npm - draft-board - Versions diffs - 0.1.0-beta.0 - Mend

draft-board 0.1.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (250) hide show

package/app/backend/.env.example +9 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_patch.txt +195 -0
package/app/backend/.smartkanban/evidence/8b383839-cbec-45af-86ee-c7708d075cbe/bddf2ed5-2e21-4d46-a62b-10b87f1642a6_stat.txt +6 -0
package/app/backend/CURL_EXAMPLES.md +335 -0
package/app/backend/ENV_SETUP.md +65 -0
package/app/backend/alembic/env.py +71 -0
package/app/backend/alembic/script.py.mako +28 -0
package/app/backend/alembic/versions/001_initial_schema.py +104 -0
package/app/backend/alembic/versions/002_add_jobs_table.py +52 -0
package/app/backend/alembic/versions/003_add_workspace_table.py +48 -0
package/app/backend/alembic/versions/004_add_evidence_table.py +56 -0
package/app/backend/alembic/versions/005_add_verification_commands.py +32 -0
package/app/backend/alembic/versions/006_add_planner_lock_table.py +39 -0
package/app/backend/alembic/versions/007_add_revision_review_tables.py +126 -0
package/app/backend/alembic/versions/008_add_revision_idempotency_and_traceability.py +52 -0
package/app/backend/alembic/versions/009_add_job_health_fields.py +46 -0
package/app/backend/alembic/versions/010_add_review_comment_line_content.py +36 -0
package/app/backend/alembic/versions/011_add_analysis_cache.py +47 -0
package/app/backend/alembic/versions/012_add_boards_table.py +102 -0
package/app/backend/alembic/versions/013_add_ticket_blocking.py +45 -0
package/app/backend/alembic/versions/014_add_agent_sessions.py +220 -0
package/app/backend/alembic/versions/015_add_ticket_sort_order.py +33 -0
package/app/backend/alembic/versions/03220f0b93ae_add_pr_fields_to_ticket.py +49 -0
package/app/backend/alembic/versions/0c2d89fff3b1_seed_board_configs_from_yaml.py +206 -0
package/app/backend/alembic/versions/3348e5cf54c1_add_merge_checklist_table.py +67 -0
package/app/backend/alembic/versions/357c780ee445_add_goal_status.py +34 -0
package/app/backend/alembic/versions/553340b7e26c_add_autonomy_fields_to_goal.py +65 -0
package/app/backend/alembic/versions/774dc335c679_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/7b307e847cbd_merge_heads.py +23 -0
package/app/backend/alembic/versions/82ecd978cc70_add_missing_indexes.py +48 -0
package/app/backend/alembic/versions/8ef5054dc280_add_normalized_log_entries.py +173 -0
package/app/backend/alembic/versions/8f3e2bd8ea3b_merge_migration_heads.py +23 -0
package/app/backend/alembic/versions/9d17f0698d3b_add_config_column_to_boards_table.py +30 -0
package/app/backend/alembic/versions/add_agent_conversation_history.py +72 -0
package/app/backend/alembic/versions/add_job_variant.py +34 -0
package/app/backend/alembic/versions/add_performance_indexes.py +95 -0
package/app/backend/alembic/versions/add_repos_and_board_repos.py +174 -0
package/app/backend/alembic/versions/add_session_id_to_jobs.py +27 -0
package/app/backend/alembic/versions/add_sqlite_backend_tables.py +104 -0
package/app/backend/alembic/versions/b10fb0b62240_add_diff_content_to_revisions.py +34 -0
package/app/backend/alembic.ini +89 -0
package/app/backend/app/__init__.py +3 -0
package/app/backend/app/data_dir.py +85 -0
package/app/backend/app/database.py +70 -0
package/app/backend/app/database_sync.py +64 -0
package/app/backend/app/dependencies/__init__.py +5 -0
package/app/backend/app/dependencies/auth.py +80 -0
package/app/backend/app/dependencies.py +43 -0
package/app/backend/app/exceptions.py +178 -0
package/app/backend/app/executors/__init__.py +1 -0
package/app/backend/app/executors/adapters/__init__.py +1 -0
package/app/backend/app/executors/adapters/aider.py +152 -0
