Prerequisites: Docker, kind, kubectl, uv, Node 20+.
Stand up the sandbox cluster
A local kind cluster with two namespaces — backstop-naive and backstop-hardened — each running a checkout deployment and a protected prod-db.kind create cluster --name backstop
for ns in backstop-naive backstop-hardened; do
kubectl create namespace "$ns"
kubectl apply -n "$ns" -f backend/k8s/app.yaml
done
Start the backend (uv)
Three services: the run API, the custom guardrail endpoints, and the read-only infra MCP server.cd backend
cp .env.example .env # fill in gateway + Bedrock config
uv sync
uv run uvicorn backstop.api:app --port 8033
uv run uvicorn backstop.guardrails.server:app --port 8133
uv run python -m backstop.infra_mcp
Start the frontend (npm)
cd frontend && npm install && npm run dev # http://localhost:3033/run
Trigger an incident
Open the console, hit Trigger incident, and watch the two agents diverge — the naive one takes prod-db to zero, Backstop catches the bad output, re-routes, and heals to error_rate = 0.0.
Key env flags
| Flag | Effect |
|---|
BACKSTOP_LIVE=true | Use the live model on the gateway for re-diagnosis on the re-route and recovery. |
BACKSTOP_LLM_JUDGE=true | Enable the independent LLM-as-judge in the quality gate. |
BACKSTOP_BACKEND=kind | Drive the real kind cluster (the K8sBackend) instead of the deterministic mock. |
Run the test suite with cd backend && uv run pytest — 60 passing in ~2s, fully network-isolated.
