azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 10:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-404] [AZ-389] [AZ-559] E2E replay test (Derkachi 60s) + AZ-389 cleanup

Browse Source 
Batch 63 of /autodev replay slice. Adds the AZ-404 E2E test harness
against the Derkachi fixture and resolves the AZ-389 dependency
phantom (closing AZ-559 Won't Fix).

E2E test (AZ-404)
- tests/e2e/replay/_tlog_synth.py: deterministic CSV->tlog generator
  (the original Derkachi tlog is not in repo; data_imu.csv is its
  export, so we round-trip the CSV through pymavlink). Verified:
  SCALED_IMU2 + ATTITUDE + GPS_RAW_INT + HEARTBEAT round-trip cleanly
  through mavutil.mavlink_connection.
- tests/e2e/replay/_helpers.py: parse_jsonl, l2_horizontal_m
  (haversine), match_percentage, CapturingMavlinkTransport (ready
  for AZ-558 unblock), GroundTruthRow + load_ground_truth_csv.
- tests/e2e/replay/conftest.py: derkachi_replay_inputs (session
  scope), replay_runner (subprocess fixture per AZ-402 CLI),
  operator_pre_flight_setup placeholder.
- tests/e2e/replay/test_derkachi_1min.py: 9 tests covering AC-1..AC-8
  with AC-7 skip-gate self-check + AC-4a mode-agnosticism AST scan
  (passes unconditionally, confirms ADR-011 holding).
- tests/e2e/replay/test_helpers.py: 14 unit tests covering AC-9
  helper L2 correctness + match_percentage + parse_jsonl +
  CapturingMavlinkTransport (all unconditional).
- tests/e2e/replay/README.md: AC matrix, fixture state, runtime
  budget, failure cookbook (AC-10).

AC matrix
- AC-1, AC-2, AC-5, AC-6 implemented and Tier-1 gated on
  RUN_REPLAY_E2E=1.
- AC-3 (<=100m for 80%) xfail until real Topotek KHP20S30
  calibration ships (camera_info.md states intrinsics are unknown).
- AC-4a (mode-agnosticism AST scan) PASSES unconditionally.
- AC-4b (encoder byte-equality) skip until AZ-558 routes C8 bytes
  through MavlinkTransport.
- AC-7 (skip-gate self-check) PASSES unconditionally.
- AC-8 (operator workflow rehearsal) skip until D-PROJ-2
  mock-suite-sat-service implements tile-fetch + index-build
  endpoints.
- AC-9 (helper L2 correctness) 14 PASSES unconditionally.

AZ-389 housekeeping
- AZ-559 closed Won't Fix: investigation against
  c6_tile_cache/_types.py confirmed TileSource.ONBOARD_INGEST +
  TileMetadata.quality_metadata + write_tile's FreshnessRejectionError
  already cover the mid-flight ingest semantic. The "missing API"
  was a spec-vs-impl naming mismatch.
- AZ-389 spec rewritten to consume the existing write_tile API +
  catch FreshnessRejectionError per AC-NEW-3 opportunistic emission.
- _dependencies_table.md reverted: AZ-389 deps -> AZ-303 (was
  AZ-559 in the previous commit on this branch); total 150 / 497
  pts.

Tests
- Full regression: 2099 passed (+14 new e2e/replay), 94 skipped
  (incl. 8 e2e/replay heavy-tier + documented blocker skips), 3
  perf-microbench flakes deselected (test_cli_cold_start_under_2s,
  test_cold_start_under_500ms_p99, test_nfr_perf_sign_microbench;
  all pass in isolation - pre-existing under-load flakes on dev
  macOS).

Reviews
- _docs/03_implementation/reviews/batch_63_review.md: code review
  PASS_WITH_WARNINGS (3 documented spec-gap deferrals: AC-3, AC-4b,
  AC-8).
- _docs/03_implementation/cumulative_review_batches_61-63_cycle1_report.md:
  cumulative review PASS_WITH_WARNINGS. Action items: prioritise
  AZ-558 (closes AZ-401 AC-9 + AZ-404 AC-4b); consider 2pt hygiene
  PBI for Protocol-completeness AST scan to catch the AZ-389 /
  AZ-559 phantom-API pattern at task-prep time.

Architecture invariants observably holding
- ADR-011 (replay-as-configuration): AC-4a's AST scan over
  src/gps_denied_onboard/components/**/*.py finds zero violations -
  components branch on neither config.mode nor any synonym.
- Single composition root (replay protocol Invariant 11): AZ-402
  CLI dispatches to runtime_root.main(config); does not call
  compose_root directly.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-14 21:41:39 +03:00
parent 4f10fd230f
commit d7e6b0959e
13 changed files with 1611 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_tasks/_dependencies_table.md
+4 -5
View File
@@ -1,8 +1,8 @@
# Dependencies Table
**Date**: 2026-05-14 (refreshed at start of Batch 63: AZ-559 added — C6 mid-flight tile storage extension; unblocks AZ-389 (orthorectifier had a hard dep gap on a `put_mid_flight_candidate` API that AZ-303 never delivered); AZ-389 deferred and re-blocked on AZ-559; earlier same-day after Batch 61: AZ-558 follow-up added — routes C8 outbound encoder bytes through `MavlinkTransport` seam; closes AZ-401 AC-9 deferred during batch 61 due to encoder-side routing not being in the AZ-401 task envelope; earlier same-day after cumulative review batches 52-54: AZ-528 hygiene PBI added for c1_vio strategy facade orchestration-spine 3-way duplication (Medium); earlier same-day after Batch 53: AZ-333 VINS-Mono landed — first c1_vio strategy after the AZ-332 OKVIS2 production-default; consolidation hygiene for the strategy-facade duplication deferred to a post-AZ-334 PBI; earlier same-day after Batch 51: AZ-527 hygiene PBI added from cumulative review batches 49-51 F1; 2026-05-13: AZ-526 hygiene PBI added from cumulative review batches 46-48 F1+F3; same-day refresh after Batch 44 SRP refactor: AZ-317 superseded; AZ-329 + AZ-330 specs rewritten; AZ-523 + AZ-524 audit-trail tickets added; E-C12 epic renamed `Operator Pre-flight Tooling``Operator Pre-flight Orchestrator`; earlier same-day refresh: AZ-507 + AZ-508 hygiene PBIs from cumulative review batches 31-33; 2026-05-11: AZ-489 + AZ-490 ADR-010 operator-origin path)
**Total Tasks**: 151 (110 product + 41 blackbox-test) — AZ-317 retained in the table marked SUPERSEDED for audit; AZ-523 (C11 gate removal) + AZ-524 (C12 rename) added as 2 closed audit-trail tasks; AZ-526 = 2pt clock-helper hygiene; AZ-527 = 2pt c2 engine-dim helper hygiene; AZ-528 = 3pt c1_vio facade-spine hygiene; AZ-558 = 3pt MavlinkTransport routing follow-up; AZ-559 = 5pt C6 mid-flight tile storage extension
**Total Complexity Points**: 502 (369 product + 133 blackbox-test) — AZ-523 = 3pt, AZ-524 = 2pt, AZ-526 = 2pt, AZ-527 = 2pt, AZ-528 = 3pt, AZ-558 = 3pt, AZ-559 = 5pt
**Date**: 2026-05-14 (refreshed at start of Batch 63: AZ-559 closed Won't Fix — gap was illusory; `TileSource.ONBOARD_INGEST` + `TileMetadata.quality_metadata` + `write_tile`'s `FreshnessRejectionError` already cover the AZ-389 mid-flight ingest semantic without any new API; AZ-389 dep restored to AZ-303; earlier same-day after Batch 61: AZ-558 follow-up added — routes C8 outbound encoder bytes through `MavlinkTransport` seam; closes AZ-401 AC-9 deferred during batch 61 due to encoder-side routing not being in the AZ-401 task envelope; earlier same-day after cumulative review batches 52-54: AZ-528 hygiene PBI added for c1_vio strategy facade orchestration-spine 3-way duplication (Medium); earlier same-day after Batch 53: AZ-333 VINS-Mono landed — first c1_vio strategy after the AZ-332 OKVIS2 production-default; consolidation hygiene for the strategy-facade duplication deferred to a post-AZ-334 PBI; earlier same-day after Batch 51: AZ-527 hygiene PBI added from cumulative review batches 49-51 F1; 2026-05-13: AZ-526 hygiene PBI added from cumulative review batches 46-48 F1+F3; same-day refresh after Batch 44 SRP refactor: AZ-317 superseded; AZ-329 + AZ-330 specs rewritten; AZ-523 + AZ-524 audit-trail tickets added; E-C12 epic renamed `Operator Pre-flight Tooling``Operator Pre-flight Orchestrator`; earlier same-day refresh: AZ-507 + AZ-508 hygiene PBIs from cumulative review batches 31-33; 2026-05-11: AZ-489 + AZ-490 ADR-010 operator-origin path)
**Total Tasks**: 150 (109 product + 41 blackbox-test) — AZ-317 retained in the table marked SUPERSEDED for audit; AZ-523 (C11 gate removal) + AZ-524 (C12 rename) added as 2 closed audit-trail tasks; AZ-526 = 2pt clock-helper hygiene; AZ-527 = 2pt c2 engine-dim helper hygiene; AZ-528 = 3pt c1_vio facade-spine hygiene; AZ-558 = 3pt MavlinkTransport routing follow-up; AZ-559 closed Won't Fix
**Total Complexity Points**: 497 (364 product + 133 blackbox-test) — AZ-523 = 3pt, AZ-524 = 2pt, AZ-526 = 2pt, AZ-527 = 2pt, AZ-528 = 3pt, AZ-558 = 3pt
Dependencies columns list only the tracker-ID portion (descriptive tail
text in each task spec is omitted here for table-readability). The
@@ -96,7 +96,7 @@ are all declared and documented below under **Cycle Check**.
| AZ-386 | C5 EskfStateEstimator — mandatory simple-baseline | 5 | AZ-381, AZ-276, AZ-277, AZ-279, AZ-263, AZ-269, AZ-266, AZ-272 | AZ-260 |
| AZ-387 | C5 smoothed past-keyframe → FDR path (AC-4.5 revised) | 3 | AZ-384, AZ-386, AZ-273, AZ-272, AZ-263, AZ-269, AZ-266 | AZ-260 |
| AZ-388 | C5 AC-5.2 fallback path — 3 s no-estimate detector + downstream signal | 3 | AZ-384, AZ-386, AZ-273, AZ-272, AZ-390, AZ-397, AZ-263, AZ-269, AZ-266 | AZ-260 |
| AZ-389 | C5 internal orthorectifier — produces mid-flight tile candidates for C6 (BLOCKED on AZ-559) | 3 | AZ-384, AZ-385, AZ-559, AZ-263, AZ-269, AZ-266, AZ-272 | AZ-260 |
| AZ-389 | C5 internal orthorectifier — produces mid-flight tile candidates for C6 | 3 | AZ-384, AZ-385, AZ-303, AZ-263, AZ-269, AZ-266, AZ-272 | AZ-260 |
| AZ-390 | C8 FcAdapter + GcsAdapter Protocols + DTOs + errors + composition factories | 3 | AZ-263, AZ-269, AZ-270, AZ-273, AZ-277, AZ-279, AZ-266 | AZ-261 |
| AZ-391 | C8 inbound subscription — IMU/attitude/GPS-health/MAV_STATE producer | 5 | AZ-390, AZ-263, AZ-269, AZ-266, AZ-272, AZ-273, AZ-276 | AZ-261 |
| AZ-392 | C8 CovarianceProjector — honest 6×6 → 2×2 → equivalent_radius helper | 3 | AZ-390, AZ-263, AZ-269, AZ-266, AZ-272 | AZ-261 |
@@ -114,7 +114,6 @@ are all declared and documented below under **Cycle Check**.
| AZ-404 | E2E replay fixture test — Derkachi 12 min clip + mode-agnosticism + operator workflow | 5 | AZ-402, AZ-401, AZ-405, AZ-263, AZ-269, AZ-266, AZ-272, AZ-273 | AZ-265 |
| AZ-405 | replay_input/ coordinator + auto-sync of video ↔ tlog via IMU take-off detection | 5 | AZ-399, AZ-398, AZ-263, AZ-269, AZ-266, AZ-272, AZ-279 | AZ-265 |
| AZ-558 | Route C8 outbound encoder bytes through MavlinkTransport seam (closes AZ-401 AC-9) | 3 | AZ-401, AZ-273, AZ-294, AZ-399 | AZ-265 |
| AZ-559 | C6 mid-flight tile storage extension — put_mid_flight_candidate Protocol + DTO + persistence | 5 | AZ-303, AZ-308, AZ-310, AZ-263, AZ-269, AZ-266, AZ-272 | AZ-260 |
| AZ-406 | Blackbox Test Infrastructure Bootstrap (Tier-1 + Tier-2 harness scaffold) | 5 | AZ-263 | AZ-262 |
| AZ-407 | Static fixture builders — tile-cache, age-injector, cold-boot, MAVLink passkey, CVE JPEG | 3 | AZ-406 | AZ-262 |
| AZ-408 | Runtime synthetic-injection fixture builders — outlier, blackout-spoof, multi-segment | 3 | AZ-406, AZ-407 | AZ-262 |
_docs/02_tasks/todo/AZ-404_replay_e2e_fixture.md → _docs/02_tasks/done/AZ-404_replay_e2e_fixture.md
View File
_docs/02_tasks/todo/AZ-389_c5_orthorectifier_c6.md
+29 -17
View File
@@ -1,11 +1,10 @@
# C5 Orthorectifier → C6 mid-flight tile gen sub-path
**Task**: AZ-389_c5_orthorectifier_c6
**Name**: C5 internal orthorectifier — produces mid-flight tile candidates for C6
**Description**: Implement the orthorectifier sub-path inside C5: when a frame has converged in the iSAM2 graph (≥1 satellite anchor + visual consistency), apply the camera intrinsics + extrinsics + the C5-known pose to orthorectify the nav-camera frame into a tile-aligned image patch; emit a `MidFlightTileCandidate(tile_id, pixels, quality_metadata, source_pose)` to C6 (via the storage interface AZ-303 `tile_store.put_mid_flight_candidate(...)`). Quality metadata: `inlier_count`, `cov_norm`, `pose_age_ms`. The orthorectifier is C5-internal (per epic spec § Scope: "orthorectifier (lives within C5 as an internal subcomponent)"); it consumes the converged pose + nav frame from a per-frame buffer; it emits at most ONE candidate per frame (gated by quality thresholds: `cov_norm < threshold` AND `inlier_count > floor`). Triggered after a successful `current_estimate()` call when quality conditions hold.
