sprint-8: EKF + adaptive tuner + HWID + SHA-256 audit hash-chain

- heading_ekf.py: 2-state Kalman filter fusing PGN 127250 heading and
  127251 ROT with shortest-arc innovation and symmetric covariance update
- adaptive_tuner.py: gradient-descent outer-loop Kp/Ki adjuster bounded
  to ±adaptive_max_deviation_pct; oscillation vs steady-state detection
- hwid.py: HMAC-SHA256 activation token (verify side); hwid_from_mac_words
  converts three Modbus uint16 MAC words to 12-char hex HWID
- audit.py: SHA-256 hash-chain -- each JSONL line carries prev_hash and
  line_hash; verify_chain() detects tampering, deletion, insertion
- firmware/system/hwid.h+cpp: esp_efuse_mac_get_default wrapper + FNV-32
  hash + "AA:BB:CC:DD:EE:FF" formatter
- modbus_registers.yaml + generated .h/.py: HWID_MAC_01/23/45 at
  input addrs 9/10/11 (three 16-bit words = 6-byte MAC)
- modbus_slave.cpp: INPUT_HWID_MAC_01/23/45 cases read eFuse MAC
- main.cpp: logs HWID string + FNV-32 hash at boot (activation traceability)
- tests: 72 new tests (audit signing, EKF, adaptive tuner, HWID) -- 398 total

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
2026-05-20 03:07:27 -04:00
parent 5f9b445572
commit 45642fda0e
15 changed files with 1217 additions and 5 deletions
+157
View File
@@ -0,0 +1,157 @@
"""Tests for AdaptiveTuner -- Sprint 8."""
from __future__ import annotations
import pytest
from arautopilot.core.adaptive_tuner import AdaptiveTuner
from arautopilot.core.pid_config import PidConfig, PidGains
def _make_config(
adaptive_enabled: bool = True,
adaptive_max_deviation_pct: float = 50.0,
) -> PidConfig:
return PidConfig(
inner_loop_base=PidGains(kp=1.0, ki=0.1, kd=0.05),
outer_loop_base=PidGains(kp=2.0, ki=0.2, kd=0.1),
adaptive_enabled=adaptive_enabled,
adaptive_max_deviation_pct=adaptive_max_deviation_pct,
)
def _make_tuner(
kp: float = 2.0,
ki: float = 0.4,
adaptive_max_deviation_pct: float = 50.0,
window_steps: int = 10,
step_pct: float = 0.1,
) -> AdaptiveTuner:
config = PidConfig(
inner_loop_base=PidGains(kp=1.0, ki=0.1, kd=0.05),
outer_loop_base=PidGains(kp=kp, ki=ki, kd=0.1),
adaptive_enabled=True,
adaptive_max_deviation_pct=adaptive_max_deviation_pct,
)
base = PidGains(kp=kp, ki=ki, kd=0.1)
return AdaptiveTuner(config=config, base_gains=base, window_steps=window_steps, step_pct=step_pct)
class TestAdaptiveDisabled:
def test_returns_none_when_disabled(self):
config = _make_config(adaptive_enabled=False)
tuner = AdaptiveTuner(
config=config,
base_gains=PidGains(kp=2.0, ki=0.2, kd=0.1),
)
for _ in range(200):
result = tuner.step(5.0)
assert result is None
class TestBufferFill:
def test_returns_none_before_buffer_full(self):
tuner = _make_tuner(window_steps=20)
for i in range(19):
assert tuner.step(5.0) is None
def test_may_adapt_once_buffer_is_full(self):
tuner = _make_tuner(window_steps=10, step_pct=0.1)
result = None
for _ in range(10):
result = tuner.step(5.0) # large persistent error → increase Kp
