Update autodev state documentation to reflect progress in the Decompose phase, changing the current step from 5 to 6. Revise sub-step details to indicate a shift to phase 2, focusing on module layout for the Satellite Service and Tile Manager, and awaiting confirmation before product task decomposition. Additionally, enhance problem documentation to clarify the original still-image sample limitations and introduce the Derkachi representative fixture for improved data validation. Update references to the Tile Manager and Satellite Service throughout the documentation for consistency.

_docs/02_document/system-flows.md

@@ -4,19 +4,19 @@
 
 | # | Flow Name | Trigger | Primary Components | Criticality |
 |---|-----------|---------|--------------------|-------------|
-| F1 | Pre-flight cache preparation | Operator sync before mission | Satellite Service, cache/tile lifecycle, satellite retrieval | High |
+| F1 | Pre-flight cache preparation | Operator sync before mission | Satellite Service, Tile Manager | High |
 | F2 | Normal frame processing | Navigation frame + FC telemetry | Camera ingest, BASALT VIO adapter, safety/anchor wrapper, MAVLink, FDR | High |
-| F3 | Satellite relocalization | Cold start, VO failure, sharp turn, covariance growth, stale anchor | Satellite retrieval, anchor verification, safety/anchor wrapper | High |
+| F3 | Satellite relocalization | Cold start, VO failure, sharp turn, covariance growth, stale anchor | Satellite Service, anchor verification, safety/anchor wrapper | High |
 | F4 | Visual blackout / spoofing degraded mode | Image-quality failure and GPS health failure | Camera ingest, MAVLink telemetry, safety/anchor wrapper, QGC, FDR | Critical |
-| F5 | Generated tile lifecycle | High-confidence pose + usable frame | Camera ingest, safety/anchor wrapper, cache/tile lifecycle, FDR | Medium |
-| F6 | Post-flight sync and audit | Landing / operator offload | Cache/tile lifecycle, Satellite Service, FDR | Medium |
+| F5 | Generated tile lifecycle | High-confidence pose + usable frame | Camera ingest, safety/anchor wrapper, Tile Manager, FDR | Medium |
+| F6 | Post-flight sync and audit | Landing / operator offload | Tile Manager, Satellite Service, FDR | Medium |
 | F7 | Validation replay | Test harness invocation | Validation harness, system runtime, public datasets, SITL | High |
 
 ## Flow Dependencies
 
 | Flow | Depends On | Shares Data With |
 |------|------------|------------------|
-| F1 | Satellite Service cache export | F2, F3, F5 |
+| F1 | Satellite Service cache export and Tile Manager validation | F2, F3, F5 |
 | F2 | F1 for cache availability; FC telemetry | F3, F4, F5, FDR |
 | F3 | F1 cache/index; F2 state estimate | F2, F5 |
 | F4 | F2 telemetry and quality signals | F2, QGC/FDR |
@@ -30,7 +30,7 @@
 
 ### Description
 
-Before flight, the Satellite Service provides an offline cache for the operational area, including COG tiles, manifests, sidecars, VPR chunks, descriptors, and FAISS index files.
+Before flight, the Satellite Service imports an offline cache package for the operational area, including COG tiles, manifests, sidecars, VPR chunks, descriptors, and FAISS index files. No Satellite Service or satellite-provider calls are allowed during flight.
 
 ### Preconditions
 
@@ -44,23 +44,22 @@ Before flight, the Satellite Service provides an offline cache for the operation
 sequenceDiagram
     participant Operator
     participant SatelliteService
-    participant CacheLifecycle
-    participant SatelliteRetrieval
+    participant TileManager
 
     Operator->>SatelliteService: Request mission cache
-    SatelliteService-->>CacheLifecycle: COG tiles + manifests + sidecars
-    CacheLifecycle->>CacheLifecycle: Verify signatures, hashes, freshness, resolution
-    CacheLifecycle->>SatelliteRetrieval: Load VPR chunks + FAISS index
-    CacheLifecycle-->>Operator: Cache validation report
+    SatelliteService-->>TileManager: COG tiles + manifests + sidecars
+    TileManager->>TileManager: Verify signatures, hashes, freshness, resolution
+    TileManager-->>SatelliteService: Local cache/index ready
+    TileManager-->>Operator: Cache validation report
 ```
 
 ### Data Flow
 
 | Step | From | To | Data | Format |
 |------|------|----|------|--------|
-| 1 | Satellite Service | Cache lifecycle | Tiles and metadata | COG + PostgreSQL/PostGIS manifest + signed JSON sidecars |
-| 2 | Cache lifecycle | Satellite retrieval | Descriptor/index files | FAISS index + descriptor sidecars |
-| 3 | Cache lifecycle | Operator/FDR | Validation report | Markdown/CSV/log |
+| 1 | Satellite Service | Tile Manager | Tiles and metadata | COG + PostgreSQL/PostGIS manifest + signed JSON sidecars |
+| 2 | Tile Manager | Satellite Service | Descriptor/index readiness | FAISS index + descriptor sidecars |
+| 3 | Tile Manager | Operator/FDR | Validation report | Markdown/CSV/log |
 
 ### Error Scenarios
 
@@ -74,7 +73,7 @@ sequenceDiagram
 
 | Metric | Target | Notes |
 |--------|--------|-------|
-| Runtime network calls | 0 | No in-flight provider calls |
+| Runtime network calls | 0 | No in-flight Satellite Service or provider calls |
 | Cache load | Within cold-start budget contribution | Exact threshold set during implementation |
 
 ---
@@ -157,14 +156,14 @@ When the state becomes uncertain or disconnected, the system retrieves satellite
 ```mermaid
 sequenceDiagram
     participant SafetyWrapper
-    participant SatelliteRetrieval
+    participant SatelliteService
     participant AnchorVerification
-    participant CacheLifecycle
+    participant TileManager
     participant FDR
 
