@build-astron-co/nimbus 0.4.2 → 0.4.3

package/src/engine/executor.ts

@@ -1,1066 +0,0 @@
-import { logger } from '../utils';
-import type {
-  AgentPlan,
-  PlanStep,
-  ExecutionResult,
-  ExecutionLog,
-  ExecutionArtifact,
-} from './orchestrator';
-import { TerraformOperations } from '../tools/terraform-ops';
-import { FileSystemOperations } from '../tools/file-ops';
-import { saveCheckpoint, getLatestCheckpoint, deleteCheckpoints } from '../state/checkpoints';
-
-// ==========================================
-// Error Classes
-// ==========================================
-
-/**
- * Non-retryable errors for deterministic validation failures.
- * These will not be retried by executeWithRetry.
- */
-class NonRetryableError extends Error {
-  constructor(message: string) {
-    super(message);
-    this.name = 'NonRetryableError';
-  }
-}
-
-/**
- * Structured error for executor step failures.
- * Propagates actionable context instead of returning mock data.
- */
-class ExecutionError extends Error {
-  public readonly step: string;
-  public readonly cause: unknown;
-
-  constructor(message: string, opts: { step: string; cause: unknown }) {
-    super(message);
-    this.name = 'ExecutionError';
-    this.step = opts.step;
-    this.cause = opts.cause;
-  }
-}
-
-// ==========================================
-// Generator/Best-Practices helpers (inline — no HTTP)
-// ==========================================
-
-/** Thin adapter for generator functionality used by executor steps. */
-interface GeneratorAdapter {
-  renderTemplate(
-    templateId: string,
-    variables: Record<string, unknown>
-  ): Promise<{ rendered_content: string }>;
-  analyzeBestPractices(
-    component: string,
-    config: Record<string, unknown>
-  ): Promise<{ summary?: { total_violations?: number } }>;
-  applyAutofixes(
-    component: string,
-    config: Record<string, unknown>
-  ): Promise<{ fixes_applied?: number }>;
-}
-
-/**
- * Local in-process generator adapter.
- * Generates simple template content without HTTP round-trips.
- */
-class LocalGeneratorAdapter implements GeneratorAdapter {
-  async renderTemplate(
-    templateId: string,
-    variables: Record<string, unknown>
-  ): Promise<{ rendered_content: string }> {
-    // Simple inline template rendering for common terraform templates
-    const parts = templateId.split('/'); // e.g. terraform/aws/vpc
-    const component = parts[2] || parts[parts.length - 1] || 'unknown';
-    const provider = parts[1] || 'aws';
-
-    const rendered_content =
-      `# Generated ${component.toUpperCase()} configuration\n` +
-      `# Provider: ${provider}\n` +
-      `# Variables: ${JSON.stringify(variables, null, 2)}\n\n` +
-      `resource "${provider}_${component}" "main" {\n` +
-      `  # Configuration generated by Nimbus\n` +
-      `  tags = {\n` +
-      `    ManagedBy = "nimbus"\n` +
-      `  }\n` +
-      `}\n`;
-
-    return { rendered_content };
-  }
-
-  async analyzeBestPractices(
-    _component: string,
-    _config: Record<string, unknown>
-  ): Promise<{ summary?: { total_violations?: number } }> {
-    // Delegate to the embedded BestPracticesEngine when available
-    try {
-      const { BestPracticesEngine } = await import('../generator/best-practices');
-      const engine = new BestPracticesEngine();
-      const report = engine.analyze(_component, _config);
-      return { summary: { total_violations: report.summary.violations_found } };
-    } catch {
-      return { summary: { total_violations: 0 } };
-    }
-  }
-
-  async applyAutofixes(
-    _component: string,
-    _config: Record<string, unknown>
-  ): Promise<{ fixes_applied?: number }> {
-    try {
-      const { BestPracticesEngine } = await import('../generator/best-practices');
-      const engine = new BestPracticesEngine();
-      const result = engine.autofix(_component, _config);
-      return { fixes_applied: result.applied_fixes.length };
-    } catch {
-      return { fixes_applied: 0 };
-    }
-  }
-}
-
-// ==========================================
-// Executor
-// ==========================================
-
-export class Executor {
-  private logs: Map<string, ExecutionLog[]>;
-  private artifacts: Map<string, ExecutionArtifact[]>;
-  private generatorAdapter: GeneratorAdapter;
-  private terraformOps: TerraformOperations;
-  private fsOps: FileSystemOperations;
-
-  constructor() {
-    this.logs = new Map();
-    this.artifacts = new Map();
-    this.generatorAdapter = new LocalGeneratorAdapter();
-    this.terraformOps = new TerraformOperations();
-    this.fsOps = new FileSystemOperations();
-  }
-
-  /**
-   * Create a TerraformOperations instance bound to a specific working directory.
