azaion/autopilot
1
0
Fork 0
mirror of https://github.com/azaion/autopilot.git synced 2026-06-21 15:51:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
576a0d6a30448ed9067bc58366a667934342a314
autopilot/_docs/00_problem/acceptance_criteria.md
T
Oleksandr Bezdieniezhnykh bc40ea7300 [AZ-626] Decompose complete: 47 tasks + docs + module layout 
Greenfield Steps 1-6 baseline for the autopilot rewrite from legacy
Qt/C++ to a Rust workspace.

- Remove legacy Qt/C++ tree (ai_controller, drone_controller,
  misc/camera, python_scaffold, root Dockerfile, autopilot.pro,
  legacy main.py / requirements.txt).
- Add _docs/00_problem (problem, restrictions, acceptance criteria,
  security approach, input data + fixtures).
- Add _docs/01_solution/solution_draft01.
- Add _docs/02_document (architecture, system-flows, data_model,
  glossary, decision-rationale, deployment, 13 component descriptions,
  tests/ specs, FINAL_report, module-layout).
- Add _docs/02_tasks/todo with 47 task specs (AZ-640..AZ-686, one
  bootstrap + 46 component tasks) and _dependencies_table.md.
- Add .cursor/rules/artifact-srp.mdc (single-responsibility rule for
  canonical _docs artifacts).
- Track autodev state in _docs/_autodev_state.md (Step 6 completed,
  ready for Step 7 Implement).

Jira: bootstrap AZ-626; component epics AZ-627..AZ-639; tasks
AZ-640..AZ-686. Total complexity 173 points across 12 epics.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-19 11:02:01 +03:00

