# ansible - Doramagic AI Context Pack

> Positioning: a pre-install experience and judgment asset. It helps the host AI get off to a good start, but it does not mean the project has already been installed, run, or validated.

## Sufficiency Principle

- **Sufficiency over compression**: The AI Context Pack should be sufficient for the host AI to understand the project's value, capability boundaries, entrypoints, risks, and evidence sources before starting work; it may be layered, but it does not aim for the shortest possible summary.
- **Compression policy**: Compress only noise and duplication, never context that affects judgment or the quality of the work.

## How the Host AI Should Use This

You are reading the AI Context Pack that Doramagic compiled for ansible. Treat it as pre-work context: help the user understand who it fits, what it can do, how to start, what must be verified after install, and where the risks are. Do not claim that you have already installed, run, or executed the target project.

## Claim Consumption Rules

- **Fact source**: Repo Evidence + Claim/Evidence Graph; the Human Wiki only supplies salience, terminology, and narrative structure.
- **Minimum status for a fact**: `supported`
- `supported`: May be used as a project fact, but the answer must cite the claim_id and evidence path.
- `weak`: Usable only as a low-confidence lead; the user must be asked to keep verifying.
- `inferred`: Usable only for risk notes or open questions; must not be packaged as a project fact.
- `unverified`: Must not be used as fact; state clearly that evidence is insufficient.
- `contradicted`: Must show the conflicting sources and must not force a single version on the user's behalf.

## Who It Fits Best

- **Users who want to bring professional workflows into a host AI**: The repo contains Skill documents. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim: `clm_0003` supported 0.86

## What It Can Do

- **AI Skill / Agent Instruction Asset Library** (Previewable before install): The project contains Skill or Agent instruction files that a host AI can read, useful for bringing professional workflows into hosts like Claude, Codex, or Cursor. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim: `clm_0001` supported 0.86
- **Command-Line Startup or Install Flow** (Verify after install): The project documentation contains runnable commands; real use requires running them in a local or host environment. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al. Claim: `clm_0002` supported 0.86

## How to Start

- `pip install -e .` Evidence: `context/dev-environment.md` Claim: `clm_0004` unverified 0.25, `clm_0013` unverified 0.25
- `pip install -r requirements.txt` Evidence: `hacking/README.md` Claim: `clm_0005` supported 0.86
- `pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check` Evidence: `.azure-pipelines/scripts/report-coverage.sh` Claim: `clm_0006` unverified 0.25
- `git clone --bare "${galaxy_local_test_role_git_repo}" "${galaxy_local_test_role_http_repo}"` Evidence: `test/integration/targets/ansible-galaxy/runme.sh` Claim: `clm_0007` unverified 0.25
- `git clone "${galaxy_local_test_role_git_repo}" "${galaxy_local_test_role}"` Evidence: `test/integration/targets/ansible-galaxy/runme.sh` Claim: `clm_0008` unverified 0.25
- `pip install "${base_dir}" --disable-pip-version-check --no-deps` Evidence: `test/integration/targets/ansible-test-installed/runme.sh` Claim: `clm_0009` unverified 0.25
- `pip install tomli` Evidence: `test/integration/targets/ansible-vault/runme.sh` Claim: `clm_0010` unverified 0.25
- `pip install pexpect==4.9.0 passlib==1.7.4` Evidence: `test/integration/targets/builtin_vars_prompt/runme.sh` Claim: `clm_0011` unverified 0.25
- `pip install pexpect==4.9.0` Evidence: `test/integration/targets/debugger/runme.sh` Claim: `clm_0011` unverified 0.25, `clm_0012` unverified 0.25
- `pip install -e "${base_dir}" "${pip_options[@]}"` Evidence: `test/integration/targets/entry_points/runme.sh` Claim: `clm_0013` unverified 0.25

## Continue-or-Stop Decision Card

- **Current recommendation**: Sandbox trial only
- **Why**: The project has signals of install commands, host configuration, or local writes; do not go straight into your primary environment—trial it in isolation first.

