mirror of
https://github.com/azaion/gps-denied-onboard.git
synced 2026-06-21 23:11:13 +00:00
Oleksandr Bezdieniezhnykh
59d9116d36
Bootstraps the public-boundary blackbox test harness owned by epic
AZ-262 (E-BBT). Establishes the e2e/ directory tree at the repo root,
fully separated from src/gps_denied_onboard/** and from the in-process
tests/** tree, and commits to the contracts every subsequent test
ticket (AZ-407..AZ-446) builds against.
Tier-1 (workstation Docker):
- docker/docker-compose.test.yml wires SUT + ArduPilot SITL + iNav SITL
+ mock Suite Sat Service + mavproxy listener + e2e-runner onto one
e2e-net bridge with internal: true (enforces RESTRICT-SAT-1 /
NFT-SEC-02 egress isolation at the network layer).
- docker/docker-compose.tier2-bridge.yml override disables the in-
compose SUT so Tier-2 pairs SITLs + mock + runner on an x86 host
while the SUT runs natively on the Jetson under systemd.
Tier-2 (Jetson):
- jetson/run-tier2.sh + tier2.service systemd unit + tegrastats /
jtop parsers feed per-sample telemetry into the evidence bundle.
Runner image (e2e/runner/):
- Dockerfile + requirements.txt install ONLY ground-side libs
(pymavlink, opencv-python>=4.12, numpy/scipy/geopy/pyproj, httpx,
orjson, pydantic, structlog, pytest 8.x). The runner deliberately
does NOT install the SUT package.
- conftest.py implements the AC-9 skip-rule mapping (tier2_only,
chamber_only, vins_mono, deferred_ac) tied to environment.md
parametrize axes.
- reporting/csv_reporter.py is a pytest plugin emitting one row per
test with the exact 11-column schema from environment.md §
Reporting (test_id, test_name, traces_to, fc_adapter, vio_strategy,
tier, started_at_utc, execution_time_ms, result, error_message,
evidence_paths). XFAIL surfaced only when a test carries
@pytest.mark.deferred_ac(verdict="xfail", reason=...).
- reporting/evidence_bundler.py exposes the attach_evidence fixture
that copies per-test artifacts (.tlog, FDR archives, screenshots,
tegrastats / jtop CSVs) into the run bundle and records relative
paths into the reporter's evidence_paths column.
- helpers/{frame_source_replay,imu_replay,sitl_observer,
mavproxy_tlog_reader,fdr_reader}.py declare the public surfaces
(concrete implementations owned by AZ-407 / AZ-408 / AZ-416 /
AZ-417 / AZ-441 per the dependency table); helpers/geo.py ships
today (no downstream task dep) — WGS84 distance / forward-bearing
/ offset via pyproj with NaN rejection.
Mock Suite Sat Service (e2e/fixtures/mock-suite-sat/):
- FastAPI app: POST /tiles (ingest contract from D-PROJ-2 follow-up),
GET /tiles/audit + /mock/audit (per-run read-back), POST
/mock/config (force-status, response delay), POST /mock/reset
(clears audit between tests), GET /mock/health.
Fixture scaffolds (e2e/fixtures/{tile-cache-builder, age-injector,
injectors, cold-boot, secrets, security}/):
- Public surfaces only. Concrete builders land in AZ-407 (static
fixtures), AZ-408 (runtime synthetic injection), AZ-419 (cold-boot
fixture), AZ-439 (CVE-2025-53644 JPEG generator).
Test tree (e2e/tests/{positive,negative,performance,resilience,
security,resource_limit}/):
- Mirror of the test-spec category grouping in
_docs/02_document/tests/*-tests.md.
- tests/positive/test_smoke.py is the AC-1 harness-boot smoke run
inside the e2e-runner image once Docker brings everything up.
Out-of-container unit tests (e2e/_unit_tests/):
- Exercises the harness internals (CSV reporter plugin lifecycle,
conftest skip rules, helper modules, parsers, mock app, compose
YAML structural contract, public-boundary enforcement) without
Docker / SITL. 97 unit tests, all passing.
