RelaySync
Product architecture

An offline-first platform engineered for the field.

RelaySync stitches together a local-first client, deterministic sync engine and a policy-driven reconciler to keep your team's data correct whether connectivity is gigabit, intermittent or absent.

System topology

Three planes, one source of truth.

Edge plane

PWA + native shells with encrypted IndexedDB and CRDT log. Records are captured into a write-ahead journal that survives reboots, power loss and tab crashes.

  • Service Worker shell
  • Background Sync API
  • AES-256-GCM cache
  • CRDT change log

Relay plane

Edge relays sit between field devices and the core. They batch, compress and stream jobs across whichever uplink is available.

  • Wi-Fi / cellular / satellite
  • Adaptive batching
  • Zstandard payloads
  • Backpressure aware

Core plane

Reconciler, policy engine and persistent store. The single linearizable ledger that every device eventually converges on.

  • Linearizable ledger
  • Policy engine
  • Conflict resolver
  • Audit + RBAC

Capture → Queue → Sync → Reconcile

The end-to-end record lifecycle.

  1. Capture
    Operator writes to local journal
  2. Persist
    Append to encrypted local store
  3. Queue
    Batched, prioritized, deduplicated
  4. Reconcile
    CRDT merge + policy rules
  5. Commit
    Signed, audited, fan-out

Policy engine

Deterministic rules that decide every sync.

Rule grammar

All policies compile down to a simple WHEN/THEN tuple. The engine evaluates the highest-priority rule first and short-circuits on match.

policy critical-override {
  when  priority = "critical"
  then  channel := "satellite"
        defer  := false
        retry  := exponential(15s, max=10)
}

policy defer-media-on-cellular {
  when  channel = "cellular" and size_kb > 5120
  then  hold_until := uplink in ("wifi","satellite")
}

Conflict matrix

When two writers touch the same record, the resolver consults this matrix. Operators can always escalate to a manager.

ConflictDefaultOverride
Field added on bothMergeManager
Same field editedLast-writer-winsManager
Delete vs editKeep editAdmin
Schema mismatchQuarantineAdmin

Why this works

Sub-second capture

Writes hit the local journal before the UI re-renders. No spinners while waiting on the network.

Encrypted by default

Every byte at rest on a field device is AES-256-GCM with per-org rotated keys.

Bring your own data model

Schemas are declarative. Policy and conflict rules adapt without code changes.

Eventually linearizable

Every relay converges to the same ledger order. Audits are reproducible.

Multi-uplink

Wi-Fi, cellular and satellite are equal citizens. Channel choice is policy-driven.

Audit-grade

Every privileged action is signed, hashed and chained for tamper-evident logs.

Ready to see it in motion?

Sign in to a workspace and try the live flows.

Open RelaySyncView API docs