### 30-Second Read

- **What to do now**: Sandbox trial only
- **Minimum safe next step**: Run Prompt Preview first; if you still want to install, trial only in an isolated environment
- **Do not trust yet**: Real output quality cannot be trusted before install.
- **Continuing will touch**: Command execution, Host AI configuration, Local environment or project files

### What You Can Trust Now

- **Target-audience signal: Users who want to bring professional workflows into a host AI** (supported): Backed by a supported claim or project evidence, but that still is not the same as real install results. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim: `clm_0003` supported 0.86
- **Capability exists: AI Skill / Agent Instruction Asset Library** (supported): You can trust that the project contains signals of this capability; whether it fits your specific task still needs trial or after-install verification. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim: `clm_0001` supported 0.86
- **Capability exists: Command-Line Startup or Install Flow** (supported): You can trust that the project contains signals of this capability; whether it fits your specific task still needs trial or after-install verification. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al. Claim: `clm_0002` supported 0.86
- **There are Quick Start / install-command signals** (supported): You can trust that the docs mention a startup or install entrypoint; do not run it directly in your primary environment because of that. Evidence: `hacking/README.md` Claim: `clm_0005` supported 0.86

### What You Cannot Trust Yet

- **Real output quality cannot be trusted before install.** (unverified): Prompt Preview can only show how it guides you; it cannot prove result quality in the real project.
- **Host AI version compatibility cannot be trusted before install.** (unverified): Host loading rules and version differences across Claude, Cursor, Codex, Gemini, and others must be verified in a real environment.
- **That it will not pollute your existing host AI's behavior cannot be trusted directly.** (inferred): Skill, plugin, and AGENTS/CLAUDE/GEMINI instructions may change the host AI's default behavior. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md`, `AGENTS.md` et al.
- **Safe rollback cannot be assumed by default.** (unverified): Unless the project clearly provides uninstall and recovery instructions, verify in an isolated environment first.
- **After a real install, is it compatible with the user's current host AI version?** (unverified): Compatibility can only be verified in the actual host environment.
- **Does the project's output quality meet the user's specific task?** (unverified): The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **Do the install commands require network access, permissions, or global writes?** (unverified): This affects install risk in both enterprise and personal environments. Evidence: `context/dev-environment.md`

### What Continuing Will Touch

- **Command execution**: Package managers, network downloads, the local plugin directory, project config, or the user's home directory. Why: Running the very first command can already change your environment; decide whether it is worth running first. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al.
- **Host AI configuration**: The plugin, Skill, or rule-loading config of hosts like Claude/Codex/Cursor/Gemini/OpenCode. Why: Host configuration changes how the AI works afterward and may conflict with the user's existing rules. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md`, `AGENTS.md` et al.
- **Local environment or project files**: Install results, plugin caches, project config, or local dependency directories. Why: The write scope and rollback path cannot be proven before install and need isolated verification. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al.
- **Host AI context**: The AI Context Pack, Prompt Preview, Skill routing, risk rules, and project facts. Why: Importing context affects the host AI's later judgment, so avoid packaging unverified items as facts.

### Minimum Safe Next Steps

- **Run Prompt Preview first**: Use a pre-install interactive trial to judge whether the way of working fits; it needs no authorization or environment change. (applies when: Applies to any project, especially when output quality is unknown.)
- **Trial-install only in an isolated directory or a test account**: Avoid letting install commands pollute your primary host AI, real projects, or home directory. (applies when: When there are signals of command execution, plugin config, or local writes.)
- **Back up your host AI configuration first**: Skill, plugin, and rule files may change the default behavior of Claude/Cursor/Codex. (applies when: When there is a plugin manifest, a Skill, or a host rule entrypoint.)
- **After install, verify just one minimal task**: Verify loading, compatibility, output quality, and rollback first, then decide whether to use it deeply. (applies when: When moving from a trial into a real workflow.)

### Exit Plan

- **Preserve the pre-install state**: Record the original host config and project state so you can later judge whether it is recoverable.
- **Be ready to remove the host plugin / Skill / rule entrypoint**: If behavior is off after the trial install, you can restore the host AI to its pre-trial state.
- **Record the install commands and written paths**: Without clear uninstall instructions, you at least need to know which directories or configs to clean up manually.
- **If there is no rollback path, do not enter your primary environment**: No rollback is a blocker before continuing; do not proceed on trust or luck.