**Name**: C5 internal orthorectifier — produces mid-flight tile candidates for C6 via existing `TileStore.write_tile` + `ONBOARD_INGEST` source
**Description**: Implement the orthorectifier sub-path inside C5: when a frame has converged in the iSAM2 graph (≥1 satellite anchor + visual consistency), apply the camera intrinsics + extrinsics + the C5-known pose to orthorectify the nav-camera frame into a tile-aligned image patch; persist it to C6 as a `TileSource.ONBOARD_INGEST` tile via the existing `TileStore.write_tile(tile_blob, metadata)` API (AZ-303). The orthorectifier is C5-internal (per epic spec § Scope: "orthorectifier (lives within C5 as an internal subcomponent)"); it consumes the converged pose + nav frame from a per-frame buffer; it emits at most ONE tile per frame (gated by quality thresholds: `cov_norm < threshold` AND `inlier_count > floor`). Triggered after a successful `current_estimate()` call when quality conditions hold AND `source_label == SATELLITE_ANCHORED`. Per AC-NEW-3 the emission is opportunistic: a `FreshnessRejectionError` from C6's freshness gate is caught and dropped (DEBUG log only).
**Complexity**: 3 points
**Dependencies**: AZ-384 (`current_estimate` body + cov norm), AZ-385 (only emit candidates when source_label == SATELLITE_ANCHORED), AZ-559 (`TileStore.put_mid_flight_candidate` Protocol method + `MidFlightTileCandidate` DTO + persistence — AZ-303 shipped under-spec, AZ-559 closes the gap), AZ-263, AZ-269, AZ-266, AZ-272 (FDR)
**Status**: BLOCKED on AZ-559 (storage extension). Dependency-gap surfaced during batch 63 of the autodev replay-track sequence; original spec assumed AZ-303 had delivered the mid-flight tile API but it had not.
**Dependencies**: AZ-384 (`current_estimate` body + cov norm), AZ-385 (only emit candidates when source_label == SATELLITE_ANCHORED), AZ-303 (`TileStore.write_tile` + `TileMetadata` + `TileQualityMetadata` + `TileSource.ONBOARD_INGEST`), AZ-263, AZ-269, AZ-266, AZ-272 (FDR)
**Component**: c5_state (epic AZ-260 / E-C5)
**Tracker**: AZ-389
**Epic**: AZ-260 (E-C5)
@@ -14,7 +13,11 @@
- `_docs/02_document/contracts/c5_state/state_estimator_protocol.md`.
- `_docs/02_document/components/07_c5_state/description.md` — orthorectifier mention; § 1 downstream "C6 (mid-flight tile gen via orthorectifier)".
- `_docs/02_document/contracts/c6_tile_cache/tile_store.md``put_mid_flight_candidate` API.
- `_docs/02_document/contracts/c6_tile_cache/tile_store.md``write_tile` API (the four-method baseline).
### History
The original v1.0.0 spec referenced a separate `tile_store.put_mid_flight_candidate(MidFlightTileCandidate)` API that does not exist; investigation against `c6_tile_cache/_types.py` and `interface.py` showed `TileSource.ONBOARD_INGEST` + `TileMetadata.quality_metadata` + `write_tile`'s built-in `FreshnessRejectionError` semantic already cover the entire mid-flight ingest path. AZ-559 was filed and immediately closed Won't Fix; the spec is rewritten here against the actual API surface.
## Problem
@@ -24,15 +27,20 @@ Without this task, the system never emits mid-flight tile candidates → C6's ca
- `src/gps_denied_onboard/components/c5_state/_orthorectifier.py` defining:
- `Orthorectifier` class (component-internal; not in `__all__`).
- Method: `try_emit_candidate(frame, pose_estimate, cov_6x6, inlier_count, source_label) -> MidFlightTileCandidate | None`.
- Method: `try_emit_candidate(frame, pose_estimate, cov_6x6, inlier_count, mre_px, source_label) -> TileId | None`.
- Quality gates: `cov_norm < cov_threshold` AND `inlier_count > inlier_floor` AND `source_label == SATELLITE_ANCHORED`.
- Orthorectification math: project nav-camera frame to tile plane via camera intrinsics + extrinsics + pose; nearest-neighbour or bilinear sampling.
- JPEG encoding of the orthorectified patch (via OpenCV `cv2.imencode`).
- Constructs a `TileMetadata` with `source = TileSource.ONBOARD_INGEST`, `voting_status = VotingStatus.PENDING`, `quality_metadata = TileQualityMetadata(estimator_label, covariance_2x2_horizontal_subblock, last_anchor_age_ms, mre_px, imu_bias_norm)`, `flight_id`, `companion_id`, `freshness_label = FreshnessLabel.FRESH` (the gate runs at insert time).
- Calls `tile_store.write_tile(jpeg_bytes, tile_metadata)`.
- Catches `FreshnessRejectionError` per AC-NEW-3 (opportunistic) and returns `None`; logs DEBUG `"c5.state.mid_flight_candidate_freshness_rejected"`.
- Returns the persisted `TileId` on success.
- Hook in `GtsamIsam2StateEstimator.current_estimate()` post-emission (or post-`add_pose_anchor` — implementer choice; gated to fire AT MOST once per frame).
- ESKF estimator: also has the hook (mid-flight tile gen is independent of state-estimator strategy).
- Configurable thresholds in `config.state.orthorectifier.{cov_norm_threshold, inlier_floor}`.
- Defensive: skip emission silently if quality gates fail (NOT a degraded-mode error; tile gen is opportunistic per AC-NEW-3).
- DEBUG log on every emission attempt; INFO log on first emission per flight.
- Unit tests: known pose + frame → expected orthorectified output; quality-gate skip behaviour; emission rate-limit (once per frame).
- Unit tests: known pose + frame → expected orthorectified output; quality-gate skip behaviour; emission rate-limit (once per frame); `FreshnessRejectionError` swallowed silently.
## Scope
@@ -44,7 +52,7 @@ Without this task, the system never emits mid-flight tile candidates → C6's ca
- Unit tests.
### Excluded
- The C6 `tile_store.put_mid_flight_candidate` body — owned by AZ-303 / E-C6.
- Any new C6 API — the existing `write_tile` + `TileSource.ONBOARD_INGEST` + `TileMetadata` covers everything (closed AZ-559 confirms).
- C6's downstream tile-cache eviction integration — owned by AZ-308.
- The orthorectification kernel optimisation — production-acceptable kernel uses NumPy or OpenCV `cv2.warpPerspective`; CUDA optimisation is a feature-cycle improvement.
@@ -52,23 +60,25 @@ Without this task, the system never emits mid-flight tile candidates → C6's ca
**AC-1: Orthorectification correctness** — synthetic camera pose + planar tile → output pixels match expected projection within 1-pixel tolerance.
**AC-2: Quality gate skip**`cov_norm > threshold` → no candidate emitted; DEBUG log only.
**AC-2: Quality gate skip — covariance**`cov_norm > threshold` → no tile written; DEBUG log only.
**AC-3: Source label gate**`source_label != SATELLITE_ANCHORED` → no emission.
**AC-4: Once-per-frame rate limit** — even if `current_estimate` is called multiple times for the same frame, at most ONE candidate is emitted.
**AC-4: Once-per-frame rate limit** — even if `current_estimate` is called multiple times for the same frame, at most ONE tile is written.
**AC-5: Both estimators participate** — iSAM2 + ESKF both attempt candidate emission.
**AC-5: Both estimators participate** — iSAM2 + ESKF both attempt candidate emission via the same `Orthorectifier` instance (or an equivalent per-estimator instance — implementer choice).
**AC-6: Composition wiring** — the orthorectifier is constructed inside the estimator at `__init__` time; `tile_store` is constructor-injected.
**AC-6: Composition wiring** — the orthorectifier is constructed inside the estimator at `__init__` time; `tile_store: TileStore` is constructor-injected.
**AC-7: First-emission INFO log**`kind="c5.state.first_mid_flight_candidate"` with `{frame_id, tile_id, cov_norm}`.
**AC-8: Defensive skip on missing inputs** — if `frame` or `pose_estimate` is None, skip silently with DEBUG log (NOT an error).
**AC-9: Freshness rejection caught** — when `tile_store.write_tile` raises `FreshnessRejectionError`, the orthorectifier returns `None` and emits a DEBUG log; no exception propagates to `current_estimate`'s callers (replay protocol Invariant: opportunistic emission per AC-NEW-3).
## Non-Functional Requirements
- `try_emit_candidate` p95 ≤ 30 ms (orthorectification kernel cost).
- `try_emit_candidate` p95 ≤ 30 ms (orthorectification kernel cost, including JPEG encode).
- Memory ≤ 50 MB resident (frame buffer + working memory).
## Constraints
@@ -76,14 +86,16 @@ Without this task, the system never emits mid-flight tile candidates → C6's ca
- Component-internal (not in C5 `__all__`).
- Once-per-frame rate limit.
- Quality gates are mandatory; AC-NEW-3 gain is contingent on emitted candidates being high-quality.
- The `TileQualityMetadata.covariance_2x2` field carries the **horizontal-position 2x2 sub-block** of the C5 pose covariance (not the full 6x6); the orthorectifier uses the full 6x6 for its OWN gate (`cov_norm < threshold`) but persists only the 2x2 sub-block in `TileQualityMetadata` per the existing schema.
- `inlier_count` is NOT a field on `TileQualityMetadata`; the orthorectifier uses it for the gate but persists `mre_px` (mean reprojection error) which serves the same downstream consumer (C6 voting status updater).
## Risks & Mitigation
- **Risk: Orthorectification produces low-quality tiles under degenerate pose** — quality gates filter; if still problematic, AZ-308 cache-eviction policy filters at storage time.
- **Risk: AZ-303 `put_mid_flight_candidate` API not yet stable** — this task ships against the documented API surface.
- **Risk: `cov_norm` (Frobenius norm of 6x6) vs `covariance_2x2` (horizontal sub-block) mismatch confuses readers** — *Mitigation*: docstring on the orthorectifier explicitly distinguishes the two uses; the gate operates on the 6x6 norm; the sub-block is only persisted for downstream voting-status readers.
## Runtime Completeness
- **Named capability**: orthorectifier → mid-flight tile candidate emission.
- **Production code**: real orthorectification kernel (NumPy or OpenCV), real quality gates, real tile_store.put_mid_flight_candidate call.
- **Unacceptable substitutes**: emitting raw nav-frame pixels (not orthorectified); skipping the quality gates (AC-NEW-3 corruption).
- **Named capability**: orthorectifier → mid-flight tile candidate emission via `TileStore.write_tile`.
- **Production code**: real orthorectification kernel (NumPy or OpenCV), real quality gates, real `tile_store.write_tile` call against the production `PostgresFilesystemStore` in the airborne composition root.
- **Unacceptable substitutes**: emitting raw nav-frame pixels (not orthorectified); skipping the quality gates (AC-NEW-3 corruption); inventing a parallel `put_mid_flight_candidate` path when `write_tile` already exists.