94 lines
7.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Acceptance Criteria
Measurable, design-independent success criteria. Implementation choices (specific models, libraries, components, algorithms) belong in `_docs/01_solution/` and `_docs/02_document/`, NOT here. (Audited against `.cursor/rules/artifact-srp.mdc`.)
Every criterion below is observable through the system's external behaviour and can be evaluated by a black-box test.
## Latency
- Primitive (Tier 1) object detection — per-frame end-to-end on the deployed compute device: **≤100 ms** at 1280 px input.
- Semantic confirmation (Tier 2) over a single ROI: **≤200 ms**.
- Deep semantic confirmation (Tier 3 / VLM, when enabled): **≤5 s** per ROI.
- Camera zoom transition (medium → high): **≤2 s** wall-clock, including the physical zoom traversal.
- Decision-to-movement latency (internal scan-control decision → camera physically moving): **≤500 ms**.
- Movement candidate enqueue: **≤1 s** during the wide-area sweep; **≤1.5 s** during the zoomed-in inspection (accommodating gimbal slew).
- Zoom-out → zoom-in transition (POI detected → ROI fully zoomed): **≤2 s** wall-clock.
- Operator command → action: **≤500 ms** from operator click to outbound command (modem RTT excluded).
## Throughput / Rate
- POI rate surfaced to the operator: **≤5 POIs / minute** (hard cap; frozen 2026-05-06).
- Position telemetry rate: **≥1 Hz**, target **10 Hz**.
- Sustained camera frame-rate floor: **≥10 fps**. Below this, zoom-in transitions MUST be suppressed and overall health MUST surface yellow.
## Detection Quality
(Behaviour as observed at the system boundary. Model identity, training data, and label catalogue live in `_docs/02_document/architecture.md` and the `../ai-training` repo.)
- New target classes (black entrances, branch piles, footpaths, roads, trees, tree blocks): per-class **precision ≥80%** AND **recall ≥80%**.
- Existing-class regression: per-class precision and recall MUST NOT degrade by more than ±2 percentage points against the documented baseline.
- Concealed-position recall (initial gate, accepting high false-positive rate): **≥60%**.
- Concealed-position precision (initial gate, operators filter): **≥20%**.
- Footpath recall: **≥70%**.
## Movement Detection Behaviour
- Small moving point/cluster candidates that are not yet classifiable MUST be detected during the wide-area sweep and enqueued for zoomed inspection within **≤1 s**.
- Movement detection MUST continue during the zoomed-in inspection (a moving target that appears inside a held POI must not be lost), with enqueue within **≤1.5 s**.
- Stable objects (trees, houses, roads, terrain) MUST NOT be treated as moving solely because the camera platform itself moves.
- A configurable per-zoom-band false-positive budget MUST be honoured (the system must not flood the operator with false candidates by ignoring its own threshold).
## Scan & Camera Control Behaviour
- The wide-area sweep MUST cover the planned route with a left-right gimbal pattern at wide or light/medium zoom.
- Transition from sweep to detailed inspection MUST complete within **≤2 s** of POI detection (including physical zoom).
- During detailed inspection the system MUST keep the target locked while the airframe flies, pan to keep features visible, hold endpoints up to **2 s** for deep analysis, and return to the sweep after analysis or a configurable per-POI timeout (default **5 s/POI**).
- After operator confirmation, target-follow mode MUST keep the target within the **centre 25%** of the frame while visible.
- Gimbal commands MUST achieve **≤500 ms** decision-to-movement latency with visibly smooth transitions.
- The POI queue MUST be ordered by confidence × proximity to current camera × age factor (relative ranking, not absolute formula).
## Operator Workflow
- The decision window surfaced to the operator MUST scale linearly with confidence: **40% confidence → 30 s; 100% confidence → 120 s**. Below 40% confidence, the POI MUST NOT be surfaced at all.
- Operator-decline MUST result in a persistent ignored-item entry for the matching `(MGRS cell, class group)` so the same target is not re-surfaced.
- Timeout (no operator response within the window) MUST NOT create an ignored-item entry (forget, do not blacklist).
- A new detection whose `(MGRS cell, class group)` matches an existing ignored-item MUST NOT be surfaced.
- Operator confirmation MUST result in (a) a middle waypoint inserted into the mission and (b) a transition to target-follow mode.
- A replayed or unsigned operator command MUST be rejected with a logged security warning; system state MUST NOT change.
## Reliability & Safety
- Pre-flight self-test MUST pass (every dependency healthy OR explicit operator acknowledgement of a known degraded state) before takeoff is permitted.
- Loss of operator/Ground-Station radio link MUST trigger a known mission-safe outcome within a deterministic, configurable grace window (default **30 s grace → RTL**).
- Loss of airframe command link MUST surface health red immediately and defer to the airframe autopilot's own failsafe.
- Battery at or below the configured **RTL floor** (e.g. 25%) MUST trigger RTL automatically; battery at or below the **hard floor** (e.g. 15%) MUST trigger land-now. Only an authenticated operator command may override.
- MAVLink command exhaustion (bounded retry with exponential backoff fails through max-retry) MUST flip the airframe-link health to red.
- Wall-clock drift greater than **200 ms** versus GPS or NTP source MUST surface health yellow.
- Geofence INCLUSION and EXCLUSION violations MUST both result in waypoint refusal + RTL.
## Resources & Data
- Combined RSS on the deployed compute device, for everything autopilot owns onboard (excluding Tier 1), MUST stay within **≤6 GB**.
- Tier 1 per-frame latency MUST NOT degrade by more than **±5 ms** when autopilot's own onboard workload is running concurrently.
## Map Reconciliation (with the central area-level map)
- Pre-flight map pull for a **30 km × 30 km** mission area: **≤30 s** wall-clock. Cache-fallback on timeout is acceptable only with explicit operator acknowledgement.
- Post-flight pass diff push for a **60-minute** mission: **≤2 min** wall-clock. Failure MUST persist the pending diff to durable on-device storage with bounded retry.
## Acceptance Gates (project-level)
- A hardware/replay benchmark suite MUST pass before product implementation begins. Specifically: every latency criterion above MUST be measured on the deployed compute device, not on a developer workstation.
- Per-season dataset coverage MUST be demonstrated before MVP sign-off (winter, spring, summer, autumn).
- MAVLink command surface MUST pass SITL conformance against ArduPilot.
## Q-tagged criteria (depend on open architecture decisions)
These criteria are real and measurable; their tolerance ranges may sharpen once the linked open question resolves. The questions are tracked in `_docs/02_document/architecture.md §8`.
- Movement detection false-positive rate at zoomed-in inspection — depends on **Q14** (classical-CV adequacy vs learned-CV fallback).
- MapObjects conflict resolution behaviour — depends on **Q8** (append-only log + projection rules).
- Operator-command authentication conformance — depends on **Q9** (signing scheme).
- Airframe MAVLink-2 message signing — depends on **Q6**.
- Per-season flight-test gates — depends on **Q13**.
Reference in New Issue View Git Blame Copy Permalink