autonomy demo ros2-bridge

Demo governed ROS 2 DDS publishes via the long-lived bridge

Synopsis

Spawns the governed_ros2_bridge container on a separate "agent" DDS domain,
runs a scripted agent that publishes on the configured topic, watches the bridge
POST every publish to the embedded /v1/tool runtime for policy evaluation, and
republishes allowed messages on the "real" DDS domain.

Prerequisites:
  * Docker available on PATH
  * The adk-ros2-runtime image present locally (pull with:
      docker pull ghcr.io/autonomyops/adk-ros2-runtime:latest
    or build from source (repo-root context required for the
    LD_PRELOAD shim builder stage — #960 Phase 4b-2):
      docker build -t ghcr.io/autonomyops/adk-ros2-runtime:latest \
        -f demo/ros2-runtime/Dockerfile .)

Default flow (multi-topic allow + deny in one run, #939 4-A):

  agent_domain=99   real_domain=42
  bridge topics = /cmd_vel std_msgs/msg/String + /disable_safety std_msgs/msg/String

  publish /cmd_vel "go-forward"          → bridge POSTs, policy ALLOW, republished on real
  publish /disable_safety "shut-it-down" → bridge POSTs, policy DENY,  NOT republished
  publish /cmd_vel "go-left"             → ALLOW
  publish /disable_safety "trip-the-estop" → DENY
  publish /cmd_vel "go-right"            → ALLOW

  WAL summary: 5 autonomy.decision frames (3 allow + 2 deny), all
  tagged bridge_origin=governed_ros2_bridge (#939 4-E.a). The two
  denied messages NEVER reach the real DDS domain.

Override --topic to drive the legacy single-topic flow (back-compat
for pre-4-A demos and for testing one topic in isolation): the bridge
subscribes only to that topic and the script becomes 3 std_msgs/String
publishes onto it. With --topic /cmd_vel the result is all allow;
with --topic /disable_safety the result is all deny.

No control plane needed; the runtime serves /v1/tool from an in-process
listener and the bridge reaches it via --network host.

Usage

autonomy demo ros2-bridge [flags]

Options

      --agent-domain int   ROS_DOMAIN_ID the bridge subscribes on (must differ from --real-domain) (default 99)
      --image string       OCI image for the bridge container (must include the governed_ros2_bridge binary) (default "ghcr.io/autonomyops/adk-ros2-runtime:latest")
      --keep               preserve the WAL directory on exit (default: remove)
      --real-domain int    ROS_DOMAIN_ID the bridge republishes allowed messages onto (must differ from --agent-domain) (default 42)
      --topic string       Pin the bridge to a single topic (back-compat single-topic flow). Empty (the default) drives the multi-topic allow + deny narrative: bridge subscribes to both /cmd_vel (policy allow) AND /disable_safety (policy deny) in one run, scripted publisher interleaves both so the transcript visibly cycles allow / deny. Set this to a specific topic (e.g. /cmd_vel or /disable_safety) to drive the legacy single-topic 3-publish flow against that topic only.

See also

• autonomy demo — Run self-contained demos that require no Docker or control plane