outside the microgrid model.
Outbound Messaging Contract + define AdjustGroupCapacityForecast, GroupCapacityComplianceError, and measurement publication behavior + complete the current supported protocol surface.
Connection Profile Layer + define how partner-specific protocol deviations are isolated behind OSCP connection configuration + keep the core OSCP domain standards-based and vendor-agnostic.
Operational Visibility Contract + define OSCP connection status, last-message audit fields, and group-binding observability + support integration operations and troubleshooting.

1. Summary¶

Problem¶

bf-manage-core needs to operate as an OSCP v2.0 Flexibility Provider, but the protocol concerns, external group_id identity, and remote-party lifecycle must not leak into the microgrid domain.

Goal and Design Outcomes¶

Define the conceptual system design for OSCP v2.0 support in bf-manage-core when acting as a Flexibility Provider.
Keep OSCP as a separate bounded context that uses microgrid contracts without making microgrid OSCP-aware.
Define a canonical group_id -> microgrid_id + node_id binding model in the OSCP domain.
Align core design to OSCP v2.0 protocol sections while allowing partner-specific implementation stories later.
Design outcomes:
- OSCP-specific identifiers, state, and protocol rules are owned by the OSCP domain, not by microgrid.
- Every inbound or outbound OSCP business message resolves to exactly one OSCP connection and one group binding.
- Forecast, measurement, adjustment, and compliance flows are traceable and operationally auditable.
- The design remains standards-based even when a narrower partner profile requires a slightly different message profile.

System Capabilities¶

OSCP Flexibility Provider Domain + define bounded context, actors, commands, events, and policies + provide a protocol-safe domain boundary for OSCP.
OSCP Group Binding + define canonical storage and lookup of group_id to microgrid_id + node_id mappings + support deterministic routing of all group-scoped messages.
OSCP Connection Lifecycle + define registration, handshake, handshake acknowledgement, heartbeat, and offline handling + support stable protocol sessions with remote capacity providers.
OSCP Forecast Translation + define intake of UpdateGroupCapacityForecast and translation to generic microgrid operating-envelope inputs + let OSCP drive site-level constraints without changing microgrid semantics.
OSCP Outbound Provider Messages + define adjustment requests, compliance error reporting, and measurement publication + complete the current supported Flexibility Provider responsibilities.
OSCP Connection Profile + define standards-aligned defaults plus isolated per-connection behavior switches + keep partner-specific deviations out of the core domain model.
OSCP Binding Administration + define administrative APIs and UI for connection and group_id binding management + make provisioning and support operationally manageable from product surfaces.
OSCP Operations View + define read-side status for connections, group bindings, last forecasts, last measurements, and last failures + support supportability and operational safety.

Scope (In)¶

OSCP v2.0 Flexibility Provider role semantics.
OSCP-specific domain language, message handling, connection state, and group binding.
Conceptual contracts for how OSCP uses microgrid IDs and microgrid-facing generic contracts.
Protocol-aligned handling of registration, handshake, heartbeat, forecast, adjustment, compliance, and measurements.
Operational observability for OSCP integration state.

Scope (Out)¶

Microgrid topology, limit-policy, and balancing internals already covered by the microgrid specification.
Transport-level implementation details such as exact framework wiring, token storage schema, or deployment infrastructure.
Partner-specific acceptance criteria and user-story slicing.
Commercial contract logic, market rules, and non-technical onboarding process details.
Flexibility Provider communication to individual field devices or chargers.

Future Evolution Guardrails¶

The design must support one microgrid containing multiple independently managed scopes and multiple future external bindings across those scopes, even though the current supported model uses one active group_id per managed scope.
The design must not require the microgrid domain to store OSCP identifiers, protocol states, or partner-specific behavior.
The design must not couple the OSCP domain to one specific external party, even if early implementations target a single DERMS integration.
The design should remain open to adding the Capacity Optimizer interaction path later without reshaping the core Flexibility Provider model.

