Enhance ComboHandler and orchestrator functionality with access control and error handling improvements

- Added AccessControl to ComboHandler for role-based access management.
- Implemented gas estimation for plan execution and improved gas limit checks.
- Updated execution and preparation methods to enforce step count limits and role restrictions.
- Enhanced error handling in orchestrator API endpoints with AppError for better validation feedback.
- Integrated request timeout middleware for improved request management.
- Updated Swagger documentation to reflect new API structure and parameters.

contracts/UpgradeableHandler.sol

@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.20;
+
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
+import "./interfaces/IComboHandler.sol";
+
+/**
+ * @title UpgradeableComboHandler
+ * @notice Upgradeable version of ComboHandler with timelock
+ * @dev Uses UUPS upgrade pattern with timelock protection
+ */
+contract UpgradeableComboHandler is 
+    Initializable,
+    UUPSUpgradeable,
+    AccessControlUpgradeable,
+    ReentrancyGuardUpgradeable,
+    PausableUpgradeable
+{
+    bytes32 public constant UPGRADER_ROLE = keccak256("UPGRADER_ROLE");
+    bytes32 public constant PAUSER_ROLE = keccak256("PAUSER_ROLE");
+
+    uint256 public upgradeTimelock;
+    uint256 public pendingUpgradeTime;
+    address public pendingUpgradeImplementation;
+
+    function initialize(address admin) public initializer {
+        __AccessControl_init();
+        __ReentrancyGuard_init();
+        __Pausable_init();
+        __UUPSUpgradeable_init();
+
+        _grantRole(DEFAULT_ADMIN_ROLE, admin);
+        _grantRole(UPGRADER_ROLE, admin);
+        _grantRole(PAUSER_ROLE, admin);
+
+        upgradeTimelock = 7 days; // 7 day timelock for upgrades
+    }
+
+    function _authorizeUpgrade(address newImplementation) internal override onlyRole(UPGRADER_ROLE) {
+        require(
+            pendingUpgradeImplementation == newImplementation &&
+            block.timestamp >= pendingUpgradeTime,
+            "Upgrade not scheduled or timelock not expired"
+        );
+        
+        // Clear pending upgrade
+        pendingUpgradeImplementation = address(0);
+        pendingUpgradeTime = 0;
+    }
+
+    /**
+     * @notice Schedule an upgrade (requires timelock)
+     */
+    function scheduleUpgrade(address newImplementation) external onlyRole(UPGRADER_ROLE) {
+        pendingUpgradeImplementation = newImplementation;
+        pendingUpgradeTime = block.timestamp + upgradeTimelock;
+    }
+
+    /**
+     * @notice Cancel scheduled upgrade
+     */
+    function cancelUpgrade() external onlyRole(UPGRADER_ROLE) {
+        pendingUpgradeImplementation = address(0);
+        pendingUpgradeTime = 0;
+    }
+
+    /**
+     * @notice Pause contract (emergency only)
+     */
+    function pause() external onlyRole(PAUSER_ROLE) {
+        _pause();
+    }
+
+    /**
+     * @notice Unpause contract
+     */
+    function unpause() external onlyRole(PAUSER_ROLE) {
+        _unpause();
+    }
+}
+