-   */
-  private tfOpsForDir(workDir: string): TerraformOperations {
-    return new TerraformOperations(workDir);
-  }
-
-  /**
-   * Execute a plan
-   */
-  async executePlan(plan: AgentPlan): Promise<ExecutionResult[]> {
-    logger.info(`Starting execution of plan: ${plan.id}`);
-
-    const results: ExecutionResult[] = [];
-    const executedSteps = new Set<string>();
-
-    // Check for existing checkpoint to enable resume
-    try {
-      const checkpoint = await getLatestCheckpoint(plan.id);
-      if (checkpoint) {
-        logger.info(`Found checkpoint for plan ${plan.id} at step ${checkpoint.step}, resuming`);
-
-        // Mark previously completed steps as executed
-        const completedStepIds = (checkpoint.state.completedStepIds as string[]) || [];
-        for (const stepId of completedStepIds) {
-          executedSteps.add(stepId);
-        }
-
-        // Restore any previous results from checkpoint
-        const previousResults = (checkpoint.state.results as ExecutionResult[]) || [];
-        results.push(...previousResults);
-      }
-    } catch (error) {
-      logger.warn('Could not check for checkpoint, starting fresh', error);
-    }
-
-    // Execute steps respecting dependencies
-    while (executedSteps.size < plan.steps.length) {
-      const readySteps = this.getReadySteps(plan.steps, executedSteps);
-
-      if (readySteps.length === 0) {
-        logger.error('No steps ready for execution, possible circular dependency');
-        break;
-      }
-
-      // Execute ready steps in parallel with retry
-      const stepResults = await Promise.allSettled(
-        readySteps.map(step => this.executeWithRetry(plan.id, step))
-      );
-
-      // Process results
-      for (let i = 0; i < stepResults.length; i++) {
-        const stepResult = stepResults[i];
-        const step = readySteps[i];
-
-        if (stepResult.status === 'fulfilled') {
-          results.push(stepResult.value);
-          executedSteps.add(step.id);
-
-          // Save checkpoint after each successful step
-          try {
-            const checkpointId = `ckpt_${plan.id}_${step.order}`;
-            await saveCheckpoint(checkpointId, plan.id, step.order, {
-              completedStepIds: Array.from(executedSteps),
-              results: results.map(r => ({
-                id: r.id,
-                plan_id: r.plan_id,
-                step_id: r.step_id,
-                status: r.status,
-                started_at: r.started_at,
-                completed_at: r.completed_at,
-                duration: r.duration,
-                outputs: r.outputs,
-              })),
-              lastCompletedStep: step.order,
-            });
-          } catch (checkpointError) {
-            logger.warn(`Failed to save checkpoint for step ${step.id}`, checkpointError);
-          }
-
-          if (stepResult.value.status === 'failure') {
-            logger.error(`Step ${step.id} failed, stopping execution`);
-            return results;
-          }
-        } else {
-          logger.error(`Step ${step.id} execution error`, stepResult.reason);
-          results.push({
-            id: this.generateResultId(),
-            plan_id: plan.id,
-            step_id: step.id,
-            status: 'failure',
-            started_at: new Date(),
-            completed_at: new Date(),
-            duration: 0,
-            error: {
-              code: 'EXECUTION_ERROR',
-              message: stepResult.reason.message,
-              stack_trace: stepResult.reason.stack,
-            },
-          });
-          return results;
-        }
-      }
-    }
-
-    // Clean up checkpoints on successful completion
-    try {
-      await deleteCheckpoints(plan.id);
-      logger.info(`Cleaned up checkpoints for completed plan ${plan.id}`);
-    } catch (error) {
-      logger.warn(`Failed to clean up checkpoints for plan ${plan.id}`, error);
-    }
-
-    logger.info(`Plan execution completed: ${results.length} steps executed`);
-    return results;
-  }
-
-  /**
-   * Resume a plan from its last checkpoint
-   */
-  async resumePlan(planId: string): Promise<ExecutionResult[]> {
-    logger.info(`Attempting to resume plan: ${planId}`);
-
-    const checkpoint = await getLatestCheckpoint(planId);
-    if (!checkpoint) {
-      throw new Error(`No checkpoint found for plan ${planId}. Cannot resume.`);
-    }
-
-    logger.info(`Resuming plan ${planId} from step ${checkpoint.step}`);
-
-    // The executePlan method already handles checkpoint-based resume internally.
-    // We need the original plan to call executePlan. Since we store completed step IDs
-    // in the checkpoint state, we reconstruct what we need.
-    // The orchestrator will provide the plan; this method is a convenience wrapper
-    // that confirms a checkpoint exists before the orchestrator re-invokes executePlan.
-
-    return (checkpoint.state.results as ExecutionResult[]) || [];
-  }
-
-  /**
-   * Execute a step with retry logic and exponential backoff
-   */
-  private async executeWithRetry(
-    planId: string,
-    step: PlanStep,
-    maxRetries = 3
-  ): Promise<ExecutionResult> {
-    for (let attempt = 0; attempt <= maxRetries; attempt++) {
-      try {
-        const result = await this.executeStep(planId, step);
-        if (result.status === 'success' || attempt === maxRetries) {
-          return result;
-        }
-        // Don't retry deterministic failures (validation errors, business logic)
-        if (result.error?.code === 'NON_RETRYABLE_ERROR') {
-          return result;
-        }
-        // Retry on transient failure results
-        logger.warn(
-          `Step ${step.id} failed (attempt ${attempt + 1}/${maxRetries + 1}), retrying...`
-        );
-        await this.delay(1000 * Math.pow(2, attempt));
-        // Reset step status for retry
-        step.status = 'pending';
-      } catch (error) {
-        if (attempt === maxRetries) {
-          logger.error(`Step ${step.id} failed after ${maxRetries + 1} attempts`, error);
-          return {
-            id: this.generateResultId(),
-            plan_id: planId,
-            step_id: step.id,
-            status: 'failure',
-            started_at: new Date(),
-            completed_at: new Date(),
-            duration: 0,
-            error: {
-              code: 'RETRY_EXHAUSTED',
-              message: `Step failed after ${maxRetries + 1} attempts: ${(error as Error).message}`,
-              stack_trace: (error as Error).stack,
-            },
-          };
-        }
-        logger.warn(
-          `Step ${step.id} threw error (attempt ${attempt + 1}/${maxRetries + 1}), retrying...`
-        );
-        await this.delay(1000 * Math.pow(2, attempt));
-        step.status = 'pending';
-      }
-    }
-    // Should not reach here, but satisfy TypeScript
-    throw new Error('Unexpected retry loop exit');
-  }
-
-  /**
-   * Delay helper for retry backoff
-   */
-  private delay(ms: number): Promise<void> {
-    return new Promise(resolve => setTimeout(resolve, ms));
-  }
-
-  /**
-   * Execute a single step
-   */
-  private async executeStep(planId: string, step: PlanStep): Promise<ExecutionResult> {
-    const executionId = this.generateResultId();
-    const startedAt = new Date();
-
-    this.log(executionId, 'info', `Executing step: ${step.description}`);
-    logger.info(`Executing step ${step.id}: ${step.description}`);
-
-    try {
-      // Update step status
-      step.status = 'running';
-      step.started_at = startedAt;
-
-      // Execute based on step type
-      let outputs: Record<string, unknown> = {};
-      let artifacts: ExecutionArtifact[] = [];
-
-      switch (step.action) {
-        case 'validate_requirements':
-          outputs = await this.validateRequirements(step, executionId);
-          break;
-
-        case 'generate_component': {
-          const generateResult = await this.generateComponent(step, executionId);
-          outputs = generateResult.outputs;
-          artifacts = generateResult.artifacts;
-          break;
-        }
-
-        case 'validate_generated_code':
-          outputs = await this.validateGeneratedCode(step, executionId);
-          break;
-
-        case 'apply_best_practices':
-          outputs = await this.applyBestPractices(step, executionId);
-          break;
-
-        case 'plan_deployment':
-          outputs = await this.planDeployment(step, executionId);
-          break;
-
-        case 'apply_deployment':
-          outputs = await this.applyDeployment(step, executionId);
-          break;
-
-        case 'verify_deployment':
-          outputs = await this.verifyDeployment(step, executionId);
-          break;
-
-        case 'generate_documentation': {
-          const docResult = await this.generateDocumentation(step, executionId);
-          outputs = docResult.outputs;
-          artifacts = docResult.artifacts;
-          break;
-        }
-
-        default:
-          throw new Error(`Unknown action: ${step.action}`);
-      }
-
-      // Mark step as completed
-      const completedAt = new Date();
-      step.status = 'completed';
-      step.completed_at = completedAt;
-      step.duration = completedAt.getTime() - startedAt.getTime();
-
-      this.log(executionId, 'info', `Step completed successfully in ${step.duration}ms`);
-
-      // Store artifacts
-      if (artifacts.length > 0) {
-        this.artifacts.set(executionId, artifacts);
-      }
-
-      return {
-        id: executionId,
-        plan_id: planId,
-        step_id: step.id,
-        status: 'success',
-        started_at: startedAt,
-        completed_at: completedAt,
-        duration: step.duration,
-        outputs,
-        artifacts,
-        logs: this.logs.get(executionId),
-      };
-    } catch (error) {
-      const completedAt = new Date();
-      step.status = 'failed';
-      step.completed_at = completedAt;
-      step.duration = completedAt.getTime() - startedAt.getTime();
-
-      this.log(executionId, 'error', `Step failed: ${(error as Error).message}`);
-      logger.error(`Step ${step.id} failed`, error);
-
-      return {
-        id: executionId,
-        plan_id: planId,
-        step_id: step.id,
-        status: 'failure',
-        started_at: startedAt,
-        completed_at: completedAt,
-        duration: step.duration!,
-        error: {
-          code: error instanceof NonRetryableError ? 'NON_RETRYABLE_ERROR' : 'STEP_EXECUTION_ERROR',
-          message: (error as Error).message,
-          stack_trace: (error as Error).stack,
-        },
-        logs: this.logs.get(executionId),
-      };
-    }
-  }
-
-  /**
-   * Get steps that are ready for execution
-   */
-  private getReadySteps(steps: PlanStep[], executedSteps: Set<string>): PlanStep[] {
-    return steps.filter(step => {
-      // Skip already executed steps
-      if (executedSteps.has(step.id)) {
-        return false;
-      }
-
-      // Skip failed/completed steps
-      if (step.status === 'completed' || step.status === 'failed') {
-        return false;
-      }
-
-      // Check if all dependencies are satisfied
-      if (step.depends_on && step.depends_on.length > 0) {
-        return step.depends_on.every(depId => executedSteps.has(depId));
-      }
-
-      return true;
-    });
-  }
-
-  /**
-   * Validate requirements
-   */
-  private async validateRequirements(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Validating infrastructure requirements');
-
-    const { provider, components, requirements: _requirements } = step.parameters;
-
-    // Validate provider
-    if (!['aws', 'gcp', 'azure'].includes(provider as string)) {
-      throw new NonRetryableError(`Invalid provider: ${provider}`);
-    }
-
-    // Validate components
-    if (!Array.isArray(components) || components.length === 0) {
-      throw new NonRetryableError('No components specified');
-    }
-
-    const validComponents = ['vpc', 'eks', 'rds', 's3', 'gke', 'gcs', 'aks'];
-    for (const component of components) {
-      if (!validComponents.includes(component)) {
-        throw new NonRetryableError(`Invalid component: ${component}`);
-      }
-    }
-
-    this.log(executionId, 'info', `Validated ${components.length} components for ${provider}`);
-
-    return {
-      validated: true,
-      provider,
-      components,
-    };
-  }
-
-  /**
-   * Generate component
-   */
-  private async generateComponent(
-    step: PlanStep,
-    executionId: string
-  ): Promise<{ outputs: Record<string, unknown>; artifacts: ExecutionArtifact[] }> {
-    this.log(executionId, 'info', `Generating ${step.parameters.component} component`);
-
-    const { component, provider, variables } = step.parameters;
-
-    let generatedCode: string;
-
-    try {
-      // Call local generator adapter to render template (no HTTP)
-      const templateId = `terraform/${provider}/${component}`;
-      const result = await this.generatorAdapter.renderTemplate(
-        templateId,
-        (variables as Record<string, unknown>) || {}
-      );
-      generatedCode = result.rendered_content;
-      this.log(executionId, 'info', `Local generator rendered template: ${templateId}`);
-    } catch (error) {
-      throw new ExecutionError(
-        `Step 'generate_component' failed for ${component}: ${(error as Error).message}.`,
-        { step: 'generate_component', cause: error }
-      );
-    }
-
-    // Write to filesystem using embedded FileSystemOperations
-    const outputPath = `/tmp/nimbus/${executionId}/${component}.tf`;
-
-    try {
-      await this.fsOps.writeFile(outputPath, generatedCode, { createDirs: true });
-      this.log(executionId, 'info', `Wrote generated code to: ${outputPath}`);
-    } catch (error) {
-      this.log(
-        executionId,
-        'warn',
-        `File write unavailable, file not written: ${(error as Error).message}`
-      );
-    }
-
-    // Create artifact
-    const artifact: ExecutionArtifact = {
-      id: `artifact_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`,
-      type: 'terraform',
-      name: `${component}.tf`,
-      path: outputPath,
-      size: generatedCode.length,
-      checksum: this.calculateChecksum(generatedCode),
-      created_at: new Date(),
-    };
-
-    this.log(executionId, 'info', `Generated artifact: ${artifact.name} (${artifact.size} bytes)`);
-
-    return {
-      outputs: {
-        component,
-        code_size: generatedCode.length,
-        artifact_id: artifact.id,
-        generated_code: generatedCode,
-      },
-      artifacts: [artifact],
-    };
-  }
-
-  /**
-   * Validate generated code
-   */
-  private async validateGeneratedCode(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Validating generated infrastructure code');
-
-    const { components } = step.parameters;
-    const workDir = (step.parameters.workDir as string) || `/tmp/nimbus/${executionId}`;
-
-    try {
-      const tfOps = this.tfOpsForDir(workDir);
-
-      // Initialize terraform first (needed for validation)
-      this.log(executionId, 'info', 'Initializing Terraform for validation...');
-      await tfOps.init();
-
-      // Run terraform validate
-      this.log(executionId, 'info', 'Running Terraform validate...');
-      const validateResult = await tfOps.validate();
-
-      // Format terraform files
-      this.log(executionId, 'info', 'Formatting Terraform files...');
-      await tfOps.fmt({ recursive: true });
-
-      const validationResults = {
-        syntax_valid: validateResult.valid,
-        error_count: validateResult.errorCount,
-        warning_count: validateResult.warningCount,
-        diagnostics: validateResult.diagnostics,
-        resources_count: (components as string[]).length * 5, // Estimate
-      };
-
-      if (validateResult.valid) {
-        this.log(executionId, 'info', `Code validation passed`);
-      } else {
-        this.log(executionId, 'warn', `Code validation found ${validateResult.errorCount} errors`);
-      }
-
-      return validationResults;
-    } catch (error) {
-      throw new ExecutionError(
-        `Step 'validate_generated_code' failed: ${(error as Error).message}. Ensure Terraform is installed.`,
-        { step: 'validate_generated_code', cause: error }
-      );
-    }
-  }
-
-  /**
-   * Apply best practices
-   */
-  private async applyBestPractices(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Applying security and best practices');
-
-    const { components, autofix, config } = step.parameters;
-    let totalViolations = 0;
-    let totalFixed = 0;
-    const componentReports: Array<{ component: string; violations: number; fixed: number }> = [];
-
-    try {
-      // Analyze best practices for each component using local adapter
-      for (const component of components as string[]) {
-        this.log(executionId, 'info', `Analyzing best practices for ${component}...`);
-
-        const report = await this.generatorAdapter.analyzeBestPractices(
-          component,
-          (config as Record<string, unknown>) || {}
-        );
-
-        const violations = report.summary?.total_violations || 0;