## What Can Only Be Previewed

- Explain who the project fits and what it can do
- Demonstrate a typical conversation flow based on project docs
- Help the user decide whether it is worth installing or researching further

## What Must Be Verified After Install

- Actually installing the Skill, plugin, or CLI
- Running scripts, modifying local files, or accessing external services
- Verifying real output quality, performance, and compatibility

## Boundary & Risk Decision Card

- **Mistaking the pre-install preview for a real run**: The user may overestimate how much configuration, permission, and compatibility verification the project has already done. Mitigation: Clearly separate prompt_preview_can_do from runtime_required. Claim: `clm_0018` inferred 0.45
- **Command execution will modify the local environment**: Install commands may write to the user's home directory, the host plugin directory, or project configuration. Mitigation: Run in an isolated environment or a test account first. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al. Claim: `clm_0019` supported 0.86
- **To confirm**: After a real install, is it compatible with the user's current host AI version?. Why: Compatibility can only be verified in the actual host environment.
- **To confirm**: Does the project's output quality meet the user's specific task?. Why: The pre-install preview can only show flow and boundaries; it cannot replace real evaluation.
- **To confirm**: Do the install commands require network access, permissions, or global writes?. Why: This affects install risk in both enterprise and personal environments.

## Pre-Work Working Context

### Loading Order

- First read how_to_use.host_ai_instruction to establish the boundaries of this pre-install judgment asset.
- Read claim_graph_summary to confirm facts come from the Claim/Evidence Graph, not the Human Wiki narrative.
- Then read intended_users, capabilities, and quick_start_candidates to judge whether the user is a match.
- When you need to carry out a concrete task, check role_skill_index first, then evidence_index.
- For real install, file modification, network access, performance, or compatibility questions, turn to risk_card and boundaries.runtime_required.

### Task Routes

- **AI Skill / Agent Instruction Asset Library**: Use role_skill_index / evidence_index to help the user pick a usable role, Skill, or workflow first. Boundary: Can be experienced via a pre-install Prompt. Evidence: `.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim: `clm_0001` supported 0.86
- **Command-Line Startup or Install Flow**: State that this is an after-install capability first, then give a pre-install checklist. Boundary: Must be verified after a real install or run. Evidence: `.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` et al. Claim: `clm_0002` supported 0.86

### Context Scale

- Total files: 5677
- Important-file coverage: 40/5677
- Evidence index entries: 55
- Role / Skill entries: 3

### Handling Insufficient Evidence

- **missing_evidence**: State that evidence is insufficient and ask the user for the target file, a README section, or after-install verification records; do not fill in facts.
- **out_of_scope_request**: State that the task is beyond the current AI Context Pack's evidence scope and suggest the user check the Human Manual or verify after a real install.
- **runtime_request**: Provide a pre-install checklist and command sources, but do not run commands for the user or claim they have been run.
- **source_conflict**: Show the conflicting sources side by side, mark them as unverified, and do not force a single version.

## Prompt Recipes

### Fit assessment

- Goal: Judge whether this project fits the user's current task.
- Expected output: A fit conclusion, key reasons, evidence citations, what can be previewed before install, what must be verified after install, and a next-step recommendation.

```text
Based on the AI Context Pack for ansible, ask me 3 necessary questions first, then judge whether it fits my task. The answer must cover: who it fits, what it can do, what it cannot do, whether it is worth installing, and where the evidence comes from. Every project fact must cite evidence_refs, source_paths, or a claim_id.
```

### Pre-install experience

- Goal: Let the user feel the core workflow before installing, while avoiding packaging the preview as real capability or a marketing promise.
- Expected output: An experience script with boundary labels, an after-install verification checklist, and a cautious recommendation; with no real-run promises or strong marketing language.

```text
Treat ansible as a pre-install experience asset, not an already-installed tool or a real runtime environment.

Output exactly four parts:
1. Ask me 3 necessary questions first.
2. Give an "experience script": use the three labels [Previewable before install], [Must verify after install], and [Insufficient evidence] to show how it might guide the workflow.
3. Give an after-install verification checklist: list which capabilities can only be confirmed after a real install, real host loading, and a real project run.
4. Give a cautious recommendation: only "worth researching/trialing further", "add information before deciding", or "not recommended to continue"; do not endorse the project.

Hard boundaries:
- Do not claim you have installed, run, executed tests, modified files, or produced real results.
- Do not write promise-like phrasing such as "auto-adapts", "guarantees passing", "perfect fit", or "strongly recommend installing".
- If you describe how it works after install, you must use a conditional such as "if installed successfully and the host loads the Skill correctly, it might...".
- The experience script may only be written as "example lines / hypothetical flow": use "might ask / might suggest / might show", not "has written, has generated, has passed, is running, is generating".
- Prompt Preview does not hand out install commands; if the user is ready to trial, only prompt them to read Quick Start and the Risk Card first and to verify in an isolated environment.
- Every project fact must come from a supported claim, evidence_refs, or source_paths; inferred/unverified items can only be risks or open questions.