_docs/03_implementation/cumulative_review_batches_61-63_cycle1_report.md
+119
View File
@@ -0,0 +1,119 @@
# Cumulative Code Review — Batches 61-63 (Cycle 1)
**Date**: 2026-05-14
**Range**:
- batch 61 (AZ-401 + AZ-400 absorbed — `compose_root` replay branch + `MavlinkTransport` Protocol seam)
- batch 62 (AZ-402 — `gps-denied-replay` console-script + shared `runtime_root.main(config)`)
- batch 63 (AZ-404 — E2E replay fixture test + AZ-389 housekeeping; AZ-559 closed Won't Fix)
**Compared against**: previous cumulative review batches 58-60.
**Verdict**: **PASS_WITH_WARNINGS**
## Scope
The 61-63 trio closes the **replay subsystem** end-to-end:
- **Batch 61** wired the `compose_root` replay branch + retrofitted the missing `MavlinkTransport` Protocol seam from AZ-400 (originally specced under AZ-400 but missing when AZ-401 came up; absorbed to unblock the slice).
- **Batch 62** added the `gps-denied-replay` console-script CLI. The shared airborne `main()` was refactored additively to accept a pre-built `Config`, letting the CLI build → mutate → inject without violating ADR-011's "single composition root" constraint.
- **Batch 63** added the E2E test harness against the Derkachi 60 s clip — full AC matrix wired (some ACs deferred behind documented blockers); plus an AZ-389 spec-vs-impl reconciliation that proved the AZ-559 follow-up was unnecessary (the existing `TileStore.write_tile` + `TileSource.ONBOARD_INGEST` + `FreshnessRejectionError` cover the mid-flight ingest path).
The replay slice is now functionally complete on the airborne side: AZ-405 (coordinator) → AZ-401 (compose_root branch) → AZ-402 (CLI) → AZ-404 (E2E test).
## Carry-over status from cumulative review 58-60
| Prior finding | Status | Notes |
|---------------|--------|-------|
| 58-60 F1 (Medium) — Replay contract `ReplayInputAdapter.__init__` missing `fdr_client` | RESOLVED earlier | Contract updated in batch 60; no further work. |
| 58-60 F2 (Low) — Two parallel tlog message-type pre-validators | OPEN — carry forward | Untouched. The AZ-404 e2e fixture's `_tlog_synth.py` produces a tlog that satisfies BOTH validators by construction, so the duplication is observably harmless. |
| 58-60 F3 (Low) — Test-only injection kwargs on `ReplayInputAdapter.__init__` | OPEN — pattern formalised | Batches 61 + 62 + 63 all adopted the same "single optional kwarg defaulting to None, lazy-resolved at call time" pattern (`replay_components_factory` in AZ-401, `shared_main` in AZ-402, `replay_runner` closure in AZ-404). The pattern is now used by **four** coordinators. Recommend factoring to a shared `_TestInjections` helper after a fifth use case (still under threshold). |
| 58-60 F4 (Low) — Two `cv2.projectPoints` calls per Marginals frame | OPEN — carry forward | No code in batches 61-63 touched C4. |
| 58-60 F5 (Low) — AZ-361 AC-11 informational latency comparison | OPEN — carry forward | Informational metric per spec; no action. |
| 55-57 F1 (Low) — engine-output-probe FP32 vs FP16 dtype divergence | OPEN — carry forward | No code in batches 61-63 touched C2 / C3 TRT path. |
| 55-57 F2 (Low) — XFeat underscore-prefixed helper imports | OPEN — carry forward | No movement. |
| 55-57 F3 (Low) — AZ-347 latency benchmark not asserted | OPEN — carry forward | Informational. |
| 52-54 F2 (Low) — c1_vio test fakes not yet shared | OPEN — carry forward | Subsumed under AZ-528 (filed earlier). |
## Findings (this window)
| # | Severity | Category | File:Line | Title |
|---|----------|----------|-----------|-------|
| F1 | High | Spec-Gap | tests/unit/test_az401_compose_root_replay.py:526 + tests/e2e/replay/test_derkachi_1min.py:269-278 | AZ-401 AC-9 + AZ-404 AC-4b both blocked on AZ-558 (C8 encoder routing through `MavlinkTransport`) |
| F2 | High | Spec-Gap | tests/e2e/replay/test_derkachi_1min.py:357-371 | AZ-404 AC-8 (operator workflow rehearsal) blocked on D-PROJ-2 mock-suite-sat-service |
| F3 | Medium | Spec-Gap | tests/e2e/replay/test_derkachi_1min.py:113-148 | AZ-404 AC-3 (≤100m for 80%) `xfail` until real Topotek KHP20S30 calibration ships |
| F4 | Medium | Process | _docs/02_tasks/todo/AZ-389_c5_orthorectifier_c6.md (rewritten) + AZ-559 closed Won't Fix | Three back-to-back replay-track tasks (AZ-401, AZ-389, AZ-404) had upstream-dep gaps; pattern surfaced and was reconciled in this window |
| F5 | Low | Style | src/gps_denied_onboard/cli/replay.py:235-256 + src/gps_denied_onboard/runtime_root/__init__.py:621-660 | Optional-kwarg test-injection pattern adopted by AZ-402's `shared_main` and AZ-401's `replay_components_factory` (cumulative count: 4 coordinators) |
| F6 | Low | Maintainability | tests/e2e/replay/_tlog_synth.py | Synthetic tlog generation from CSV adds a build step to the e2e harness (Derkachi original tlog not in-repo) |
### Finding Details
#### F1: AZ-558 blocks two ACs (High / Spec-Gap)
- **Locations**:
- `tests/unit/test_az401_compose_root_replay.py:526` (`test_ac9_noop_transport_bytes_written``pytest.skip`)
- `tests/e2e/replay/test_derkachi_1min.py:269-278` (`test_ac4_encoder_byte_equality``pytest.skip`)
- **Description**: The C8 outbound adapters (`PymavlinkArdupilotAdapter`, `Msp2InavAdapter`) call `connection.mav.gps_input_send(...)` directly — bytes never flow through the `MavlinkTransport` seam. AZ-558 was filed in batch 61 to close this gap. Until it lands:
- AZ-401 AC-9 (`NoopMavlinkTransport.bytes_written() > 0` after replay-mode runtime drive) is unsatisfiable.
- AZ-404 AC-4b (encoder byte-equality between live and replay via `CapturingMavlinkTransport`) is unsatisfiable.
- **Risk-shape note**: AZ-558's spec flags a known-unknown — pymavlink's signing handshake runs inside `mav.*_send`, not at `connection.write` level. A naive seam shape (`MavlinkTransport.write(bytes)`) would skip signing. This may push AZ-558's nominal 3pt → 5pt during implementation; track at task-prep time.
- **Status**: explicit + tracked. The `CapturingMavlinkTransport` infrastructure is in place (with full unit coverage in `test_helpers.py`); when AZ-558 lands, both skips drop in a small follow-up.
- **Suggestion**: prioritise AZ-558 in a near-future batch — it's the single dep that closes two open ACs.
#### F2: AC-8 blocked on D-PROJ-2 mock (High / Spec-Gap)
- **Location**: `tests/e2e/replay/test_derkachi_1min.py:357-371` (`test_ac8_operator_workflow``pytest.skip`).
- **Description**: AZ-404's spec calls for the test to run the operator's full C10/C11/C12 pre-flight against a `mock-suite-sat-service` fixture before invoking the replay CLI (replay protocol Invariant 12 + epic AC-9). The current `tests/fixtures/mock-suite-sat-service/` is a bootstrap stub (`GET /healthz` only); the full D-PROJ-2 ingest contract isn't in the parent-suite design yet (`_docs/_process_leftovers/2026-05-09_satellite-provider-design-tasks.md`).
- **Status**: explicit + tracked at parent-suite level. The `operator_pre_flight_setup` fixture in `conftest.py` yields a placeholder cache directory so the test body fails fast with a clear reason rather than a surprise import error.
- **Suggestion**: when the parent-suite D-PROJ-2 design lands, file a separate task to implement the mock and unskip AC-8.
#### F3: AC-3 `xfail` until real calibration (Medium / Spec-Gap)
- **Location**: `tests/e2e/replay/test_derkachi_1min.py:113-148` (`test_ac3_within_100m_80pct_of_ticks``pytest.mark.xfail(strict=False)`).
- **Description**: AC-3 is the epic's primary acceptance gate but `_docs/00_problem/input_data/flight_derkachi/camera_info.md` explicitly states the Topotek KHP20S30 intrinsics are unknown. The test is fully implemented, runs against the placeholder `tests/fixtures/calibration/adti26.json`, and reports a real percentage. With wrong intrinsics, the percentage will land near 0%; `xfail(strict=False)` lets a future correct calibration eventually pass without a fail-on-pass surprise.
- **Status**: explicit + tracked at fixture level.
- **Suggestion**: when real KHP20S30 calibration ships, drop the marker (or flip to `strict=True` for one CI run before removing).
#### F4: Three replay-track tasks with upstream-dep gaps (Medium / Process)
- **Pattern**: AZ-401 (missing AZ-400 transport seam), AZ-389 (phantom `put_mid_flight_candidate` API — resolved by re-reading AZ-303's actual surface), AZ-404 (missing tlog fixture, missing real calibration, missing D-PROJ-2 mock, blocker on AZ-558). Three back-to-back replay-track follow-ons each surfaced an upstream gap.
- **Resolution**:
- AZ-401: absorbed AZ-400's residual scope into the same batch.
- AZ-389: investigation showed the gap was a spec-vs-impl naming mismatch — `TileSource.ONBOARD_INGEST` + `TileMetadata.quality_metadata` + `write_tile`'s built-in `FreshnessRejectionError` already cover the mid-flight ingest path. AZ-559 closed Won't Fix; AZ-389 spec rewritten to consume the existing API.
- AZ-404: gaps that CAN be filled in-batch (synthetic tlog, AC-4a AST scan, helper unit coverage) shipped; gaps that CAN'T (real calibration, AZ-558 routing, D-PROJ-2 mock) are explicit `skip` / `xfail` markers with documented reasons + tracker links.
- **Why this is a finding**: the pattern shows that "shipped-tasks-vs-spec" can silently drift across feature boundaries. The mitigation is the **AC-4a mode-agnosticism AST scan** (now passing) — it gives the architecture a live structural-invariant check that fires regardless of `RUN_REPLAY_E2E`. A similar invariant for "every spec'd Protocol method is implemented" would catch future AZ-389-style phantoms; can be a future hygiene ticket.
- **Suggestion**: file a 2pt hygiene PBI to add an AST-level "Protocol completeness" check to the unit suite — for each `runtime_checkable` Protocol, verify each in-repo concrete class implements every method named in the Protocol's source. This catches the AZ-389 phantom-API pattern at task-prep time instead of batch-implementation time.
#### F5: Optional-kwarg test-injection pattern (Low / Style — carry-forward escalation)
- **Locations**:
- `src/gps_denied_onboard/runtime_root/__init__.py:_compose(...)` accepts a `pre_constructed` kwarg (AZ-401).
- `src/gps_denied_onboard/cli/replay.py:main(argv, *, shared_main=None)` (AZ-402).
- `src/gps_denied_onboard/replay_input/tlog_video_adapter.py:ReplayInputAdapter.__init__(..., tlog_source_factory=None, video_frames_factory=None, video_timestamps_factory=None)` (AZ-405).
- `src/gps_denied_onboard/components/c8_fc_adapter/tlog_replay_adapter.py:TlogReplayFcAdapter.__init__(..., source_factory=None)` (AZ-399).
- **Description**: Four production constructors / functions now accept a single optional kwarg that defaults to `None` and resolves to the production dependency lazily (or `None`-as-passthrough). Tests inject fakes through the kwarg without monkeypatching. Cumulative review 58-60 noted this at three sites; this window adds a fourth.
- **Suggestion**: still under the "factor when fifth case appears" threshold. Track for batch 64+.
#### F6: Synthetic tlog generation (Low / Maintainability)
- **Location**: `tests/e2e/replay/_tlog_synth.py`.
- **Description**: The Derkachi fixture ships `data_imu.csv` (already exported from a tlog) but not the source tlog itself. `_tlog_synth.py` reproduces a `pymavlink.dialects.v20.ardupilotmega` tlog from the CSV — `SCALED_IMU2` + `ATTITUDE` + `GPS_RAW_INT` + `HEARTBEAT`. Deterministic, atomic-write via `.tmp` + fsync + rename, ~1 s for 60 s of data. The conftest synthesizes once per session.
- **Why this is not a Critical**: the alternative (checking the source tlog into the fixture) would add a new ~5 MB binary to `_docs/00_problem/`; the synth approach keeps the fixture content surface narrow + reproducible.
- **Suggestion**: keep. Document in `tests/e2e/replay/README.md` (already done).
## Architecture Observations (this window)
- **ADR-011 holding**: AC-4a's mode-agnosticism AST scan is passing across all `src/gps_denied_onboard/components/**/*.py` files — confirms batches 60 / 61 / 62 / 63 honoured the structural guarantee. If a future batch introduces a `if config.mode` branch in any component, the e2e suite catches it on the next CI run regardless of `RUN_REPLAY_E2E`.