package/app/backend/app/executors/adapters/amazon_q.py +103 -0
package/app/backend/app/executors/adapters/amp.py +123 -0
package/app/backend/app/executors/adapters/claude.py +177 -0
package/app/backend/app/executors/adapters/cline.py +127 -0
package/app/backend/app/executors/adapters/codex.py +167 -0
package/app/backend/app/executors/adapters/copilot.py +202 -0
package/app/backend/app/executors/adapters/cursor.py +87 -0
package/app/backend/app/executors/adapters/droid.py +123 -0
package/app/backend/app/executors/adapters/gemini.py +132 -0
package/app/backend/app/executors/adapters/goose.py +131 -0
package/app/backend/app/executors/adapters/opencode.py +123 -0
package/app/backend/app/executors/adapters/qwen.py +123 -0
package/app/backend/app/executors/plugins/__init__.py +1 -0
package/app/backend/app/executors/registry.py +202 -0
package/app/backend/app/executors/spec.py +226 -0
package/app/backend/app/main.py +486 -0
package/app/backend/app/middleware/__init__.py +13 -0
package/app/backend/app/middleware/idempotency.py +426 -0
package/app/backend/app/middleware/rate_limit.py +312 -0
package/app/backend/app/middleware/security_headers.py +43 -0
package/app/backend/app/middleware/timeout.py +37 -0
package/app/backend/app/models/__init__.py +56 -0
package/app/backend/app/models/agent_conversation_history.py +56 -0
package/app/backend/app/models/agent_session.py +127 -0
package/app/backend/app/models/analysis_cache.py +49 -0
package/app/backend/app/models/base.py +9 -0
package/app/backend/app/models/board.py +79 -0
package/app/backend/app/models/board_repo.py +68 -0
package/app/backend/app/models/cost_budget.py +42 -0
package/app/backend/app/models/enums.py +40 -0
package/app/backend/app/models/evidence.py +132 -0
package/app/backend/app/models/goal.py +102 -0
package/app/backend/app/models/idempotency_entry.py +30 -0
package/app/backend/app/models/job.py +163 -0
package/app/backend/app/models/job_queue.py +39 -0
package/app/backend/app/models/kv_store.py +28 -0
package/app/backend/app/models/merge_checklist.py +87 -0
package/app/backend/app/models/normalized_log.py +100 -0
package/app/backend/app/models/planner_lock.py +43 -0
package/app/backend/app/models/rate_limit_entry.py +25 -0
package/app/backend/app/models/repo.py +66 -0
package/app/backend/app/models/review_comment.py +91 -0
package/app/backend/app/models/review_summary.py +69 -0
package/app/backend/app/models/revision.py +130 -0
package/app/backend/app/models/ticket.py +223 -0
package/app/backend/app/models/ticket_event.py +83 -0
package/app/backend/app/models/user.py +47 -0
package/app/backend/app/models/workspace.py +71 -0
package/app/backend/app/redis_client.py +119 -0
package/app/backend/app/routers/__init__.py +29 -0
package/app/backend/app/routers/agents.py +296 -0
package/app/backend/app/routers/auth.py +94 -0
package/app/backend/app/routers/board.py +885 -0
package/app/backend/app/routers/dashboard.py +351 -0
package/app/backend/app/routers/debug.py +528 -0
package/app/backend/app/routers/evidence.py +96 -0
package/app/backend/app/routers/executors.py +324 -0
package/app/backend/app/routers/goals.py +574 -0
package/app/backend/app/routers/jobs.py +448 -0
package/app/backend/app/routers/maintenance.py +172 -0
package/app/backend/app/routers/merge.py +360 -0
package/app/backend/app/routers/planner.py +537 -0
package/app/backend/app/routers/pull_requests.py +382 -0
package/app/backend/app/routers/repos.py +263 -0
package/app/backend/app/routers/revisions.py +939 -0
package/app/backend/app/routers/settings.py +267 -0
package/app/backend/app/routers/tickets.py +2003 -0
package/app/backend/app/routers/webhooks.py +143 -0
