Tracker service v0.3.2: robot vision integration

sample_data/docker-compose-dl-streamer-example.yml

@@ -474,6 +474,11 @@ services:
     secrets:
       - source: root-cert
         target: certs/scenescape-ca.pem
+    read_only: true
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
     restart: always
     mem_limit: ${TRACKER_MEM_LIMIT:-512m}
     # Scale: ~1 CPU per 100 tracked objects. Increase TRACKER_CPUS for larger deployments.

tracker/.vscode/launch.json

@@ -21,7 +21,14 @@
             ],
             "sourceFileMap": {
                 "/scenescape/tracker": "${workspaceFolder}"
-            }
+            },
+            "environment": [
+                {"name": "http_proxy", "value": ""},
+                {"name": "https_proxy", "value": ""},
+                {"name": "HTTP_PROXY", "value": ""},
+                {"name": "HTTPS_PROXY", "value": ""},
+                {"name": "TRACKER_LOG_LEVEL", "value": "debug"}
+            ]
         },
         {
             "name": "Tracker: Debug native",
@@ -35,6 +42,16 @@
             "stopAtEntry": false,
             "cwd": "${workspaceFolder}",
             "envFile": "${workspaceFolder}/build-debug/debug.env",
+            "environment": [
+                {"name": "http_proxy", "value": ""},
+                {"name": "https_proxy", "value": ""},
+                {"name": "HTTP_PROXY", "value": ""},
+                {"name": "HTTPS_PROXY", "value": ""},
+                {"name": "TRACKER_LOG_LEVEL", "value": "debug"},
+                {"name": "TRACKER_MQTT_INSECURE", "value": "false"},
+                {"name": "TRACKER_MQTT_TLS_CA_CERT", "value": "${workspaceFolder}/../manager/secrets/certs/scenescape-ca.pem"},
+                {"name": "TRACKER_MQTT_TLS_VERIFY_SERVER", "value": "true"}
+            ],
             "externalConsole": false,
             "MIMode": "gdb",
             "miDebuggerPath": "/usr/bin/gdb",

tracker/CMakeLists.txt

@@ -44,6 +44,12 @@ find_package(httplib REQUIRED)
 find_package(RapidJSON REQUIRED)
 find_package(PahoMqttCpp REQUIRED)
 
+#####################################################################
+# System-provided packages
+#####################################################################
+
+find_package(OpenMP REQUIRED)
+
 #####################################################################
 # RobotVision integration
 #####################################################################
@@ -70,6 +76,7 @@ set(PROJECT_SOURCE_LIST
   ${CMAKE_CURRENT_SOURCE_DIR}/src/cli.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/config_loader.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/scene_loader.cpp
+  ${CMAKE_CURRENT_SOURCE_DIR}/src/coordinate_transformer.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/healthcheck_server.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/healthcheck_command.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/mqtt_client.cpp
@@ -80,6 +87,7 @@ set(PROJECT_SOURCE_LIST
   ${CMAKE_CURRENT_SOURCE_DIR}/src/tracking_worker.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/track_publisher.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/proxy_utils.cpp
+  ${CMAKE_CURRENT_SOURCE_DIR}/src/time_utils.cpp
   ${CMAKE_CURRENT_SOURCE_DIR}/src/topic_utils.cpp
 )
 
@@ -108,6 +116,7 @@ target_link_libraries(${PROJECT_NAME}
   PRIVATE
     scenescape::security_options
     RobotVision
+    OpenMP::OpenMP_CXX
     quill::quill
     CLI11::CLI11
     httplib::httplib

tracker/Makefile

@@ -176,18 +176,34 @@ build-relwithdebinfo: dependencies-relwithdebinfo
 TRACKER_SCHEMA_PATH ?= $(CURDIR)/schema/config.schema.json
 TRACKER_CONFIG_PATH ?= $(CURDIR)/config/tracker.json
 
-# MQTT broker connection (auto-detect from test broker, fallback to 1883)
-export TRACKER_MQTT_HOST ?= localhost
-export TRACKER_MQTT_PORT ?= $(shell cd test/service && docker compose port broker 1883 2>/dev/null | cut -d: -f2 || echo 1883)
+# MQTT broker connection - preconfigured for SceneScape demo (docker compose up)
+# These variables are exported only in run/run-debug targets to avoid polluting test environment
+TRACKER_MQTT_HOST ?= localhost
+TRACKER_MQTT_PORT ?= $(shell cd test/service && docker compose port broker 1883 2>/dev/null | cut -d: -f2 || echo 1883)
+TRACKER_MQTT_INSECURE ?= false
 
-# Export empty proxy vars - Paho MQTT library fails with proxy env vars,
+# TLS CA certificate path (host path for native runs, container path set in tracker.json)
+TRACKER_TLS_CA_CERT_HOST ?= $(CURDIR)/../manager/secrets/certs/scenescape-ca.pem
+TRACKER_MQTT_TLS_CA_CERT ?= $(TRACKER_TLS_CA_CERT_HOST)
+
+# For insecure test broker: make run TRACKER_MQTT_INSECURE=true
+
+# Export MQTT env vars and empty proxy vars - Paho MQTT library fails with proxy env vars,
 # tracker code detects empty vars and unsets them (see mqtt_client.cpp)
 run: build
-	export http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= && \
+	export TRACKER_MQTT_HOST="$(TRACKER_MQTT_HOST)" \
+		TRACKER_MQTT_PORT="$(TRACKER_MQTT_PORT)" \
+		TRACKER_MQTT_INSECURE="$(TRACKER_MQTT_INSECURE)" \
+		TRACKER_MQTT_TLS_CA_CERT="$(TRACKER_MQTT_TLS_CA_CERT)" \
+		http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= && \
 		. build/conanrun.sh && ./build/$(NAME) --config $(TRACKER_CONFIG_PATH) --schema $(TRACKER_SCHEMA_PATH)
 
 run-debug: build-debug
-	export http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= && \
+	export TRACKER_MQTT_HOST="$(TRACKER_MQTT_HOST)" \
+		TRACKER_MQTT_PORT="$(TRACKER_MQTT_PORT)" \
+		TRACKER_MQTT_INSECURE="$(TRACKER_MQTT_INSECURE)" \
+		TRACKER_MQTT_TLS_CA_CERT="$(TRACKER_MQTT_TLS_CA_CERT)" \
+		http_proxy= https_proxy= HTTP_PROXY= HTTPS_PROXY= && \
 		. build-debug/conanrun.sh && ./build-debug/$(NAME) --config $(TRACKER_CONFIG_PATH) --schema $(TRACKER_SCHEMA_PATH)
 
 # Profile with perf using optimized build with debug symbols.
@@ -319,8 +335,9 @@ test-service: build-image
 	@test/service/.venv/bin/pip install -q --upgrade pip
 	@test/service/.venv/bin/pip install -q -r test/service/requirements.txt
 	@echo "Running service tests..."
-	unset TRACKER_MQTT_PORT TRACKER_MQTT_HOST TRACKER_MQTT_INSECURE && \
-		cd test/service && .venv/bin/pytest -v --tb=short
+	cd test/service && \
+		unset TRACKER_MQTT_HOST TRACKER_MQTT_PORT TRACKER_MQTT_INSECURE TRACKER_MQTT_TLS_CA_CERT && \
+		.venv/bin/pytest -v --tb=short
 
 #####################################################################
 # Docker build targets
@@ -339,17 +356,21 @@ build-image-debug:
 build-image-relwithdebinfo:
 	$(MAKE) build-image TARGET=runtime BUILD_TYPE=RelWithDebInfo IMAGE=scenescape-tracker-relwithdebinfo
 
-# Use host network to reach broker on localhost; empty proxy vars for Paho workaround
+# Use host network to reach broker; empty proxy vars for Paho workaround
+# Container uses secure defaults from tracker.json (TLS to broker.scenescape.intel.com)
 run-image: build-image
 	docker run --rm -it --network=host \
 		-e http_proxy= -e https_proxy= -e HTTP_PROXY= -e HTTPS_PROXY= \
+		-v $(TRACKER_TLS_CA_CERT_HOST):/run/secrets/certs/scenescape-ca.pem:ro \
 		$(IMAGE):$(VERSION)
 
 run-image-debug: build-image-debug
 	-docker stop tracker-debug 2>/dev/null || true
 	-docker rm tracker-debug 2>/dev/null || true
 	docker run --rm -d --name tracker-debug --init -p 2345:2345 \
 		--cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
+		-e http_proxy= -e https_proxy= -e HTTP_PROXY= -e HTTPS_PROXY= \
+		-v $(TRACKER_TLS_CA_CERT_HOST):/run/secrets/certs/scenescape-ca.pem:ro \
 		scenescape-tracker-debug:$(VERSION)
 	@echo "Debug container started. Attach debugger to localhost:2345"
 

tracker/README.md

@@ -44,14 +44,38 @@ make build-relwithdebinfo
 
 #### Run
 
+The run targets are preconfigured to work with SceneScape demo. Start SceneScape first:
+
+```bash
+# From repository root
+docker compose up -d
+```
+
+Then run the tracker:
+
 ```bash
-# Run with default settings
+# Run release build
 make run
 
-# Debug build
+# Run debug build
 make run-debug
 ```
 
+**Environment overrides:** The following variables can be overridden:
+
+| Variable                   | Default                                      | Description                   |
+| -------------------------- | -------------------------------------------- | ----------------------------- |
+| `TRACKER_MQTT_HOST`        | `localhost`                                  | MQTT broker hostname          |
+| `TRACKER_MQTT_PORT`        | `1883`                                       | MQTT broker port              |
+| `TRACKER_MQTT_INSECURE`    | `false`                                      | Disable TLS (for test broker) |
+| `TRACKER_MQTT_TLS_CA_CERT` | `../manager/secrets/certs/scenescape-ca.pem` | CA certificate path           |
+
+Example with insecure test broker:
+
+```bash
+make run TRACKER_MQTT_INSECURE=true
+```
+
 **Manual execution:** If not using Make targets, you must source the Conan environment
 first. Conan-managed libraries (e.g., OpenCV) are not installed system-wide, so
 `LD_LIBRARY_PATH` must be set:

tracker/conanfile.txt

@@ -7,6 +7,7 @@ cli11/2.6.0
 cpp-httplib/0.28.0
 rapidjson/cci.20230929
 gtest/1.17.0
+stduuid/1.2.3
 opencv/4.12.0
 eigen/3.4.0
 paho-mqtt-cpp/1.5.3

tracker/config/tracker.json

@@ -1,9 +1,13 @@
 {
   "infrastructure": {
     "mqtt": {
-      "host": "localhost",
+      "host": "broker.scenescape.intel.com",
       "port": 1883,
-      "insecure": true
+      "insecure": false,
+      "tls": {
+        "ca_cert_path": "/run/secrets/certs/scenescape-ca.pem",
+        "verify_server": true
+      }
     },
     "tracker": {
       "healthcheck": {
@@ -16,6 +20,14 @@
       "level": "info"
     }
   },
+  "tracking": {
+    "max_lag_s": 1.0,
+    "time_chunking_rate_fps": 15,
+    "max_workers": 50,
+    "max_unreliable_time_s": 1.0,
+    "non_measurement_time_dynamic_s": 0.8,
+    "non_measurement_time_static_s": 1.6
+  },
   "scenes": {
     "source": "file",
     "file_path": "scenes.json"

tracker/docs/implementation.md

@@ -276,7 +276,7 @@ RobotVision output in world coordinates. See [`scene-data.schema.json`](../schem
 
 ```cpp
 struct Track {
-    std::string id;             // Persistent track ID (UUID)
+    std::string id;             // Persistent track ID (UUID v4, mapped from RobotVision int ID)
     std::string category;       // Object category (e.g., person, vehicle)
     std::array<double, 3> translation;  // World position [x, y, z] meters
     std::array<double, 3> velocity;     // Velocity [vx, vy, vz] m/s

tracker/inc/config_loader.hpp

@@ -76,11 +76,23 @@ constexpr double kDefaultMaxLagS = 1.0;
 constexpr int kDefaultTimeChunkingRateFps = 15;
 constexpr int kDefaultMaxWorkers = 50;
 
+// RobotVision tracker parameter defaults
+constexpr double kDefaultMaxUnreliableTimeS = 1.0;
+constexpr double kDefaultNonMeasurementTimeDynamicS = 0.8;
+constexpr double kDefaultNonMeasurementTimeStaticS = 1.6;
+
 struct TrackingConfig {
     double max_lag_s = kDefaultMaxLagS; ///< Max lag for detection frames (seconds)
     int time_chunking_rate_fps =
         kDefaultTimeChunkingRateFps;      ///< Chunk dispatch rate (frames per second)
     int max_workers = kDefaultMaxWorkers; ///< DoS protection: max worker threads (scene+category)
+
+    // RobotVision tracker parameters
+    double max_unreliable_time_s = kDefaultMaxUnreliableTimeS; ///< Max time track can be unreliable
+    double non_measurement_time_dynamic_s =
+        kDefaultNonMeasurementTimeDynamicS; ///< Time before dynamic track dropped
+    double non_measurement_time_static_s =
+        kDefaultNonMeasurementTimeStaticS; ///< Time before static track dropped
 };
 
 /**
@@ -117,6 +129,10 @@ constexpr char INFRASTRUCTURE_MQTT_TLS_VERIFY_SERVER[] = "/infrastructure/mqtt/t
 constexpr char TRACKING_MAX_LAG_S[] = "/tracking/max_lag_s";
 constexpr char TRACKING_TIME_CHUNKING_RATE_FPS[] = "/tracking/time_chunking_rate_fps";
 constexpr char TRACKING_MAX_WORKERS[] = "/tracking/max_workers";
+constexpr char TRACKING_MAX_UNRELIABLE_TIME_S[] = "/tracking/max_unreliable_time_s";
+constexpr char TRACKING_NON_MEASUREMENT_TIME_DYNAMIC_S[] =
+    "/tracking/non_measurement_time_dynamic_s";
+constexpr char TRACKING_NON_MEASUREMENT_TIME_STATIC_S[] = "/tracking/non_measurement_time_static_s";
 
 // Scenes
 constexpr char SCENES_SOURCE[] = "/scenes/source";