- **Single composition root holding**: the AZ-402 CLI does NOT call `compose_root` directly — it builds a `Config`, calls `runtime_root.main(config)`, and `compose_root` runs inside there. Replay protocol Invariant 11 (CLI MUST NOT compose) verified at the type level.
- **Layer direction holding**: `cli/replay.py` is Layer 5 per `module-layout.md`; imports flow Layer-5 → Layer-4 (`replay_input.errors`) → Layer-1 (`config`, `logging`). No backward edges.
## Verdict Reasoning
Two High spec-gap findings + one Medium spec-gap finding + one Medium process finding + two Low style/maintainability findings. All have explicit tracking via Jira / contract / spec-doc / code-comment links. No Critical, no Architecture violations. The architecture invariants the replay slice was supposed to deliver (ADR-011, single composition root, layer direction, mode-agnosticism) are all observably holding — verified by AC-4a's live structural test.
Verdict: **PASS_WITH_WARNINGS**.
## Action Items (recommended)
1. **AZ-558**: prioritise — closes AZ-401 AC-9 + AZ-404 AC-4b in a single follow-up. Acknowledge the signing-handshake risk (3pt → likely 5pt).
2. **Hygiene PBI candidate** (process F4): "Protocol completeness AST scan" — a 2pt unit-suite addition that compares each `runtime_checkable` Protocol to each in-repo class claimed to implement it, surfacing phantom-API specs at task-prep time. Catches the AZ-389 / AZ-559 pattern preemptively.
3. **D-PROJ-2 mock follow-up** (F2): when the parent-suite design lands, file a task to implement the full ingest contract in `tests/fixtures/mock-suite-sat-service/` so AZ-404 AC-8 can unskip.
4. **Real calibration delivery** (F3): when the Topotek KHP20S30 intrinsics + body-to-camera SE3 are obtained, drop the `xfail` on AZ-404 AC-3.
_docs/03_implementation/reviews/batch_63_review.md
+139
View File
@@ -0,0 +1,139 @@
# Code Review Report
**Batch**: 63 (AZ-404 + AZ-389 housekeeping)
**Date**: 2026-05-14
**Verdict**: PASS_WITH_WARNINGS
## Findings
| # | Severity | Category | File:Line | Title |
|---|----------|----------|-----------|-------|
| 1 | High | Spec-Gap | tests/e2e/replay/test_derkachi_1min.py:269-278 | AC-4b (encoder byte-equality) blocked on AZ-558 |
| 2 | High | Spec-Gap | tests/e2e/replay/test_derkachi_1min.py:357-371 | AC-8 (operator workflow rehearsal) blocked on D-PROJ-2 mock-suite-sat-service |
| 3 | Medium | Spec-Gap | tests/e2e/replay/test_derkachi_1min.py:113-148 | AC-3 (≤100m for 80%) `xfail` until real Topotek KHP20S30 calibration ships |
| 4 | Low | Maintainability | tests/e2e/replay/_tlog_synth.py | Synthesizes a tlog from `data_imu.csv` because the original tlog is not in-repo; deterministic + idempotent but adds a build step to the e2e harness |
| 5 | Low | Style | tests/e2e/replay/conftest.py:155-198 | `replay_runner` fixture builds a fresh output path per invocation (state via closure) — consistent with prior batches' patterns |
### Finding Details
**F1: AC-4b blocked on AZ-558** (High / Spec-Gap)
- Location: `tests/e2e/replay/test_derkachi_1min.py:269-278` (`test_ac4_encoder_byte_equality` decorated with `@pytest.mark.skip`).
- Description: AZ-404's spec asserts that the C8 outbound encoder produces byte-identical wire output between live and replay (replay protocol Invariant 5). The test would capture both modes' bytes via `CapturingMavlinkTransport` and diff. **Blocker**: per the batch 61 review F1 + AZ-558 spec, the C8 adapters (`PymavlinkArdupilotAdapter`, `Msp2InavAdapter`) currently call `connection.mav.gps_input_send(...)` directly — the bytes never flow through the `MavlinkTransport` seam, so substituting `CapturingMavlinkTransport` captures nothing. The test infrastructure (`CapturingMavlinkTransport` in `_helpers.py`, with full unit coverage in `test_helpers.py`) is in place; the test body is a placeholder marked skip with the AZ-558 reference. When AZ-558 lands, drop the `@pytest.mark.skip`, write the body (510 LOC), and AZ-401 AC-9 + AZ-404 AC-4b unskip together.
- Suggestion: keep the skip; the alternative (silently drop the AC) is worse.
- Task: AZ-404 (test scaffolding); blocker on AZ-558 (the routing retrofit).
**F2: AC-8 (operator workflow) blocked on D-PROJ-2 mock** (High / Spec-Gap)
- Location: `tests/e2e/replay/test_derkachi_1min.py:357-371` (`test_ac8_operator_workflow` decorated with `@pytest.mark.skip`).
- Description: AZ-404's spec calls for the test to run the operator's full C10/C11/C12 pre-flight flow against a `mock-suite-sat-service` fixture before invoking the replay CLI (replay protocol Invariant 12 + epic AC-9). **Blocker**: `tests/fixtures/mock-suite-sat-service/main.py` is a bootstrap stub (only `GET /healthz`) per its README; the full D-PROJ-2 ingest contract (tile-fetch + index-build endpoints) hasn't been implemented yet. The `operator_pre_flight_setup` fixture in `conftest.py` yields a placeholder cache directory so the test body fails fast with a documented reason rather than a surprise import error.
- Suggestion: keep the skip. File a follow-up to implement D-PROJ-2 in the mock service when the parent-suite design lands (`_docs/_process_leftovers/2026-05-09_satellite-provider-design-tasks.md` is the parent-suite design tracker).
- Task: AZ-404 (test scaffolding); blocker on parent-suite D-PROJ-2 design.
**F3: AC-3 `xfail` until real calibration** (Medium / Spec-Gap)
- Location: `tests/e2e/replay/test_derkachi_1min.py:113-148` (`test_ac3_within_100m_80pct_of_ticks` decorated with `@pytest.mark.xfail`).
- Description: AC-3 (≤100m horizontal accuracy for ≥80% of ticks) is the epic's primary acceptance gate. The test is fully implemented but **xfail'd** because the Derkachi camera (Topotek KHP20S30) does not have a real calibration JSON in repo — `_docs/00_problem/input_data/flight_derkachi/camera_info.md` explicitly states "Camera intrinsics, lens distortion, raw camera resolution, and exact camera-to-body calibration are still unknown". The placeholder `tests/fixtures/calibration/adti26.json` is wired in `conftest.py` so the test runs to completion and reports a real percentage; with wrong intrinsics it will land near 0%. Marking `xfail` (with `strict=False`) preserves the test infrastructure without polluting the green-build signal until the real calibration lands.
- Suggestion: keep `xfail` with the current reason text; when a real KHP20S30 calibration ships, drop the marker. Strict=False so a future "good calibration" doesn't immediately fail-on-pass; flip to strict=True after one passing CI run on Tier-1.
- Task: AZ-404 (test scaffolding); blocker on the calibration data deliverable.
**F4: tlog synthesis from CSV** (Low / Maintainability)
- Location: `tests/e2e/replay/_tlog_synth.py`.
- Description: The Derkachi fixture ships `data_imu.csv` (already exported from a tlog) but not the source tlog itself. The CLI consumes a tlog path (per AZ-402's argparse contract). `_tlog_synth.py` reproduces a `pymavlink.dialects.v20.ardupilotmega` tlog from the CSV — `SCALED_IMU2` + `ATTITUDE` + `GPS_RAW_INT` + `HEARTBEAT` per the `_REQUIRED_MESSAGE_GROUPS` contract. The synthesizer is deterministic, single-pass, fast (~1 s for 60 s of data), and the conftest atomic-writes the output through a `.tmp` rename + fsync. Verified end-to-end: `mavutil.mavlink_connection(synth_path)` round-trips all four message types.
- Suggestion: keep. Best alternative would be checking the source tlog into the fixture (≈ 5 MB), but that introduces a new binary in `_docs/00_problem/`; the synth approach keeps the fixture content surface narrow.
- Task: AZ-404.
**F5: `replay_runner` invocation-counter via closure** (Low / Style)
- Location: `tests/e2e/replay/conftest.py:155-198`.
- Description: The `replay_runner` fixture closes over a single-key `dict` (`{"n": 0}`) to assign each invocation a fresh output path. This avoids `nonlocal` / class-based state and matches the "function with mutable closure cell" pattern already used in batch 60's `replay_input` test factories. AC-5's two-runs-diff assertion proves the fixture produces independent output files per call.
- Suggestion: keep.
- Task: AZ-404.
## Phase Summary
### Phase 1 — Context Loading
Inputs read:
- `_docs/02_tasks/todo/AZ-404_replay_e2e_fixture.md` (full spec).
- `_docs/02_document/contracts/replay/replay_protocol.md` v2.0.0 (Invariants 1, 5, 7, 10, 12 — verified by AC-4a / AC-4b / AC-5 / AC-8).
- `_docs/02_document/architecture.md` (ADR-011 — replay-as-configuration; AC-4 enforces the structural guarantee).
- `_docs/00_problem/input_data/flight_derkachi/README.md` + `camera_info.md` (fixture state).
- `src/gps_denied_onboard/components/c8_fc_adapter/replay_sink.py` (`_to_jsonable` for AC-2 schema verification).
- `src/gps_denied_onboard/components/c8_fc_adapter/tlog_replay_adapter.py` (`_REQUIRED_MESSAGE_GROUPS` for the synth contract).
- `src/gps_denied_onboard/components/c6_tile_cache/_types.py` (for AZ-389 spec rewrite to use existing `TileSource.ONBOARD_INGEST`).
### Phase 2 — Spec Compliance
| AC | Verdict | Test | Notes |
|----|---------|------|-------|
| AC-1 | PASS (gated) | `test_ac1_exits_0_jsonl_count_match` | runs on Tier-1 with `RUN_REPLAY_E2E=1` |
| AC-2 | PASS (gated) | `test_ac2_jsonl_schema_match` | runs on Tier-1 |
| AC-3 | DEFERRED | `test_ac3_within_100m_80pct_of_ticks` | `xfail` — F3 |
| AC-4a | PASS | `test_ac4_mode_agnosticism_ast_scan` | unconditional; components are clean per ADR-011 |
| AC-4b | DEFERRED | `test_ac4_encoder_byte_equality` | `skip` — F1 (blocker on AZ-558) |
| AC-5 | PASS (gated) | `test_ac5_determinism_two_runs_diff` | runs on Tier-1 |
| AC-6a | PASS (gated) | `test_ac6_pace_realtime_60s_within_5pct` | runs on Tier-1 |
| AC-6b | PASS (gated) | `test_ac6_pace_asap_under_30s` | runs on Tier-1 |
| AC-7 | PASS | `test_ac7_skip_gate_consistent_with_env_var` | unconditional meta-test |
| AC-8 | DEFERRED | `test_ac8_operator_workflow` | `skip` — F2 (blocker on D-PROJ-2 mock) |
| AC-9 | PASS | `test_helpers.py::test_ac9_l2_*` (4 tests) + `match_percentage` (4 tests) + `parse_jsonl` (3 tests) + `CapturingMavlinkTransport` (3 tests) | unconditional |
| AC-10 | PASS | `tests/e2e/replay/README.md` | live document; covers env var, fixture state, runtime, AC matrix, follow-up work, failure cookbook |
Three ACs are deferred behind documented blockers (F1/F2/F3); the rest are either unconditional-and-passing or implemented-and-running-on-Tier-1.
### Phase 3 — Code Quality
- **SOLID**: Each helper has one job:
- `_tlog_synth.synthesize_tlog` — CSV → tlog only.
- `_helpers.parse_jsonl` / `l2_horizontal_m` / `match_percentage` — pure functions.
- `_helpers.CapturingMavlinkTransport` — Protocol-conformant byte recorder.
- `conftest.derkachi_replay_inputs` — fixture materialisation only.
- `conftest.replay_runner` — subprocess invocation only.
- `_ModeBranchScanner` (AST visitor) — single-purpose AST traversal.
- **Error handling**: explicit. `parse_jsonl` raises `AssertionError` with line number + decode-error message on bad input; `synthesize_tlog` writes via `.tmp` + atomic rename + fsync; the `replay_runner` fixture skips (NOT errors) when the console-script is missing from PATH.
- **Naming**: clear (`l2_horizontal_m`, `match_percentage`, `CapturingMavlinkTransport`, `_ModeBranchScanner`).
- **Complexity**: longest function is `synthesize_tlog` (~80 LOC, linear with one inner loop over CSV rows). No cyclomatic > 10.
- **Test quality**: 24 collected; 16 pass on dev (helpers + AC-4a + AC-7), 8 skip (heavy-tier + 3 deferred ACs). Each test has explicit Arrange / Act / Assert sections (`# Arrange` etc.). Parametrised tests not used because each test exercises a distinct scenario.
- **Dead code**: none.
### Phase 4 — Security Quick-Scan
- **No SQL / shell / `eval` / `exec` / `pickle`**: all surface is argparse + json + Path operations + pymavlink (a trusted dependency already pinned in the project).