2. Users and Use Cases¶

Primary Personas¶

Persona	Primary Job	Why this spec matters
Integration Engineer	Configure OSCP endpoints, bindings, and partner contracts.	Needs deterministic routing and standards-aligned connection lifecycle.
Platform Engineer	Build OSCP domain APIs, jobs, and message handlers.	Needs a bounded context that is clearly separated from microgrid internals.
Operations / Support	Diagnose failed handshakes, offline connections, or rejected forecasts.	Needs observable OSCP state and auditability.
Product / Stakeholder	Understand what Flexibility Provider responsibilities are covered in the current supported model.	Needs scope clarity and partner-agnostic design decisions.
QA / System Test Engineer	Validate end-to-end protocol behavior and site-level message routing.	Needs testable flows for registration, heartbeat, forecast, and outbound provider messages.

High-Level Use Cases¶

As an integration engineer, I can bind an external OSCP group_id to one internal microgrid_id + node_id target so that OSCP traffic routes to the right site boundary.
As an integration engineer, I can manage OSCP connections and group_id bindings through administrative APIs and UI so that provisioning and support do not rely on direct database changes.
As a remote capacity provider, I can complete registration, handshake, and heartbeat with the Flexibility Provider and know whether the connection is online.
As a remote capacity provider, I can send a group capacity forecast that is validated, audited, and translated into a generic OperatingEnvelope for the mapped microgrid.
As the Flexibility Provider, I can publish measurement, adjustment, and compliance messages for a mapped group without exposing microgrid internals directly.
As support, I can inspect which OSCP connection, group binding, and last protocol exchange affected a given microgrid.

Edge Cases and Failure Modes¶

A group_id is unknown or resolves to more than one microgrid.
Registration has not been completed but business messages are received.
Handshake is incomplete or expired.
Heartbeats stop and the connection transitions offline.
A forecast payload is syntactically valid but cannot be translated into a supported microgrid OperatingEnvelope.
Outbound measurement publication cannot be produced because required source data is unavailable.
A partner expects a protocol subset or behavior that differs from the default standards-based profile.

3. Conceptual Model Terms and Decisions¶

Key Terms¶

Term	Definition	Notes
OSCP Domain	The bounded context in `bf-manage-core` that owns OSCP protocol identity, lifecycle, and message handling.	Separate from the microgrid domain.
Flexibility Provider	The OSCP role currently fulfilled by `bf-manage-core`.	Aligned to OSCP 2.0 actor definitions.
Capacity Provider	The remote party that sends capacity forecasts and receives provider-side messages.	External to `bf-manage-core`.
Group Binding	The OSCP-owned mapping between external `group_id` and one internal `microgrid_id + node_id` target.	Canonical routing identity for the current supported model.
Managed Scope	The targeted part of a microgrid controlled by one OSCP binding.	Typically the whole microgrid or one `GRID_CONNECTION` subtree.
OSCP Connection	The logical relationship with one remote party, including registration state, supported versions, and liveness.	Owns protocol state, not business topology.
Connection Profile	A configuration object that defines supported OSCP version, endpoint set, required behaviour, and any partner-specific message-profile switches.	Keeps deviations outside the core domain model.
Connection State	Current lifecycle state of an OSCP connection.	Includes at least registered / handshaken / online / offline semantics.
Capacity Forecast Envelope	A normalized OSCP forecast message for one `group_id`, type, and set of time blocks.	Derived from OSCP sections 4.4.1 and 5.3-5.4.
Measurement Publication	A normalized outbound measurement payload published under OSCP rules.	Defaults to `UpdateGroupMeasurements` for the Capacity Provider path and may use profile-configured `UpdateAssetMeasurements` where a partner profile requires it.
Compliance Error	An outbound OSCP message reporting inability to comply with a previously received capacity forecast.	Correlates to an earlier forecast.
Operating Envelope	A generic microgrid-facing `OperatingEnvelope` derived from external protocol inputs.	Microgrid does not know it came from OSCP.

Decision Ledger¶

ID	Decision	Rationale	Alternatives Rejected	Implications
D-001	Model OSCP as a bounded context separate from microgrid.	Prevents protocol identity and lifecycle concerns from polluting site-energy domain logic.	Store `group_id` or OSCP session state inside microgrid.	OSCP owns protocol state and bindings; microgrid remains protocol-agnostic.
D-002	Own `group_id -> microgrid_id + node_id` bindings in the OSCP domain.	`group_id` is an external routing identity, while the managed electrical target is a microgrid plus optional subtree rather than a standalone microgrid identity.	Add `group_id` directly to microgrid aggregate or force every managed scope to become its own microgrid.	All OSCP message routing passes through OSCP group binding lookups.
D-003	The current supported role is `Flexibility Provider` only.	Keeps the initial surface area manageable while preserving a standards-based extension path.	Implement `Capacity Optimizer` and other roles now.	Some OSCP message families remain future work.
D-004	OSCP 2.0 standard semantics are canonical; partner deviations are handled by connection profiles.	Keeps the design standards-based while allowing practical first integrations.	Hard-code one partner’s behavior as the domain default.	Stories can target a partner profile without changing the conceptual model.
D-005	Microgrid must not be aware of OSCP.	Preserves separation of concerns and allows multiple external protocols later.	Add OSCP-specific commands or fields to microgrid.	OSCP must translate inbound messages into generic microgrid contracts.
D-006	Current supported active binding cardinality is `1 group_id = 1 microgrid_id + node_id target = 1 active OSCP connection`.	Simplifies routing while allowing one depot microgrid to expose multiple future managed subtrees.	Many-to-many group bindings or multiple active connections per managed scope immediately.	Must keep a future extension path open while enforcing one active manager per managed target in the current supported model.
D-007	Connection lifecycle gates business messaging.	Aligns with OSCP connection rules for registration, handshake, and heartbeat.	Accept business messages without lifecycle state checks.	Messaging policies must enforce state preconditions.
D-008	Offline detection is an OSCP domain responsibility.	Heartbeat and liveness semantics are protocol concerns, not microgrid concerns.	Let microgrid or generic infrastructure own offline state.	OSCP status views must expose offline transitions and last heartbeat data.
D-009	Forecast translation produces generic operating envelopes, not OSCP-specific microgrid objects.	Keeps protocol translation in OSCP while letting microgrid consume stable external control abstractions.	Pass OSCP payloads directly into microgrid.	Requires a clear microgrid-facing boundary contract later in implementation.
D-010	Measurement publication strategy is owned by OSCP connection profiles, with `UpdateGroupMeasurements` as the canonical Capacity Provider path and optional `UpdateAssetMeasurements` only where a profile explicitly requires that standard OSCP message shape.	Different remote parties may require group-level or derived asset-reporting payloads.	Force one measurement shape for all connections.	Allows standards-based defaults with isolated profile-specific behavior and makes the profile deviation explicit.
D-011	OSCP correlation and request identifiers are auditable first-class metadata.	Supports compliance errors, troubleshooting, and replay/idempotency controls.	Treat message metadata as transport-only and discard it.	Read models and logs must retain protocol traceability.
D-012	Partner-specific onboarding details are informative only, not normative in this specification.	Keeps the spec reusable while allowing implementation stories to target a narrower partner profile later.	Bake one partner’s onboarding and auth constraints into the core spec.	Vendor-specific expectations should appear in stories or integration notes, not core requirements.
D-013	Administrative APIs and UI are part of the current supported OSCP model.	Binding and lifecycle management must be operationally manageable without direct data edits.	Configuration-only provisioning outside product surfaces.	OSCP read/write administration is part of the enduring domain surface.
D-014	Until a deployed event bus is available, outbound OSCP delivery will use persisted `OscpOutboundPublication` records plus an in-process/background `OscpOutboundDispatcher`.	Provides retries, auditability, and transport isolation without blocking the current supported model on external messaging infrastructure.	Require a real event bus before any outbound OSCP capability is delivered.	Immediate and scheduled OSCP publishers create due outbound publications; a dispatcher worker in `bf-manage-core` executes delivery and updates send state.
D-015	Current supported one-to-one `group_id -> microgrid_id + node_id target -> active OSCP connection` enforcement is owned by the persisted OSCP aggregate and active-binding rules, not by transient session/auth tokens.	Uniqueness is domain state, while auth/session material is transport/security state.	Use session tokens as the primary source of binding truth.	Requests authenticate first, then resolve through persisted connection and binding state before business processing is allowed.

