[AZ-226] Add generated tile staging

Keep generated tiles auditable and untrusted onboard while preserving
covariance, quality, and sidecar metadata for post-flight sync.

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/02_tasks/done/AZ-226_generated_tile_orthorectification.md

@@ -0,0 +1,88 @@
+# Generated Tile Orthorectification And Sync Package
+
+**Task**: AZ-226_generated_tile_orthorectification
+**Name**: Generated Tile Orthorectification And Sync Package
+**Description**: Convert eligible nadir frames into generated orthorectified COG tiles and prepare post-flight sync packages.
+**Complexity**: 5 points
+**Dependencies**: AZ-223_camera_ingest_calibration, AZ-225_tile_manager_cache_manifest
+**Component**: Tile Manager
+**Tracker**: AZ-226
+**Epic**: AZ-211
+
+## Problem
+
+Generated tiles must be written only when pose, frame quality, and provenance gates make them safe to retain for post-flight Satellite Service review.
+
+## Outcome
+
+- Eligible nadir frames can become generated COG candidates with sidecars.
+- Unsafe or over-confident tile writes are rejected.
+- Post-flight generated-tile packages carry enough metadata for Satellite Service ingest/voting.
+
+## Scope
+
+### Included
+- Orthorectification request handling.
+- Generated COG + sidecar metadata creation.
+- Covariance/quality gates and trust level assignment.
+- Sync package preparation.
+
+### Excluded
+- Satellite Service upload transport.
+- Promotion to trusted basemap onboard.
+
+## Dependencies
+
+### Document Dependencies
+- `_docs/02_document/contracts/shared/runtime_contracts.md`
+- `_docs/02_document/contracts/shared/geometry_time_sync.md`
+
+## Acceptance Criteria
+
+**AC-1: Eligible frame writes generated tile**
+Given a high-confidence pose and usable frame
+When tile generation runs
+Then a generated COG candidate and sidecar are staged.
+
+**AC-2: Unsafe frame is rejected**
+Given high covariance or unusable frame quality
+When tile generation runs
+Then no trusted tile is written.
+
+**AC-3: Sync package is auditable**
+Given generated candidate tiles exist
+When a package is prepared
+Then it includes manifest delta, sidecars, parent covariance, and trust level.
+
+## Non-Functional Requirements
+
+**Reliability**
+- Generated tiles are never promoted directly to trusted basemap onboard.
+
+**Performance**
+- Tile generation must not block localization output.
+
+## Unit Tests
+
+| AC Ref | What to Test | Required Outcome |
+|--------|--------------|------------------|
+| AC-1 | Valid tile request | COG + sidecar staged |
+| AC-2 | Covariance too high | Write rejected |
+| AC-3 | Package creation | Required metadata present |
+
+## Blackbox Tests
+
+| AC Ref | Initial Data/Conditions | What to Test | Expected Behavior | NFR References |
+|--------|-------------------------|--------------|-------------------|----------------|
+| AC-2 | Poisoning fixture | Generated tile gate | No direct trusted promotion | Reliability |
+
+## Constraints
+
+- Tile Manager performs generated tile writes; camera ingest only provides metadata/hints.
+- Missing sidecars make generated tiles ineligible for upload.
+
+## Risks & Mitigation
+
+**Risk 1: Misaligned generated tile**
+- *Risk*: Wrong pose creates harmful future anchor data.
+- *Mitigation*: Parent covariance, frame quality, and post-flight validation gates.