[AZ-406] Blackbox test harness bootstrap (Tier-1 + Tier-2 scaffold)

Bootstraps the public-boundary blackbox test harness owned by epic
AZ-262 (E-BBT). Establishes the e2e/ directory tree at the repo root,
fully separated from src/gps_denied_onboard/** and from the in-process
tests/** tree, and commits to the contracts every subsequent test
ticket (AZ-407..AZ-446) builds against.

Tier-1 (workstation Docker):
- docker/docker-compose.test.yml wires SUT + ArduPilot SITL + iNav SITL
  + mock Suite Sat Service + mavproxy listener + e2e-runner onto one
  e2e-net bridge with internal: true (enforces RESTRICT-SAT-1 /
  NFT-SEC-02 egress isolation at the network layer).
- docker/docker-compose.tier2-bridge.yml override disables the in-
  compose SUT so Tier-2 pairs SITLs + mock + runner on an x86 host
  while the SUT runs natively on the Jetson under systemd.

Tier-2 (Jetson):
- jetson/run-tier2.sh + tier2.service systemd unit + tegrastats /
  jtop parsers feed per-sample telemetry into the evidence bundle.

Runner image (e2e/runner/):
- Dockerfile + requirements.txt install ONLY ground-side libs
  (pymavlink, opencv-python>=4.12, numpy/scipy/geopy/pyproj, httpx,
  orjson, pydantic, structlog, pytest 8.x). The runner deliberately
  does NOT install the SUT package.
- conftest.py implements the AC-9 skip-rule mapping (tier2_only,
  chamber_only, vins_mono, deferred_ac) tied to environment.md
  parametrize axes.
- reporting/csv_reporter.py is a pytest plugin emitting one row per
  test with the exact 11-column schema from environment.md §
  Reporting (test_id, test_name, traces_to, fc_adapter, vio_strategy,
  tier, started_at_utc, execution_time_ms, result, error_message,
  evidence_paths). XFAIL surfaced only when a test carries
  @pytest.mark.deferred_ac(verdict="xfail", reason=...).
- reporting/evidence_bundler.py exposes the attach_evidence fixture
  that copies per-test artifacts (.tlog, FDR archives, screenshots,
  tegrastats / jtop CSVs) into the run bundle and records relative
  paths into the reporter's evidence_paths column.
- helpers/{frame_source_replay,imu_replay,sitl_observer,
  mavproxy_tlog_reader,fdr_reader}.py declare the public surfaces
  (concrete implementations owned by AZ-407 / AZ-408 / AZ-416 /
  AZ-417 / AZ-441 per the dependency table); helpers/geo.py ships
  today (no downstream task dep) — WGS84 distance / forward-bearing
  / offset via pyproj with NaN rejection.

Mock Suite Sat Service (e2e/fixtures/mock-suite-sat/):
- FastAPI app: POST /tiles (ingest contract from D-PROJ-2 follow-up),
  GET /tiles/audit + /mock/audit (per-run read-back), POST
  /mock/config (force-status, response delay), POST /mock/reset
  (clears audit between tests), GET /mock/health.

Fixture scaffolds (e2e/fixtures/{tile-cache-builder, age-injector,
injectors, cold-boot, secrets, security}/):
- Public surfaces only. Concrete builders land in AZ-407 (static
  fixtures), AZ-408 (runtime synthetic injection), AZ-419 (cold-boot
  fixture), AZ-439 (CVE-2025-53644 JPEG generator).

Test tree (e2e/tests/{positive,negative,performance,resilience,
security,resource_limit}/):
- Mirror of the test-spec category grouping in
  _docs/02_document/tests/*-tests.md.
- tests/positive/test_smoke.py is the AC-1 harness-boot smoke run
  inside the e2e-runner image once Docker brings everything up.

Out-of-container unit tests (e2e/_unit_tests/):
- Exercises the harness internals (CSV reporter plugin lifecycle,
  conftest skip rules, helper modules, parsers, mock app, compose
  YAML structural contract, public-boundary enforcement) without
  Docker / SITL. 97 unit tests, all passing.

Build / config:
- pyproject.toml: testpaths extended with e2e/_unit_tests; pythonpath
  extended with e2e; fastapi>=0.111,<0.120 added to dev extras for the
  mock-app TestClient unit test.

AC coverage:
- AC-1 (Tier-1 boot)         → compose YAML test + directory layout
                                + smoke test (Docker-bound)
- AC-2 (mock services)       → 6 FastAPI TestClient unit tests
- AC-3 (SITLs accept output) → contract present; concrete check
                                deferred to AZ-416 / AZ-417
- AC-4 (CSV columns)         → in-process plugin lifecycle test
                                emits the exact 11-column schema
- AC-5 (egress isolation)    → static config test + runtime probe
                                in Docker-bound smoke
- AC-6 (Tier-2 contract)     → tegrastats + jtop parser unit tests
                                + jetson/* layout test; full Tier-2
                                contract is AZ-444
- AC-7 (fixture reproducibility) → deferred to AZ-407 per task spec
- AC-8 (parametrize matrix)  → vins_mono skip-rule cases +
                                tests/positive/test_smoke
- AC-9 (skip semantics)      → 9 conftest skip-rule unit tests

Module layout entry for blackbox_tests was added in 2026-05-16
preparatory commit d7a17a8 so this diff stays focused on the harness
scaffold. AZ-406 advances to In Testing on commit.

