@synth-deploy/server 0.1.0

package/dist/agent/synth-agent.js

@@ -0,0 +1,1195 @@
+import crypto from "node:crypto";
+import { DefaultHealthChecker } from "./health-checker.js";
+import { EnvoyClient } from "./envoy-client.js";
+import { serverLog, serverError } from "../logger.js";
+const DEFAULT_OPTIONS = {
+    healthCheckRetries: 1,
+    healthCheckBackoffMs: 500,
+    executionDelayMs: 10,
+};
+/**
+ * Variable name patterns that warrant extra scrutiny when overridden.
+ */
+const SENSITIVE_VARIABLE_PATTERNS = [
+    /secret/i,
+    /password/i,
+    /\bkey\b/i,
+    /token/i,
+    /credential/i,
+];
+/**
+ * Variable name patterns indicating network connectivity configuration.
+ * Overriding these cross-environment can route traffic or data to the
+ * wrong infrastructure.
+ */
+const CONNECTIVITY_VARIABLE_PATTERNS = [
+    /host/i,
+    /\burl\b/i,
+    /endpoint/i,
+    /\bport\b/i,
+    /\baddr/i,
+    /\buri\b/i,
+    /\bconn/i,
+];
+// ---------------------------------------------------------------------------
+// OrchestrationError
+// ---------------------------------------------------------------------------
+/**
+ * Thrown when a pipeline step fails after the agent has reasoned through it
+ * and determined the deployment cannot proceed.
+ *
+ * Carries structured reasoning so the final debrief entry can explain
+ * exactly why the deployment was aborted.
+ */
+export class OrchestrationError extends Error {
+    step;
+    reasoning;
+    constructor(step, message, reasoning) {
+        super(message);
+        this.step = step;
+        this.reasoning = reasoning;
+        this.name = "OrchestrationError";
+    }
+}
+// ---------------------------------------------------------------------------
+// SynthAgent — the deployment orchestration engine
+// ---------------------------------------------------------------------------
+/**
+ * Command Agent — the reasoning engine that orchestrates deployments.
+ *
+ * Processes deployment requests through a structured pipeline. When a step
+ * encounters an unexpected situation, the agent evaluates the specifics —
+ * error type, environment context, conflict severity — and makes a
+ * context-dependent decision about how to proceed.
+ *
+ * Key reasoning behaviors:
+ *
+ *   Health check failures:
+ *   - DNS errors abort immediately (retrying won't resolve infrastructure config)
+ *   - Timeouts on production get extended backoff (service may be under load)
+ *   - Connection refused gets standard retry (process may be restarting)
+ *
+ *   Variable conflicts:
+ *   - Multiple connectivity vars pointing cross-environment → block deployment
+ *   - Single cross-env connectivity var → proceed with operator warning
+ *   - Sensitive variable overrides → proceed, log for audit without exposing values
+ *   - Standard overrides → proceed with precedence rules
+ *
+ * Every decision is recorded to the Debrief. No silent actions.
+ */
+export class SynthAgent {
+    debrief;
+    deployments;
+    artifactStore;
+    environmentStore;
+    partitionStore;
+    healthChecker;
+    settingsReader;
+    options;
+    explicitOptions;
+    mcpClientManager;
+    constructor(debrief, deployments, artifactStore, environmentStore, partitionStore, healthChecker = new DefaultHealthChecker(), options = {}, settingsReader) {
+        this.debrief = debrief;
+        this.deployments = deployments;
+        this.artifactStore = artifactStore;
+        this.environmentStore = environmentStore;
+        this.partitionStore = partitionStore;
+        this.healthChecker = healthChecker;
+        this.settingsReader = settingsReader;
+        this.explicitOptions = options;
+        this.options = { ...DEFAULT_OPTIONS, ...options };
+    }
+    /**
+     * Returns effective agent options. Precedence (highest wins):
+     *   1. Explicit constructor options
+     *   2. Global settings from SettingsStore
+     *   3. DEFAULT_OPTIONS
+     */
+    getEffectiveOptions() {
+        if (!this.settingsReader)
+            return this.options;
+        const settings = this.settingsReader.get();
+        return {
+            ...DEFAULT_OPTIONS,
+            healthCheckRetries: settings.agent.defaultHealthCheckRetries,
+            ...this.explicitOptions,
+        };
+    }
+    // -----------------------------------------------------------------------
+    // RBAC permission check (not yet enforced)
+    // -----------------------------------------------------------------------
+    /**
+     * Check whether the caller has the required permission.
+     * RBAC enforcement is not yet implemented — always returns true.
+     */
+    checkCallerPermission(_actor, _requiredPermission) {
+        // RBAC enforcement is not yet implemented. All callers are permitted.