Build / config:
- pyproject.toml: testpaths extended with e2e/_unit_tests; pythonpath
extended with e2e; fastapi>=0.111,<0.120 added to dev extras for the
mock-app TestClient unit test.
AC coverage:
- AC-1 (Tier-1 boot) → compose YAML test + directory layout
+ smoke test (Docker-bound)
- AC-2 (mock services) → 6 FastAPI TestClient unit tests
- AC-3 (SITLs accept output) → contract present; concrete check
deferred to AZ-416 / AZ-417
- AC-4 (CSV columns) → in-process plugin lifecycle test
emits the exact 11-column schema
- AC-5 (egress isolation) → static config test + runtime probe
in Docker-bound smoke
- AC-6 (Tier-2 contract) → tegrastats + jtop parser unit tests
+ jetson/* layout test; full Tier-2
contract is AZ-444
- AC-7 (fixture reproducibility) → deferred to AZ-407 per task spec
- AC-8 (parametrize matrix) → vins_mono skip-rule cases +
tests/positive/test_smoke
- AC-9 (skip semantics) → 9 conftest skip-rule unit tests
Module layout entry for blackbox_tests was added in 2026-05-16
preparatory commit d7a17a8 so this diff stays focused on the harness
scaffold. AZ-406 advances to In Testing on commit.
Co-authored-by: Cursor <cursoragent@cursor.com>
189 lines
7.4 KiB
TOML
189 lines
7.4 KiB
TOML
[build-system]
|
|
requires = ["setuptools>=68", "wheel"]
|
|
build-backend = "setuptools.build_meta"
|
|
|
|
[project]
|
|
name = "gps-denied-onboard"
|
|
version = "0.1.0"
|
|
description = "Companion onboard system for GPS-denied UAV navigation"
|
|
readme = "README.md"
|
|
requires-python = ">=3.10,<3.12"
|
|
license = {text = "Proprietary"}
|
|
authors = [{name = "AZAION onboard team"}]
