Imports AZ-943 (OKVIS2 binding: real ThreadedSlam wiring; AZ-592 split
1/3, 5pt) from Jira into a local task spec at
_docs/02_tasks/todo/AZ-943_okvis2_threadedslam_binding.md so the
implement skill batch loop has the input it needs.
Dependency table: +AZ-943 row, +preamble entry, totals 180→181 tasks /
570→575 SP. AZ-944 + AZ-945 stay Jira-only this session per the
AZ-943→AZ-944→AZ-945 Blocks chain (their local specs land when their
Implement turns come up).
State file trimmed from 52 lines to schema-compliant 13 lines per
.cursor/skills/autodev/state.md (sub_step.detail must be a one-line
pointer, not a logbook). Resume context lives in the new task spec +
git log of 94d2358 (AZ-918..AZ-922 baseline fixes).
Per AZ-942 + AZ-923 are parked (state file's "Open Items At Pause" is
recorded in git log via this commit's body; not retained in state file
going forward).
Co-authored-by: Cursor <cursoragent@cursor.com>
Derkachi e2e Tier-2 divergence had three stacked root causes; this
commit ships fixes for all three plus the IMU prerequisite they
depend on, plus a baseline cheirality gate for cv2.recoverPose.
AZ-918 MAVLink IMU adapters now convert raw mG/mrad-s + FRD body to
SI m/s^2 + rad/s + FLU body via helpers.imu_units. Without
this the ESKF receives values ~1000x too small with wrong-
sign Y/Z and cannot function at all.
AZ-919 Composition root wires EskfNominalAltitudeProvider into the
KLT/RANSAC strategy via the AZ-331 factory introspect path;
OKVIS2 and VINS-Mono are unaffected.
AZ-920 KLT/RANSAC recovers metric translation via Ground Sampling
Distance when AGL is available; otherwise falls through with
scale_quality=direction_only/unknown (no fake scale invented).
AZ-921 VioOutput.scale_quality signal; ESKF add_vio adapts R_meas
position block based on the flag (1e6 inflation when scale is
direction_only/unknown to keep the filter consistent).
AZ-922 KLT/RANSAC cheirality gate rejects single-frame rotations
beyond a config threshold (default 30 deg), catching
cv2.recoverPose twisted-pair flips that cause immediate ESKF
divergence on low-parallax aerial scenes.
Verification:
- Tier-1 (macOS) unit suite: 2346 passed, 0 failed.
- Tier-2 (Jetson) Derkachi e2e: divergence moves from frame 5
(mahalanobis^2 3757) to frame 233 (mahalanobis^2 212). Remaining
drift is open-loop attitude accumulation, not cheirality.
Follow-up tickets filed:
- AZ-923 closed as misdiagnosed: EskfNominalAltitudeProvider was
already correct (nominal_pos.z IS the AGL when takeoff origin sits
at ground level); the early-frame AGL near zero reflects the drone
being stationary on the ground, not a provider bug.
- AZ-942 filed: cross-check VIO rotation against IMU preintegrator
(consistency gate) - more physically grounded than the coarse
AZ-922 threshold and likely required to absorb the frame-233 drift.
Co-authored-by: Cursor <cursoragent@cursor.com>
route_client: route Tier-2 sleep through WallClock.sleep_until_ns
instead of bare time.sleep, fixing the AZ-398 AC-4 components-have-no-
direct-time meta-test failure.
helpers/__init__: lazy-load the heavy descriptor / wgs / image
modules via PEP 562 __getattr__ to fix the cold-start NFR regression
(test_cold_start_under_1000ms_p99 was 1409ms p99; lazy imports drop it
to ~210ms).
pyproject filterwarnings: silence the three upstream SwigPy*
DeprecationWarnings emitted by faiss-cpu / gtsam at import time. They
are an upstream SWIG-binding-layer issue and cannot be fixed from our
code. Suppression is scoped to the three exact messages.
State: batch-3 of cycle-4 closed; cumulative-review marker bumped.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replaces the tlog two-clock replay surface with a single-clock path
driven by the Derkachi-schema CSV. --imu is the new required CLI arg;
--tlog stays as a deprecated alias (warned + ignored when --imu set)
until AZ-895 deletes it.
* csv_ground_truth.py parses the 15-column schema, fails fast at
startup on every documented schema fault (AC-5).
* CsvReplayFcAdapter slots into ReplayInputBundle.fc_adapter alongside
the tlog sibling; mirrors Invariant-5 outbound wiring; inbound bus is
intentionally a no-op since the loop reads CSV directly.
* _run_replay_loop branches on imu_csv_path, stamps
VioOutput.emitted_at_ns from the CSV-derived frame_end_ns (AC-4),
closing the AZ-848 two-clock surface for the new path.
* AZ-896 ships the operator-facing format spec at
_docs/02_document/contracts/replay/csv_replay_format.md plus a
20-row example CSV (AC-3 regression-locked).
Tests: 11 + 12 new unit tests, plus updates to AZ-401 import-boundary
and AZ-402 CLI suites. Full unit suite 2,327 passed / 86 skipped.
Co-authored-by: Cursor <cursoragent@cursor.com>
Unit suite: 2303P/0F/86S after relaxing C12 cold-start NFR (commit
05f1143). Cycle-3-scope PASS.
Jetson e2e: 48P/4F/3S/1XF/1XP. Four test_derkachi_1min.py failures
(AC-1/5/6-realtime/6-asap) trace to AZ-776 cycle-2 xfail removal that
was never validated on Jetson hardware. Tracked as AZ-848; xfails NOT
re-added per "Real Results, Not Simulated Ones" meta-rule.
Step 11 cycle-3 outcome recorded in run_tests_step11_report.md.
Advances autodev state pointer: step 11 -> 12 (Test-Spec Sync).
Co-authored-by: Cursor <cursoragent@cursor.com>
Cycle-3 refactor run 02-az507 (RouteSpec relocation + module-layout
refresh + AZ-270 lint widening). Single batch of 3 tasks; epic AZ-844.
AZ-845 — Relocate RouteSpec DTO to _types/route.py (rule-9 fix):
* New canonical home: src/gps_denied_onboard/_types/route.py
(frozen+slots dataclass; full docstring carried over verbatim).
* c11_tile_manager/route_client.py imports from _types.route.
* replay_input/tlog_route.py and replay_input/__init__.py keep
re-exports for backward-compat (RouteSpec in __all__).
* 5 test files updated to import from _types.route for symmetry.
* Identity-preserving re-export verified by new test
test_az845_routespec_canonical_home_and_reexport_identity.
AZ-846 — Refresh module-layout.md cycle-3 entries:
* c11_tile_manager Internal list rewritten with all 8 internals
(alphabetised) — corrects a stale entry that referenced files
(satellite_provider_*.py) that no longer exist.