package/app/backend/app/routers/websocket.py +249 -0
package/app/backend/app/schemas/__init__.py +109 -0
package/app/backend/app/schemas/board.py +87 -0
package/app/backend/app/schemas/common.py +33 -0
package/app/backend/app/schemas/evidence.py +87 -0
package/app/backend/app/schemas/goal.py +90 -0
package/app/backend/app/schemas/job.py +97 -0
package/app/backend/app/schemas/merge.py +139 -0
package/app/backend/app/schemas/planner.py +500 -0
package/app/backend/app/schemas/repo.py +187 -0
package/app/backend/app/schemas/review.py +137 -0
package/app/backend/app/schemas/revision.py +114 -0
package/app/backend/app/schemas/ticket.py +238 -0
package/app/backend/app/schemas/ticket_event.py +72 -0
package/app/backend/app/schemas/workspace.py +19 -0
package/app/backend/app/services/__init__.py +31 -0
package/app/backend/app/services/agent_memory_service.py +223 -0
package/app/backend/app/services/agent_registry.py +346 -0
package/app/backend/app/services/agent_session_manager.py +318 -0
package/app/backend/app/services/agent_session_service.py +219 -0
package/app/backend/app/services/agent_tools.py +379 -0
package/app/backend/app/services/auth_service.py +98 -0
package/app/backend/app/services/autonomy_service.py +380 -0
package/app/backend/app/services/board_repo_service.py +201 -0
package/app/backend/app/services/board_service.py +326 -0
package/app/backend/app/services/cleanup_service.py +1085 -0
package/app/backend/app/services/config_service.py +908 -0
package/app/backend/app/services/context_gatherer.py +557 -0
package/app/backend/app/services/cost_tracking_service.py +293 -0
package/app/backend/app/services/cursor_log_normalizer.py +536 -0
package/app/backend/app/services/delivery_pipeline.py +440 -0
package/app/backend/app/services/executor_service.py +634 -0
package/app/backend/app/services/git_host/__init__.py +11 -0
package/app/backend/app/services/git_host/factory.py +87 -0
package/app/backend/app/services/git_host/github.py +270 -0
package/app/backend/app/services/git_host/gitlab.py +194 -0
package/app/backend/app/services/git_host/protocol.py +75 -0
package/app/backend/app/services/git_merge_simple.py +346 -0
package/app/backend/app/services/git_ops.py +384 -0
package/app/backend/app/services/github_service.py +233 -0
package/app/backend/app/services/goal_service.py +113 -0
package/app/backend/app/services/job_service.py +423 -0
package/app/backend/app/services/job_watchdog_service.py +424 -0
package/app/backend/app/services/langchain_adapter.py +122 -0
package/app/backend/app/services/llm_provider_clients.py +351 -0
package/app/backend/app/services/llm_service.py +285 -0
package/app/backend/app/services/log_normalizer.py +342 -0
package/app/backend/app/services/log_stream_service.py +276 -0
package/app/backend/app/services/merge_checklist_service.py +264 -0
package/app/backend/app/services/merge_service.py +784 -0
package/app/backend/app/services/orchestrator_log.py +84 -0
package/app/backend/app/services/planner_service.py +1662 -0
package/app/backend/app/services/planner_tick_sync.py +1040 -0
package/app/backend/app/services/queued_message_service.py +156 -0
package/app/backend/app/services/reliability_wrapper.py +389 -0
package/app/backend/app/services/repo_discovery_service.py +318 -0
package/app/backend/app/services/review_service.py +334 -0
package/app/backend/app/services/revision_service.py +389 -0
package/app/backend/app/services/safe_autopilot.py +510 -0
package/app/backend/app/services/sqlite_worker.py +372 -0
package/app/backend/app/services/task_dispatch.py +135 -0
package/app/backend/app/services/ticket_generation_service.py +1781 -0
package/app/backend/app/services/ticket_service.py +486 -0
