Architecture overview
How WaveForm turns satellite, drone, and mobile capture into one georeferenced timeline.
WaveForm is built around a cascade pipeline: data flows from cheapest and broadest (satellite) to most precise (mobile LiDAR). Each tier triggers work in the next so the platform spends compute only where reality on the ground has changed.
Three tiers, one timeline
The platform stitches three input streams into one snapshot timeline per site:
- Satellite — continuous, low-resolution change detection. The cheapest sensor; runs constantly across every enrolled site.
- Drone — triggered inspection at meter-or-better resolution. Dispatched when satellite flags a meaningful delta.
- Mobile LiDAR — metrology-grade ground truth. Captured by a human walking the site with WaveForm Field.
Each tier outputs a snapshot: a georeferenced 3D scene anchored to the same WGS-84 frame. Snapshots from different tiers compose into a single per-site timeline you can scrub through.
Storage + compute layers
Under the hood, WaveForm sits on:
- PostgreSQL + PostGIS — site metadata, captures, snapshots, nav-pack registry, ACL, audit log.
- MongoDB — capture bundles, reconstruction state, large artifact metadata.
- S3 (KMS-encrypted) — raw layer bytes for captures + nav-packs. Per-customer bucket prefixes.
- SQS FIFO + Lambda — periodic signature re-verify, webhook delivery, grant-expiry sweep.
- Lambda Labs + RunPod GPU — reconstruction + inference workloads. Lambda Labs is primary, RunPod is the fallback when capacity is tight.
Security model in one paragraph
Every resource carries an owner customer_id. Reads are filtered by an ACL predicate that combines visibility + explicit grants. Manifest signatures use KMS-backed asymmetric keys; secrets for webhook HMAC live encrypted in Secrets Manager. Robot consumers authenticate with HS256 device tokens whose jti we can revoke instantly. The full audit log is in core.nav_pack_audit_events.