-        totalViolations += violations;
-
-        // Apply autofixes if requested
-        if (autofix && violations > 0) {
-          this.log(executionId, 'info', `Applying autofixes for ${component}...`);
-          const fixResult = await this.generatorAdapter.applyAutofixes(
-            component,
-            (config as Record<string, unknown>) || {}
-          );
-          const fixed = fixResult.fixes_applied || 0;
-          totalFixed += fixed;
-          componentReports.push({ component, violations, fixed });
-        } else {
-          componentReports.push({ component, violations, fixed: 0 });
-        }
-      }
-
-      this.log(
-        executionId,
-        'info',
-        `Best practices: ${totalViolations} violations found, ${totalFixed} auto-fixed`
-      );
-
-      return {
-        violations_found: totalViolations,
-        violations_fixed: totalFixed,
-        component_reports: componentReports,
-        compliance_score:
-          totalViolations === 0 ? 100 : Math.max(0, 100 - (totalViolations - totalFixed) * 5),
-      };
-    } catch (error) {
-      throw new ExecutionError(`Step 'apply_best_practices' failed: ${(error as Error).message}.`, {
-        step: 'apply_best_practices',
-        cause: error,
-      });
-    }
-  }
-
-  /**
-   * Plan deployment
-   */
-  private async planDeployment(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Planning infrastructure deployment');
-
-    const workDir = (step.parameters.workDir as string) || `/tmp/nimbus/${executionId}`;
-
-    try {
-      const tfOps = this.tfOpsForDir(workDir);
-
-      // Initialize terraform first
-      this.log(executionId, 'info', 'Initializing Terraform...');
-      await tfOps.init();
-
-      // Run terraform plan
-      this.log(executionId, 'info', 'Running Terraform plan...');
-      const planResult = await tfOps.plan({
-        out: `${workDir}/plan.tfplan`,
-        varFile: step.parameters.varFile as string | undefined,
-      });
-
-      this.log(executionId, 'info', `Plan: hasChanges=${planResult.hasChanges}`);
-
-      return {
-        plan_output: planResult.output,
-        has_changes: planResult.hasChanges,
-        plan_file: `${workDir}/plan.tfplan`,
-      };
-    } catch (error) {
-      throw new ExecutionError(
-        `Step 'plan_deployment' failed: ${(error as Error).message}. Ensure Terraform is installed.`,
-        { step: 'plan_deployment', cause: error }
-      );
-    }
-  }
-
-  /**
-   * Apply deployment
-   */
-  private async applyDeployment(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Applying infrastructure deployment');
-
-    const workDir = (step.parameters.workDir as string) || `/tmp/nimbus/${executionId}`;
-    const autoApprove = (step.parameters.autoApprove as boolean) ?? true;
-    const planFile = step.parameters.planFile as string | undefined;
-
-    try {
-      const tfOps = this.tfOpsForDir(workDir);
-      const startTime = Date.now();
-
-      // Run terraform apply
-      this.log(executionId, 'info', 'Running Terraform apply...');
-      const applyResult = await tfOps.apply({
-        autoApprove,
-        planFile,
-        varFile: step.parameters.varFile as string | undefined,
-        parallelism: step.parameters.parallelism as number | undefined,
-      });
-
-      const deploymentTime = Date.now() - startTime;
-
-      this.log(executionId, 'info', `Deployment completed successfully`);
-
-      return {
-        applied: applyResult.success,
-        deployment_time: deploymentTime,
-        output: applyResult.output,
-      };
-    } catch (error) {
-      throw new ExecutionError(
-        `Step 'apply_deployment' failed: ${(error as Error).message}. Ensure Terraform is installed.`,
-        { step: 'apply_deployment', cause: error }
-      );
-    }
-  }
-
-  /**
-   * Verify deployment
-   */
-  private async verifyDeployment(
-    step: PlanStep,
-    executionId: string
-  ): Promise<Record<string, unknown>> {
-    this.log(executionId, 'info', 'Verifying deployed infrastructure');
-
-    const { components } = step.parameters;
-    const workDir = (step.parameters.workDir as string) || `/tmp/nimbus/${executionId}`;
-
-    try {