+        return true;
+    }
+    // -----------------------------------------------------------------------
+    // Main entry point
+    // -----------------------------------------------------------------------
+    async triggerDeployment(trigger) {
+        const deploymentId = crypto.randomUUID();
+        // --- Look up entities from stores -----------------------------------------------
+        serverLog("DEPLOY-TRIGGER", { deploymentId, artifactId: trigger.artifactId, environmentId: trigger.environmentId, partitionId: trigger.partitionId ?? null, triggeredBy: trigger.triggeredBy });
+        const environment = this.environmentStore.get(trigger.environmentId);
+        if (!environment) {
+            throw new OrchestrationError("resolve-entities", `Environment not found: ${trigger.environmentId}`, `The trigger references environment ID "${trigger.environmentId}" which does not exist in the environment store. ` +
+                `Verify the environment ID is correct and the environment has been created.`);
+        }
+        let partition;
+        if (trigger.partitionId) {
+            partition = this.partitionStore.get(trigger.partitionId);
+            if (!partition) {
+                throw new OrchestrationError("resolve-entities", `Partition not found: ${trigger.partitionId}`, `The trigger references partition ID "${trigger.partitionId}" which does not exist in the partition store. ` +
+                    `Verify the partition ID is correct and the partition has been created.`);
+            }
+        }
+        const artifact = this.artifactStore.get(trigger.artifactId);
+        if (!artifact) {
+            throw new OrchestrationError("resolve-entities", `Artifact not found: ${trigger.artifactId}`, `The trigger references artifact ID "${trigger.artifactId}" which does not exist in the artifact store. ` +
+                `Verify the artifact ID is correct and the artifact has been created.`);
+        }
+        // --- RBAC check (not yet enforced) --------------------------------------------
+        const actor = trigger.triggeredBy === "user" ? "user" : "agent";
+        if (!this.checkCallerPermission(actor, "deployment.create")) {
+            throw new OrchestrationError("permission-check", `Caller "${actor}" lacks deployment.create permission`, `The deployment was rejected because the caller does not have the required ` +
+                `"deployment.create" permission. Contact an administrator to request access.`);
+        }
+        // --- Step 0: Artifact analysis ------------------------------------------------
+        const analysisEntry = this.debrief.record({
+            partitionId: trigger.partitionId ?? null,
+            deploymentId,
+            agent: "server",
+            decisionType: "artifact-analysis",
+            decision: `Analyzed artifact "${artifact.name}" (${artifact.type}) — confidence ${artifact.analysis.confidence}`,
+            reasoning: `Artifact "${artifact.name}" is a ${artifact.type} artifact. ` +
+                `Analysis summary: ${artifact.analysis.summary} ` +
+                `Dependencies: ${artifact.analysis.dependencies.length > 0 ? artifact.analysis.dependencies.join(", ") : "none identified"}. ` +
+                `Deployment intent: ${artifact.analysis.deploymentIntent ?? "not specified"}. ` +
+                `Analysis confidence: ${artifact.analysis.confidence}. ` +
+                `${artifact.annotations.length} operator annotation(s) applied. ` +
+                `${artifact.learningHistory.length} learning history entries.`,
+            context: {
+                artifactId: artifact.id,
+                artifactName: artifact.name,
+                artifactType: artifact.type,
+                confidence: artifact.analysis.confidence,
+                dependencies: artifact.analysis.dependencies,
+                annotationCount: artifact.annotations.length,
+            },
+        });
+        // --- Step 1: Plan the pipeline -----------------------------------------
+        const version = trigger.artifactVersionId ?? "latest";
+        const pipelineSteps = [
+            "resolve-configuration",
+            "preflight-health-check",
+            "execute-deployment",
+            "post-deploy-verify",
+        ];
+        const planEntry = this.debrief.record({
+            partitionId: trigger.partitionId ?? null,
+            deploymentId,
+            agent: "server",
+            decisionType: "pipeline-plan",
+            decision: `Planned deployment pipeline: ${pipelineSteps.join(" → ")}`,
+            reasoning: `Deployment of "${artifact.name}" v${version} to ${environment.name}` +
+                (partition ? ` for partition "${partition.name}"` : "") +
+                `. Pipeline includes pre-flight health check to verify ` +
+                `target environment is reachable before deploying, and post-deployment verification ` +
+                `to confirm the deployment took effect.`,
+            context: {
+                steps: pipelineSteps,
+                artifactId: artifact.id,
+                artifactName: artifact.name,
+                version,
+                environmentName: environment.name,
+                partitionName: partition?.name ?? null,
+            },
+        });
+        // --- Create Deployment record ------------------------------------------
+        // Initial plan — the Envoy generates the real deployment plan during execution
+        const initialPlan = {
+            steps: [
+                {
+                    description: `Deploy ${artifact.name} v${version}`,
+                    action: "deploy",
+                    target: environment.name,
+                    reversible: true,
+                    rollbackAction: "rollback to previous version",
+                },
+            ],
+            reasoning: `Initial plan for "${artifact.name}". ` +
+                `Deployment intent: ${artifact.analysis.deploymentIntent ?? "standard deployment"}. ` +
+                `The Envoy will generate a detailed execution plan based on artifact analysis and environment state.`,
+        };
+        const planGenEntry = this.debrief.record({
+            partitionId: trigger.partitionId ?? null,
+            deploymentId,
+            agent: "server",
+            decisionType: "plan-generation",
+            decision: `Generated deployment plan for "${artifact.name}" v${version} — ${initialPlan.steps.length} step(s)`,
+            reasoning: initialPlan.reasoning,
+            context: {
+                stepCount: initialPlan.steps.length,
+                artifactName: artifact.name,
+                version,
+            },
+        });
+        const approvalEntry = this.debrief.record({
+            partitionId: trigger.partitionId ?? null,
+            deploymentId,
+            agent: "server",
+            decisionType: "plan-approval",
+            decision: `Auto-approved deployment plan for "${artifact.name}" v${version}`,
+            reasoning: `Plan auto-approved without explicit user review. The approval workflow will be ` +
+                `presented via the plan review UI before execution begins.`,
+            context: {
+                autoApproved: true,
+                approvedBy: actor,
+            },
+        });
+        const deployment = {
+            id: deploymentId,
+            artifactId: trigger.artifactId,
+            artifactVersionId: trigger.artifactVersionId,
+            environmentId: trigger.environmentId,
+            partitionId: trigger.partitionId,
+            version,
+            status: "pending",
+            variables: {},
+            plan: initialPlan,
+            approvedBy: actor,
+            approvedAt: new Date(),
+            debriefEntryIds: [analysisEntry.id, planEntry.id, planGenEntry.id, approvalEntry.id],
+            createdAt: new Date(),
+        };
+        this.deployments.save(deployment);
+        try {
+            // --- Step 2: Resolve configuration -----------------------------------
+            serverLog("DEPLOY-CONFIG-RESOLVE", { deploymentId: deployment.id });
+            const { variables, hasConflicts } = this.resolveConfiguration(deployment, trigger.variables, partition, environment, artifact);
+            deployment.variables = variables;
+            // --- Step 3: Pre-flight health check ---------------------------------
+            deployment.status = "running";
+            this.deployments.save(deployment);
+            serverLog("DEPLOY-HEALTH-CHECK", { deploymentId: deployment.id, environment: environment.name });
+            await this.preflightHealthCheck(deployment, partition, environment, artifact);
+            // --- Step 4: Execute deployment ----------------------------------------
+            serverLog("DEPLOY-EXECUTE", { deploymentId: deployment.id, artifact: artifact.name, version: deployment.version, environment: environment.name });
+            const delegated = await this.executeDeployment(deployment, partition, environment, artifact);
+            // --- Step 5: Post-deploy verify ----------------------------------------
+            // Only run when Envoy did NOT handle execution — Envoy ingests its own
+            // verification debrief entries via delegateToEnvoy(), so calling this
+            // after delegation would produce a duplicate/false entry.
+            if (!delegated) {
+                await this.postDeployVerify(deployment, partition, environment, artifact);
+            }
+            // --- Success ---------------------------------------------------------
+            deployment.status = "succeeded";
+            deployment.completedAt = new Date();
+            serverLog("DEPLOY-SUCCEEDED", { deploymentId: deployment.id, artifact: artifact.name, version: deployment.version, environment: environment.name, durationMs: deployment.completedAt.getTime() - deployment.createdAt.getTime() });
+            const completionEntry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "deployment-completion",
+                decision: `Marking deployment of ${artifact.name} v${deployment.version} as succeeded on "${environment.name}"`,
+                reasoning: `All four pipeline steps completed: configuration accepted, health check passed, ` +
+                    `execution finished, post-deploy verification confirmed. ` +
+                    `${Object.keys(deployment.variables).length} variable(s) applied` +
+                    (partition ? ` for partition "${partition.name}"` : "") + `. ` +
+                    (hasConflicts
+                        ? "Variable conflicts were resolved via precedence rules — see earlier debrief entries for per-conflict reasoning."