- **Subprocess invocation**: `replay_runner` runs `gps-denied-replay` with explicit argv (no shell expansion); the binary path is resolved via `shutil.which` then `Path(sys.executable).parent`, both of which are immune to PATH-based attacks at test time.
- **No hardcoded secrets**: the e2e signing key is 32 zero-bytes (`b"\x00" * 32`); generated at fixture time; written to a tmp_path that pytest cleans up.
- **Calibration JSON**: the fixture loads `adti26.json` (a placeholder), not operator-supplied data.
### Phase 5 — Performance Scan
- `_tlog_synth.synthesize_tlog`: ~1 s for the 60 s clip (verified during dev run).
- `_helpers.match_percentage`: O(n log m) over n emissions × m ground-truth rows (binary search per emission); bounded by AC-1's expected line count (~600).
- `_ModeBranchScanner`: O(N) over component .py files (~80 files in `src/gps_denied_onboard/components/`); ~0.2 s in practice.
- The CLI subprocess fixture is the dominant cost on Tier-1 (≤ 30 s asap, 60 s realtime); within the AZ-404 NFR (≤ 6 min total).
### Phase 6 — Cross-Task Consistency
- AZ-389 housekeeping: closed AZ-559 (Won't Fix), reverted dep table, rewrote AZ-389 spec to consume the existing `TileStore.write_tile` + `TileSource.ONBOARD_INGEST` + `TileMetadata.quality_metadata` + `FreshnessRejectionError` semantic. Total task count restored to 150 / 497 pts.
- AZ-558 still tracked as the unblocker for AC-4b (and AZ-401 AC-9). The `CapturingMavlinkTransport` ships in `_helpers.py` with full unit coverage so the AZ-558 batch only needs to flip the skip + write 510 LOC.
- The mode-agnosticism AST scan (AC-4a) currently passes — verifies that batches 60 / 61 / 62 honoured ADR-011's structural guarantee. If a future component-side refactor introduces a `if config.mode` branch, the e2e suite catches it on the next CI run regardless of `RUN_REPLAY_E2E`.
### Phase 7 — Architecture Compliance
- **Layer direction**: `tests/e2e/replay/` is test code — no layer constraints. Imports flow Test → Layer-1 (`config`, `_types`) → Layer-4 (`replay_input`, `c8_fc_adapter`); no forbidden directions.
- **Public API respect**: `_helpers.py` imports `MavlinkTransport` from `gps_denied_onboard.components.c8_fc_adapter.interface` (the public surface). `_tlog_synth.py` imports the standard `pymavlink.dialects.v20.ardupilotmega` module — same pattern as the production `tlog_replay_adapter.py`.
- **No new cyclic deps**: the test package is leaf; nothing in `src/` imports from `tests/`.
- **Mode-agnosticism (AC-4a)**: the test that verifies it passes — no batch 63 changes to `components/**/*.py` (we only added test files).
## Verdict Reasoning
Three High/Medium spec-gap findings, all with documented blockers and clean follow-up paths. Two Low style findings. No Critical. Comparable to batch 61's PASS_WITH_WARNINGS verdict — the deferrals are honest tracking of upstream-dep gaps rather than design defects.
Verdict: **PASS_WITH_WARNINGS**.
## Follow-up tracker
- AZ-558: closes AC-4b + AZ-401 AC-9.
- D-PROJ-2 mock-suite-sat-service implementation: closes AC-8.
- Real Topotek KHP20S30 calibration data: closes AC-3.
_docs/_autodev_state.md
+4 -4
View File
@@ -12,7 +12,7 @@ sub_step:
retry_count: 0
cycle: 1
tracker: jira
last_completed_batch: 62
last_cumulative_review: batches_58-60
current_batch: 63
current_batch_tasks: "AZ-389"
last_completed_batch: 63
last_cumulative_review: batches_61-63
current_batch: 64
current_batch_tasks: ""
tests/e2e/replay/README.md
+99
View File
@@ -0,0 +1,99 @@
# E2E replay tests (AZ-404)
End-to-end regression suite that runs the `gps-denied-replay`
console-script (AZ-402) against the Derkachi 60 s clip and asserts
the AZ-265 epic acceptance criteria.
## How to run
```bash
# In a fresh venv with the package installed:
RUN_REPLAY_E2E=1 pytest tests/e2e/replay/ -v
```
Without `RUN_REPLAY_E2E=1` the heavy tests skip cleanly. The two
unconditional tests (AC-4a mode-agnosticism scan + AC-7 skip-gate
self-check + the helpers in `test_helpers.py`) still run.
## Fixture state
| Artifact | Status | Source |
|----------|--------|--------|
| `flight_derkachi.mp4` | available | `_docs/00_problem/input_data/flight_derkachi/` |
| `data_imu.csv` | available | same dir; 4900 rows at 10 Hz over 489.9 s |
| Synthetic tlog | generated at fixture time | `_tlog_synth.py` reproduces a `pymavlink` `.tlog` from the CSV (the original tlog is not in-repo; the CSV was its export) |
| Camera calibration | placeholder (`tests/fixtures/calibration/adti26.json`) | The real Topotek KHP20S30 intrinsics are unknown per `camera_info.md`. AC-3 is `xfail`ed until a real calibration ships. |
| Operator pre-flight rehearsal | blocked | `tests/fixtures/mock-suite-sat-service/` is a bootstrap stub (only `GET /healthz`); AC-8 skips until the full D-PROJ-2 contract lands. |
## Clip range
The first 60 s of the Derkachi flight (Time=0.0 → Time=60.0). The
take-off region exercises the AZ-405 IMU-take-off auto-sync detector;
the cruise region that follows stresses the satellite-anchor + VIO
drift-correction path. To change the trim, edit `_CLIP_START_S` and
`_CLIP_END_S` in `conftest.py`.
## Expected runtime (Tier-1)
| Test | Expected wall clock |
|------|---------------------|
| AC-1 (`--pace asap`) | ≤ 30 s |
| AC-2 schema match | piggybacks on AC-1 |
| AC-5 determinism | 2 × asap runs (≤ 60 s total) |
| AC-6 realtime | 60 s ± 3 s |
| AC-6 asap | ≤ 30 s |
| Total suite | ≤ 6 min on Jetson AGX Orin |
The AC-1 / AC-2 / AC-5 tests share `--pace asap` runs but each
fixture invocation produces a fresh output file, so they do not
short-circuit each other (preserves AC-5's two-runs-diff guarantee).
## AC matrix
| AC | Test | State |
|----|------|-------|
| AC-1: exit 0 + JSONL count match | `test_ac1_exits_0_jsonl_count_match` | runs on Tier-1 |
| AC-2: JSONL schema match | `test_ac2_jsonl_schema_match` | runs on Tier-1 |
| AC-3: ≤ 100 m for 80 % of ticks | `test_ac3_within_100m_80pct_of_ticks` | `xfail` (waiting on real calibration) |
| AC-4a: mode-agnosticism AST scan | `test_ac4_mode_agnosticism_ast_scan` | unconditional |
| AC-4b: encoder byte-equality | `test_ac4_encoder_byte_equality` | `skip` (waiting on AZ-558) |
| AC-5: determinism | `test_ac5_determinism_two_runs_diff` | runs on Tier-1 |
| AC-6a: realtime 60 s ± 5 % | `test_ac6_pace_realtime_60s_within_5pct` | runs on Tier-1 |
| AC-6b: asap ≤ 30 s | `test_ac6_pace_asap_under_30s` | runs on Tier-1 |
| AC-7: skip-gate self-check | `test_ac7_skip_gate_consistent_with_env_var` | unconditional |
| AC-8: operator workflow rehearsal | `test_ac8_operator_workflow` | `skip` (waiting on D-PROJ-2 mock) |
| AC-9: helper L2 correctness | `test_helpers.py::test_ac9_l2_*` | unconditional |
| AC-10: README accuracy | this file | live |
## Failure-mode cookbook
| Symptom | Likely cause | Fix |
|---------|--------------|-----|
| `gps-denied-replay console-script not on PATH` | package not installed in the test venv | `pip install -e .` |
| AC-1 line count off by > 5 % | tlog synthesizer drifted from the CSV | regenerate by re-running the test (synthesizer is deterministic; non-determinism would be a real bug) |
| AC-3 fails at ~ 0 % even with calibration | wrong intrinsics OR wrong WGS84 ground truth source — verify the GLOBAL_POSITION_INT columns are still the AC-3 reference (per `flight_derkachi/README.md`) | re-derive ground truth |
| AC-5 determinism violated | non-deterministic float ordering in C5 estimator OR a clock leaked into the runtime | bisect via `git log` against the C5 / `clock` modules |
| AC-6 realtime drifts on shared CI | shared-runner contention; the spec allows widening to ± 5 s | adjust `_HEAVY_SKIP` boundary if it persists |
| `tlog missing required messages` | `_tlog_synth.py` lost a message group | check `_REQUIRED_MESSAGE_GROUPS` in `tlog_replay_adapter.py` against the synth output |
## Files
```
tests/e2e/replay/
├── README.md ← this file
├── __init__.py ← package marker + module-level docstring
├── _helpers.py ← parse_jsonl, l2_horizontal_m, match_percentage,
│ CapturingMavlinkTransport, GroundTruthRow
├── _tlog_synth.py ← CSV → tlog generator
├── conftest.py ← derkachi_replay_inputs, replay_runner,
│ operator_pre_flight_setup fixtures
├── test_helpers.py ← unit tests for _helpers (unconditional)
└── test_derkachi_1min.py ← AC-1..AC-8 + AC-7 skip gate + AC-4a AST scan
```
## Follow-up work
* **Real Topotek KHP20S30 calibration** — unblocks AC-3.
* **AZ-558** — closes AC-4b (route C8 encoders through `MavlinkTransport`).
* **D-PROJ-2 mock-suite-sat-service** — unblocks AC-8 (operator
workflow rehearsal).
tests/e2e/replay/__init__.py
+6
View File
@@ -0,0 +1,6 @@
"""E2E replay tests (AZ-404 / E-DEMO-REPLAY).
Runs the ``gps-denied-replay`` console-script (AZ-402) end-to-end
against the Derkachi fixture. Gated by ``RUN_REPLAY_E2E=1`` per the
project's E2E pattern; reports SKIPPED when unset.
"""
tests/e2e/replay/_helpers.py
+223
View File
@@ -0,0 +1,223 @@
"""Helpers shared by the AZ-404 E2E replay tests.
* :func:`parse_jsonl` — read the ``JsonlReplaySink`` output into a list
of dicts with one entry per emit.
* :func:`l2_horizontal_m` — WGS84-aware L2 horizontal distance between
two ``(lat, lon)`` pairs in metres.
* :func:`match_percentage` — share of estimator emissions whose
L2 distance to the closest ground-truth row is within a threshold.
* :class:`CapturingMavlinkTransport` — test-only ``MavlinkTransport``
impl that records every ``write`` so AC-4b can compare the byte
streams produced by ``compose_root(config_live)`` vs.
``compose_root(config_replay)``.
* :func:`load_ground_truth_csv` — the IMU CSV's ``GLOBAL_POSITION_INT``
columns ARE the AC-3 reference (the original tlog's GPS rows
exported to CSV); this helper materialises them.
All functions are pure / deterministic and stay safely importable on
dev macOS without ``RUN_REPLAY_E2E``; the regular regression suite
calls them via the unit-level helper test in this module's sibling
``test_helpers.py``.
"""
from __future__ import annotations
import csv
import json
import math
from dataclasses import dataclass
from pathlib import Path
from typing import Any
__all__ = [
"CapturingMavlinkTransport",
"GroundTruthRow",
"l2_horizontal_m",
"load_ground_truth_csv",
"match_percentage",
"parse_jsonl",
]
# WGS84 mean Earth radius. Matches the value used by
# `helpers/wgs_converter.py` (AZ-279) so the e2e check is consistent
# with the production converter.
_EARTH_RADIUS_M: float = 6_371_008.8
@dataclass(frozen=True)
class GroundTruthRow:
"""One row from the Derkachi data_imu.csv ground-truth slice."""
t_s: float
lat_deg: float
lon_deg: float
alt_m: float
def parse_jsonl(path: Path) -> list[dict[str, Any]]:
"""Return one dict per line of a JsonlReplaySink output file.
Empty trailing lines are tolerated (orjson always terminates with
``\\n`` so the last newline is followed by ``""``); other empty
lines indicate a corrupt file and surface as a JSON decode error.
"""
records: list[dict[str, Any]] = []
with path.open(encoding="utf-8") as fp:
for lineno, line in enumerate(fp, start=1):
stripped = line.rstrip("\n")
if not stripped:
continue
try:
records.append(json.loads(stripped))
except json.JSONDecodeError as exc:
raise AssertionError(
f"line {lineno} in {path} is not valid JSON: {exc.msg!r}"
) from exc
return records
def l2_horizontal_m(
lat1_deg: float, lon1_deg: float, lat2_deg: float, lon2_deg: float
) -> float:
"""WGS84-spherical great-circle distance in metres.