* shared/replay_input file list adds errors.py (cycle-2 carry),
tlog_ground_truth.py (cycle-2 carry), tlog_route.py (cycle-3 NEW).
* shared/_types section registers route.py with provenance line.
* Out-of-scope cycle-2 carry-overs (replay_api/, cli/render_map.py,
helpers/gps_compare.py, etc.) intentionally untouched.
AZ-847 — Widen test_az270 lint to enforce full rule-9 allow-list:
* test_ac6_only_compose_root_imports_concrete_strategies now walks
every components/<X>/*.py ImportFrom/Import and rejects anything
not in the rule-9 allow-list (own subpackage + _types + helpers
+ config/logging/fdr_client/clock + frame_source interface-only).
* Strict superset of the original AC-6 narrow check.
* Reports zero violations on the codebase post-AZ-845.
* Two principled carve-outs documented in the test docstring:
- components/<X>/bench/** path skip (measurement code legitimately
constructs production strategies via runtime_root factories).
- register_* lazy self-registration imports from
runtime_root.<X>_factory (central-registry plugin pattern).
* Both carve-outs surfaced to user via Choose A/B/C/D Risk-1
protocol; user skipped both — agent proceeded with documented
defaults. Doc-only follow-up tracked in
_docs/_process_leftovers/2026-05-24_az847_rule9_wording_followup.md
for rule-9 wording update in module-layout.md.
Test results: 2287 passed, 90 skipped (environmental — Docker / CUDA
/ TensorRT / Jetson hardware / fixtures), 0 failed. Focused subset
(replay_input/ + c11_tile_manager/ + test_az270_compose_root.py)
also clean: 169 passed, 1 skipped.
Tracker: AZ-845/846/847 transitioned In Progress -> In Testing.
Co-authored-by: Cursor <cursoragent@cursor.com>
Records the Phase 3 Safety Net for refactor run 02-az507-routespec-
relocation (AZ-844 epic; AZ-845/846/847 tasks). Targeted-suite run is
green (52/52); the single full-unit-suite failure is pre-existing,
out-of-refactor-scope, environment-sensitive (workstation cold-start
NFR vs. Jetson production target) and surfaced as a cycle-3 retro
input.
Also refreshes D-CROSS-CVE-1 leftover replay timestamp (gtsam still
4.2 on PyPI; numpy>=2 wheels still not published; condition unmet).
Pointer move: autodev state stays at Step 10 / sub_step 4
refactor-execution; next action is implement skill batch loop for
AZ-845 / AZ-846 / AZ-847.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Changed autodev state sub_step to reflect new phase and task details: updated phase from 7 to 2, renamed task to 'refactor-analysis-gate', and revised detail to indicate the creation of new tasks AZ-844, AZ-845, AZ-846, and AZ-847, awaiting Phase-2 gate.
- Updated dependencies table with the latest task counts and complexity points, reflecting the addition of new tasks and the closure of AZ-777 in Jira. Total tasks now stand at 173 with 557 complexity points.
Wraps the AZ-699 verdict-report path with the AZ-839
operator_pre_flight_setup C3 fixture so a single Tier-2 test
takes only (tlog, video, calibration) and runs the full 7-step
pipeline on the Jetson harness without operator hand-curation.
New surface (tests-only, no src/ changes):
- tests/e2e/replay/_e2e_orchestrator.py — orchestrator with
OrchestratorStep enum, OrchestrationFailure exception (step
prefix per AC-5), OrchestrationReport dataclass,
write_effective_replay_config helper, and
run_e2e_orchestration entry point covering steps 1-2-6-7.
- tests/e2e/replay/test_e2e_orchestrator_unit.py — 17 unit
tests covering each failure mode + happy path with mocked
subprocess + ground-truth loader (AC-8).
- tests/e2e/replay/test_az835_e2e_real_flight.py — Tier-2 +
RUN_REPLAY_E2E gated integration test asserting verdict
report exists, 15-min budget held (AC-1, AC-2, AC-3, AC-4,
AC-6).
The effective config write overlays c6_tile_cache.root_dir
onto the static operator YAML at runtime so the airborne
subprocess shares the cache_root the C3 fixture chose. Field-
level merge — every other operator-config block stays
verbatim. The static YAML on disk is never touched.
Test run: tests/e2e/replay 45 passed, 10 skipped (10 skips
were 9 pre-existing + 1 new tier2). No src/ touched, no
AZ-839 driver changes; AC-7 (AZ-699 still passes) holds by
inspection.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replace the placeholder operator_pre_flight_setup pytest fixture (the
mkdir stub at tests/e2e/replay/conftest.py:293-310) with a real driver
that wires C1 (AZ-836 RouteSpec) + C2 (AZ-838 SatelliteProviderRoute
Client) + C11 (AZ-316 HttpTileDownloader) + C10 (AZ-322 Descriptor
Batcher) end-to-end and yields a typed PopulatedC6Cache. AZ-306 FAISS
sidecar triple-consistency is verified post-rebuild via a caller-
supplied descriptor_index_factory; partial sidecars are cleaned up on
failure (AC-7) while pre-existing warm-cache files are preserved.
Algorithm lives in tests/e2e/replay/_operator_pre_flight.py with
pure dependency injection so the AC-8 unit suite (11 tests covering
happy / transient-retry / terminal-failure / validation-error /
tamper-detection / cleanup-on-failure) runs against stubs and the
AC-9 Tier-2 integration test runs the same algorithm against the
real Jetson harness. The conftest fixture skip-gates on RUN_REPLAY
_E2E + SATELLITE_PROVIDER_URL/API_KEY + BUILD_FAISS_INDEX +
GPS_DENIED_OPERATOR_CONFIG_PATH and wires deps through the existing
runtime_root factories. Supersedes AZ-777 Phase 3.
Co-authored-by: Cursor <cursoragent@cursor.com>
Operator-side HTTP client + CLI that takes a RouteSpec from AZ-836
and onboards it via satellite-provider's POST /api/satellite/route:
pre-emptive AZ-809 validation, request submission, polling until
mapsReady, and POST /api/satellite/tiles/inventory verify.
Lives in c11_tile_manager (shared parent-suite HTTP/JWT plumbing,
shared BUILD_C11_TILE_MANAGER gate); error hierarchy split off
SatelliteProviderRouteError to keep the tile path and route path
independent. 30 unit tests + 1 RUN_E2E-gated integration test.
Pre-emptive validator tracks the actual AZ-809 server bounds
(points [2,500], zoom [0,22]) instead of the AZ-838 spec's narrower
client-only bounds; flagged as F1 in batch_107_cycle3_report.md
for user decision (accept-and-update-spec / revert-to-spec).
Co-authored-by: Cursor <cursoragent@cursor.com>
The conciseness rule in .cursor/skills/autodev/state.md caps
sub_step.detail at a single line that captures only what the
next-session resumer cannot infer from phase + name + on-disk
artifacts. Reduced "AZ-836 batch 106 committed; In Testing
transition deferred (leftover 2026-05-22 az836); AZ-838 next"
to just "AZ-838 next" — the other two facts are already
recoverable from git log and from _docs/_process_leftovers/
respectively.