4. Domain Model and Eventstorming (Conceptual)¶

Bounded Context and Ubiquitous Language¶

Bounded context: OSCP Flexibility Provider.
External actors: Capacity Provider, optional future Capacity Optimizer.
Internal collaborators: Microgrid Domain, Operations / Support, Integration Configuration.
Core commands: register endpoint, initiate handshake, acknowledge handshake, record heartbeat, receive group capacity forecast, publish measurements, request capacity adjustment, report compliance error, mark connection offline.
Core events: group bound, registration completed, handshake initiated, handshake acknowledged, heartbeat recorded, connection offline detected, capacity forecast received, operating envelope prepared, measurements published, adjustment requested, compliance error reported.

Eventstorming Diagram¶

flowchart LR
    CP[Capacity Provider]
    OSCP[OSCP Flexibility Provider Domain]
    MG[Microgrid Domain]
    OPS[Operations / Support]

    CP -->|Register / Handshake / Heartbeat| OSCP
    CP -->|UpdateGroupCapacityForecast| OSCP
    OSCP -->|Generic operating envelope| MG
    MG -->|Aggregated measurements / status / breach signals| OSCP
    OSCP -->|UpdateGroupMeasurements / AdjustGroupCapacityForecast / GroupCapacityComplianceError| CP
    OSCP -->|Connection status / audits / binding status| OPS

Connection and Forecast Flow¶

sequenceDiagram
    participant CP as Capacity Provider
    participant OD as OSCP Domain
    participant MG as Microgrid Domain

    CP->>OD: Register / Handshake / Heartbeat
    OD-->>CP: HTTP 204 + HandshakeAcknowledge when required
    CP->>OD: UpdateGroupCapacityForecast(group_id, type, blocks)
    OD->>OD: Resolve group_id to managed microgrid target
    OD->>OD: Validate lifecycle state and payload
    OD->>MG: Apply generic OperatingEnvelope
    MG-->>OD: Accept / reject with generic outcome
    OD-->>CP: HTTP 204
    MG->>OD: Measurement / breach / inability-to-comply signal
    OD->>CP: UpdateGroupMeasurements or profile-required `UpdateAssetMeasurements`
    OD->>CP: GroupCapacityComplianceError when required

Aggregates and Entities (Conceptual)¶

OscpConnection:
- Owns remote-party registration state, selected OSCP version, base URL references, required behaviour, and liveness state.
- Owns whether the connection is currently allowed to exchange business messages.
OscpGroupBinding:
- Owns canonical mapping from external group_id to one internal managed target represented as microgrid_id plus optional node_id.
- Optionally owns measurement-publication strategy and any external reporting identifiers needed for that binding.
OscpForecastConversation:
- Owns receipt, correlation, and audit of inbound capacity forecast messages for one group.
- Owns translation result from OSCP forecast to generic OperatingEnvelope.
OscpOutboundPublication:
- Owns audit of outbound measurements, adjustment requests, and compliance errors.
- Owns correlation to earlier inbound forecasts when required.
OscpOutboundDispatcher:
- Claims due outbound publications and performs HTTP delivery to the remote OSCP party.
- Exists as an interim in-process/background worker until event-bus-driven handler orchestration is available.
OscpConnectionProfile:
- Defines the active protocol subset, behaviour switches, and profile-level constraints for one remote integration.
- Exists to isolate remote-party specifics from the core OSCP domain language.