Co-authored-by: Cursor <cursoragent@cursor.com>

e2e/tests/__init__.py

@@ -0,0 +1,13 @@
+"""Pytest target for the blackbox harness.
+
+Runs inside the e2e-runner Docker image (or directly on a Tier-2 Jetson
+when invoked via `e2e/jetson/run-tier2.sh`). Mirrors the test-spec
+grouping in `_docs/02_document/tests/`:
+
+    positive/        FT-P-* scenarios
+    negative/        FT-N-* scenarios
+    performance/     NFT-PERF-* scenarios
+    resilience/      NFT-RES-* scenarios
+    security/        NFT-SEC-* scenarios
+    resource_limit/  NFT-LIM-* scenarios
+"""

e2e/tests/conftest.py

@@ -0,0 +1,42 @@
+"""Outer conftest for the blackbox pytest tree.
+
+This file re-uses the runner-image conftest by re-exporting its hooks and
+fixtures. Inside the docker container the runner-image conftest is on the
+PYTHONPATH (via `/opt/e2e-runner/runner/conftest.py`); pytest discovers
+that conftest as the "rootdir" conftest because `pytest.ini` lives at
+`/opt/e2e-runner/`.
+
+The shim here exists so a developer can also point pytest at this
+directory directly (e.g., `pytest e2e/tests/positive/test_smoke.py`)
+when iterating outside docker — the shim adds the runner package to
+sys.path and re-imports everything.
+"""
+
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+
+
+def _bootstrap_runner_path() -> None:
+    """Make `runner.*` imports work when running outside the docker image."""
+    here = Path(__file__).resolve()
+    # When inside the docker image, runner/ lives at /opt/e2e-runner/runner.
+    # When iterating locally, runner/ lives at <repo>/e2e/runner.
+    candidates = [
+        Path("/opt/e2e-runner"),
+        here.parents[1],  # e2e/
+    ]
+    for c in candidates:
+        if (c / "runner").is_dir():
+            if str(c) not in sys.path:
+                sys.path.insert(0, str(c))
+            return
+
+
+_bootstrap_runner_path()
+
+# Re-export the runner conftest's hooks/fixtures so pytest picks them up
+# regardless of which conftest it discovers first. Star imports here are
+# the documented pytest pattern for conftest layering.
+from runner.conftest import *  # noqa: F401,F403,E402 — pytest conftest re-export

e2e/tests/positive/test_smoke.py

@@ -0,0 +1,51 @@
+"""Harness smoke test (AC-1).
+
+The only AZ-406 test that runs inside the e2e-runner docker image. It
+asserts the harness is wired correctly without depending on any of the
+fixtures owned by AZ-407+ (no frame replay, no SITL contract checks).
+
+What it verifies:
+    1. pytest discovers tests under `/test-suite`.
+    2. The CSV reporter plugin is loaded.
+    3. The parametrize matrix produces at least one variant.
+    4. The `attach_evidence` fixture is reachable.
+
+Per-scenario tests (FT-P-01 onward) will land under their own files in
+this directory.
+"""
+
+from __future__ import annotations
+
+import pytest
+
+
+@pytest.mark.smoke
+@pytest.mark.traces_to("AC-1")
+def test_harness_boots(run_id: str, tier: str, mock_suite_sat_url: str) -> None:
+    """The harness has access to RUN_ID, TIER, and the mock service URL."""
+    # Arrange / Act / Assert
+    assert run_id, "RUN_ID fixture must be set"
+    assert tier in ("tier1-docker", "tier2-jetson", "tier2-chamber"), tier
+    assert mock_suite_sat_url.startswith("http"), mock_suite_sat_url
+
+
+@pytest.mark.smoke
+@pytest.mark.traces_to("AC-8")
+def test_parametrize_matrix_smoke(fc_adapter: str, vio_strategy: str) -> None:
+    """The conftest parametrize fixtures produce well-formed values."""
+    assert fc_adapter in ("ardupilot", "inav")
+    assert vio_strategy in ("okvis2", "klt_ransac", "vins_mono")
+
+
+@pytest.mark.smoke
+@pytest.mark.traces_to("AC-4")
+def test_evidence_dir_writable(evidence_dir, attach_evidence, tmp_path) -> None:  # type: ignore[no-untyped-def]
+    """attach_evidence copies a file into the per-run bundle and returns a relative path."""
+    # Arrange
+    src = tmp_path / "smoke.txt"
+    src.write_text("smoke evidence")
+    # Act
+    rel = attach_evidence(src)
+    # Assert
+    assert "smoke.txt" in rel
+    assert any(evidence_dir.rglob("smoke.txt"))