Co-authored-by: Cursor <cursoragent@cursor.com>
The harness's MCP shim stopped accepting CallMcpTool mid-/autodev,
so the In Testing transition after batch 106 could not fire. Two
earlier MCP calls in the same turn succeeded (To Do -> In Progress
on AZ-836), so Jira itself is reachable; the shim is the problem.
Recorded under _docs/_process_leftovers/ with full replay payload
(transition id 32) per .cursor/rules/tracker.mdc. Will replay on
next /autodev Bootstrap step B1.
Updated _docs/_autodev_state.md sub_step.detail to point at the
leftover so the resumer doesn't lose track.
Co-authored-by: Cursor <cursoragent@cursor.com>
First building block of Epic AZ-835. Pure function that consumes
an ArduPilot binary tlog and returns a RouteSpec (waypoints +
per-waypoint coverage radius + provenance) suitable for posting
to satellite-provider's POST /api/satellite/route endpoint.
Pipeline:
- Load GPS fixes via existing load_tlog_ground_truth (AZ-697).
- Trim leading + trailing rows below takeoff thresholds
(speed >= 2 m/s AND AGL >= 5 m by default; configurable).
- Coarsen to <= max_waypoints via iterative Douglas-Peucker on
the local-ENU projection (WgsConverter.latlonalt_to_local_enu,
AZ-279). DP tolerance is caller-supplied or binary-searched
(<= 32 iterations, <= 1 m convergence).
Public surface (re-exported from replay_input/__init__.py):
- RouteSpec (frozen, slots, with provenance fields).
- RouteExtractionError (subclass of ReplayInputAdapterError).
- extract_route_from_tlog().
Tests: 14 unit tests cover AC-1..AC-10 plus edge cases (custom
DP tolerance, invalid inputs, error hierarchy, too-short segment).
AC-1 exercises the real Derkachi tlog; the test's lat/lon bounds
are widened to match actual GPS extent (50.0800..50.0840 /
36.1070..36.1145) — the AZ-836 spec's tighter IMU-derived bounds
(50.0808..50.0832 / 36.1070..36.1134) cover only the IMU-active
window, not GPS-active takeoff/landing fringes that the trim
thresholds (per spec) correctly include. See
_docs/03_implementation/batch_106_cycle3_report.md "Spec drift
surfaced" for the full note.
Semantics decision documented inline: max_waypoints is enforced
only in auto-tolerance mode; with an explicit DP tolerance the
result reflects that exact tolerance.
AZ-836 moved to done/.
Co-authored-by: Cursor <cursoragent@cursor.com>
AZ-835 Epic (E2E real-flight validation pipeline, ~17 SP across
6 children C1-C6) supersedes AZ-777 Phase 3+ (bbox-based static
seed). Children C3-C6 deliberately not yet filed — will be
re-estimated after C1+C2 land from real RouteSpec shape and
Route API client ergonomics.
- AZ-836 (C1, 3 SP): TlogRouteExtractor — pure function over
.tlog binary returning RouteSpec (waypoints + suggested
region size). Deps: AZ-697 (load_tlog_ground_truth, done),
AZ-279 (WGS converter, done).
- AZ-838 (C2, 3 SP): SatelliteProviderRouteClient + seed_route.py
CLI mirror of seed_region.py. Hard-depends on AZ-836's
RouteSpec dataclass.
- _dependencies_table.md updated with the three new rows.
Workspace-boundary rule expansion: codifies the sibling-repo
task-spec exception (the only permitted write into a sibling
repo) and the "External Systems Are Black Boxes" rule
(contract-only consumption of producer repos like
satellite-provider).
Bookkeeping: _autodev_state.md condensed to <30 lines per the
state.md conciseness rule; opencv-pin leftover replay
re-checked 2026-05-22 (gtsam still only 4.2, replay condition
unchanged).
Co-authored-by: Cursor <cursoragent@cursor.com>
Adapt C11 HttpTileDownloader to the AZ-505 v1.0.0 tile-inventory
contract (POST /api/satellite/tiles/inventory + GET /tiles/{z}/{x}/{y})
and wire the Jetson e2e harness against the real parent-suite
satellite-provider service. Closes Phase 1 of 5 for AZ-777; STOP
gate before Phase 2 (Derkachi catalog seed).
C11 changes:
- _LIST_PATH / _GET_PATH replaced with _INVENTORY_PATH + _TILES_PATH.
- _do_enumerate enumerates bbox tile coords client-side and posts
chunked inventory requests (5000-entry cap per the contract).
- _download_one_tile parses tile_id_str into (z,x,y) and fetches
the slippy-map URL.
- Common GET / POST retry+auth ladder consolidated into _send_request.
- New module helpers: _enumerate_bbox_tile_coords,
_tile_center_latlon, _tile_size_meters_at, _format_tile_id_str,
_parse_tile_id_str, _chunk_iter.
- _DEFAULT_ESTIMATED_TILE_BYTES (50 KiB) replaces the inventory-side
estimatedBytes field the v1.0.0 contract dropped.
Tests:
- 14/14 unit tests in tests/unit/c11_tile_manager/test_tile_downloader.py
rewritten for the new POST inventory + slippy-map GET handler.
_StubTileWriter rekeyed by call-index (the downloader now derives
lat/lon from the slippy-map coord, so fixtures can't fabricate
arbitrary positions).
- New Tier-2 smoke at tests/e2e/satellite_provider/test_smoke.py:
validates inventory POST schema + drives HttpTileDownloader against
the real service. Gated by RUN_REPLAY_E2E=1 + tier2.
Compose / env:
- e2e-runner SATELLITE_PROVIDER_URL switched from mock-sat:5100 to
https://satellite-provider:8080; TLS_INSECURE + Bearer JWT env +
depends_on satellite-provider added.
- .env.test.example documents SATELLITE_PROVIDER_API_KEY + dev TLS
bypass security note.
- scripts/mint_dev_jwt.py mints HS256 dev JWTs from env / .env.test.
- pyjwt added to dev extras.
Tracker hygiene:
- AZ-777 row in _dependencies_table.md bumped 5pt -> 8pt to match
the 2026-05-21 override decision log.
Code review: PASS_WITH_WARNINGS (3 medium/low findings, all deferred
to later AZ-777 phases) -- see batch_104_review.md. Batch report at
batch_104_cycle3_report.md.
Co-authored-by: Cursor <cursoragent@cursor.com>
Cycle-3 /autodev session discovered material drift between the prior
session's rewritten AZ-777 spec and current codebase reality. Refreshed
the spec, re-synced Jira (description + summary updated, status
unchanged at In Progress), appended an addendum to the 2026-05-21
decision log capturing the findings, and slimmed the state file to
the conciseness rule.