```

### Role / Skill selection

- Goal: Pick the best-matching asset from the project's roles or Skills.
- Expected output: A list of candidate roles or Skills, each with an applicable scenario, evidence paths, risk boundary, and whether after-install verification is needed.

```text
Read role_skill_index and recommend 3-5 of the most relevant roles or Skills for my target task. For each recommendation, state the applicable scenario, likely output, risk boundary, and evidence_refs.
```

### Risk pre-check

- Goal: Identify environment, permission, rule-conflict, and quality risks before installing or adopting.
- Expected output: A checklist of environment, permission, dependency, license, host-conflict, quality risk, and unknown items.

```text
Based on risk_card, boundaries, and quick_start_candidates, give me a pre-install risk pre-check list. Do not run commands for me; only explain what I should check, why, and what impact a failure would have.
```

### Host AI kickoff instruction

- Goal: Turn the project context into a host AI instruction for the start of a conversation.
- Expected output: A pre-work instruction with clear boundaries and clear evidence citations, suitable to copy to a host AI.

```text
Based on the AI Context Pack for ansible, generate a pre-work instruction I can paste to my host AI. This instruction must obey not_runtime=true and must not claim the project has been installed, run, or produced real results.
```

## Role / Skill Index

- Indexed 3 role / Skill / project-doc entries.

- **azp-logs** (skill): Download Azure Pipelines CI logs for analysis Activation hint: When the user's task is highly relevant to the workflow described by “azp-logs”, use it for a pre-install experience first, then decide whether to install. Evidence: `.claude/skills/azp-logs/SKILL.md`
- **context** (skill): Load Ansible project development guidelines, testing conventions, PR review processes, and code structure reference into context Activation hint: When the user's task is highly relevant to the workflow described by “context”, use it for a pre-install experience first, then decide whether to install. Evidence: `.claude/skills/context/SKILL.md`
- **review** (skill): Review an Ansible PR following the project's standardized process from CLAUDE.md Activation hint: When the user's task is highly relevant to the workflow described by “review”, use it for a pre-install experience first, then decide whether to install. Evidence: `.claude/skills/review/SKILL.md`

## Evidence Index

- Indexed 55 evidence entries.

