WanderBridge — Full Spec
Device ID: WV-NET-BRIDGE Family: WanderRouter · Tier: Satellite Chassis: Medium (new — shared with WanderRouter Standard + Standard-5G) Status: spec v1.0 · SOP v2 compressed-format · 2026-04-24 Ship target: Q1 2027 (alongside Bridge Mini) Shared-family docs: ../_WORKFLOW-SOP.md, ../_HARDWARE-TOOLCHAIN.md, ../_FAMILY-EXPANSION-REVIEW.md, ../../WANDERROUTER-DESIGN-RESEARCH.md
---
Brief
WanderBridge (full) is the mid-tier satellite in the WanderRouter family — a full mesh AP + local switching + PoE-out device for rooms/areas where a Bridge Mini is too limited but a Router is overkill. Primary use: the second or third floor of a house, an ADU, a backyard workshop, a HAVEN safehouse corridor, a nonprofit office cluster.
Key role: a Bridge can be the second Wi-Fi broadcaster in a house (mesh AP mode) AND a 4-port switch for a cluster of wired devices AND a PoE injector for 2-4 WanderCam/WanderBell/WanderLock around one wing. Single device, one PoE-in cable, everything runs from it.
Target buyers: households with >1,500 sqft, nonprofits, HAVEN deployments, any site with security cameras, any household with a wired cluster that needs to extend without running a second router.
Target price: $179 (Standard config, 4-port, Ethernet-only backhaul, no PoE-out) → $349 (full-option with dual-radio backhaul, 4× PoE-bt-out, MoCA, Lux finish, Ambassador Artisan cover).
---
4 operational modes (inherited from Bridge concept)
| Mode | Radios | Use |
|---|
| **Mesh AP** | Both on (ded. backhaul + client) | primary mesh extension for large homes |
| **Wired-only** | Both off | 4-port switch + PoE-out, no added RF |
| **Backup-only** | Off; wake on wired-backhaul failure | hybrid — wired first, RF fallback |
| **Guest-only** | Client radio on guest VLAN, low TX | isolated guest network endpoint |
Switch modes via WanderOS one-tap toggle. Front OLED confirms current mode.
---
Platform architecture
SoC: MediaTek MT7988A (quad-core A73 @ 1.8 GHz, 2× 2.5G MAC + 1× 10G MAC + PCIe 3.0 x2). More capable than Bridge Mini's MT7981B — needed for dual-radio backhaul + AP duties + PoE management. $18 vol-1k.
RAM: 1 GB DDR4 (soldered, Mini chassis constraint relaxed — Medium chassis fits SODIMM, but soldered keeps Bridge tier price down; SODIMM is Router Standard's differentiator).
Storage: 16 GB eMMC soldered (larger than Mini for AP-mode log depth) + optional 2.5" SATA SSD bay under rear service panel for Time Machine / NAS-lite.
WiFi: Dual MediaTek MT7925 client + MT7916AN dedicated backhaul radio (WiFi 7 tri-band both). 4× external RP-SMA antennas. MLO = optional/post-validation: per Perplexity 2026-04-24, WiFi 7 MLO not yet production-mature on OpenWrt 24.10 — ship Bridge with MLO as optional firmware feature, enable after field validation of roaming/association stability. Single-link WiFi 7 is the platform guarantee.
Ethernet: 4× 2.5 GbE (switched internally via MT7988A built-in 7-port switch) + 1× 10 GbE SFP+ (for Pro-tier backhaul or wired upstream).
PoE: Configurable 0 / 2 / 4 PoE-bt output ports (60W each, 240W combined budget). PoE-in for Bridge itself (802.3bt 90W class).
USB: 2× USB 3.0 host (rear) — one for SSD/printer/storage, one for USB LTE modem / keyboard / reflash.
Chassis size: Medium (~180 × 120 × 35 mm). Aluminum base + polymer or CNC cover. VESA-75 wall mount.