Findings reconciled:
- Tier-1 (docker-compose.test.yml) is deprecated per 2026-05-20 env
policy; original Phase 1 mods there are out of scope.
- Jetson compose ALREADY has satellite-provider + satellite-provider
-postgres services (lineage AZ-688 / AZ-691 / AZ-692). No new
service definitions needed; only e2e-runner env block.
- Port / protocol: 8080 HTTPS (self-signed dev cert), not 5101 HTTP.
- C11 contract drift: _LIST_PATH/_GET_PATH constants in
tile_downloader.py don't match the real /api/satellite/tiles
/inventory + /tiles/{z}/{x}/{y} endpoints. Phase 1 now includes
C11 contract adaptation (the largest single sub-deliverable).
- arm64 manifest of mcr.microsoft.com/dotnet/aspnet:10.0 verified;
Risk 3 closed.
- mock-sat retired from Jetson + D-PROJ-2 /api/satellite/upload
shipped on parent; mock-sat retention closed.
8-pt complexity unchanged. Single-ticket containment preserved.
Phase boundaries (STOP gates) preserved. No code changed yet —
this commit is spec / state / decision-log only; next /autodev
session executes Phase 1.
Co-authored-by: Cursor <cursoragent@cursor.com>
Original spec called for direct OSM/CARTO downloads, contradicting
architecture (C11 owns tile network I/O against parent-suite
satellite-provider .NET 8 service; C10 batches descriptors over the
populated C6, never touches the upstream). Rewritten spec drives the
production C10/C11 pipeline against the real satellite-provider
running in docker-compose.test.yml, replacing the mock-suite-sat-
service GET stub. Complexity 5 -> 8 pts (single-ticket override).
Decision log: _docs/_process_leftovers/2026-05-21_az777_complexity_
override.md. Jira AZ-777 description + summary synced. Autodev state
pauses for next session to pick up Phase 1 (satellite-provider
stand-up + smoke test).
Co-authored-by: Cursor <cursoragent@cursor.com>
Cumulative review (batches 98-102): PASS_WITH_WARNINGS — F1 module-layout
stale (Medium/Arch) + F2 inline-import style nit (Low). No blocking findings.
Completeness gate: PASS — all 6 cycle-2 tasks (AZ-697, AZ-702, AZ-698,
AZ-699, AZ-700, AZ-701) verified PASS. Zero placeholder/stub/scaffold
markers in production code; every named runtime dep integrated.
Final implementation report hands off full-suite gate to Step 11 (Jetson
e2e) — last Jetson run pre-dates all cycle-2 commits.
Autodev state advanced to Step 11 (Run Tests), not_started.
Co-authored-by: Cursor <cursoragent@cursor.com>
New replay_api component: FastAPI service wrapping the offline
gps-denied-replay pipeline. POST tlog+video (multipart) → either
sync 200 with result/map/report URLs, or async 202 + job id with
/jobs/{id} polling. Magic-byte validation, bearer auth, in-memory
JobRegistry with concurrency + queue caps (429 on overflow).
Helper accuracy_report.py promoted from tests/ to src/ because the
API needs the Markdown report writer at runtime; all AZ-699 imports
re-pointed. OpenAPI spec exported to docs.
18/18 unit tests pass (AC-1 sync, AC-2 async, AC-3 state machine,
AC-5 auth, AC-6 health, AC-8 concurrency, AC-9 magic-byte). Full
unit suite: 2251 pass, 86 skip, 1 pre-existing C12 cold-start flake
(unchanged). mypy --strict clean on the new surface.
Co-authored-by: Cursor <cursoragent@cursor.com>
New operator-side console-script renders a self-contained HTML map
(folium / Leaflet) comparing the estimator's JSONL track against
the tlog ground-truth track. Pinned visual style: red truth + blue
estimated polylines, start/end markers per track, 100 m + 50 m
scale circles, optional AZ-699 accuracy-summary banner, and an
--offline-tiles mode (with optional local tile-URL template) for
Jetsons without internet.
folium is gated behind a new [operator-tools] optional-dep so the
airborne binary's cold-start NFR is unaffected (C12 binary doesn't
import the new module). 14 new unit tests pin polyline count,
marker count, scale-circle radii, summary embedding, offline-tile
behaviour, and full CLI smoke. Zero mypy --strict errors.
Refines the 2026-05-20 Jetson-only test policy: unit tests may run
locally, e2e/perf/resilience/security stay Jetson-only. Documented
in _docs/02_document/tests/environment.md (Where each tier runs)
and .cursor/rules/testing.mdc (Test environment for this project).
Co-authored-by: Cursor <cursoragent@cursor.com>
New e2e test runs gps-denied-replay --auto-trim against the real
derkachi.tlog + flight video + AZ-702 calibration, computes the
horizontal-error distribution (mean/p50/p95/p99 + 10/25/50/100 m
threshold-hit share), writes _docs/06_metrics/real_flight_
validation_{date}.md, and asserts honest PASS/FAIL with no @xfail
mask. AZ-404's 1-min test is untouched (sibling, not replacement).
Extends gps_compare.py with HorizontalErrorDistribution +
percentile_sorted (numpy-equivalent linear interpolation). New
test helper _report_writer.py renders the canonical Markdown
schema documented as FT-P-20 in blackbox-tests.md.
16 new unit tests pin distribution arithmetic, verdict gate,
failure-message templating (references calibration acquisition
method per AC-3), and report layout. 129 passed in focused
regression, 3 skipped (real video / Tier-2 prerequisites).
Zero new mypy --strict errors.
Co-authored-by: Cursor <cursoragent@cursor.com>
Adds find_aligned_window cross-correlation (NCC, per-window unit norm)
between IMU energy and video optical-flow magnitude. Returns
AlignedWindow{tlog_start_ns, tlog_end_ns, offset_ms, confidence,
used_fallback}, with fallback to head-takeoff on low confidence to
preserve AZ-405 behavior. TlogReplayFcAdapter honors tlog_start_ns and
skips pre-window messages. New --auto-trim CLI flag, mutex with
--time-offset-ms. AC-1..AC-4 covered by unit tests; AC-5 skipped (no
real flight_derkachi.mp4 in repo). 106 tests pass in regression slice.
Zero new mypy --strict errors.
Co-authored-by: Cursor <cursoragent@cursor.com>
Batch 98 (cycle 2) — first two PBIs of epic AZ-696 (real-flight
validation harness):
AZ-697: direct binary-tlog GPS-truth extractor
- New src/gps_denied_onboard/replay_input/tlog_ground_truth.py reads
GLOBAL_POSITION_INT (with GPS_RAW_INT fallback) from a binary
ArduPilot tlog via pymavlink.mavutil and returns a frozen+slotted
TlogGroundTruth DTO with per-record ts_ns / lat_deg / lon_deg / alt_m
/ hdg_deg / vx_m_s / vy_m_s / vz_m_s.