package/app/backend/app/services/udar_planner_service.py +1007 -0
package/app/backend/app/services/webhook_service.py +126 -0
package/app/backend/app/services/workspace_service.py +465 -0
package/app/backend/app/services/worktree_file_service.py +92 -0
package/app/backend/app/services/worktree_validator.py +213 -0
package/app/backend/app/sqlite_kv.py +278 -0
package/app/backend/app/state_machine.py +128 -0
package/app/backend/app/templates/__init__.py +5 -0
package/app/backend/app/templates/registry.py +243 -0
package/app/backend/app/utils/__init__.py +5 -0
package/app/backend/app/utils/artifact_reader.py +87 -0
package/app/backend/app/utils/circuit_breaker.py +229 -0
package/app/backend/app/utils/db_retry.py +136 -0
package/app/backend/app/utils/ignored_fields.py +123 -0
package/app/backend/app/utils/validators.py +54 -0
package/app/backend/app/websocket/__init__.py +5 -0
package/app/backend/app/websocket/manager.py +179 -0
package/app/backend/app/websocket/state_tracker.py +113 -0
package/app/backend/app/worker.py +3190 -0
package/app/backend/calculator_tickets.json +40 -0
package/app/backend/canary_tests.sh +591 -0
package/app/backend/celerybeat-schedule +0 -0
package/app/backend/celerybeat-schedule-shm +0 -0
package/app/backend/celerybeat-schedule-wal +0 -0
package/app/backend/logs/.gitkeep +3 -0
package/app/backend/multiplication_division_implementation_tickets.json +55 -0
package/app/backend/multiplication_division_tickets.json +42 -0
package/app/backend/pyproject.toml +45 -0
package/app/backend/requirements-dev.txt +8 -0
package/app/backend/requirements.txt +20 -0
package/app/backend/run.sh +30 -0
package/app/backend/run_with_logs.sh +10 -0
package/app/backend/scientific_calculator_tickets.json +40 -0
package/app/backend/scripts/extract_openapi.py +21 -0
package/app/backend/scripts/seed_demo.py +187 -0
package/app/backend/setup_demo_review.py +302 -0
package/app/backend/test_actual_parse.py +41 -0
package/app/backend/test_agent_streaming.py +61 -0
package/app/backend/test_parse.py +51 -0
package/app/backend/test_streaming.py +51 -0
package/app/backend/test_subprocess_streaming.py +50 -0
package/app/backend/tests/__init__.py +1 -0
package/app/backend/tests/conftest.py +46 -0
package/app/backend/tests/test_auth.py +341 -0
package/app/backend/tests/test_autonomy_service.py +391 -0
package/app/backend/tests/test_cleanup_service_safety.py +417 -0
package/app/backend/tests/test_middleware.py +279 -0
package/app/backend/tests/test_planner_providers.py +290 -0
package/app/backend/tests/test_planner_unblock.py +183 -0
package/app/backend/tests/test_revision_invariants.py +618 -0
package/app/backend/tests/test_sqlite_kv.py +290 -0
package/app/backend/tests/test_sqlite_worker.py +353 -0
package/app/backend/tests/test_task_dispatch.py +100 -0
package/app/backend/tests/test_ticket_validation.py +304 -0
package/app/backend/tests/test_udar_agent.py +693 -0
package/app/backend/tests/test_webhook_service.py +184 -0
package/app/backend/tickets_output.json +59 -0
package/app/backend/user_management_tickets.json +50 -0
package/app/backend/uvicorn.log +0 -0
package/app/draft.yaml +313 -0
package/app/frontend/dist/assets/index-LcjCczu5.js +155 -0
package/app/frontend/dist/assets/index-_FP_279e.css +1 -0
package/app/frontend/dist/index.html +14 -0
package/app/frontend/dist/vite.svg +1 -0
package/app/frontend/package.json +101 -0
package/bin/cli.js +527 -0
package/package.json +37 -0

package/app/backend/app/middleware/idempotency.py ADDED Viewed

@@ -0,0 +1,426 @@
+"""Idempotency middleware with pluggable backend (Redis or SQLite).
+Guarantees exactly-once execution for LLM operations.