-    SafetyWrapper->>SatelliteRetrieval: Relocalization request
-    SatelliteRetrieval->>CacheLifecycle: Read candidate chunk metadata
-    SatelliteRetrieval-->>AnchorVerification: Top-K candidates
+    SafetyWrapper->>SatelliteService: Relocalization request
+    SatelliteService->>TileManager: Read candidate chunk metadata
+    SatelliteService-->>AnchorVerification: Top-K candidates
     AnchorVerification->>AnchorVerification: ALIKED/DISK+LightGlue + RANSAC
     AnchorVerification-->>SafetyWrapper: Accepted/rejected anchor
     SafetyWrapper->>SafetyWrapper: Mahalanobis + freshness + provenance gates
@@ -175,8 +174,8 @@ sequenceDiagram
 
 | Step | From | To | Data | Format |
 |------|------|----|------|--------|
-| 1 | Safety wrapper | Satellite retrieval | Query frame and prior/covariance | Relocalization DTO |
-| 2 | Satellite retrieval | Anchor verification | Top-K chunks | Candidate list |
+| 1 | Safety wrapper | Satellite Service | Query frame and prior/covariance | Relocalization DTO |
+| 2 | Satellite Service | Anchor verification | Top-K chunks from local cache/index | Candidate list |
 | 3 | Anchor verification | Safety wrapper | MRE, inliers, homography, provenance | AnchorDecision DTO |
 
 ### Error Scenarios
@@ -184,7 +183,7 @@ sequenceDiagram
 | Error | Where | Detection | Recovery |
 |-------|-------|-----------|----------|
 | No good candidate | Retrieval/verification | Low score or failed RANSAC | Continue degraded and request GCS hint after threshold |
-| Stale candidate | Cache lifecycle | Capture date gate | Reject/down-confidence |
+| Stale candidate | Tile Manager | Capture date gate | Reject/down-confidence |
 | Implausible anchor | Safety wrapper | Mahalanobis/impossible velocity gate | Reject and log |
 
 ### Performance Expectations
@@ -259,17 +258,17 @@ When pose confidence is strong enough, the system orthorectifies navigation imag
 
 | Step | From | To | Data | Format |
 |------|------|----|------|--------|
-| 1 | Safety wrapper | Cache lifecycle | Pose/covariance + frame metadata | TileGenerationRequest |
-| 2 | Cache lifecycle | Local storage | Generated COG + sidecar | COG + signed JSON |
-| 3 | Cache lifecycle | FDR | Tile write event | FDR event |
+| 1 | Safety wrapper | Tile Manager | Pose/covariance + frame metadata | TileGenerationRequest |
+| 2 | Tile Manager | Local storage | Orthorectified generated COG + sidecar | COG + signed JSON |
+| 3 | Tile Manager | FDR | Tile write event | FDR event |
 
 ### Error Scenarios
 
 | Error | Where | Detection | Recovery |
 |-------|-------|-----------|----------|
 | Parent covariance too high | Safety wrapper | Sigma gate | Do not write tile |
-| Duplicate sector | Cache lifecycle | Spatial deduplication | Keep latest/highest-quality tile |
-| Sidecar write failure | Cache lifecycle | I/O error | Log and do not mark tile eligible |
+| Duplicate sector | Tile Manager | Spatial deduplication | Keep latest/highest-quality tile |
+| Sidecar write failure | Tile Manager | I/O error | Log and do not mark tile eligible |
 
 ---
 
@@ -277,13 +276,13 @@ When pose confidence is strong enough, the system orthorectifies navigation imag
 
 ### Description
 
-After landing, generated tiles and FDR evidence are exported for Satellite Service ingest and incident analysis.
+After landing, generated tiles and FDR evidence are exported through Satellite Service sync for ingest and incident analysis.
 
 ### Data Flow
 
 | Step | From | To | Data | Format |
 |------|------|----|------|--------|
-| 1 | Cache lifecycle | Satellite Service | Generated tile package | COG + sidecar + manifest delta |
+| 1 | Tile Manager | Satellite Service | Generated tile package | COG + sidecar + manifest delta |
 | 2 | FDR | Operator/audit tools | Mission replay evidence | Segmented logs + optional Parquet export |
 
 ### Error Scenarios