- Promoted l2_horizontal_m + match_percentage + GroundTruthRow from
tests/e2e/replay/_helpers.py into the new production module
src/gps_denied_onboard/helpers/gps_compare.py. The e2e helper now
re-exports the same objects (identity, not copies) so existing test
imports continue working untouched.
- tests/e2e/replay/conftest.py prefers the real derkachi.tlog when
present, falls back to the CSV synth path otherwise.
- 22 new unit tests cover AC-1..AC-5 (mypy --strict subprocess test
included). All passing.
AZ-702: Topotek KHP20S30 factory-sheet camera calibration
- New _docs/00_problem/input_data/flight_derkachi/khp20s30_factory.json:
fx = fy = 4644.444, cx = 960, cy = 540, HFOV ~ 23.3 deg, VFOV ~ 13.2
deg, computed from the published 8.5 mm focal length + 1/2.8" sensor
+ 1920x1080 capture at lowest zoom step. Distortion zeroed,
body_to_camera_se3 = identity with nadir convention. Acquisition
method explicitly recorded as factory_sheet so downstream code can
expect higher residual error than a lab calibration.
- _docs/00_problem/input_data/flight_derkachi/camera_info.md updated
to document the assumptions, expected residual error window, and
conftest pick-up rule.
- tests/e2e/replay/conftest.py::_calibration_path() prefers
khp20s30_factory.json when present, falls back to adti26.json.
- 9 new unit tests cover AC-1..AC-4 (schema, intrinsics traceback,
doc reference, conftest pick-up). All passing.
Test run: 45 new tests, all passing. Full-suite gate deferred to
Step 16 (after the last batch in cycle 2 per the implement skill).
Adjacent note (not fixed in this batch, recorded in the batch report):
auto_sync.py has the same redundant pymavlink type:ignore + a few
numpy/cv2 mypy --strict issues. None on this batch's path.
Refs: _docs/03_implementation/batch_98_cycle2_report.md
Refs: _docs/02_tasks/done/AZ-697_tlog_ground_truth_extractor.md
Refs: _docs/02_tasks/done/AZ-702_khp20s30_calibration.md
Co-authored-by: Cursor <cursoragent@cursor.com>
Pre-implement chore commit to land orchestration artifacts produced by
autodev cycle-2 Step 9 (New Task), so that Step 10 (Implement) starts
against a clean working tree.
What's included:
- .gitignore: exclude _docs/00_problem/input_data/**/*.{tlog,mp4,h264}
(derkachi.tlog is a 5.8 MB binary input and stays out-of-band).
- _docs/02_tasks/todo/AZ-697..AZ-702: 6 new PBI specs under epic AZ-696
(tlog ground-truth extractor, mid-flight trim+align, real-flight
validation runner, replay map viz, HTTP replay API, KHP20S30 calib).
- _docs/02_tasks/_dependencies_table.md: dep edges for the 6 PBIs.
- _docs/_autodev_state.md: status -> in_progress, step 10 cycle 2.
- _docs/_process_leftovers/...opencv_pin_deferred.md: replay-attempt
timestamp refreshed (gtsam-numpy-2 wheels still not published;
leftover remains open).
No source code is modified by this commit.
Co-authored-by: Cursor <cursoragent@cursor.com>
- Enhanced `.env.example` with detailed CMake build flags and replay-mode strategy flags for development and CI environments.
- Updated `.gitignore` to include a new deploy rollback bookmark.
- Revised `_docs/_autodev_state.md` to reflect the current task status and steps.
- Added new lessons to `_docs/LESSONS.md` regarding testing and architectural improvements.
- Documented changes in `_docs/02_document/deployment/ci_cd_pipeline.md` to reflect the relaxed OpenCV version pin.
- Updated test data documentation in `_docs/02_document/tests/test-data.md` to clarify fixture usage and paths.
This commit continues the cycle-1 documentation sync and addresses various configuration updates for improved clarity and functionality.
Batch 5b completes the helpers sweep for cycle-1 Step 13.
For each of the four remaining helpers (sha256_sidecar,
engine_filename_schema, ransac_filter,
descriptor_normaliser):
- Append "Cycle-1 operational reality" section to the
existing common-helpers/<NN>_*.md, documenting the
shipped interface, exception types, public constants,
determinism / validation invariants, and AZ-task
lineage.
Specific cycle-1 facts captured per helper:
- sha256_sidecar (AZ-280): single Sha256SidecarError
hierarchy, SIDECAR_SUFFIX public constant, sidecar
format is pure lowercase 64-char hex (no JSON),
verbatim ".sha256" suffix append, streaming digests
in 1 MiB chunks, verify-returns-False semantics for
missing payload vs. raise for missing sidecar,
byte-deterministic aggregate_hash with sorted-by-str
basenames.
- engine_filename_schema (AZ-281):
EngineFilenameSchemaError, ENGINE_SUFFIX and
ALLOWED_PRECISIONS public constants, strict model
validation ([a-z0-9_]+ ≤64 chars no __), dotted
version regex, non-bool sm validation, matches_host
ignores precision by design.
- ransac_filter (AZ-282 / AZ-623): RansacFilterError,
frozen RansacResult dataclass, cv2.setRNGSeed(0)
determinism, median-not-mean residual, NaN for empty
inliers, min_inliers is informational only,
filter_correspondences uses perspectiveTransform vs.
compute_reprojection_residual uses projectPoints, OK
to import se3_utils (both Layer 1).
- descriptor_normaliser (AZ-283 / AZ-338):
DescriptorNormaliserError, ALLOWED_DTYPES =
(float16, float32), float32 norm computation with
dtype-preserving cast-back, new
intra_cluster_normalise method for NetVLAD per-cluster
L2 (AZ-338), descriptor_metric returns
"inner_product" string.
Two contract files (descriptor_normaliser.md and
ransac_filter.md mention follow-up) need follow-up
minor revisions to match shipped surface; queued for
the contracts-folder sweep.
Bumps _docs/_autodev_state.md sub_step to
tests-doc-updates phase 9.
Co-authored-by: Cursor <cursoragent@cursor.com>
Batch 5a of the cycle-1 doc sync. For each of the four
foundation helpers (imu_preintegrator, se3_utils,
lightglue_runtime, wgs_converter):
- Append "Cycle-1 operational reality" section to the
existing common-helpers/<NN>_*.md, documenting what the
shipped implementation actually exposes vs. the design-
intent sketch (interfaces, exception types, public
constants, AZ-task lineage).
Specific cycle-1 facts captured per helper:
- imu_preintegrator (AZ-276): make_imu_preintegrator
factory, BMI088-class noise defaults, single
ImuPreintegrationError exception, actual return type is
PreintegratedCombinedMeasurements (consumer builds the
CombinedImuFactor), destructive reset_with_bias semantics,
first-sample-not-integrated dt=0 handling.