+                        : "No variable conflicts encountered — configuration was unambiguous.") +
+                    ` Total duration: ${deployment.completedAt.getTime() - deployment.createdAt.getTime()}ms.`,
+                context: {
+                    durationMs: deployment.completedAt.getTime() - deployment.createdAt.getTime(),
+                    status: deployment.status,
+                    variableCount: Object.keys(deployment.variables).length,
+                },
+            });
+            deployment.debriefEntryIds.push(completionEntry.id);
+        }
+        catch (error) {
+            deployment.status = "failed";
+            deployment.completedAt = new Date();
+            deployment.failureReason =
+                error instanceof OrchestrationError
+                    ? error.message
+                    : `Unexpected error: ${error instanceof Error ? error.message : String(error)}`;
+            serverError("DEPLOY-FAILED", { deploymentId: deployment.id, reason: deployment.failureReason, durationMs: deployment.completedAt.getTime() - deployment.createdAt.getTime() });
+            const failEntry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "deployment-failure",
+                decision: `Deployment failed: ${deployment.failureReason}`,
+                reasoning: error instanceof OrchestrationError
+                    ? error.reasoning
+                    : `Unexpected error during "${artifact.name}" v${version} ` +
+                        `deployment to "${environment.name}"` +
+                        (partition ? ` for partition "${partition.name}"` : "") + `: ` +
+                        `${error instanceof Error ? error.message : String(error)}. ` +
+                        `This error did not come from the orchestration pipeline (not a health check, ` +
+                        `configuration, or execution failure) — it may indicate a server-side bug or ` +
+                        `infrastructure issue. The deployment has been marked as failed and no changes ` +
+                        `were applied to the target environment. Recommended action: check the server ` +
+                        `process logs for a stack trace, then re-trigger the deployment. If the error ` +
+                        `recurs, investigate the server runtime environment.`,
+                context: {
+                    durationMs: deployment.completedAt.getTime() - deployment.createdAt.getTime(),
+                    status: deployment.status,
+                    step: error instanceof OrchestrationError ? error.step : "unknown",
+                    ...(error instanceof Error ? { errorMessage: error.message } : {}),
+                },
+            });
+            deployment.debriefEntryIds.push(failEntry.id);
+        }
+        this.deployments.save(deployment);
+        return deployment;
+    }
+    // -----------------------------------------------------------------------
+    // External MCP checks — pre-deployment intelligence from external servers
+    // -----------------------------------------------------------------------
+    /**
+     * Survey connected MCP servers and record available external intelligence
+     * to the Debrief. This runs before deployment to surface any relevant
+     * monitoring data, incident context, or diagnostic tools.
+     *
+     * Returns the list of tool call results (empty if no servers are connected).
+     * Never throws — external server failures must not block deployments.
+     */
+    async runExternalChecks(partitionId, environmentId) {
+        if (!this.mcpClientManager ||
+            this.mcpClientManager.getConnectedServers().length === 0) {
+            return [];
+        }
+        const results = [];
+        try {
+            const tools = await this.mcpClientManager.listTools();
+            const connectedServers = this.mcpClientManager.getConnectedServers();
+            this.debrief.record({
+                partitionId,
+                deploymentId: null,
+                agent: "server",
+                decisionType: "diagnostic-investigation",
+                decision: `${tools.length} external tool(s) available from ${connectedServers.length} MCP server(s)`,
+                reasoning: "Pre-deployment check: surveyed connected MCP servers for available intelligence. " +
+                    `Servers: ${connectedServers.join(", ")}. ` +
+                    (tools.length > 0
+                        ? `Available tools: ${tools.map((t) => `${t.server}/${t.name}`).join(", ")}.`
+                        : "No tools exposed by connected servers."),
+                context: {
+                    servers: connectedServers,
+                    toolCount: tools.length,
+                    tools: tools.map((t) => ({
+                        server: t.server,
+                        name: t.name,
+                        description: t.description,
+                    })),
+                    environmentId,
+                },
+            });
+        }
+        catch (error) {
+            // Never let external checks block the deployment
+            this.debrief.record({
+                partitionId,
+                deploymentId: null,
+                agent: "server",
+                decisionType: "diagnostic-investigation",
+                decision: "External MCP check failed — proceeding without external intelligence",
+                reasoning: `Error surveying MCP servers: ${error instanceof Error ? error.message : String(error)}. ` +
+                    "This does not affect the deployment. External data sources are supplementary.",
+                context: {
+                    error: error instanceof Error ? error.message : String(error),
+                    environmentId,
+                },
+            });
+        }
+        return results;
+    }
+    // -----------------------------------------------------------------------
+    // Pipeline step: resolve configuration
+    // -----------------------------------------------------------------------
+    resolveConfiguration(deployment, triggerVariables, partition, environment, artifact) {
+        // Precedence: environment → partition (if present) → artifact defaults → trigger overrides
+        const resolved = { ...environment.variables };
+        const conflicts = [];
+        // Partition overrides environment (if partition is provided)
+        if (partition) {
+            for (const [key, value] of Object.entries(partition.variables)) {
+                if (key in resolved && resolved[key] !== value) {
+                    conflicts.push({
+                        variable: key,
+                        winner: "partition",
+                        winnerValue: value,
+                        loserValue: resolved[key],
+                        loserLevel: "environment",
+                    });
+                }
+                resolved[key] = value;
+            }
+        }
+        // Artifact configuration expectations as defaults (only fill gaps, don't override)
+        // These are hints from artifact analysis, not hard overrides
+        if (artifact.analysis.configurationExpectations) {
+            for (const [key, _description] of Object.entries(artifact.analysis.configurationExpectations)) {
+                // Only add if not already set — these are expectations, not values
+                // The artifact analysis tells us what variables are expected, not what values to use
+                // So we skip actually setting them — they serve as documentation
+            }
+        }
+        // Trigger overrides everything
+        if (triggerVariables) {
+            for (const [key, value] of Object.entries(triggerVariables)) {
+                if (key in resolved && resolved[key] !== value) {
+                    conflicts.push({
+                        variable: key,
+                        winner: "trigger",
+                        winnerValue: value,
+                        loserValue: resolved[key],
+                        loserLevel: partition && key in partition.variables ? "partition" : "environment",
+                    });
+                }
+                resolved[key] = value;
+            }
+        }
+        if (conflicts.length > 0) {
+            // Assess risk across ALL conflicts together, then act on the assessment