- **Ansible** (documentation): ! PyPI version https://img.shields.io/pypi/v/ansible-core.svg https://pypi.org/project/ansible-core ! Docs badge https://img.shields.io/badge/docs-latest-brightgreen.svg https://docs.ansible.com/ansible/latest/ ! Chat badge https://img.shields.io/badge/chat-Matrix-brightgreen.svg https://docs.ansible.com/ansible/devel/community/communication.html real-time-chat ! Ansible forum https://img.shields.io/badge/forum-Ansible-orange.svg https://docs.ansible.com/ansible/devel/community/communication.html forum ! Build Status https://dev.azure.com/ansible/ansible/ apis/build/status/CI?branchName=devel https://dev.azure.com/ansible/ansible/ build/latest?definitionId=20&branchName=devel ! Ansible Code… Evidence: `README.md`
- **Readme** (documentation): As part of the release process a version-specific CHANGELOG-vX.Y.rst will be generated from fragments in the fragments directory. Evidence: `changelogs/README.md`
- **Context for Humans and Agents** (documentation): This directory contains information about developing ansible-core. It should be equally applicable to both humans and agents. Evidence: `context/README.md`
- **Readme** (documentation): 'Hacking' directory tools ========================= Evidence: `hacking/README.md`
- **Azure Pipelines Scripts** (documentation): This directory contains the following scripts: Evidence: `hacking/azp/README.md`
- **backport scripts** (documentation): This directory contains scripts useful for dealing with and maintaining backports. Scripts in it depend on pygithub, and expect a valid environment variable called GITHUB TOKEN . Evidence: `hacking/backport/README.md`
- **Readme** (documentation): This is a directory of common responses to save some typing when responding to GitHub tickets to avoid some carpal tunnel syndrome events as Ansible maintainers deal with the ticket influx. Evidence: `hacking/ticket_stubs/README.md`
- **Readme** (documentation): "Protomatter - an unstable substance which every ethical scientist in the galaxy has denounced as dangerously unpredictable." Evidence: `lib/ansible/_internal/ansible_collections/ansible/_protomatter/README.md`
- **Readme** (documentation): A brief description of the APB goes here. Evidence: `lib/ansible/galaxy/data/apb/README.md`
- **Role Name** (documentation): Adds a service to your Ansible Container https://github.com/ansible/ansible-container project. Run the following commands to install the service: Evidence: `lib/ansible/galaxy/data/container/README.md`
- **Readme** (documentation): A brief description of the role goes here. Evidence: `lib/ansible/galaxy/data/default/role/README.md`
- **Readme** (documentation): A brief description of the role goes here. Evidence: `lib/ansible/galaxy/data/network/README.md`
- **Readme** (documentation): This is a simple collection used to test failures with ansible-test sanity --test validate-modules . Evidence: `test/integration/targets/ansible-test-sanity-validate-modules/ansible_collections/ns/failure/README.md`
- **Readme** (documentation): This is a simple PowerShell-only collection used to verify that ansible-test works on a collection. Evidence: `test/integration/targets/ansible-test-sanity-validate-modules/ansible_collections/ns/ps_only/README.md`
- **Readme** (documentation): This is a simple collection used to verify that ansible-test works on a collection. Evidence: `test/integration/targets/ansible-test-sanity/ansible_collections/ns/col/README.md`
- **Readme** (documentation): Based on Evidence: `test/integration/targets/ansible-vault/invalid_format/README.md`
- **IMPORTANT** (documentation): Files under this directory are not actual plugins and modules used by Ansible and as such should not be modified . They are used for testing purposes only and are temporary . Evidence: `test/support/README.md`
- **Readme** (documentation): file is encrypted with password of 'test-encrypted-file-password' Evidence: `test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/README.md`
- **Readme** (documentation): A readme Evidence: `test/units/cli/test_data/collection_skeleton/README.md`
- **Readme** (documentation): A brief description of the role goes here. Evidence: `test/units/cli/test_data/role_skeleton/README.md`
- **AGENTS.md** (documentation): This file provides guidance to Claude Code claude.ai/code and other compatible agentic tools when working with code in this repository. Evidence: `AGENTS.md`
- **Claude** (documentation): - @AGENTS.md - @~/.claude/ansible.md - @CLAUDE.local.md Evidence: `CLAUDE.md`