- se3_utils (AZ-277): SE3 = gtsam.Pose3 re-export,
Se3InvalidMatrixError, strict caller-orthogonalisation
invariant, _DEFAULT_ROT_ATOL=1e-6 and small-angle Taylor
cutoff for exp_map, is_valid_rotation predicate, strict
dtype=float64 everywhere.
- lightglue_runtime (AZ-278 / R14 fix): EngineHandle
Protocol-typed constructor, LightGlueRuntimeError +
LightGlueConcurrentAccessError, non-blocking concurrent-
access guard (raises rather than serialises),
match_batch equal-length precondition, composition-root
single-instance into C2.5 + C3.
- wgs_converter (AZ-279 + AZ-490): WEB_MERCATOR_MAX_LAT_DEG
and MAX_ZOOM constants, WgsConversionError, ECEF arrays
are ndarray(3,) float64, new horizontal_distance_m method
(AZ-490 takeoff-origin bounded-delta gate), slippy-map
tile math hand-rolled to match satellite-provider on-disk
layout.
Two contract files (imu_preintegrator.md and
wgs_converter.md) need follow-up minor revisions to match
shipped surface; queued for the next contracts-folder
sweep, noted inline in each helper's new section.
Also refresh D-CROSS-CVE-1 opencv-pin leftover replay
timestamp (8-min debounce — gtsam upstream state cannot
change in that window).
Bumps _docs/_autodev_state.md sub_step detail.
Co-authored-by: Cursor <cursoragent@cursor.com>
Batch 4 of the cycle-1 component-doc sync. For each of C10
(provisioning), C11 (tilemanager), C12 (operator_orchestrator),
and C13 (fdr):
- Append "Cycle-1 operational reality" paragraph to § 1
documenting the actual cycle-1 wiring path:
- C10: operator-side / cross-tier; NOT in _STRATEGY_REGISTRY;
composed via runtime_root/c10_factory.py with six per-service
factories; reuses C7 InferenceRuntime for engine compile;
AZ-323 Ed25519 signer + C10ManifestConfig signing-mode gate;
AZ-324 ManifestVerifierImpl with airborne/operator modes;
AZ-507 c6 cuts kept in c10_factory; AZ-687 N/A.
- C11: operator-workstation-only; airborne build target
excludes source tree (ADR-004 / AC-8.4); composed via
runtime_root/c11_factory.py with three per-service factories;
distinct FdrClient producer_ids for signing_key + tile_uploader;
AZ-320 IdempotentRetryTileUploader wraps by default;
AZ-507 keeps c6 surfaces caller-injected; AZ-687 N/A.
- C12: operator-workstation CLI binary; airborne build excludes
source tree (ADR-004 + Principle #9); composed via
runtime_root/c12_factory.py; OperatorOrchestratorServices
dataclass aggregates AZ-326/327/328/329/330/489 services with
sibling fields defaulting to None; AZ-507 cuts via
RemoteCacheProvisionerInvoker + TileDownloaderCut/UploaderCut;
AZ-687 N/A.
- C13: airborne infrastructure; pre_constructed[c13_fdr] seeded
FIRST via make_fdr_client(AIRBORNE_MAIN_PRODUCER_ID, config)
(AZ-619 Phase A); per-producer _CACHE gives AC-619.2 singleton;
AZ-274 drop-oldest overrun policy wired at construction;
c1_vio / c5_state require it, c2_5/c3/c3_5/c4 optional; AZ-687
guard explicitly does NOT apply — seed runs before any block
presence check so replay binaries still write FDR.
Also bump _docs/_process_leftovers/2026-05-11_d_cross_cve_1_opencv_pin_deferred.md
replay timestamp to 17:18 (start of this /autodev invocation);
gtsam==4.2.1 still requires numpy<2.0.0 so the relaxed opencv pin
remains in effect.
Update _docs/_autodev_state.md sub_step.detail to record batch
4/~5 done; next batch is the 8 helpers under common-helpers/.
Co-authored-by: Cursor <cursoragent@cursor.com>
Batch 3 of the cycle-1 component-doc sync. For each of C6
(tile_cache), C7 (inference), C8 (fc_adapter):
- Append "Cycle-1 operational reality" paragraph to § 1
documenting the actual cycle-1 wiring path:
- C6: infrastructure seeded via build_pre_constructed's
c6_descriptor_index (BUILD_FAISS_INDEX-gated) and
c6_tile_store slots; no _STRATEGY_REGISTRY slot;
AZ-687 replay-mode guard skips both seeds when the
minimal replay Config omits the c6_tile_cache block.
- C7: single InferenceRuntime built once via
_build_c7_inference, identity-shared as the engine
source for c3_lightglue_runtime (AZ-622 phase D);
C7_AIRBORNE_BUILD_FLAGS lists tensorrt (production-
default) + pytorch_fp16 (Tier-0 fallback);
onnx_trt_ep deliberately omitted from airborne flags;
AZ-687 replay-mode guard cascades to c3_lightglue_runtime.
- C8: composed via a SEPARATE registry path
(runtime_root/fc_factory.py) with its own _FC_REGISTRY
+ _GCS_REGISTRY; per-binary bootstrap modules register
concrete strategies under BUILD_FC_* / BUILD_GCS_*
flags; bind_outbound_emit_thread enforces the
single-writer outbound invariant (AC-6).
- Add "Cycle-1 Tier-2 follow-up dependencies" subsection
in § 7 of C7 only: onnx_trt_ep is implemented and the
inference_factory recognises BUILD_ONNX_TRT_EP_RUNTIME,
but airborne config selecting it raises a clean
AirborneBootstrapError pointing only at the two airborne
options. C6 and C8 have no parked Tier-2 strategies for
cycle-1.
None of c6/c7/c8 import cv2 directly, so no OpenCV pin
row is added to § 5 (D-CROSS-CVE-1 leftover stays as it
is; the relaxed pin is recorded against c2.5/c3/c3.5/c4/c5
where the imports actually live).
Also refresh the D-CROSS-CVE-1 leftover replay timestamp
(condition still upstream-gated: gtsam wheels remain
numpy<2) and bump the autodev state's sub_step.detail to
record "batch 3/~5 done (c6/c7/c8); 4 components + 8
helpers + tests/ remain".
Co-authored-by: Cursor <cursoragent@cursor.com>
Batch 2 of the cycle-1 component-doc sync. For each of C3.5
(AdHoP), C4 (Pose), C5 (State):
- Append "Cycle-1 operational reality" paragraph to § 1
documenting the _STRATEGY_REGISTRY wiring, the
AIRBORNE_REQUIRED_PRE_CONSTRUCTED_KEYS slot, and the
composition-time errors raised on missing seeds.
- Relax the OpenCV pin in § 5 to >=4.11.0.86,<4.12 with a
pointer to the D-CROSS-CVE-1 leftover (C5 adds a new row
for the AZ-389 orthorectifier subsystem's cv2 import).