---
Feature inventory (vs family expansion superset)
Storage & media
- USB 3.0 host with SMB/NFS/AFP/Time Machine ✅
- Jellyfin direct-stream media library ✅ (no transcode)
- USB printer sharing (CUPS) ✅
- 2.5" SATA SSD internal bay ✅ (configurable)
Smart home
- Matter/Thread delegation to WanderNode Hub ✅
- Thread border router (optional module, nRF52840 USB) ✅ opt
- Zigbee coordinator (optional module, Sonoff ZBDongle-E USB) ✅ opt
- BLE onboarding ✅ (platform)
- Bonjour/mDNS repeater across VLANs ✅
- HomeKit secure video relay ✅
- UPnP with audit log ✅
Connectivity / WAN
- Ethernet uplink ✅
- 10G SFP+ uplink ✅
- Cellular failover via USB LTE modem ✅ opt
- MoCA 2.5 backhaul (optional daughterboard) ✅ opt
- Phone tethering WAN (via USB) ✅
- Multi-WAN active load balance ✅
LAN
- VLAN (3+ zones) ✅
- Per-VLAN DNS filtering ✅
- LACP 2× 2.5G bond ✅ (10 Gbps+ to NAS)
- WoL triggers ✅
- Static DHCP + friendly names ✅
- Per-device bandwidth throttling ✅
- IPv6 full (SLAAC/DHCPv6-PD) ✅
VPN & remote access
- WireGuard client + server ✅
- Tailscale exit + subnet router ✅
- OpenVPN client + server ✅ opt
- IKEv2/IPsec ✅ opt
- Per-device split-tunnel + kill-switch ✅
Privacy / security
- DoH/DoT server ✅
- AdGuard Home + Unbound ✅
- CrowdSec IDS ✅
- Identity-aware defaults (inherited) ✅
- Per-device DoH enforcement ✅
- Encrypted SNI (ECH) passthrough ✅
- Emergency kill-switch ✅
Family / child safety
- Per-device time-of-day rules ✅
- Age-rated content filters ✅
- SafeSearch enforcement ✅
- Screen-time quotas ✅
- Emergency contacts always-reachable ✅
- Guest network with QR + expiry ✅
Observability
- Per-device bandwidth charts + history (months via eMMC, years via SSD) ✅
- DNS query log (opt-in) ✅
- Anomaly detection ✅
- LAN speed-test server ✅
- Syslog collector ✅
- External alerting ✅
Resilience
- Internal UPS module (optional, 2-hour) ✅ opt
- Solar DC input (optional) ✅ opt
- Config snapshot + rollback ✅
- Dual-partition firmware rollback ✅
Travel / HAVEN
- Hotel captive portal auto-handling ✅
- Public WiFi always-VPN ✅
- HAVEN mesh-relay integration ✅
- Emergency evacuation mode ✅
Ecosystem
- WanderOS management ✅
- JARVIS dashboard ✅
- WanderCam/Bell/Lock PoE host ✅ (Bridge's defining feature)
- WanderNode Hub delegation ✅
- WanderSense occupancy policy ✅
- WanderSpeaker voice ops ✅
- WanderVault encrypted backup target ✅
- WanderCar/SOS LoRa backhaul (opt module) ✅ opt
- WanderID/WanderCrypt secure element ✅ (via TPM)
Not on Bridge (tier discipline)
- ❌ Docker/k3s (Pro-only)
- ❌ BGP (Pro-only)
- ❌ Tor relay (Standard opt or Pro)
- ❌ NetFlow/Prometheus (Pro-only)
- ❌ 60 GHz WiGig (Pro-only)
- ❌ Wi-Fi sensing (Pro-only)
- ❌ E-ink panel (Pro-only)
---
BOM-platform (in every Bridge unit)
| Component | Part | Qty | Price 1k |
|---|
| SoC | MediaTek MT7988A | 1 | $18 |
| RAM | 1 GB DDR4-2400 soldered | 1 | $4 |
| Storage | 16 GB eMMC 5.1 | 1 | $5.50 |