Connection Profile Configuration (Conceptual)¶

Field	Type	Description
`auth_mode`	enum	`TOKEN`, `OAUTH_CLIENT_CREDENTIALS` for the remote integration profile.
`oauth_token_url_ref`	string \| null	Reference to remote token endpoint configuration when `auth_mode=OAUTH_CLIENT_CREDENTIALS`.
`credential_ref`	string	Reference to stored client credentials or shared token material.
`static_header_profile_ref`	string \| null	Reference to additional required static headers for a partner profile.
`measurement_publication_mode`	enum	`GROUP` or `ASSET`. `GROUP` serializes outbound measurements as `UpdateGroupMeasurements`. `ASSET` serializes outbound measurements as `UpdateAssetMeasurements` when a partner profile explicitly requires that standard OSCP message shape.
`measurement_configuration`	enum[]	OSCP `RequiredBehaviour.measurement_configuration` values. The current supported measurement configuration is `INTERMITTENT`; `CONTINUOUS` remains a standards-aligned future extension unless a later profile requires it.
`measurement_publication_interval_seconds`	integer	Local scheduling interval used by the OSCP measurement-publication job. Defines how often outbound measurements are due for this connection profile.

Notes: - auth_mode and related references are conceptual configuration fields only; credential storage mechanics remain out of scope for this specification. - measurement_publication_mode is a local OSCP connection-profile setting, not a standard OSCP discovery flag. - measurement_configuration aligns to standard OSCP handshake RequiredBehaviour semantics and describes aggregation behaviour, not whether measurement publication is enabled. - The current supported measurement semantics use INTERMITTENT mode, representing bounded-window energy totals and peak instantaneous load rather than an ever-increasing cumulative meter value. - measurement_publication_interval_seconds is a local OSCP scheduling setting. It defines cadence, not message semantics.

HTTP and Header Semantics (Normative)¶

Every outbound OSCP request must include Authorization and X-Request-ID.
Every outbound OSCP message that replies to or reports against an earlier OSCP message must include X-Correlation-ID.
Valid synchronous OSCP responses must return HTTP 204 with no payload.
Error responses may return another HTTP status code and may include a human-readable payload; if the error relates to an earlier message, X-Correlation-ID should be preserved.
Handshake and HandshakeAcknowledge must each receive HTTP 204 before the follow-up OSCP message is considered accepted.
The current supported model does not support segmented OSCP messages; inbound segmented requests are rejected as unsupported and outbound segmented requests are not emitted.

Required Behaviour Negotiation (Normative)¶

Each connection profile defines the local desired RequiredBehaviour.
Each received Handshake or HandshakeAcknowledge captures the remote required behaviour for audit.
The connection stores an effective negotiated behaviour derived from local profile rules and the latest accepted remote requirements.
Business messaging is allowed only when the effective negotiated behaviour is valid for the local connection profile.
A handshake with unacceptable required behaviour must be rejected with protocol-appropriate error handling and visible audit state.

Measurement Configuration Semantics (Current Supported Model)¶

Mode	OSCP meaning	Current bf-manage-core behaviour
`CONTINUOUS`	Accumulated measurements are never reset.	Defined by the standard but not currently implemented.
`INTERMITTENT`	Measurements are accumulated over a bounded measurement window and may restart; `initial_measure_time` is required for energy measurements.	Current supported mode. Publish interval-bounded measurements per configured publication interval, including `initial_measure_time` and period-aligned aggregation metadata where applicable.

Notes: - When INTERMITTENT is used, the bounded measurement window is defined by the active connection profile. - When INTERMITTENT is used, energy measurement values represent total consumption during the configured window and instantaneous measurement values represent the maximum point load during that same window.

