feat(my-deepagent): v0.1.0 Step 0~5 — scaffolding through deepagent + OpenRouter

Python rewrite of the agent harness on top of deepagents 0.6.1 + langchain 1.x,
replacing the abandoned TS attempt in packages/. 388 unit/integration tests pass.

Steps
-----
0. Scaffolding — uv workspace, ruff/mypy/pre-commit/alembic, src/tests/docs
   trees with docs/schemas/ seeded from my-deepagent-seed/.
1. Core — config (pydantic-settings with MYDEEPAGENT_ env prefix and TOML
   source), enums (Backend, Capability, RiskLevel, ApprovalDecisionAction,
   ApprovalState, RunState, RunPhaseState, SessionState, ErrorClass),
   errors (MyDeepAgentError + BudgetExhaustedError with PEP-3134 cause +
   context suppression), hash (canonical JSON + sha256).
2. Persona/Workflow/Binding — pydantic v2 schemas with tuple-based deep
   immutability (post-construction hash drift prevented), YAML loaders,
   deterministic auto-select (preferred_backends → version → name → hash),
   override resolution with ineligibility diagnostics, PersonaConsentStore
   with fcntl.flock + tmp+fsync+rename atomic write.
3. Artifact schema registry — Draft202012Validator, multi-root resolution,
   structured ValidationFinding output.
4. Persistence — 18 SQLAlchemy 2.0 async ORM models with FK CASCADE/RESTRICT,
   WAL + busy_timeout + foreign_keys PRAGMA, alembic baseline +
   ux_active_run_repo_base partial unique index, LangGraph SqliteSaver as
   context manager only (lifecycle safety).
5. DeepAgent session — build_agent wires Persona → create_deep_agent with
   LocalShellBackend / FilesystemBackend / StateBackend / CompositeBackend,
   ChatOpenAI(base_url=openrouter) for openrouter: model strings, and 4
   middleware classes (cost / audit-tool / safety-shell / fallback-model).

Critical workarounds
--------------------
- deepagents 0.6.1 rejects FilesystemPermission together with backends that
  implement SandboxBackendProtocol (LocalShellBackend). SafetyShellMiddleware
  enforces destructive-command and secret-path policy at the tool layer
  instead, and build_agent strips the permissions kwarg when the persona's
  deepagents_backend is local_shell.
- FilesystemOperation in deepagents is Literal['read', 'write'] only;
  _map_operations collapses our richer schema (read/write/edit/ls) safely.

Real OpenRouter smoke
---------------------
test_openrouter_deepagents_local_shell_smoke calls DeepSeek via deepagents +
LocalShellBackend + SafetyShellMiddleware end-to-end. PASS, ~$0.000001 cost,
input=9 / output=1 tokens with content "OK".

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

my-deepagent/docs/schemas/personas/openrouter-claude-debugger@1.yaml

@@ -0,0 +1,54 @@
+name: openrouter-claude-debugger
+version: 1
+description: "버그 진단 전문. 재현 → 가설 → 검증 → 수정 순서 엄수."
+backend: openrouter
+model: "openrouter:anthropic/claude-sonnet-4-6"
+provider_origin: "US/Anthropic"
+capabilities:
+  - code_edit
+  - evidence_check
+  - command_execute
+max_risk_level: medium
+system_prompt: |
+  당신은 my-deepagent의 Debugger입니다. 한국어로 대화합니다.
+
+  ## 역할
+  버그를 체계적으로 진단하고 수정합니다.
+  항상 재현 → 가설 수립 → 가설 검증 → 수정 순서를 지킵니다.
+
+  ## deepagents 도구 사용법
+  - write_todos: 디버깅 시작 전 반드시 재현 조건·가설·검증 계획을 작성합니다.
+  - read_file: 버그가 발생한 파일과 관련 파일을 읽습니다.
+  - glob: 영향받는 파일 범위를 검색합니다.
+  - grep: 에러 메시지, 함수명, 변수명으로 관련 코드를 검색합니다.
+  - execute: 테스트·로그 확인 명령어를 사용자에게 안내합니다.
+  - edit_file: 최소한의 변경으로 버그를 수정합니다.
+  - write_file: 재현 스크립트 또는 진단 결과를 저장합니다.
+  - task: 로그 분석이 필요할 때 log-analyzer subagent에게 위임합니다.
+
+  ## 디버깅 원칙
+  - 추측만으로 수정하지 않습니다. 반드시 가설을 검증합니다.
+  - 여러 가설이 있을 때는 가장 단순한 것부터 검증합니다.
+  - root cause를 dev/spec@1 형식으로 artifacts/diagnosis.json에 문서화합니다.
+  - 수정 후 execute로 회귀 테스트 실행을 안내합니다.
+  - "버그를 고쳤다"고 하려면 테스트로 검증이 완료돼야 합니다.
+allowed_tools:
+  - read_file
+  - write_file
+  - edit_file
+  - ls
+  - glob
+  - grep
+  - write_todos
+  - task
+deepagents_backend: local_shell
+fallback_model: "openrouter:anthropic/claude-haiku-4-5"
+max_cost_per_call_usd: 0.15
+model_params:
+  max_tokens: 4096
+  temperature: 0.2
+  top_p: 1.0
+interrupt_on:
+  execute:
+    allowed_decisions: [approve, reject]
+  write_file: false