azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-22 12:41:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[autodev] Step 13 partial: c10/c11/c12/c13 cycle-1 doc sync

Browse Source 
Batch 4 of the cycle-1 component-doc sync. For each of C10
(provisioning), C11 (tilemanager), C12 (operator_orchestrator),
and C13 (fdr):

- Append "Cycle-1 operational reality" paragraph to § 1
  documenting the actual cycle-1 wiring path:
  - C10: operator-side / cross-tier; NOT in _STRATEGY_REGISTRY;
    composed via runtime_root/c10_factory.py with six per-service
    factories; reuses C7 InferenceRuntime for engine compile;
    AZ-323 Ed25519 signer + C10ManifestConfig signing-mode gate;
    AZ-324 ManifestVerifierImpl with airborne/operator modes;
    AZ-507 c6 cuts kept in c10_factory; AZ-687 N/A.
  - C11: operator-workstation-only; airborne build target
    excludes source tree (ADR-004 / AC-8.4); composed via
    runtime_root/c11_factory.py with three per-service factories;
    distinct FdrClient producer_ids for signing_key + tile_uploader;
    AZ-320 IdempotentRetryTileUploader wraps by default;
    AZ-507 keeps c6 surfaces caller-injected; AZ-687 N/A.
  - C12: operator-workstation CLI binary; airborne build excludes
    source tree (ADR-004 + Principle #9); composed via
    runtime_root/c12_factory.py; OperatorOrchestratorServices
    dataclass aggregates AZ-326/327/328/329/330/489 services with
    sibling fields defaulting to None; AZ-507 cuts via
    RemoteCacheProvisionerInvoker + TileDownloaderCut/UploaderCut;
    AZ-687 N/A.
  - C13: airborne infrastructure; pre_constructed[c13_fdr] seeded
    FIRST via make_fdr_client(AIRBORNE_MAIN_PRODUCER_ID, config)
    (AZ-619 Phase A); per-producer _CACHE gives AC-619.2 singleton;
    AZ-274 drop-oldest overrun policy wired at construction;
    c1_vio / c5_state require it, c2_5/c3/c3_5/c4 optional; AZ-687
    guard explicitly does NOT apply — seed runs before any block
    presence check so replay binaries still write FDR.

Also bump _docs/_process_leftovers/2026-05-11_d_cross_cve_1_opencv_pin_deferred.md
replay timestamp to 17:18 (start of this /autodev invocation);
gtsam==4.2.1 still requires numpy<2.0.0 so the relaxed opencv pin
remains in effect.

Update _docs/_autodev_state.md sub_step.detail to record batch
4/~5 done; next batch is the 8 helpers under common-helpers/.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-19 17:25:53 +03:00
parent 76f460c88a
commit 12aba8139f
6 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_document/components/11_c10_provisioning/description.md
+2
View File
@@ -8,6 +8,8 @@
**Architectural Pattern**: Coordinator — single concrete implementation `CacheProvisioner` behind two interfaces (`CacheProvisioner` for the F1 build phase, `ManifestVerifier` for F2's content-hash gate). The interfaces are split because F2 only needs the verifier and shouldn't pull in the full provisioning code path.
**Cycle-1 operational reality**: C10 is **operator-side / cross-tier infrastructure**, NOT an airborne strategy slot — it does not appear in `_AIRBORNE_REGISTRATIONS` and `register_airborne_strategies()` (AZ-591) never registers it; equivalently it has no row in `AIRBORNE_REQUIRED_PRE_CONSTRUCTED_KEYS`. The operator binary composes C10 via `runtime_root/c10_factory.py`, which exposes six tiny per-service factories (`build_engine_compiler`, `build_backbone_specs`, `build_manifest_builder`, `build_manifest_verifier`, `build_descriptor_batcher`, `build_cache_provisioner`) that the CLI wires directly. The factory reuses the C7 `InferenceRuntime` via `inference_factory.build_inference_runtime` for the engine-compile path (honouring `BUILD_TENSORRT_RUNTIME` / `BUILD_PYTORCH_FP16_RUNTIME`) and threads `Sha256Sidecar`, `Ed25519ManifestSigner`, and a structured logger explicitly — no global registry. The AZ-323 `ManifestBuilder` reads `config.components['c10_provisioning'].manifest` (`C10ManifestConfig`: `signing_mode ∈ {operator, dev}`, `allowed_operator_fingerprints`, `schema_version="1.1"`); operator-mode signs only with an allowlisted Ed25519 key fingerprint, dev-mode warns when an allowlisted key is used. AZ-324's `ManifestVerifierImpl` has two modes selected by `with_tile_store`: `False` (airborne C5 path, MV-INV-5: trust the Ed25519 signature + recorded `tiles_coverage_sha256`) and `True` (operator C12 path: re-derive the aggregate from C6 and report drift) — wired in `build_manifest_verifier` and never silently flipping. The AZ-507 cross-component cut keeps C10 from importing C6 directly: `c10_factory.py` owns three composition-root adapters (`c6_tile_metadata_store_to_tiles_query`, `c6_tile_store_to_pixel_opener`, `c6_descriptor_index_to_rebuilder`) that translate C6's DTOs into C10's narrow `TileHashRecord` / `TileBboxRecord` / `TilePixelOpener` / `DescriptorIndexRebuilder` cuts. AZ-687 replay-mode guard does not apply to C10 — replay-mode binaries are airborne-only and never invoke the C10 build path.
**Upstream dependencies**:
- C12 OperatorTooling → triggers `build_cache_artifacts(...)` after C11 `TileDownloader` has populated C6.