Mechanism
The building electrical system enumerates the population of substrate-mode storage elements installed in its envelope through a building-bus discovery protocol. Each element responds to the discovery interrogation with a credentialed identity, an admissibility profile that declares its allowable charge and discharge envelopes, its present state-of-charge and state-of-health observations, and a participation policy that names the dispatch classes for which it has been credentialed. Discovery is idempotent: re-running it on an unchanged population yields the same inventory, and re-running it after a retrofit returns a delta against the prior inventory with the added or removed elements named explicitly. The inventory is held by an aggregator process that operates as the building's representative to the wider grid.
The aggregator presents the population's combined capability to upstream services as a single dispatchable resource. Externally, the grid-facing interface looks like a conventional aggregated battery: it advertises a maximum charge rate, a maximum discharge rate, an available energy in each direction, and a response-time envelope. Internally, those external numbers are continuously recomputed as the constrained sum of the individual element envelopes, with each element's contribution bounded by its credentialed admissibility profile and its present state. When a grid service issues a dispatch instruction, a frequency-regulation setpoint, a demand-response curtailment, a capacity-market discharge, the aggregator decomposes the instruction into a per-element dispatch through a deterministic policy that respects each element's envelope, its credential, and a fairness or wear-leveling rule declared at the building scale.
Each per-element dispatch produces an attested execution record naming the element, the instructed contribution, the realized contribution, and the time interval. The aggregator combines those records into an aggregate response that carries cryptographic attestation of the per-element decomposition. A grid counterparty that needs only the aggregate number consumes the aggregate; a counterparty that needs to verify, for warranty, settlement, or safety reasons, that specific elements actually contributed as claimed can verify the per-element attestations against the credential roots without ever holding the full element-level ledger. The credentialed identity of an element accordingly remains intact through aggregation, dispatch, and settlement.
The attestation structure is hierarchical and is structured to permit selective disclosure. The aggregate response is a Merkle-rooted commitment over the per-element execution records, with the root signed by the building aggregator under its grid-facing credential. A counterparty that requires only proof of total energy delivered verifies the root and the declared aggregate. A counterparty that requires proof that a specific subset of elements participated, a warranty claim against a manufacturer whose elements are tracked under the manufacturer's credential, or a regulator audit of a particular tenant's contribution, receives selective branches of the commitment that reveal only the relevant per-element records, without exposing the rest of the population. The selective-disclosure property is essential at building scale: at thousands of elements per building, full-ledger exposure to every grid counterparty is operationally and contractually impractical.
Operating Parameters
A building-scale population may run from tens of elements in a single-family retrofit through hundreds in a commercial floor plate to many thousands in a high-rise structural-storage installation. The aggregator's discovery cycle is parameterized for the deployment scale: a small population may be discovered in full at every dispatch decision, while a large population is discovered incrementally with a long-period full re-enumeration and short-period delta interrogation. The element admissibility profile carries the parameters that bound dispatch: per-element power and energy limits, allowable depth-of-discharge windows, thermal envelopes, and any cycling constraints that follow from the element's structural role, a substrate element that simultaneously bears load may declare a more conservative thermal profile than a non-load-bearing element of identical chemistry.
The dispatch policy is parameterized along several axes. Fairness or wear-leveling determines how aggregate dispatch is allocated among elements of comparable capability, with rules ranging from strict round-robin to state-of-health-weighted to economically optimized. Reserve-and-headroom parameters determine what fraction of the population is held back from any single dispatch to preserve building-resilience capability such as backup power for life-safety loads. Response-class parameters determine which elements are eligible for fast-response services such as primary frequency regulation versus slower services such as capacity-market discharge, on the basis of their credentialed response-time envelopes. The aggregator's external advertised capability is the envelope of what the present population, present state, and present policy will admit, not the nameplate sum.
The aggregator additionally maintains a structural-coupling envelope that prevents dispatch from inducing thermal or mechanical excursions in elements whose substrate role imposes coupling constraints. A wall-integrated element whose chemistry shares a thermal mass with the structural assembly declares a thermal-rate envelope that bounds how aggressively the aggregator may load it within a sliding window. A column-integrated element declares a mechanical-cycling envelope that bounds the rate at which its state of charge may swing if cycling-induced volume change is structurally significant. The aggregator enforces these envelopes as hard constraints in the dispatch decomposition, refusing to admit a dispatch instruction whose decomposition under the present population would violate any element's structural envelope, and reporting the resulting capability shortfall through the same grid-facing interface that would otherwise advertise the unconstrained capacity.
