An Edge–Mesh–Cloud Telemetry Architecture for High-Mobility Environments: Low-Latency V2V Hazard Dissemination in Competitive Motorcycling

Abstract

At racing speeds above 300 km/h (≈83 m/s), hazard awareness becomes a vehicular-communications problem: 100 ms already correspond to about 8.3 m of blind travel before an alert can influence braking, line choice, or torque delivery. Cloud-only telemetry is therefore insufficient under intermittent coverage and variable round-trip delay, while conventional trackside and pit-wall links do not provide direct inter-bike hazard dissemination. We propose Hybrid Epistemic Offloading (HEO), an edge–mesh–cloud architecture for high-mobility V2V/V2X hazard dissemination that explicitly separates an ephemeral safety plane from a durable cloud-analytics plane. On-bike edge nodes ingest high-rate ECU/IMU signals over CAN and persist full-fidelity traces into standardized ASAM MDF containers, enabling loss-tolerant buffering, deterministic replay, and post hoc auditability across coverage gaps. For real-time safety, motorcycles form a local V2V mesh that disseminates compact hazard digests using latency-bounded gossip with adaptive fanout, TTL-based suppression, and redundancy-aware forwarding over sidelink-capable V2X links. The hazard channel is formulated as uncertainty-aware to account for localization error and propagation delay at race pace. We evaluate the system in two stages: (i) a reproducible mobility-coupled simulation/emulation campaign for mesh dissemination and durable edge → gateway → cloud delivery; and (ii) an MDF4 replay-based Jerez pilot for stability-oriented co-design analysis. Under the tested conditions, the durable MQTT path achieved an 83.4 ms median, 175.9 ms p95, and 303.74 ms maximum end-to-end latency with no observed event loss. In the Jerez pilot, the co-design workflow reduced mean wheel slip from 6.26% to 3.75% (−40.10%) and a control-volatility proxy from 0.1290 to 0.0212 (−83.58%).

1. Introduction

At 300 km/h (≈83 m/s), latency is not merely a software inconvenience but a vehicular-communications constraint with direct physical consequences: 100 ms corresponds to ∼8.3 m of travel, and 200 ms implies >16 m before an alert can influence braking, line choice, or torque delivery. In high-velocity motorsport, where control margins are defined by tire friction, transient load transfer, and limited decision windows, such delays can move a hazard update outside the actionable horizon of the rider–machine loop. This makes bounded dissemination delay, tail latency, and intermittent coverage first-class design constraints rather than secondary implementation details.

Rather than framing the problem as a simplistic “cloud vs. edge” dichotomy, we ground it in the operational and governance constraints of professional racing. Trackside telemetry and pit-wall monitoring primarily serve the rider–team channel, but in-race bidirectional signaling between a moving motorcycle and the team is heavily constrained in Grand Prix practice and governance, with only narrow exceptions, such as timing transponders, GPS, pit boards, and organizer-managed broadcast links. Consequently, any credible in-session assistance must be local-first and advisory, while higher-latency infrastructure-mediated channels are reserved for durable learning, auditing, and post-session optimization.

This distinction is central to the scope of the paper. The manuscript does not study a generic cyber–physical stack with a telecommunication layer embedded inside it; rather, it studies a telecommunications problem in a cyber–physical application domain: how to disseminate ephemeral hazard knowledge between vehicles under strict latency and freshness constraints, intermittent infrastructure availability, and broadcast stress. The broader motorsport setting provides the application context, but the primary scientific question is a V2V/V2X communications one.

Regulatory and technical trends further amplify this need. The MotoGP technical roadmap for the next cycle includes reduced engine displacement (850 cc from 2027) and tighter constraints on ride height and holeshot devices, shifting competitive advantage and safety toward fine-grained interactions between ECU control, chassis dynamics, and the rider’s cognitive loop. In this regime, the motorcycle can be viewed as a coupled human–machine system operating under uncertainty; however, the contribution of this paper is not to model that full coupling exhaustively but to design the communication substrate that allows time-critical hazard knowledge to remain available when cloud connectivity is intermittent or delayed.

1.1. Why Cloud-Centric Telemetry Is Not Sufficient

Modern racing loggers capture high-rate kinematic and control data, but cloud-centric pipelines primarily support descriptive and post hoc analytics. They do not provide bounded-latency inter-vehicle dissemination of hazards (e.g., sudden track contamination) under intermittent LTE/5G coverage, nor do they offer a local safety plane that remains usable when backhaul availability fluctuates. This creates an epistemic gap: the rider’s local view of the track can diverge from the state inferred elsewhere from delayed or partial telemetry. Closing this gap requires (i) disseminating safety-critical knowledge before the affected segment is reached, and (ii) representing hazards with bounded validity and explicit uncertainty rather than as raw traces transported to a remote endpoint.

Importantly, once recommendations are introduced into the rider–machine loop, the system becomes a coupled feedback process that may exhibit oscillatory behavior if assistance is not damped appropriately. For this reason, the decision-support layer in HEO is deliberately separated from the critical dissemination layer: immediate hazard transport is handled locally through the V2V mesh, whereas slower learning and co-design functions are treated as non-critical, auditable, and stability-constrained processes. This separation prevents the manuscript from conflating low-latency telecom functions with higher-level adaptation logic.

1.2. Our Solution: A Continuous Edge–Mesh–Cloud Computing Continuum

We propose Hybrid Epistemic Offloading (HEO), an edge–mesh–cloud continuum that separates knowledge by time-criticality and persistence. Ephemeral critical knowledge (hazards and micro-context) is disseminated locally with bounded validity, while durable knowledge (audit logs, maneuver summaries, and long-horizon learning signals) is consolidated asynchronously for engineering analysis.

1.2.1. Critical-Path Clarification (Safety vs. Durability)

In this paper, cloud connectivity is not treated as the safety-critical path. Ephemeral hazards are shared laterally through a V2V mesh with TTL/time-expiry bounded messages, whereas the MQTT edge → gateway → cloud path is reserved for durable functions, such as auditability, attribution, replay, and long-horizon learning. This policy-separated design avoids strawman comparisons in which cloud round-trip delay is treated as a reflexive alternative to local hazard dissemination.

To operationalize the continuum with traceable data guarantees, we adopt a telemetry pipeline with three functionally distinct layers:

• Bronze (Edge): On-bike ingestion of raw CAN/ECU and IMU signals into standardized ASAM MDF 4.x containers for high-rate persistence, deterministic replay, and auditability.
• Silver (Mesh): A decentralized V2V mesh using a gossip/epidemic substrate to propagate compact hazard digests in the local neighborhood without relying on backhaul connectivity.
• Gold (Cloud/Offline): Aggregation of maneuver-level summaries (e.g., MQTT) for long-horizon analytics, explainable diagnosis, and co-design support.

1.2.2. Reflexive Budget

We use 25 ms as an engineering target for the local safety loop, corresponding to approximately 2.1 m of travel at 83 m/s. This value should not be interpreted as a physiological rider-reaction threshold or as a universal standard for all vehicular systems; rather, it is a conservative design budget chosen to keep warning dissemination within a short physical horizon at race pace and to distinguish the local safety plane from the slower durable cloud path. Accordingly, the MQTT path is analyzed separately as a non-critical channel, and the results are reported using median, $p_{95}$, and maximum latency rather than a single average so that both typical and tail behavior remain visible.

A second design goal is reproducibility. Reviewer concerns in this area are valid for high-mobility networking studies: opaque “simulation” claims are insufficient. For this reason, the manuscript explicitly separates the safety-plane evaluation from the durable MQTT path and details the measurement hooks, communication assumptions, and packet-level V2V evaluation stack in the Methodology Section.

1.3. Human-in-the-Loop Learning and Co-Design

Real-time dissemination alone is insufficient for engineering practice: the system must also support post-session interpretation and setup refinement at the maneuver level. We therefore use a Nested Learning Architecture that decomposes laps into Skill Atoms (e.g., apex stability and corner exit) computed from aligned telemetry (track-frame normalization and phase alignment). Competence is tracked per atom and context using volatility-aware updates, and recommendation strength is regulated under uncertainty using filtering, deadband hysteresis, and hold-time constraints.

Because this layer is farther from the time-critical dissemination path, its role in the paper is deliberately narrower than that of the communication layer. In particular, H3 is presented as pilot case-study evidence for stability-oriented co-design rather than as a broad claim of generalizable closed-loop control across riders, tracks, or conditions. The main telecommunication contribution of the manuscript remains the design and evaluation of the local hazard dissemination plane.

1.4. Systems-Engineering View: Where Anomalies Are Detected and Acted Upon

We treat each anomaly class as a closed-loop system that is concerned with defined inputs, outputs, and actuation points. Figure 1 shows where each anomaly is detected, transformed into a message or model update, and applied as an intervention across the continuum. To improve readability, the figure should be interpreted as a separation of time horizons: reflexive actions remain local to the vehicle, tactical warnings are propagated over the mesh, and strategic co-design is consolidated through the durable cloud path.

1.5. Research Hypotheses (H1–H3)

We test three hypotheses grounded in measurable outputs reported in Section 7:

• H1 (Durable path performance). The edge → gateway → cloud path provides bounded latency that is suitable for durable knowledge transport and operational visibility while remaining explicitly non-critical for immediate hazard warning.
• H2 (Ephemeral hazard dissemination under uncertainty). A gossip-based V2V substrate disseminates hazard digests with bounded time-to-coverage under loss and density variation, and alerts remain tactically useful once spatial uncertainty (localization + dissemination delay) is accounted for at $v\approx 83$ m/s.
• H3 (Stability-constrained co-design and pilot evidence). Volatility-aware co-design reduces instability and risk proxies without inducing oscillatory recommendation behavior, as assessed on aggregated maneuver/session evidence rather than raw time-series samples.

1.6. Contributions

This paper makes five contributions:

1.

Telecom-centered hazard dissemination architecture: An edge–mesh–cloud design that separates ephemeral safety knowledge from durable telemetry and treats local V2V/V2X dissemination as the critical path.

2.

Critical-path separation with auditable persistence: A policy-separated continuum in which ASAM MDF-based edge persistence guarantees replayability and auditability, while MQTT offloading supports durable analytics without inheriting safety-critical timing requirements.

3.

Bounded-validity mesh dissemination: A compact-digest gossip mechanism with adaptive fanout, TTL/time-expiry suppression, and uncertainty-aware hazard semantics for high-mobility environments.

4.

Reproducible evaluation framing: A methodology that separates the durable MQTT path from the mesh safety plane and evaluates the latter with an explicit mobility-coupled V2V/V2X stack and density-sensitive dissemination metrics.

5.

Pilot human-in-the-loop co-design evidence: A maneuver-level learning and recommendation layer based on Skill Atoms and volatility-aware updates, presented as auditable pilot evidence rather than as a generalized autonomy claim.

2. Related Work

Our work is positioned at the intersection of four strands: (i) edge computing for time-constrained cyber–physical applications, (ii) high-mobility V2X communication under broadcast stress, (iii) epidemic/gossip dissemination for infrastructure-independent situational awareness, and (iv) maneuver-level analysis and human-in-the-loop stability for post-session co-design. We review these strands through a telecom-centered system question: which architectural ingredients are required to disseminate safety-relevant hazard knowledge within tight latency and freshness budgets while preserving auditability and avoiding unstable adaptation loops outside the critical path?

A key point of positioning is that this manuscript does not claim a novel PHY/MAC, congestion-control algorithm, or sidelink scheduler. Instead, it contributes an end-to-end design that combines: (a) a local safety plane for bounded-validity hazard dissemination, (b) an auditable edge persistence layer for loss-tolerant capture and replay, and (c) a durable cloud path for delayed analytics and co-design. This distinction is important when comparing HEO to the prior V2X and CPS literature: the gap we address is architectural integration under race-pace latency and freshness constraints rather than a replacement for standardized vehicular radio stacks.

2.1. Edge Computing and Hard-Deadline Locality

Cyber–physical system (CPS) research emphasizes that timing constraints are first-class design variables: under hard deadlines, delay translates into physical displacement and can invalidate a control action [1]. Edge computing and mobile edge computing (MEC) emerged precisely to reduce the latency and bandwidth bottlenecks of centralized pipelines by relocating compute and storage closer to the plant [2,3,4]. These paradigms are effective when the decision-to-actuation loop can remain within the task’s temporal budget.

In high-mobility hazard dissemination, however, the challenge is not only computation placement but also knowledge placement. Safety-relevant updates are short-lived and spatially local: they must be shared among nearby vehicles before the affected segment is reached, and their utility decays rapidly with delay. Cloud-centric pipelines are well suited for durable storage, fleet analytics, and post hoc interpretation, but they are not by themselves a mechanism for bounded-latency local awareness. Our notion of Hybrid Epistemic Offloading (HEO) formalizes this separation by routing ephemeral critical knowledge to the closest layer that can satisfy the timing budget (edge/mesh), while durable knowledge (models, summaries, replay traces, and engineering evidence) is consolidated asynchronously in the cloud. From a data-engineering perspective, this remains compatible with curated analytics abstractions, such as lakehouse-style consolidation, without forcing latency-critical decisions through high-variance remote paths [5].

2.2. High-Mobility V2X Communication Under Broadcast Stress

Vehicular networking research has long recognized that mobility, short contact times, and channel variability challenge traditional WLAN assumptions. DSRC/IEEE 802.11p [6] introduced a vehicular-optimized stack, while cellular V2X (C-V2X/PC5 sidelink) and, more recently, NR-V2X further target infrastructure-independent safety messaging [7,8,9,10,11,12]. These standards provide the communication substrate, but safety dissemination remains difficult under congested broadcast, hidden terminals, bursty interference, and density variation. Empirical VANET studies show that reception rates and contention can degrade sharply under dense broadcasting [13,14].

Practical safety performance depends not only on the radio interface but also on how systems regulate channel load and dissemination behavior under contention. On the ITS-G5 side, ETSI specifies the access layer and facility messages, such as CAM/DENM, GeoNetworking, and Decentralized Congestion Control (DCC), to regulate channel occupancy in the 5 GHz band [15,16,17,18,19,20]. On the cellular side, 3GPP sidelink supports distributed resource selection and semi-persistent scheduling modes designed to operate without infrastructure [10,11,21]. These mechanisms directly shape reception probability, delay tails, and message freshness under broadcast stress and therefore must be reflected in any architecture that claims bounded neighborhood awareness.

Recent IoV work has also begun to couple low-latency vehicular communication with learning-based optimization objectives. For example, semantic communication and auction-based coordination have been studied in IoV crowdsensing services, highlighting the growing relevance of communication-efficient task/value exchange in vehicular edge settings [22]. Likewise, age-aware optimization has been investigated for C-V2X-enabled IoV using deep reinforcement learning to jointly manage information freshness and energy expenditure [23]. These works are adjacent rather than directly equivalent to our setting: they optimize communication utility in broader IoV environments, whereas our focus is race-pace hazard dissemination with bounded validity, local neighborhood usefulness, and auditable persistence.

Motorsport sharpens the V2X problem. The environment is high-velocity and high-consequence, and the most valuable messages are short, local, and time-critical (e.g., sudden contamination, transient grip loss, or micro-conditions near corner entry). Therefore, PHY/MAC support is necessary but insufficient: robust safety dissemination also requires an application-layer mechanism that tolerates loss, prioritizes time-to-coverage over perfect reliability, and separates immediate tactical warning from delayed cloud analytics.

2.3. Gossip Dissemination, Freshness, and Bounded-Validity Awareness

Epidemic (gossip) protocols provide scalable dissemination with probabilistic convergence under unreliable links [24,25]. Their publish/subscribe perspective further motivates decoupled failure-tolerant exchange of event digests rather than centralized coordination [26]. In vehicular settings, opportunistic exchange of local knowledge has long been seen as a practical alternative to infrastructure-dependent distribution, especially when the relevant awareness horizon is local and short-lived.

We adopt gossip as the substrate for short-lived location-anchored hazard digests. Unlike classical eventual-consistency replication, our correctness criterion is bounded-time local convergence inside the approaching neighborhood. This changes the design objective in three ways: (i) alerts must expire by design through strict TTL/time-validity semantics, (ii) forwarding must be redundancy-aware to avoid broadcast amplification under load, and (iii) evaluation must quantify tactical usefulness rather than only end-to-end delay. In this sense, HEO is closer to freshness-constrained neighborhood dissemination than to generic replicated messaging.

For short-lived hazards, usefulness is governed by freshness rather than eventual consistency. Dissemination is therefore more appropriately evaluated through time-to-coverage metrics (e.g., $T_{95}$) and freshness-oriented measures such as Age of Information (AoI), which better capture whether an alert remains actionable at high velocity [27,28]. This also clarifies the contribution boundary of the paper: we do not claim guaranteed reliable delivery to all nodes but bounded-validity dissemination that remains useful within the relevant spatiotemporal horizon.