+            const assessment = this.assessConflictRisk(conflicts, environment);
+            this.recordConflictReasoning(deployment, assessment, environment);
+            if (assessment.action === "block") {
+                throw new OrchestrationError("resolve-configuration", `Deployment blocked: ${assessment.riskLevel}-risk variable configuration detected`, assessment.reasoning);
+            }
+        }
+        const partitionVarCount = partition ? Object.keys(partition.variables).length : 0;
+        const configEntry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "configuration-resolved",
+            decision: conflicts.length === 0
+                ? `Accepted configuration for "${environment.name}" — ${Object.keys(resolved).length} variable(s) merged, no conflicts`
+                : `Accepted configuration for "${environment.name}" — ${conflicts.length} conflict(s) resolved via precedence, proceeding with merged result`,
+            reasoning: conflicts.length === 0
+                ? `Environment "${environment.name}" provided ${Object.keys(environment.variables).length} base variable(s), ` +
+                    (partition ? `partition added ${partitionVarCount}, ` : "") +
+                    `trigger added ${Object.keys(triggerVariables ?? {}).length}. ` +
+                    `No values collided across levels, so the merged configuration is unambiguous. ` +
+                    `Accepting ${Object.keys(resolved).length} final variable(s) as the deployment configuration.`
+                : `${conflicts.length} variable(s) had different values at multiple precedence levels. ` +
+                    `Resolved using the hierarchy trigger > partition > environment. ` +
+                    `See preceding debrief entries for per-conflict risk assessment and reasoning. ` +
+                    `Accepting the merged result as the deployment configuration.`,
+            context: {
+                variableCount: Object.keys(resolved).length,
+                conflictCount: conflicts.length,
+                sources: {
+                    environment: Object.keys(environment.variables).length,
+                    partition: partitionVarCount,
+                    trigger: Object.keys(triggerVariables ?? {}).length,
+                },
+            },
+        });
+        deployment.debriefEntryIds.push(configEntry.id);
+        return { variables: resolved, hasConflicts: conflicts.length > 0 };
+    }
+    // -----------------------------------------------------------------------
+    // Reasoning: variable conflict risk assessment
+    // -----------------------------------------------------------------------
+    /**
+     * Analyze all variable conflicts together and produce a risk assessment.
+     *
+     * This is where genuine reasoning happens — the decision depends on
+     * the combination of factors across all conflicts, not just individual
+     * pattern matches:
+     *
+     *   - A single cross-env connectivity var might be intentional partition config
+     *   - Multiple cross-env connectivity vars are almost certainly misconfiguration
+     *   - Sensitive vars get audit logging regardless of other factors
+     *   - The assessed risk level determines whether to proceed or block
+     */
+    assessConflictRisk(conflicts, environment) {
+        const details = [];
+        let crossEnvConnectivityCount = 0;
+        const crossEnvConnectivityVars = [];
+        for (const conflict of conflicts) {
+            const isCrossEnv = this.detectCrossEnvironmentPattern(conflict, environment.name);
+            const isConnectivity = CONNECTIVITY_VARIABLE_PATTERNS.some((p) => p.test(conflict.variable));
+            const isSensitive = SENSITIVE_VARIABLE_PATTERNS.some((p) => p.test(conflict.variable));
+            if (isCrossEnv && isConnectivity) {
+                crossEnvConnectivityCount++;
+                crossEnvConnectivityVars.push(conflict.variable);
+                details.push({
+                    conflict,
+                    category: "cross-env-connectivity",
+                    riskContribution: `${conflict.variable} is a connectivity variable pointing to ` +
+                        `"${conflict.winnerValue}" in a ${environment.name} deployment — ` +
+                        `this could route traffic or data to the wrong environment`,
+                });
+            }
+            else if (isCrossEnv) {
+                details.push({
+                    conflict,
+                    category: "cross-env",
+                    riskContribution: `${conflict.variable} value "${conflict.winnerValue}" references ` +
+                        `a different environment than target "${environment.name}"`,
+                });
+            }
+            else if (isSensitive) {
+                details.push({
+                    conflict,
+                    category: "sensitive",
+                    riskContribution: `${conflict.variable} is security-sensitive and overridden at ${conflict.winner} level`,
+                });
+            }
+            else {
+                details.push({
+                    conflict,
+                    category: "standard",
+                    riskContribution: `${conflict.variable}: ${conflict.winner} value overrides ${conflict.loserLevel} value`,
+                });
+            }
+        }
+        // --- Decision logic: compound risk assessment ---
+        // Multiple connectivity variables pointing cross-environment = block.
+        // One might be intentional. Two or more is a pattern that indicates
+        // the partition's variable bindings are wrong for this environment.
+        if (crossEnvConnectivityCount >= 2) {
+            return {
+                action: "block",
+                riskLevel: "high",
+                reasoning: `${crossEnvConnectivityCount} connectivity variables ` +
+                    `(${crossEnvConnectivityVars.join(", ")}) are overridden with values ` +
+                    `referencing a different environment than the deployment target ` +
+                    `"${environment.name}". ${details.filter((d) => d.category === "cross-env-connectivity").map((d) => d.riskContribution).join(". ")}. ` +
+                    `A single cross-environment connectivity override might reflect ` +
+                    `intentional partition-specific infrastructure, but multiple overrides ` +
+                    `strongly suggest the partition's variable bindings are misconfigured ` +
+                    `for this environment. Blocking deployment to prevent cross-environment ` +
+                    `data access or traffic routing. To deploy with this configuration, ` +
+                    `verify the partition's variables are correct and re-trigger with explicit ` +
+                    `overrides at the trigger level.`,
+                details,
+            };
+        }
+        // Single cross-env connectivity var: proceed but flag as medium risk.
+        if (crossEnvConnectivityCount === 1) {
+            return {
+                action: "proceed",
+                riskLevel: "medium",
+                reasoning: `One connectivity variable (${crossEnvConnectivityVars[0]}) is overridden ` +
+                    `with a value referencing a different environment than "${environment.name}". ` +
+                    `This may reflect intentional partition-specific infrastructure (e.g., a partition ` +
+                    `that maintains a shared database across environments) or may be ` +
+                    `misconfiguration. Proceeding with partition-level precedence because a single ` +
+                    `override does not establish a pattern of misconfiguration. The operator ` +
+                    `should verify this override is intentional.`,
+                details,
+            };
+        }
+        // Cross-env non-connectivity or sensitive-only: low risk, proceed
+        return {
+            action: "proceed",
+            riskLevel: "low",
+            reasoning: `Variable conflicts resolved via standard precedence rules ` +
+                `(trigger > partition > environment). No high-risk cross-environment ` +
+                `connectivity patterns detected.`,
+            details,
+        };
+    }
+    /**
+     * Record debrief entries for each conflict category found in the assessment.