|
|
|
|
dependencies = [
|
|
"numpy>=1.26,<2.0",
|
|
"scipy>=1.11,<2.0",
|
|
"pyyaml>=6.0",
|
|
"pydantic>=2.5,<3.0",
|
|
# OpenCV pin gate originally enforced >= 4.12.0 (D-CROSS-CVE-1). Held to
|
|
# 4.11.x while gtsam (4.2 on PyPI) only ships numpy-1.x wheels and
|
|
# opencv-python>=4.12 mandates numpy>=2. See
|
|
# _docs/_process_leftovers/<dated>_d_cross_cve_1_deferred.md — the gate
|
|
# will be restored to >=4.12.0 once a numpy-2-compatible gtsam wheel is
|
|
# available.
|
|
"opencv-python>=4.11.0.86,<4.12",
|
|
"psycopg[binary]>=3.1",
|
|
# AZ-305 / E-C6: `PostgresFilesystemStore` uses ConnectionPool to amortise
|
|
# pool startup across the read-heavy `read_tile_pixels` path. Pinned to the
|
|
# 3.x line in lockstep with `psycopg` itself.
|
|
"psycopg-pool>=3.2,<4.0",
|
|
"sqlalchemy>=2.0",
|
|
"alembic>=1.13",
|
|
"pymavlink>=2.4",
|
|
# iNav MSP2 wire decoder for C8 inbound (AZ-391). MSPy is request-response
|
|
# on a serial transport; AP uses pymavlink for the same role.
|
|
"yamspy>=0.3.3,<0.4",
|
|
"pyserial>=3.5",
|
|
"requests>=2.31",
|
|
"structlog>=24.1",
|
|
"click>=8.1",
|
|
# SE(3) math backend for helpers.se3_utils + C1/C2.5/C3/C3.5/C4/C5/C8 consumers (AZ-264 / AZ-277).
|
|
"gtsam>=4.2,<5.0",
|
|
# Atomic-rename backend for helpers.sha256_sidecar (D-C10-3, AZ-280).
|
|
"atomicwrites>=1.4,<2.0",
|
|
# WGS84 geodesy backend for helpers.wgs_converter (AZ-264 / AZ-279).
|
|
"pyproj>=3.6,<4.0",
|
|
# FDR wire format for fdr_client.records (E-CC-FDR-CLIENT / AZ-272).
|
|
"orjson>=3.9,<4.0",
|
|
# HTTPS client for C12 FlightsApiClient (AZ-489 / ADR-010). Picked over
|
|
# `requests` because httpx ships `MockTransport` natively, so the
|
|
# FlightsApi unit tests need no extra HTTP-mocking dep.
|
|
"httpx>=0.28,<1.0",
|
|
# AZ-307 / E-C6: FreshnessGate uses an in-memory R-tree to look up
|
|
# the sector classification for a (lat, lon) at every write_tile
|
|
# call. `rtree` is the libspatialindex Python wrapper — small,
|
|
# stable, sub-microsecond point-in-rect queries at the few-hundred-
|
|
# sector scale operators ship per flight (NFR p99 ≤ 100 µs).
|
|
"rtree>=1.0,<2.0",
|
|
# Ed25519 keypair generation + detached signing for AZ-323 C10
|
|
# ManifestBuilder + AZ-318 C11 per-flight signing key. Pinned here
|
|
# because AZ-323 is the first concrete consumer; AZ-318 inherits
|
|
# the pin when it lands. Major-version bound (<46) follows the
|
|
# standard "two majors of compatibility" pattern other deps in
|
|
# this file use.
|
|
"cryptography>=43.0,<46.0",
|
|
# AZ-306 / E-C6: production-default `DescriptorIndex` strategy.
|
|
# `FaissDescriptorIndex` builds `IndexHNSWFlat` + `IndexIDMap2`,
|
|
# serialises via `faiss.write_index`, and mmap-loads via
|
|
# `faiss.read_index(..., IO_FLAG_MMAP | IO_FLAG_READ_ONLY)`.
|
|
# Promoted from the legacy `[indexing]` extras to main deps because
|
|
# the production airborne binary ALWAYS needs the descriptor index
|
|
# (no "Tier-0 dev runtime can ship without faiss" path remains).
|
|
# Major-version bound (<2.0) follows the same pattern as other
|
|
# third-party deps in this file. Research fact #92 + arch tech-stack
|
|
# both pin upstream FAISS via this PyPI distribution.
|
|
"faiss-cpu>=1.7,<2.0",
|
|
# AZ-325 / E-C10: `CacheProvisioner` acquires a fcntl-based file
|
|
# lock at `cache_root/.c10.lock` to enforce CP-INV-4 (concurrent
|
|
# `build_cache_artifacts` invocations are mutually exclusive on the
|
|
# same cache root). `filelock` provides the cross-platform
|
|
# acquisition primitive with timeout + auto-release on process
|
|
# exit. Major-version bound (<4) follows the same pattern as other
|
|
# third-party deps in this file.
|
|
"filelock>=3.13,<4.0",
|
|
# AZ-327 / E-C12: `CompanionBringup` opens an SSH session against the
|
|
# operator-side companion to verify pre-flight artifacts. Shell-out
|
|
# to `ssh ...` is forbidden by the spec (security + reliability), so
|
|
# paramiko is the only allowed transport. Major-version bound (<4)
|
|
# follows the same pattern as other third-party deps in this file;
|
|
# the `MissingHostKeyPolicy` subclass surface (RejectPolicy /
|
|
# AutoAddPolicy) is stable across paramiko 3.x.
|
|
"paramiko>=3.4,<4.0",
|
|
]
|
|
|
|
[project.optional-dependencies]