2.4. Signal Alignment and Maneuver-Level Representation

A second gap in motorsport telemetry pipelines is representational. Channel-level traces and lap/sector aggregates are poorly suited for attribution when entry line, traffic, or micro-corrections introduce phase shifts across ostensibly similar maneuvers. Without alignment, variance-sensitive quantities can become mathematically fragile or misleading. Dynamic time warping (DTW) and related alignment techniques provide a principled way to compare time series under non-linear time distortions [29,30]. In addition, the anomaly detection literature emphasizes the need for robust statistics under heavy-tailed disturbances and outliers, which is realistic in racing because of traffic, rider error, and track evolution [31].

Our Skill Atom abstraction is therefore positioned as an engineering representation rather than as a networking primitive. It provides stable indices for longitudinal comparison and enables feature computation from aligned track-frame-normalized signals (e.g., yaw-rate peaks, jerk energy, and throttle reapplication delay), improving interpretability and reducing spurious variance. The vehicle-dynamics literature provides the physical grounding for selecting stability and risk proxies, such as slip and transient load transfer [32,33,34,35,36]. In the context of this paper, however, this layer is secondary to the telecommunication contribution and mainly supports post-session co-design interpretation.

2.5. Human-in-the-Loop Stability Outside the Critical Path

Introducing recommendation algorithms that can influence setup or interpretation creates a coupled human–machine feedback system. Human-factor research emphasizes that situation awareness and cognitive load influence control performance in dynamic environments [37]. In safety-critical domains, poorly damped adaptation can lead to oscillatory behavior; the pilot-induced oscillation (PIO) literature formalizes how loop coupling can destabilize human–machine interaction if feedback and actuation are not carefully gated [38]. These results motivate explicit safeguards, such as filtering, hysteresis, and hold-time constraints, together with objectives that do not optimize lap time at the expense of stability and risk.

This strand is relevant because one component of HEO uses maneuver-level evidence for post-session co-design. However, it should be distinguished from the local hazard dissemination problem. In our formulation, the human-in-the-loop recommendation layer is not part of the immediate warning path; it is a slower auditable layer whose role is to prevent unstable adaptation while preserving engineering interpretability.

2.6. Auditability, Provenance, and Operator Trust

Safety-critical deployments require traceability: alerts, warnings, and recommendations should be auditable against raw evidence, especially under intermittent connectivity. Durable capture layers support replayability and provenance, while explainability mechanisms support operator trust and post-incident attribution in high-stakes settings [39,40]. In our setting, the auditable edge layer is not an accessory to the network stack; it is what allows delayed analytics and setup recommendations to remain grounded in verifiable telemetry rather than opaque post hoc inference.

2.7. Reproducible Evaluation Toolchains for Coupled Mobility and Networking

A recurrent issue in vehicular networking research is reproducibility. Bidirectionally coupled traffic-and-network simulation has been advocated to avoid unrealistic assumptions about mobility and contact patterns [41]. Widely used toolchains include SUMO for traffic/mobility [42] and packet-level simulators such as ns-3 and OMNeT++ for network behavior [43,44]. For sidelink evaluation in particular, open-source tool support has enabled packet-level experimentation with C-V2X Mode 4/PC5 and corresponding analytical performance models [45,46]. This literature is especially relevant here because claims about bounded dissemination delay and neighborhood coverage are only persuasive when channel model, MAC assumptions, mobility coupling, and dissemination metrics are reported explicitly.

Accordingly, our evaluation philosophy follows the reproducibility norm of coupled mobility–network studies: the safety-plane dissemination stack must be parameterized and reported as a packet-level V2V/V2X experiment, while the durable MQTT path must be evaluated separately as an infrastructure-mediated telemetry channel. This separation avoids conflating durable cloud offloading with local hazard transport and makes the reported latency metrics easier to interpret.

2.8. Design Requirements and the Gap Addressed by HEO

The literature provides strong building blocks but not an end-to-end blueprint for race-pace local hazard dissemination with auditable persistence and stability-aware post-session adaptation.

Table 1. Design requirements for race-pace hazard dissemination and how related-work strands contribute to them.

Req.	Requirement	Closest Related-Work Strand(s)	HEO
R1	Bounded-time dissemination of ephemeral hazard knowledge under intermittent infrastructure and congested broadcast	V2X standards + broadcast stress + evaluation methodology [7,8,9,10,13,14,15,21]	Yes
R2	Freshness-aware dissemination under loss with TTL semantics and time-to-coverage metrics (e.g., $T_{95}$)	Gossip + pub/sub + AoI/freshness [23,24,25,26,27,28]	Yes
R3	Loss-tolerant capture and auditability under coverage gaps (replayability and provenance)	CPS/edge computing and curated analytics platforms [1,2,5]	Yes
R4	Maneuver-level representation with alignment and robust features for attribution (rider vs. setup vs. environment)	Time-series alignment + robust anomaly detection + dynamics [29,30,31,32,33]	Yes
R5	Stability safeguards to avoid algorithm-induced oscillations in slower recommendation loops	Human factors + PIO + control perspectives [37,38]	Yes
R6	Communication-efficient vehicular knowledge exchange with utility/freshness trade-offs	Recent IoV optimization and semantic communication [22,23]	Yes

summarizes the domain requirements and the strands from which they derive.

Edge computing and CPS theory motivate hard-deadline locality [1,2]; the V2X standards and congestion-control literature address mobility-aware communication but remain challenged by broadcast stress and freshness degradation [7,13,19,21]; gossip provides robust dissemination under uncertainty [25]; and freshness metrics such as AoI better characterize tactical usefulness at high velocity [28]. Alignment and robust statistics are essential for maneuver-level attribution [29,31], while human-in-the-loop stability requires explicit damping mechanisms [38]. HEO operationalizes these strands as a single continuum tailored to competitive motorcycling: a local bounded-validity hazard dissemination plane; an auditable edge persistence layer; and a delayed co-design path that remains outside the immediate safety loop.

3. System Architecture

3.1. Design Goals, Control Partitioning, and System Constraints

Motorsport operation at $v\approx 80–83\mathrm{m}/\mathrm{s}$ turns delay into displacement: $100 \mathrm{ms}\to$∼8.3 m traveled. In this regime, latency is a physical system variable with direct consequences for tactical usefulness. Accordingly, the architecture must: (i) disseminate safety-critical hazards within a short human-actionable horizon, (ii) remain functional under intermittent infrastructure connectivity, (iii) preserve auditable high-rate telemetry under coverage gaps, and (iv) limit V2V overhead so that safety messaging does not trigger congestive collapse under broadcast stress.

To avoid the misleading “cloud vs. edge” framing, we explicitly separate three operational horizons:

• Local safety horizon (edge/mesh, target <25–50 ms). Neighborhood hazards must reach nearby motorcycles before the affected segment becomes physically unavoidable. At $83\mathrm{m}/\mathrm{s}$, 25–50 ms corresponds to roughly 2.1–4.2 m of travel, which motivates local dissemination without cloud round-trips.
• Tactical supervision horizon (trackside/pit-wall RF, ∼50–200 ms). Infrastructure-assisted telemetry supports supervision and operational awareness, but it is not a decentralized inter-bike hazard channel.
• Durable learning horizon (cloud, seconds–minutes). Audit, replay, model refinement, and post-session co-design tolerate intermittent connectivity and larger latency variance.

We therefore separate knowledge by time-criticality and persistence: ephemeral critical knowledge (hazards and immediate micro-context) remains local and lateral, whereas durable knowledge (logs, summaries, replay traces, and learning artifacts) is consolidated opportunistically. This partition is consistent with hard-deadline locality principles in edge/CPS design [1,2] while preserving auditable data curation for delayed analytics [5].

3.1.1. Engineering Interpretation of the 25 ms Target

We use 25 ms as an engineering design target for the local safety plane, not as a physiological rider-reaction constant or a claimed universal vehicular requirement. Its purpose is to keep hazard dissemination within a short physical horizon at race pace (≈2.1 m at $83\mathrm{m}/\mathrm{s}$) and to distinguish the local warning plane from slower infrastructure-mediated transport. For this reason, all latency results are later reported with median, $p_{95}$, and maximum statistics rather than a single average so that both typical and tail behavior remain visible.

3.1.2. Telecom-Grade V2X Constraint

The local safety plane is designed to remain compatible with infrastructure-independent V2X operation, where neighborhood awareness, channel load, and freshness are first-class concerns. On the ITS-G5 side, CAM/DENM and DCC explicitly address broadcast stress [15,16,17,19]. On the cellular side, 3GPP C-V2X/NR-V2X sidelink (PC5) provides distributed resource selection and standard evaluation guidance in TR 36.885/TR 37.885 [10,21]. Accordingly, cloud connectivity is explicitly excluded from the safety-critical path; it is reserved for durable transport, replay, attribution, and long-horizon learning.

Figure 2 summarizes this partition. The core architectural claim is therefore not “edge instead of cloud” but critical-path separation: immediate hazard knowledge is propagated locally over the edge–mesh plane, whereas durable evidence and co-design artifacts are consolidated asynchronously in the cloud.

3.2. Hybrid Epistemic Offloading as an Edge–Mesh–Cloud Continuum

We instantiate Hybrid Epistemic Offloading (HEO) as a three-layer continuum:

1.

Edge Node (Vehicle/Bronze). On-bike embedded compute connected to ECU/IMU telemetry over CAN. It performs deterministic ingest, online hazard extraction, feature generation, maneuver segmentation, and loss-tolerant persistence in ASAM MDF 4.x.

2.

Mesh Layer (Network/Silver). A dynamic V2V graph that disseminates compact hazard digests through bounded-validity gossip with TTL, expiry, and redundancy suppression.

3.

Cloud Layer (Gold). A durable path for summary aggregation, audit/replay, attribution, and slower stability-constrained co-design logic. This layer is explicitly non-critical for immediate hazard dissemination.

This continuum should be interpreted as a policy-separated architecture, not merely as a deployment convenience. Functions are assigned to layers according to their timing requirements and failure tolerance. The edge preserves raw evidence and emits digests immediately; the mesh prioritizes local awareness under loss and contention; and the cloud supports delayed reasoning over auditable telemetry.

To improve reproducibility, the implementation and evaluation are reported per plane rather than as a monolithic “system latency” claim: the durable MQTT path is measured separately from the mesh safety plane, and the H3 co-design evidence is derived from replayable MDF4-backed artifacts rather than from opaque internal states.

Figure 3 illustrates the physical and logical stratification of the Hybrid Epistemic Offloading (HEO) continuum. The architecture is explicitly tiered into three operational layers—bronze, silver, and gold—each tailored to specific computational and temporal constraints. The edge node (bronze) acts as the foundational data orchestrator, feeding safety-critical hazard micro-maps into the V2V mesh layer (silver) via randomized gossip while opportunistically offloading aggregated summaries to the cloud layer (gold). This strict epistemic partitioning ensures that immediate hazard propagation remains entirely decoupled from intermittent cloud availability.

3.3. Edge Node: ECU Interface, Clocking, Atomization, and Persistence

Each motorcycle $v_i$ hosts an on-bike edge node connected to the racing ECU/IMU stack through CAN 2.0B/CAN-FD. The edge node is the local orchestrator of the architecture: it timestamps incoming signals, preserves raw evidence, extracts hazard candidates, and dispatches outputs either to the mesh safety plane or to the durable cloud pipeline.

The edge software is intentionally control-partitioned so that critical functions remain schedulable under thermal and workload stress:

• Low-jitter ingest. CAN frames are captured through SocketCAN using an RT-oriented ingest path (e.g., priority scheduling, core pinning, and locked memory) to reduce jitter and buffer overruns under bursty load.
• Shared time base. All channels are timestamped against a common monotonic clock disciplined by GNSS PPS when available; if GNSS is degraded, the node falls back to a monitored monotonic source, optionally improved by trackside synchronization when present.
• DBC decoding and unit normalization. Raw payloads are translated into physical units using the session DBC so that downstream features remain semantically stable across sessions.
• Loss-tolerant persistence. High-rate telemetry is stored in ASAM MDF 4.x, which serves as the authoritative raw-evidence layer for deterministic replay, post-session attribution, and measurement traceability across coverage gaps.
• Hazard extraction and digest emission. Safety-relevant anomalies (e.g., slip excursions or $\mu$-proxy drops) are summarized into compact digests and emitted immediately to the local V2V safety plane.
• Maneuver-level processing. Skill Atom segmentation and aligned feature extraction are executed on the same synchronized telemetry stream, but these outputs are not required for immediate hazard forwarding.

3.3.1. Implementation Disclosure

To address reproducibility concerns, the revised manuscript separates the architectural role of the edge node from the deployment-specific hardware note. Exact hardware/software configuration, broker placement, and measurement hooks are reported later in the experimental setup rather than being left implicit. This keeps the architecture section technology-grounded without conflating design with one particular prototype instantiation.

3.3.2. Thermal and Real-Time Safety Envelope

Critical ingest, digest construction, and MDF logging execute inside a reserved CPU envelope, whereas compute-heavy or optional functions (e.g., best-effort feature recomputation, retrieval, or richer post-processing) degrade first under thermal stress. This ensures that hazard dissemination and evidence capture remain operational even when non-critical workloads must be throttled.

Under high-temperature states, non-critical components are throttled or disabled first, while hazard dissemination and MDF logging remain operational by design. Figure 4 summarizes this control partition and resource-isolation strategy.

3.4. Mesh Layer (Silver): TTL-Bounded Gossip for Ephemeral Hazard Dissemination

The mesh layer implements the ephemeral safety plane: a locality-first dissemination substrate that propagates short-lived hazard knowledge between nearby motorcycles even when infrastructure is unavailable. Its design goal is bounded time-to-coverage in the relevant approaching neighborhood, not perfect global reliability.

3.4.1. V2X Compatibility and Evaluation Boundary

The mesh plane is compatible with infrastructure-independent V2X bearers, including ITS-G5 and C-V2X/NR-V2X sidelink. In the evaluation, we instantiate the safety plane over a packet-level C-V2X Mode 4/PC5 stack using the standard-aligned methodology described in Section 4.11. Importantly, the radio bearer is not the claimed novelty of the paper; the contribution lies in the application-layer hazard model, bounded-validity dissemination logic, and auditable separation from the durable cloud path.

3.4.2. Hazard Digest Semantics

A hazard is represented as a compact digest

$$\langle \mathtt{id},\mathtt{type},\mathtt{pos},\mathtt{t}\_\mathtt{obs},\mathtt{expiry},\mathtt{severity},\mathtt{confidence},\mathtt{corridor}\rangle ,$$

where expiry enforces time validity and corridor encodes the uncertainty-aware spatial footprint used by downstream receivers. TTL provides an additional hop-bounded guardrail against uncontrolled spread. Together, expiry and TTL make dissemination bounded by design: stale hazards self-suppress instead of lingering in the network.

3.4.3. Randomized Gossip with Suppression

When a hazard is detected, the edge node injects the digest into a high-priority dissemination queue. Nodes exchange compact summaries, request missing digests through push–pull anti-entropy, and forward only a bounded subset of messages per round. Fanout is adapted to local density, near-expiry digests are deprioritized, and redundant updates for the same region are suppressed. The objective is therefore not eventual consistency but fresh local awareness before the tactical window closes.

3.4.4. Scalability Discussion

Scalability in HEO is intentionally local rather than network-wide. The target deployment is a bounded racing pack with limited node counts and structured topology, not an unconstrained urban VANET. As node density or hazard-event rate increases, dissemination cost grows non-linearly because contention rises and the protocol deliberately reduces effective spread through redundancy suppression and bounded fanout. In other words, increasing density does not imply unbounded flooding; the system approaches a contention-limited regime in which control mechanisms trade dissemination breadth for freshness preservation. This is discussed quantitatively in the Results Section using $T_{50}$, $T_{95}$, PRR/PDR, and freshness-oriented metrics.

3.4.5. Metrics and Correctness Criterion

The mesh plane is evaluated with time-to-coverage metrics (e.g., $T_{50},T_{95}$), PRR/PDR, packet inter-reception behavior, and actionability corridors derived from uncertainty and travel distance. Where appropriate, freshness-oriented quantities such as Age of Information are reported. This makes the correctness criterion explicit: the alert is useful only if it remains actionable in the receiver’s spatiotemporal horizon.

Figure 5 conceptualizes the dynamic V2V mesh layer $G\left(t\right)$ operating under extreme mobility. At race speeds ($v\approx 83\mathrm{m}/\mathrm{s}$), the architecture must overcome significant Doppler shifts ($f_D\approx 1.6\mathrm{kHz}$) while remaining bearer-agnostic (e.g., IEEE 802.11p or C-V2X PC5). The diagram illustrates how a detecting node defines its approaching neighborhood ${\mathcal{N}}_i\left(t\right)$ based on relative kinematics and link quality. Instead of attempting global determinism, the system’s routing objective is strictly localized: achieving a bounded time-to-awareness ($T_{95}$) for the follower set to enable physical avoidance maneuvers.

3.5. Gateway and Cloud Layer (Gold): Durable Offload, Auditability, and Long-Horizon Learning

The cloud layer implements the durable knowledge plane: long-horizon aggregation, replay/audit, and model updates that are explicitly non-critical for reflexive safety. Durable transport uses an edge → gateway → cloud pipeline that is tolerant to intermittent connectivity, while the on-bike MDF store remains the source of truth for raw evidence.

3.5.1. Durable Telemetry Pipeline and Buffering

On-bike MDF logs provide loss-tolerant persistence across coverage gaps. When connectivity is available, the edge node or trackside gateway produces compact summaries (e.g., atom-level statistics, anomaly counters, and selected windows) and streams them via MQTT to cloud storage and analytics services. Under backhaul loss, the gateway buffers summaries for later delivery, while raw MDF remains locally available for audit/replay.

3.5.2. Lakehouse-Style Curation (Bronze/Silver/Gold)

We adopt a curated telemetry view inspired by lakehouse principles: raw MDF logs at the edge (bronze) preserve fidelity and provenance; mesh-level hazard digests and neighborhood context (silver) capture ephemeral safety knowledge; and cloud aggregation (gold) consolidates durable summaries for analytics, explainable attribution, and co-design search. This structure supports traceability without forcing reflexive decisions through high-variance cloud paths [5].

3.5.3. Security and Operational Traceability

Durable streams and stored artifacts are designed for auditability: each summary is linked to its MDF time window and to the originating hazard digest IDs when relevant, enabling post-incident reconstruction and accountability. This layered traceability complements operator trust requirements in safety-critical CPS deployments.

3.5.4. Separation of Concerns

By design, the safety-critical control loop is closed at the edge/mesh layers, whereas the cloud layer performs strategic learning and post hoc reasoning. This partitioning prevents reflexive safety from inheriting LTE/5G latency tails and aligns evaluation with the architecture’s stated critical path (Figure 6).

3.6. Spatial–Temporal Uncertainty Budget for Track Hazards

A track hazard is not a point estimate but a spatiotemporal uncertainty region whose tactical usefulness depends on speed, sampling, delay, and localization accuracy. Let ${\sigma }_{p,i}$ denote the (1$\sigma$) position uncertainty of the reporting bike $v_i$ (GNSS-only or fused GNSS/INS), and let ${\sigma }_{p,j}$ denote the (1$\sigma$) position uncertainty of the receiving bike $v_j$. Let the end-to-end delay from detection at $v_i$ to application-level reception at $v_j$ be

$$\Delta t=t_{\mathrm{samp}}+t_{\mathrm{proc}}+t_{\mathrm{sched}}+t_{\mathrm{net}},$$

where $t_{\mathrm{samp}}$ captures sampling/quantization latency (often $\approx T_s/2$ for periodic sensing), $t_{\mathrm{proc}}$ is detection + digest construction time, $t_{\mathrm{sched}}$ is scheduling/queuing latency, and $t_{\mathrm{net}}$ is the network dissemination delay (for the mesh/sidelink safety plane, not the MQTT durable path). In high-mobility settings, bounding $\Delta t$ by a tail statistic (e.g., $p_{95}$) is often more meaningful than the mean.

3.6.1. Along-Track vs. Cross-Track Uncertainty

Using a conservative additive bound, the receiving bike’s uncertainty corridor in track coordinates can be approximated as

$${\sigma }_{\Vert }\approx {\sigma }_{p,i}+{\sigma }_{p,j}+v_j·\Delta t,{\sigma }_{\perp }\approx {\sigma }_{p,i}+{\sigma }_{p,j},$$

where $v_j$ is the receiver’s speed. This makes the key implication explicit: even modest delays expand the along-track hazard corridor by meters at race pace. In practice, alerts are rendered using a confidence envelope (e.g., $k\sigma$, $k\in [1.5,2]$ for $\approx 86–95\%$ coverage under Gaussian assumptions),

$$W_{\Vert }=2k{\sigma }_{\Vert },W_{\perp }=2k{\sigma }_{\perp }.$$

3.6.2. Digest Footprint and Tactical Usefulness

Accordingly, hazard digests encode a quantized footprint (e.g., $\mathtt{corridor}=$$\langle s_0,W_{\Vert },W_{\perp },\mathtt{expiry}\rangle$) rather than a single coordinate. Receivers project the footprint onto known track geometry (sector + curvilinear offset s) and visualize the alert as a dynamic risk corridor whose usefulness depends on freshness. This framing is consistent with principled navigation/estimation treatments of GNSS/INS uncertainty [47] and with freshness-oriented evaluation for time-critical status information (e.g., AoI) [27,28].

Figure 7 visualizes the decomposition: cross-track error remains largely bounded by localization, whereas along-track uncertainty grows linearly with $v_j\Delta t$, motivating footprint-based dissemination for hazards.

3.7. Randomized Gossip for Hazard Micro-Maps

Each node $v_i$ maintains a local hazard micro-map ${\mathcal{M}}_i$ keyed by $(\mathtt{SECTOR},\mathtt{OFFSET},\mathtt{TYPE})$, where OFFSET is a curvilinear track coordinate (e.g., meters along the centerline) and TYPE encodes the hazard class (oil/debris/$\mu$-drop/instability). A received hazard message is represented as a compact digest

$$d=\langle \mathtt{id},\mathtt{type},\mathtt{sector},\mathtt{offset},\mathtt{corridor},t_{\mathrm{obs}},t_{\mathrm{rx}},\mathtt{expiry},\mathtt{ttl},\mathtt{mode}\rangle ,$$

where corridor encodes the footprint/risk corridor (Section 3.6), expiry enforces time validity, and ttl bounds dissemination hops to avoid flooding.

3.7.1. Acceptance Logic (Four-Stage Gate)

Incoming digests from peer $v_j$ are accepted and merged into ${\mathcal{M}}_i$ only if they pass all gates below:

1.

Freshness/timestamp dominance. The digest is newer than the currently stored entry for the same key (dominance on $t_{\mathrm{obs}}$, with tie-breaking on id), and its effective staleness is below an acceptance threshold (e.g., $t_{\mathrm{rx}}-t_{\mathrm{obs}}$ within the tactical window).

2.

Validity (time-expiry + TTL). The digest has not expired ($t_{\mathrm{rx}}<\mathtt{expiry}$) and retains dissemination budget ($\mathtt{ttl}>0$). Expired hazards are discarded by design; near-expiry hazards are deprioritized to preserve channel capacity.

3.

Security mode validity. The digest satisfies the local security policy (Section 3.10): allowed mode, integrity/authentication checks, and local trust constraints.

4.

Physical plausibility. The update is physically plausible and non-adversarial: it satisfies rate limits per sector, adheres to adjacency/continuity constraints (e.g., does not “teleport” across non-adjacent segments), and remains consistent with on-bike evidence when available (e.g., slip/$\mu$-proxy bounds).

Accepted digests update ${\mathcal{M}}_i$ and may trigger a local alert rendering as a risk corridor (Section 3.6). Rejected digests naturally self-suppress, preventing stale or malformed updates from consuming bandwidth.

3.7.2. Randomized Gossip Dissemination with Push–Pull Anti-Entropy

Dissemination proceeds via randomized peer selection with fanout k, gossip period $\Delta$, and TTL budget $\tau$, coupled to push–pull anti-entropy repair [24,25]. At each round, node $v_i$ samples a subset $S_i\left(t\right)\subseteq {\mathcal{N}}_i\left(t\right)$ of size k from its current neighborhood and exchanges: (i) a compact summary of recent digest IDs (for fast set reconciliation) and (ii) a small batch of highest-priority digests (newest, highest severity/confidence, and farthest from expiry). Peers that detect missing relevant digests request them (pull), improving robustness under loss without requiring global coordination.

3.7.3. Bounded-Time Local Convergence Objective

The correctness target is bounded-time local convergence (e.g., $T_{95}$ for a defined neighborhood) rather than perfect reliability. Nodes close to the hazard are prioritized implicitly by proximity and contact opportunities, while stale hazards self-suppress through expiry and TTL. Fanout k and period $\Delta$ can be adapted under congestion (e.g., reduce k under high load) to prevent broadcast collapse while preserving the freshness of safety-critical information.

Figure 8 summarizes the acceptance gates and dissemination loop.

3.8. HEO Continuum Topology

Figure 9 depicts the operational HEO continuum. Each motorcycle embeds an edge node that ingests ECU/IMU telemetry over CAN, performs on-device segmentation into Skill Atoms, and extracts compact hazard digests. The architecture enforces a strict separation of concerns: (i) ephemeral safety knowledge is disseminated laterally via the V2V safety plane (critical path), while (ii) durable knowledge (atom summaries, audit pointers, and model updates) is offloaded opportunistically via an edge → gateway → cloud path when coverage is available. This partition prevents the reflexive loop from inheriting LTE/5G latency tails and aligns evaluation with the stated critical path.

3.9. V2V Hazard Digest: Compact Message Definition (Uncertainty-Aware)

Safety dissemination under broadcast stress benefits from extremely compact messages with explicit validity semantics. We therefore define a minimal hazard digest designed for frequent updates and congested V2V channels. The base digest carries only the information required for (i) tactical localization on a known track geometry and (ii) uncertainty-aware rendering as a footprint/risk corridor (Section 3.6). Authentication is policy-gated and appended only when the local security mode requires it (Section 3.10).

3.9.1. Semantic Model (What the Bits Mean)

A hazard is anchored to track coordinates using a coarse SECTOR_ID and a quantized within-sector offset OFFSET_Q. The footprint field FOOTPRINT_Q encodes the corridor extent used by receivers to render the hazard as a risk region rather than a point. Temporal validity is enforced through (i) a TIMESTAMP and an acceptance window ($\mathtt{expiry}=t_{\mathrm{obs}}+\Delta T_{\mathrm{valid}}$) derived by policy, and (ii) a hop-bounded TTL that limits dissemination breadth to prevent flooding. Fast integrity is provided by CRC8; stronger authentication (MAC/signature) is appended conditionally.

Figure 10 shows the 32-bit-aligned layout of the base payload (84 bits, ≈10.5 bytes), and

Table 2. Bit-level definition of the base V2V hazard digest (84 bits ≈ 10.5 bytes). Optimized for sub-25 ms dissemination and uncertainty-aware rendering.

Field	Bits	Offset	Encoding	Functional Context
MSG_ID	8	0	uint8	Message class and protocol version.
SECTOR_ID	8	8	uint8	Spatial track segment index [0, 255].
OFFSET_Q	8	16	uint8	Quantized along-track position.
HAZ_TYPE	4	24	uint4	Hazard class (oil, debris, $\mu$-drop, etc.).
SEV	4	28	uint4	Severity level (risk weight for J).
FOOTPRINT_Q	8	32	uint8	Quantized spatial extent (${\sigma }_{\Vert }$).
TIMESTAMP	32	40	uint32	Obs. time (ms since session start).
TTL	4	72	uint4	Hop budget for gossip suppression.
CRC8	8	76	CRC-8	Fast hardware-friendly integrity check.
Total (Base)	84	— Authentication appended per policy (Section 3.10)

provides a field-level definition.

3.9.2. Track Discretization Note

Using SECTOR_ID as uint8 provides 256 addressable track segments, which safely exceeds standard Grand Prix and closed-circuit micro-sector requirements. The field is therefore intentionally conservative for the intended motorsport domain while remaining compact enough for frequent dissemination under broadcast stress.

3.10. Security and Trust Model for Mesh Alerts

HEO adopts a timeliness-first security strategy for hazard dissemination under broadcast stress and intermittent connectivity. The goal is to reject corruption, replay, and implausible updates with minimal delay on the local warning path while reserving heavier cryptographic protection for cases where it materially improves tactical usefulness.

3.10.1. Scope of the Security Claim

The security model in this paper is an architectural design contribution, not a full adversarial performance evaluation. We specify the threat classes, packet-level checks, and policy-gated authentication modes needed to support local-first hazard dissemination, but we do not claim that spoofing, DoS, or Sybil resilience has been exhaustively validated experimentally in this manuscript. Those scenarios are left as explicit future work.

3.10.2. Threat Model

We consider: (T1) accidental corruption and truncation; (T2) stale or replayed digests; (T3) spoofed hazard injection; (T4) burst or channel-exhaustion attempts under dense broadcast; and (T5) limited Sybil-like behavior within a session. Interactive handshakes and online PKI are intentionally excluded from the critical path.

3.10.3. Layered Checks

Each incoming digest passes through four lightweight stages:

1.

Fast integrity (CRC-level corruption detection);

2.

Freshness/anti-replay (acceptance window and duplicate suppression);

3.

Physical plausibility (sector adjacency, rate limits, and simple dynamics bounds);

4.

Policy-gated authentication for high-severity or authority-originated hazards.

3.10.4. Operational Modes

Mode M0 is a timeliness-oriented baseline without cryptographic authentication; it relies on freshness, plausibility, and optional multi-source corroboration before high-salience escalation. Mode M1 appends a compact MAC for higher-severity digests, and Mode M2 is reserved for authority-issued alerts where stronger authenticity and anti-replay guarantees justify higher overhead.

3.10.5. Practical Interpretation

This graded design reflects the central trade-off of the safety plane: under severe contention, the system prioritizes freshness-preserving one-pass checks over heavyweight cryptographic ceremony. The manuscript therefore treats security as policy-gated and latency-aware  while being explicit that dedicated adversarial benchmarking remains outside the current evaluation scope.

3.10.6. Modes and Keying Assumptions

Table 3. Policy-gated security modes for the hazard digest (base payload 84 bits). The system dynamically escalates protection based on hazard severity and channel congestion.

Mode	Overhead	Usage Trigger	Operational Integrity & Notes
M0: Open	+0 B	Low/medium severity; dense mesh; thermal throttling.	Heuristic trust: CRC + freshness window + physical plausibility; optional m-source confirmation.
M1: Auth	+8 B	High severity; high-risk zones; spoofing detection required.	Cryptographic HMAC: 64-bit truncated tag over base + sender context; verified before UI escalation.
M2: Full	+28 B	Track authority/marshal alerts (source of truth).	AEAD (ChaCha20-Poly1305): Explicit 12B nonce + 16B tag; maximum replay/integrity protection.

defines three operational security modes. M0 is a timeliness-only baseline with no cryptographic authentication; it relies on freshness + plausibility + (optionally) multi-source confirmation for escalation. M1 appends a compact MAC for high-severity digests where authenticity materially improves decision quality. M2 targets authority-issued alerts (e.g., track marshal/infrastructure gateway) using AEAD to provide integrity and anti-replay with an explicit nonce. Key material is assumed to be provisioned pre-session (e.g., per-team/per-session group keys) and rotated on a coarse time basis; no interactive key exchange is required during riding.

3.10.7. Practical Trust Gating

To preserve timeliness, nodes may propagate M0 digests that pass L1–L3 but escalate to a high-salience UI alert only when either (i) the digest is authenticated (M1/M2) or (ii) it is corroborated by at least m distinct sources within a short window. This “confirm-or-auth” rule reduces false positives and limits the impact of a single spoofing source without requiring heavy crypto on every packet.

Figure 11 summarizes the decision flow.

3.11. Cloud Layer: Durable Knowledge, Auditability, and Stability-Constrained Co-Design

The cloud layer is explicitly outside the immediate hazard-warning path. Its role is to preserve and curate durable knowledge: replayable evidence, maneuver-level summaries, attribution links, and delayed co-design recommendations. This separation ensures that immediate warnings do not inherit LTE/5G intermittency or cloud tail latency.

3.11.1. Durable Ingestion and Traceability

Raw telemetry remains anchored in local ASAM MDF 4.x files. When connectivity is available, the system uploads compact summaries, event references, and audit pointers through the edge → gateway → cloud pipeline. Every durable artifact is therefore linked back to replayable evidence, enabling post-session reconstruction and explanation without requiring cloud participation in the local safety loop.

3.11.2. H3 Interpretation and Scope

The co-design component should be interpreted as a pilot evidence-backed post-session analysis layer, not as a live autonomous controller for in-race actuation. In the revised manuscript, H3 is explicitly evaluated on aggregated maneuver/session evidence derived from synchronized MDF-backed data, with statistics computed on appropriate aggregation units rather than on raw autocorrelated samples. This keeps the architectural role of the cloud layer aligned with the actual evidence presented.

3.11.3. Generalization Boundary

The present design is tailored to bounded racing environments with fixed track geometry, limited node counts, and high-quality prior track maps. Generalization to broader vehicular scenarios would require different density assumptions, different map/update semantics, and potentially stronger security and congestion-control policies. We therefore present HEO as a telecom architecture for high-mobility closed-circuit hazard dissemination, with broader VANET generalization left for future work.

3.11.4. Stability-Constrained Recommendation Logic

To avoid algorithmic “hunting”, cloud-assisted recommendations are gated by smoothing, hysteresis, and hold-time constraints. Actions are issued only when improvement signals persist long enough to justify a bounded update. The intent is conservative and operator-facing: the system proposes small, explainable, and reversible setup changes rather than aggressive automatic actuation. To address the core critique of coupled human–machine instability, the mechanic-in-the-loop setup co-design process is safety-gated using hysteresis and hold-time constraints (Figure 12). Rather than reacting to single-lap volatility fluctuations, the system maintains a filtered instability state ${\overline{\sigma }}_t$ via an exponentially weighted moving average (EWMA) and triggers an intervention only when improvement signals are persistent and rate-limited:

$${\overline{\sigma }}_t=(1-\alpha ){\overline{\sigma }}_{t-1}+\alpha {\sigma }_t,\mathrm{act}\mathrm{if}\left({\overline{\sigma }}_t-{\overline{\sigma }}_{t-H}>\delta \right)\wedge \left(t-t_{\mathrm{last}}\ge H\right),$$

(1)

where H is a hold window, $\delta >0$ is a hysteresis threshold, and $\alpha \in (0,1]$ is a smoothing factor. When the gate opens, the optimizer proposes a bounded update $\Delta z$ under a trust-region constraint, limiting both magnitude and rate of change to prevent oscillatory behavior and preserve operator trust. In practice, this acts as a “do no harm” envelope: recommendations are conservative, explainable, and revertible, and the system can be configured to require multi-session confirmation before large changes.

4. Methodology

This section specifies the end-to-end method implemented on top of the continuum architecture (Section 3). We formalize: (i) maneuver-level representation through Skill Atoms; (ii) audit-ready synchronization, preprocessing, and aligned feature extraction under high-rate sensing; (iii) competence tracking through a paired-comparison formulation with a virtual opponent defined from contextual references; (iv) an explicit mathematical definition of control volatility $\sigma$ derived from raw telemetry; (v) volatility-gated safety scaffolding with anti-oscillation guards; and (vi) bi-level setup co-design with trust-region updates. Finally, we define a statistically defensible evaluation protocol for H1–H3 in which the analysis units are events, atoms, paired windows, sector aggregates, or laps rather than raw oversampled telemetry, thereby avoiding invalid i.i.d. assumptions.

Methodologically, H1 and H2 correspond to communication-plane evidence, whereas H3 is treated as pilot case-study evidence from successive real sessions with mechanical setup changes. Accordingly, H3 claims are restricted to the observed study conditions and are not presented as broad generalization across riders, tracks, or environmental conditions.

Figure 13 summarizes the five operational stages from raw telemetry to bounded setup updates.

4.1. Data Integrity, Time Synchronization, and Preprocessing

High-speed motorsport telemetry is multi-rate and affected by packet loss, clock drift, and vibration-induced artifacts. To preserve auditability and enable statistically valid downstream analysis, the pipeline enforces a synchronized time base, conservative filtering, and explicit uncertainty tagging.

4.1.1. Time Base and Synchronization

All edge signals are mapped onto a common monotonic timeline using a hardware-referenced clock when available (GNSS PPS or IEEE 1588/PTP in trackside infrastructure) [48,49]. Let t denote synchronized time and $t_j$ the native timestamp of stream j. We estimate a session-wise piecewise-affine correction

$$\widehat{t}=a_j{t}_j+b_j,$$

(2)

where $(a_j,b_j)$ are fitted by minimizing beacon-aligned residuals (PPS edges or PTP sync points). This prevents millisecond-level drift from becoming meter-level spatial misalignment at $v\approx 83\mathrm{m}/\mathrm{s}$.

4.1.2. Filtering and Artifact Rejection

Signals are filtered using physically conservative operators: (i) median filters for impulsive spikes, (ii) low-pass filters for vibration beyond sensor bandwidth, and (iii) plausibility gates based on bounded rate of change. Missing values are forward-filled only within bounded gaps. When the gap exceeds a policy-defined threshold, the affected atom is tagged as uncertain and excluded from inferential tests while remaining available for audit/replay.

4.2. Skill Atom Formalization

High-rate telemetry streams are semantically dense and strongly autocorrelated. To obtain interpretable and statistically usable units, the method converts telemetry into discrete maneuver objects called Skill Atoms. A Skill Atom $A_k$ is defined as

$$A_k=\langle T_k,{\mathrm{type}}_k,c_k,{\mathbf{x}}_k\left(t\right),{\mathbf{u}}_k\left(t\right),{\mathbf{y}}_k\left(t\right),{\mathbf{f}}_k,{\varphi }_k,{\mathcal{U}}_k\rangle ,$$

(3)

where $T_k=[t_s,t_e]$ is the synchronized time interval, ${\mathrm{type}}_k$ is the maneuver primitive (e.g., apex stability or corner exit), $c_k$ is the operating context (track/sector/session state), ${\mathbf{x}}_k$ is a state signature, ${\mathbf{u}}_k$ a control signature, ${\mathbf{y}}_k$ a feedback/risk signature, ${\mathbf{f}}_k$ an aligned fixed-length feature vector, ${\varphi }_k\in [0,1]$ the bounded atom outcome score, and ${\mathcal{U}}_k$ an uncertainty descriptor induced by missingness, synchronization quality, and sensor confidence.

4.3. Edge Segmentation via Triggered FSM (With Hysteresis Guards)

Segmentation runs on the edge as a low-latency finite-state machine driven by physically interpretable triggers, with hysteresis and minimum-duration guards to suppress noise-induced transitions. In this study we report two atom types: apex stability (AS) and corner exit (CE). The state rule is

$$\mathrm{Atom}\left(t\right)=\left\{\begin{array}{cc}\mathrm{AS},\hfill & |{\varphi }_{\mathrm{lean}}\left(t\right)|\ge \alpha {\varphi }_{max}\wedge \left|{\displaystyle \frac{d}{dt}}{\varphi }_{\mathrm{lean}}\left(t\right)\right|\le {ϵ}_{\varphi }\wedge \Delta t\ge d_{\min },\hfill \\ \mathrm{CE},\hfill & \mathrm{TPS}\left(t\right)\ge {\delta }_{\mathrm{TPS}}\wedge {\displaystyle \frac{d}{dt}}\left|{\varphi }_{\mathrm{lean}}\left(t\right)\right|<0\wedge \Delta t\ge d_{\min }.\hfill \end{array}\right.$$

(4)

Here $\alpha \in (0,1)$ defines the apex proximity band, ${ϵ}_{\varphi }$ enforces lean-rate stability, and $d_{\min }$ is the minimum atom duration. This transforms thousands of raw samples into a small number of auditable maneuver units per lap.

4.4. Feature Engineering, Normalization, and Temporal Alignment (DTW)

Because maneuver windows differ in duration due to speed, line choice, and traffic, direct sample-wise comparison is invalid. We therefore use a two-stage alignment process.

• Stage 1: Phase normalization.

Each atom window $T_k$ is resampled onto a normalized phase grid $\tau \in [0,1]$ with m points:

$${\tilde{\mathbf{s}}}_k\left({\tau }_{\ell }\right)={\mathbf{s}}_k(t_s+{\tau }_{\ell }(t_e-t_s)),\ell =1,\dots ,m.$$

(5)

• Stage 2: DTW refinement.

When contextual templates are available, alignment is refined using dynamic time warping (DTW). Let $\tilde{\mathbf{q}}$ denote a reference sequence and ${\tilde{\mathbf{p}}}_k$ the current atom sequence. DTW yields

$${\pi }_k^{★}=\arg \underset{\pi }{\min }\sum _{(i,j)\in \pi }d\left({\tilde{\mathbf{q}}}_i,{\tilde{\mathbf{p}}}_{k,j}\right),$$

(6)

subject to monotonicity and continuity constraints. Aligned features ${\mathbf{f}}_k$ include robust statistics (median and MAD), timing descriptors (peak phase and rise time), and safety indicators (slip excursions and TC activations).

• Robust normalization

Signals are normalized session-wise using robust scaling:

$${\mathbf{s}}^{\prime }={\displaystyle \frac{\mathbf{s}-\mathrm{median}\left(\mathbf{s}\right)}{\mathrm{MAD}\left(\mathbf{s}\right)+\epsilon }}.$$

(7)

4.5. Atom Outcome Scoring and Explicit Cost Definition

Each atom is assigned a bounded score ${\varphi }_k\in [0,1]$ from an explicit cost $J_k$ balancing time, risk, and uncertainty:

$$J_k=w_t\Delta t_k+w_r{\mathcal{P}}_k+w_u{\mathcal{U}}_k,$$

(8)

where $\Delta t_k$ is a contextual maneuver time-loss proxy, ${\mathcal{P}}_k$ is a stability/risk penalty (e.g., slip excursions, TC saturation, and envelope violations), and ${\mathcal{U}}_k$ penalizes uncertain outcomes caused by missingness or low data quality. The bounded outcome score is

$${\varphi }_k={\sigma }_{\log }\left({\eta }_0-{\eta }_J{J}_k\right),$$

(9)

where ${\sigma }_{\log }(·)$ denotes the logistic squashing function. The weights implement a stability-first policy and may be reweighted upward on the risk term when volatility is elevated.

4.6. Competence Modeling with Paired-Comparison Triplets (Virtual Opponent)

Rating systems are naturally defined for two-player comparisons. We adapt a Glickman-style paired-comparison formulation to single-rider trials through a virtual opponent defined per atom type and context c. For each pair $(\mathrm{type},c)$, we maintain a competence triplet $(r,\mathrm{RD},\sigma )$, where r is contextual competence, $\mathrm{RD}$ its uncertainty, and $\sigma$ the volatility term.

4.6.1. Reference Benchmark Definition

The virtual benchmark $(r^{\mathrm{ref}},{\mathrm{RD}}^{\mathrm{ref}})$ is established from a rolling contextual reference set ${\mathcal{B}}_c$ formed by the rider’s own best stable historical atoms under matched circuit/sector/condition constraints. If the matched reference pool is too small ($|{\mathcal{B}}_c|<n_{\min }$), the system falls back to a session-level median baseline with inflated ${\mathrm{RD}}^{\mathrm{ref}}$ to reflect lower confidence. This avoids unrealistically sharp benchmarks in sparse-data contexts.

4.6.2. Continuous Match Score

Define the signed contextual margin

$$m_k=-\left(\Delta t_k+\beta {\mathcal{P}}_k\right),$$

(10)

and map it to a continuous match score $s_k\in [0,1]$:

$$s_k={\sigma }_{\log }\left({\displaystyle \frac{m_k}{s_0}}\right).$$

(11)

This avoids brittle binary win/loss labels and yields smoother competence updates.

4.6.3. Explicit Mathematical Definition of Volatility

To make volatility operational rather than purely qualitative, we define a raw-data control-volatility proxy ${\nu }_k$ for each atom as

$${\nu }_k=\sum _{q\in \mathcal{Q}}{\omega }_q{\displaystyle \frac{\mathrm{MAD}\left(\Delta {\tilde{s}}_k^{\left(q\right)}\right)}{{\mathrm{MAD}}_q^{\mathrm{ref}}+\epsilon }},\sum _{q\in \mathcal{Q}}{\omega }_q=1,$$

(12)

where $\mathcal{Q}$ is the set of aligned channels used to characterize control irregularity (e.g., throttle, brake, lean rate, yaw rate, slip proxy, and TC activity), $\Delta {\tilde{s}}_k^{\left(q\right)}$ denotes first differences on the aligned phase grid, and ${\mathrm{MAD}}_q^{\mathrm{ref}}$ is the contextual reference dispersion for channel q. Intuitively, ${\nu }_k$ measures how erratic the control/response trajectory is relative to a stable contextual baseline.

The triplet volatility component is then updated as a bounded filtered state:

$${\sigma }_k=\mathrm{clip}\left((1-\rho ){\sigma }_{k-1}+\rho {\nu }_k,{\sigma }_{\min },{\sigma }_{max}\right),$$

(13)

where $\rho \in (0,1]$ is the update factor and $\mathrm{clip}(·)$ enforces an admissible range. In this manuscript, $\sigma$ therefore denotes the filtered contextual control-volatility state derived from aligned raw telemetry.

4.7. Safety Scaffolding as Volatility-Gated Supervision (Anti-Oscillation)

Introducing guidance into the rider–machine loop can create coupled oscillations if assistance reacts too aggressively to transient fluctuations. We therefore use volatility-aware supervision with hysteresis and hold-time constraints. Let

$${\mathcal{R}}_k=w_{\sigma }{\sigma }_k+w_s{\mathcal{P}}_k$$

(14)

be the supervisory risk index. Activation thresholds are defined as

$${\mathsf{\Theta }}_{\mathrm{on}}={\mathsf{\Theta }}_0+\kappa {\sigma }_k,{\mathsf{\Theta }}_{\mathrm{off}}={\mathsf{\Theta }}_{\mathrm{on}}-h,$$

(15)

where $h>0$ is the hysteresis gap. If ${\mathcal{R}}_k>{\mathsf{\Theta }}_{\mathrm{on}}$, the system enters stability-first mode and exits only when ${\mathcal{R}}_k<{\mathsf{\Theta }}_{\mathrm{off}}$. Interventions are rate-limited and held for at least H atoms to prevent rapid toggling.

4.8. Bi-Level Setup Co-Design Optimization (Trust Region + Stability Weighting)

Setup adaptation is formulated as a bi-level optimization problem. The outer loop selects setup variables z (e.g., electronics maps and damping settings), while the inner loop estimates achievable performance under the rider’s current competence and safety state:

$$\underset{z}{\min }\mathbb{E}\left[\Delta t\left(z\right)\right]+\lambda \left({\sigma }_k\right)\mathbb{E}\left[\mathcal{P}\left(z\right)\right]\mathrm{s}.\mathrm{t}.\mathrm{Envelope}\left(z\right)\mathrm{feasible}.$$

(16)

Here $\lambda \left({\sigma }_k\right)$ increases with volatility, prioritizing stability when control is less repeatable. To prevent setup hunting, we apply: (i) trust-region bounds $\parallel z^{+}-z\parallel \le \Delta z_{max}$, (ii) coarse update cadence limits, and (iii) acceptance gating that commits a change only after consistent improvement across multiple atoms/laps.

In this manuscript, this co-design layer is evaluated as pilot evidence from successive real sessions with mechanical setup changes, analyzed post-session rather than as a live autonomous in-race controller.

4.9. Method-to-Architecture Mapping

The method maps onto the continuum as follows: Edge/Bronze: synchronization, preprocessing, segmentation, aligned feature extraction, score computation, triplet updates, and MDF persistence; Mesh/Silver: dissemination of compact hazard digests through the TTL-bounded randomized gossip procedure; Cloud/Gold: long-horizon aggregation, reporting, and stability-constrained co-design over atom summaries and MDF-backed evidence.

4.10. Evaluation Protocol and Statistical Analysis (H1–H3)

We validate H1–H3 using a protocol aligned with the reported artifacts and with the architecture’s critical-path separation. In all cases, inferential statistics are computed on appropriate aggregation units (events, atoms, paired windows, sector aggregates, and laps), never on raw oversampled telemetry samples.

4.10.1. Implementation Disclosure and Reproducibility

The implementation is documented through the reported edge-node hardware/software configuration, MQTT broker deployment, timestamp instrumentation points, message sizes, and packet-level simulation parameters so that the evaluation does not depend on implicit prototype assumptions.

4.10.2. H1 (Durable Communication Performance)

We evaluate the durable MQTT pipeline (edge → gateway → cloud) by measuring hop-wise and end-to-end latency over discrete events, reporting $p_{50}$, $p_{95}$, maximum, and observed loss. Results are also interpretable as traveled distance at race pace.

4.10.3. H2 (Ephemeral V2V Hazard Dissemination Under Uncertainty)

We evaluate the mesh safety plane using the packet-level stack described in Section 4.11. The primary outputs are time-to-coverage metrics ($T_{50},T_{95}$), PRR/PDR, packet inter-reception behavior, and actionability corridors derived from localization uncertainty and dissemination delay. Freshness-oriented measures such as Age of Information (AoI) are included where appropriate.

4.10.4. H3 (Stability-Constrained Co-Design Effectiveness)

H3 is evaluated on paired baseline-vs.-mechanically adjusted sessions backed by synchronized MDF4 evidence and aggregated at atom/window/lap/sector level. Because within-atom telemetry samples are autocorrelated, statistical tests are performed on aggregated units only. The reported evidence is therefore pilot case-study evidence under the observed study conditions. We report paired non-parametric tests (e.g., Wilcoxon signed-rank where appropriate), bootstrap 95% confidence intervals, and effect sizes.

4.10.5. Supporting Validation: Segmentation Fidelity

Skill Atom segmentation is reported as supporting evidence rather than a primary hypothesis, using precision/recall/F1 and temporal IoU against labeled intervals, computed per atom type on the synchronized timeline.

Table 4. Evaluation artifacts and statistical framework for H1–H3. Metrics are aggregated by functional units (events, atoms, paired windows, sector aggregates, and laps) to preserve validity under non-i.i.d. racing telemetry.

