WaveFormDocs
Nav-pack registry

Concepts

Every table the registry stores, in the order you’ll encounter them.

The nav-pack registry has eight tables. Read them top-down — each depends on the ones above.

A bounding box on Earth, scoped to one customer. Usually one-per- site, occasionally one-per-zone-of-a-large-site. The unique key is (owner_customer_id, name); an area can be resolved by polygon overlap.

json
{
  "area_id": "<uuid>",
  "owner_customer_id": "<uuid>",
  "name": "depot_north_lot",
  "bbox_min_lon": -97.74,
  "bbox_min_lat": 30.26,
  "bbox_max_lon": -97.73,
  "bbox_max_lat": 30.27,
  "visibility": "private",
  "shared_with_customer_ids": []
}

RobotProfile

The shape of pack a class of robot expects. Profile keys are strings (e.g. autoware_outdoor_v1). A profile pins:

  • pack_kind — the family (autoware, nav2, custom).
  • required_layers + optional_layers.
  • min_autonomy_tier — the lowest tier this profile will accept.
  • allowed_crs — coordinate reference systems the robot understands.
  • signature_required + block_on_stale — gate behavior.

One row per (area_id, profile_key) pair. Owns 0+ NavPackVersions. Soft-deletable.

A single published cut. Each version has:

  • produced_at — wall-clock of the source capture.
  • autonomy_tier + autonomy_status (active / blocked).
  • supersedes — the version this replaces, building a chain.

The registry serves the newest active version for each (area, profile). Operators can flip autonomy_status to blocked to pause a regression without rolling back.

Typed asset inside a version. Required examples: manifest, map, lanelet, semantic, signature. Each row carries:

  • layer_kind + role (required or optional).
  • sha256 — content hash of the bytes.
  • artifact_id — opaque S3 key (or external ref).
  • byte_uri + byte_uri_expires_at — server-generated short-lived presign URL the robot fetches.

Cryptographic proof attached to a version. One row per signing key (you can publish a version signed by multiple keys for key- rotation transitions). Holds:

  • alged25519, ecdsa_p256, or rsa_pss_sha256.
  • key_id — the public key identifier.
  • manifest_sha256 — the prefixed canonical hash that was signed.
  • signature_b64 — raw bytes, base64.
  • verification_statusvalid, invalid, or error.
  • last_verify_check_at + next_verify_due_at — periodic re-check timestamps.

Precomputed diff between two version ids. Robots that already have version N can fetch GET /packs/<id>/delta?from=N&to=N+1 and apply just the changed layers instead of downloading the full pack.

Cross-customer share. The owning customer can grant another customer read_manifest or read_bytes access for a window of time. Grants show up in the ACL predicate alongside the visibility flag.

NavPackAuditEvent

Append-only log of every state-changing operation: publish, soft-delete, status-change, signature-flip, grant-create, grant-revoke, robot-device-register, token-issue, token-revoke. Queryable via GET /v1/nav-pack/audit.

NavPackWebhookSubscriber

Registered HTTP endpoint to receive event notifications. HMAC secret is stored as a KMS-encrypted blob via the secret_handle column (kms:<key>:<b64-ct> format).

Docs — WaveForm — WaveForm