Merge branch 'main' into ITEP-89472-tack-eval-pytest

Author: dmytroye

.cursor/rules/scenescape.mdc

@@ -0,0 +1,32 @@
+---
+description: SceneScape Cursor agent router — canonical instructions and workflow
+alwaysApply: true
+---
+
+<!--
+SPDX-FileCopyrightText: (C) 2026 Intel Corporation
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# SceneScape (Cursor)
+
+## Canonical instructions (read first)
+
+For project-wide conventions, read [`.github/copilot-instructions.md`](../../.github/copilot-instructions.md): licensing, security defaults, architecture, Makefile targets, documentation policy, and how skills are organized.
+
+**Do not duplicate** policy from that file or from skills. Use short pointers only in Cursor rules.
+
+## Skills
+
+When the task touches a language, build system, tests, security, or documentation, discover and read the relevant `SKILL.md` under [`.github/skills/`](../../.github/skills/) (browse the directory or follow routing in `copilot-instructions.md`). Do not assume a fixed list of skill files.
+
+## Service guides
+
+Before substantive changes in a component tree, find and read `Agents.md` in that service’s directory (search upward from edited paths or the component root). Not every folder has one; use it when present.
+
+## Cursor workflow
+
+- Prefer root `Makefile` test targets unless a narrower pytest run is explicitly required (details live in skills).
+- Run commands in the real environment; investigate failures before giving up.
+- Commits and pull requests only when the user asks (see user/global Cursor rules).
+- Keep changes minimal and match existing conventions in the touched area.

.github/copilot-instructions.md

@@ -129,33 +129,15 @@ make rebuild-core                  # Clean + build (useful after code changes)
 
 ## Testing Framework
 
-**For comprehensive test creation guidance, see `.github/skills/testing/SKILL.md`** - detailed instructions on creating unit, functional, integration, UI, and smoke tests with both positive and negative cases.
+Testing guidance is intentionally centralized in skills to avoid duplication.
 
-**Test infrastructure** is fully pytest-based. Docker Compose lifecycle is managed by session-scoped fixtures in `tests/conftest.py`. Tests declare their service requirements via a module-level `SCENESCAPE_SPEC` using `FuncTestSpec` + `ServiceProfile`.
+- Canonical test authoring and categorization guidance: `.github/skills/testing/SKILL.md`
+- Canonical runtime verification and completion rules: `.github/skills/test-verification-gate/SKILL.md`
 
-**Running Tests** (from repo root):
+At this level, only rely on high-level routing:
 
-```bash
-make setup-tests                                            # Build test images, secrets, venv
-make run_basic_acceptance_tests                             # Smoke tests (functional + ui + unit + stability)
-make run_standard_tests                                     # Functional + UI + security + stability
-make run_functional_tests                                   # Functional tests only
-make run_ui_tests                                           # UI/Selenium tests only
-make run_unit_tests                                         # Unit tests only (sscape_tests)
-make run_metric_tests                                       # Tracker quality metrics
-make run_performance_tests                                  # Inference performance + geometry
-make run_stability_tests HOURS=24                           # Long-running stability
-```
-
-**Running tests directly with pytest** (from repo root, with tests/.venv activated):
-
-```bash
-pytest tests/sscape_tests                                   # Unit tests
-pytest tests/functional                                     # All functional tests
-pytest tests/functional/test_roi_mqtt.py                    # Single functional test
-pytest tests/ -m basic_acceptance                           # Smoke suite only
-pytest tests/ --junitxml=results.xml 2>&1 | tee output.log  # Save results to file
-```
+- Test infrastructure is pytest-based with Docker Compose lifecycle managed in `tests/conftest.py`.
+- Prefer root `Makefile` test targets for execution unless a narrower, explicit pytest invocation is required.
 
 ### Completion Gate For Test Tasks (Critical)
 

AGENTS.md

@@ -0,0 +1,11 @@
+<!--
+SPDX-FileCopyrightText: (C) 2026 Intel Corporation
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# SceneScape — AI agents
+
+**Do not add project policy here.**
+
+- **All tools:** [`.github/copilot-instructions.md`](.github/copilot-instructions.md)
+- **Cursor:** [`.cursor/rules/scenescape.mdc`](.cursor/rules/scenescape.mdc) (loaded automatically; skills, service `Agents.md`, and IDE workflow)

Makefile

@@ -737,7 +737,13 @@ init-secrets: $(SECRETSDIR) certificates auth-secrets
 
 $(SECRETSDIR):
 	mkdir -p $@
-	chmod go-rwx $(SECRETSDIR)
+	@if ! chmod go-rwx $(SECRETSDIR); then \
+		if [ "$${CI}" = "true" ] || [ "$${CI}" = "1" ]; then \
+			echo "Warning: could not set restrictive permissions on $(SECRETSDIR) in CI; secrets may be more exposed on this filesystem. Ensure runner isolation controls are in place."; \
+		else \
+			exit 1; \
+		fi; \
+	fi
 