Hypothesis	Data Artifact	Analysis Unit	Primary Outputs
H1: Durable path	MQTT latency join logs	Discrete events	$p_{50},p_{95},max$ per hop and end-to-end; observed loss.
H2: Mesh safety plane	ns-3/SUMO dissemination logs	Hazard events/receptions	$T_{50},T_{95}$, PRR/PDR, PIR, AoI, actionability corridors.
H3: Co-design pilot	MDF4-backed baseline vs. mechanically adjusted sessions	Atoms/paired windows/sector aggregates/laps	$\Delta t$, slip proxy, volatility $\sigma$, paired bootstrap CI, paired non-parametric tests, effect sizes.
Support	Atom segmentation set	Labeled intervals	Precision, recall, F1, temporal IoU (AS and CE).

summarizes the evaluation artifacts, aggregation units, and primary outputs used for H1–H3.

4.11. V2V Mesh Evaluation Stack (ns-3 + SUMO, C-V2X Mode 4/PC5)

To satisfy telecom-reviewer expectations for a standard-aligned V2X evaluation, we assess the mesh safety plane using packet-level simulation with ns-3 coupled to SUMO mobility. The radio bearer is instantiated as C-V2X sidelink Mode 4 (PC5), while the hazard dissemination logic (TTL/expiry, randomized gossip, suppression, and anti-entropy) is implemented at the application layer.

4.11.1. Reference Simulator and Standard Alignment

We build on an ns-3 C-V2X Mode 4 implementation consistent with the evaluation methodology in 3GPP TR 36.885 and TR 37.885. Reported parameters include channel/load assumptions, message periodicity, resource-pool configuration, mobility density, dissemination fanout k, gossip period $\Delta$, time-validity horizon, TTL budget, and random seeds.

4.11.2. Mobility and Racing Scenarios

Closed-circuit mobility traces are generated in SUMO and parameterized for racing operation (high speed, short headways, pack formation, and sparse/medium/dense packs). When recorded lap traces are available, they are replayed as the mobility ground truth; otherwise, a parametric racing-line baseline is used.

4.11.3. Comparative Framing

To contextualize the safety-plane benefit without overstating head-to-head evidence, the manuscript uses two complementary comparison levels. First, the H2 study reports absolute packet-level dissemination metrics for the proposed bounded-validity protocol under controlled sparse/medium/dense pack conditions. Second, Section 7.4 provides an architectural comparison between cloud-mediated alerting and local edge–mesh dissemination, clarifying why the safety-critical path must remain local. Dedicated packet-level head-to-head comparisons against simplified rebroadcast baselines are left for future work.

4.11.4. Reported Metrics

We report: (i) time-to-coverage metrics ($T_{50},T_{95}$) for a defined approaching neighborhood, (ii) PRR/PDR and packet inter-reception distributions, (iii) freshness measures such as AoI where relevant, and (iv) actionability corridors obtained by mapping delay into traveled distance at $v\approx 83\mathrm{m}/\mathrm{s}$. All simulator configurations are fixed and documented to enable reproducible reruns.

5. Algorithmic Implementation

This section specifies the dissemination protocol implemented by the mesh (silver) safety plane introduced in Section 3. The protocol is defined so that: (i) acceptance, merge, and forwarding decisions are deterministic over the fixed-size hazard digest (Table 2); (ii) time validity and hop validity remain explicitly separated through an expiry horizon and a TTL hop budget; and (iii) policy-gated authentication can be appended without changing the semantics of the base digest. The base payload remains 84 bits, while stronger authentication is applied only when required by the local security policy.

The security contribution of this protocol is architectural and latency-aware: the implementation exposes explicit hooks for M0/M1/M2 validation while leaving dedicated spoofing, DoS, and Sybil stress campaigns to future work.

5.1. State, Timing Semantics, and Dissemination Objective

Let $V=\{v_1,\dots ,v_N\}$ be the set of vehicles. At time t, the fleet induces a time-varying connectivity graph

$$G\left(t\right)=(V,E(t\left)\right).$$

Each node $v_i$ maintains the local state

$$S_i\left(t\right)\triangleq \left({\mathcal{M}}_i,{\mathcal{C}}_i,{\mathcal{N}}_i\left(t\right)\right),$$

where

• ${\mathcal{M}}_i\left[key\right]\leftarrow \langle val,ts,mode,srcset\rangle$ is the local hazard micro-map keyed by

  $$key=(\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE}).$$
  It stores the latest accepted value $val$ (including SEV and FOOTPRINT_Q), the observation timestamp $ts$, the verified security mode $mode\in \{\mathrm{M}0,\mathrm{M}1,\mathrm{M}2\}$, and an optional corroboration set $srcset$ used for escalation gating.
• ${\mathcal{C}}_i$ is a bounded duplicate/anti-replay cache. Since MSG_ID denotes message class/version rather than a globally unique packet identifier, duplicate suppression uses a derived key

  $$\mathtt{DKey}\left(\mathtt{pkg}\right)\triangleq (\mathtt{SRC},\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE},\mathtt{TIMESTAMP}),$$

  where SRC denotes the link-layer sender identity, or the authenticated sender identity when M1/M2 is active. This prevents collisions when multiple motorcycles report the same region within the same millisecond.
• ${\mathcal{N}}_i\left(t\right)$ is the dynamically maintained neighbor set derived from periodic beacons and local link context (relative heading, proximity, and optional track-progress relevance).

5.1.1. Track Discretization Note

The use of SECTOR_ID as uint8 provides 256 addressable track segments, which safely covers standard Grand Prix and closed-circuit micro-sector definitions while remaining compact enough for frequent dissemination under broadcast stress.

5.1.2. Time Validity vs. Hop Validity

The protocol separates:

• Time validity, implemented by an expiry horizon ${\tau }_t$, through $\mathrm{N}\mathrm{O}\mathrm{T}\mathrm{E}\mathrm{X}\mathrm{P}\mathrm{I}\mathrm{R}\mathrm{E}\mathrm{D}(\mathtt{pkg},{\tau }_t)$, using TIMESTAMP and a policy-defined validity window;
• Hop validity, implemented by the 4-bit TTL field, decremented at each forward.

Thus, ${\tau }_t$ determines when a hazard becomes irrelevant, whereas TTL determines how far it may propagate.

5.1.3. Dissemination Objective

For any newly generated hazard digest at node $v_r$, the protocol seeks to maximize the probability that the approaching neighborhood receives the digest within a bounded time and without infrastructure dependence. This is achieved through: (i) an immediate first-hop push to a small scored subset $\mathrm{T}\mathrm{O}\mathrm{P}\mathrm{K}\mathrm{N}\mathrm{E}\mathrm{I}\mathrm{G}\mathrm{H}\mathrm{B}\mathrm{O}\mathrm{R}\mathrm{S}({\mathcal{N}}_i,k)$, and (ii) periodic anti-entropy rounds every $\Delta$ using push–pull repair [24,25].

5.2. Packet Format, Mode Detection, and Serialization

Each hazard update is transmitted as a fixed-size base hazard digest:

$${\mathtt{pkg}}_{\mathrm{base}}=\langle \mathtt{MSG}\_\mathtt{ID},\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE},\mathtt{SEV},\mathtt{FOOTPRINT}\_\mathtt{Q},\mathtt{TIMESTAMP},\mathtt{TTL},\mathtt{CRC}\mathtt{8}\rangle .$$

Security is implemented as an append-only extension consistent with Section 3.10. The receiver infers the active security mode from the received frame length or an equivalent link header:

• M0: base digest only (CRC-8).
• M1: base digest + 8-byte truncated MAC tag.
• M2: base digest + AEAD nonce/tag metadata for authority-originated alerts.

This preserves deterministic base semantics and minimizes overhead on the congestible safety channel.

5.3. Acceptance Predicate and Merge Rule

5.3.1. Acceptance Predicate

On reception, node $v_i$ accepts a packet $\mathtt{pkg}$ if and only if all of the following conditions hold:

1.

Integrity: $\mathrm{C}\mathrm{R}\mathrm{C}8\mathrm{O}\mathrm{K}\left({\mathtt{pkg}}_{\mathrm{base}}\right)$.

2.

Freshness/expiry: $\mathrm{N}\mathrm{O}\mathrm{T}\mathrm{E}\mathrm{X}\mathrm{P}\mathrm{I}\mathrm{R}\mathrm{E}\mathrm{D}(\mathtt{pkg},{\tau }_t)$ and $\mathrm{W}\mathrm{I}\mathrm{T}\mathrm{H}\mathrm{I}\mathrm{N}\mathrm{W}\mathrm{I}\mathrm{N}\mathrm{D}\mathrm{O}\mathrm{W}(\mathtt{pkg},W)$, where W is the receiver-side acceptance window used for replay limitation.

3.

Duplicate/anti-replay: $\mathtt{DKey}\left(\mathtt{pkg}\right)\notin {\mathcal{C}}_i$.

4.

Policy gating: $\mathrm{M}\mathrm{O}\mathrm{D}\mathrm{E}\mathrm{V}\mathrm{A}\mathrm{L}\mathrm{I}\mathrm{D}(\mathtt{pkg},\mathtt{SEV})$, which applies the M0/M1/M2 policy and verifies MAC/AEAD only when required.

5.

Physical plausibility: sector adjacency, bounded update rate, and simple continuity constraints.

5.3.2. Merge Rule

Let

$$key=(\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE}).$$

After acceptance, $\mathtt{pkg}$ is merged into ${\mathcal{M}}_i$ only if it is strictly newer than the currently stored entry:

$$\mathtt{pkg}.\mathtt{TIMESTAMP}>{\mathcal{M}}_i\left[key\right].ts.$$

If the timestamp is equal but the sender is distinct, the packet may still update the corroboration set $srcset$ without replacing the stored value. This preserves timestamp dominance while allowing multi-source confirmation for escalation logic.

5.4. Neighbor Selection: $\mathrm{T}\mathrm{O}\mathrm{P}\mathrm{K}\mathrm{N}\mathrm{E}\mathrm{I}\mathrm{G}\mathrm{H}\mathrm{B}\mathrm{O}\mathrm{R}\mathrm{S}({\mathcal{N}}_i,k)$ and Relevance Bias

To limit V2V overhead without reverting to naive flooding, dissemination uses $\mathrm{T}\mathrm{O}\mathrm{P}\mathrm{K}\mathrm{N}\mathrm{E}\mathrm{I}\mathrm{G}\mathrm{H}\mathrm{B}\mathrm{O}\mathrm{R}\mathrm{S}({\mathcal{N}}_i,k)$. Candidate neighbors are scored by

$$q_{ij}\left(t\right)=w_1\mathrm{L}\mathrm{I}\mathrm{N}\mathrm{K}\mathrm{Q}\mathrm{U}\mathrm{A}\mathrm{L}\mathrm{I}\mathrm{T}{\mathrm{Y}}_{ij}\left(t\right)+w_2\mathrm{H}\mathrm{E}\mathrm{A}\mathrm{D}\mathrm{I}\mathrm{N}\mathrm{G}\mathrm{P}\mathrm{R}\mathrm{O}\mathrm{X}\mathrm{I}\mathrm{M}\mathrm{I}\mathrm{T}{\mathrm{Y}}_{ij}\left(t\right)+w_3\mathrm{R}\mathrm{A}\mathrm{N}\mathrm{G}{\mathrm{E}}_{ij}\left(t\right).$$

If curvilinear track progress s is available, we bias toward the approaching neighborhood:

$$q_{ij}\left(t\right)\leftarrow q_{ij}\left(t\right)+w_4\mathrm{A}\mathrm{P}\mathrm{P}\mathrm{R}\mathrm{O}\mathrm{A}\mathrm{C}\mathrm{H}\mathrm{R}\mathrm{E}\mathrm{L}\mathrm{E}\mathrm{V}\mathrm{A}\mathrm{N}\mathrm{C}{\mathrm{E}}_{ij}\left(t\right),$$

thereby favoring nodes likely to reach the hazard footprint within ${\tau }_t$.

Practical Fanout Choice

The fanout k is intentionally kept small (typically $k\in [1,4]$) because the safety channel is congestion-sensitive. Redundancy is instead provided by TTL-limited re-forwarding and anti-entropy repair.

5.5. Scheduling and Congestion Behavior (k, $\Delta$, ${\tau }_t$, and TTL)

Algorithm 1 exposes four main parameters: (i) fanout k, (ii) anti-entropy period $\Delta$, (iii) time expiry horizon ${\tau }_t$, and (iv) hop budget TTL.

To reduce collapse risk under high channel occupancy, nodes adapt only k and $\Delta$ using local observables, such as queue occupancy or channel-busy ratio. k is reduced first, and $\Delta$ is increased only if pressure persists. By contrast, ${\tau }_t$ and the initial ${\mathtt{TTL}}_0$ remain fixed per session so that protocol semantics remain reproducible and the bounded-validity interpretation is preserved.

Scalability Interpretation

Scalability is intentionally local rather than network-wide: HEO targets bounded racing packs and fixed track geometry, not open-ended urban VANET scale. As node density or hazard-event rate increases, latency grows non-linearly because contention rises while the protocol deliberately reduces effective spread through bounded fanout and suppression. The relevant question is therefore not whether flooding scales indefinitely but whether bounded local awareness remains acceptable before broadcast collapse.

5.6. Anti-Entropy Repair: Compact Summaries and Selective Pull

Anti-entropy exchanges a compact summary of active unexpired hazards:

$$\mathrm{D}\mathrm{I}\mathrm{G}\mathrm{E}\mathrm{S}\mathrm{T}\mathrm{S}\mathrm{U}\mathrm{M}\mathrm{M}\mathrm{A}\mathrm{R}\mathrm{Y}\left({\mathcal{M}}_i\right)=\{(key,{\mathcal{M}}_i\left[key\right].ts):{\mathcal{M}}_i\left[key\right] \mathrm{unexpired}\}.$$

Peers request only missing or newer keys via PullMissing, and only the corresponding compact digests are returned. Repair bandwidth therefore scales with the number of recent active hazards, not with the total number of sectors.

5.7. Bounded-Time Convergence (Operational View)

The protocol does not rely on asymptotic eventual-consistency claims. Instead, convergence is interpreted operationally as bounded-time neighborhood coverage: expiry ${\tau }_t$ bounds temporal relevance, TTL bounds spatial spread, $\mathrm{T}\mathrm{O}\mathrm{P}\mathrm{K}\mathrm{N}\mathrm{E}\mathrm{I}\mathrm{G}\mathrm{H}\mathrm{B}\mathrm{O}\mathrm{R}\mathrm{S}$ bounds per-node transmissions, and anti-entropy improves robustness under loss. Evaluation therefore reports $T_{50}$, $T_{95}$, PRR/PIR, and actionability corridors rather than only average latency.

5.8. Security and Auditability (Aligned with Section 3.10)

The implementation follows the graded trust strategy defined in Section 3.10: (i) CRC-8 before any merge, (ii) freshness $\left({\tau }_t\right)$ plus receiver acceptance window W, (iii) timestamp-dominance merge semantics, (iv) policy-gated authenticity for M1/M2 when $\mathtt{SEV}\ge \theta$, and (v) epidemic redundancy plus push–pull repair for resilience.

5.8.1. Scope Note

These mechanisms define a latency-aware trust architecture for hazard dissemination, but they should not be interpreted as a full adversarial validation campaign. In this manuscript, the security plane is specified and integrated into the protocol semantics; dedicated spoofing, DoS, and Sybil benchmarking remain future work.

5.8.2. Auditability

All accepted digests, merge decisions, sender corroborations, and verified security modes are logged locally together with event-triggered MDF snapshots. This enables post hoc reconstruction of hazard provenance and consistency checks against physical evidence even when cloud connectivity is unavailable.

Algorithm 1 Randomized gossip for hazard micro-maps (bounded-time, TTL-limited; policy-gated security).