Invariants and Business Rules (Normative)¶

group_id binding ownership belongs to the OSCP domain; the microgrid domain must not store OSCP identifiers.
Each active group_id resolves to exactly one microgrid_id + node_id target in the current supported model.
Business messages must not be processed for an unregistered or invalidly handshaken connection.
Offline state must block business messaging until connection lifecycle rules are satisfied again.
Every accepted UpdateGroupCapacityForecast must be auditable to one connection, one group binding, and one translation outcome.
OSCP message handling must preserve request and correlation identifiers where present.
OSCP message timestamps must follow OSCP time requirements and retain timezone information.
The OSCP domain may translate protocol messages into generic microgrid operations, but the microgrid domain must not be required to understand OSCP sections, roles, or message names.
Outbound compliance errors must correlate to an earlier forecast when protocol rules require it.
Measurement publication strategy is determined by OSCP connection and group-binding configuration, not by the microgrid domain.
In the current supported model, an active managed scope may be managed by only one active OSCP connection and one active OSCP group_id.
Every OSCP connection profile must define auth_mode, measurement_publication_mode, measurement_configuration, and measurement_publication_interval_seconds.
The current supported measurement publication model uses INTERMITTENT measurement configuration.
Until event-bus-driven handlers are available, outbound OSCP messages must be executed from persisted outbound-publication records by an in-process/background dispatcher within bf-manage-core.
When a message relates to an earlier OSCP message, correlation metadata must be retained and reused in outbound transport headers where required.
When the active Capacity Provider connection is offline or capacity updates are no longer being received, the Flexibility Provider must use fallback capacity from the latest accepted forecast until the online condition is restored.
When online state is restored, the OSCP domain must reactivate the latest non-fallback forecast state unless superseded by a newer accepted forecast.
UpdateAssetMeasurements remains a profile-based deviation for CP-facing integration; UpdateGroupMeasurements is the canonical Capacity Provider path.
Authentication or session material may be retained for transport security and request routing, but it must not be the primary mechanism that enforces active group_id, microgrid_id + node_id, or OSCP-connection uniqueness.
After authentication succeeds, every inbound OSCP business message must resolve through persisted OSCP connection state and active group-binding state before it can affect microgrid behavior.

Protocol Alignment (Normative Reference Map)¶

Area	OSCP 2.0 sections
Actors and role terminology	Sections `1.6`, `2.2`
Generic HTTP response behavior	Sections `1.8`, `4.1.3`
Registration, handshake, heartbeat, offline	Sections `2.6`, `4.3.1` to `4.3.4`, `5.1`, `5.2`
Capacity forecast, adjustment, compliance	Sections `2.3`, `2.3.1`, `4.4.1` to `4.4.3`, `5.3`, `5.4`
Group and asset measurements	Sections `2.5`, `4.5.1`, `4.5.2`, `5.6`
Time and date rules	Sections `1.9`, `1.9.1`
Segmented requests and related headers	Section `4.1.2.1`

5. Requirements and Constraints¶

Functional Requirements¶

FR-001: The system shall implement an OSCP Flexibility Provider bounded context separate from the microgrid domain.
FR-002: The system shall store and manage group_id -> microgrid_id + node_id bindings in the OSCP domain.
FR-003: The system shall support OSCP registration, handshake, handshake acknowledgement, heartbeat, and offline-state handling for the Flexibility Provider role.
FR-004: The system shall receive and validate UpdateGroupCapacityForecast messages for bound groups.
FR-005: The system shall translate accepted OSCP forecasts into generic microgrid-facing OperatingEnvelope inputs without requiring the microgrid domain to understand OSCP semantics.
FR-006: The system shall support outbound AdjustGroupCapacityForecast messages for a bound group.
FR-007: The system shall support outbound GroupCapacityComplianceError messages for a bound group and correlate them to the relevant earlier forecast when required.
FR-008: The system shall support outbound measurement publication for a bound group according to the active OSCP connection profile.
FR-009: The system shall retain auditable metadata for inbound and outbound OSCP messages, including connection, binding, request, and correlation references.
FR-010: The system shall expose operational read models for OSCP connections, OSCP group bindings, and last successful / failed protocol exchanges.
FR-011: The system shall allow standards-aligned connection behavior to be configured separately from any partner-specific profile switches.
FR-011a: The system shall allow each OSCP connection profile to configure measurement_publication_mode with supported values GROUP and ASSET.
FR-011b: The system shall allow each OSCP connection profile to configure measurement_configuration using OSCP-supported values, with INTERMITTENT as the current supported configuration.
FR-011c: The system shall allow each OSCP connection profile to configure measurement_publication_interval_seconds to drive outbound measurement-publication scheduling.
FR-011d: The system shall allow each OSCP connection profile to configure conceptual auth settings including auth mode, credential reference, and optional static-header profile reference.
FR-012: The system shall reject or quarantine messages that cannot be resolved to a valid active group binding.
FR-013: The system shall use OSCP-standard endpoint semantics and message families as the canonical conceptual contract, even when a partner profile uses only a subset or requires an adapted publication strategy.
FR-014: The system shall provide administrative APIs and UI for creating, updating, disabling, and inspecting OSCP connections, connection profiles, and group_id -> microgrid_id + node_id bindings.
FR-015: The system shall enforce current supported active-binding cardinality of one group_id, one microgrid_id + node_id target, and one active OSCP connection per managed target.
FR-016: The system shall persist outbound OSCP publications before delivery and execute them through an interim OscpOutboundDispatcher within bf-manage-core until a deployed event bus is available.
FR-017: The system shall enforce OSCP header and response semantics for Authorization, X-Request-ID, X-Correlation-ID, and HTTP 204 success responses.
FR-018: The system shall reject segmented OSCP messages in the current supported model and record deterministic audit outcomes for that rejection.
FR-019: The system shall store both the latest accepted primary forecast and its fallback-capacity semantics so the mapped microgrid can be constrained safely during CP offline conditions.
FR-020: The system shall repeat compliance-error reporting when a newly received forecast still cannot be met and shall treat absence of a renewed compliance error after a new forecast as compliance restored.