+Behavior Contract (Deterministic):
+1. First request: acquires lock, executes, stores result with execution_id
+2. Concurrent requests: blocking wait up to WAIT_TIMEOUT_SECONDS for result
+3. If result appears within timeout: return it with X-Idempotency-Replayed
+4. If timeout: return 202 Accepted with execution_id for polling
+5. If same key + different body: return 409 Conflict
+Key structure includes resource scope to prevent cross-goal/board collisions:
+    (client_id, route, resource_scope, idempotency_key)
+Scope Precedence Rules (strict):
+1. Path param (e.g., goal_id from /goals/{goal_id}/...) takes precedence
+2. Body param used only if no path param
+3. If both exist and DIFFER: return 400 scope_mismatch
+"""
+import asyncio
+import hashlib
+import json
+import logging
+import time
+import uuid
+from typing import Any
+from fastapi import Request, Response
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.responses import JSONResponse
+logger = logging.getLogger(__name__)
+# Endpoints that support idempotency (expensive LLM operations that mutate state)
+IDEMPOTENT_ENDPOINTS = {
+    "/goals/{goal_id}/generate-tickets",
+    "/goals/{goal_id}/reflect-on-tickets",
+    "/boards/{board_id}/analyze-codebase",
+    "/board/analyze-codebase",  # Legacy
+    "/tickets/bulk-update-priority",
+}
+# TTL for cached responses (10 minutes)
+CACHE_TTL_SECONDS = 600
+# TTL for processing lock (2 minutes - should be enough for any LLM call)
+LOCK_TTL_SECONDS = 120
+# Blocking wait timeout (10 seconds max)
+WAIT_TIMEOUT_SECONDS = 10
+POLL_INTERVAL_MS = 100
+# Redis key prefixes
+REDIS_LOCK_PREFIX = "idemp:lock:"
+REDIS_RESULT_PREFIX = "idemp:result:"
+def _matches_pattern(path: str, patterns: set[str]) -> tuple[bool, dict[str, str]]:
+    """Check if path matches any pattern.
+    Returns (matches, extracted_params) where extracted_params contains
+    path parameters like {goal_id} -> actual value.
+    """
+    for pattern in patterns:
+        pattern_parts = pattern.split("/")
+        path_parts = path.split("/")
+        if len(pattern_parts) != len(path_parts):
+            continue
+        match = True
+        params = {}
+        for p_part, path_part in zip(pattern_parts, path_parts, strict=False):
+            if p_part.startswith("{") and p_part.endswith("}"):
+                param_name = p_part[1:-1]
+                params[param_name] = path_part
+            elif p_part != path_part:
+                match = False
+                break
+        if match:
+            return True, params
+    return False, {}
+def _get_client_id(request: Request) -> str:
+    """Get client identifier for idempotency scoping."""
+    client_id = request.headers.get("X-Client-ID")
+    if client_id and len(client_id) <= 64:
+        return client_id
+    forwarded = request.headers.get("X-Forwarded-For")
+    if forwarded:
+        return f"ip:{forwarded.split(',')[0].strip()}"
+    return f"ip:{request.client.host if request.client else 'unknown'}"
+def _compute_body_hash(body: bytes) -> str:
+    """Compute a hash of the request body."""
+    return hashlib.sha256(body).hexdigest()[:16]
+def _extract_resource_scope(
+    path: str, body_dict: dict[str, Any], path_params: dict[str, str]
+) -> tuple[str, str | None]:
+    """Extract resource scope with strict precedence rules.
+    Returns:
+        (scope_string, error_message)
+        - If error_message is not None, there's a scope mismatch
+    Precedence:
+    1. Path param takes precedence
+    2. Body param used only if no path param
+    3. If both exist and DIFFER: return error
+    """
+    path_goal_id = path_params.get("goal_id")
+    path_board_id = path_params.get("board_id")
+    body_goal_id = body_dict.get("goal_id")
+    body_board_id = body_dict.get("board_id")
+    # Check for scope mismatch (path vs body)
+    if path_goal_id and body_goal_id:
+        if path_goal_id != body_goal_id:
+            return (
+                "",
+                f"Scope mismatch: path goal_id '{path_goal_id}' differs from body goal_id '{body_goal_id}'",
+            )
+    if path_board_id and body_board_id:
+        if path_board_id != body_board_id:
+            return (
+                "",
+                f"Scope mismatch: path board_id '{path_board_id}' differs from body board_id '{body_board_id}'",
+            )
+    # Path takes precedence
+    if path_goal_id:
+        return f"goal:{path_goal_id}", None
+    if path_board_id:
+        return f"board:{path_board_id}", None
+    # Fall back to body
+    if body_goal_id:
+        return f"goal:{body_goal_id}", None
+    if body_board_id:
+        return f"board:{body_board_id}", None
+    # Board-level endpoints without explicit ID
+    if "/board/" in path or "/boards/" in path:
+        return "board:default", None
+    return "global", None
+def _generate_execution_id() -> str:
+    """Generate a unique execution ID for tracking."""
