# Smart Deploy Agent Demo Backend ## Setup ```bash python -m venv .venv .venv\\Scripts\\python -m pip install -e backend ``` ## Run ```bash .venv\\Scripts\\python -m uvicorn app.main:app --reload --app-dir backend ``` ## Test The lightweight API verification can run with in-memory SQLite: ```bash set PYTHONPATH=backend set DATABASE_URL=sqlite:///:memory: .venv\\Scripts\\python -m pytest backend/tests -q -p no:cacheprovider ``` ## Runtime Notes This repo currently defaults to: 1. database: `sqlite:///./data/agent_demo.db` 2. demo cache / queue: no Redis dependency 3. edge defaults: `edge_id=edge-shanghai-001` `tool_name=http_health_check` 4. demo operator defaults: `alice(u1001)` for task execution `bob(u2001)` for approval In the current sandbox, file-based SQLite may fail with `disk I/O error`. For tests and local verification here, use: ```bash set DATABASE_URL=sqlite:///:memory: ``` ## Implemented API Scope Current backend includes: 1. agent task `POST /api/agent/tasks` `POST /api/agent/tasks/{task_id}/confirm` `POST /api/agent/tasks/{task_id}/cancel` `GET /api/agent/tasks/{task_id}` `GET /api/agent/tasks/{task_id}/report` 2. demo identity `POST /api/demo/identity/login` `GET /api/demo/identity/me` `GET /api/demo/identity/users/{user_id}/permissions` `POST /api/demo/identity/token/introspect` 3. demo approval `POST /api/demo/approval/requests` `GET /api/demo/approval/requests/{approval_id}` `POST /api/demo/approval/requests/{approval_id}/decision` `GET /api/demo/approval/requests` 4. software-a minimal implementation `POST /api/demo/software-a/deploy-tasks` `GET /api/demo/software-a/deploy-tasks/{software_a_task_id}` `POST /api/demo/software-a/permissions/check` 5. edge `POST /api/agent/edge/heartbeat` `POST /api/agent/edge/tasks/pull` `POST /api/agent/edge/tasks/report` `POST /api/agent/edge/events` Current execution flow: 1. create task 2. confirm task 3. high-risk task enters approval flow 4. check `software-a` minimal implementation permission 5. create `software-a` minimal implementation deploy task 6. create default edge verification step 7. edge pulls and reports verification result 8. task reaches `SUCCEEDED` / `FAILED` / `CANCELLED` 9. task detail/report returns software-a status, approval trace, tool trace, verification trace and audit trace Current execution metrics: 1. `tool_call.duration_ms` is persisted from `started_at` / `finished_at` 2. `verification_trace.duration_ms` is persisted for edge task reports Current result summary capabilities: 1. task detail/report returns `result_summary_detail` 2. summary includes final status, final reason, software-a result, approval result and verification result Demo failure semantics currently include: 1. if `app_code` or `version` contains `fail`, the `software-a` minimal implementation returns a failed deploy task 2. approval rejection moves task to `CANCELLED` 3. failed edge report moves task to `FAILED` ## Current Verification Baseline Automated tests currently cover: 1. create / confirm / get task 2. high-risk approval path 3. identity and software-a minimal implementation APIs 4. edge heartbeat / pull / report 5. edge event report 6. task report trace aggregation 7. cancel running task Current baseline: `14 passed` ## Next Focus Recommended next implementation steps: 1. add more idempotency and rollback tests 2. continue enriching audit details and task-level aggregate metrics 3. continue toward local edge-agent bootstrap 4. then continue with second-batch OpenAPI