feat: v1 — boilerplate WxO + web
Boilerplate completo para construir soluciones agénticas sobre IBM watsonx Orchestrate (ADK 2.x) con una capa web encima. Destilado de cotemar-poc-n1 y dun-casos-prueba. Incluye: - 11 docs (best practices, architecture patterns, ADK cheatsheet, observability, tool authoring, deployment, RUNBOOK, DEPLOY_TO_NEW_WOX, known-issues con 16 errores reales y fix, eval strategy, INDEX) - 13 templates WxO (orchestrator/specialist/single-meta agents, 3 connections, KB + runbook, observable_tool decorator, coercion helpers, Python tools, OpenAPI spec, backend filter endpoint, webhook validator HMAC, MCP connection) - 6 scripts (deploy idempotente con fallback ADK, undeploy, reset, check-adk-version, new-specialist scaffold, eval-agents runner) - 4 eval pieces (linter de best practices, runner, smoke-test, direct backend probe) + scenario templates - 8 subagentes Claude (.claude/agents/) — wxo-architect, wxo-agent-author, wxo-tool-author, runbook-author, mock-builder, backend-tool-builder, eval-author, web-layer-builder - Skill bundle fit-wxo-bootstrap/ (SKILL.md + 3 templates) listo para copiar a ~/.claude/skills/ - Web layer default FastAPI+HTMX con vista timeline observable + endpoint receptor de trazas - Docker compose Coolify-ready (healthcheck wget -qO-, sin labels Traefik, network split internal:true) - CI Gitea workflow con lint + smoke Best practices enforced por evals/lint_wxo_yaml.py: - A1: máx 10 tools por agente - A3: orchestrator sin tools de remediación - A6: agente sin propósito (react sin tools ni KB) - T1: @observable_tool obligatorio, no @tool directo - T3: _compat shim inline en tools.py - D1: docker-compose sin wget --spider - I-005: OpenAPI con description per-operation - I-009: sin labels Traefik manuales Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
80
wxo/tools/openapi/_template_openapi_spec.yaml
Normal file
80
wxo/tools/openapi/_template_openapi_spec.yaml
Normal file
@@ -0,0 +1,80 @@
|
||||
# ─────────────────────────────────────────────────────────────────────────────
|
||||
# Template — OpenAPI 3.1 spec para WxO
|
||||
#
|
||||
# Importar con:
|
||||
# orchestrate tools import -k openapi -f este_archivo.yaml --app-id mi_app
|
||||
#
|
||||
# REQUISITOS (paga con dolor):
|
||||
# - description per-operation (issue I-005)
|
||||
# - security per-operation, NO solo global (issue I-006)
|
||||
# - servers[0].url parcheado en deploy time según env
|
||||
# - Si el backend usa FastAPI, mejor exponer un endpoint /orchestrate-tools-spec.json
|
||||
# que filtra dinámicamente. Ver _backend_filter_endpoint.py.
|
||||
# ─────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
openapi: 3.1.0
|
||||
info:
|
||||
title: "REPLACE Service API (orchestrate-exposed subset)"
|
||||
version: "1.0.0"
|
||||
description: "Subset filtrado de la API expuesto a WxO."
|
||||
|
||||
servers:
|
||||
# PATCH ME en deploy time:
|
||||
# jq --arg url "$BACKEND_URL" '.servers = [{"url": $url}]'
|
||||
- url: "https://CHANGEME/api/v1"
|
||||
|
||||
# Security definitions (NO heredan a las ops — issue I-006)
|
||||
components:
|
||||
securitySchemes:
|
||||
OrchestrateToken:
|
||||
type: apiKey
|
||||
in: header
|
||||
name: X-Orchestrate-Token # custom header, NO Bearer (regla C2)
|
||||
|
||||
schemas:
|
||||
RunCaseInput:
|
||||
type: object
|
||||
required: [case_id, target_id]
|
||||
properties:
|
||||
case_id:
|
||||
type: string
|
||||
description: "ID del caso a procesar."
|
||||
target_id:
|
||||
type: integer
|
||||
description: "ID del recurso objetivo."
|
||||
options:
|
||||
type: array
|
||||
items: { type: string }
|
||||
description: "Opciones adicionales."
|
||||
|
||||
RunCaseResult:
|
||||
type: object
|
||||
properties:
|
||||
ok: { type: boolean }
|
||||
ticket_id: { type: string }
|
||||
package_url: { type: string }
|
||||
error: { type: string, nullable: true }
|
||||
|
||||
paths:
|
||||
/cases/run:
|
||||
post:
|
||||
operationId: run_full_case
|
||||
summary: "Run a case end-to-end"
|
||||
# description OBLIGATORIO — issue I-005
|
||||
description: |
|
||||
Procesa un caso completo invocando los substeps en el backend.
|
||||
Devuelve ok=true + ticket_id + package_url, o ok=false + error.
|
||||
Cada substep emite write_audit con case_id.
|
||||
security: # per-operation — issue I-006
|
||||
- OrchestrateToken: []
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema: { $ref: "#/components/schemas/RunCaseInput" }
|
||||
responses:
|
||||
"200":
|
||||
description: "Resultado del procesamiento."
|
||||
content:
|
||||
application/json:
|
||||
schema: { $ref: "#/components/schemas/RunCaseResult" }
|
||||
Reference in New Issue
Block a user