INPUT: Fanout k, anti-entropy period $\Delta$, time expiry window ${\tau }_t$, acceptance window W, initial hop budget ${\mathtt{TTL}}_0$, authentication threshold $\theta$

1: Each node $v_i$ maintains ${\mathcal{M}}_i\left[key\right]$, duplicate cache ${\mathcal{C}}_i$ (bounded LRU), and neighbors ${\mathcal{N}}_i\left(t\right)$

2: function Key(pkg)

3:  return $(\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE})$

4: end function

5: function DKey(pkg,SRC)

6:  return $(\mathtt{SRC},\mathtt{SECTOR}\_\mathtt{ID},\mathtt{OFFSET}\_\mathtt{Q},\mathtt{HAZ}\_\mathtt{TYPE},\mathtt{TIMESTAMP})$

7: end function

8: function RequireAuth(SEV)

9:  return $(\mathtt{SEV}\ge \theta )$

10: end function

11: function ModeValid(pkg)

12:  infer $mode$ from packet length or link header

13:  if RequireAuth(pkg.SEV) and $mode=\mathrm{M}0$ then

14:    return false

15:  end if

16:  if $mode\in \{\mathrm{M}1,\mathrm{M}2\}$ then

17:    verify MAC/AEAD

18:  end if

19:  return verification result (or true for M0)

20: end function

21: procedure OnDetectHazard(sector, offsetQ, type, sev, footprintQ)

22:  build ${\mathtt{pkg}}_{\mathrm{base}}$ as in Table 2

23:  set $\mathtt{pkg}.\mathtt{TTL}\leftarrow {\mathtt{TTL}}_0$, compute $\mathtt{CRC}\mathtt{8}$ over base fields

24:  append authentication only if required by policy

25:  $key\leftarrow \mathrm{K}\mathrm{E}\mathrm{Y}\left(\mathtt{pkg}\right)$

26:  ${\mathcal{M}}_i\left[key\right]\leftarrow \langle val,\mathtt{TIMESTAMP},mode,\left\{i\right\}\rangle$

27:  insert $\mathrm{D}\mathrm{K}\mathrm{E}\mathrm{Y}(\mathtt{pkg},i)$ into ${\mathcal{C}}_i$

28:  send $\mathtt{pkg}$ to $\mathrm{T}\mathrm{O}\mathrm{P}\mathrm{K}\mathrm{N}\mathrm{E}\mathrm{I}\mathrm{G}\mathrm{H}\mathrm{B}\mathrm{O}\mathrm{R}\mathrm{S}({\mathcal{N}}_i,k)$       ▹ immediate first-hop push

29: end procedure

30: procedure OnReceive(pkg,SRC)

31:  $dkey\leftarrow \mathtt{D}\mathtt{K}\mathtt{E}\mathtt{Y}(\mathtt{pkg},\mathtt{SRC})$, $key\leftarrow \mathtt{K}\mathtt{E}\mathtt{Y}\left(\mathtt{pkg}\right)$

32:  if  $\neg \mathtt{C}\mathtt{R}\mathtt{C}\mathtt{8}\mathtt{O}\mathtt{K}\left({\mathtt{pkg}}_{\mathrm{base}}\right)$  or  $\neg \mathtt{N}\mathtt{O}\mathtt{T}\mathtt{E}\mathtt{X}\mathtt{P}\mathtt{I}\mathtt{R}\mathtt{E}\mathtt{D}(\mathtt{pkg},{\tau }_t)$  or  $\neg \mathtt{W}\mathtt{I}\mathtt{T}\mathtt{H}\mathtt{I}\mathtt{N}\mathtt{W}\mathtt{I}\mathtt{N}\mathtt{D}\mathtt{O}\mathtt{W}(\mathtt{pkg},W)$  then

33:    return

34:  end if

35:  if $dkey\in {\mathcal{C}}_i$  then

36:    return

37:  end if

38:  if  $\neg \mathtt{M}\mathtt{O}\mathtt{D}\mathtt{E}\mathtt{V}\mathtt{A}\mathtt{L}\mathtt{I}\mathtt{D}\left(\mathtt{pkg}\right)$ or  $\mathtt{I}\mathtt{S}\mathtt{I}\mathtt{M}\mathtt{P}\mathtt{L}\mathtt{A}\mathtt{U}\mathtt{S}\mathtt{I}\mathtt{B}\mathtt{L}\mathtt{E}\left(\mathtt{pkg}\right)$  then

39:    return

40:  end if

41:  insert $dkey$ into ${\mathcal{C}}_i$

42:  if  $key\notin {\mathcal{M}}_i$ or  $\mathtt{pkg}.\mathtt{TIMESTAMP}>{\mathcal{M}}_i\left[key\right].ts$  then

43:    ${\mathcal{M}}_i\left[key\right]\leftarrow \langle val,\mathtt{TIMESTAMP},mode,\left\{\mathtt{SRC}\right\}\rangle$

44:  else if  $\mathtt{pkg}.\mathtt{TIMESTAMP}={\mathcal{M}}_i\left[key\right].ts$  then

45:    update corroboration: ${\mathcal{M}}_i\left[key\right].srcset\leftarrow {\mathcal{M}}_i\left[key\right].srcset\cup \left\{\mathtt{SRC}\right\}$

46:  end if

47:  if  $\mathtt{pkg}.\mathtt{TTL}>0$ and  UsefulToForward(pkg,${\tau }_t$)  then

48:    ${\mathtt{pkg}}^{\prime }\leftarrow \mathtt{D}\mathtt{E}\mathtt{C}\mathtt{R}\mathtt{E}\mathtt{M}\mathtt{E}\mathtt{N}\mathtt{T}\mathtt{T}\mathtt{T}\mathtt{L}\left(\mathtt{pkg}\right)$

49:    send ${\mathtt{pkg}}^{\prime }$ to $\mathtt{T}\mathtt{O}\mathtt{P}\mathtt{K}\mathtt{N}\mathtt{E}\mathtt{I}\mathtt{G}\mathtt{H}\mathtt{B}\mathtt{O}\mathtt{R}\mathtt{S}({\mathcal{N}}_i,k)$

50:  end if

51: end procedure

52: procedure  AntiEntropyRound $\Delta$

53:  select peer $j\sim {\mathcal{N}}_i\left(t\right)$ (uniform or quality-weighted)

54:  exchange $\mathtt{D}\mathtt{I}\mathtt{G}\mathtt{E}\mathtt{S}\mathtt{T}\mathtt{S}\mathtt{U}\mathtt{M}\mathtt{M}\mathtt{A}\mathtt{R}\mathtt{Y}\mathtt{\left(}{\mathcal{M}}_i\right)$ with $v_j$

55:  request missing/newer keys via PullMissing

56:  merge returned digests via timestamp dominance and the acceptance predicate

57: end procedure

5.9. Recommended Parameterization and Traceability to H1–H3

Critical-Path Clarification

Algorithm 1 governs the mesh-critical path for ephemeral safety knowledge and is explicitly infrastructure-independent. By contrast, H1 evaluates the durable edge → gateway → cloud MQTT path used for auditability and long-horizon learning, whereas H2 evaluates mesh/sidelink hazard dissemination through time-to-coverage, PRR/PIR, AoI, and actionability corridors. H3 evaluates post-session stability-constrained co-design on aggregated evidence from successive real sessions with mechanical setup changes.

Table 5. Recommended mesh parameters for bounded-time hazard dissemination at race pace. Values are conservative defaults for reproducibility; deployments may adapt $(k,\Delta )$ online using local channel load without changing protocol semantics.

Param.	Symbol	Range	Default	Unit	Operational Rationale
Fanout	k	1–4	2	peers	Bounds transmissions; redundancy is recovered through TTL re-forward and anti-entropy.
Anti-entropy period	$\Delta$	25–150	75	ms	Repair cadence; trades loss recovery against overhead.
Time expiry window	${\tau }_t$	5–15	10	s	Bounds temporal relevance; avoids stale cross-lap persistence.
Initial hop budget	${\mathtt{TTL}}_0$	4–12	8	hops	Bounds spatial spread and limits flooding.
Acceptance window	W	250–1500	750	ms	Replay-limiting window; absorbs modest clock offsets.
Auth threshold	$\theta$	8–12	10	severity	Requires M1/M2 when $\mathtt{SEV}\ge \theta$.

summarizes the recommended default parameter ranges used for bounded-time hazard dissemination at race pace.

6. Experimental Setup and Validation Protocol

This section specifies the experimental protocol used to validate NMLP and to make the evidence reported in Section 7 reproducible and auditable. Consistent with the architectural separation introduced in Section 3, we distinguish three planes: (i) low-rate durable events transported through the edge → gateway → cloud MQTT path (H1), (ii) ephemeral safety dissemination over the mesh/sidelink plane (H2; evaluated with the ns-3+SUMO Mode 4/PC5 stack in Section 4.11), and (iii) high-rate telemetry logged locally as lossless MDF4 for deterministic replay, maneuver-level analysis, and pilot co-design assessment (H3 and supporting segmentation validation).

For H3, the evidence is based on successive real sessions with mechanical setup changes rather than on a purely synthetic optimization loop. MDF4 replay is used to ensure auditability and deterministic recomputation, but the underlying comparison corresponds to real successive riding sessions under baseline and mechanically adjusted conditions.

6.1. Testbed Overview and Measurement Points

Figure 14 summarizes the telemetry-in-the-loop (TiL) pipeline and its measurement points. The edge node acts as the orchestrator and branches into: (i) the logging plane (MDF4, lossless evidence), (ii) the durable MQTT plane (H1 latency decomposition), and (iii) the safety mesh plane (hazard digests + gossip audit logs). Measurement points MP1–MP4 define where timestamps and decision logs are recorded for hop-level accounting and auditability.

6.2. Clocking, Offset Calibration, and Latency Accounting (MQTT Plane)

6.2.1. Hop-Level Accounting (No Cross-Node Synchronization Required)

Stage latencies for edge → gateway and gateway → cloud are computed as local receive-minus-transmit deltas recorded at each stage and joined by message identifier. This requires monotonic local clocks per device but not absolute clock synchronization across devices.

6.2.2. End-to-End Accounting (Offset-Calibrated)

End-to-end latency is estimated as

$$T_{e2e}=t_{rx}^{cloud}-\left(t_{tx}^{edge}+\widehat{o}\right),$$

(17)

where $\widehat{o}$ is the estimated edge-to-cloud clock offset. The offset is refreshed periodically using heartbeat events and conservative RTT-based filtering. Residual drift is handled by periodic recalibration and outlier rejection.

6.2.3. Acceptance Window for Freshness

To align with freshness and replay checks, we define an acceptance window W such that an event is treated as fresh if

$$|(t_{rx}^{cloud}-\widehat{o})-t_{tx}^{edge}|\le W.$$

This window upper-bounds residual offset error and benign jitter, reducing false freshness violations while still limiting replay value.

Table 6. Global timing parameters and synchronization constraints for MQTT telemetry, mesh suppression, and replay mitigation.

Symbol	Functional Meaning	Architectural Application
${\mathrm{TTL}}_{\mathrm{hop}}$	Hop budget: maximum number of re-transmissions.	Mesh plane: limits uncontrolled spread in Algorithm 1.
${\tau }_t$	Expiry window: temporal validity of a hazard state.	Micro-map validity and stale-hazard suppression.
$\Delta$	Anti-entropy period: cadence for push–pull repair.	Mesh consistency and dissemination robustness.
W	Acceptance window: tolerance for skew and replay limiting.	Durable-path freshness accounting and replay mitigation.

summarizes the timing parameters and synchronization constraints used across the durable MQTT path and the mesh plane.

6.3. Telemetry-in-the-Loop (TiL) and Local Logging (MDF4)

6.3.1. Signal Ingestion and Deterministic Replay

CAN frames are decoded using the session DBC and persisted as MDF4 (ASAM MDF 4.x) for lossless replay. This allows deterministic reprocessing of: (i) Skill Atom boundaries, (ii) maneuver-level features and outcomes ${\varphi }_k$, and (iii) competence/volatility updates.

6.3.2. H3 Evidence Source: Successive Real Sessions with Mechanical Changes

The H3 evidence is based on successive real riding sessions in which a mechanically adjusted configuration was tested after a baseline session. The MDF4 replay pipeline is used to recompute atom boundaries, aligned features, and stability metrics identically for both sessions, but the underlying evidence comes from real session data rather than from a synthetic simulation or hidden optimizer state.

6.3.3. Channels and Sampling

For the pilot case study summarized later in the H3 results section, the replay uses 37 synchronized channels and $20,000$ samples per condition at 1 kHz, corresponding to paired baseline and optimized windows of 10 s each. The 1 kHz rate is sufficient for short maneuver phases and stable derivative estimates (e.g., jerk and slip dynamics).

6.3.4. Audit Trail

Each MDF file stores raw channels, atom boundary markers, per-atom feature vectors, and evolving triplets $(r,\mathrm{RD},\sigma )$. Event-triggered snapshots are linked to message identifiers so that cloud-visible events, local warnings, and post-session setup recommendations can all be traced back to replayable evidence.

Table 7. Auditable artifacts produced per session. These artifacts are sufficient to reconstruct the evidence reported in Section 7.

Artifact	Contents	Used to Reproduce
MDF4 trace	High-rate channels + atom markers + triplets	H3 recomputation; deterministic replay; forensic audit
Event log (CSV/JSON)	msg-id, $t_{tx}^{edge}$, type, severity, sector, digest fields	H1 join, loss accounting, freshness checks
Gateway hop log	msg-id, $t_{rx}^{gw}$, $t_{tx}^{gw}$	Stage decomposition (H1)
Cloud ingest log	msg-id, $t_{rx}^{cloud}$	E2E quantiles (H1)
Mesh merge log	DKey, $t_{rx}^{mesh}$, merge outcome, TTL decay	Mesh-plane auditability and local micro-map reconstruction

lists the auditable artifacts produced per session and their role in reproducibility.

6.4. H2 Mesh/Sidelink Evaluation Protocol (ns-3 + SUMO, C-V2X Mode 4/PC5)

H2 evaluates the ephemeral safety plane using the standard-aligned packet-level stack in Section 4.11 (ns-3 + SUMO, C-V2X Mode 4/PC5). Mobility traces represent closed-circuit racing packs at high speed with varying density ($N=\{5,15,30\}$). The dissemination logic of Algorithm 1 is implemented at the application layer above sidelink.

6.4.1. Definition of Time-to-Coverage

For each injected hazard digest at source node $v_r$ at time $t_0$, we record the first reception time $t_{rx}\left(v\right)$ for each vehicle v in the target neighborhood $\mathcal{B}$. The empirical coverage function is

$$C\left(t\right)={\displaystyle \frac{1}{\left|\mathcal{B}\right|}}\sum _{v\in \mathcal{B}}\mathbb{I}\left[t_{rx}\left(v\right)\le t\right].$$

We then define $T_{50}$ and $T_{95}$ as the smallest t such that $C\left(t\right)\ge 0.50$ and $C\left(t\right)\ge 0.95$, respectively.

6.4.2. Reception Metrics Under Load

PRR/PDR is computed as the fraction of successfully received digests over transmitted digests at the application layer. PIR is reported as the median inter-arrival time between successive successfully received hazard-related messages at receivers within $\mathcal{B}$.

6.4.3. Reported H2 Outputs

The H2 outputs reported later include $(T_{50},T_{95})$, PRR/PDR, and PIR across sparse, medium, and dense packs, with actionability interpreted through the uncertainty budget using the along-track expansion $v·T_{95}$.

6.5. Datasets and Ground Truth

6.5.1. H1 (MQTT Durable Path)

Latency decomposition uses joined message identifiers across MP1–MP2 with $n=1740$ discrete events.

6.5.2. H2 (Mesh/Sidelink)

Dissemination metrics are computed from ns-3 logs over the target pack $\mathcal{B}$ using repeated seeds, repeated hazard injections, and standardized scenario definitions.

6.5.3. H3 (Successive Real Sessions with Mechanical Changes)

Co-design evidence is derived from successive real riding sessions comparing a baseline setup and a mechanically adjusted setup. MDF4 replay is then used to recompute the pilot metrics, ensuring that the comparison remains auditable and deterministic. The inferential units are paired windows, atoms, laps, or sector aggregates, not raw 1 kHz samples.

6.5.4. Supporting Segmentation Validation

Skill Atom boundary fidelity is evaluated on $n=100$ expert-labeled segments (50 AS + 50 CE) with validated temporal boundaries.

Table 8. Validation summary and experimental scale linking hypotheses to data artifacts and effective analysis units.

Hypothesis	Plane	Data Source/Artifact	Experimental Scale/Analysis Unit
H1: Durable	Cloud/MQTT	E2E latency joins via msg-id	$n=1740$ discrete events
H2: Mesh	V2V/ns-3	Dissemination logs over pack $\mathcal{B}$	$N\in \{5,15,30\}$ nodes × repeated seeds and hazard injections
H3: Co-design pilot	MDF4/real sessions	Paired baseline-vs.-mechanically adjusted sessions	Paired windows/atoms/laps/sector aggregates; raw 1 kHz traces underlying replay
Support	Labeling	Expert-annotated intervals	$n=100$ gold-standard segments

summarizes the mapping from hypotheses to artifacts and effective analysis units.

6.6. Threats to Validity

6.6.1. Connectivity Generalization (H1)

MQTT statistics reflect an instrumented deployment and should not be generalized without replication across different radio conditions, handover regimes, broker placements, and gateway configurations.

6.6.2. Modeling Assumptions (H2)

Mode 4 sidelink performance depends on SPS configuration, channel models, and traffic assumptions. We mitigate this through documented parameters and density sweeps, but broader channel conditions and hardware-in-the-loop validation remain future work.

6.6.3. Clock Offset Residuals (H1)

End-to-end accounting depends on offset calibration (Section 6.2). We therefore report hop-level distributions in addition to E2E latencies.

6.6.4. Segmentation Scope (Support)

Atom labeling remains finite ($n=100$) and limited to AS/CE. A broader atom vocabulary and multi-session validation would better quantify boundary ambiguity under varying conditions.