 .PHONY: $(SECRETSDIR) certificates
 certificates:

autocalibration/src/auto_camera_calibration_api.py

@@ -130,7 +130,7 @@ def __init__(self, calibrationContext=None):
     self.app.config['MAX_CONTENT_LENGTH'] = self.MAX_REQUEST_SIZE
     self.calibrationContext = calibrationContext
 
-    self.socketio = SocketIO(self.app, cors_allowed_origins=["*"])
+    self.socketio = SocketIO(self.app, path="/v1/socket.io/", cors_allowed_origins=["*"])
     if self.calibrationContext is not None:
       self.calibrationContext.socketio = self.socketio
     self.socket_client = {}

autocalibration/src/autocalibration_client.py

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: (C) 2026 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+from scene_common.rest_client import RESTClient
+
+
+class AutoCalibrationClient(RESTClient):
+  """Client for auto-calibration REST endpoints."""
+
+  def getStatus(self):
+    """Gets auto-calibration service status."""
+    return self._get("status", None)
+
+  def registerScene(self, sceneId, data):
+    """Register a scene for auto-calibration."""
+    return self._create(f"scenes/{sceneId}/registration", data)
+
+  def getSceneRegistrationStatus(self, sceneId):
+    """Gets scene registration status."""
+    return self._get(f"scenes/{sceneId}/registration", None)
+
+  def updateSceneRegistration(self, sceneId, data):
+    """Updates scene registration."""
+    return self._update(f"scenes/{sceneId}/registration", data)
+
+  def calibrateCamera(self, cameraId, data):
+    """Calibrate a camera."""
+    return self._create(f"cameras/{cameraId}/calibration", data)
+
+  def getCameraCalibrationStatus(self, cameraId):
+    """Gets camera calibration status."""
+    return self._get(f"cameras/{cameraId}/calibration", None)

common.mk

@@ -31,6 +31,7 @@ build-image: $(BUILD_DIR) Dockerfile
 	@{ \
 		set -xe; \
 		set -o pipefail; \
+		EXTRA_BUILD_ARGS="$(EXTRA_BUILD_ARGS)"; \
 		if [ "$(GHCR_CACHE)" = "true" ]; then \
 		  EXTRA_BUILD_ARGS+=" --cache-from type=registry,ref=ghcr.io/${CACHE_REGISTRY}/$(IMAGE):main"; \
 			if [ "$(WRITE_CACHE)" = "true" ]; then \

docs/user-guide/microservices/auto-calibration/_assets/autocalibration-api.yaml

@@ -17,6 +17,9 @@ info:
 
 servers:
   - url: "https://localhost:8443/v1"
+    description: Direct standalone access
+  - url: "https://localhost/api/v1/autocalibration"
+    description: Access via Apache reverse proxy when web service is running
 
 components:
   schemas:

docs/user-guide/microservices/mapping-service/api-docs/mapping-api.yaml

@@ -7,6 +7,10 @@ info:
   description: |
     REST API service for 3D reconstruction with build-time model selection.
 
+    Authentication/Authorization status:
+    - This service currently does not implement endpoint-level AuthN/AuthZ.
+    - Protect access using trusted network boundaries, reverse proxy controls, and TLS.
+
     This service provides endpoints for performing 3D reconstruction from multiple input images. The model is selected at build time:
     - **MapAnything**: Universal Feed-Forward Metric 3D Reconstruction
     - **VGGT**: Visual Geometry Grounded Transformer for sparse view reconstruction
@@ -18,10 +22,10 @@ info:
     url: https://www.apache.org/licenses/LICENSE-2.0.html
 
 servers:
-  - url: https://localhost:8444
-    description: Local development server
-  - url: https://0.0.0.0:8444
-    description: Docker container server
+  - url: https://localhost:8444/v1
+    description: Direct standalone access
+  - url: https://localhost/api/v1/mapping
+    description: Access via Apache reverse proxy when web service is running
 
 tags:
   - name: reconstruction

docs/user-guide/microservices/mapping-service/build-from-source.md

@@ -111,7 +111,7 @@ The response will include which model was used:
 ### Health Check
 
 ```bash
-curl https://localhost:8444/health
+curl https://localhost:8444/v1/health
 ```
 
 Response includes model information:
@@ -128,7 +128,7 @@ Response includes model information:
 ### Model Information
 
 ```bash
-curl https://localhost:8444/models
+curl https://localhost:8444/v1/models
 ```
 
 Response shows single model details: