harden AV ingestion contracts, align CI go toolchain, and sync roadmap/docs

Author: rwilliamspbg-ops

.github/workflows/av-ingestion-go-tests.yml

@@ -0,0 +1,42 @@
+name: AV Ingestion Go Tests
+
+"on":
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+    paths:
+      - 'sensors/mobile/**'
+      - 'sensors/drone/**'
+      - '.github/workflows/av-ingestion-go-tests.yml'
+      - 'go.mod'
+      - 'go.sum'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'sensors/mobile/**'
+      - 'sensors/drone/**'
+      - '.github/workflows/av-ingestion-go-tests.yml'
+      - 'go.mod'
+      - 'go.sum'
+
+permissions:
+  contents: read
+
+jobs:
+  av-ingestion-tests:
+    name: AV Ingestion Contract Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+
+      - name: Set up Go
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
+        with:
+          go-version-file: go.mod
+          cache: true
+
+      - name: Run mobile and drone ingestion tests
+        run: |
+          bash scripts/go-with-aligned-toolchain.sh test -v ./sensors/mobile ./sensors/drone

.github/workflows/full-validation-pr-gate.yml

@@ -33,16 +33,19 @@ jobs:
         with:
           go-version-file: go.mod
 
+      - name: Run AV ingestion contract tests
+        run: bash scripts/go-with-aligned-toolchain.sh test -v ./sensors/mobile ./sensors/drone
+
       - name: Build backend in FIPS-required mode
         run: |
           mkdir -p bin
-          CGO_ENABLED=1 GOFIPS140=latest go build -tags=requirefips -ldflags "-X main.fipsMode=required -X main.buildProfile=prod" -o bin/sovereign_backend ./cmd/sovereign-node
+          CGO_ENABLED=1 GOFIPS140=latest bash scripts/go-with-aligned-toolchain.sh build -tags=requirefips -ldflags "-X main.fipsMode=required -X main.buildProfile=prod" -o bin/sovereign_backend ./cmd/sovereign-node
 
       - name: Verify backend build metadata
         run: |
           mkdir -p test-results/full-validation
-          go version -m bin/sovereign_backend | tee test-results/full-validation/fips-buildinfo.txt
-          go version -m bin/sovereign_backend | grep -E "GOFIPS140=latest|-tags=requirefips|CGO_ENABLED=1"
+          bash scripts/go-with-aligned-toolchain.sh version -m bin/sovereign_backend | tee test-results/full-validation/fips-buildinfo.txt
+          bash scripts/go-with-aligned-toolchain.sh version -m bin/sovereign_backend | grep -E "GOFIPS140=latest|-tags=requirefips|CGO_ENABLED=1"
 
       - name: Prepare test environment
         run: npm run test:setup

Documentation/Project/ROADMAP.md

@@ -125,6 +125,22 @@ This roadmap tracks execution priorities for the current `v1.2.0` platform basel
   - browser telemetry is visible in HUD KPI/panel surfaces: met
   - observability dashboard query validation includes all referenced metrics: met
 
+### Milestone 9: AV-Ready v1.0 One-Pass Sprint
+- Status: planned
+- Execute a single-pass sprint to harden AV mapping runtime and validation gates.
+- Canonical sprint document:
+  - `docs/AV_READY_V1_ONE_PASS_SPRINT.md`
+- Primary outcomes:
+  - sensor contracts and ingestion validation
+  - time alignment and calibration enforcement
+  - fused pose output replacing fallback nominal path
+  - end-to-end map update and deterministic tile generation
+  - AV-specific observability and CI merge gate coverage
+- Exit criteria:
+  - one-pass definition of done in sprint document fully met
+  - CI AV lane required and green on main
+  - release-readiness summary updated with AV v1.0 evidence bundle
+
 ### Milestone 4: Scale and Readiness Gate
 - Status: completed (2026-03-17)
 - 10-node scale test executed on 4-core/15 GiB host; 10/10 agents confirmed running.

Makefile

@@ -3,7 +3,7 @@
 
 .PHONY: all build test clean deploy logs help \
 	smoke testnet-wallet-readiness \
-	stack-start stack-verify stack-down screenshots-check go-env observability-smoke observability-live-smoke compose-service-drift-check quickstart-verify alerts-test benchmark-fedavg-compare
+	stack-start stack-verify stack-down screenshots-check go-env go-toolchain-check observability-smoke observability-live-smoke compose-service-drift-check quickstart-verify alerts-test benchmark-fedavg-compare
 
 COMPOSE ?= docker compose
 FULL_COMPOSE_FILE ?= docker-compose.full.yml
@@ -269,6 +269,9 @@ go-env:
 	@$(GO) version
 	@$(GO) env GOROOT GOTOOLCHAIN GOMODCACHE GOCACHE
 
+go-toolchain-check:
+	@bash scripts/go-toolchain-sanity.sh
+
 proto:
 	@echo "📝 Generating protobuf files..."
 	protoc --go_out=. --go-grpc_out=. pkg/proto/*.proto
@@ -315,6 +318,7 @@ help:
 	@echo "  make lint    - Run linters"
 	@echo "  make lint-soft - Run linters without failing target"
 	@echo "  make go-env  - Print effective Go toolchain settings"
+	@echo "  make go-toolchain-check - Validate Go driver/compiler/linker version alignment"
 	@echo "  make observability-smoke - Validate dashboard queries and JSON syntax"
 	@echo "  make observability-live-smoke - Validate lower-half operations panel queries against live Prometheus"
 	@echo "  make compose-service-drift-check - Detect stale compose service names in scripts"

av_ingestion_alerts.yml

@@ -0,0 +1,25 @@
+groups:
+  - name: av_ingestion_alerts
+    interval: 15s
+    rules:
+      - alert: AVIngestionRejectSpike
+        expr: increase(av_ingestion_rejected_total[10m]) > 50
+        for: 5m
+        labels:
+          severity: warning
+          service: av-ingestion
+          team: platform
+        annotations:
+          summary: "AV ingestion reject spike detected"
+          description: "AV ingestion rejected more than 50 samples in 10 minutes."
+
+      - alert: AVIngestionStaleSignal
+        expr: time() - av_ingestion_last_update_timestamp_seconds > 120
+        for: 5m
+        labels:
+          severity: warning
+          service: av-ingestion
+          team: platform
+        annotations:
+          summary: "AV ingestion appears stale"
+          description: "No AV ingestion update for more than 2 minutes."