mirror of
https://github.com/azaion/gps-denied-onboard.git
synced 2026-06-21 11:31:13 +00:00
Oleksandr Bezdieniezhnykh
6599d828d2
Three blackbox-harness tasks landed together — all depend only on
AZ-406 and unblock the FT-* / NFT-* scenario tasks scheduled for
batches 69+.
AZ-407 — Static fixture builders (3pt):
* tile-cache-builder/{builder.py, Dockerfile, build.sh} produces a
deterministic tile-cache-fixture Docker volume from
_docs/00_problem/input_data/. Reproducibility primitives: sorted
iteration, frozen PIL JPEG settings, FAISS HNSW32 built single-
threaded with seeded stub descriptors.
* age-injector/{age_injector.py, inject.sh} clones the volume and
shifts capture_date by N×30.44 days; tile JPEG bytes preserved
bit-identical. Emits synth-age-7mo + synth-age-13mo volumes.
* cold-boot/cold_boot_fixture.json: frozen FC pose snapshot at
Derkachi sector centre, schema v1.
* secrets/mavlink-test-passkey.txt: 64-hex with required
`# TEST ONLY` header line per AC-5. Passkey-equality test now
compares the secret line after stripping the header.
* security/cve-2025-53644.jpg: synthetic 158-byte malformed JPEG
(truncated SOS marker). OpenCV 4.11.x rejects gracefully with
imdecode → None. AZ-439 will sharpen for ASan instrumentation.
* Top-level Makefile with `make fixtures` / `make fixtures-*` /
`make e2e-tier1*` / `make unit-tests` targets.
AZ-444 — Tier-2 Jetson harness wrapper (5pt):
* run-tier2.sh rewritten as orchestrator. Detects local
(aarch64 + TIER2_HOST=localhost) vs remote (ssh into TIER2_HOST).
New flags: -k/--selector, --build-kind production|asan,
--reflash (gated behind TIER2_REFLASH_ACK=1 two-key gate),
--dry-run.
* tier2-on-jetson.sh (new) — on-device delegate. Verifies
gps-denied-onboard{,-asan}.service health; restarts with 5s
tolerance; spawns tegrastats + jtop parallel samplers; tails
ASan unit's journal in asan mode; drives docker compose with
TIER=tier2-jetson; forwards SELECTOR to pytest -k.
* docker/run-tier1.sh (new) — selector-parity sibling.
* AC-1 (selector parity) and AC-6 (reflash gating) unit-tested via
--dry-run output assertions. AC-2/AC-3/AC-4/AC-5 are hardware-
loop ACs verified by the Tier-2 runtime smoke (no Jetson in the
unit-test layer).
AZ-445 — CSV reporter + evidence bundler refinements (2pt):
* reporting/nfr_recorder.py (new) — pytest plugin. Provides the
`nfr_recorder` fixture with record_metric(name, value, ac_id)
and partial(ac_id, reason). At session end emits:
- per-nfr/<scenario_id>.json (AC-1)
- traceability-status.json with every AC ID parsed from
traceability-matrix.md, classified Covered/PARTIAL/NOT
COVERED with source scenario IDs (AC-2)
- regression-baseline.json with all numeric metrics (AC-3)
* csv_reporter.py extended — `_outcome_to_result` consults the
aggregator; rows flip PASS → PARTIAL when an AC was marked
PARTIAL by nfr_recorder (AC-4). Graceful fallback when
aggregator isn't registered (unit-test contexts).
* conftest.py registers nfr_recorder in pytest_plugins.
* New --traceability-matrix CLI flag seeds the NOT COVERED rows.
Build / config:
* pyproject.toml dev extras: added Pillow>=10.4,<13.0 for the
tile-cache-builder unit test (broad enough to keep torchvision's
Pillow 12 pin happy; the production builder runs inside its own
Docker image with its own pin).
* Updated test_directory_layout.py to cover 10 new files + replaced
the byte-equal passkey assertion with the header-stripping
variant.
Test results:
* 157 focused tests pass (was 97 in batch 67; +60 new across this
batch). No regressions.
Module-layout / spec drift:
* AZ-407 spec text says `tests/fixtures/...`; module-layout
blackbox_tests entry (commit d7a17a8) authoritatively places the
harness under `e2e/`. Implementation followed the layout entry.
* AZ-444 spec mentions `e2e/tier2/run-tier2.sh`; AZ-406 placed it
at `e2e/jetson/run-tier2.sh`. Kept at `e2e/jetson/` for
consistency.
* Cold-boot README ownership: corrected from AZ-419 to AZ-407 per
AZ-419's own Dependencies field.
Specs archived to _docs/02_tasks/done/. Jira tickets transitioned to
In Testing on commit.