# Should have triggered an adaptation on the 10th step
assert result is not None
class TestOscillationDetection:
def test_oscillating_signal_reduces_kp(self):
tuner = _make_tuner(window_steps=10, kp=2.0, step_pct=0.1)
original_kp = tuner._current_kp
# Fill buffer with alternating signs (100% sign flips)
result = None
for i in range(10):
err = 3.0 if i % 2 == 0 else -3.0
result = tuner.step(err)
# After oscillation detection, Kp should be reduced
if result is not None:
assert result.kp < original_kp
def test_steady_error_increases_kp(self):
tuner = _make_tuner(window_steps=10, kp=2.0, step_pct=0.1, ki=0.2)
original_kp = tuner._current_kp
result = None
for _ in range(10):
result = tuner.step(5.0) # sustained positive error
assert result is not None
assert result.kp > original_kp
def test_small_error_within_deadband_no_adapt(self):
tuner = _make_tuner(window_steps=10)
tuner.dead_band_deg = 2.0
result = None
for _ in range(10):
result = tuner.step(0.5) # within dead band
assert result is None
class TestBoundsClamping:
def test_kp_never_exceeds_upper_bound(self):
tuner = _make_tuner(kp=2.0, adaptive_max_deviation_pct=20.0, window_steps=5, step_pct=0.5)
for _ in range(200):
tuner.step(10.0) # large error, keep trying to increase
assert tuner._current_kp <= 2.0 * 1.20 + 1e-9
def test_kp_never_below_lower_bound(self):
tuner = _make_tuner(kp=2.0, adaptive_max_deviation_pct=20.0, window_steps=5, step_pct=0.5)
for i in range(200):
err = 5.0 if i % 2 == 0 else -5.0
assert tuner._current_kp >= 2.0 * 0.80 - 1e-9
def test_ki_stays_within_bound(self):
tuner = _make_tuner(kp=2.0, ki=0.4, adaptive_max_deviation_pct=30.0, window_steps=5, step_pct=0.5)
for _ in range(200):
tuner.step(10.0)
assert tuner._current_ki <= 0.4 * 1.30 + 1e-9
def test_kd_unchanged_after_adaptation(self):
tuner = _make_tuner(window_steps=10, step_pct=0.1)
original_kd = tuner._current_kd
for _ in range(50):
tuner.step(5.0)
assert tuner._current_kd == pytest.approx(original_kd)
class TestKiRatioPreservation:
def test_ki_kp_ratio_preserved_after_adapt(self):
tuner = _make_tuner(kp=2.0, ki=0.4, window_steps=10, step_pct=0.1)
base_ratio = 0.4 / 2.0
result = None
for _ in range(10):
result = tuner.step(5.0)
if result is not None:
new_ratio = result.ki / result.kp
assert new_ratio == pytest.approx(base_ratio, rel=0.01)
class TestReset:
def test_reset_restores_base_gains(self):
tuner = _make_tuner(kp=2.0, ki=0.4, window_steps=10, step_pct=0.1)
for _ in range(10):
tuner.step(5.0)
tuner.reset()
assert tuner._current_kp == pytest.approx(2.0)
assert tuner._current_ki == pytest.approx(0.4)
def test_reset_clears_buffer(self):
tuner = _make_tuner(window_steps=10)
for _ in range(8):
tuner.step(5.0)
tuner.reset()
assert len(tuner._error_buffer) == 0
def test_current_gains_property(self):
tuner = _make_tuner(kp=2.0, ki=0.4)
g = tuner.current_gains
assert g.kp == pytest.approx(2.0)
assert g.ki == pytest.approx(0.4)
+180
View File
@@ -0,0 +1,180 @@
"""Tests for SHA-256 hash-chain audit signing -- Sprint 8."""