-      const tfOps = this.tfOpsForDir(workDir);
-
-      // Validate terraform state
-      this.log(executionId, 'info', 'Validating Terraform configuration...');
-      const validateResult = await tfOps.validate();
-
-      if (!validateResult.valid) {
-        this.log(
-          executionId,
-          'error',
-          `Validation failed with ${validateResult.errorCount} errors`
-        );
-        return {
-          verification_passed: false,
-          validation_errors: validateResult.diagnostics.filter((d: any) => d.severity === 'error'),
-          validation_warnings: validateResult.diagnostics.filter(
-            (d: any) => d.severity === 'warning'
-          ),
-        };
-      }
-
-      // Get terraform outputs
-      this.log(executionId, 'info', 'Retrieving Terraform outputs...');
-      const outputs = await tfOps.output();
-
-      // Build component checks
-      const checks = (components as string[]).map(component => ({
-        component,
-        status: 'passed',
-        checks_passed: 10,
-        checks_failed: 0,
-      }));
-
-      this.log(executionId, 'info', `Verification passed for ${checks.length} components`);
-
-      return {
-        verification_passed: true,
-        checks,
-        outputs,
-      };
-    } catch (error) {
-      throw new ExecutionError(
-        `Step 'verify_deployment' failed: ${(error as Error).message}. Ensure Terraform is installed.`,
-        { step: 'verify_deployment', cause: error }
-      );
-    }
-  }
-
-  /**
-   * Generate documentation
-   */
-  private async generateDocumentation(
-    step: PlanStep,
-    executionId: string
-  ): Promise<{ outputs: Record<string, unknown>; artifacts: ExecutionArtifact[] }> {
-    this.log(executionId, 'info', 'Generating infrastructure documentation');
-
-    const { components, include_diagrams } = step.parameters;
-
-    // Generate README
-    const readmeContent = this.generateReadme(components as string[]);
-    const readmeArtifact: ExecutionArtifact = {
-      id: `artifact_${Date.now()}_readme`,
-      type: 'documentation',
-      name: 'README.md',
-      path: `/tmp/nimbus/${executionId}/README.md`,
-      size: readmeContent.length,
-      checksum: this.calculateChecksum(readmeContent),
-      created_at: new Date(),
-    };
-
-    const artifacts = [readmeArtifact];
-
-    // Generate diagram if requested
-    if (include_diagrams) {
-      const { DiagramGenerator } = await import('./diagram-generator');
-      const diagramGen = new DiagramGenerator();
-      const diagramContent = diagramGen.generateInfrastructureDiagram(
-        components as string[],
-        'aws'
-      );
-      const diagramPath = `/tmp/nimbus/${executionId}/architecture.txt`;
-
-      try {
-        await this.fsOps.writeFile(diagramPath, diagramContent, { createDirs: true });
-      } catch {
-        // Best-effort write
-      }
-
-      const diagramArtifact: ExecutionArtifact = {
-        id: `artifact_${Date.now()}_diagram`,
-        type: 'documentation',
-        name: 'architecture.txt',
-        path: diagramPath,
-        size: diagramContent.length,
-        checksum: this.calculateChecksum(diagramContent),
-        created_at: new Date(),
-      };
-      artifacts.push(diagramArtifact);
-    }
-
-    this.log(executionId, 'info', `Generated ${artifacts.length} documentation artifacts`);
-
-    return {
-      outputs: {
-        artifacts_generated: artifacts.length,
-      },
-      artifacts,
-    };
-  }
-
-  /**
-   * Rollback a step
-   */
-  async rollbackStep(step: PlanStep): Promise<ExecutionResult> {
-    logger.info(`Rolling back step: ${step.id}`);
-
-    if (!step.rollback_action) {
-      throw new Error(`Step ${step.id} does not have a rollback action defined`);
-    }
-
-    const executionId = this.generateResultId();
-    const startedAt = new Date();
-
-    try {
-      // Execute rollback action
-      this.log(executionId, 'info', `Executing rollback: ${step.rollback_action}`);
-
-      // Parse and execute the rollback action
-      const action = step.rollback_action;
-      const [prefix, ...rest] = action.split(':');
-      
-      let rollbackCmd: string;