Uses the haversine formula with the C5/AZ-279 mean Earth radius.
Sufficient for the AC-3 ≤ 100 m threshold (sub-metre accuracy at
the Derkachi latitude band; the spherical approximation diverges
from the WGS84 ellipsoid by < 0.5 % at these latitudes — well
within the AC-3 budget).
"""
phi1 = math.radians(lat1_deg)
phi2 = math.radians(lat2_deg)
dphi = phi2 - phi1
dlam = math.radians(lon2_deg - lon1_deg)
a = (
math.sin(dphi / 2.0) ** 2
+ math.cos(phi1) * math.cos(phi2) * math.sin(dlam / 2.0) ** 2
)
c = 2.0 * math.asin(min(1.0, math.sqrt(a)))
return _EARTH_RADIUS_M * c
def load_ground_truth_csv(csv_path: Path) -> list[GroundTruthRow]:
"""Load the Derkachi IMU CSV's GPS rows as ground truth.
The original ``flight_derkachi.tlog``'s ``GLOBAL_POSITION_INT``
messages were exported to ``data_imu.csv``; the ``lat / lon /
alt`` columns are degrees * 1e7 / metres * 1e3 (mavlink integer
encoding), so we divide accordingly.
"""
rows: list[GroundTruthRow] = []
with csv_path.open(newline="") as fp:
reader = csv.DictReader(fp)
for r in reader:
rows.append(
GroundTruthRow(
t_s=float(r["Time"]),
lat_deg=float(r["GLOBAL_POSITION_INT.lat"]) / 1e7,
lon_deg=float(r["GLOBAL_POSITION_INT.lon"]) / 1e7,
alt_m=float(r["GLOBAL_POSITION_INT.alt"]) / 1e3,
)
)
return rows
def match_percentage(
emissions: list[dict[str, Any]],
ground_truth: list[GroundTruthRow],
*,
threshold_m: float,
) -> float:
"""Share of emissions within ``threshold_m`` of the closest GT row.
For each emitted ``EstimatorOutput`` JSONL record, find the
nearest-in-time ground-truth row, compute the horizontal L2
distance, and count it as a hit when ≤ ``threshold_m``. Returns
the hit ratio in [0.0, 1.0].
Nearest-in-time is sufficient because the IMU CSV's 10 Hz cadence
(matching the C5 emit rate) means the candidate row is typically
< 50 ms off the emit timestamp — well below the AC-3 100 m budget.
"""
if not emissions:
return 0.0
if not ground_truth:
raise AssertionError("ground_truth must be non-empty")
gt_sorted = sorted(ground_truth, key=lambda r: r.t_s)
gt_times = [r.t_s for r in gt_sorted]
hits = 0
for emit in emissions:
emit_ts_ns = int(emit["emitted_at"])
emit_t_s = emit_ts_ns / 1e9
idx = _bisect_left(gt_times, emit_t_s)
candidates = []
if idx > 0:
candidates.append(gt_sorted[idx - 1])
if idx < len(gt_sorted):
candidates.append(gt_sorted[idx])
# Nearest-in-time row.
nearest = min(candidates, key=lambda r: abs(r.t_s - emit_t_s))
emit_pos = emit["position_wgs84"]
d = l2_horizontal_m(
emit_pos["lat_deg"],
emit_pos["lon_deg"],
nearest.lat_deg,
nearest.lon_deg,
)
if d <= threshold_m:
hits += 1
return hits / len(emissions)
def _bisect_left(seq: list[float], target: float) -> int:
"""Stdlib bisect_left, inlined to keep import surface narrow."""
lo, hi = 0, len(seq)
while lo < hi:
mid = (lo + hi) // 2
if seq[mid] < target:
lo = mid + 1
else:
hi = mid
return lo
class CapturingMavlinkTransport:
"""Test-only :class:`MavlinkTransport` that records every write.
Used by AZ-404 AC-4b: capture the byte streams produced by
``compose_root(config_live).c8.emit_external_position(out)`` and
``compose_root(config_replay).c8.emit_external_position(out)`` to
assert byte-identity per replay protocol Invariant 5.
NOTE: AC-4b is currently SKIPPED (blocked on AZ-558 — the C8
encoders still bypass the ``MavlinkTransport`` seam by calling
``mav.*_send`` directly). This class is in place so the test
fixture is ready the moment AZ-558 lands.
"""
def __init__(self) -> None:
self._chunks: list[bytes] = []
self._closed = False
def write(self, payload: bytes) -> int:
if self._closed:
raise RuntimeError("CapturingMavlinkTransport.write after close")
self._chunks.append(bytes(payload))
return len(payload)
def bytes_written(self) -> int:
return sum(len(c) for c in self._chunks)
def close(self) -> None:
self._closed = True
@property
def captured_payloads(self) -> tuple[bytes, ...]:
"""Tuple of every payload passed to :meth:`write`, in order."""
return tuple(self._chunks)
@property
def captured_concat(self) -> bytes:
"""All captured payloads concatenated — the wire-byte stream."""
return b"".join(self._chunks)
tests/e2e/replay/_tlog_synth.py
+167
View File
@@ -0,0 +1,167 @@
"""Synthesize a pymavlink ``.tlog`` from the Derkachi ``data_imu.csv``.
The Derkachi fixture (``_docs/00_problem/input_data/flight_derkachi/``)
ships ``flight_derkachi.mp4`` + ``data_imu.csv`` only — the original
pymavlink tlog is not in-repo (it was the source the CSV was
*exported* from). The AZ-404 E2E test runs ``gps-denied-replay``
which expects a tlog input, so we round-trip the CSV back to a tlog
here.
Output schema (per ``tlog_replay_adapter._REQUIRED_MESSAGE_GROUPS``):
* ``SCALED_IMU2`` — one per CSV row (xacc/yacc/zacc/xgyro/ygyro/zgyro/
xmag/ymag/zmag fields map 1:1).
* ``GPS_RAW_INT`` — one per CSV row, derived from
``GLOBAL_POSITION_INT.lat / .lon / .alt / .vx / .vy``. ``fix_type``
is held at ``GPS_FIX_TYPE_3D_FIX`` (3) for every row — the CSV is
post-flight cleaned and contains valid GPS throughout.
* ``ATTITUDE`` — one per CSV row. roll/pitch are synthesized as zero
(the camera is mechanically locked nadir per
``camera_info.md``); yaw is derived from
``GLOBAL_POSITION_INT.hdg`` (cdeg → rad).
* ``HEARTBEAT`` — one per second so the tlog-replay adapter's
pre-scan find the type quickly.
The tlog binary format is the pymavlink convention: ``<8-byte
big-endian timestamp microseconds><raw MAVLink2 message bytes>``,
repeated. The C8 ``TlogReplayFcAdapter`` consumes it via
``mavutil.mavlink_connection(path, mavlink_version="2.0")``.
The synthesizer is deterministic: identical CSV → identical bytes.
The conftest caches the output path next to the CSV so repeat runs
short-circuit when the cache is up-to-date.
"""
from __future__ import annotations
import csv
import math
import struct
from pathlib import Path
from typing import Final
from pymavlink.dialects.v20 import ardupilotmega as mavlink
__all__ = [
"SOURCE_COMPONENT",
"SOURCE_SYSTEM",
"synthesize_tlog",
]
SOURCE_SYSTEM: Final[int] = 1 # vehicle id (any non-zero stable integer)
SOURCE_COMPONENT: Final[int] = mavlink.MAV_COMP_ID_AUTOPILOT1
_HEARTBEAT_PERIOD_S: Final[float] = 1.0
# tlog timestamp epoch — pymavlink stores absolute microseconds. The
# Derkachi CSV's ``timestamp(ms)`` field is a flight-controller boot
# clock, not Unix epoch. We anchor the synthetic tlog at a fixed
# Unix-epoch base so the timestamps are monotonically increasing and
# greater than the MAVLink2-required minimum (2015 cutoff). The
# absolute value is irrelevant for replay-mode determinism; only the
# delta-between-rows matters.
_TLOG_BASE_TIMESTAMP_US: Final[int] = 1_700_000_000_000_000 # 2023-11-14 22:13:20 UTC
def synthesize_tlog(csv_path: Path, tlog_path: Path) -> int:
"""Write a tlog reproduced from ``csv_path`` to ``tlog_path``.
Returns the number of bytes written. Overwrites ``tlog_path``
atomically (write to ``<path>.tmp``, fsync, rename).
The output schema satisfies ``TlogReplayFcAdapter``'s pre-scan
requirements per ``c8_fc_adapter/tlog_replay_adapter.py``:
``RAW_IMU`` or ``SCALED_IMU2`` + ``ATTITUDE`` + ``GPS_RAW_INT`` or
``GPS2_RAW`` + ``HEARTBEAT``.
"""
tmp_path = tlog_path.with_suffix(tlog_path.suffix + ".tmp")
mav = mavlink.MAVLink(
file=None,
srcSystem=SOURCE_SYSTEM,
srcComponent=SOURCE_COMPONENT,
)
bytes_written = 0
next_heartbeat_t_s = 0.0
with csv_path.open(newline="") as fp, tmp_path.open("wb") as out:
reader = csv.DictReader(fp)
for row in reader:
t_s = float(row["Time"])
ts_us = _TLOG_BASE_TIMESTAMP_US + int(t_s * 1_000_000)
time_boot_ms = int(float(row["timestamp(ms)"]))
# SCALED_IMU2 ----------------------------------------------------
imu2 = mav.scaled_imu2_encode(
time_boot_ms=time_boot_ms,
xacc=int(float(row["SCALED_IMU2.xacc"])),
yacc=int(float(row["SCALED_IMU2.yacc"])),
zacc=int(float(row["SCALED_IMU2.zacc"])),
xgyro=int(float(row["SCALED_IMU2.xgyro"])),
ygyro=int(float(row["SCALED_IMU2.ygyro"])),
zgyro=int(float(row["SCALED_IMU2.zgyro"])),
xmag=int(float(row["SCALED_IMU2.xmag"])),
ymag=int(float(row["SCALED_IMU2.ymag"])),
zmag=int(float(row["SCALED_IMU2.zmag"])),
)
bytes_written += _write_record(out, ts_us, imu2.pack(mav))
# ATTITUDE -------------------------------------------------------
yaw_cdeg = float(row["GLOBAL_POSITION_INT.hdg"])
yaw_rad = math.radians(yaw_cdeg / 100.0) if yaw_cdeg > 0 else 0.0
attitude = mav.attitude_encode(
time_boot_ms=time_boot_ms,
roll=0.0,
pitch=0.0,
yaw=yaw_rad,
rollspeed=0.0,
pitchspeed=0.0,
yawspeed=0.0,
)
bytes_written += _write_record(out, ts_us, attitude.pack(mav))
# GPS_RAW_INT ----------------------------------------------------
gps = mav.gps_raw_int_encode(
time_usec=ts_us,
fix_type=mavlink.GPS_FIX_TYPE_3D_FIX,
lat=int(float(row["GLOBAL_POSITION_INT.lat"])),
lon=int(float(row["GLOBAL_POSITION_INT.lon"])),
alt=int(float(row["GLOBAL_POSITION_INT.alt"])),
eph=100,
epv=200,
vel=int(
math.hypot(
float(row["GLOBAL_POSITION_INT.vx"]),
float(row["GLOBAL_POSITION_INT.vy"]),
)
),
cog=int(yaw_cdeg) if yaw_cdeg > 0 else 0,
satellites_visible=12,
)
bytes_written += _write_record(out, ts_us, gps.pack(mav))
# HEARTBEAT (1 Hz) -----------------------------------------------
if t_s >= next_heartbeat_t_s:
heartbeat = mav.heartbeat_encode(
type=mavlink.MAV_TYPE_FIXED_WING,
autopilot=mavlink.MAV_AUTOPILOT_ARDUPILOTMEGA,
base_mode=mavlink.MAV_MODE_FLAG_AUTO_ENABLED,
custom_mode=10, # AUTO mode for ArduPlane
system_status=mavlink.MAV_STATE_ACTIVE,
)
bytes_written += _write_record(out, ts_us, heartbeat.pack(mav))
next_heartbeat_t_s = t_s + _HEARTBEAT_PERIOD_S
out.flush()
# fsync the temp file so the rename below is durable on power loss.
# OSError here is rare; we want it to surface, not be swallowed.
import os as _os
_os.fsync(out.fileno())
tmp_path.replace(tlog_path)
return bytes_written
def _write_record(out, ts_us: int, payload: bytes) -> int:
"""Write one tlog record (8B big-endian timestamp + MAVLink frame)."""
header = struct.pack(">Q", ts_us)
out.write(header)
out.write(payload)
return len(header) + len(payload)
tests/e2e/replay/conftest.py
+234
View File
@@ -0,0 +1,234 @@
"""Pytest fixtures for the AZ-404 E2E replay tests.