Alternative Embodiments
In a residential-retrofit embodiment, the aggregator runs on a panel-mounted controller that discovers structural-storage elements installed during a single renovation project and presents the resulting capacity to a residential demand-response program. In a commercial-tenant embodiment, the aggregator operates per-floor with a building-master that further aggregates floor aggregators, and the credentialed-element trail supports tenant-specific settlement so a tenant whose elements contributed to a grid event is credited individually.
In a campus or district embodiment, multiple buildings each operate a building-scale aggregator, and a campus aggregator composes the building aggregators by the same mechanism applied recursively, yielding a campus-scale dispatchable resource that still carries per-element provenance for any element that contributed to a campus-level dispatch. In a virtual-power-plant embodiment, geographically distributed buildings under a single operator are aggregated across an external network with the per-element attestation surviving the network composition, and the operator can prove to a regulator the specific physical elements that delivered a contracted service.
In a constrained-credential embodiment used for export markets or legacy interconnect points, the aggregator presents only the aggregate to the grid counterparty and retains the per-element record internally, satisfying conventional aggregator interfaces while preserving the internal accounting required for warranty, safety recall, and structural inspection of individual elements. In a degraded-discovery embodiment, the aggregator continues to dispatch against the most recently confirmed population while flagging that discovery is stale, so an installation can ride through a building-bus disturbance without losing its grid-facing service obligation.
In a mixed-chemistry embodiment, a building's population includes substrate elements of multiple chemistries, for example, structurally integrated solid-state cells alongside legacy lithium-ion cabinets retained from an earlier retrofit, and the aggregator dispatches across the heterogeneous population by treating each element's credentialed envelope as authoritative for that element rather than imposing a fleet-wide chemistry assumption. The selective-disclosure attestation supports per-chemistry settlement and per-chemistry warranty handling against a population that the grid counterparty sees as a single resource.
Composition
The architecture composes with conventional building-management systems through standard southbound and northbound protocols. Internally, BACnet and Modbus are typical for legacy electrical subsystems and can be bridged into the credentialed bus through a translation layer that wraps native messages in admissibility envelopes. Externally, the grid-facing interface speaks the protocols its counterparty expects, IEEE 2030.5, OpenADR, OCPP for vehicle-charging integration, or utility-specific SCADA, and the aggregator emits its credentialed responses in those protocols' native shapes while retaining the per-element attestation as an extension or attached audit record. The credentialed admissibility model composes with the substrate-element architecture upstream and with the structural-installation architecture below, so that a retrofit can deploy storage and aggregation as a single coordinated change without reworking the building's existing automation.
The aggregator further composes with the building's life-safety and fire-detection systems through declared interlocks: a fire alarm or smoke-detection event in a zone containing substrate elements automatically transitions affected elements into a safe-state dispatch class that prohibits new charge or discharge and reports the resulting capability reduction through the same grid-facing interface. The interlock is declared at the credential layer, so it cannot be overridden by an upstream dispatch instruction even if that instruction is otherwise admissible, and the resulting curtailment is itself an attested event in the building's audit record. This composition supports the regulatory expectation that distributed-energy resources participate in grid services without compromising the structural and life-safety obligations of the building they inhabit.
Prior Art Distinction
Conventional behind-the-meter battery aggregators present a single aggregate number to the grid and operate an opaque internal dispatch over a small number of monolithic battery cabinets. Distributed-energy-resource management systems coordinate across a fleet of inverters and batteries but treat each as a single addressable unit, not as a population of credentialed sub-elements within a structural envelope. Cell-level battery management systems exist within a single battery pack but do not extend their credentialed identity through aggregation to the grid-facing interface. The disclosed architecture differs in that the unit of credentialed identity is the individual structural-storage element, the aggregation is structural rather than opaque, and the per-element identity survives end-to-end through dispatch, settlement, and audit, supporting building populations of a scale that conventional aggregators do not address.
Disclosure Scope
The disclosure covers building electrical systems that discover, aggregate, and dispatch populations of credentialed substrate-mode storage elements; that present an aggregate dispatchable resource to grid-facing services while preserving per-element credentialed identity through dispatch and settlement; that emit per-element attested execution records verifiable against credential roots without exposure of the full element ledger; and that compose recursively to campus and virtual-power-plant scales. The disclosure includes residential-retrofit, commercial-tenant, campus, and virtual-power-plant embodiments; constrained-credential and degraded-discovery operating modes; and integrations with BACnet, Modbus, IEEE 2030.5, OpenADR, OCPP, and utility-specific SCADA protocols.