6.6.5. Causal Attribution Limits (H3)

Although H3 is grounded in successive real sessions with mechanical changes, attribution remains conditioned on the observed sessions and their environmental context. More extensive replicated A/B protocols, counterfactual controls, and larger rider/session cohorts would be needed to isolate setup effects from rider adaptation, temperature, tire evolution, and learning effects.

7. System Implementation and Results

To validate the proposed continuum and the Nested Learning method (Section 3, Section 4 and Section 5), we implemented a prototype termed the NMLP (Nested Motorsport Learning Platform). This section reports: (i) the prototype stack spanning edge–gateway–cloud and the mesh safety plane, (ii) the quantitative evidence supporting H1–H3, and (iii) the audit artifacts that make the reported results traceable to replayable raw evidence. Throughout, we explicitly separate durable offloading (MQTT, non-critical) from ephemeral safety dissemination (edge–mesh/sidelink and critical path), consistent with the architectural separation introduced earlier.

To avoid overclaiming, H1 and H2 are presented as communication-plane evidence, whereas H3 is presented as pilot case-study evidence from successive real sessions with mechanical setup changes, supported by deterministic MDF4 replay and aggregated post-session analysis rather than by a live autonomous in-race controller.

7.1. Prototype Stack, Instrumentation, and Data Fabric (Edge–Gateway–Cloud + Mesh)

The implementation follows the continuum described in Section 3:

• Edge (Bronze): a Jetson-class Linux embedded node ingests ECU telemetry over CAN via SocketCAN, executes low-latency Skill Atom segmentation, computes atom metadata and volatility-related state, and persists raw/high-rate signals plus atom-aligned metadata into ASAM MDF 4.x for deterministic replay and auditability.
• Mesh (Silver): the safety plane disseminates hazard micro-maps via the TTL-bounded randomized gossip protocol (Algorithm 1) using the fixed-size hazard digest with explicit time validity (${\tau }_t$) and hop validity (TTL).
• Gateway/Broker (Continuum Spine): a lightweight MQTT stage receives low-rate event and atom-summary messages from the edge and relays them to the cloud. This stage is instrumented explicitly for H1 through hop-level timestamps.
• Cloud (Gold): storage, aggregation, reporting, and post-session co-design over uploaded summaries and session artifacts.

Table 9. Prototype implementation stack and measurement hooks. The table makes the prototype auditable by reporting components, key configuration assumptions, and where latency timestamps are captured.

Layer	Components	Key Configuration	Instrumentation
Edge (Bronze)	SocketCAN ingest; DBC decode; Skill Atom FSM; aligned feature extraction; MDF writer	CAN 2.0B/CAN-FD; synchronized timeline; ASAM MDF 4.x; atom triggers per Equation (4)	$t_0$: edge enqueue/publish; per-atom logs; hazard digest emission logs
Mesh (Silver)	Hazard digest + randomized gossip micro-map exchange	84-bit base digest; fanout k; anti-entropy period $\Delta$; expiry ${\tau }_t$; TTL	Per-digest TX/RX stamps; merge decisions; corroboration; TTL decay; expiry drops
Gateway/Broker	MQTT receive/relay stage	Low-rate atom/event payloads; QoS-configured durable path	$t_1$: gateway receive; $t_2$: gateway forward/publish-to-cloud
Cloud (Gold)	Ingest + storage + analytics + reporting + co-design search	Session artifact uploads; atom-summary aggregation; replay pointers	$t_3$: cloud receive; end-to-end join by msg-id

summarizes the concrete stack and the measurement hooks used for latency decomposition and loss accounting.

Auditable Artifacts Produced per Session

The prototype yields four core artifacts that are sufficient to reproduce the reported tables: (i) MDF4 traces containing synchronized raw channels, atom markers, and triplet states; (ii) edge event logs (msg-id, $t_{\mathrm{edge}}^{tx}$, type, severity, sector, and digest fields); (iii) gateway hop logs ($t_{\mathrm{gw}}^{rx},t_{\mathrm{gw}}^{tx}$); and (iv) cloud ingest logs ($t_{\mathrm{cloud}}^{rx}$). For the safety plane, mesh merge logs additionally store DKey, merge outcome, and TTL decay, enabling post hoc reconstruction of the local micro-map state.

7.2. Human-Facing Layer: Setup Ledger for Explainable Co-Design (Illustrative)

A recurrent system concern is the bridge from model outputs to race engineering practice: what exactly is being recommended, based on what evidence, and with what governance trace? NMLP addresses this through a human-facing Setup Ledger, which converts atom-level evidence into emphmechanic-actionable proposals while preserving explicit linkage to raw telemetry and event identifiers.

7.2.1. Role of the Ledger

The Setup Ledger is designed to: (i) keep the mechanic explicitly in the loop as the actuator of setup change, (ii) link each proposal to one or more Skill Atoms and to the associated stability state, and (iii) preserve “what-knew-when” traceability through references to MDF4 snapshots and message identifiers.

7.2.2. Evidence Pillars

Each ledger entry binds:

1.

Trigger and scope: anomaly class, atom type, and track context.

2.

Stability state: current volatility/risk indicators used by the supervisory gate.

3.

Optional aligned human context: rider notes mapped to the same atom window.

4.

Bounded proposal: a trust-region-limited $\Delta z$ plus the supporting technical references and evidence pointers.

7.2.3. Illustrative Status

The ledger UI is illustrative rather than a source of quantitative claims; its purpose in the manuscript is to clarify operator workflow and governance, not to introduce additional measured performance metrics.

7.3. H1: Durable Continuum Communication Performance (MQTT Latency Decomposition)

H1 validates the durable knowledge plane by decomposing MQTT latency over $n=1740$ discrete events joined by message identifier across edge, gateway, and cloud logs. We report hop-wise and end-to-end percentiles, maximum observed latency, and observed loss.

Table 10. MQTT latency decomposition summary (H1; $n=1740$ events). Values are in milliseconds.

Stage	p50	p95	p99	Max	Observed Loss (%)
Edge → Gateway	9.81	16.48	18.60	25.10	0.00
Gateway → Cloud	71.95	159.40	185.63	289.71	0.00
End-to-End	83.24	175.88	204.23	303.74	0.00

reports the hop-wise and end-to-end latency decomposition, and

Table 11. Latency-to-distance interpretation for H1 at $v\approx 300\mathrm{km}/\mathrm{h}\approx 83.33\mathrm{m}/\mathrm{s}$.

E2E Statistic	Latency (ms)	Blind Distance (m)
p50	83.24	6.94
p95	175.88	14.66
p99	204.23	17.02
Max	303.74	25.31

translates the end-to-end statistics into race-pace blind distance.

7.3.1. Interpretation

These results characterize the durable plane only. Even the $p_{95}$ end-to-end delay corresponds to almost 15 meters of travel at race pace, and the maximum exceeds 25 m. This is precisely why HEO does not treat the MQTT/cloud path as a reflexive warning channel.

7.3.2. Scope Note

The reported MQTT statistics are from a specific instrumented run and should not be overgeneralized to all broker placements, handover conditions, or radio regimes. For this reason, the manuscript reports hop-wise distributions in addition to end-to-end aggregates.

7.4. Supplementary Architectural Baseline: Why the Safety Plane Must Be Local

The values in

Table 12. System-level safety baseline comparison: cloud-mediated alerting vs. local edge–mesh dissemination.

Alerting Plane	Latency (ms)	Blind Distance at 300 km/h (m)
Cloud-mediated alerting (baseline)	225.0	18.75
Edge–mesh hazard dissemination	12.5	1.03

are architectural reference values used to illustrate the order-of-magnitude separation between cloud-mediated visibility and local safety dissemination. The local value is aligned with the sparse-pack H2 regime, whereas the cloud-mediated value is a conservative reference representative of infrastructure-mediated alerting delays.

Interpretation

This comparison is useful because it separates two distinct questions: H1 shows that cloud offloading is acceptable for durable visibility and auditability, while the safety baseline above shows why immediate hazard warning must remain local. The point is not “cloud vs. edge” as a slogan but the measurable difference between a non-critical durable plane and a local warning plane.

7.5. H2: Ephemeral V2V Hazard Dissemination Under Uncertainty (Mesh/Sidelink)

H2 evaluates the ephemeral safety plane: bounded-time dissemination of uncertainty-aware hazard digests over the mesh/sidelink layer. The evaluation follows the packet-level stack described earlier (ns-3 + SUMO, C-V2X Mode 4/PC5), with repeated seeds, repeated hazard injections, and density-controlled racing-pack scenarios.

7.5.1. Scenario Definition

Mobility traces represent closed-circuit racing packs at high speed with density $N\in \{5,15,30\}$, corresponding to sparse, medium, and dense conditions. Dissemination metrics are computed over the target pack $\mathcal{B}$, and $T_{50}$/$T_{95}$ are measured relative to the injection time $t_0$ of each hazard digest.

7.5.2. Reported Metrics

We report: (i) time-to-coverage ($T_{50},T_{95}$), (ii) PRR/PDR, (iii) packet inter-reception (PIR), and (iv) actionability interpreted through the uncertainty budget using the along-track expansion $v·T_{95}$.

Table 13. H2 dissemination metrics (mesh/sidelink) over C-V2X Mode 4/PC5. Metrics are aggregated over repeated seeds, repeated hazard injections, and standardized sparse/medium/dense racing-pack scenarios.

Scenario	${\mathrm{T}}_{50}$ (ms)	${\mathrm{T}}_{95}$ (ms)	PRR/PDR (%)	PIR (ms)
Sparse pack ($N=5$)	4.2	12.5	99.8	15.0
Medium pack ($N=15$)	8.7	26.3	96.5	35.2
Dense pack ($N=30$)	15.1	48.9	91.2	72.4

summarizes the resulting dissemination metrics across sparse, medium, and dense pack conditions.

7.5.3. Actionability Under Uncertainty

At $v\approx 83.33\mathrm{m}/\mathrm{s}$, the dense-pack $T_{95}=48.9$ ms corresponds to an along-track expansion of approximately $4.07$ m. Interpreted through the uncertainty corridor of Section 3.6, this remains tactically useful for a bounded local awareness plane: the receiver does not require point-accurate localization of the hazard but timely awareness of a risk corridor before the affected segment becomes unavoidable.

7.5.4. Scalability Interpretation

The increase in $T_{95}$ with pack density is non-linear, but it should not be read as uncontrolled collapse. In our interpretation, the curvature reflects a contention-limited regime caused by denser SPS competition/channel occupancy together with the protocol’s own conservative fanout behavior under load. In other words, the system begins trading breadth for freshness preservation before reaching full broadcast collapse; it does not scale linearly because it is intentionally designed to remain bounded and suppression-aware under stress.

7.6. Supporting Validation: Skill Atom Segmentation Fidelity (AS and CE)

Skill Atom segmentation fidelity is reported as supporting evidence for maneuver-level aggregation and attribution rather than as a primary hypothesis.

Table 14. Skill Atom segmentation summary (supporting validation; expert-labeled intervals).

Atom	n	Precision	Recall	F1	Mean IoU
AS (Apex Stability)	50	0.64	1.00	0.7805	0.6007
CE (Corner Exit)	50	1.00	1.00	1.0000	0.8949

summarizes precision, recall, F1, and mean IoU over $n=100$ expert-labeled intervals (50 AS + 50 CE).

Interpretation

AS shows perfect recall but lower precision, consistent with a deliberately conservative entry into the apex-stability band; CE achieves near-ideal overlap and boundary agreement. This supports the use of Skill Atoms as aggregation units for later attribution and co-design.

7.7. H3: Stability-Driven Co-Design and Attribution (Jerez Pilot Case Study)

H3 evaluates co-design through two complementary artifacts: (i) stability outcomes computed on paired baseline-vs.-optimized windows and (ii) a representative sector-level attribution table that decomposes timing deltas into setup, rider, and interaction components.

7.7.1. Physical Environment and Evidence Scope

H3 is based on successive real Jerez sessions with mechanical setup changes, processed through deterministic MDF4 replay for auditability and recomputation, not on hidden simulator states or an online adaptive controller. The reported baseline and optimized conditions correspond to paired windows recomputed offline from synchronized telemetry so that atom boundaries, aligned features, volatility updates, and attribution can all be regenerated from the same raw evidence. The evidence should therefore be interpreted as pilot case-study evidence under the observed study conditions rather than as broad generalization across riders, tracks, tire states, or environmental conditions.

7.7.2. Channels and Sampling

For the paired baseline-vs.-optimized comparison, the replay uses 37 synchronized channels and $20,000$ samples per condition at 1 kHz, corresponding to 10 s baseline + 10 s optimized windows. The 1 kHz rate supports short maneuver phases and stable derivative estimates (e.g., jerk and slip dynamics) without obvious aliasing.

7.7.3. Stability Outcomes (Windowed Aggregates)

Over the paired windows, the optimized condition reduces the wheel-slip proxy from $6.26$ to $3.75$ ($-40.10\%$) and reduces control volatility from $0.1290$ to $0.0212$ ($-83.58\%$). These values are reported on windowed aggregates and are consistent with the stability-first co-design objective.

Table 15. Stability outcomes for H3 (paired baseline-vs.-optimized windows; Jerez pilot case study).

Metric	Baseline	Optimized	Relative Change
Wheel-slip proxy (%)	6.26	3.75	$-40.10\%$
Control volatility ($\sigma$)	0.1290	0.0212	$-83.58\%$

summarizes the paired stability outcomes.

7.7.4. Representative Sector Attribution

We decompose representative sector time deltas into setup, rider, and other/interaction shares using the convention reported in

Table 16. Representative time-loss attribution by sector. Convention: $\Delta t=t_{\mathrm{baseline}}-t_{\mathrm{optimized}}$.

Sector	${\mathit{t}}_{\mathbf{base}}$ (s)	${\mathit{t}}_{\mathbf{opt}}$ (s)	$\mathit{\Delta }\mathit{t}$ (s)	Setup Share	Rider Share	Other Share
Sector_1	2.466763	2.466763	0.000000	–	–	–
Sector_2	2.398005	2.398005	0.000000	–	–	–
Sector_3	2.235602	2.235602	0.000000	–	–	–
Sector_4	2.455770	2.456291	−0.000521	0.6000	0.3000	0.1000
Total	9.556139	9.556660	−0.000521	0.6000	0.3000	0.1000

:

$$\Delta t=t_{\mathrm{baseline}}-t_{\mathrm{optimized}}.$$

7.7.5. Interpretation and Limitation

The sector attribution table is included as an auditable artifact rather than as a claim of causal disentanglement across all confounders. Together with the stability table, it supports a mechanic-facing bounded-update co-design workflow, but the evidence remains that of a pilot case study. Notably, in the analyzed pilot windows, the mechanically adjusted condition did not produce a net time gain at the aggregate sector level; the observed benefit is therefore interpreted primarily as a stability-oriented shift rather than as direct lap-time improvement.

7.8. Summary of Evidence and Traceability

The implementation produces three directly traceable evidence groups:

• H1 (durable plane): joined MQTT logs with hop-wise decomposition, no observed loss in the instrumented run, and latency-to-distance interpretation.
• H2 (safety plane): packet-level dissemination outputs ($T_{50}$, $T_{95}$, PRR/PDR, PIR, and actionability corridors) over density-controlled ns-3+SUMO Mode 4 scenarios.
• H3 (pilot co-design): paired MDF4-backed windows, stability aggregates, and a representative attribution artifact linking setup recommendations back to replayable telemetry.

Together, these artifacts support the core architectural claim of the paper: time-critical hazard knowledge should remain on a local bounded-validity safety plane, whereas durable learning, replay, and co-design can be consolidated asynchronously through the cloud.

8. Discussion

Section 7 provides a hybrid validation of the proposed continuum and Nested Learning Architecture (NLA) as an auditable human–machine workflow implemented in NMLP. Taken together, the reported evidence supports three operational conclusions aligned with H1–H3: (i) time-critical safety awareness is fundamentally local and should not depend on cloud acknowledgment; (ii) bounded-validity dissemination with TTL-limited forwarding and push–pull repair is appropriate for perishable hazards under intermittent links and broadcast stress; and (iii) stability-first co-design can move the rider–machine pair toward a safer operating regime by reducing maneuver-level volatility and slip proxies in the observed pilot sessions. Consistent with the scope of the paper, H1 and H2 are interpreted as communication-plane evidence, whereas H3 is discussed as pilot evidence from successive real sessions with mechanical setup changes, supported by deterministic MDF4 replay and maneuver-level aggregation.

Table 17. Evidence-to-implication synthesis (H1–H3), traceable to Section 7.