from __future__ import annotations
import json
import tempfile
from pathlib import Path
import pytest
from arautopilot.core.audit import (
GENESIS_HASH,
AuditEvent,
AuditLog,
AuditOutcome,
)
def _make_event(**kwargs) -> AuditEvent:
defaults = dict(action="test_action", outcome=AuditOutcome.SUCCESS)
defaults.update(kwargs)
return AuditEvent(**defaults)
class TestGenesisHash:
def test_genesis_hash_is_64_hex_chars(self):
assert len(GENESIS_HASH) == 64
assert all(c == "0" for c in GENESIS_HASH)
def test_compute_hash_returns_64_char_hex(self):
h = AuditEvent._compute_hash(GENESIS_HASH, "payload")
assert len(h) == 64
assert all(c in "0123456789abcdef" for c in h)
class TestHashChainAppend:
def test_first_event_prev_hash_is_genesis(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
log.append(_make_event(action="first"))
events = log.read_all()
assert events[0].prev_hash == GENESIS_HASH
def test_second_event_prev_hash_links_to_first(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
log.append(_make_event(action="first"))
log.append(_make_event(action="second"))
events = log.read_all()
assert events[1].prev_hash == events[0].line_hash
def test_line_hash_is_deterministic(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
event = _make_event(action="deterministic")
log.append(event)
events = log.read_all()
e = events[0]
# Recompute manually
payload_dict = e.model_dump(mode="json")
payload_dict.pop("prev_hash")
payload_dict.pop("line_hash")
canonical = json.dumps(payload_dict, ensure_ascii=False, sort_keys=True)
expected = AuditEvent._compute_hash(GENESIS_HASH, canonical)
assert e.line_hash == expected
def test_chain_links_across_multiple_events(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
for i in range(5):
log.append(_make_event(action=f"event_{i}"))
events = log.read_all()
assert events[0].prev_hash == GENESIS_HASH
for i in range(1, 5):
assert events[i].prev_hash == events[i - 1].line_hash
def test_chain_continues_after_reload(self, tmp_path):
p = tmp_path / "audit.jsonl"
log1 = AuditLog(p)
log1.append(_make_event(action="first"))
first_hash = log1._last_line_hash
log2 = AuditLog(p) # reload
log2.append(_make_event(action="second"))
events = log2.read_all()
assert events[1].prev_hash == first_hash
class TestVerifyChain:
def test_empty_log_verifies_ok(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
ok, reason = log.verify_chain()
assert ok
assert reason == "ok"
def test_valid_chain_verifies_ok(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
for i in range(10):
log.append(_make_event(action=f"ev_{i}"))
ok, reason = log.verify_chain()
assert ok, reason
def test_tampered_content_detected(self, tmp_path):
p = tmp_path / "audit.jsonl"
log = AuditLog(p)
log.append(_make_event(action="before_tamper"))
log.append(_make_event(action="after_tamper"))
# Tamper the first line: change action field in the raw JSON
lines = p.read_text(encoding="utf-8").splitlines()
data = json.loads(lines[0])
data["action"] = "TAMPERED"
lines[0] = json.dumps(data)
p.write_text("\n".join(lines) + "\n", encoding="utf-8")
log2 = AuditLog(p)
ok, reason = log2.verify_chain()
assert not ok
assert "tampered" in reason.lower() or "mismatch" in reason.lower()
def test_deleted_line_detected(self, tmp_path):
p = tmp_path / "audit.jsonl"
log = AuditLog(p)
for i in range(3):
log.append(_make_event(action=f"ev_{i}"))
# Remove the second line
lines = [l for l in p.read_text(encoding="utf-8").splitlines() if l.strip()]
lines.pop(1)
p.write_text("\n".join(lines) + "\n", encoding="utf-8")
log2 = AuditLog(p)
ok, reason = log2.verify_chain()
assert not ok
def test_inserted_line_detected(self, tmp_path):
p = tmp_path / "audit.jsonl"
log = AuditLog(p)
log.append(_make_event(action="first"))
log.append(_make_event(action="last"))
# Insert a fake line between them (with wrong prev_hash)
lines = p.read_text(encoding="utf-8").splitlines()
fake = json.loads(lines[0])
fake["action"] = "injected"
fake["prev_hash"] = "a" * 64
fake["line_hash"] = "b" * 64
lines.insert(1, json.dumps(fake))
p.write_text("\n".join(lines) + "\n", encoding="utf-8")
log2 = AuditLog(p)
ok, reason = log2.verify_chain()
assert not ok
class TestHashChainIsolation:
def test_hash_fields_excluded_from_payload(self, tmp_path):
log = AuditLog(tmp_path / "audit.jsonl")
log.append(_make_event(action="isolated"))
events = log.read_all()
e = events[0]
