[autodev] Update Jetson test environment and satellite-provider integration

- Added `.env.test` to `.gitignore` to exclude test environment variables.
- Enhanced `docker-compose.test.jetson.yml` to include the real satellite-provider .NET service and its PostgreSQL database, replacing the mock service.
- Updated test execution policy to mandate all tests run exclusively on Jetson hardware, deprecating the previous two-tier model.
- Revised documentation in `_docs/LESSONS.md`, `_docs/02_document/tests/environment.md`, and `_docs/04_deploy/ci_cd_pipeline.md` to reflect the new testing strategy and environment setup.
- Improved `run-tests-jetson.sh` script to ensure proper environment variable handling and satellite-provider integration.

This commit aligns the testing framework with production environments, enhancing reliability and coverage.

docker-compose.test.jetson.yml

@@ -16,9 +16,21 @@
 #     `docker-compose.yml` via `extends:` (same as Colima) — they have ARM64
 #     tags via the existing build pipeline.
 #
-# Satellite-provider integration (real .NET service at ../satellite-provider/)
-# is tracked separately under AZ-616 and lands as a follow-up patch to this
-# file once the auth + tile-source strategy is decided.
+# AZ-688 (sibling of AZ-616): the real satellite-provider .NET service is
+# defined inline below (services.satellite-provider + services.satellite-
+# provider-postgres). `run-tests-jetson.sh` rsyncs `../satellite-provider/`
+# to a sibling directory on the Jetson so the build context resolves
+# identically on the workstation and on the Jetson.
+#
+# Why inline instead of `include: ../satellite-provider/docker-compose.yml`:
+# Compose's `include:` rejects same-name service overrides ("conflicts with
+# imported resource"). We need to customize the api service (healthcheck,
+# network alias, internal-only ports) so the upstream compose's verbatim
+# `include:` doesn't work. Inline is cleaner than the multi-`-f` ordering
+# games required to make overlay precedence work.
+#
+# `mock-sat` remains in the graph for now — AZ-692 retires it once the
+# gps-denied client (AZ-691) lands.
 
 services:
   companion:
@@ -27,11 +39,20 @@ services:
       service: companion
     environment:
       LOG_LEVEL: INFO
+      # Jetson is the canonical test env (2026-05-20 policy); the FAISS
+      # HNSW descriptor index is required by c2_vpr in this binary.
+      # Without this flag airborne_bootstrap fails at
+      # _build_c6_descriptor_index → RuntimeNotAvailableError. faiss-cpu
+      # is installed via the [dev] extra; the gate is build-flag, not
+      # wheel availability.
+      BUILD_FAISS_INDEX: "ON"
 
   operator-orchestrator:
     extends:
       file: docker-compose.yml
       service: operator-orchestrator
+    environment:
+      BUILD_FAISS_INDEX: "ON"
 
   mock-sat:
     extends:
@@ -94,13 +115,75 @@ services:
       BUILD_VIDEO_FILE_FRAME_SOURCE: "ON"
       BUILD_TLOG_REPLAY_ADAPTER: "ON"
       BUILD_REPLAY_SINK_JSONL: "ON"
+      BUILD_FAISS_INDEX: "ON"
     volumes:
       - ./tests:/opt/tests:ro
       - ./_docs/00_problem/input_data:/opt/_docs/00_problem/input_data:ro
       - fdr-data:/var/lib/gps-denied/fdr
       - tile-data:/var/lib/gps-denied/tiles
 
+  # AZ-688: real satellite-provider .NET service. Mirrors the upstream
+  # compose at ../satellite-provider/docker-compose.yml with three
+  # deliberate customizations:
+  #   * service name = `satellite-provider` (clearer than the upstream's
+  #     generic `api`) so AZ-692's client uses https://satellite-provider:8080
+  #   * TCP-level healthcheck via bash /dev/tcp so other services can
+  #     `depends_on: service_healthy`. The base image
+  #     (mcr.microsoft.com/dotnet/aspnet:10.0, debian-12-slim) ships
+  #     bash and /dev/tcp is a bash builtin; no extra package needed.
+  #   * no host port mappings — internal-only access via compose DNS;
+  #     keeps host ports free for nested e2e runs.
+  satellite-provider:
+    build:
+      context: ../satellite-provider
+      dockerfile: SatelliteProvider.Api/Dockerfile
+    image: gps-denied-onboard/satellite-provider:dev
+    container_name: gps-denied-e2e-satellite-provider
+    environment:
+      ASPNETCORE_ENVIRONMENT: Development
+      ASPNETCORE_URLS: https://+:8080
+      ASPNETCORE_Kestrel__Certificates__Default__Path: /app/certs/api.pfx
+      ASPNETCORE_Kestrel__Certificates__Default__Password: satellite-dev-cert
+      ConnectionStrings__DefaultConnection: Host=satellite-provider-postgres;Port=5432;Database=satelliteprovider;Username=postgres;Password=postgres
+      MapConfig__ApiKey: ${GOOGLE_MAPS_API_KEY:-}
+      # Suite JWT contract — see _docs/10_auth.md. Sourced from .env.test
+      # via run-tests-jetson.sh; the API fails fast at startup if any of
+      # the three are missing or whitespace-only.
+      JWT_SECRET: ${JWT_SECRET:?JWT_SECRET must be set via .env.test}
+      JWT_ISSUER: ${JWT_ISSUER:?JWT_ISSUER must be set via .env.test}
+      JWT_AUDIENCE: ${JWT_AUDIENCE:?JWT_AUDIENCE must be set via .env.test}
+    volumes:
+      - ../satellite-provider/certs/api.pfx:/app/certs/api.pfx:ro
+      - ../satellite-provider/tiles:/app/tiles
+      - ../satellite-provider/ready:/app/ready
+      - ../satellite-provider/logs:/app/logs
+    healthcheck:
+      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/127.0.0.1/8080"]
+      interval: 5s
+      timeout: 3s
+      retries: 12
+      start_period: 30s
+    depends_on:
+      satellite-provider-postgres:
+        condition: service_healthy
+
+  satellite-provider-postgres:
+    image: postgres:16
+    container_name: gps-denied-e2e-satellite-provider-postgres
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: satelliteprovider
+    volumes:
+      - satellite-provider-postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
 volumes:
   db-data: {}
   fdr-data: {}
   tile-data: {}
+  satellite-provider-postgres-data: {}