| 4× 2.5G PHY | 4× RTL8261N | 4 | $12.40 |
| 4× RJ45 magjack | Bel Fuse SI-46001-F ×4 | 4 | $9.60 |
| 10G SFP+ cage | Amphenol SFP+ cage | 1 | $6 |
| PoE-PD (input, 90W bt) | TI TPS23881 | 1 | $6 |
| PSU (internal) | Mean Well IRM-90-12 or similar | 1 | $14 |
| Buck regulators | TPS54332 + TPS62133 + TPS65086 | 3 | $4.50 |
| Crystal + clock gen | Epson FA-238 + SiLabs Si5351 | 2 | $1.10 |
| Status LED bar | Cree × 4 + driver MOSFETs | 8 | $0.80 |
| Front OLED | Adafruit 0.96" SSD1306 I²C | 1 | $8 |
| Reset + mode button | TE tactile ×2 | 2 | $0.50 |
| USB 3.0 × 2 | 2× USB-A receptacles | 2 | $1.60 |
| Thermal | 3M 5590H pads + aluminum heatsink plate | 1 | $3 |
| Main PCB | 6-layer ENIG 150×100 | 1 | $8 |
| Chassis Medium aluminum base | 6061 T6 CNC proto / die-cast prod | 1 | $12 |
| Chassis Medium cover (Std polymer) | PC/ABS injection | 1 | $3 |
| Fasteners (4× T10 + internals) | — | — | $0.80 |
| 4× RP-SMA bulkhead (populated only if WiFi option) | — | 4 | $7.20 |
| Packaging + tool pouch | pulp + corrugated + T10 Torx + spudger | 1 | $3.50 |
| **Platform subtotal** | | | **$129** |
Plus PCBA assembly at 1k volume: +$30 → ~$159 FOB platform.
---
BOM-modules (configurable)
| Module | Part(s) | Price 1k | Axis | Retail delta |
|---|
| Client WiFi 7 radio | MT7925 M.2 E-key + 2 pigtails + 2 antennas | $32 | wireless_client | +$45 |
| Dedicated backhaul WiFi 7 | MT7916AN module + 2 pigtails + 2 antennas | $38 | wireless_backhaul | +$55 |
| PoE-out 2-port daughterboard | 2× TPS23881 PSE + magnetics + LEDs | $18 | poe_out_ports | +$40 |
| PoE-out 4-port daughterboard | 4× TPS23881 PSE + magnetics + LEDs | $34 | poe_out_ports | +$75 |
| 2.5" SATA SSD bay + interface | SATA III controller + cable + tray | $6 | storage | +$15 (without SSD) |
| Internal 500 GB SSD | Samsung 870 EVO | $45 | storage | +$70 |
| Internal 2 TB SSD | Samsung 870 EVO | $120 | storage | +$175 |
| MoCA 2.5 daughterboard | MxL3710 + F-type | $15.40 | coax_backhaul | +$45 |
| Thread border router | Nordic nRF52840 dongle USB | $12 | smart_home | +$25 |
| Zigbee coordinator | Sonoff ZBDongle-E USB | $18 | smart_home | +$30 |
| USB LTE modem | Huawei MS2372h or Quectel EG25-G | $35 | cellular_failover | +$65 |
| Internal UPS 2-hour | 3× 18650 holder + BMS + MPPT input | $22 | ups | +$50 |
| Solar MPPT input | integrated on UPS board or standalone | $8 | solar_input | +$15 |
| Pro CNC cover | 6061 T6 anodized | $35 | enclosure_cover | +$55 |
| Lux Artisan cover | Ambassador-made walnut+brass | $120 | enclosure_cover | +$170 |
| Lux glyph plate | Ambassador-designed etched aluminum | $5 | signature_tier | +$40 |
| LoRa mesh (HAVEN integration) | Heltec LoRa32 v3 module via USB | $28 | lora_mesh | +$50 |
---
Configurator axes