# The hash must NOT depend on the hash fields themselves (circular).
# Recompute without hash fields and confirm it matches.
payload_dict = e.model_dump(mode="json")
payload_dict.pop("prev_hash")
payload_dict.pop("line_hash")
canonical = json.dumps(payload_dict, ensure_ascii=False, sort_keys=True)
expected = AuditEvent._compute_hash(e.prev_hash, canonical)
assert e.line_hash == expected
def test_extra_field_change_breaks_chain(self, tmp_path):
p = tmp_path / "audit.jsonl"
log = AuditLog(p)
log.append(_make_event(action="good", extra={"key": "value"}))
lines = p.read_text(encoding="utf-8").splitlines()
data = json.loads(lines[0])
data["extra"]["key"] = "EVIL"
lines[0] = json.dumps(data)
p.write_text("\n".join(lines) + "\n", encoding="utf-8")
log2 = AuditLog(p)
ok, _ = log2.verify_chain()
assert not ok
+142
View File
@@ -0,0 +1,142 @@
"""Tests for 2-state Heading EKF -- Sprint 8."""
from __future__ import annotations
import math
import pytest
from arautopilot.core.heading_ekf import HeadingEKF, _shortest_arc
class TestShortestArc:
def test_zero_difference(self):
assert _shortest_arc(90.0, 90.0) == pytest.approx(0.0)
def test_positive_difference(self):
assert _shortest_arc(100.0, 90.0) == pytest.approx(10.0)
def test_negative_difference(self):
assert _shortest_arc(80.0, 90.0) == pytest.approx(-10.0)
def test_wrap_around_positive(self):
# 350 → 10 is +20 degrees (going through north)
assert _shortest_arc(10.0, 350.0) == pytest.approx(20.0)
def test_wrap_around_negative(self):
# 10 → 350 is -20 degrees
assert _shortest_arc(350.0, 10.0) == pytest.approx(-20.0)
def test_exactly_180_degrees(self):
diff = _shortest_arc(270.0, 90.0)
assert abs(diff) == pytest.approx(180.0)
class TestPredict:
def test_heading_advances_by_rot_times_dt(self):
ekf = HeadingEKF(heading_deg=0.0, rot_dps=10.0)
ekf.predict(dt_s=1.0)
assert ekf.heading_deg == pytest.approx(10.0)
def test_heading_wraps_at_360(self):
ekf = HeadingEKF(heading_deg=355.0, rot_dps=10.0)
ekf.predict(dt_s=1.0)
assert ekf.heading_deg == pytest.approx(5.0)
def test_zero_rot_heading_unchanged(self):
ekf = HeadingEKF(heading_deg=45.0, rot_dps=0.0)
ekf.predict(dt_s=1.0)
assert ekf.heading_deg == pytest.approx(45.0)
def test_covariance_grows_with_predict(self):
ekf = HeadingEKF()
p00_before = ekf._P[0]
ekf.predict(dt_s=0.1)
assert ekf._P[0] > p00_before
def test_predict_symmetry_p01_p10(self):
ekf = HeadingEKF()
for _ in range(5):
ekf.predict(dt_s=0.1)
assert ekf._P[1] == pytest.approx(ekf._P[2])