- **Contributing** (documentation): Changes should be limited to what's necessary to solve the problem at hand. Avoid unrelated reformatting, refactoring, or style adjustments in the same change. Evidence: `context/contributing.md`
- **Find all errors and failures** (skill_instruction): Azure Pipelines Logs Downloader ================================ Evidence: `.claude/skills/azp-logs/SKILL.md`
- **System Instructions** (skill_instruction): When this skill is invoked, read the AGENTS.md file from the repository root @../../../AGENTS.md and load its content into context. This provides comprehensive Ansible development guidelines. Evidence: `.claude/skills/context/SKILL.md`
- **Skill** (skill_instruction): PR Review Command ================= Evidence: `.claude/skills/review/SKILL.md`
- **define cli** (source_file): target = sys.argv.pop 1 myclass = "%sCLI" % target.capitalize module name = f'ansible.cli.{target}' ⋮---- define cli mycli = getattr import module name, fromlist= myclass , myclass ⋮---- args = to text a, errors='surrogate or strict' for a in sys.argv ⋮---- cli = mycli args Evidence: `hacking/ansible-profile.py`
- **!/bin/sh** (source_file): !/bin/sh usage: source hacking/env-setup -q modifies environment for running Ansible from checkout Evidence: `hacking/env-setup`
- **!/usr/bin/env fish** (source_file): !/usr/bin/env fish Script: env-setup.fish Description: Modifies the environment for running Ansible from a checkout Usage: . ./hacking/env-setup -q Evidence: `hacking/env-setup.fish`
- **Report** (source_file): DATABASE PATH = os.path.expanduser '~/.ansible/report.db' BASE PATH = os.path.abspath os.path.join os.path.dirname os.path.abspath file , '..' + '/' ANSIBLE PATH = os.path.join BASE PATH, 'lib' ANSIBLE TEST PATH = os.path.join BASE PATH, 'test/lib' ⋮---- def main ⋮---- args = parse args ⋮---- def parse args ⋮---- argcomplete = None ⋮---- parser = argparse.ArgumentParser ⋮---- subparsers = parser.add subparsers metavar='COMMAND' ⋮---- populate = subparsers.add parser 'populate', ⋮---- query = subparsers.add parser 'query', ⋮---- args = parser.parse args ⋮---- def query database ⋮---- def populate database ⋮---- def populate modules ⋮---- module dir = os.path.join BASE PATH, 'lib/ansible/modu… Evidence: `hacking/report.py`
- **My Collection** (documentation): Welcome to my test collection doc for {{ namespace }}. Evidence: `test/units/cli/test_data/collection_skeleton/docs/My Collection.md`
- **Time Command** (source_file): def main ⋮---- start = time.time ⋮---- seconds = time.time - start Evidence: `.azure-pipelines/scripts/time-command.py`
- **Run** (source_file): argcomplete = None ⋮---- def main ⋮---- args = parse args ⋮---- key = os.environ.get 'AZP TOKEN', None ⋮---- def parse args ⋮---- parser = argparse.ArgumentParser description='Start a new CI run.' ⋮---- args = parser.parse args ⋮---- def start run args, key ⋮---- url = "https://dev.azure.com/ansible/ansible/ apis/pipelines/%s/runs?api-version=6.0-preview.1" % args.pipeline id payload = {"resources": {"repositories": {"self": {"refName": args.ref}}}} ⋮---- resp = requests.post url, auth=requests.auth.HTTPBasicAuth 'user', key , data=payload Evidence: `hacking/azp/run.py`
- **Main** (source_file): def short name name ⋮---- def main ⋮---- dist = distribution 'ansible-core' ep map = { short name ep.name : ep for ep in dist.entry points if ep.group == 'console scripts'} ⋮---- parser = argparse.ArgumentParser prog='python -m ansible', add help=False ⋮---- main = ep map args.entry point .load Evidence: `lib/ansible/__main__.py`
- **Init** (source_file): def get controller serialize map - dict type, t.Callable ⋮---- def import controller module module name: str, / - t.Any ⋮---- def setup - None Evidence: `lib/ansible/_internal/__init__.py`
- **Init** (source_file): sentinel = object ⋮---- class HasCurrent t.Protocol ⋮---- current: t.Any ⋮---- class StateTrackingMixIn HasCurrent ⋮---- def init self, args, kwargs - None ⋮---- def enter self - None ⋮---- def exit self, args, kwargs - None ⋮---- def get stack self - list t.Any ⋮---- class EncryptedStringBehavior enum.Enum ⋮---- PRESERVE = enum.auto ⋮---- DECRYPT = enum.auto ⋮---- REDACT = enum.auto ⋮---- FAIL = enum.auto ⋮---- class AnsibleVariableVisitor ⋮---- def enter self - t.Any ⋮---- def exit self, args, kwargs - t.Any ⋮---- def early visit self, value, value type - t.Any ⋮---- result = TrustedAsTemplate .tag value ⋮---- result = value ⋮---- result = sentinel ⋮---- def visit key self, key: t.Any - t… Evidence: `lib/ansible/_internal/_json/__init__.py`
- **Init** (source_file): jinja2 version = importlib.metadata.version 'jinja2' ⋮---- MINIMUM JINJA VERSION = 3, 1 CURRENT JINJA VERSION = tuple map int, jinja2 version.split '.', maxsplit=2 :2 Evidence: `lib/ansible/_internal/_templating/__init__.py`
