Platform

The surface your operators stand on.

One executable per workstation. One Edge appliance inside your network boundary. Maritime, ISR, surveillance, investigations, ontology — all on one canvas, inside the Crown perimeter, on hardware you own.

Operating picture

Common operating picture

Maritime AIS, satellite radar, ISR full-motion video, ALPR surveillance, investigations, and dossiers in a single canvas. Operators stop swivel-chairing between five systems and start running a single shift.

Live AIS-Canada · 184 msg/s · 30 ms ingest median
RADARSAT-2 + MAXAR WV-3 tasking layered on the same map
ALPR + surveillance log + dossier annotation, all clickable
Time-scrub the whole picture 59 hours back, frame-accurate

Sensor + ontology fusion

Entities, not tables

Every vessel, person, address, vehicle, account, warrant, and detection lives as a node in a 31 247-entity ontology. Joins run live against FINTRAC, OFAC, EU MARSAFE, Companies House CY, CPIC, and BC PRIME.

Cross-source resolution under 80 ms per query
Disclosure tags applied at ingest, not at retrieval
Provenance chain attached to every edge
Custom ontology adapters in ~3 days per source

Copilot

NEXUS copilot — analyst-grade

Ask the picture. The copilot streams a cited answer in seconds, with every claim hot-linked to the underlying entity, source, and timestamp. Trained on the analyst’s own vocabulary. Any generation that cannot be traced to a source is blocked at retrieval — the analyst sees a cited answer or no answer.

Cmd+J · streams cited answers
Operator-mode (terse) and brief-mode (long form) swap on a hotkey
Refuses any claim that cannot be sourced — every time; uncited generations are blocked before they reach the operator
Reasoning trace inspectable and exportable for Stinchcombe disclosure

Provenance

Auditable end-to-end

Every alert, every claim, every operator action is recorded with source, time of acquisition, classification, and confidence — and exposed in the disclosure log without the analyst lifting a finger.

Stinchcombe-ready disclosure log
ATIP exports as PDF with reasoning trace
NATO COSMIC artefact bundling via JCS portal
Read-only legal-hold mode flips with a single command

Integrations

Twelve live joins on day one.

NEXUS ships pre-wired to the sources Canadian operators already trust. New adapters take ~3 days — we run the engineering, not your CIO.

MaritimeAIS Canada

MaritimeRADARSAT-2

MaritimeMAXAR WV-3

MaritimeCIS Ice service

ISRMISB ST 0601 KLV

ISRByteTrack v3

SurveillanceBC PRIME ALPR

InvestigationsRCMP CPIC

SanctionsOFAC SDN

FinancialFINTRAC

CorporateCompanies House CY

SanctionsEU MARSAFE

Edge appliance

The Crown perimeter never breaks.

Inference on appliance

Detection, ontology join, and copilot reasoning run inside your boundary. No cloud round-trip. No data egress.

TLS 1.3 control plane

Operator workstations communicate via mTLS to the local appliance. Federated only when you authorise federation.

Air-gappable

Full read-only legal-hold mode flips with one command. Disclosure exports work disconnected.

ITAR-bounded models

Every model used is enumerated by license. Nothing trained on data we cannot disclose to your CIO.

Audit by default

Every operator action, every model call, every alert: timestamped, classified, exportable. Tamper-evident chain.

Federation, when ready

Cross-agency federation opt-in by partner agency. Provincial → federal joins by signed agreement only.

Edge appliance · SWaP-C

Two rack-unit chassis. Two operator kits.

Sized for an agency comms closet, not a data centre. Everything below lives in the operator deployment binder, available under NDA.

Edge appliance · NEX-EDGE-2U

Inside the Crown perimeter

Size: 2U · standard 19″ rack
Weight: 13.2 kg loaded
Power: 350 W nominal · 580 W peak · dual 750 W PSU
Cooling: 0–35 °C ambient · forced-air front-to-back
Network: 2× 25 GbE SFP28 · 2× 10 GbE RJ45 · IPMI
Compute: 32-core x86_64 · 256 GB ECC · 2× NVMe RAID-1
GPU: 1× L40S 48 GB · ITAR-bounded model bundle
Crypto: TPM 2.0 · Crown PKI HSM slot
Cost (CAD): Quoted per deployment · IDIQ schedule available

Operator workstation · NEX-OWS-CART

On the operator's desk

Form factor: Thin client · fanless · TEMPEST-suitable
Display: 1× 32″ 4K primary · 1× 27″ 1440p secondary
Auth: Smartcard + PIN · CAF PKI · CPIC integration
Audio: Mic-disabled by default · alert beep only
Network: 1× 10 GbE to appliance · mTLS 1.3 only
Boot: Measured · secure boot enforced
Tamper: Chassis-intrusion logged to audit chain
Cost (CAD): Per-seat licence + hardware on Crown schedule

Full deployment binder — including burn-in test reports, FIPS-validated module list, and rack diagrams — shared with qualified Crown procurement officers under NDA. Air-gapped variants ship without the IPMI mezzanine and with a hardware key for the federation port.

See it on your scenario.

Brief us