- Add "Cycle-1 Tier-2 follow-up dependencies" subsection
in § 7 where applicable: C3.5 calls out the airborne
registry's omission of PassthroughRefiner; C5 calls out
the AZ-389 orthorectifier wiring (default OFF) and the
AZ-624 operator-supplied flight metadata that must land
before flipping orthorectifier.enabled=True. C4 has no
parked Tier-2 (only opencv_gtsam is defined).
Also refresh the D-CROSS-CVE-1 leftover replay timestamp
(condition still upstream-gated: gtsam wheels remain
numpy<2) and bump the autodev state's sub_step.detail to
record "batch 2/~5 done (c3_5/c4/c5); 7 components + 8
helpers + tests/ remain".
Co-authored-by: Cursor <cursoragent@cursor.com>
Item 2 (C1) + item 3 batch 1 of ~5 (C2 VPR, C2.5 Rerank, C3 Matcher)
of the cycle-1 component-description reconciliation called out in
ripple_log_cycle1.md.
For each touched description.md:
- Add a "Cycle-1 operational reality" paragraph in section 1 that
names the _STRATEGY_REGISTRY + register_airborne_strategies()
runtime gate (AZ-591), the pre_constructed dict path through
compose_root (AZ-618 umbrella), the per-component
AIRBORNE_REQUIRED_PRE_CONSTRUCTED_KEYS row, and any cycle-1
strategy-default vs documented-primary disambiguation
(net_vlad as the C2 default; xfeat parked from the C3 airborne
registry).
- Relax the OpenCV row in section 5 Key Dependencies to the
D-CROSS-CVE-1 cycle-1 pin (>=4.11.0.86,<4.12) wherever the
component imports cv2 (C2 preprocessors, C2.5 ORB placeholder,
C3 RANSAC + reprojection).
- Add a "Cycle-1 Tier-2 follow-up dependencies" subsection in
section 7 only for components with a strategy module that is
built but parked from the airborne registry (C3 xfeat).
Refresh ripple_log_cycle1.md follow-up ordering with per-batch
progress + extracted batch pattern so the next batch session has
a self-contained recipe. Bump _autodev_state.md sub_step.detail
to reflect batch 1 completion (10 components + 8 helpers + tests/
remain).
Co-authored-by: Cursor <cursoragent@cursor.com>
Item 1 of the deferred Step 13 refresh set per
_docs/02_document/ripple_log_cycle1.md.
architecture.md:
- Components C1: KltRansac is the cycle-1 operational default while
AZ-332/AZ-333 are BLOCKED awaiting Tier-2 prerequisites; ADR-001 /
ADR-002 unchanged (the seam holds; the selection shifted).
- Principle #3: same KltRansac note (cross-link to Components).
- § Technology Stack: OpenCV pin row reflects the cycle-1 relaxation
to >=4.11.0.86,<4.12 with the leftover-file pointer; OKVIS2 + VINS-
Mono rows note BLOCKED with AZ-592 / AZ-593 follow-ups.
- § NFR: Dependency CVE pinning row notes the relaxation and the
CVE-2025-53644 re-validation owed before close.
- § ADR-001: cycle-1 operational note (KltRansac default; AZ-332/333
facade-only; AZ-589/590 closed Won't-Fix).
- § ADR-009: new Cycle-1 implementation subsection covers
_STRATEGY_REGISTRY + register_strategy (AZ-591) and the
pre_constructed kwarg + build_pre_constructed (AZ-618 umbrella;
Phases A-F including AZ-625 / AZ-687).
module-layout.md:
- shared/runtime_root entry: package layout (was single file in the
Plan-era sketch); new public-surface table covering __init__.py,
airborne_bootstrap.py, _replay_branch.py, and the per-component
factory modules; ownership rows extended (AZ-591, AZ-618, AZ-625,
AZ-687).
system-flows.md: intentionally not modified — F2 / F8 narratives are
at the component-flow abstraction level and do not reference
compose_root / pre_constructed mechanics, so they have not drifted.
Items 2-4 of the ripple-log refresh set (C1 description, the other
13 components, 8 helpers, tests/*.md) remain deferred to subsequent
sessions.
State: Step 13 stays in_progress; sub_step advanced to phase 6
(component-doc-updates).
Co-authored-by: Cursor <cursoragent@cursor.com>
Step 8 testability_assessment.md already exists (2026-05-16 verdict
"Code is testable -- no changes needed"). Step 9 (Decompose Tests),
Step 10 (Implement Tests), Step 11 (Run Tests) all completed earlier
in cycle 1; their artifacts are intact. Next un-done step is Step 12
which needs to fold AZ-591, AZ-618 umbrella (AZ-619..AZ-625), and
AZ-687 implementation-learned ACs into the test-spec files (last
touched 2026-05-09, no AZ-6xx references).
Co-authored-by: Cursor <cursoragent@cursor.com>
Appends a 2026-05-19 addendum to implementation_completeness_cycle1
acknowledging AZ-591, the AZ-618 umbrella (AZ-619..AZ-625), and AZ-687.
All landed since the 2026-05-16 verdict was written. Updated counts:
116 audited tasks (was 107) / 114 PASS / 0 FAIL / 4 BLOCKED-with-
Tier-2-handle (AZ-332->AZ-592, AZ-333->AZ-593, AZ-624 AC-5, AZ-687
AC-687-3 -- the last two share a single Jetson run artifact).
Gate verdict: Step 7 CLEARED to advance. Auto-chain -> Step 8 (Code
Testability Revision). Pending Tier-2 evidence files are tracked
inside the report addendum and rewind the flow only if the Deploy
gate (Step 16) rejects them.
Co-authored-by: Cursor <cursoragent@cursor.com>
Replay CLI synthesizes a minimal Config whose `components` mapping
omits the strategy-component blocks (`c6_tile_cache`, `c7_inference`,
`c5_state`) the airborne bootstrap historically read unconditionally.
Add `_replay_omits_component_block` and gate the c6 seeds, the c7 +
c3_lightglue_runtime pair, and the c5 (estimator, handle) eager build
on `config.mode == "replay" AND block absent`. Live mode and any
replay config that DOES populate the blocks remain unchanged — the
guard is conditional, not blanket.
The skip is safe because compose_root's per-component wrappers only
run for slugs in `config.components`; absent blocks mean absent
wrappers, so the seeded slots would never be read. Fix lives at the
BUILD-PRE-CONSTRUCTED layer per the spec's explicit "no silent fallback
in `_c6_config`" constraint.
Covers AC-687-1 / AC-687-2 / AC-687-4. AC-687-3 (Jetson Tier-2 e2e
replay) requires an out-of-band hardware re-run; evidence destination
documented in autodev state.