+     */
+    recordConflictReasoning(deployment, assessment, environment) {
+        // Group details by category for debrief entries
+        const byCategory = new Map();
+        for (const detail of assessment.details) {
+            const existing = byCategory.get(detail.category) ?? [];
+            existing.push(detail);
+            byCategory.set(detail.category, existing);
+        }
+        // Cross-env connectivity (the high-risk ones)
+        const crossEnvConn = byCategory.get("cross-env-connectivity");
+        if (crossEnvConn) {
+            const entry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "variable-conflict",
+                decision: assessment.action === "block"
+                    ? `Blocking deployment: ${crossEnvConn.length} cross-environment connectivity conflict(s)`
+                    : `Cross-environment connectivity override detected in ${crossEnvConn.length} variable(s)`,
+                reasoning: assessment.reasoning,
+                context: {
+                    category: "cross-environment",
+                    riskLevel: assessment.riskLevel,
+                    action: assessment.action,
+                    conflicts: crossEnvConn.map((d) => ({
+                        variable: d.conflict.variable,
+                        winnerValue: d.conflict.winnerValue,
+                        loserValue: d.conflict.loserValue,
+                    })),
+                    targetEnvironment: environment.name,
+                },
+            });
+            deployment.debriefEntryIds.push(entry.id);
+        }
+        // Cross-env non-connectivity
+        const crossEnv = byCategory.get("cross-env");
+        if (crossEnv) {
+            const details = crossEnv
+                .map((d) => d.riskContribution)
+                .join("; ");
+            const entry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "variable-conflict",
+                decision: `Cross-environment variable pattern in ${crossEnv.length} non-connectivity variable(s)`,
+                reasoning: `Detected non-connectivity variable(s) referencing a different environment: ${details}. ` +
+                    `These are lower risk than connectivity variables because they don't affect ` +
+                    `data routing. Proceeding with standard precedence.`,
+                context: {
+                    category: "cross-environment-non-connectivity",
+                    conflicts: crossEnv.map((d) => ({
+                        variable: d.conflict.variable,
+                        winnerValue: d.conflict.winnerValue,
+                        loserValue: d.conflict.loserValue,
+                    })),
+                },
+            });
+            deployment.debriefEntryIds.push(entry.id);
+        }
+        // Sensitive overrides
+        const sensitiveDetails = byCategory.get("sensitive");
+        if (sensitiveDetails) {
+            const entry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "variable-conflict",
+                decision: `Security-sensitive variable(s) overridden: ${sensitiveDetails.map((d) => d.conflict.variable).join(", ")}`,
+                reasoning: `${sensitiveDetails.length} variable(s) matching security-sensitive patterns ` +
+                    `(secrets, keys, tokens, credentials) are being overridden by higher-precedence ` +
+                    `levels. ${sensitiveDetails.map((d) => d.riskContribution).join("; ")}. ` +
+                    `Applying precedence rules as configured. These overrides are recorded for ` +
+                    `audit purposes.`,
+                context: {
+                    category: "sensitive-override",
+                    // Intentionally omit actual values for sensitive variables
+                    variables: sensitiveDetails.map((d) => ({
+                        variable: d.conflict.variable,
+                        overriddenBy: d.conflict.winner,
+                    })),
+                },
+            });
+            deployment.debriefEntryIds.push(entry.id);
+        }
+        // Standard overrides
+        const standardDetails = byCategory.get("standard");
+        if (standardDetails) {
+            const details = standardDetails
+                .map((d) => `${d.conflict.variable}: used ${d.conflict.winner} value ` +
+                `"${d.conflict.winnerValue}" over ${d.conflict.loserLevel} value ` +
+                `"${d.conflict.loserValue}"`)
+                .join("; ");
+            const entry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "variable-conflict",
+                decision: `Resolved ${standardDetails.length} variable conflict(s) via precedence rules`,
+                reasoning: `Standard precedence applied (trigger > partition > environment). ` +
+                    `Conflicts: ${details}. These are routine overrides consistent ` +
+                    `with the configuration hierarchy.`,
+                context: {
+                    category: "standard-override",
+                    conflicts: standardDetails.map((d) => ({
+                        variable: d.conflict.variable,
+                        winner: d.conflict.winner,
+                        winnerValue: d.conflict.winnerValue,
+                        loserLevel: d.conflict.loserLevel,
+                        loserValue: d.conflict.loserValue,
+                    })),
+                },
+            });
+            deployment.debriefEntryIds.push(entry.id);
+        }
+    }
+    /**
+     * Detect if a variable's winning value might reference the wrong environment.
+     */
+    detectCrossEnvironmentPattern(conflict, targetEnvName) {
+        const envPatterns = {
+            production: [/\bstag/i, /\bdev\b/i, /\btest\b/i],
+            staging: [/\bprod/i],
+            development: [/\bprod/i, /\bstag/i],
+        };
+        const patternsToCheck = envPatterns[targetEnvName.toLowerCase()];
+        if (!patternsToCheck)
+            return false;
+        return patternsToCheck.some((p) => p.test(conflict.winnerValue));
+    }
+    // -----------------------------------------------------------------------
+    // Pipeline step: pre-flight health check
+    // -----------------------------------------------------------------------
+    /**
+     * Pre-flight health check with context-dependent retry logic.
