[AZ-503] [AZ-504] Cycle 5 Steps 11-15 sync

Wrap up cycle 5 verification + documentation:
- Steps 10/11 wrap-up reports (implementation_completeness +
  implementation_report) for the AZ-503-foundation + AZ-504 batch.
- Step 12 test-spec sync: AZ-503-foundation/AZ-504 ACs appended;
  AZ-505 deferred ACs recorded.
- Step 13 update-docs: architecture, data-model, glossary, module-
  layout, uav-tile-upload contract (v1.1.0), DataAccess + Services
  + Tests module docs synced; new common_uuidv5.md module doc.
- Step 14 security audit: PASS_WITH_WARNINGS; 0 new Critical/High;
  2 new Low informational (F1 flightId provenance, F2 pgcrypto
  deploy gap).
- Step 15 performance test: PASS_WITH_INFRA_WARNINGS; PT-08
  passed twice (AZ-504 fix verified); PT-01/02 failed due to
  recurring local Docker/colima DNS cold-start (not an app
  regression). Cycle-3 perf-harness leftover stays OPEN with
  replay #5 documented.
- Autodev state moved to Step 16 (Deploy).

Co-authored-by: Cursor <cursoragent@cursor.com>

_docs/03_implementation/implementation_completeness_cycle5_report.md

@@ -0,0 +1,121 @@
+# Product Implementation Completeness Gate — Cycle 5
+
+**Cycle**: 5
+**Date**: 2026-05-12
+**Scope**: AZ-504 (batch 1) + AZ-503-foundation (batch 2)
+
+## Inputs Reviewed
+
+- `_docs/02_tasks/done/AZ-504_perf_script_grep_pipefail_fix.md`
+- `_docs/02_tasks/done/AZ-503_tile_identity_uuidv5_bulk_list.md`
+- `_docs/02_document/architecture.md`
+- `_docs/03_implementation/batch_01_cycle5_report.md`
+- `_docs/03_implementation/batch_02_cycle5_report.md`
+- Source code under each task's ownership envelope
+
+## Per-Task Classification
+
+### AZ-504 — Perf script: fix `grep | wc -l` pipefail crash
+
+**Verdict**: PASS (with explicit Step 15 deliverables)
+
+Evidence:
+- `scripts/run-performance-tests.sh:416-417` — both `accepted` and `rejected` count expressions now wrap `grep -o` in `{ grep -o ... || true; }` so `set -o pipefail` does not kill the pipeline on zero matches.
+- AC-1, AC-2 verified by standalone harness (4 cases under `set -e -o pipefail`).
+- AC-3, AC-4 are explicitly deferred to autodev Step 15 (Performance Test) by **task spec design** — AC-4's GIVEN clause depends on AC-3 + "the full perf run is green". The deferral is not a gap; it is the natural Step 15 deliverable. Confirmed in `_docs/03_implementation/batch_01_cycle5_report.md` and in the perf-cycle3 leftover entry.
+
+Search for unresolved markers (`placeholder`, `stub`, `TODO`, `NotImplemented`, `fake`, `mock`, `scaffold`, `native bridge`) in the patched file: none in the patched region.
+
+No named runtime dependencies in the task promise.
+
+### AZ-503-foundation — Tile identity → UUIDv5 + integer UPSERT (foundation)
+
+**Verdict**: PASS
+
+Evidence (source code, not tests or reports):
+
+- **`SatelliteProvider.Common/Utils/Uuidv5.cs`** — pure-C# RFC 9562 §5.5 (SHA-1) UUIDv5 implementation, 80 LoC. No third-party dependency. `TileNamespace = 5b8d0c2e-7f1a-4d3b-9c5e-1f3a8e7d2b6c` pinned cross-repo (must match `gps-denied-onboard/components/c6_tile_cache/_uuid.py:TILE_NAMESPACE`).
+- **`SatelliteProvider.Common/DTO/UavTileMetadata.cs`** — `FlightId` (Guid?) plumbed through.
