# Code Review Report

**Batch**: 96
**Tasks**: AZ-624 (Phase F of AZ-618: wire `build_pre_constructed` into `runtime_root.main()` + AC-1..AC-5 verification)
**Date**: 2026-05-19
**Verdict**: PASS

## Phase 1: Context

Read in this review window:

- `_docs/02_tasks/todo/AZ-624_pre_constructed_phase_f_wire_main.md` (task spec; ACs)
- `_docs/02_tasks/todo/AZ-618_airborne_bootstrap_pre_constructed.md` (umbrella; canonical AC-1..AC-5)
- `_docs/03_implementation/batch_95_cycle1_report.md` (immediate predecessor — confirms AZ-625 unblocked AZ-624)
- `src/gps_denied_onboard/runtime_root/__init__.py` (main() before + after; existing exception block; compose_root signature)
- `src/gps_denied_onboard/runtime_root/airborne_bootstrap.py` (`build_pre_constructed`, `register_airborne_strategies`, `AirborneBootstrapError`)
- `tests/unit/test_az401_compose_root_replay.py` (env / fixture pattern reused by the new umbrella test file)

## Phase 2: Spec Compliance

| AC | Status | Test | Notes |
|----|--------|------|-------|
| AC-618-1 (every required key populated, no None) | Covered | `test_ac_618_1_build_pre_constructed_populates_every_required_key` | Asserts the union of all `AIRBORNE_REQUIRED_PRE_CONSTRUCTED_KEYS` rows is a subset of the returned dict + every key is non-None. |
| AC-618-2 (compose_root reaches takeoff with 7 slots) | Covered | `test_ac_618_2_compose_root_reaches_takeoff_with_all_seven_slots` | Stubs the 7 strategy factories the airborne wrappers delegate to + builds a 7-block Config; asserts the returned `RuntimeRoot.components` contains all 7 slot names. |
| AC-618-3 (BUILD-flag mismatch raises named error) | Covered | `test_ac_618_3_build_flag_off_raises_named_error_with_consuming_component` | Drops the autouse `_build_c7_inference` stub, forces `build_inference_runtime` to raise `RuntimeNotAvailableError`, asserts the wrapping error message names `c7_inference` + both airborne C7 BUILD flags + the consuming component slug `c2_vpr`. |
| AC-618-4 (main() exit codes + stderr prefix) | Covered | `test_ac_618_4_main_returns_zero_on_success` + `test_ac_618_4_main_returns_generic_failure_with_airborne_bootstrap_prefix` + `test_ac_624_local_main_distinct_handler_does_not_double_print` | Three tests: success path returns 0 with no stderr; forced bootstrap failure returns `EXIT_GENERIC_FAILURE` and stderr contains the `airborne_bootstrap:` prefix; the dedicated handler does not double-print (regression guard for the catch ordering). |
| AC-618-5 / AC-624.tier2 (Jetson tier-2 e2e) | BLOCKED | n/a (out-of-process) | Requires `scripts/run-tests-jetson.sh tests/e2e/replay/test_derkachi_1min.py` on real Jetson Orin Nano hardware (JetPack 6.2.2+b24). Cannot run from the Mac dev host. Operator-supplied evidence required: terminal log path + JetPack version + run timestamp. |
| AC-624.local (full Tier-1 pytest green) | Pass with 1 unrelated pre-existing failure | full `tests/unit/` suite | 2150 passed, 85 skipped (environment-gated: GPU / Docker / Jetson / TensorRT). One unrelated failure: `tests/unit/c12_operator_orchestrator/test_cli_console_script.py::TestConsoleScript::test_cold_start_under_500ms_p99` — Mac dev host's Python subprocess startup is ~700 ms, exceeding the 500 ms NFR. This test exists in a component (`c12_operator_orchestrator`) AZ-624 does NOT modify or depend on; failure is a host-performance artifact, not a regression. Reported to the user; not blocking AZ-624. |