+     *
+     * The retry strategy depends on the error type:
+     *   - DNS failure → abort immediately (retrying won't fix infrastructure config)
+     *   - Timeout in production → retry with extended backoff (service under load)
+     *   - Connection refused → retry with standard backoff (process restarting)
+     *   - After retries exhausted → fail with environment-appropriate reasoning
+     */
+    async preflightHealthCheck(deployment, partition, environment, artifact) {
+        const serviceId = `${artifact.name}/${environment.name}`;
+        const opts = this.getEffectiveOptions();
+        const maxAttempts = opts.healthCheckRetries + 1;
+        let attempt = 1;
+        const firstCheck = await this.healthChecker.check(serviceId, {
+            partitionId: partition?.id ?? "",
+            environmentName: environment.name,
+        });
+        if (firstCheck.reachable) {
+            const entry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "health-check",
+                decision: `Proceeding with deployment — target environment "${environment.name}" confirmed healthy in ${firstCheck.responseTimeMs}ms`,
+                reasoning: `Health check to "${environment.name}" returned a successful response ` +
+                    `in ${firstCheck.responseTimeMs}ms on the first attempt. This confirms ` +
+                    `the target infrastructure is running and network-accessible. No reason ` +
+                    `to delay — proceeding to deployment execution.`,
+                context: {
+                    serviceId,
+                    responseTimeMs: firstCheck.responseTimeMs,
+                    attempt: 1,
+                },
+            });
+            deployment.debriefEntryIds.push(entry.id);
+            return;
+        }
+        // First check failed — reason about what to do
+        const decision = this.reasonAboutHealthFailure(firstCheck, environment, attempt, maxAttempts, opts);
+        if (decision.action === "abort") {
+            // Reasoning determined retrying won't help (e.g., DNS failure)
+            const abortEntry = this.debrief.record({
+                partitionId: deployment.partitionId ?? null,
+                deploymentId: deployment.id,
+                agent: "server",
+                decisionType: "health-check",
+                decision: "Pre-flight health check failed — aborting without retry",
+                reasoning: decision.reasoning,
+                context: {
+                    serviceId,
+                    error: firstCheck.error,
+                    errorCategory: this.categorizeError(firstCheck.error),
+                    attempt,
+                    retriesSkipped: true,
+                },
+            });
+            deployment.debriefEntryIds.push(abortEntry.id);
+            throw new OrchestrationError("preflight-health-check", `Target environment "${environment.name}" unreachable: ${firstCheck.error}`, decision.reasoning);
+        }
+        // Decision is to retry
+        const retryEntry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "health-check",
+            decision: "Pre-flight health check failed — attempting retry",
+            reasoning: decision.reasoning,
+            context: {
+                serviceId,
+                error: firstCheck.error,
+                errorCategory: this.categorizeError(firstCheck.error),
+                backoffMs: decision.delayMs,
+                retriesRemaining: maxAttempts - attempt,
+                attempt,
+            },
+        });
+        deployment.debriefEntryIds.push(retryEntry.id);
+        // Retry loop — each iteration re-evaluates the situation
+        for (let i = 0; i < opts.healthCheckRetries; i++) {
+            attempt++;
+            await this.delay(decision.delayMs);
+            const retryCheck = await this.healthChecker.check(serviceId, {
+                partitionId: partition?.id ?? "",
+                environmentName: environment.name,
+            });
+            if (retryCheck.reachable) {
+                const recoveryEntry = this.debrief.record({
+                    partitionId: deployment.partitionId ?? null,
+                    deploymentId: deployment.id,
+                    agent: "server",
+                    decisionType: "health-check",
+                    decision: "Health check recovered on retry — proceeding with deployment",
+                    reasoning: `Retry attempt ${i + 1} succeeded (response time: ` +
+                        `${retryCheck.responseTimeMs}ms). The initial failure was transient — ` +
+                        `likely caused by a brief service restart or momentary load spike. ` +
+                        `Target environment "${environment.name}" is now confirmed healthy. ` +
+                        `Proceeding with deployment.`,
+                    context: {
+                        serviceId,
+                        responseTimeMs: retryCheck.responseTimeMs,
+                        attempt,
+                        recoveredAfterMs: decision.delayMs * (i + 1),
+                    },
+                });
+                deployment.debriefEntryIds.push(recoveryEntry.id);
+                return;
+            }
+        }
+        // All retries exhausted — produce context-aware failure
+        const exhaustedDecision = this.reasonAboutHealthFailure(firstCheck, environment, maxAttempts, maxAttempts, opts);
+        throw new OrchestrationError("preflight-health-check", `Target environment "${environment.name}" unreachable after ${maxAttempts} attempt(s)`, exhaustedDecision.reasoning);
+    }
+    // -----------------------------------------------------------------------
+    // Reasoning: health check failure analysis
+    // -----------------------------------------------------------------------
+    /**
+     * Analyze a health check failure and decide what to do.
+     *
+     * The decision depends on three factors:
+     *   1. Error type (DNS vs timeout vs connection refused vs server error)
+     *   2. Environment context (production gets more patience)
+     *   3. Whether retries remain
+     *
+     * Different factor combinations produce different actions:
+     *   - DNS failure → abort immediately regardless of retries remaining
+     *   - Timeout + production + retries remaining → retry with extended backoff
+     *   - Connection refused + retries remaining → retry with standard backoff
+     *   - Any error + no retries remaining → abort with environment-specific message
+     */
+    reasonAboutHealthFailure(checkResult, environment, attempt, maxAttempts, opts = this.options) {
+        const errorCategory = this.categorizeError(checkResult.error);
+        const isProduction = environment.name.toLowerCase() === "production";
+        const retriesRemaining = maxAttempts - attempt;
+        // DNS failures are infrastructure-level — retrying won't help
+        if (errorCategory === "dns") {
+            return {
+                action: "abort",
+                delayMs: 0,
+                reasoning: `DNS resolution failed for "${environment.name}" (${checkResult.error}). ` +
+                    `This is an infrastructure configuration issue, not a transient failure — ` +
+                    `retrying will not resolve it. The environment's hostname cannot be resolved, ` +
+                    `which typically indicates the service has not been provisioned or DNS records ` +
+                    `are misconfigured. Recommended action: verify DNS configuration for the ` +
+                    `target environment.`,
+            };
+        }
+        // No retries remaining — produce context-aware abort
+        if (retriesRemaining <= 0) {
+            const envContext = isProduction
+                ? `This is a production environment — deploying to unreachable production ` +
+                    `infrastructure would create a silent failure with no running service ` +
+                    `to handle traffic.`
+                : `Aborting to prevent deploying artifacts to infrastructure that ` +
+                    `cannot serve them.`;
+            return {
+                action: "abort",
+                delayMs: 0,
+                reasoning: `${attempt} health check attempt(s) to "${environment.name}" all failed ` +
+                    `(error: ${checkResult.error ?? "service unreachable"}, ` +
+                    `category: ${errorCategory}). Consecutive failures indicate a persistent ` +
+                    `infrastructure issue rather than a transient glitch. ${envContext} ` +
+                    `Recommended action: verify the target environment's infrastructure is ` +
+                    `running and network-accessible, then re-trigger the deployment.`,
+            };
+        }
+        // Timeout in production → extended backoff (service may be under load)
+        if (errorCategory === "timeout" && isProduction) {
+            const extendedDelay = opts.healthCheckBackoffMs * 2;
+            return {
+                action: "retry",
+                delayMs: extendedDelay,
+                reasoning: `Health check to production environment "${environment.name}" timed out ` +
+                    `(${checkResult.error}). Production services under heavy load may respond ` +
+                    `slowly rather than refusing connections outright. Using extended backoff ` +
+                    `(${extendedDelay}ms instead of ${opts.healthCheckBackoffMs}ms) ` +
+                    `to allow the service time to recover before retrying. ` +
+                    `${retriesRemaining} retry attempt(s) remaining.`,
+            };
+        }
+        // Server error (5xx) → the service is running but unhealthy
+        if (errorCategory === "server_error") {
+            return {
+                action: "retry",
+                delayMs: opts.healthCheckBackoffMs,
+                reasoning: `Health check to "${environment.name}" returned a server error ` +
+                    `(${checkResult.error}). The service is running and network-reachable ` +
+                    `but reporting unhealthy status — this could be a transient condition ` +
+                    `during startup or a cascading failure from an upstream dependency. ` +
+                    `Retrying in ${opts.healthCheckBackoffMs}ms. ` +
+                    `${retriesRemaining} retry attempt(s) remaining.`,
+            };
+        }
+        // Connection refused or unknown → standard retry
+        return {
+            action: "retry",
+            delayMs: opts.healthCheckBackoffMs,
+            reasoning: `Health check to "${environment.name}" failed ` +
+                `(${checkResult.error ?? "service unreachable"}, category: ${errorCategory}). ` +
+                `The service process may be restarting or not yet started. ` +
+                `Retrying in ${opts.healthCheckBackoffMs}ms. ` +
+                `${retriesRemaining} retry attempt(s) remaining.`,
+        };
+    }
+    /**
+     * Categorize a health check error string into a semantic type.