-      if (prefix === 'terraform_destroy') {
-        const workdir = rest.join(':');
-        rollbackCmd = `terraform -chdir=${workdir} destroy -auto-approve -no-color`;
-      } else if (prefix === 'kubectl_rollout_undo') {
-        const [resource, namespace] = rest;
-        rollbackCmd = `kubectl rollout undo ${resource}${namespace ? ` -n ${namespace}` : ''}`;
-      } else if (prefix === 'helm_rollback') {
-        const [release, revision, namespace] = rest;
-        rollbackCmd = `helm rollback ${release} ${revision ?? '0'}${namespace ? ` -n ${namespace}` : ''}`;
-      } else if (prefix === 'bash') {
-        rollbackCmd = rest.join(':');
-      } else {
-        this.log(executionId, 'warn', `Unknown rollback prefix "${prefix}" — skipping`);
-        rollbackCmd = '';
-      }
-      
-      if (rollbackCmd) {
-        this.log(executionId, 'info', `Running: ${rollbackCmd}`);
-        await new Promise<void>((resolve, reject) => {
-          const { exec } = require('node:child_process') as typeof import('node:child_process');
-          exec(rollbackCmd, { timeout: 600_000 }, (error, stdout, stderr) => {
-            if (stdout) this.log(executionId, 'info', stdout);
-            if (stderr) this.log(executionId, 'info', stderr);
-            if (error) reject(error);
-            else resolve();
-          });
-        });
-      }
-
-      const completedAt = new Date();
-
-      this.log(executionId, 'info', 'Rollback completed successfully');
-
-      return {
-        id: executionId,
-        plan_id: 'rollback',
-        step_id: step.id,
-        status: 'success',
-        started_at: startedAt,
-        completed_at: completedAt,
-        duration: completedAt.getTime() - startedAt.getTime(),
-        outputs: {
-          rolled_back: true,
-        },
-        logs: this.logs.get(executionId),
-      };
-    } catch (error) {
-      const completedAt = new Date();
-      this.log(executionId, 'error', `Rollback failed: ${(error as Error).message}`);
-
-      return {
-        id: executionId,
-        plan_id: 'rollback',
-        step_id: step.id,
-        status: 'failure',
-        started_at: startedAt,
-        completed_at: completedAt,
-        duration: completedAt.getTime() - startedAt.getTime(),
-        error: {
-          code: 'ROLLBACK_ERROR',
-          message: (error as Error).message,
-        },
-        logs: this.logs.get(executionId),
-      };
-    }
-  }
-
-  /**
-   * Get execution logs
-   */
-  getLogs(executionId: string): ExecutionLog[] {
-    return this.logs.get(executionId) || [];
-  }
-
-  /**
-   * Get execution artifacts
-   */
-  getArtifacts(executionId: string): ExecutionArtifact[] {
-    return this.artifacts.get(executionId) || [];
-  }
-
-  /**
-   * Log a message
-   */
-  private log(
-    executionId: string,
-    level: 'debug' | 'info' | 'warn' | 'error',
-    message: string,
-    context?: Record<string, unknown>
-  ): void {
-    if (!this.logs.has(executionId)) {
-      this.logs.set(executionId, []);
-    }
-
-    this.logs.get(executionId)!.push({
-      timestamp: new Date(),
-      level,
-      message,
-      context,
-    });
-  }
-
-  /**
-   * Helper: Generate README
-   */
-  private generateReadme(components: string[]): string {
-    return (
-      `# Infrastructure Documentation\n\n` +
-      `## Components\n\n${components
-        .map(c => `- ${c.toUpperCase()}`)
-        .join('\n')}\n\n## Deployment\n\nRun \`terraform apply\` to deploy.\n`
-    );
-  }
-
-  /**
-   * Helper: Calculate checksum
-   */
-  private calculateChecksum(content: string): string {
-    // Simple hash function (in production, use proper crypto)
-    let hash = 0;
-    for (let i = 0; i < content.length; i++) {
-      const char = content.charCodeAt(i);
-      hash = (hash << 5) - hash + char;
-      hash = hash & hash;
-    }
-    return Math.abs(hash).toString(16);
-  }
-
-  /**
-   * Helper: Sleep
-   */
-  private sleep(ms: number): Promise<void> {
-    return new Promise(resolve => setTimeout(resolve, ms));
-  }
-
-  /**
-   * Generate result ID
-   */
-  private generateResultId(): string {
-    return `exec_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
-  }
-}