+- **`SatelliteProvider.DataAccess/Migrations/014_AddTileIdentityColumns.sql`** — applied against the live DB; verified columns `flight_id uuid NULL`, `location_hash uuid NOT NULL`, `content_sha256 bytea NULL`, `legacy_id uuid NULL`; verified `idx_tiles_unique_identity` with `COALESCE(flight_id, '00000000-...'::uuid)`; verified `idx_tiles_location_hash`; verified AZ-484 index `idx_tiles_unique_location_source` dropped.
+- **`SatelliteProvider.DataAccess/Models/TileEntity.cs`** — 4 new properties.
+- **`SatelliteProvider.DataAccess/Repositories/TileRepository.cs`** — `InsertAsync` UPSERT uses the new integer-only key + `COALESCE(flight_id, ...)`. `id` is intentionally NOT updated on conflict (preserves AC-2 idempotence).
+- **`SatelliteProvider.Services.TileDownloader/TileService.cs:146-196`** — `BuildTileEntity` computes deterministic `Id = Uuidv5.Create(TileNamespace, "{z}/{x}/{y}/google_maps/{empty-guid}")` and `LocationHash = Uuidv5.Create(TileNamespace, "{z}/{x}/{y}")`. No `Guid.NewGuid()` call remains. `ContentSha256` computed from the on-disk JPEG body via `SHA256.HashData(stream)`.
+- **`SatelliteProvider.Services.TileDownloader/UavTileUploadHandler.cs:144-217`** — `PersistAsync` reads `metadata.FlightId`, computes deterministic `Id` + `LocationHash` + `ContentSha256`, writes file to `./tiles/uav/{flight_id or 'none'}/{z}/{x}/{y}.jpg`. `BuildUavTileFilePath` takes a `Guid? flightId` parameter.
+
+Search for unresolved markers in modified source:
+
+```
+$ rg -i 'placeholder|TODO|NotImplemented|scaffold|native bridge' SatelliteProvider.Common/Utils/Uuidv5.cs \
+    SatelliteProvider.DataAccess/Migrations/014_AddTileIdentityColumns.sql \
+    SatelliteProvider.DataAccess/Models/TileEntity.cs \
+    SatelliteProvider.DataAccess/Repositories/TileRepository.cs \
+    SatelliteProvider.Services.TileDownloader/TileService.cs \
+    SatelliteProvider.Services.TileDownloader/UavTileUploadHandler.cs
+```
+
+→ no matches. (`stub` matches appear only in test-only fixtures from prior cycles; out of this task's scope.)
+
+Named technologies / integrations promised by the task:
+- **PostgreSQL `pgcrypto` extension** — migration enables it via `CREATE EXTENSION IF NOT EXISTS pgcrypto` and uses it for the SHA-1-based UUIDv5 backfill. ✓
+- **Cross-repo `gps-denied-onboard` UUIDv5 contract** — pinned namespace constant matches by spec (Python parity verified by 10 reference vectors in `Uuidv5Tests`). The onboard repo's matching change is a separate cross-workspace task (`AZ-304` in `gps-denied-onboard`). This is **out of scope for the satellite-provider workspace** by the AZ-503-foundation spec — both sides are coordinated but not co-implemented.
+
+Deferred ACs (5 of 12) are explicitly out of scope per the user-approved split (Option C, /autodev step 10 batch 2):
+- AC-5 (inventory endpoint), AC-6 (Leaflet path rewrite), AC-9 (perf SLO), AC-10 (index-only EXPLAIN), AC-12 (HTTP/2) → all moved to AZ-505 with a `Blocks` link.
+
+End-to-end production pipeline check: the `TileTests.RunGetTileByLatLonTest` integration test produced tile id `e228d1aa-25d4-556e-a72d-e0484756e165` — a valid UUIDv5. This confirms the production path (HTTP request → Google Maps download → `TileService.BuildTileEntity` → `TileRepository.InsertAsync` → deterministic id) is connected end-to-end, not just in unit tests.
+
+## Gate Verdict: PASS
+
+Every product task is PASS. No FAIL, no BLOCKED.
+
+- No remediation tasks required.
+- Proceed to /implement Step 16 (Final Test Run). Per the existing-code flow, the next autodev step (Step 11 — Run Tests) owns the full-suite gate, so /implement Step 16 hands off to autodev Step 11 rather than re-running the suite.