**Constraint compliance**:

- "MUST NOT touch any per-component factory signature" → `compose_root` and `build_pre_constructed` signatures unchanged; only the body of `main()` was extended. ✓
- "MUST NOT introduce new BUILD_* env flags" → no new flag introduced. ✓
- "All changes confined to `runtime_root/__init__.py` + `runtime_root/airborne_bootstrap.py` + new test file" → diff scope respected. ✓

## Phase 3: Code Quality

1 finding — Low / Style; not blocking:

- F1 (Low / Style): the dedicated `except AirborneBootstrapError` handler in `main()` produces stderr identical to the broader `(ConfigurationError, StrategyNotLinkedError, RuntimeError)` clause that already exists (since `AirborneBootstrapError` extends `RuntimeError` and the message itself carries the `airborne_bootstrap:` prefix). The dedicated clause is documentation-as-code: it makes the error path traceable in code review and locks the surfacing format against future broader-clause edits. No functional difference at runtime today; intentional. The inline comment captures the rationale.

## Phase 4: Security

No findings.

- No SQL, no command exec, no `eval`/`exec`.
- No new external input ingress.
- Error messages include the missing key + flag + component slug — no secret leakage (the bootstrap error format was already audited in AZ-619..AZ-625).

## Phase 5: Performance

No findings.

- The `build_pre_constructed(config)` call is a one-shot bootstrap; not in any hot path.
- The new exception handler in `main()` is exercised only on a failure path; zero cost on the success path.

## Phase 6: Cross-Task Consistency

Consistent with the AZ-619..AZ-625 batch pattern:

- The umbrella test file uses the same env / config / monkeypatch pattern as the per-phase test files (`test_az619..test_az625`).
- The `_stub_heavy_builders` helper mirrors the autouse fixtures from each phase test (one explicit stub per documented `_build_*` builder).
- The `_stub_strategy_factories` helper mirrors the strategy-factory monkeypatch pattern from `test_az401_compose_root_replay.py`'s `_fake_replay_components_factory` — both replace heavy seams in the airborne_bootstrap namespace so wrappers return MagicMock sentinels.

The 1-line addition to `build_pre_constructed`-callers (none beyond `main()`) is consistent: the function's contract has not changed since AZ-619 — `main()` is the first non-test caller.

## Phase 7: Architecture Compliance

- Layer direction: `runtime_root/__init__.py::main()` (Layer 5 — entry / composition) imports from `runtime_root.airborne_bootstrap` (same Layer 5). ✓
- Public API respect: the imports at the top of `main()`'s function body (`AirborneBootstrapError`, `build_pre_constructed`, `register_airborne_strategies`) are all in `airborne_bootstrap.__all__`. ✓
- No new module cycles introduced. The `runtime_root/__init__.py` → `runtime_root/airborne_bootstrap.py` edge already existed.
- No duplicate symbols across components.
- No cross-cutting concerns re-implemented locally.

## Findings

| # | Severity | Category | File:Line | Title |
|---|----------|----------|-----------|-------|
| F1 | Low | Style | `src/gps_denied_onboard/runtime_root/__init__.py:680` | Dedicated `AirborneBootstrapError` handler is documentation-as-code |

### Finding Details

**F1: Dedicated `AirborneBootstrapError` handler is documentation-as-code** (Low / Style)

- Location: `src/gps_denied_onboard/runtime_root/__init__.py:680`
- Description: At runtime, the dedicated handler produces stderr identical to the broader `RuntimeError` clause (the bootstrap error message itself carries the `airborne_bootstrap:` prefix). The dedicated clause makes the error path traceable in code review and locks the surfacing format.
- Suggestion: leave as-is — the inline comment captures the rationale; the regression guard test (`test_ac_624_local_main_distinct_handler_does_not_double_print`) ensures the catch ordering is not silently broken.
- Task: AZ-624

## Verdict Logic

- 0 Critical, 0 High → not FAIL.
- 0 Medium → not PASS_WITH_WARNINGS for medium.
- 1 Low → still PASS overall.

**Verdict: PASS** (with one out-of-scope note: AC-618-5 / AC-624.tier2 BLOCKED on Jetson hardware evidence; user must supply).