- **Loader** (source_file): class Parser CParser ⋮---- def init self, stream: str bytes io.IOBase - None ⋮---- stream = AnsibleTagHelper.untag stream ⋮---- class Parser Reader, Scanner, Parser, Composer ⋮---- class YamlParser Parser ⋮---- class AnsibleInstrumentedLoader YamlParser, AnsibleInstrumentedConstructor, Resolver ⋮---- class AnsibleLoader YamlParser, AnsibleConstructor, Resolver Evidence: `lib/ansible/_internal/_yaml/_loader.py`
- **Debug** (source_file): class ActionModule ActionBase ⋮---- TRANSFERS FILES = False requires connection = False ⋮---- @classmethod def finalize task arg cls, name: str, value: t.Any, templar: TemplateEngine, context: t.Any - t.Any ⋮---- def run self, tmp=None, task vars=None ⋮---- templar = self. templar. engine.extend marker behavior=replacing behavior Evidence: `lib/ansible/_internal/ansible_collections/ansible/_protomatter/plugins/action/debug.py`
- **patch us early to load vendored deps transparently** (source_file): path = ⋮---- def ensure vendored path entry ⋮---- vendored path entry = os.path.dirname file vendored module names = set m 1 for m in pkgutil.iter modules vendored path entry , '' m 1 == m.name ⋮---- patch us early to load vendored deps transparently ⋮---- handle reload case by removing the existing entry, wherever it might be ⋮---- already loaded vendored modules = set sys.modules.keys .intersection vendored module names Evidence: `lib/ansible/_vendor/__init__.py`
- **noinspection PyBroadException** (source_file): PY MIN = 3, 13 ⋮---- def check blocking io ⋮---- """Check stdin/stdout/stderr to make sure they are using blocking IO.""" handles = ⋮---- noinspection PyBroadException ⋮---- fd = handle.fileno ⋮---- continue not a real file handle, such as during the import sanity test ⋮---- def initialize locale ⋮---- fs enc = sys.getfilesystemencoding ⋮---- display = Display ⋮---- ex msg = ' '.join ex.message, ex. help text or '' .strip ⋮---- ex msg = str ex ⋮---- HAS ARGCOMPLETE = True ⋮---- HAS ARGCOMPLETE = False ⋮---- class CLI ABC ⋮---- """ code behind bin/ansible programs """ ⋮---- PAGER = C.config.get config value 'PAGER' ⋮---- -F quit-if-one-screen -R allow raw ansi control chars -S chop long line… Evidence: `lib/ansible/cli/__init__.py`
- **Any collections in the requirements files will also be installed** (source_file): display = Display ⋮---- def with collection artifacts manager wrapped method ⋮---- @functools.wraps wrapped method def method wrapper args, kwargs ⋮---- artifacts manager kwargs = {'validate certs': context.CLIARGS.get 'resolved validate certs', True } ⋮---- keyring = context.CLIARGS.get 'keyring', None ⋮---- def display header path, h1, h2, w1=10, w2=7 ⋮---- def display role gr ⋮---- install info = gr.install info version = None ⋮---- version = install info.get "version", None ⋮---- version = " unknown version " ⋮---- def display collection collection, cwidth=10, vwidth=7, min cwidth=10, min vwidth=7 ⋮---- def get collection widths collections ⋮---- collections = collections, ⋮---- fqcn se… Evidence: `lib/ansible/cli/galaxy.py`
- **Playbook** (source_file): display = Display ⋮---- class PlaybookCLI CLI ⋮---- name = 'ansible-playbook' ⋮---- USES CONNECTION = True ⋮---- def init parser self ⋮---- def post process args self, options ⋮---- havetags = bool options.tags or options.skip tags ⋮---- options = super PlaybookCLI, self .post process args options ⋮---- def run self ⋮---- sshpass = None becomepass = None passwords = {} ⋮---- b playbook dirs = ⋮---- resource = get collection playbook path playbook ⋮---- playbook collection = resource 2 ⋮---- playbook collection = get collection name from path playbook ⋮---- b playbook dir = os.path.dirname os.path.abspath to bytes playbook, errors='surrogate or strict' ⋮---- passwords = {'conn pass': sshpass… Evidence: `lib/ansible/cli/playbook.py`
- **Holds tuples the text, the source of the string, the variable name if its provided .** (source_file): display = Display ⋮---- class VaultCLI CLI ⋮---- name = 'ansible-vault' ⋮---- FROM STDIN = "stdin" FROM ARGS = "the command line args" FROM PROMPT = "the interactive prompt" ⋮---- def init self, args ⋮---- def init parser self ⋮---- common = opt help.ArgumentParser add help=False ⋮---- subparsers = self.parser.add subparsers dest='action' ⋮---- output = opt help.ArgumentParser add help=False ⋮---- vault id = opt help.ArgumentParser add help=False ⋮---- create parser = subparsers.add parser 'create', help='Create new vault encrypted file', parents= vault id, common ⋮---- decrypt parser = subparsers.add parser 'decrypt', help='Decrypt vault encrypted file or string', parents= output, common ⋮… Evidence: `lib/ansible/cli/vault.py`