+    return str(uuid.uuid4())
+def _backend_available() -> bool:
+    """Check if the idempotency backend is available."""
+    return True  # SQLite is always available
+class IdempotencyMiddleware(BaseHTTPMiddleware):
+    """Atomic idempotency middleware using Redis SETNX or SQLite INSERT OR IGNORE.
+    Guarantees exactly-once execution with deterministic behavior:
+    1. Try to acquire lock atomically
+    2. If acquired: execute request, store result with execution_id
+    3. If not acquired: blocking wait up to WAIT_TIMEOUT_SECONDS
+    4. If result appears: return with X-Idempotency-Replayed
+    5. If timeout: return 202 with execution_id for polling
+    6. If body mismatch: return 409 Conflict
+    """
+    async def dispatch(self, request: Request, call_next) -> Response:
+        # Only handle POST requests to specific endpoints
+        if request.method != "POST":
+            return await call_next(request)
+        matches, path_params = _matches_pattern(request.url.path, IDEMPOTENT_ENDPOINTS)
+        if not matches:
+            return await call_next(request)
+        # Check for idempotency key header
+        idempotency_key = request.headers.get("Idempotency-Key")
+        if not idempotency_key:
+            # No key provided - still require backend for these endpoints
+            if not _backend_available():
+                return self._service_unavailable()
+            return await call_next(request)
+        # Validate key format
+        if len(idempotency_key) > 64:
+            return JSONResponse(
+                status_code=400,
+                content={"detail": "Idempotency-Key too long (max 64 chars)"},
+            )
+        # Backend REQUIRED - NO fallback
+        if not _backend_available():
+            return self._service_unavailable()
+        client_id = _get_client_id(request)
+        # Read request body
+        body = await request.body()
+        body_hash = _compute_body_hash(body)
+        # Parse body for scope extraction
+        try:
+            body_dict = json.loads(body) if body else {}
+        except json.JSONDecodeError:
+            body_dict = {}
+        # Extract scope with strict precedence
+        resource_scope, scope_error = _extract_resource_scope(
+            request.url.path, body_dict, path_params
+        )
+        if scope_error:
+            return JSONResponse(
+                status_code=400,
+                content={
+                    "detail": scope_error,
+                    "error_type": "scope_mismatch",
+                },
+            )
+        # Build cache key
+        base_key = f"{client_id}:{request.url.path}:{resource_scope}:{idempotency_key}"
+        # Generate execution_id for this attempt
+        execution_id = _generate_execution_id()
+        try:
+            return await self._dispatch_sqlite(
+                request,
+                call_next,
+                body,
+                body_hash,
+                base_key,
+                idempotency_key,
+                execution_id,
+            )
+        except Exception as e:
+            logger.error(f"Idempotency error: {e}")
+            return JSONResponse(
+                status_code=503,
+                content={
+                    "detail": "Service temporarily unavailable due to cache error.",
+                    "error_type": "service_unavailable",
+                },
+            )
+    # ─── SQLite backend ───
+    async def _dispatch_sqlite(
+        self,
+        request,
+        call_next,
+        body,
+        body_hash,
+        base_key,
+        idempotency_key,
+        execution_id,
+    ) -> Response:
+        from app.sqlite_kv import idempotency_try_acquire
+        lock_value = json.dumps(
+            {
+                "body_hash": body_hash,
+                "execution_id": execution_id,
+                "started_at": time.time(),
+            }
+        )
+        acquired = await asyncio.to_thread(
+            idempotency_try_acquire, base_key, lock_value, LOCK_TTL_SECONDS
+        )
+        if acquired:
+            return await self._execute_and_cache_sqlite(
+                request,
+                call_next,
+                body,
+                body_hash,
+                base_key,
+                idempotency_key,
+                execution_id,
+            )
+        else:
+            return await self._blocking_wait_sqlite(
+                base_key, body_hash, idempotency_key, execution_id
+            )
+    async def _execute_and_cache_sqlite(
+        self,
+        request,