class TestUpdateHeading:
def test_state_moves_toward_measurement(self):
ekf = HeadingEKF(heading_deg=0.0)
ekf.update_heading(10.0)
assert 0.0 < ekf.heading_deg < 10.0
def test_exact_measurement_moves_fully_when_p_large(self):
# With very large P and very small noise, Kalman gain → 1
ekf = HeadingEKF(heading_deg=0.0, _P=[1e6, 0.0, 0.0, 1e6])
ekf.update_heading(90.0, noise_deg=0.001)
assert ekf.heading_deg == pytest.approx(90.0, abs=0.1)
def test_covariance_shrinks_after_update(self):
ekf = HeadingEKF()
ekf._P = [100.0, 0.0, 0.0, 100.0]
p00_before = ekf._P[0]
ekf.update_heading(10.0, noise_deg=2.0)
assert ekf._P[0] < p00_before
def test_wrap_around_innov(self):
ekf = HeadingEKF(heading_deg=355.0)
ekf._P = [1e6, 0.0, 0.0, 1e6]
ekf.update_heading(5.0, noise_deg=0.001)
# Should go toward 5.0 (via shortest arc +10), not regress
assert ekf.heading_deg == pytest.approx(5.0, abs=0.5)
class TestUpdateRot:
def test_state_moves_toward_rot_measurement(self):
ekf = HeadingEKF(rot_dps=0.0)
ekf.update_rot(5.0)
assert 0.0 < ekf.rot_dps < 5.0
def test_covariance_p11_shrinks_after_rot_update(self):
ekf = HeadingEKF()
ekf._P = [100.0, 0.0, 0.0, 100.0]
p11_before = ekf._P[3]
ekf.update_rot(2.0, noise_dps=1.0)
assert ekf._P[3] < p11_before
class TestCovarianceConvergence:
def test_covariance_converges_with_repeated_updates(self):
ekf = HeadingEKF(
process_noise_heading=0.01,
process_noise_rot=0.1,
_P=[100.0, 0.0, 0.0, 100.0],
)
# 50 predict+update cycles
for _ in range(50):
ekf.predict(dt_s=0.1)
ekf.update_heading(ekf.heading_deg, noise_deg=2.0)
ekf.update_rot(ekf.rot_dps, noise_dps=1.0)
# Covariance should have converged to steady-state (not 100 anymore)
assert ekf._P[0] < 50.0
assert ekf._P[3] < 50.0
def test_filter_tracks_constant_heading(self):
true_heading = 135.0
ekf = HeadingEKF(heading_deg=0.0)
for _ in range(100):
ekf.predict(dt_s=0.1)
ekf.update_heading(true_heading, noise_deg=2.0)
assert ekf.heading_deg == pytest.approx(true_heading, abs=2.0)
def test_filter_tracks_constant_rot(self):
ekf = HeadingEKF(heading_deg=0.0, rot_dps=0.0)
true_rot = 3.0
for _ in range(100):
ekf.predict(dt_s=0.1)
ekf.update_rot(true_rot, noise_dps=0.5)
assert ekf.rot_dps == pytest.approx(true_rot, abs=0.5)
def test_covariance_property_returns_tuple(self):
ekf = HeadingEKF()
cov = ekf.covariance
assert len(cov) == 4
assert all(isinstance(v, float) for v in cov)
+144
View File
@@ -0,0 +1,144 @@
"""Tests for HWID activation token -- Sprint 8."""