+
+## Handoff to autodev Step 11 (Run Tests)
+
+The full integration suite was already run twice during /implement Step 6. Results:
+
+- **Run 1** (during batch 2): failed at `UavUploadTests.MultiSourceCoexistence_AZ484_Cycle2` due to my AZ-503 migration making `location_hash` NOT NULL while that seed test inserted a raw row without it. Fix shipped (`UavUploadTests.cs` seed computes location_hash via `Uuidv5.Create`). After fix, the test passed.
+- **Run 2** (post-fix): passed JWT (8 ACs), all UAV upload tests (10 ACs including AZ-503 AC-3 + AC-4), and `TileTests.RunGetTileByLatLonTest`. Failed mid-way through `RegionTests.RunRegionProcessingTest_200m_Zoom18` due to intermittent DNS resolution failure on `mt1.google.com` from the Docker test container. This is host-network flakiness, not an AZ-503 regression — same failure mode appeared in Run 1 against `tile.googleapis.com` before the AZ-503 fix was applied.
+
+`MigrationTests` (which sit at the end of the suite, after the flaky Region tests) did not execute via the runner during Run 2 but were verified directly against the running DB: column shape, index shape, deterministic backfill formula match (SQL UUIDv5 of `"18/12345/23456"` = `38b26f49-a966-5121-aaf4-9cc476f57869` — byte-identical to the C# unit test vector), and live row equality on three sampled rows.
+
+Recommendation for autodev Step 11: the user can re-run the full suite or accept the partial evidence above + the verified DB schema. Either way, no AZ-503-related test failures remain.
+
+## Files / Symbols Checked
+
+Production code:
+- `SatelliteProvider.Common/Utils/Uuidv5.cs`
+- `SatelliteProvider.Common/DTO/UavTileMetadata.cs`
+- `SatelliteProvider.DataAccess/Migrations/014_AddTileIdentityColumns.sql`
+- `SatelliteProvider.DataAccess/Models/TileEntity.cs`
+- `SatelliteProvider.DataAccess/Repositories/TileRepository.cs`
+- `SatelliteProvider.Services.TileDownloader/TileService.cs`
+- `SatelliteProvider.Services.TileDownloader/UavTileUploadHandler.cs`
+- `scripts/run-performance-tests.sh:416-417`
+
+DB schema (live, post-migration):
+- `tiles.flight_id` (uuid NULL)
+- `tiles.location_hash` (uuid NOT NULL)
+- `tiles.content_sha256` (bytea NULL)
+- `tiles.legacy_id` (uuid NULL)
+- `idx_tiles_unique_identity` (UNIQUE, integer key + `COALESCE(flight_id, ...)`)
+- `idx_tiles_location_hash` (non-unique)
+- AZ-484 indexes `idx_tiles_unique_location_source` and pre-AZ-484 `idx_tiles_unique_location` dropped.
+
+Tests (existence + AC mapping verified):
+- `SatelliteProvider.Tests/Uuidv5Tests.cs` (AC-1 + invariants)
+- `SatelliteProvider.Tests/UavTileFilePathTests.cs` (AC-11)
+- `SatelliteProvider.Tests/UavTileUploadHandlerTests.cs` (AC-2, AC-3, AC-7, AC-11 unit-level)
+- `SatelliteProvider.IntegrationTests/UavUploadTests.cs` (AC-3, AC-4 integration; AZ-488 regression coverage)
+- `SatelliteProvider.IntegrationTests/MigrationTests.cs` (3 new AZ-503 assertions + AZ-484 supersession)
+
+## Unresolved Scaffold / Native Placeholders: None
+
+## Named Promised Technologies Not Integrated: None
+
+(`pgcrypto` integrated. Cross-repo Python parity verified by reference vectors but the onboard implementation is owned by a sibling workspace, not satellite-provider.)
+
+## Required Remediation Tasks: None
+
+Cycle 5 is complete from the implementation perspective; AZ-505 carries the deferred scope into a future cycle (already linked in `_docs/02_tasks/_dependencies_table.md`).