12 axes: 1. PoE-out port count: 0 / 2 / 4 (default: 0) 2. Backhaul WiFi: none / WiFi 7 client-only / WiFi 7 dedicated-backhaul + client 3. MoCA backhaul: none / installed 4. Internal storage: none / 500 GB SSD / 2 TB SSD / BYO-SSD bay-only 5. Thread fallback: none / Thread-BR module 6. Zigbee fallback: none / Zigbee coord 7. Cellular failover: none / USB LTE modem 8. Internal UPS: none / 2-hour 9. Solar input: none / installed (req. UPS) 10. LoRa mesh (HAVEN): none / installed 11. Enclosure cover: Standard / Pro CNC / Lux Artisan 12. Ambassador signature: Standard card / Lux glyph plate
---
Example configurations
| Config | Axes | Retail |
|---|
| **Basic wired extender** | 4-port switch, no radios, 0 PoE, Standard cover | **$179** |
| **Mesh AP for second floor** | Client WiFi 7 radio, 0 PoE, Standard cover | **$224** |
| **Home security cluster** | Mesh AP + 4× PoE-out for cameras, Standard cover | **$299** |
| **ADU / backyard workshop** | Mesh AP + 2× PoE + USB LTE failover + UPS 2hr | **$389** |
| **HAVEN safehouse corridor** | Mesh AP + 4× PoE + LoRa + UPS + Solar, Pro cover | **$499** |
| **Nonprofit cluster** | Dedicated-backhaul WiFi 7 + 4× PoE + 2 TB SSD + UPS | **$579** |
| **Lux mesh showcase** | Dedicated-backhaul + 4× PoE + 500 GB SSD + Lux walnut | **$649** |
---
Compatibility highlights (Stage 3 summary)
- MT7988A has 7-port internal switch — handles 4× 2.5G LAN + backhaul port + 2× reserved for daughterboards
- PCIe 3.0 x2 split: 1 lane → WiFi client M.2, 1 lane → backhaul WiFi module
- 10G SFP+ via dedicated MAC — direct from SoC, not shared
- PoE budget: 90 W input PoE-bt → 20 W self-consumption → 70 W PoE-out budget = 4× 17.5W sustained or 2× 35W peak
- Thermal: MT7988A + 4× PHY + backhaul radio + PoE conversion = ~25 W sustained → needs small fan (unlike Bridge Mini which is fanless); Medium chassis has vent slots + 40 mm Noctua optional
---
DFM / DFA summary
- Mainboard: 6-layer ENIG 150×100 mm — handles 2.5G signal integrity + 10G SFP+ lanes
- Daughterboard sockets × 3: one for WiFi client, one for backhaul WiFi, one for MoCA/LoRa/storage
- Ambassador assembly time: 10-15 minutes standard / 20-25 Lux
- Chassis: same tooling as Router Standard (shared Medium chassis)
- DFT: 15 production tests (all Mini tests + PoE-out coverage, 10G SFP+ link, internal SSD detect)
Thermal / EMC summary
- Active cooling optional — Noctua NF-A4x10 40 mm if full-config + PoE-bt-full-load, otherwise fanless adequate
- Sustained draw: 15-30 W depending on config
- EMC: same stacks as Bridge Mini + additional consideration for PoE-out transient protection (per-port SMAJ58A)
- ESD: Level 4 on all external ports
Compliance
Same regime as Bridge Mini: FCC Part 15 B/C + CE RED + UKCA + ISED + RoHS/REACH. Adds:
- UL 62368-1 if Internal UPS module included (mains-connected)
- 10G SFP+ — no additional cert (passthrough)
Cert budget: $5-10k without UPS option, $25-40k with UPS. Recommend ship UPS option as delayed v1.1 feature (after initial cert).