|
|
dev = [
|
|
"pytest>=7.4",
|
|
"pytest-cov>=4.1",
|
|
"pytest-asyncio>=0.23",
|
|
"ruff>=0.4",
|
|
"mypy>=1.8",
|
|
"types-PyYAML",
|
|
"types-requests",
|
|
# AZ-406 (blackbox harness internals): the mock-suite-sat-service unit
|
|
# test exercises a FastAPI app via fastapi.testclient.TestClient. The
|
|
# production runtime of the mock lives inside its own Docker image so
|
|
# the SUT does not depend on FastAPI; this is a test-only dep.
|
|
"fastapi>=0.111,<0.120",
|
|
]
|
|
inference = [
|
|
"torch>=2.2",
|
|
"torchvision>=0.17",
|
|
"onnxruntime>=1.17",
|
|
# tensorrt is installed out-of-band on Jetson — not a pip dep
|
|
]
|
|
# AZ-302: thermal telemetry backends used by C7's ThermalStatePublisher.
|
|
# Both are Jetson / NVIDIA-host-only and not import-required for Tier-1;
|
|
# the publisher selects whichever is importable at start() time and
|
|
# raises TelemetryUnavailableError if neither is present.
|
|
telemetry = [
|
|
"jetson-stats>=4.2",
|
|
"pynvml>=11.5",
|
|
]
|
|
|
|
[project.scripts]
|
|
gps-denied-replay = "gps_denied_onboard.cli.replay:main"
|
|
operator-orchestrator = "gps_denied_onboard.components.c12_operator_orchestrator.cli:main"
|
|
|
|
[tool.setuptools]
|
|
package-dir = {"" = "src"}
|
|
|
|
[tool.setuptools.packages.find]
|
|
where = ["src"]
|
|
include = ["gps_denied_onboard*"]
|
|
|
|
[tool.pytest.ini_options]
|
|
minversion = "7.0"
|
|
# `tests` is the in-process unit / integration / contract / perf test tree
|
|
# owned by per-component module-layout entries. `e2e/_unit_tests` is the
|
|
# OUT-OF-CONTAINER unit tree owned by the `blackbox_tests` cross-cutting
|
|
# entry — exercises the harness internals (CSV reporter, helpers, parsers,
|
|
# mock app, conftest skip rules) without Docker / SITL. The Docker-bound
|
|
# blackbox tree at `e2e/tests/` is intentionally NOT in testpaths: it runs
|
|
# inside the e2e-runner image via its own pytest.ini.
|
|
testpaths = ["tests", "e2e/_unit_tests"]
|
|
pythonpath = ["src", "e2e"]
|
|
# log_schema.py is the contract-mandated file name (AZ-245 AC-4); kept
|
|
# in python_files so the contract test is discovered alongside the
|
|
# standard `test_*.py` pattern.
|
|
python_files = ["test_*.py", "*_test.py", "log_schema.py"]
|
|
addopts = [
|
|
"--strict-markers",
|
|
"-ra",
|
|
]
|
|
markers = [
|
|
"tier2: tests that require Jetson hardware (auto-skipped on Tier-1)",
|
|
"gpu: tests that require an NVIDIA GPU",
|
|
"docker: tests that require Docker compose services",
|
|
"ardupilot_sitl: tests that require ArduPilot SITL container",
|
|
"slow: tests slower than ~5s",
|
|
"contract: contract-suite test (frozen public surfaces)",
|
|
]
|
|
|
|
[tool.coverage.run]
|
|
source = ["src/gps_denied_onboard"]
|
|
branch = true
|
|
|
|
[tool.coverage.report]
|
|
show_missing = true
|
|
skip_covered = false
|
|
|
|
[tool.ruff]
|
|
line-length = 100
|
|
target-version = "py310"
|
|
src = ["src", "tests"]
|
|
|
|
[tool.ruff.lint]
|
|
select = ["E", "F", "W", "I", "B", "UP", "RUF"]
|
|
ignore = ["E501"]
|
|
|
|
[tool.mypy]
|
|
python_version = "3.10"
|
|
strict = true
|
|
warn_unused_ignores = true
|
|
warn_return_any = true
|
|
ignore_missing_imports = true
|
|
mypy_path = "src"
|
|
packages = ["gps_denied_onboard"]
|