Step 4 — IaC Plan
Purpose
Section titled “Purpose”Produce a comprehensive, machine-readable implementation plan that selects Azure Verified Modules, pins versions, maps governance constraints onto module inputs, and lays out the phased deployment graph.
05-IaC Planner
— track-aware (Bicep or Terraform via decisions.iac_tool).
Invocation
Section titled “Invocation”Invoke: Ctrl+Shift+A → 05-IaC PlannerOutput: agent-output/{project}/04-implementation-plan.md agent-output/{project}/04-dependency-diagram.py and .png agent-output/{project}/04-runtime-diagram.py and .pngPrerequisites
Section titled “Prerequisites”04-governance-constraints.{md,json}from Step 3.5 —discovery_status: "COMPLETE"with a valid policy array (empty is acceptable when no Deny effects exist for scope).sku-manifest.jsonrevised through Step 2.
The planner halts and asks the user to refresh governance if those preconditions fail.
What gets produced
Section titled “What gets produced”- AVM module selection — Bicep:
br/public:avm/res/…; Terraform: AVM-TF registry. - Resource dependency map.
- CAF naming validation.
- Phased implementation graph (network → identity → data → compute → app).
- Step 4 diagrams auto-generated alongside the plan.
Review
Section titled “Review”1 × comprehensive adversarial pass (mandatory). decisions.review_depth = "deep" opts in to a
multi-pass rotating-lens review.
Hand-off
Section titled “Hand-off”The Orchestrator routes context to Step 5 — IaC Code.