mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 23:31:13 +00:00

Files

T

Oleksandr Bezdieniezhnykh 5bf2dbd85f Update autodev state documentation to reflect progress in the Decompose phase, changing the current step from 5 to 6. Revise sub-step details to indicate a shift to phase 2, focusing on module layout for the Satellite Service and Tile Manager, and awaiting confirmation before product task decomposition. Additionally, enhance problem documentation to clarify the original still-image sample limitations and introduce the Derkachi representative fixture for improved data validation. Update references to the Tile Manager and Satellite Service throughout the documentation for consistency.

2026-05-03 12:41:52 +03:00

9.5 KiB

Raw Blame History

Solution

Product Solution Description

Build an onboard GPS-denied localization service that runs on the Jetson companion computer, uses the fixed downward navigation camera and flight-controller inertial telemetry, and emits ArduPilot GPS_INPUT estimates with calibrated covariance and source labels.

The production architecture is a trigger-based hybrid estimator:

Nav camera + FC telemetry
        |
        v
Image quality + calibration + orthorectification
        |
        +--> Hot path: OpenCV geometry + BASALT VIO --> safety/anchor wrapper --> GPS_INPUT + QGC + FDR
        |
        +--> Reference path: OpenVINS replay benchmark for VIO drift/covariance tests; Kimera backup replay
        |
        +--> Trigger path: DINOv2-VLAD query --> CPU FAISS top-K --> ALIKED/DISK+LightGlue --> OpenCV RANSAC --> safety/anchor wrapper
        |
        +--> Tile path: new COG tile + quality/provenance sidecar --> manifest update --> post-flight Satellite Service sync

Heavy local retrieval and local matching are not steady-state per-frame dependencies. They run on cold start, VO failure, sharp turns, disconnected segments, covariance growth, stale-anchor age, or operator-assisted relocalization, using only preloaded cache/index data during flight.

Architecture

Camera Ingest, Calibration, And Geometry

Solution	Tools	Pinned Mode/Config	Fit
OpenCV geometry utility layer	OpenCV 4.x	Calibration, undistortion, homography, RANSAC/USAC, MRE measurement	Selected. Mature, permissive, exact utility fit; not a full estimator.

VO / IMU Propagation And Estimator

Solution	Tools	Pinned Mode/Config	Fit
BASALT + safety/anchor wrapper	BASALT, OpenCV, custom wrapper	BASALT consumes calibrated nav-camera frames + FC IMU; wrapper fuses satellite anchors, calibrates uncertainty, emits source labels and `GPS_INPUT` fields	Selected. Best production VIO candidate found: permissive license, strong benchmark evidence, avoids custom VIO from scratch.
OpenVINS	OpenVINS	Monocular camera + IMU EKF/MSCKF reference runs with covariance extraction	Reference only. Strong VIO and covariance baseline, but GPLv3 and generic VIO ownership make it unsuitable as default shipped dependency.
Kimera-VIO	Kimera-VIO	Mono/stereo camera + IMU VIO/SLAM backup replay	Backup candidate. BSD-friendly but heavier/stereo-oriented; mono-inertial path has documented caveats.
ORB-SLAM3	ORB-SLAM3	Monocular-inertial SLAM	Rejected for production. GPLv3 and heavier SLAM/map lifecycle.

BASALT does not replace the project-owned safety logic. The wrapper remains responsible for satellite anchor acceptance, confidence calibration, source labels, blackout/spoofing modes, tile-write eligibility, and MAVLink GPS_INPUT semantics.

Satellite Service And Anchor Verification

Solution	Tools	Pinned Mode/Config	Fit
DINOv2-VLAD + CPU FAISS + ALIKED/DISK+LightGlue	DINOv2/AnyLoc-style descriptors, FAISS CPU, LightGlue, OpenCV RANSAC	Offline VPR chunk descriptors; conditional query descriptor; CPU FAISS top-K; learned local match on bounded candidates; TensorRT only after fidelity check	Selected with runtime/fidelity gates.
SuperPoint+LightGlue	SuperPoint, LightGlue	Same matcher with SuperPoint features	License-gated benchmark/fallback only.
Classical SIFT/ORB	OpenCV	Handcrafted features + homography	Regression/fallback baseline.

The Satellite Service component imports mission cache/index packages before flight, uploads generated-tile packages after landing, and serves local VPR queries during flight. The VPR index is built over ground-footprint-sized chunks with overlap and a multi-scale descriptor set. VPR is invoked only on relocalization triggers or covariance/anchor-age growth; normal flight uses BASALT VIO plus wrapper propagation. No satellite-provider or Satellite Service network calls are allowed mid-flight.

Tile Manager

Solution	Tools	Pinned Mode/Config	Fit
COG tile objects + PostgreSQL/PostGIS manifest + signed JSON sidecars	GDAL COG, PostgreSQL/PostGIS, signed JSON sidecars, FAISS index files	Service tiles and generated tiles are write-new COG objects; active version selected by PostGIS-backed manifest	Selected. Fits geospatial raster access, provenance, spatial/freshness queries, and write-new tile lifecycle.
PMTiles	PMTiles	Read-only archive snapshot	Rejected for live cache because in-flight tile generation needs mutable write-new objects.

