feat: v1 — boilerplate WxO + web
Some checks failed
CI — Lint + Evals / lint (push) Has been cancelled
CI — Lint + Evals / smoke (push) Has been cancelled

Boilerplate completo para construir soluciones agénticas sobre IBM
watsonx Orchestrate (ADK 2.x) con una capa web encima.

Destilado de cotemar-poc-n1 y dun-casos-prueba. Incluye:

- 11 docs (best practices, architecture patterns, ADK cheatsheet,
  observability, tool authoring, deployment, RUNBOOK, DEPLOY_TO_NEW_WOX,
  known-issues con 16 errores reales y fix, eval strategy, INDEX)
- 13 templates WxO (orchestrator/specialist/single-meta agents,
  3 connections, KB + runbook, observable_tool decorator, coercion
  helpers, Python tools, OpenAPI spec, backend filter endpoint, webhook
  validator HMAC, MCP connection)
- 6 scripts (deploy idempotente con fallback ADK, undeploy, reset,
  check-adk-version, new-specialist scaffold, eval-agents runner)
- 4 eval pieces (linter de best practices, runner, smoke-test, direct
  backend probe) + scenario templates
- 8 subagentes Claude (.claude/agents/) — wxo-architect, wxo-agent-author,
  wxo-tool-author, runbook-author, mock-builder, backend-tool-builder,
  eval-author, web-layer-builder
- Skill bundle fit-wxo-bootstrap/ (SKILL.md + 3 templates) listo para
  copiar a ~/.claude/skills/
- Web layer default FastAPI+HTMX con vista timeline observable + endpoint
  receptor de trazas
- Docker compose Coolify-ready (healthcheck wget -qO-, sin labels Traefik,
  network split internal:true)
- CI Gitea workflow con lint + smoke

Best practices enforced por evals/lint_wxo_yaml.py:
- A1: máx 10 tools por agente
- A3: orchestrator sin tools de remediación
- A6: agente sin propósito (react sin tools ni KB)
- T1: @observable_tool obligatorio, no @tool directo
- T3: _compat shim inline en tools.py
- D1: docker-compose sin wget --spider
- I-005: OpenAPI con description per-operation
- I-009: sin labels Traefik manuales

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Felipe Arentsen
2026-05-16 14:59:44 +00:00
commit b089c2ef18
70 changed files with 6739 additions and 0 deletions

65
evals/direct-backend-probe.sh Executable file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/env bash
# Diagnóstico: ¿el backend responde correctamente a llamadas estilo WxO?
# Aísla problemas de auth/conectividad de problemas de lógica del agente.
set -euo pipefail
PUBLIC_HOST="${PUBLIC_HOST:-mi-cliente.fitlabs.dev}"
BASE="https://${PUBLIC_HOST}"
TOKEN="${WXO_BACKEND_TOKEN:-}"
echo "──────────────────────────────────────────────────────"
echo " Direct backend probe — ${BASE}"
echo "──────────────────────────────────────────────────────"
# [1/3] Health
echo "[1/3] Healthcheck"
CODE=$(curl -s -o /dev/null -w "%{http_code}" "${BASE}/health" || echo "000")
if [ "$CODE" = "200" ]; then
echo " ✓ 200 OK"
else
echo "$CODE — el backend no responde. ¿Container up? ¿Healthcheck OK?"
exit 1
fi
# [2/3] Direct tool call — con token, expecting controlled failure (case not found)
echo "[2/3] Direct tool call (con token, case inexistente)"
RESP=$(curl -s -X POST "${BASE}/api/v1/cases/run" \
-H "Content-Type: application/json" \
-H "X-Orchestrate-Token: ${TOKEN}" \
-d '{"case_id":"probe-nonexistent-uuid","target_id":1}')
CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${BASE}/api/v1/cases/run" \
-H "Content-Type: application/json" \
-H "X-Orchestrate-Token: ${TOKEN}" \
-d '{"case_id":"probe-nonexistent-uuid","target_id":1}')
if [ "$CODE" = "200" ]; then
echo " ✓ 200 con error de lógica: $RESP"
echo " → Backend responde OK. Si el agente falla, es el agente o el LLM."
elif [ "$CODE" = "401" ] || [ "$CODE" = "403" ]; then
echo "$CODE — auth fallida. Verificar:"
echo " - El token (WXO_BACKEND_TOKEN) es correcto"
echo " - La connection en WxO tiene la API key correcta"
echo " - El header es X-Orchestrate-Token (no Authorization)"
exit 1
elif [ "$CODE" = "502" ] || [ "$CODE" = "504" ]; then
echo "$CODE — gateway. Backend caído o muy lento."
exit 1
else
echo "$CODE inesperado: $RESP"
fi
# [3/3] Sin token, debe fallar 401
echo "[3/3] Sin token (debe rechazar)"
CODE_NOAUTH=$(curl -s -o /dev/null -w "%{http_code}" -X POST "${BASE}/api/v1/cases/run" \
-H "Content-Type: application/json" \
-d '{"case_id":"probe","target_id":1}')
if [ "$CODE_NOAUTH" = "401" ] || [ "$CODE_NOAUTH" = "403" ]; then
echo " ✓ rechaza correctamente sin token ($CODE_NOAUTH)"
else
echo " ⚠ acepta sin token ($CODE_NOAUTH) — posible problema de seguridad"
fi
echo ""
echo "✓ Probe completed. Backend está sano desde el punto de vista de WxO."