+        call_next,
+        body,
+        body_hash,
+        cache_key,
+        idempotency_key,
+        execution_id,
+    ) -> Response:
+        from app.sqlite_kv import idempotency_release_lock, idempotency_store_result
+        async def receive():
+            return {"type": "http.request", "body": body}
+        request._receive = receive
+        try:
+            response = await call_next(request)
+            response_body = b""
+            async for chunk in response.body_iterator:
+                response_body += chunk
+            result_data = json.dumps(
+                {
+                    "status_code": response.status_code,
+                    "body": response_body.decode("utf-8"),
+                    "body_hash": body_hash,
+                    "execution_id": execution_id,
+                    "completed_at": time.time(),
+                }
+            )
+            await asyncio.to_thread(
+                idempotency_store_result, cache_key, result_data, CACHE_TTL_SECONDS
+            )
+            logger.debug(
+                f"Executed and cached for key: {idempotency_key[:8]}... exec_id: {execution_id[:8]}..."
+            )
+            return Response(
+                content=response_body,
+                status_code=response.status_code,
+                media_type="application/json",
+                headers={"X-Execution-ID": execution_id},
+            )
+        except Exception:
+            await asyncio.to_thread(idempotency_release_lock, cache_key)
+            raise
+    async def _blocking_wait_sqlite(
+        self,
+        cache_key,
+        body_hash,
+        idempotency_key,
+        our_execution_id,
+    ) -> Response:
+        from app.sqlite_kv import idempotency_get_lock, idempotency_get_result
+        start_time = time.time()
+        original_execution_id: str | None = None
+        while time.time() - start_time < WAIT_TIMEOUT_SECONDS:
+            result_data = await asyncio.to_thread(idempotency_get_result, cache_key)
+            if result_data:
+                cached = json.loads(result_data)
+                if cached.get("body_hash") != body_hash:
+                    return JSONResponse(
+                        status_code=409,
+                        content={
+                            "detail": "Idempotency key already used with different request body",
+                            "error_type": "idempotency_conflict",
+                            "original_execution_id": cached.get("execution_id"),
+                        },
+                    )
+                return Response(
+                    content=cached["body"].encode()
+                    if isinstance(cached["body"], str)
+                    else cached["body"],
+                    status_code=cached["status_code"],
+                    media_type="application/json",
+                    headers={
+                        "X-Idempotency-Replayed": "true",
+                        "X-Execution-ID": cached.get("execution_id", "unknown"),
+                    },
+                )
+            lock_data = await asyncio.to_thread(idempotency_get_lock, cache_key)
+            if not lock_data:
+                # Lock released but no result - original failed, allow retry
+                break
+            try:
+                lock_info = json.loads(lock_data)
+                original_execution_id = lock_info.get("execution_id")
+            except (json.JSONDecodeError, TypeError):
+                original_execution_id = "unknown"
+            await asyncio.sleep(POLL_INTERVAL_MS / 1000)
+        return JSONResponse(
+            status_code=202,
+            content={
+                "detail": "Request is being processed. Poll for result using execution_id.",
+                "error_type": "processing",
+                "execution_id": original_execution_id or our_execution_id,
+                "retry_after_seconds": 2,
+            },
+            headers={
+                "Retry-After": "2",
+                "X-Execution-ID": original_execution_id or our_execution_id,
+            },
+        )
+    def _service_unavailable(self) -> JSONResponse:
+        """Return 503 when backend is unavailable."""
+        return JSONResponse(
+            status_code=503,
+            content={
+                "detail": "Service temporarily unavailable. Backend is required for this operation.",
+                "error_type": "service_unavailable",
+                "retry_after_seconds": 30,
+            },
+            headers={"Retry-After": "30"},
+        )