Quickstart
From git clone to a green DENY demo in ≈5 minutes.
Prerequisites
Section titled “Prerequisites”- Docker Desktop (or any Docker engine + Compose v2)
- ~4 GiB free RAM (Rust services build in parallel)
- 5 minutes for first build (cached after that)
1. Clone and bring up the stack
Section titled “1. Clone and bring up the stack”git clone https://github.com/m24927605/agentic-flow-cost-evaluationcd agentic-flow-cost-evaluation/deploy/demo
docker compose down -v --remove-orphans # clean stateDEMO_MODE=deny make demo-upExpected output (last lines):
[demo] DENY raised decision_id=... reason_codes=['BUDGET_EXHAUSTED'] matched_rule_ids=['{contract}:{budget}:hard-cap-deny'][demo] DENY assertions PASSWhat just happened:
- Postgres started + ran ledger + canonical migrations
pricing-seed-initloadeddeploy/demo/init/pricing/seed.yamlintopricing_table(35 rows, 5 providers)bundles-initbaked a realcontract.yamlinto the demo bundlepki-initminted a CA + per-service mTLS certsledger,canonical-ingest,sidecaretc came updemocontainer connected via UDS, sent a $2000 budget claim- Sidecar’s contract evaluator matched
hard-cap-denyrule (limit $1000) → adapter raisedDecisionStopped - Carrier
denied_decisionrow +audit_outboxrow written outbox-forwarderpushed the audit row tocanonical_events
2. Run the other demo modes
Section titled “2. Run the other demo modes”| Mode | What it shows |
|---|---|
decision | Full reserve→commit→provider_report lifecycle |
invoice | + invoice_reconcile (3-stage commit close) |
agent | Pydantic-AI Agent + MockLLM |
release | reserve → RUN_ABORTED → release (full refund) |
ttl_sweep | reserve(TTL=5s) → sweeper auto-release |
deny | Phase 3 wedge: contract evaluator STOP |
agent_real | Real OpenAI gpt-4o-mini (needs OPENAI_API_KEY) |
agent_real_anthropic | Real Claude haiku-4-5 |
agent_real_langchain | LangChain ChatOpenAI |
agent_real_langgraph | LangGraph ReAct agent |
multi_provider_usd | Cross-provider USD budget netting |
# Real OpenAI:export OPENAI_API_KEY=sk-...DEMO_MODE=agent_real make demo-up
# Cross-provider USD:export OPENAI_API_KEY=sk-...export ANTHROPIC_API_KEY=sk-ant-...DEMO_MODE=multi_provider_usd make demo-up3. Open the dashboard
Section titled “3. Open the dashboard”docker compose up -d dashboardopen http://localhost:8090Enter the bearer token (demo-dashboard-token-replace-in-production)
when prompted. You’ll see budget overview, recent decisions, DENY
stats, and outbox forwarder health.
4. Provision a fresh tenant via control plane
Section titled “4. Provision a fresh tenant via control plane”docker compose up -d control-plane
curl -X POST http://localhost:8091/v1/tenants \ -H 'Authorization: Bearer demo-admin-token-replace-in-production' \ -H 'Content-Type: application/json' \ -d '{"name": "acme-corp", "opening_deposit_atomic": "1000"}'The response includes sidecar_config_env — a block of env vars you
can drop straight into a sidecar’s deployment.
- Authoring contracts — write your own rules
- Pydantic-AI integration — wire the SDK into your agent
- Helm deployment — move to k8s