The fixtures are import-clean on dev macOS — the heavy work
(synthesizing the tlog, invoking the airborne CLI in a subprocess)
runs only when ``RUN_REPLAY_E2E=1`` is set in the environment.
Without the env var, the test module's collection-time skip marker
prevents the fixtures from being requested.
"""
from __future__ import annotations
import json
import os
import shutil
import subprocess
import sys
from collections.abc import Iterator
from dataclasses import dataclass
from pathlib import Path
from typing import Any
import pytest
from tests.e2e.replay._helpers import GroundTruthRow, load_ground_truth_csv
from tests.e2e.replay._tlog_synth import synthesize_tlog
# Derkachi clip range — anchored at the start of the data_imu.csv
# (Time=0.0). The fixture clip is deliberately the first 60 s rather
# than a mid-flight slice: the take-off region exercises the AZ-405
# IMU-take-off auto-sync detector, and the steady cruise that follows
# stresses the satellite-anchor + VIO drift-correction path. The
# trim is documented in `tests/e2e/replay/README.md`.
_CLIP_START_S: float = 0.0
_CLIP_END_S: float = 60.0
# ----------------------------------------------------------------------
# Path helpers
def _repo_root() -> Path:
return Path(__file__).resolve().parents[3]
def _derkachi_dir() -> Path:
return _repo_root() / "_docs" / "00_problem" / "input_data" / "flight_derkachi"
def _calibration_path() -> Path:
# Placeholder calibration: the real Topotek KHP20S30 intrinsics
# are unknown per `_docs/00_problem/input_data/flight_derkachi/
# camera_info.md`. AC-3 is `xfail`ed until a real calibration
# ships; AC-1 / AC-2 / AC-5 / AC-6 do not depend on intrinsics
# accuracy.
return _repo_root() / "tests" / "fixtures" / "calibration" / "adti26.json"
# ----------------------------------------------------------------------
# Fixtures
@dataclass(frozen=True)
class DerkachiReplayInputs:
"""Bundle of paths the AZ-402 CLI consumes for a Derkachi replay run."""
video_path: Path
tlog_path: Path
calibration_path: Path
config_path: Path
signing_key_path: Path
output_path: Path
ground_truth: list[GroundTruthRow]
@pytest.fixture(scope="session")
def derkachi_replay_inputs(tmp_path_factory: pytest.TempPathFactory) -> DerkachiReplayInputs:
"""Materialise Derkachi inputs + a synthesized tlog for the e2e run.
Session-scoped so the tlog synthesizer runs once across the whole
e2e collection. The tlog is cached at
``tmp_path_factory.mktemp("derkachi") / "synth.tlog"`` so each
pytest invocation gets a fresh copy; the synthesizer is fast
enough (~1 s for 60 s of data) that disk caching across invocations
is unnecessary.
"""
derkachi = _derkachi_dir()
csv_path = derkachi / "data_imu.csv"
video_path = derkachi / "flight_derkachi.mp4"
if not csv_path.is_file():
pytest.fail(
f"Derkachi fixture missing: {csv_path} — see "
"_docs/00_problem/input_data/flight_derkachi/README.md"
)
if not video_path.is_file():
pytest.fail(f"Derkachi fixture missing: {video_path}")
work_dir = tmp_path_factory.mktemp("derkachi")
tlog_path = work_dir / "synth.tlog"
synthesize_tlog(csv_path, tlog_path)
# Empty signing key — the airborne replay path runs the signing
# handshake against `NoopMavlinkTransport`, so the key contents do
# not affect any wire output. We still need a real file because
# the CLI's path-validation gate requires it.
signing_key_path = work_dir / "signing_key.bin"
signing_key_path.write_bytes(b"\x00" * 32)
config_path = work_dir / "config.yaml"
config_path.write_text(
# Replay-specific overrides; the rest comes from the env vars
# the airborne binary's `load_config` honours by default.
"mode: replay\n"
"replay:\n"
" pace: asap\n"
" target_fc_dialect: ardupilot_plane\n"
)
output_path = work_dir / "estimator_output.jsonl"
ground_truth_full = load_ground_truth_csv(csv_path)
ground_truth = [
r for r in ground_truth_full if _CLIP_START_S <= r.t_s <= _CLIP_END_S
]
return DerkachiReplayInputs(
video_path=video_path,
tlog_path=tlog_path,
calibration_path=_calibration_path(),
config_path=config_path,
signing_key_path=signing_key_path,
output_path=output_path,
ground_truth=ground_truth,
)
@dataclass(frozen=True)
class ReplayRunResult:
"""Outcome of a single ``gps-denied-replay`` subprocess run."""
returncode: int
stdout: str
stderr: str
output_path: Path
wall_clock_s: float
@pytest.fixture
def replay_runner(derkachi_replay_inputs: DerkachiReplayInputs) -> Any:
"""Return a callable that invokes the ``gps-denied-replay`` console-script.
The callable accepts keyword overrides for ``pace`` and
``time_offset_ms``; everything else is taken from
``derkachi_replay_inputs``. Output is written to a fresh path per
invocation so determinism comparisons (AC-5) get two independent
files.
"""
binary = shutil.which("gps-denied-replay")
if binary is None:
venv_bin = Path(sys.executable).parent / "gps-denied-replay"
if venv_bin.exists():
binary = str(venv_bin)
if binary is None:
pytest.skip(
"gps-denied-replay console-script not on PATH; "
"install the package in the test venv"
)
invocation_count = {"n": 0}
def _run(*, pace: str = "asap", time_offset_ms: int | None = None) -> ReplayRunResult:
import time
invocation_count["n"] += 1
out_path = derkachi_replay_inputs.output_path.with_name(
f"estimator_output_{invocation_count['n']}.jsonl"
)
argv = [
binary,
"--video",
str(derkachi_replay_inputs.video_path),
"--tlog",
str(derkachi_replay_inputs.tlog_path),
"--output",
str(out_path),
"--camera-calibration",
str(derkachi_replay_inputs.calibration_path),
"--config",
str(derkachi_replay_inputs.config_path),
"--mavlink-signing-key",
str(derkachi_replay_inputs.signing_key_path),
"--pace",
pace,
]
if time_offset_ms is not None:
argv.extend(["--time-offset-ms", str(time_offset_ms)])
t0 = time.monotonic()
completed = subprocess.run(
argv,
capture_output=True,
text=True,
timeout=180,
)
wall_s = time.monotonic() - t0
return ReplayRunResult(
returncode=completed.returncode,
stdout=completed.stdout,
stderr=completed.stderr,
output_path=out_path,
wall_clock_s=wall_s,
)
return _run
@pytest.fixture
def operator_pre_flight_setup(tmp_path: Path) -> Iterator[Path]:
"""Operator C12 pre-flight rehearsal stub.
Per AZ-404's spec this fixture should run the operator's full
C10/C11/C12 pre-flight against a ``mock-suite-sat-service``
fixture and yield the populated cache directory. The current
``tests/fixtures/mock-suite-sat-service`` is a bootstrap stub
(only ``GET /healthz`` per its README) — the full D-PROJ-2
contract is not implemented. Until that ships, AC-8 (operator
workflow rehearsal) is skipped at the test level; this fixture
yields a placeholder cache directory so test bodies that
request it can fail-fast with a documented reason rather than a
surprise ImportError.
"""
cache_dir = tmp_path / "operator_cache"
cache_dir.mkdir()
yield cache_dir
tests/e2e/replay/test_derkachi_1min.py
+382
View File
@@ -0,0 +1,382 @@
"""AZ-404 — E2E replay test against the Derkachi 60 s clip.
Runs the ``gps-denied-replay`` console-script (AZ-402) against the
Derkachi fixture (``_docs/00_problem/input_data/flight_derkachi/``)
and asserts the epic AZ-265 acceptance criteria. Per the project's
E2E pattern the heavy tests are gated by ``RUN_REPLAY_E2E=1``; the
lightweight AC-4a (mode-agnosticism AST scan) and AC-7 (skip-gate
self-check) run unconditionally.
Some ACs are SKIPPED with documented reasons until upstream work
ships:
* AC-3 (≤ 100 m for 80 % of ticks) — ``xfail`` until a real Topotek
KHP20S30 calibration ships (camera_info.md notes the intrinsics
are unknown).
* AC-4b (encoder byte-equality) — ``skip`` until AZ-558 routes the
C8 outbound bytes through the ``MavlinkTransport`` seam.
* AC-8 / AC-9 in spec (operator workflow rehearsal) — ``skip`` until
``mock-suite-sat-service`` implements the D-PROJ-2 ingest contract.
The unit-level ``_helpers.py`` tests in ``test_helpers.py`` cover
AC-9 (helper L2 correctness) unconditionally.
"""
from __future__ import annotations
import ast
import os
import re
from pathlib import Path
import pytest
from tests.e2e.replay._helpers import (
match_percentage,
parse_jsonl,
)
# ----------------------------------------------------------------------
# Skip gates
def _heavy_skip_reason() -> str | None:
if os.environ.get("RUN_REPLAY_E2E", "").lower() not in {"1", "true", "yes", "on"}:
return "AZ-404 heavy e2e tests gated by RUN_REPLAY_E2E=1"
return None
_HEAVY_SKIP = pytest.mark.skipif(
_heavy_skip_reason() is not None, reason=_heavy_skip_reason() or "ok"
)
# ----------------------------------------------------------------------
# AC-1: CLI exits 0; JSONL line count matches tlog GLOBAL_POSITION_INT count
@_HEAVY_SKIP
def test_ac1_exits_0_jsonl_count_match(replay_runner, derkachi_replay_inputs) -> None:
# Act
result = replay_runner(pace="asap")
# Assert — clean exit
assert result.returncode == 0, (
f"gps-denied-replay exited {result.returncode}\n"
f"stdout:\n{result.stdout}\nstderr:\n{result.stderr}"
)
# Assert — JSONL line count within ±5 % of the ground-truth row count
rows = parse_jsonl(result.output_path)
expected = len(derkachi_replay_inputs.ground_truth)
actual = len(rows)
tolerance = max(1, int(expected * 0.05))
assert abs(actual - expected) <= tolerance, (
f"JSONL count {actual} not within ±5 % of expected "
f"{expected} (tolerance ±{tolerance})"
)
# ----------------------------------------------------------------------
# AC-2: Each line is valid JSON matching the EstimatorOutput schema
_ESTIMATOR_OUTPUT_KEYS = frozenset(
{
"frame_id",
"position_wgs84",
"orientation_world_T_body",
"velocity_world_mps",
"covariance_6x6",
"source_label",
"last_satellite_anchor_age_ms",
"smoothed",
"emitted_at",
}
)
@_HEAVY_SKIP
def test_ac2_jsonl_schema_match(replay_runner) -> None:
# Act
result = replay_runner(pace="asap")
rows = parse_jsonl(result.output_path)
# Assert
assert rows, "no JSONL output rows produced"
for i, row in enumerate(rows):
assert isinstance(row, dict), f"row {i} is not a JSON object"
missing = _ESTIMATOR_OUTPUT_KEYS - set(row.keys())
extra = set(row.keys()) - _ESTIMATOR_OUTPUT_KEYS
assert not missing, f"row {i} missing keys: {missing}"
assert not extra, f"row {i} has unexpected keys: {extra}"
assert isinstance(row["position_wgs84"], dict)
assert {"lat_deg", "lon_deg", "alt_m"}.issubset(row["position_wgs84"])
assert isinstance(row["covariance_6x6"], list) and len(row["covariance_6x6"]) == 36
assert isinstance(row["smoothed"], bool)
# ----------------------------------------------------------------------
# AC-3: ≥ 80 % of emissions within 100 m of ground truth
@_HEAVY_SKIP
@pytest.mark.xfail(
reason=(
"AC-3 requires a real Topotek KHP20S30 camera calibration; "
"_docs/00_problem/input_data/flight_derkachi/camera_info.md "
"states the intrinsics are unknown. Test runs as xfail "
"until a real calibration JSON ships."
),
strict=False,
)
def test_ac3_within_100m_80pct_of_ticks(replay_runner, derkachi_replay_inputs) -> None:
# Act
result = replay_runner(pace="asap")
rows = parse_jsonl(result.output_path)
# Assert
pct = match_percentage(
rows,
derkachi_replay_inputs.ground_truth,
threshold_m=100.0,
)
assert pct >= 0.80, (
f"AC-3: only {pct * 100:.1f} % of emissions within 100 m of GT; "
f"epic threshold is 80 %"
)
# ----------------------------------------------------------------------
# AC-4a: Mode-agnosticism AST scan (runs unconditionally)
def test_ac4_mode_agnosticism_ast_scan() -> None:
"""Components MUST NOT branch on `config.mode` / `is_replay` / etc.
Per ADR-011 + replay protocol Invariant 1, replay-mode logic is
structurally confined to the composition root (``runtime_root``),
the replay strategies (``frame_source``, ``clock``,
``c8_fc_adapter/{tlog_replay_adapter,replay_sink,
noop_mavlink_transport,serial_mavlink_transport}``), the
``replay_input/`` coordinator, and the ``cli/replay.py`` CLI. No
``components/**/*.py`` file should test the mode at runtime.