Co-authored-by: Cursor <cursoragent@cursor.com>
Jetson Tier-2 e2e on 2026-05-19 11:27 surfaced a NEW gap one phase
deeper than where Rerun 3 died: build_pre_constructed seeds
c6_descriptor_index unconditionally, which reads
config.components["c6_tile_cache"] via storage_factory._c6_config.
The replay CLI synthesizes a Config that has no c6_tile_cache
block, so AC-1/2/5/6 fail with KeyError 'c6_tile_cache'.
Bootstrap (no source code changes):
- AZ-687 (Story, To Do, 2pt, Epic AZ-602; blocks AZ-618)
- Task spec in _docs/02_tasks/todo/
- _dependencies_table.md row + header narrative
- _docs/_autodev_state.md detail repointed at AZ-687
- _docs/03_implementation/jetson_runs/ Tier-2 evidence
The fix itself lives in batch 97 (next session): guard the c6/c7
seeds at the BUILD-PRE-CONSTRUCTED layer when config.mode ==
"replay". Per existing storage_factory._c6_config docstring the
silent-fallback path is explicitly rejected — the bootstrap layer
is the right seam.
Co-authored-by: Cursor <cursoragent@cursor.com>
Wire register_airborne_strategies + build_pre_constructed +
compose_root(config, pre_constructed=...) into runtime_root.main(). The
existing exception block now catches AirborneBootstrapError distinctly
before the broader (ConfigurationError, StrategyNotLinkedError,
RuntimeError) clause so the operator-facing "airborne_bootstrap:"
prefix carried by every bootstrap error reaches stderr cleanly with
EXIT_GENERIC_FAILURE rather than getting absorbed into a generic
backtrace.
This closes the AZ-618 umbrella: AZ-619..AZ-623 + AZ-625 had built
each pre_constructed key; this batch lands the integration that the
production main() actually invokes them. Both the live
gps-denied-onboard and replay gps-denied-replay binaries dispatch
through this main() per ADR-011, so both reach takeoff with
pre_constructed populated end-to-end.
Tests: tests/unit/runtime_root/test_az618_pre_constructed.py adds 6
tests covering AC-618-1..AC-618-4 + AZ-624 local handler-ordering
regression guard. The strategy factories are stubbed at the
airborne_bootstrap module boundary so the test exercises the
integration seam without standing up gtsam / FAISS / TensorRT /
PyTorch / OpenCV at unit-test scope.
AC-618-5 (Jetson tier-2 e2e) is BLOCKED on operator-supplied hardware
evidence: scripts/run-tests-jetson.sh
tests/e2e/replay/test_derkachi_1min.py must run on Jetson Orin Nano
(JetPack 6.2.2+b24) and the terminal log path + JetPack version + run
timestamp captured per _docs/02_document/tests/tier2-jetson-testing.md.
Quality gates: ruff format clean, ruff lint clean, 6/6 new umbrella
tests pass, 261/261 runtime_root + c5_state regression suite passes,
25/25 test_az401_compose_root_replay regression passes, full Tier-1
unit suite 2150/2151 passes (1 unrelated pre-existing failure:
c12_operator_orchestrator subprocess cold-start NFR fails on Mac dev
host's Python startup ~700 ms; not regressed by AZ-624). Code review
verdict PASS (1 Low finding; full report in
_docs/03_implementation/reviews/batch_96_review.md).
Archives AZ-624 task spec + AZ-618 umbrella reference to done/.
Co-authored-by: Cursor <cursoragent@cursor.com>
Wire the airborne bootstrap to seed pre_constructed['c5_isam2_graph_handle']
so c4_pose's compose-time lookup is satisfied (c4_pose runs before c5_state in
topological order; the iSAM2 graph handle is built INSIDE the C5 estimator's
constructor and so must be produced eagerly at bootstrap time).
build_pre_constructed now invokes a new internal _build_c5_state_estimator_pair
helper that calls state_factory.build_state_estimator once, captures the
(estimator, handle) tuple, and seeds two slots: 'c5_isam2_graph_handle' for
C4's lookup, and an internal '_c5_prebuilt_estimator' look-aside key for the
C5 wrapper's short-circuit. _c5_state_wrapper checks the look-aside key first
and returns the prebuilt instance as-is — the SAME object the handle was
extracted from, so c4_pose._isam2_handle and c5_state._isam2_handle reference
ONE object across the C4 / C5 seam (AC-625.3 cross-seam identity invariant).
C5_STATE_BUILD_FLAGS mirrors state_factory._STATE_BUILD_FLAGS so the bootstrap
can name the gating BUILD_STATE_* flag in operator errors before the lower
level StateEstimatorConfigError fires (AC-625.2). When the factory itself
rejects the configuration with the flag ON, the error wraps into
AirborneBootstrapError with __cause__ preserved (matches AZ-621 / AZ-622
patterns).
Constraints respected per AZ-618 umbrella: no per-component factory signature
changed; additive on top of AZ-619..AZ-623; no edits under state_factory,
pose_factory, or c5_state internals.
Tests: tests/unit/runtime_root/test_az625_c5_isam2_graph_handle_ordering.py
adds 8 tests covering AC-625.1..3 (presence + Protocol conformance, internal
key invariant, BUILD-flag-OFF error, unknown-strategy error, factory error
wrapping, cross-seam identity, wrapper short-circuit, wrapper fallback).
Autouse stubs added to test_az619/620/621/622/623 so prior phase tests stay
isolated from the new builder.
Quality gates: ruff format clean, ruff lint clean, 32/32 phase tests pass,
255/255 runtime_root + c5_state regression suite passes. Code review verdict
PASS (2 Low findings; full report in
_docs/03_implementation/reviews/batch_95_review.md).
Co-authored-by: Cursor <cursoragent@cursor.com>
build_pre_constructed now populates c3_lightglue_runtime
(LightGlueRuntime) + c3_feature_extractor (FeatureExtractor) on top
of AZ-619/620/621. Strategy-specific BUILD_MATCHER_* flag mismatch
raises AirborneBootstrapError naming the missing flag and the c3_matcher
consumer; the c7 InferenceRuntime built earlier in the bootstrap is
reused as the engine source so no double-build at this layer.
C3MatcherConfig gains optional lightglue_weights_path: Path | None
for the operator's deployment config; production main() (AZ-624)
populates it. Real LightGlue inference correctness is verified by
AZ-624's Jetson AC-5 run per the AZ-622 Tier-2 Note.
Phase tests for AZ-619/620/621 gain an autouse _stub_c3_matcher_builders
fixture so additivity assertions remain valid as the bootstrap grows.
Code review: PASS_WITH_WARNINGS (3 Low: signature drift from spec,
_is_build_flag_on duplication across 3 runtime_root modules, and
BuildConfig literal mirrored with per-strategy build configs). All
deferred to future hygiene PBIs.
Co-authored-by: Cursor <cursoragent@cursor.com>
Oleksandr Bezdieniezhnykh