---
HW ↔ FW binding
- OpenWrt 24.10 + WanderOS-Bridge v1 overlay (same as Mini) + Medium-class extensions (AP mode, mesh protocols, PoE management daemon, SSD-NAS services)
- One image, runtime module discovery (same model as Mini)
- Module presence detected via I²C/USB enumeration at boot
Service flow
- All Bridge modules user-DIY-installable except PoE daughterboard + UPS (send-back required — mains/PoE safety)
- 7-year spare parts guarantee
- Send-back service $25 + parts + shipping
- Open STLs for Standard cover (CC BY-SA); Pro cover STL published with non-commercial license
Gate checklist (EVT / DVT / PVT)
Same 3-phase gate as Bridge Mini. EVT 2026-Q3, DVT 2026-Q4, first customer ship 2027-Q1.
---
Differentiators vs competitive set
- 4 operational modes on one SKU — mesh/wired/backup/guest
- PoE-out at consumer price tier (UniFi charges $300+ for this separately)
- Dual-radio backhaul as an option, not forced
- Ambassador signature + 7-yr parts — only WanderVerse
- Open STL covers — only WanderVerse
- Inherits identity-aware privacy defaults — only WanderVerse
- Works as a HAVEN safehouse corridor relay (LoRa + UPS + Solar) — no consumer equivalent
---
Open items
- SoC — MT7988A confirmed via Perplexity needs direct FAE RFQ
- 10G SFP+ magnetics + SerDes routing (6-layer should be adequate; Stage-6 signal integrity simulation)
- PoE-out per-port current-limiting strategy — shared budget vs. per-port fuses
- Internal UPS module: cell chemistry (LiFePO4 vs Li-ion) — LiFePO4 preferred for safety + longevity
- Starlink-class satellite integration: not applicable here; Ultra tier handles that
Summary
FOB cost (typical config): ~$195 Retail typical: $299 Gross margin: ~35% (lower than Mini because dual-radio + PoE + larger chassis cost more, but volume contribution matters) Lux margin: up to 50% Ship target: 2027-Q1
---
v1.1 AMENDMENTS — Dual-mode + Community Pool + Companion App (back-fix 2026-04-24)
Per ../_STANDALONE-AND-PLATFORM-INTEGRATION.md canonical principle (2026-04-24) and for feature parity with WanderBand v2.1 + WanderStore + WanderNode Hub v2, the WanderBridge (full) spec now explicitly commits to dual-mode architecture + Community Pool integration + shipped companion apps. These amendments do not change BOM or physical design; they formalize software + revenue + integration posture.
Standalone + industry-integration + WanderVerse-native mode
Mode 1 — Standalone:
- Works with just: WanderBridge + any phone (iOS or Android) + an upstream internet source
- Setup: scan QR on box → BLE pair → configure via iOS/Android/web PWA in under 5 minutes
- Core features work with ZERO other WanderVerse products — mesh AP, 4-port switching, PoE-out for 2-4 cameras/doorbells/locks, MoCA/SFP+ backhaul, 2.5" SSD NAS-lite, Time Machine/SMB, Jellyfin direct-stream, DoH, guest QR, loop detection
- Companion apps: iOS (App Store) + Android (Play Store) + web PWA on wanderverse.com
- No WanderVerse cloud required — all management is local (LAN + BLE + web admin)
Mode 2 — Industry-integrated (at or above industry standard):
- Apple: HomeKit accessory, HomeKit Secure Video relay (cameras attached to Bridge's PoE-out pipe through to HomeKit recorder), Find My Network opt-in, Shortcuts automations, Wallet (guest passes), Siri intents
- Google: Google Home scenes, Assistant, Matter 1.3+ passthrough (Bridge does NOT act as controller — that's Hub), Health Connect (N/A for this device)
- Samsung: SmartThings scenes + guest-network toggle
- Home Assistant: first-class via MQTT + HTTP API + HA Discovery; every Bridge feature exposed as HA entity
