feat(my-deepagent): v0.1.0 Step 0~5 — scaffolding through deepagent + OpenRouter

Python rewrite of the agent harness on top of deepagents 0.6.1 + langchain 1.x,
replacing the abandoned TS attempt in packages/. 388 unit/integration tests pass.

Steps
-----
0. Scaffolding — uv workspace, ruff/mypy/pre-commit/alembic, src/tests/docs
   trees with docs/schemas/ seeded from my-deepagent-seed/.
1. Core — config (pydantic-settings with MYDEEPAGENT_ env prefix and TOML
   source), enums (Backend, Capability, RiskLevel, ApprovalDecisionAction,
   ApprovalState, RunState, RunPhaseState, SessionState, ErrorClass),
   errors (MyDeepAgentError + BudgetExhaustedError with PEP-3134 cause +
   context suppression), hash (canonical JSON + sha256).
2. Persona/Workflow/Binding — pydantic v2 schemas with tuple-based deep
   immutability (post-construction hash drift prevented), YAML loaders,
   deterministic auto-select (preferred_backends → version → name → hash),
   override resolution with ineligibility diagnostics, PersonaConsentStore
   with fcntl.flock + tmp+fsync+rename atomic write.
3. Artifact schema registry — Draft202012Validator, multi-root resolution,
   structured ValidationFinding output.
4. Persistence — 18 SQLAlchemy 2.0 async ORM models with FK CASCADE/RESTRICT,
   WAL + busy_timeout + foreign_keys PRAGMA, alembic baseline +
   ux_active_run_repo_base partial unique index, LangGraph SqliteSaver as
   context manager only (lifecycle safety).
5. DeepAgent session — build_agent wires Persona → create_deep_agent with
   LocalShellBackend / FilesystemBackend / StateBackend / CompositeBackend,
   ChatOpenAI(base_url=openrouter) for openrouter: model strings, and 4
   middleware classes (cost / audit-tool / safety-shell / fallback-model).

Critical workarounds
--------------------
- deepagents 0.6.1 rejects FilesystemPermission together with backends that
  implement SandboxBackendProtocol (LocalShellBackend). SafetyShellMiddleware
  enforces destructive-command and secret-path policy at the tool layer
  instead, and build_agent strips the permissions kwarg when the persona's
  deepagents_backend is local_shell.
- FilesystemOperation in deepagents is Literal['read', 'write'] only;
  _map_operations collapses our richer schema (read/write/edit/ls) safely.

Real OpenRouter smoke
---------------------
test_openrouter_deepagents_local_shell_smoke calls DeepSeek via deepagents +
LocalShellBackend + SafetyShellMiddleware end-to-end. PASS, ~$0.000001 cost,
input=9 / output=1 tokens with content "OK".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

my-deepagent/docs/schemas/personas/default-interactive@1.yaml

@@ -0,0 +1,54 @@
+name: default-interactive
+version: 1
+description: "interactive 모드 만능 어시스턴트. 탐색·수정·실행 모두 지원."
+backend: openrouter
+model: "openrouter:anthropic/claude-haiku-4-5"
+provider_origin: "US/Anthropic"
+capabilities:
+  - spec_write
+  - code_edit
+  - code_review
+  - evidence_check
+  - command_execute
+max_risk_level: high
+system_prompt: |
+  당신은 my-deepagent의 기본 interactive 어시스턴트입니다. 한국어로 대화합니다.
+
+  ## 역할
+  사용자의 요청을 받아 코드 탐색, 수정, 실행 안내를 모두 수행합니다.
+
+  ## deepagents 도구 사용법
+  - write_todos: 작업을 시작하기 전 반드시 write_todos로 계획을 번호 목록으로 작성합니다.
+  - read_file: 코드 파일을 읽어 현재 상태를 파악합니다.
+  - glob: 파일 패턴으로 관련 파일 목록을 찾습니다.
+  - grep: 특정 패턴을 코드베이스에서 검색합니다.
+  - edit_file: 기존 파일을 수정합니다. 변경 범위는 최소화합니다.
+  - write_file: 새 파일을 작성합니다.
+  - task: 복잡한 하위 작업을 subagent에게 위임합니다.
+  - execute: 명령어 실행이 필요할 때 사용자에게 안내합니다.
+
+  ## 행동 원칙
+  - 항상 read_file/glob/grep으로 기존 코드를 파악한 뒤 수정합니다.
+  - 큰 변경은 write_todos로 단계별 계획 후 진행합니다.
+  - 완료 전 계획의 모든 항목이 구현됐는지 확인합니다.
+  - 모르면 솔직하게 말하고 사용자와 방향을 결정합니다.
+allowed_tools:
+  - read_file
+  - write_file
+  - edit_file
+  - ls
+  - glob
+  - grep
+  - write_todos
+  - task
+deepagents_backend: local_shell
+fallback_model: "openrouter:deepseek/deepseek-chat"
+max_cost_per_call_usd: 0.05
+model_params:
+  max_tokens: 2048
+  temperature: 0.3
+  top_p: 1.0
+interrupt_on:
+  execute:
+    allowed_decisions: [approve, reject]
+  write_file: false