from __future__ import annotations
import hashlib
import hmac
import os
import pytest
from arautopilot.core.hwid import (
STUB_SECRET_KEY,
TOKEN_BYTES,
format_hwid,
generate_token,
hwid_from_mac_words,
verify_token,
)
SAMPLE_HWID = "aabbccddeeff" # 12-char lower-case hex
class TestHwidFromMacWords:
def test_known_bytes(self):
# mac01=0xAABB, mac23=0xCCDD, mac45=0xEEFF → "aabbccddeeff"
result = hwid_from_mac_words(0xAABB, 0xCCDD, 0xEEFF)
assert result == "aabbccddeeff"
def test_zero_mac(self):
result = hwid_from_mac_words(0, 0, 0)
assert result == "000000000000"
def test_all_ones(self):
result = hwid_from_mac_words(0xFFFF, 0xFFFF, 0xFFFF)
assert result == "ffffffffffff"
def test_returns_lowercase(self):
result = hwid_from_mac_words(0xAABB, 0xCCDD, 0xEEFF)
assert result == result.lower()
def test_result_is_12_chars(self):
result = hwid_from_mac_words(0x0102, 0x0304, 0x0506)
assert len(result) == 12
def test_byte_order(self):
# 0x1234 → bytes [0x12, 0x34]
result = hwid_from_mac_words(0x1234, 0x0000, 0x0000)
assert result[:4] == "1234"
class TestGenerateToken:
def test_returns_32_hex_chars(self):
token = generate_token(SAMPLE_HWID)
assert len(token) == TOKEN_BYTES * 2 # 32
assert all(c in "0123456789abcdef" for c in token.lower())
def test_deterministic_with_stub_key(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
t1 = generate_token(SAMPLE_HWID)
t2 = generate_token(SAMPLE_HWID)
assert t1 == t2
def test_different_hwid_different_token(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
t1 = generate_token("aabbccddeeff")
t2 = generate_token("112233445566")
assert t1 != t2
def test_uses_env_key_when_set(self, monkeypatch):
monkeypatch.setenv("AR_ACTIVATION_KEY", "test-production-key")
prod_token = generate_token(SAMPLE_HWID)
monkeypatch.delenv("AR_ACTIVATION_KEY")
stub_token = generate_token(SAMPLE_HWID)
assert prod_token != stub_token
def test_case_insensitive_hwid(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
t_lower = generate_token("aabbccddeeff")
t_upper = generate_token("AABBCCDDEEFF")
assert t_lower == t_upper
def test_matches_manual_hmac(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
expected = hmac.new(
STUB_SECRET_KEY, SAMPLE_HWID.encode(), hashlib.sha256
).hexdigest()[:TOKEN_BYTES * 2]
assert generate_token(SAMPLE_HWID) == expected
class TestVerifyToken:
def test_valid_token_returns_true(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
token = generate_token(SAMPLE_HWID)
assert verify_token(SAMPLE_HWID, token) is True
def test_wrong_token_returns_false(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
assert verify_token(SAMPLE_HWID, "a" * 32) is False
def test_wrong_hwid_returns_false(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
token = generate_token(SAMPLE_HWID)
assert verify_token("000000000000", token) is False
def test_case_insensitive_token_comparison(self, monkeypatch):
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
token = generate_token(SAMPLE_HWID)
assert verify_token(SAMPLE_HWID, token.upper()) is True
def test_constant_time_compare(self, monkeypatch):
"""verify_token must use hmac.compare_digest (checked by smoke-test, not timing)."""
monkeypatch.delenv("AR_ACTIVATION_KEY", raising=False)
token = generate_token(SAMPLE_HWID)
# Calling with correct and incorrect tokens both return without exception
assert verify_token(SAMPLE_HWID, token) is True
assert verify_token(SAMPLE_HWID, "x" * 32) is False
class TestFormatHwid:
def test_formats_correctly(self):
result = format_hwid("aabbccddeeff")
assert result == "AA:BB:CC:DD:EE:FF"
def test_uppercase_output(self):
result = format_hwid("aabbccddeeff")
assert result == result.upper().replace("X", ":") # colons preserved
assert result == "AA:BB:CC:DD:EE:FF"
def test_colon_separated_6_groups(self):
result = format_hwid("112233445566")
parts = result.split(":")
assert len(parts) == 6
assert all(len(p) == 2 for p in parts)
def test_invalid_length_raises(self):
with pytest.raises(ValueError, match="12 hex chars"):
format_hwid("aabb")
def test_all_zeros(self):
assert format_hwid("000000000000") == "00:00:00:00:00:00"
def test_all_ff(self):
assert format_hwid("ffffffffffff") == "FF:FF:FF:FF:FF:FF"