> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vangrid.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Vangrid for Sovereign Defense: Verified Spatial Intel

> Vangrid delivers cryptographically verified ground truth for defense applications requiring nation-state data sovereignty and tamper-evident provenance.

Defense and intelligence applications demand more than accurate spatial data — they require provable data provenance, strict control over where data resides and transits, and verifiable chain of custody from sensor to analyst. Vangrid is built for exactly these requirements. Every observation is cryptographically signed at the edge before transmission, data sovereignty boundaries are enforced at the infrastructure level, and raw sensor streams never leave the originating node. The result is a spatial intelligence platform you can deploy in mission-critical environments with confidence that the data you receive is authentic and has not been intercepted or tampered with.

## Defense-tier capabilities

<CardGroup cols={2}>
  <Card title="Cryptographic provenance" icon="fingerprint">
    Every data point carries a provenance hash encoding node identity, capture timestamp, and observation content. Any alteration to the data invalidates the hash — giving you tamper-evident proof of integrity from sensor to delivery.
  </Card>

  <Card title="Data sovereignty controls" icon="shield-halved">
    Queries are routed exclusively through nodes within your designated sovereignty boundary. Data does not transit infrastructure outside that boundary unless you explicitly authorize cross-region access.
  </Card>

  <Card title="Edge-computed privacy" icon="lock">
    Raw sensor streams — imagery, depth data, point clouds — are processed on-device and never transmitted. Only derived spatial features leave the node, enforcing privacy at the hardware layer, not as a software policy.
  </Card>

  <Card title="Access-controlled spatial queries" icon="key">
    Fine-grained access controls let you restrict which users, systems, or API keys can query specific geographic zones, data tiers, or provenance-verified datasets.
  </Card>
</CardGroup>

## Defense use cases

### Situational awareness

Vangrid streams continuous ground truth over areas of operational interest, giving analysts and command systems a live, corroborated spatial picture without requiring forward-deployed sensor infrastructure. Because observations are cross-validated by multiple independent edge nodes, the `ground_truth_score` gives you a quantitative measure of observational confidence for any given area.

### Border and perimeter monitoring

Define a polygon AOI along a border or perimeter and subscribe to a streaming feed. Vangrid delivers observations as they arrive from edge nodes in the zone, so your monitoring systems receive updates in real time rather than on scheduled imagery cycles.

### Critical zone surveillance

Establish spatial subscriptions for sensitive zones — installation perimeters, airspace corridors, maritime exclusion areas — and configure alert thresholds based on `ground_truth_score` and observation type. High-confidence anomalies are surfaced immediately; low-confidence signals are flagged for analyst review rather than silently dropped.

## Data sovereignty: how residency and access controls work

When you provision a defense-tier Vangrid account, you specify one or more sovereign regions. Vangrid enforces three guarantees within those regions:

<Steps>
  <Step title="In-region routing">
    Your API queries are routed only to edge nodes within your designated sovereign region. No observation data transits nodes or infrastructure outside that boundary.
  </Step>

  <Step title="Encrypted transit">
    All data moving from edge nodes to the Vangrid aggregation layer and from the aggregation layer to your endpoint is encrypted in transit using TLS 1.3. The provenance hash is computed before encryption and verified after decryption, so any interception or modification is detectable.
  </Step>

  <Step title="Audit-ready provenance">
    Every response includes a `provenance_hash` you can store alongside the response data. At any point you can re-verify the hash to confirm the data has not been altered since delivery. This creates an auditable record of every observation your systems consumed.
  </Step>
</Steps>

<Note>
  Defense-tier access, sovereign region configuration, and advanced access controls are available through a dedicated enterprise agreement. Contact [hello@vangrid.io](mailto:hello@vangrid.io) to discuss your requirements and initiate onboarding.
</Note>

## Verifying provenance on a spatial response

After receiving a spatial query response, verify its `provenance_hash` to confirm the payload has not been altered. The following example shows how to perform this verification.

<CodeGroup>
  ```bash curl theme={null}
  # Step 1: submit a spatial query and capture the response
  curl -X POST https://api.vangrid.io/v1/spatial/query \
    -H "Authorization: Bearer $VANGRID_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{
      "aoi": {
        "type": "Polygon",
        "coordinates": [[
          [34.7818, 32.0853],
          [34.7918, 32.0853],
          [34.7918, 32.0953],
          [34.7818, 32.0953],
          [34.7818, 32.0853]
        ]]
      },
      "max_age_seconds": 60
    }' \
    -o response.json

  # Step 2: verify the provenance hash via the verification endpoint
  curl -X POST https://api.vangrid.io/v1/provenance/verify \
    -H "Authorization: Bearer $VANGRID_API_KEY" \
    -H "Content-Type: application/json" \
    -d "{
      \"query_id\": \"$(jq -r .query_id response.json)\",
      \"provenance_hash\": \"$(jq -r .provenance_hash response.json)\"
    }"
  ```

  ```python python theme={null}
  import os
  import json
  import requests

  api_key = os.environ["VANGRID_API_KEY"]
  headers = {
      "Authorization": f"Bearer {api_key}",
      "Content-Type": "application/json",
  }

  # Step 1: submit a spatial query
  query_payload = {
      "aoi": {
          "type": "Polygon",
          "coordinates": [[
              [34.7818, 32.0853],
              [34.7918, 32.0853],
              [34.7918, 32.0953],
              [34.7818, 32.0953],
              [34.7818, 32.0853],
          ]],
      },
      "max_age_seconds": 60,
  }

  response = requests.post(
      "https://api.vangrid.io/v1/spatial/query",
      headers=headers,
      json=query_payload,
  )
  data = response.json()

  query_id = data["query_id"]
  provenance_hash = data["provenance_hash"]

  # Step 2: verify the provenance hash
  verify_payload = {
      "query_id": query_id,
      "provenance_hash": provenance_hash,
  }

  verification = requests.post(
      "https://api.vangrid.io/v1/provenance/verify",
      headers=headers,
      json=verify_payload,
  )
  result = verification.json()

  if result.get("verified"):
      print(f"Provenance verified for query {query_id}")
  else:
      print(f"Verification FAILED: {result.get('reason')}")
      raise RuntimeError("Data integrity check failed — do not use this response.")
  ```
</CodeGroup>

A successful verification response looks like this:

```json theme={null}
{
  "query_id": "q_5a3f1c9d2e7b4806",
  "provenance_hash": "sha256:9e3b1c7f4a2d8605bf1e4d7c2a8f3b9e1c4d7a2f",
  "verified": true,
  "node_count": 214,
  "sovereign_region": "eu-west-1",
  "captured_at": "2026-05-22T11:47:22.304Z"
}
```

<Warning>
  If `verified` is `false`, treat the response as untrusted and do not use it in any downstream decision-making. Log the failed verification and contact [hello@vangrid.io](mailto:hello@vangrid.io) if you observe repeated failures.
</Warning>

## Relevant concepts

<CardGroup cols={3}>
  <Card title="Cryptographic provenance" icon="fingerprint" href="/data/cryptographic-provenance">
    How provenance hashes are constructed, what they encode, and how to use them for audit and verification.
  </Card>

  <Card title="Data sovereignty" icon="shield-halved" href="/data/data-sovereignty">
    How sovereign regions work, how routing is enforced, and how to configure access boundaries for your account.
  </Card>

  <Card title="Edge-computed privacy" icon="lock" href="/data/edge-privacy">
    Why raw sensor streams never leave the node and what this means for operating in sensitive environments.
  </Card>
</CardGroup>