Hyp.	Primary Evidence (Section 7)	Design Implication/Operational Meaning
H1	MQTT staged and E2E latency quantiles (Table 10) mapped to blind distance (Table 11); tail dominance by gateway → cloud.	Cloud is appropriate for oversight, auditability, and long-horizon learning but not for reflexive hazard propagation. Safety loops must tolerate intermittent backhaul by keeping the critical path local/lateral (edge–mesh) while using the cloud as a durable sink for replicated evidence.
H2	Mesh/sidelink dissemination metrics under increasing broadcast stress (Table 13): $T_{50}$, $T_{95}$, PRR/PDR degradation with density, and PIR inflation under load.	Perishable hazards should be disseminated with bounded validity (TTL + time expiry) and evaluated through time-to-coverage and freshness, not eventual consistency. In the tested packs, the measured $T_{95}$ tails remain compatible with short-horizon tactical awareness, supporting footprint-based alerts and local-first warning logic.
H3	Stability outcomes (slip proxy and volatility reduction; Table 15) and representative maneuver-/sector-level attribution (Table 16).	Stability-first co-design can be operationalized as a safety-gated supervisory layer: intervene first on setup/electronics constraints to reduce instability before performance tuning. Because the evidence comes from successive real sessions with mechanical changes, attribution is useful for trust and engineering interpretation but should still be read as pilot case-study evidence rather than universal causal proof.

synthesizes the evidence-to-implication chain for H1–H3 and anchors the discussion in the reported artifacts from Section 7.

8.1. Latency as a Safety Quantity: From Milliseconds to Blind Distance

At race pace, latency is not an abstract network metric but a physical safety quantity. We therefore express the real-time implication of durable edge → gateway → cloud delays as a blind distance traveled before a low-rate event becomes visible at the platform:

$$D_{\mathrm{blind}}=v·T_{\mathrm{e}2\mathrm{e}},v=300\mathrm{km}/\mathrm{h}=83.33\mathrm{m}/\mathrm{s}.$$

(18)

Using the measured E2E distribution for the MQTT plane (Table 10), the median blind distance is ≈6.94 m, while tail events can exceed ≈25.31 m (Table 11). This mapping makes the architectural split operationally explicit: the cloud/strategy plane is appropriate for auditing and long-horizon learning, but a safety plane that requires cloud acknowledgment is incompatible with hazard micro-context at racing speeds.

8.1.1. Design Implication

Production deployments should enforce routing policies consistent with the HEO continuum: (i) ephemeral hazards must be deliverable laterally through the mesh plane within bounded validity (TTL + time expiry), and (ii) durable evidence should be captured locally (MDF4) to preserve auditability under backhaul intermittency. Cloud offloading remains valuable for replicated evidence and offline analytics, but it should not sit on the immediate warning path.

8.1.2. Traceability Note

All blind-distance values are computed directly from the E2E quantiles in Table 10 and reported explicitly in Table 11. Any diagnostic figure should reproduce those values without introducing additional measured claims beyond Section 7.

8.2. H2 Interpretation: Bounded-Time Coverage Under Broadcast Stress

The mesh plane is evaluated with dissemination metrics that are standard for local awareness studies (Table 13). As pack density increases from $N=5$ to $N=30$, two expected behaviors appear: (i) time-to-coverage tails increase ($T_{95}$ rises from 12.5 to 48.9 ms) and (ii) reception quality degrades (PRR/PDR drops from 99.8% to 91.2%), with corresponding PIR inflation (15.0 ms to 72.4 ms). Importantly, even the dense-pack $T_{95}$ remains within the short local horizon targeted by the safety plane, supporting the claim that ephemeral hazard warnings can remain tactically useful without cloud mediation in the tested regimes.

8.2.1. Actionability Under the Uncertainty Budget

Using the spatial–temporal uncertainty model (Section 3.6), dissemination delay expands the along-track hazard corridor by $v·\Delta t$.

Table 18. H2 actionability interpretation at race pace ($v=83.33\mathrm{m}/\mathrm{s}$). Distances correspond to $v·T$ for the time-to-coverage metrics in Table 13.

Scenario	${\mathit{T}}_{50}$ (ms)	$\mathit{v}·{\mathit{T}}_{50}$ (m)	${\mathit{T}}_{95}$ (ms)	$\mathit{v}·{\mathit{T}}_{95}$ (m)
Sparse pack ($N=5$)	4.2	0.35	12.5	1.04
Medium pack ($N=15$)	8.7	0.73	26.3	2.19
Dense pack ($N=30$)	15.1	1.26	48.9	4.07

translates the measured $T_{50}$ and $T_{95}$ values into conservative distance expansions at 300 km/h. These values motivate footprint-based digests (Section 3.9): instead of claiming point accuracy, the system renders a risk corridor whose extent is directly informed by delay and localization uncertainty.

8.2.2. Why the Scaling Is Non-Linear

The increase in $T_{95}$ with density is not interpreted as uncontrolled collapse but as a contention-limited regime under denser sidelink competition and conservative dissemination control. In other words, the system begins trading breadth for freshness preservation through bounded fanout, suppression, and repair before reaching full broadcast failure. This is the intended behavior of a local bounded-validity safety plane under stress.

8.2.3. Mesh vs. Cloud Tails

A key architectural implication is the order-of-magnitude separation between the durable cloud tail (H1; $p_{95}$ E2E implies $\sim 14.7$ m blind distance) and the dense-pack mesh $T_{95}$ implication (∼4.1 m). This gap supports the continuum design: cloud is a durable knowledge sink, whereas mesh preserves short-horizon tactical usefulness.

8.3. Why Gossip Is Appropriate for Perishable Hazards

The edge–mesh layer intentionally prioritizes timeliness over global determinism. A centralized system can enforce a single global truth, but at race pace it risks violating the time budget. Randomized gossip tolerates short-lived divergence among local hazard maps yet achieves rapid redundancy-driven coverage under loss. Staleness is bounded by time expiry and hop TTL (Algorithm 1), while anti-entropy repair compensates packet loss without requiring flooding.

A practical interpretation is that hazards are perishable information: a partially disseminated but fresh hazard can prevent incidents, whereas a fully disseminated but late hazard is operationally irrelevant. TTL decay, time expiry (${\tau }_t$), cache suppression, and selective push–pull repair jointly implement perishability semantics without requiring infrastructure connectivity.

Table 19. Deployment knobs for the hazard mesh (aligned with Section 5 and Table 6).

Knob	Operational Effect/Trade-Off
Fanout k	Higher k accelerates coverage but increases channel load; keep small under congestion and rely on repair.
Anti-entropy period $\Delta$	Smaller $\Delta$ improves repair under loss but increases control traffic; larger $\Delta$ reduces overhead but risks longer repair gaps.
Hop TTL ${\mathrm{TTL}}_{\mathrm{hop}}$	Bounds propagation radius/hops; too small risks early extinction, while too large increases stale-alert exposure.
Time expiry ${\tau }_t$	Bounds temporal relevance of micro-hazards and limits cache growth; should match track dynamics.
Acceptance window W	Stabilizes freshness checks under offset/jitter; too tight rejects valid alerts, while too loose enlarges replay tolerance.

summarizes the main deployment knobs for the hazard mesh and their operational trade-offs, aligned with Section 5 and Table 6.

8.4. From Descriptive Telemetry to Prescriptive Control via Volatility

Traditional telemetry pipelines are largely descriptive: they explain what happened after the fact. NLA becomes more prescriptive by elevating competence volatility $\sigma$ into a first-class variable in the supervisory logic (Section 4.7). High $\sigma$ signals unstable execution and elevated risk; the system therefore gates interventions toward stabilization before performance chasing. This is also a trust mechanism: recommendations justified by stability evidence (slip proxies, envelope violations, and volatility) are easier to operationalize than opaque heuristics.

In the reported pilot case study (Table 15), volatility decreases from 0.1290 to 0.0212 and the slip proxy from 6.26% to 3.75%. Because these values come from successive real sessions with mechanical setup changes, they are best interpreted as evidence of a regime shift under the observed study conditions, not as a universal performance law.

8.5. H3 Interpretation: Pilot Evidence from Successive Real Sessions

H3 is based on successive real riding sessions with mechanical setup changes, not on a purely synthetic optimization loop. MDF4 replay is used to recompute atom boundaries, aligned features, volatility states, and attribution deterministically, but the underlying comparison corresponds to observed baseline and mechanically adjusted riding conditions.

This distinction matters for interpretation. On the one hand, it strengthens the practical relevance of the result: the stability improvements arise from a real engineering workflow in which setup changes were physically applied. On the other hand, it also requires caution: the observed differences may still reflect rider adaptation, environmental drift, tire condition, and other session-to-session effects. For this reason, the attribution table is best read as an engineering interpretation artifact that helps to organize evidence and support mechanic trust rather than as definitive causal decomposition.

8.6. Supporting Validation: Segmentation Fidelity, Atom Ambiguity, and Update Robustness

Supporting segmentation results show that atom separability is atom-dependent (Table 14). CE is highly separable, while AS is harder: conservative banding yields perfect recall but lower precision. Two deployment implications follow: (i) competence and volatility updates should be confidence-weighted by boundary stability (e.g., IoU proxy/trigger margins), and (ii) short or ambiguous phases benefit from atom-dependent hysteresis and minimum-duration guards to prevent brittle updates.

8.7. Reproducibility and Governance: MDF4 + Event/Merge Logs as “What-Knew-When” Evidence

A core system requirement is auditability: the platform should support reconstruction of what it knew and when. NMLP combines: (i) MDF4 lossless traces for deterministic replay, (ii) low-rate event logs across hops (MQTT joins by msg-id), and (iii) mesh merge logs (digest acceptance/merge decisions). Together, these artifacts enable post hoc linkage from a warning to raw evidence and to dissemination dynamics (TTL decay and repair), even when the cloud is intermittent.

8.8. Limitations and Threats to Validity

The current evidence is strong for architectural feasibility and traceability, but it remains scoped.

8.8.1. Connectivity Generalization

H1 reflects one instrumented deployment; broader claims require replication across RF regimes, broker placements, gateway designs, and handover conditions.

8.8.2. Modeling Assumptions (H2)

Mode 4 sidelink performance depends on SPS configuration and channel assumptions. We mitigate this by documenting parameters and sweeping density, but future work should add richer channel conditions and hardware-in-the-loop validation.

8.8.3. Atom Vocabulary and Multi-Session Drift

Supporting segmentation evidence is limited to AS/CE and $n=100$ labeled segments. Extending to a broader atom vocabulary and multi-session conditions (tire wear, temperature, and fuel load) is necessary to quantify boundary ambiguity under drift.

8.8.4. Causal Isolation (H3)

Although H3 is grounded in successive real sessions with mechanical changes, causal attribution remains conditioned on the observed sessions. Multi-lap replicated A/B protocols, tighter environmental controls, and larger rider/session cohorts are needed to isolate setup effects from rider adaptation, temperature, tire evolution, and learning effects.

8.8.5. Security Posture

Freshness and TTL reduce replay value, but open deployments should further strengthen spoofing resistance through severity-gated authentication (Section 3.10) and physics-consistent plausibility checks.

9. Conclusions and Future Outlook

This paper presented a telecom-centered edge–mesh–cloud architecture for high-mobility hazard dissemination, together with its prototype instantiation in the NMLP. The central problem addressed is not generic cloud telemetry but the communication and system challenge of keeping short-lived hazard knowledge actionable at racing speeds under intermittent connectivity and broadcast stress. In this setting, latency is best understood as a physical quantity, and architectural decisions must be evaluated in terms of whether they preserve or destroy short-horizon tactical usefulness.

Across the reported validation, the results support two primary conclusions and one bounded pilot finding: (i) time-critical hazard knowledge should remain local and lateral (edge–mesh/sidelink) rather than depending on cloud acknowledgment; (ii) bounded-validity dissemination with TTL-limited forwarding and push–pull repair is a suitable mechanism for perishable hazards in high-mobility V2V/V2X settings; and (iii) stability-first co-design, when treated as a post-session supervisory layer, can move the rider–machine pair toward a safer operating regime in the observed pilot sessions. These conclusions are grounded in the traceable artifacts reported in Section 7 (Table 10, Table 11, Table 13, Table 15, and Table 16).

9.1. Summary of Contributions (Traceable to H1–H3)

The study contributes three actionable advances for high-speed latency-constrained systems:

1.

Critical-path separation in an edge–mesh–cloud continuum (H1). We formalized an edge–mesh–cloud continuum in which reflexive hazard awareness remains local, while the cloud is reserved for durable aggregation, replay, and long-horizon learning. The instrumented MQTT pipeline quantifies staged and end-to-end latency (Table 10) and its physical meaning as blind distance at 300 km/h (Table 11), showing why safety alerts must not depend on backhaul acknowledgment.

2.

Ephemeral hazard dissemination with bounded validity (H2). We operationalized perishable hazard awareness through a compact uncertainty-aware hazard digest and a TTL/time-expiry bounded dissemination protocol with push–pull repair (Section 3.9 and Section 5). The mesh/sidelink evaluation over C-V2X Mode 4 reports time-to-coverage ($T_{50},T_{95}$) and reception metrics (PRR/PDR, and PIR) across pack densities (Table 13), providing a standard-aligned validation of the safety plane.

3.

Stability-first co-design with auditable pilot evidence (H3). We coupled maneuver-level outcomes and volatility-aware gating to a post-session co-design workflow (Section 4) and reported a traceable attribution artifact that decomposes signed timing deltas into setup/rider/other components (Table 16). Stability outcomes (slip proxy and volatility) are reported as aggregated pilot evidence from successive real sessions with mechanical setup changes (Table 15), supporting an interpretable human-in-the-loop engineering workflow without claiming broad causal generalization.

Supporting Validation (Segmentation)

Skill Atom segmentation fidelity for AS/CE (Table 14) is reported as supporting evidence for maneuver-level aggregation and attribution rather than as a primary hypothesis.

9.2. Quantitative Takeaways and Engineering Meaning

To keep the conclusion traceable without overclaiming,

Table 20. Executive summary of quantitative findings and operational interpretation. Values are aggregated from the results in Section 7.

Metric/Quantity	Value (p50/p95/Max)	Source	Operational Significance
Durable Path Performance (Cloud Integration)
E2E MQTT latency $T_{e2e}$ (ms)	83.2/175.9/303.7	Table 10	Durable path supports auditing and visibility but exceeds the local reflexive safety budget.
Blind distance @ 300 km/h (m)	6.9/14.7/25.3	Table 11	Quantifies the physical gap between cloud visibility and local actionability.
Critical Mesh Performance (V2V Safety Plane)
Mesh dissemination $T_{95}$ (ms)	12.5/26.3/48.9	Table 13	The local V2V mesh remains within a short tactical horizon for the tested sparse/medium/dense packs.
Packet reception (PRR %)	99.8/96.5/91.2	Table 13	Local awareness remains strong, with predictable degradation as density and contention increase.
Pilot Human–Machine Stability Outcomes
Stability shift (slip/$\sigma$)	40% reduction/$>6\times$ lower $\sigma$	Table 15	Pilot evidence of a safer operating regime under bounded stability-gated co-design.
Time attribution ($\Delta t$/shares)	$-0.52$ ms (0.6/0.3/0.1)	Table 16	Provides an interpretable engineering artifact for mechanic-in-the-loop decision support.

summarizes operationally relevant quantities taken from, or computed directly from, Section 7.

9.3. Practical Implications

Two practical implications follow directly from the reported evidence.

9.3.1. Local Dissemination Is a Requirement, Not an Optimization

The relevant design stance is not “cloud vs. edge” but critical-path separation: a local/lateral safety plane for bounded-validity hazard dissemination and a durable cloud plane for analytics, replay, and post-session optimization. At race pace, this is not merely an implementation preference; it is a safety requirement imposed by traveled distance during delay.

9.3.2. Maneuver-Level Abstractions Enable Auditable Post-Session Engineering

Skill Atoms are useful not only for interpretability but also as computational units that support bounded updates, replayability, and engineering governance. Persisted alongside raw traces in ASAM MDF4, they enable deterministic recomputation of stability metrics and later co-design decisions.

9.4. Future Outlook

Future work should strengthen both assurance and generalization in three directions:

1.

NR-V2X and broader channel regimes. Extend the dissemination study beyond C-V2X Mode 4 to NR-V2X sidelink and broader channel/interference conditions, continuing to report time-to-coverage, PRR/PIR, and freshness metrics under controlled load.

2.

Hardware-in-the-loop and field validation of the safety plane. Complement simulation with controlled laboratory or trackside experiments to validate hazard-digest reception under realistic multipath and mobility and to stress-test latency-aware trust policies.

3.

Replicated multi-session multi-rider co-design studies. Extend H3 beyond the present pilot by collecting larger cohorts of successive real sessions with mechanical changes across tracks, riders, temperatures, tire states, and fuel loads. Methodologically, this calls for replicated A/B protocols and hierarchical models that separate setup effects from rider adaptation and environmental drift.

9.5. Closing Remark

The main thesis supported by this study is that high-mobility hazard awareness should be engineered through policy-separated knowledge planes: a local bounded-validity communication plane for immediate tactical usefulness and a durable cloud plane for replay, auditability, and delayed learning. Within that architecture, maneuver-level volatility can support human-in-the-loop stability-first co-design. The broader implication is not simply “faster telemetry” but auditable local-first hazard awareness with bounded post-session adaptation.