- Matter 1.3+: passthrough only
- VPN: WireGuard, Tailscale, OpenVPN client at WanderOS layer
- Media: Plex, Jellyfin, Emby compat on internal SSD; DLNA server
- NAS compat: SMB, NFS, AFP, Time Machine — coexists with Synology/QNAP/Netgear NAS in heterogeneous homes
- What we MATCH: Ubiquiti U7-Pro's WiFi 7 client radio, TP-Link Deco's mesh AP flow, Netgear Orbi's PoE injector pattern
- What we BEAT: every competitor's cloud requirement — nobody else offers mesh AP + NAS + PoE injector + Matter passthrough in one local-first box
- What we lag (honest): Ubiquiti's multi-site "Site Manager" (not target), Eero's one-click-setup simplicity (we trade simplicity for optionality — configurator handles this)
Mode 3 — WanderVerse-native:
- WanderRouter Standard / Pro v2 / Ultra: Bridge auto-adopts into WanderOS mesh plane, shares RF coordination, inherits identity-aware defaults
- WanderNode Hub: Bridge's PoE-out feeds Hub-managed Matter/Thread accessories; Hub surfaces Bridge health
- WanderBand: RF-power auto-adjust down when band-worn-and-home; band-as-key for WiFi client trust; occupancy-driven guest VLAN
- WanderCam / WanderBell / WanderLock: PoE-powered accessories single-cable through Bridge; WanderOS health dashboard
- WanderStation (HAVEN LoRa): Bridge optional LoRa endpoint for mesh relay during internet outage
- WanderCar: Bridge acts as home-endpoint for Car's Tailscale tunnel (car-to-home private link)
- Cross-device unlocks: occupancy routing, band-worn RF scaling, emergency-evac radio silencing + LoRa relay
Community Pool Integration
Per ~/Downloads/Claude/wandersafe/specs/WANDERVERSE-COMMUNITY-POOL-SPEC.md:
- Bridge hardware revenue feeds existing 60/30/10 Ambassador split:
- 60% Ambassador wages (every Bridge carries assembling Ambassador's signature)
- 10% PrideFund (HYSA auto-deposit, Ambassador's money)
- 30% WWP Community Pool (Layer 1 ops cap 65%; Layer 2 Ambassador-voted min 35%)
- Layer 2 categories (Ambassador-voted annually): Scholarships · Emergency Grants · HAVEN Expansion · New Ambassador Seeding · Open Community Grants · Program Reinvestment
- Governance: 1 Ambassador = 1 vote, Annual Assembly each January, 25% quorum, Board veto for 501(c)(3) legal/ethics only, 60% supermajority overrides
- Secondary revenue: Bridge accessories (Lux covers, PoE adapter kits, MoCA modules, STL printables, repair parts) flow through WanderStore tiered 10/15/25 model (
../wanderstore/_REVENUE-MODEL-FINAL.md); WanderStore platform take feeds the same Community Pool
- Bridge is NOT a separate revenue silo — every sale routes through the democratic pool already designed April 2026
Companion App Spec
- iOS app — Swift + SwiftUI, App Store: HomeKit Secure Video relay admin, Shortcuts, Wallet guest passes, Find My, iPhone + iPad + Mac Catalyst
- Android app — Kotlin + Jetpack Compose, Play Store: Google Home scenes, Assistant, Matter passthrough, Material 3 phone + tablet
- Web PWA — wanderverse.com/bridge, any browser, installable, desktop-first admin + mobile-responsive
- API layer: REST + WebSocket + MQTT, OpenAPI 3.0 spec, MIT-licensed SDK for third-party extension
- Engineering budget: ~$200-300k NRE per Router-family amortized (shared codebase across Mini/Bridge/Standard/Standard-5G/Pro-v2/Ultra with per-SKU feature flags)
- Accessibility: full Apple Accessibility API (VoiceOver, Dynamic Type, Switch Control, AssistiveTouch, Reduce Motion, High Contrast), full Android Accessibility API (TalkBack, Switch Access, Live Caption, Select to Speak), web WCAG 2.2 AA
- Languages: 10 at launch, community-contributed additions via MIT i18n repo