feat: initial v0.2.0 release

End-to-end demo of agno-dcp running a banking collections workflow
under cryptographic governance.

Identity (DCP-01), signed policy gating (DCP-02), tamper-evident
audit chain (DCP-03), and offline-verifiable Compliance Bundles.
FastAPI service with HTMX dashboard, SSE live audit log, SQLite
storage, Docker + Fly.io deployment, CI matrix on Python 3.11/3.12/3.13.

20 tests, all green.

Author: lktron00

.env.example

@@ -0,0 +1,24 @@
+# Copy to .env and fill in values for local development.
+# In production (Fly.io), set these as Fly secrets instead.
+
+# ── Demo configuration ────────────────────────────────────────
+DEMO_TITLE="DCP-AI Banking Demo"
+DEMO_BANK_NAME="Demo Trust Bank"
+DEMO_HUMAN_PRINCIPAL="ops@demo-trust-bank.example"
+
+# Storage path (in containerized envs, mount a volume here)
+DCP_DB_PATH=app/data/agent.db
+
+# ── LLM provider ──────────────────────────────────────────────
+# Options: mock | anthropic | openai
+# 'mock' is fully deterministic and requires zero API keys.
+LLM_PROVIDER=mock
+
+# Required only if LLM_PROVIDER != mock
+ANTHROPIC_API_KEY=
+OPENAI_API_KEY=
+
+# ── Application ───────────────────────────────────────────────
+APP_HOST=0.0.0.0
+APP_PORT=8000
+APP_LOG_LEVEL=INFO

.github/workflows/ci.yml

@@ -0,0 +1,79 @@
+name: ci
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: test (py${{ matrix.python }})
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python: ["3.11", "3.12", "3.13"]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python }}
+          cache: pip
+          cache-dependency-path: pyproject.toml
+
+      - name: Install package + dev extras
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Ruff (lint)
+        run: ruff check .
+
+      - name: Ruff (format check)
+        run: ruff format --check .
+
+      - name: pytest
+        run: pytest -ra -q
+
+  docker:
+    name: docker build smoke
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: docker/Dockerfile
+          push: false
+          tags: agno-dcp-demo:ci
+          load: true
+
+      - name: Smoke (boot + healthz)
+        run: |
+          docker run -d --name demo -p 8000:8000 agno-dcp-demo:ci
+          for i in {1..30}; do
+            if curl -sf http://127.0.0.1:8000/healthz > /dev/null; then
+              echo "Container ready after ${i}s"
+              break
+            fi
+            sleep 1
+          done
+          curl -sf http://127.0.0.1:8000/healthz
+          curl -sf http://127.0.0.1:8000/api/agent/info | python3 -m json.tool | head -10
+          docker logs demo
+          docker rm -f demo

.github/workflows/deploy.yml

@@ -0,0 +1,35 @@
+name: deploy
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+# Use the FLY_API_TOKEN repository secret. Configure it once with:
+#   fly tokens create deploy
+# then add the value at: Settings → Secrets → Actions → FLY_API_TOKEN
+
+permissions:
+  contents: read
+
+concurrency:
+  group: deploy-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    name: deploy to fly.io
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+      url: https://demo.dcp-ai.org
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup flyctl
+        uses: superfly/flyctl-actions/setup-flyctl@master
+
+      - name: Deploy
+        run: flyctl deploy --config fly/fly.toml --remote-only --strategy immediate
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}

.gitignore

@@ -0,0 +1,45 @@
+# Python
+__pycache__/
+*.py[cod]
+*.so
+.Python
+build/
+dist/
+*.egg-info/
+
+# Virtualenv
+.venv/
+venv/
+env/
+
+# Tooling
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.coverage
+htmlcov/
+coverage.xml
+
+# Environment
+.env
+.env.local
+
+# OS / IDE
+.DS_Store
+.vscode/
+.idea/
+*.swp
+
+# Demo data (persistent volume in prod, local DB in dev)
+app/data/*.db
+app/data/*.sqlite
+app/data/*.sqlite3
+app/data/keys/
+bundles/
+*.zip
+
+# Internal handoff / build notes — never commit (may contain local paths,
+# operator names, deployment specifics that don't belong in a public repo).
+IMPLEMENTATION_REPORT*.md
+HANDOFF*.md
+NOTES.local.md