Co-authored-by: Cursor <cursoragent@cursor.com>
108 lines
4.1 KiB
Python
108 lines
4.1 KiB
Python
"""Asserts the AZ-406 directory layout is present.
|
|
|
|
Every blackbox / fixture / Jetson task added later relies on these paths.
|
|
Catching a missing directory here is much faster than failing inside the
|
|
e2e-runner image build.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
|
|
E2E_ROOT = Path(__file__).resolve().parents[1]
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
"relative_path",
|
|
[
|
|
"README.md",
|
|
".gitignore",
|
|
"docker/docker-compose.test.yml",
|
|
"docker/docker-compose.tier2-bridge.yml",
|
|
"docker/secrets/mavlink_passkey",
|
|
"docker/run-tier1.sh",
|
|
"jetson/run-tier2.sh",
|
|
"jetson/tier2-on-jetson.sh",
|
|
"jetson/tier2.service",
|
|
"jetson/tegrastats_parser.py",
|
|
"jetson/jtop_parser.py",
|
|
"runner/Dockerfile",
|
|
"runner/requirements.txt",
|
|
"runner/pytest.ini",
|
|
"runner/conftest.py",
|
|
"runner/reporting/csv_reporter.py",
|
|
"runner/reporting/evidence_bundler.py",
|
|
"runner/reporting/nfr_recorder.py",
|
|
"runner/helpers/frame_source_replay.py",
|
|
"runner/helpers/imu_replay.py",
|
|
"runner/helpers/sitl_observer.py",
|
|
"runner/helpers/mavproxy_tlog_reader.py",
|
|
"runner/helpers/fdr_reader.py",
|
|
"runner/helpers/geo.py",
|
|
"fixtures/mock-suite-sat/Dockerfile",
|
|
"fixtures/mock-suite-sat/app.py",
|
|
"fixtures/mock-suite-sat/requirements.txt",
|
|
"fixtures/tile-cache-builder/README.md",
|
|
"fixtures/tile-cache-builder/builder.py",
|
|
"fixtures/tile-cache-builder/Dockerfile",
|
|
"fixtures/tile-cache-builder/build.sh",
|
|
"fixtures/age-injector/README.md",
|
|
"fixtures/age-injector/age_injector.py",
|
|
"fixtures/age-injector/inject.sh",
|
|
"fixtures/injectors/outlier.py",
|
|
"fixtures/injectors/blackout_spoof.py",
|
|
"fixtures/injectors/multi_segment.py",
|
|
"fixtures/injectors/cold_boot.py",
|
|
"fixtures/cold-boot/README.md",
|
|
"fixtures/cold-boot/cold_boot_fixture.json",
|
|
"fixtures/secrets/mavlink-test-passkey.txt",
|
|
"fixtures/security/generate_cve_jpeg.py",
|
|
"fixtures/security/cve-2025-53644.jpg",
|
|
"fixtures/security/README.md",
|
|
"tests/__init__.py",
|
|
"tests/conftest.py",
|
|
"tests/positive/__init__.py",
|
|
"tests/negative/__init__.py",
|
|
"tests/performance/__init__.py",
|
|
"tests/resilience/__init__.py",
|
|
"tests/security/__init__.py",
|
|
"tests/resource_limit/__init__.py",
|
|
"tests/positive/test_smoke.py",
|
|
],
|
|
)
|
|
def test_required_path_exists(relative_path: str) -> None:
|
|
"""Each path AZ-406 + AZ-407 + AZ-444 + AZ-445 commit to must exist on disk."""
|
|
assert (E2E_ROOT / relative_path).exists(), (
|
|
f"layout invariant broken: e2e/{relative_path} is missing"
|
|
)
|
|
|
|
|
|
def test_passkey_files_match() -> None:
|
|
"""Docker secret and runner-side passkey fixture must encode the same secret.
|
|
|
|
The docker-secret file is consumed by mavproxy as a raw 64-hex passkey
|
|
(no comments allowed in its body). The runner-side fixture file is the
|
|
AZ-407 AC-5 deliverable and ships with a ``# TEST ONLY...`` header
|
|
line so it self-documents during code review.
|
|
|
|
We therefore compare the FIRST 64-hex line of each file rather than
|
|
the raw bytes. The two files MUST encode the same 32-byte secret;
|
|
drift between them would mean a mavproxy run uses a different key
|
|
than the runner fixture states.
|
|
"""
|
|
|
|
# Arrange
|
|
docker_pk = (E2E_ROOT / "docker/secrets/mavlink_passkey").read_text().strip().splitlines()
|
|
runner_pk_lines = (E2E_ROOT / "fixtures/secrets/mavlink-test-passkey.txt").read_text().strip().splitlines()
|
|
runner_pk = [line for line in runner_pk_lines if not line.lstrip().startswith("#")]
|
|
|
|
# Assert
|
|
assert docker_pk and runner_pk, "passkey files must contain at least one non-comment line"
|
|
assert docker_pk[0] == runner_pk[0], (
|
|
"MAVLink test passkey secrets differ between docker secret and runner "
|
|
"fixture. They MUST encode the same 32-byte secret — see "
|
|
"e2e/fixtures/secrets/README.md."
|
|
)
|