+     * This drives the retry/abort decision tree.
+     */
+    categorizeError(error) {
+        if (!error)
+            return "unknown";
+        const lower = error.toLowerCase();
+        if (lower.includes("dns") ||
+            lower.includes("enotfound") ||
+            lower.includes("getaddrinfo"))
+            return "dns";
+        if (lower.includes("timeout") ||
+            lower.includes("etimedout") ||
+            lower.includes("timed out"))
+            return "timeout";
+        if (lower.includes("econnrefused") ||
+            lower.includes("connection refused"))
+            return "connection_refused";
+        if (lower.includes("500") ||
+            lower.includes("502") ||
+            lower.includes("503"))
+            return "server_error";
+        return "unknown";
+    }
+    // -----------------------------------------------------------------------
+    // Pipeline steps: execute and verify
+    // -----------------------------------------------------------------------
+    async executeDeployment(deployment, partition, environment, artifact) {
+        const envoyConfig = this.settingsReader?.get().envoy;
+        // When a settingsReader is present (production), Command delegates all
+        // execution to Envoy. If Envoy is unreachable, the deployment fails
+        // explicitly — no silent local fallback.
+        if (this.settingsReader) {
+            if (!envoyConfig?.url) {
+                throw new OrchestrationError("execute-deployment", "No Envoy configured — cannot execute deployment", `Command cannot execute deployment steps locally. An Envoy must be configured ` +
+                    `and reachable to run deployments. Configure an Envoy URL in settings ` +
+                    `(Settings → envoy.url) and ensure the Envoy is running and healthy.`);
+            }
+            await this.delegateToEnvoy(deployment, partition, environment, artifact, envoyConfig);
+            return true;
+        }
+        // No settingsReader configured — execution skipped (test/offline environment)
+        const execEntry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "deployment-execution",
+            decision: `Skipped Envoy delegation for ${artifact.name} v${deployment.version} — no settings reader configured`,
+            reasoning: `No settings reader is configured in this environment, so Envoy delegation was skipped. ` +
+                `${Object.keys(deployment.variables).length} variable(s) were resolved but not injected.`,
+            context: {
+                step: "execute-deployment",
+                envoySkipped: true,
+                variableCount: Object.keys(deployment.variables).length,
+            },
+        });
+        deployment.debriefEntryIds.push(execEntry.id);
+        return false;
+    }
+    /**
+     * Delegate deployment execution to the configured Envoy.
+     * Throws OrchestrationError if the Envoy is unreachable or reports failure.
+     */
+    async delegateToEnvoy(deployment, partition, environment, artifact, envoyConfig) {
+        const client = new EnvoyClient(envoyConfig.url, envoyConfig.timeoutMs);
+        // Pre-flight: check if the Envoy is healthy before delegating
+        try {
+            const health = await client.checkHealth();
+            if (health.status !== "healthy" || !health.readiness.ready) {
+                throw new OrchestrationError("execute-deployment", `Envoy at ${envoyConfig.url} is not ready (${health.status}: ${health.readiness.reason})`, `Deployment cannot proceed because the Envoy at ${envoyConfig.url} reports ` +
+                    `status "${health.status}" with readiness: "${health.readiness.reason}". ` +
+                    `The target machine's Envoy must be healthy before deployments can run. ` +
+                    `Check the Envoy process, then re-trigger the deployment.`);
+            }
+        }
+        catch (err) {
+            if (err instanceof OrchestrationError)
+                throw err;
+            const message = err instanceof Error ? err.message : String(err);
+            throw new OrchestrationError("execute-deployment", `Envoy at ${envoyConfig.url} is unreachable: ${message}`, `Deployment cannot proceed because the Envoy at ${envoyConfig.url} is not responding: ${message}. ` +
+                `Command does not execute deployment steps locally — an Envoy must be running on the target machine. ` +
+                `Verify the Envoy process is running, check network connectivity, then re-trigger the deployment.`);
+        }
+        // Envoy is healthy — delegate the deployment
+        const delegateEntry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "deployment-execution",
+            decision: `Delegating execution of ${artifact.name} v${deployment.version} to Envoy at ${envoyConfig.url}`,
+            reasoning: `Envoy at ${envoyConfig.url} is healthy and ready. Delegating full deployment ` +
+                `execution for "${artifact.name}" v${deployment.version} on "${environment.name}"` +
+                (partition ? ` for partition "${partition.name}"` : "") +
+                `. The Envoy will execute all steps, verify artifacts, ` +
+                `and return debrief entries for ingestion into Command's unified decision diary.`,
+            context: {
+                step: "execute-deployment",
+                envoyUrl: envoyConfig.url,
+                delegated: true,
+            },
+        });
+        deployment.debriefEntryIds.push(delegateEntry.id);
+        let envoyResult;
+        try {
+            // Construct progress callback URL so the envoy can stream execution events back
+            const commandPort = parseInt(process.env.PORT ?? "9410", 10);
+            const commandHost = process.env.SYNTH_COMMAND_HOST ?? "localhost";
+            const progressCallbackUrl = `http://${commandHost}:${commandPort}/api/deployments/${deployment.id}/progress`;
+            envoyResult = await client.deploy({
+                deploymentId: deployment.id,
+                partitionId: deployment.partitionId ?? "",
+                environmentId: deployment.environmentId ?? "",
+                operationId: deployment.artifactId, // Envoy still uses operationId in its API
+                version: deployment.version,
+                variables: deployment.variables,
+                environmentName: environment.name,
+                partitionName: partition?.name ?? "",
+                progressCallbackUrl,
+            });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            throw new OrchestrationError("execute-deployment", `Envoy delegation failed: ${message}`, `Command delegated deployment to Envoy at ${envoyConfig.url} but the request failed: ${message}. ` +