.python-version

@@ -0,0 +1 @@
+3.12

CHANGELOG.md

@@ -0,0 +1,56 @@
+# Changelog
+
+All notable changes to `agno-dcp-demo` are recorded here.
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
+
+## [0.2.0] (2026-04-30)
+
+Initial release of the end-to-end demo. Reads as a banking
+collections workflow.
+
+### Added
+
+* Singleton `DemoAgentService` that boots a `DCPAgent` (tier-3,
+  strict mode) at app startup, persists its `CitizenshipBundle`
+  beside the audit DB, and reuses the same identity across restarts.
+* Four tool mocks (`lookup_customer`, `propose_payment_plan`,
+  `schedule_callback`, `send_confirmation`) with realistic banking
+  fixtures.
+* Declarative YAML policy with seven rules including conservative
+  payment plans, discount ceilings, balance escalation thresholds,
+  and channel restrictions.
+* FastAPI service exposing eight HTTP routes:
+  * `GET /` — single-page dashboard.
+  * `POST /api/agent/run` — run an arbitrary tool through the gate.
+  * `POST /api/agent/scenario` — run a pre-baked sequence.
+  * `GET /api/agent/info` — agent identity + capability snapshot.
+  * `GET /api/audit/entries` — paginated audit log.
+  * `GET /api/audit/stream` — Server-Sent Events live feed.
+  * `GET /api/audit/verify` — offline chain integrity verifier.
+  * `POST /api/audit/export` — signed Compliance Bundle ZIP.
+  * `POST /api/audit/reset` — wipe back to genesis (demo replay).
+* Banking-grade dashboard: HTMX + Tailwind CDN, dark theme, KPI
+  strip, three one-click scenarios, live audit log with
+  per-event-type styling, single-click verify and export buttons.
+* Multi-stage `Dockerfile` (uv builder + slim runtime, non-root
+  user, healthcheck) and `docker-compose.yml` for local runs with a
+  named volume.
+* Fly.io configuration (`fly/fly.toml`) targeting `scl` region with
+  a 1 GB persistent volume and free-tier-friendly auto-stop.
+* CI workflow (Python 3.11/3.12/3.13 on Ubuntu plus a Docker build
+  smoke) and an auto-deploy workflow that publishes to Fly on push
+  to `main`.
+* Test suite covering agent service lifecycle, policy strict-mode
+  denies, chain integrity after a workload, Compliance Bundle ZIP
+  export, and every HTTP route.
+
+### Notes
+
+* Cryptographic primitives import from `agno-dcp >= 0.1.0` and
+  `dcp-ai >= 2.8.1`. Bundles produced here are byte-exact compatible
+  with every DCP-AI verifier.
+* No real LLM provider is required; the demo defaults to `mock` and
+  the workflow is deterministic. Set `LLM_PROVIDER=anthropic` or
+  `openai` plus the matching API key to swap in.
+* The persistent volume layout is documented in `fly/README.md`. The
+  same shape works for any host with a writable `/app/data`.

CONTRIBUTING.md

@@ -0,0 +1,48 @@
+# Contributing
+
+Thanks for considering a contribution.
+
+## Ground rules
+
+* One concern per PR.
+* Tests for every change.
+* No silent except blocks; use the typed exceptions in
+  `agno_dcp.exceptions` or add a new one.
+* Type hints on public functions; `mypy --strict` must pass.
+
+## Local setup
+
+```bash
+git clone https://github.com/dcp-ai-protocol/agno-dcp-demo.git
+cd agno-dcp-demo
+
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"
+
+uvicorn app.main:app --reload
+```
+
+Open [http://localhost:8000](http://localhost:8000).
+
+## Running checks
+
+```bash
+ruff check .
+ruff format --check .
+pytest -ra
+```
+
+## Building the container
+
+```bash
+docker compose -f docker/docker-compose.yml up --build
+```
+
+## Reporting security issues
+
+Email `security@dcp-ai.org` rather than opening a public issue.
+
+## Code of Conduct
+
+Project follows the [Contributor Covenant](https://www.contributor-covenant.org/version/2/1/code_of_conduct/).
+Be technical, kind, and direct.