Service-source tiles and generated tiles carry CRS, capture date, source, m/px, freshness, quality score, sidecar hashes, and descriptor references. The Tile Manager also orthorectifies eligible nadir frames into generated COG tiles. Stale tiles are rejected or down-confidence weighted.

MAVLink Integration

Solution	Tools	Pinned Mode/Config	Fit
MAVSDK telemetry + pymavlink `GPS_INPUT`	MAVSDK, pymavlink	MAVSDK subscriptions; pymavlink emits `GPS_INPUT`; v1 emits GPS_INPUT only; Plane SITL validates `GPS1_TYPE=14`, velocity source params, ignore flags, fix types, accuracy fields	Selected. Exact output control with good telemetry ergonomics.

The system emits per-frame estimates locally and downsampled status to QGroundControl. GPS_INPUT.horiz_accuracy must not under-report the calibrated 95% covariance semi-major axis.

Security And Safety Controls

Solution	Tools	Pinned Mode/Config	Fit
Consistency-gated anchor acceptance	Safety/anchor wrapper, cache manifest verification	Anchor accepted only if freshness, provenance, RANSAC, covariance, Mahalanobis, and temporal consistency pass	Selected. Prevents confident false fixes.
FDR audit trail	PostgreSQL event index + CBOR payload segments + hashes	Logs estimates, inputs, emitted GPS_INPUT, health, tile writes, anchor decisions	Selected. Supports incident analysis, indexed queries, and cache-poisoning audits.

Runtime Modes

Mode	Trigger	Behavior	`GPS_INPUT` / Telemetry
`satellite_anchored`	VPR + local match passes all gates	Wrapper absolute update; tile write eligible only if sigma gate passes	3D fix, `horiz_accuracy` >= 95% covariance semi-major axis
`vo_extrapolated`	BASALT VIO healthy and anchor age/covariance within bounds	BASALT VIO + wrapper propagation; covariance grows	3D/2D depending covariance threshold
`dead_reckoned`	visual blackout or no accepted anchor	IMU-only propagation, monotonic covariance growth	degraded fix type; QGC `VISUAL_BLACKOUT_IMU_ONLY`
failsafe/no-fix	covariance >500 m or blackout >30 s	stop pretending position is valid	`fix_type=0`, `horiz_accuracy=999.0`, QGC `VISUAL_BLACKOUT_FAILSAFE`

Testing Strategy

Integration / Functional Tests

BASALT replay: assert AC-2.1a and AC-2.2 VO MRE on overlapping frame pairs, completion rate, latency, and wrapper-calibrated covariance.
OpenVINS reference replay: compare VIO drift, failure cases, and covariance against BASALT + wrapper.
Kimera-VIO backup replay: keep a second permissive candidate benchmark in case BASALT fails project replay/runtime gates.
Satellite anchor replay: assert AC-1.1/1.2, AC-2.2 cross-domain MRE, freshness rejection, and source labels.
DINOv2 descriptor fidelity: compare PyTorch/ONNX/TensorRT embeddings and retrieval rankings before accepting optimized engines.
FAISS CPU index tests: top-K recall, query latency, index size, save/load behavior on Jetson ARM64.
LightGlue extractor matrix: ALIKED vs DISK vs SIFT/ORB vs SuperPoint benchmark; SuperPoint excluded from production unless legal approves.
Tile Manager: orthorectify eligible nadir frames into write-new generated tiles, update manifest, verify active version and rollback.
GPS_INPUT SITL: validate fix type, horiz_accuracy, velocity fields, ignore flags, EK3_SRC1_* parameters, QGC behavior.
Security gates: stale tile, mismatched tile hash, low inlier ratio, impossible velocity jump, and spoofed GPS during blackout.

Non-Functional Tests

Jetson latency and memory: <400 ms p95, <8 GB shared memory, no 25 W thermal throttle.
Cache budget: 400 km² imagery + manifests + descriptors fits budget or reports explicit split budget.
FDR 8-hour load: <=64 GB, rollover logged, no silent payload loss.
Monte Carlo false-position and cache-poisoning tests for AC-NEW-4 and AC-NEW-7.
Cold boot: first valid GPS_INPUT <30 s p95 across 50 runs.

References

Detailed source registry: _docs/00_research/01_source_registry.md.

Key sources:

BASALT repository: https://github.com/VladyslavUsenko/basalt
HybVIO benchmark paper: https://arxiv.org/pdf/2106.11857
OpenVINS docs: https://docs.openvins.com/index.html
OpenVINS ATE/RTE comparison: https://github.com/rpng/open_vins/issues/402
Kimera mono-inertial caveat: https://github.com/MIT-SPARK/Kimera-VIO/issues/254
AnyLoc paper: https://arxiv.org/html/2308.00688
Aerial VPR survey: https://arxiv.org/abs/2406.00885
ALIKED-LightGlue-ONNX: https://github.com/ikeboo/ALIKED-LightGlue-ONNX
DINOv2 TensorRT issue: https://github.com/NVIDIA/TensorRT/issues/4348

Tech stack evaluation: _docs/01_solution/tech_stack.md
Component fit matrix: _docs/00_research/06_component_fit_matrix.md
Fact cards: _docs/00_research/02_fact_cards.md

9.5 KiB Raw Blame History