+                `The Envoy may have gone down during execution. The deployment state on the Envoy is unknown — ` +
+                `check the Envoy's health and local state before re-triggering.`);
+        }
+        // Ingest debrief entries from the Envoy into Command's unified diary
+        if (envoyResult.debriefEntries && envoyResult.debriefEntries.length > 0) {
+            for (const entry of envoyResult.debriefEntries) {
+                const ingested = this.debrief.record({
+                    partitionId: entry.partitionId ?? deployment.partitionId ?? null,
+                    deploymentId: entry.deploymentId ?? deployment.id,
+                    agent: entry.agent,
+                    decisionType: entry.decisionType,
+                    decision: entry.decision,
+                    reasoning: entry.reasoning,
+                    context: {
+                        ...entry.context,
+                        _envoyDelegation: {
+                            envoyUrl: envoyConfig.url,
+                            originalEntryId: entry.id,
+                            originalTimestamp: entry.timestamp,
+                        },
+                    },
+                });
+                deployment.debriefEntryIds.push(ingested.id);
+            }
+        }
+        // Handle Envoy result
+        if (!envoyResult.success) {
+            const reason = envoyResult.failureReason ?? "Envoy reported deployment failure with no reason";
+            throw new OrchestrationError("execute-deployment", `Envoy deployment failed: ${reason}`, `Deployment was delegated to Envoy at ${envoyConfig.url}. The Envoy executed the deployment ` +
+                `and reported failure: ${reason}. ` +
+                `Execution took ${envoyResult.executionDurationMs}ms. ` +
+                `${envoyResult.debriefEntries?.length ?? 0} debrief entries were ingested from the Envoy. ` +
+                `Check the Envoy debrief entries above for detailed step-by-step reasoning about the failure.`);
+        }
+        // Record successful delegation completion
+        const completionEntry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "deployment-execution",
+            decision: `Envoy completed deployment successfully in ${envoyResult.executionDurationMs}ms — ${envoyResult.artifacts.length} artifact(s) produced`,
+            reasoning: `Envoy at ${envoyConfig.url} executed all deployment steps and verification checks successfully. ` +
+                `Execution: ${envoyResult.executionDurationMs}ms, total: ${envoyResult.totalDurationMs}ms. ` +
+                `Artifacts: ${envoyResult.artifacts.length > 0 ? envoyResult.artifacts.join(", ") : "none"}. ` +
+                `Verification: ${envoyResult.verificationPassed ? "passed" : "skipped"} ` +
+                `(${envoyResult.verificationChecks.length} check(s)). ` +
+                `${envoyResult.debriefEntries?.length ?? 0} debrief entries ingested into Command's unified diary.`,
+            context: {
+                step: "execute-deployment",
+                envoyUrl: envoyConfig.url,
+                delegated: true,
+                executionDurationMs: envoyResult.executionDurationMs,
+                totalDurationMs: envoyResult.totalDurationMs,
+                artifactCount: envoyResult.artifacts.length,
+                verificationPassed: envoyResult.verificationPassed,
+                debriefEntriesIngested: envoyResult.debriefEntries?.length ?? 0,
+            },
+        });
+        deployment.debriefEntryIds.push(completionEntry.id);
+    }
+    async postDeployVerify(deployment, partition, environment, artifact) {
+        const entry = this.debrief.record({
+            partitionId: deployment.partitionId ?? null,
+            deploymentId: deployment.id,
+            agent: "server",
+            decisionType: "deployment-verification",
+            decision: `Post-deploy verification skipped for ${artifact.name} v${deployment.version} — no Envoy configured`,
+            reasoning: `No Envoy is configured in this environment, so post-deploy verification was skipped. ` +
+                `Configure an Envoy to enable real verification of "${artifact.name}" v${deployment.version} on "${environment.name}".`,
+            context: {
+                step: "post-deploy-verify",
+                envoySkipped: true,
+                variableCount: Object.keys(deployment.variables).length,
+                artifactName: artifact.name,
+                version: deployment.version,
+            },
+        });
+        deployment.debriefEntryIds.push(entry.id);
+    }
+    // -----------------------------------------------------------------------
+    // Utilities
+    // -----------------------------------------------------------------------
+    delay(ms) {
+        return new Promise((resolve) => setTimeout(resolve, ms));
+    }
+}
+// ---------------------------------------------------------------------------
+// In-memory deployment store
+// ---------------------------------------------------------------------------
+export class InMemoryDeploymentStore {
+    deployments = new Map();
+    save(deployment) {
+        this.deployments.set(deployment.id, deployment);
+    }
+    get(id) {
+        return this.deployments.get(id);
+    }
+    getByPartition(partitionId) {
+        return [...this.deployments.values()].filter((d) => d.partitionId === partitionId);
+    }
+    getByArtifact(artifactId) {
+        return [...this.deployments.values()].filter((d) => d.artifactId === artifactId);
+    }
+    list() {
+        return [...this.deployments.values()];
+    }
+    countByEnvironment(envId, since) {
+        return [...this.deployments.values()].filter((d) => d.environmentId === envId && new Date(d.createdAt).getTime() >= since.getTime()).length;
+    }
+    findByArtifactVersion(artifactId, version, status) {
+        return [...this.deployments.values()].filter((d) => d.artifactId === artifactId &&
+            d.version === version &&
+            (!status || d.status === status));
+    }
+    findRecentByArtifact(artifactId, since, status) {
+        return [...this.deployments.values()]
+            .filter((d) => d.artifactId === artifactId &&
+            new Date(d.createdAt).getTime() >= since.getTime() &&
+            (!status || d.status === status))
+            .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
+    }
+    findLatestByEnvironment(envId) {
+        return [...this.deployments.values()]
+            .filter((d) => d.environmentId === envId)
+            .sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime())[0];
+    }
+}
+//# sourceMappingURL=synth-agent.js.map