"""
# Arrange
repo_root = Path(__file__).resolve().parents[3]
components_dir = repo_root / "src" / "gps_denied_onboard" / "components"
py_files = sorted(components_dir.rglob("*.py"))
assert py_files, "no component .py files found — repository layout drift?"
# Patterns we treat as mode-aware branches.
forbidden_attribute_chains = {
("config", "mode"),
("self", "_replay_mode"),
("self", "_mode"),
("self", "is_replay"),
}
forbidden_compare_strings = {"replay", "live"}
violations: list[str] = []
for path in py_files:
try:
tree = ast.parse(path.read_text(encoding="utf-8"))
except SyntaxError as exc:
pytest.fail(f"{path} is not valid Python: {exc!r}")
scanner = _ModeBranchScanner(
forbidden_attribute_chains, forbidden_compare_strings
)
scanner.visit(tree)
for lineno, snippet in scanner.violations:
violations.append(f"{path.relative_to(repo_root)}:{lineno}: {snippet}")
# Assert
assert not violations, (
"mode-agnosticism violation — components must not branch on "
"replay vs live state (move the branch to runtime_root or a "
"replay strategy):\n " + "\n ".join(violations)
)
class _ModeBranchScanner(ast.NodeVisitor):
"""AST visitor that flags `if config.mode == ...` / `is_replay` / etc."""
def __init__(
self,
forbidden_attribute_chains: set[tuple[str, str]],
forbidden_compare_strings: set[str],
) -> None:
self.forbidden_attrs = forbidden_attribute_chains
self.forbidden_strings = forbidden_compare_strings
self.violations: list[tuple[int, str]] = []
def visit_If(self, node: ast.If) -> None:
self._check_test(node.test)
self.generic_visit(node)
def visit_IfExp(self, node: ast.IfExp) -> None:
self._check_test(node.test)
self.generic_visit(node)
def _check_test(self, node: ast.expr) -> None:
# Catch `if self._replay_mode:` / `if config.mode:`
if isinstance(node, ast.Attribute):
chain = self._attribute_chain(node)
if chain in self.forbidden_attrs:
self.violations.append(
(node.lineno, f"truthiness of {'.'.join(chain)}")
)
# Catch `if config.mode == "replay":` / `if mode != "live":`
if isinstance(node, ast.Compare) and isinstance(node.left, ast.Attribute):
chain = self._attribute_chain(node.left)
if chain in self.forbidden_attrs:
for cmp_value in node.comparators:
if (
isinstance(cmp_value, ast.Constant)
and isinstance(cmp_value.value, str)
and cmp_value.value in self.forbidden_strings
):
self.violations.append(
(
node.lineno,
f"compare {'.'.join(chain)} == {cmp_value.value!r}",
)
)
# Catch nested boolean / unary wrappers.
if isinstance(node, ast.BoolOp):
for value in node.values:
self._check_test(value)
if isinstance(node, ast.UnaryOp):
self._check_test(node.operand)
@staticmethod
def _attribute_chain(node: ast.Attribute) -> tuple[str, ...]:
"""Return ('self', 'mode') for `self.mode`, etc.; () if non-trivial."""
parts: list[str] = []
cur: ast.expr = node
while isinstance(cur, ast.Attribute):
parts.append(cur.attr)
cur = cur.value
if isinstance(cur, ast.Name):
parts.append(cur.id)
else:
return ()
return tuple(reversed(parts))
# ----------------------------------------------------------------------
# AC-4b: Encoder byte-equality (BLOCKED on AZ-558)
@pytest.mark.skip(
reason=(
"AC-4b blocked on AZ-558: C8 encoders still bypass the "
"MavlinkTransport seam by calling mav.*_send directly. The "
"CapturingMavlinkTransport fixture in _helpers.py is ready; "
"this test unskips when AZ-558 lands."
)
)
def test_ac4_encoder_byte_equality() -> None:
raise NotImplementedError("blocked on AZ-558 — see skip reason")
# ----------------------------------------------------------------------
# AC-5: Determinism (two runs differ by ≤ 1e-6 in position fields)
@_HEAVY_SKIP
def test_ac5_determinism_two_runs_diff(replay_runner) -> None:
# Act
r1 = replay_runner(pace="asap")
r2 = replay_runner(pace="asap")
# Assert
assert r1.returncode == 0 and r2.returncode == 0
rows_1 = parse_jsonl(r1.output_path)
rows_2 = parse_jsonl(r2.output_path)
assert len(rows_1) == len(rows_2), (
f"determinism violated at line count: {len(rows_1)} vs {len(rows_2)}"
)
for i, (a, b) in enumerate(zip(rows_1, rows_2, strict=True)):
for axis in ("lat_deg", "lon_deg", "alt_m"):
diff = abs(
a["position_wgs84"][axis] - b["position_wgs84"][axis]
)
assert diff <= 1e-6, (
f"row {i} axis {axis}: |{a['position_wgs84'][axis]} - "
f"{b['position_wgs84'][axis]}| = {diff} > 1e-6"
)
# ----------------------------------------------------------------------
# AC-6: Pace timing
@_HEAVY_SKIP
def test_ac6_pace_realtime_60s_within_5pct(replay_runner) -> None:
# Act
result = replay_runner(pace="realtime")
# Assert
assert result.returncode == 0
# 60 s clip ± 3 s tolerance per the spec.
assert 57.0 <= result.wall_clock_s <= 63.0, (
f"--pace realtime expected 60 s ± 3 s; got {result.wall_clock_s:.2f} s"
)
@_HEAVY_SKIP
def test_ac6_pace_asap_under_30s(replay_runner) -> None:
# Act
result = replay_runner(pace="asap")
# Assert
assert result.returncode == 0
assert result.wall_clock_s <= 30.0, (
f"--pace asap expected ≤ 30 s on Tier-1; got {result.wall_clock_s:.2f} s"
)
# ----------------------------------------------------------------------
# AC-7: Skip-gate self-check
def test_ac7_skip_gate_consistent_with_env_var() -> None:
"""The heavy-test skip mark MUST mirror the documented env-var gate.
Verifies that ``RUN_REPLAY_E2E`` controls the skip mark, so the
epic AC-7 contract ("all e2e tests skip cleanly without the env
var, without errors") is observably true at collection time.
"""
# Arrange
env_set = os.environ.get("RUN_REPLAY_E2E", "").lower() in {
"1", "true", "yes", "on"
}
# Act
skip_active = _heavy_skip_reason() is not None
# Assert
assert skip_active != env_set, (
f"RUN_REPLAY_E2E env_set={env_set}; skip_active={skip_active}"
)
# ----------------------------------------------------------------------
# Operator workflow rehearsal (AC-8 in this file's matrix; spec calls it AC-9)
@pytest.mark.skip(
reason=(
"AC-8 (operator workflow rehearsal) blocked on the full "
"D-PROJ-2 mock-suite-sat-service implementation — current "
"tests/fixtures/mock-suite-sat-service/ is a bootstrap stub "
"with only GET /healthz. Unskips when the mock implements "
"tile-fetch + index-build endpoints."
)
)
def test_ac8_operator_workflow(operator_pre_flight_setup, replay_runner) -> None:
raise NotImplementedError(
"blocked on D-PROJ-2 mock-suite-sat-service implementation"
)
tests/e2e/replay/test_helpers.py
+205
View File
@@ -0,0 +1,205 @@
"""Unit-level tests for the AZ-404 e2e helpers.
Runs unconditionally in the regular regression suite (NOT gated by
``RUN_REPLAY_E2E``) — the helpers are pure / deterministic and test
themselves cheaply. Covers AC-9 (Helper L2 computation correct) and
ancillary helper invariants.
"""
from __future__ import annotations
from pathlib import Path
import pytest
from tests.e2e.replay._helpers import (
CapturingMavlinkTransport,
GroundTruthRow,
l2_horizontal_m,
match_percentage,
parse_jsonl,
)
# ----------------------------------------------------------------------
# AC-9: L2 helper correctness
def test_ac9_l2_zero_at_same_point() -> None:
# Arrange / Act
d = l2_horizontal_m(50.08, 36.11, 50.08, 36.11)
# Assert
assert d == pytest.approx(0.0, abs=1e-6)
def test_ac9_l2_north_one_degree_111km() -> None:
"""One degree of latitude ≈ 111 km on the WGS84 spherical model."""
# Act
d = l2_horizontal_m(50.08, 36.11, 51.08, 36.11)
# Assert
assert d == pytest.approx(111_195.0, rel=0.001)
def test_ac9_l2_known_pair_kharkiv_kyiv() -> None:
"""Hand-checked Derkachi (~Kharkiv) to Kyiv center: 411 km ± 1 km."""
# Arrange
kharkiv_lat, kharkiv_lon = 49.9935, 36.2304
kyiv_lat, kyiv_lon = 50.4501, 30.5234
# Act
d = l2_horizontal_m(kharkiv_lat, kharkiv_lon, kyiv_lat, kyiv_lon)
# Assert — externally known reference distance is 411 km.
assert d == pytest.approx(411_000.0, rel=0.005)
def test_ac9_l2_symmetric() -> None:
# Arrange
a = (49.991, 36.221)
b = (50.080, 36.111)
# Act
d_ab = l2_horizontal_m(*a, *b)
d_ba = l2_horizontal_m(*b, *a)
# Assert
assert d_ab == pytest.approx(d_ba, rel=1e-12)
# ----------------------------------------------------------------------
# match_percentage
def test_match_percentage_all_within_threshold() -> None:
# Arrange
gt = [GroundTruthRow(t_s=0.0, lat_deg=50.0, lon_deg=36.0, alt_m=100.0)]
emissions = [
{
"emitted_at": 0,
"position_wgs84": {"lat_deg": 50.0, "lon_deg": 36.0, "alt_m": 100.0},
}
]
# Act
pct = match_percentage(emissions, gt, threshold_m=100.0)
# Assert
assert pct == 1.0
def test_match_percentage_none_within_threshold() -> None:
# Arrange
gt = [GroundTruthRow(t_s=0.0, lat_deg=50.0, lon_deg=36.0, alt_m=100.0)]
emissions = [
{
"emitted_at": 0,
# ~111 km north of the GT row.
"position_wgs84": {"lat_deg": 51.0, "lon_deg": 36.0, "alt_m": 100.0},
}
]
# Act
pct = match_percentage(emissions, gt, threshold_m=100.0)
# Assert
assert pct == 0.0
def test_match_percentage_empty_emissions_zero() -> None:
# Arrange
gt = [GroundTruthRow(t_s=0.0, lat_deg=50.0, lon_deg=36.0, alt_m=100.0)]
# Act
pct = match_percentage([], gt, threshold_m=100.0)
# Assert
assert pct == 0.0
def test_match_percentage_empty_ground_truth_raises() -> None:
# Act / Assert
with pytest.raises(AssertionError, match="ground_truth must be non-empty"):
match_percentage(
[{"emitted_at": 0, "position_wgs84": {"lat_deg": 50, "lon_deg": 36}}],
[],
threshold_m=100.0,
)
# ----------------------------------------------------------------------
# parse_jsonl
def test_parse_jsonl_round_trip(tmp_path: Path) -> None:
# Arrange
path = tmp_path / "out.jsonl"
path.write_text('{"a": 1}\n{"b": 2}\n')
# Act
rows = parse_jsonl(path)
# Assert
assert rows == [{"a": 1}, {"b": 2}]
def test_parse_jsonl_skips_trailing_blank(tmp_path: Path) -> None:
# Arrange
path = tmp_path / "out.jsonl"
path.write_text('{"a": 1}\n\n')
# Act
rows = parse_jsonl(path)
# Assert — the trailing blank line is tolerated
assert rows == [{"a": 1}]
def test_parse_jsonl_invalid_line_raises(tmp_path: Path) -> None:
# Arrange
path = tmp_path / "out.jsonl"
path.write_text("not json\n")
# Act / Assert
with pytest.raises(AssertionError, match="not valid JSON"):
parse_jsonl(path)
# ----------------------------------------------------------------------
# CapturingMavlinkTransport (ready for AZ-558 unblock)
def test_capturing_transport_records_writes() -> None:
# Arrange
t = CapturingMavlinkTransport()
# Act
t.write(b"abc")
t.write(b"def")
# Assert
assert t.captured_payloads == (b"abc", b"def")
assert t.captured_concat == b"abcdef"
assert t.bytes_written() == 6
def test_capturing_transport_close_then_write_raises() -> None:
# Arrange
t = CapturingMavlinkTransport()
t.close()
# Act / Assert
with pytest.raises(RuntimeError, match="after close"):
t.write(b"x")
def test_capturing_transport_implements_protocol() -> None:
# Arrange
from gps_denied_onboard.components.c8_fc_adapter.interface import MavlinkTransport
# Act
t = CapturingMavlinkTransport()
# Assert — runtime_checkable Protocol acceptance
assert isinstance(t, MavlinkTransport)