Non-Functional Requirements¶

NFR-001: OSCP-specific data and microgrid-specific data must remain in separate bounded contexts.
NFR-002: Message handling must be idempotent enough to tolerate retries of the same inbound protocol exchange without unsafe duplicate side effects.
NFR-003: Connection status and last-message audit data must be operationally visible without requiring protocol log inspection.
NFR-004: The design must allow additional OSCP roles or profiles later without redesigning the microgrid domain.
NFR-005: Forecast translation outcomes must be reproducible and diagnosable from stored audit data.
NFR-006: Time handling must preserve timezone offsets and remain compliant with OSCP time-format rules.
NFR-007: The design must support secure connection credential handling, but credential-storage implementation details are outside this spec.
NFR-008: Interim outbound OSCP dispatch must support retry, audit, and deterministic send-state visibility without requiring a deployed event bus.
NFR-009: OSCP admin and operations views must expose enough connection-profile and audit detail to distinguish standards-based behavior from partner-profile deviations without reading transport logs.

Constraints¶

C-001: The microgrid domain must not store group_id, OSCP connection state, OSCP lifecycle timestamps, or partner-specific endpoint behavior.
C-002: The OSCP domain must not duplicate microgrid topology, limit-policy, or balancing models already defined in the microgrid specification.
C-003: The current supported model is limited to the Flexibility Provider role and does not require full Capacity Optimizer support.
C-004: Standards-based OSCP references must be cited by OSCP section number; this specification must not duplicate OSCP schema definitions.
C-005: Partner-specific integration behavior must be expressed as connection-profile configuration or later story detail, not as core protocol semantics.

Assumptions¶

A-001: Current supported routing resolves one OSCP group_id to one managed microgrid_id + node_id target, typically the whole microgrid or one GRID_CONNECTION subtree, managed by one active OSCP connection.
A-002: The microgrid domain will provide protocol-agnostic contracts for applying OperatingEnvelope inputs and reading aggregated operational state.
A-003: The first implementation stories may target a narrower partner profile than the full standards-based conceptual surface, but the conceptual model remains protocol-generic.

6. Interaction and Flow¶

Connection Lifecycle¶

A connection is provisioned with a connection profile and one or more group bindings.
Registration establishes selected version and authenticated endpoint relationship.
Handshake and handshake acknowledgement exchange required behaviour such as heartbeat interval and measurement configuration.
Heartbeats maintain liveness.
Missing heartbeats or equivalent liveness failure transition the connection offline.
Offline connections must re-satisfy lifecycle rules before business messaging resumes.

Forecast Intake¶

The OSCP domain receives UpdateGroupCapacityForecast.
The OSCP domain validates lifecycle state, version, identifiers, timestamps, and message shape against OSCP rules.
The OSCP domain resolves group_id to one managed microgrid_id + node_id target.
The OSCP domain translates forecast blocks and forecast type into a generic operating envelope.
The OSCP domain stores both the primary forecast state and any fallback-capacity semantics required to operate safely during offline conditions.
The OSCP domain submits the translated envelope through a protocol-agnostic microgrid boundary.
The translation result and resulting correlation metadata are stored for audit and later compliance/error reporting.

Offline and Fallback Behaviour¶

The latest accepted forecast conversation retains the normal capacity state plus its fallback-capacity semantics.
When the active Capacity Provider connection transitions offline or forecast validity can no longer be guaranteed, the OSCP domain activates fallback-derived OperatingEnvelope constraints for the mapped microgrid.
While offline, the Flexibility Provider continues to operate against the fallback-derived envelope until online state is restored.
When the connection is restored through handshake/liveness recovery, the OSCP domain reactivates the latest accepted non-fallback forecast state unless a newer accepted forecast supersedes it immediately.
Offline/fallback transitions and restored-normal transitions are auditable in the OSCP operations view.

Measurement Publication¶

The OSCP domain determines whether a measurement publication is due under the active connection profile using measurement_publication_interval_seconds.
The OSCP domain reads the required aggregated or profile-derived measurement inputs from microgrid-facing or related read models.
The OSCP domain serializes the outbound measurement message using the active publication strategy:
canonical default: UpdateGroupMeasurements
profile-based deviation: UpdateAssetMeasurements where a partner profile explicitly requires it
The publication is persisted as an OscpOutboundPublication and marked due for dispatch.
The interim OscpOutboundDispatcher claims the due publication, sends it to the remote party, and updates delivery audit metadata.

Adjustment and Compliance Reporting¶

A need for additional or reduced capacity is detected outside or at the boundary of the OSCP domain.
The OSCP domain resolves the affected group binding.
The OSCP domain builds AdjustGroupCapacityForecast or GroupCapacityComplianceError payloads aligned to OSCP rules.
GroupCapacityComplianceError publications must correlate to the relevant forecast using stored request/correlation metadata.
If a newer forecast is received and the site still cannot comply, a new compliance-error publication must be emitted against that newer forecast.
The publication is correlated to the relevant forecast or decision context, persisted as an outbound publication, and dispatched by the interim OscpOutboundDispatcher.

State Model¶

State	Meaning	Allowed next states
`CONFIGURED`	Connection profile and binding exist, but registration not completed.	`REGISTERED`, `DISABLED`
`REGISTERED`	Registration completed, but handshake not fully completed.	`HANDSHAKEN`, `DISABLED`
`HANDSHAKEN`	Registration and handshake completed, waiting for active heartbeat/liveness.	`ONLINE`, `OFFLINE`, `DISABLED`
`ONLINE`	Business messaging is allowed.	`OFFLINE`, `DISABLED`
`OFFLINE`	Liveness failure or equivalent protocol failure detected.	`HANDSHAKEN`, `ONLINE`, `DISABLED`
`DISABLED`	Administrative stop or invalid configuration.	`CONFIGURED`

7. Relationship to the Microgrid Specification¶

This specification uses the microgrid system design as the source of truth for site-level electrical behavior and operating state.
This specification does not redefine topology, limits, balancing logic, or capability-status semantics already owned by microgrid.
This specification only defines how the OSCP domain binds to a microgrid and exchanges protocol messages around that boundary.

8. Long-Term Evolution Notes¶

The interim OscpOutboundDispatcher is an allowed medium-term solution until event-bus-based orchestration is deployed, provided the same persisted outbound-publication audit contract is preserved.
Additional OSCP roles, multi-binding profiles, and broader partner-profile support may be introduced later without requiring changes to the microgrid domain boundary.
Transport credential storage, deployment wiring, and framework-specific HTTP adapter details remain implementation concerns outside this system-design document.