- **FIXME: see if this can live in utils/path** (source_file): INTERNAL DEFS = {'lookup': ' terms', } ⋮---- GALAXY SERVER DEF = ⋮---- GALAXY SERVER ADDITIONAL = { ⋮---- @t.runtime checkable class EncryptedStringProtocol t.Protocol ⋮---- def decrypt self - str: ... ⋮---- def get config label plugin type: str, plugin name: str, config: str - str ⋮---- entry = f'{config!r}' ⋮---- def ensure type value: object, value type: str None, origin: str None = None, origin ftype: str None = None - t.Any ⋮---- original value = value copy tags = value type not in 'temppath', 'tmppath', 'tmp' ⋮---- value = ensure type value, value type, origin ⋮---- value = AnsibleTagHelper.tag copy original value, item for item in value ⋮---- value = AnsibleTagHelper.tag copy origina… Evidence: `lib/ansible/config/manager.py`
- **Context** (source_file): all = 'CLIARGS', ⋮---- CLIARGS = CLIArgs {} ⋮---- def init global context cli args ⋮---- CLIARGS = GlobalCLIArgs.from options cli args ⋮---- def cliargs deferred get key, default=None, shallowcopy=False ⋮---- def inner ⋮---- value = CLIARGS.get key, default=default Evidence: `lib/ansible/context.py`
- **DTFIX-FUTURE: these fallback cases mask incorrect use of AnsibleError.message, what should we do?** (source_file): class ExitCode enum.IntEnum ⋮---- SUCCESS = 0 GENERIC ERROR = 1 HOST FAILED = 2 HOST UNREACHABLE = 4 PARSER ERROR = 4 INVALID CLI OPTION = 5 UNICODE ERROR = 6 KEYBOARD INTERRUPT = 99 UNKNOWN ERROR = 250 ⋮---- class AnsibleError Exception ⋮---- exit code = ExitCode.GENERIC ERROR default message = '' default help text: str None = None include cause message = True """ When True , the exception message will be augmented with cause message s . Subclasses doing complex error analysis can disable this to take responsibility for reporting cause messages as needed. """ ⋮---- DTFIX-FUTURE: these fallback cases mask incorrect use of AnsibleError.message, what should we do? ⋮---- message = '' ⋮---- mes… Evidence: `lib/ansible/errors/__init__.py`
- **get search path for this task to pass to lookup plugins** (source_file): display = Display ⋮---- DELEGATED CONNECTION PLUGIN VAR NAMES = frozenset { ⋮---- all = 'TaskExecutor' ⋮---- class TaskExecutor ⋮---- @property def task self - Task ⋮---- def run self - UnifiedTaskResult ⋮---- task ctx = TaskContext.current ⋮---- items = self. get loop items ⋮---- items = None ⋮---- utr = self. execute ⋮---- utr = self. run loop items ⋮---- utr = UnifiedTaskResult.create from action exception ex ⋮---- def get loop items self - list t.Any None ⋮---- """ Loads a lookup plugin to handle the with portion of a task if specified , and returns the items result. """ ⋮---- get search path for this task to pass to lookup plugins ⋮---- terms = self. task.loop ⋮---- terms = task ctx.ta… Evidence: `lib/ansible/executor/task_executor.py`
- **Defer to CLI handling** (source_file): all = 'TaskQueueManager' ⋮---- STDIN FILENO = 0 STDOUT FILENO = 1 STDERR FILENO = 2 ⋮---- display = Display ⋮---- @dataclasses.dataclass frozen=True, kw only=True, slots=True class CallbackSend ⋮---- method name: str wire task result: WireTaskResult ⋮---- class DisplaySend ⋮---- def init self, method, args, kwargs ⋮---- @dataclasses.dataclass class PromptSend ⋮---- worker id: int prompt: str private: bool = True seconds: int = None interrupt input: t.Iterable bytes = None complete input: t.Iterable bytes = None ⋮---- class FinalQueue multiprocessing.queues.SimpleQueue ⋮---- def init self, args, kwargs ⋮---- def send callback self, method name: str, host: Host, task: Task, utr: UnifiedTaskRe… Evidence: `lib/ansible/executor/task_queue_manager.py`
- **Init** (source_file): def get collections galaxy meta info ⋮---- meta path = os.path.join os.path.dirname file , 'data', 'collections galaxy meta.yml' ⋮---- class Galaxy object ⋮---- def init self ⋮---- roles path = context.CLIARGS.get 'roles path', C.DEFAULT ROLES PATH ⋮---- type path = context.CLIARGS.get 'role type', 'default' ⋮---- type path = os.path.join type path, context.CLIARGS.get 'type' ⋮---- @property def default role skeleton path self ⋮---- def add role self, role ⋮---- def remove role self, role name Evidence: `lib/ansible/galaxy/__init__.py`
- **Allow a dict representing this dataclass to be splatted directly.** (source_file): HAS PACKAGING = False ⋮---- HAS PACKAGING = True ⋮---- HAS DISTLIB = False ⋮---- HAS DISTLIB = True ⋮---- ManifestKeysType = t.Literal FileMetaKeysType = t.Literal CollectionInfoKeysType = t.Literal ManifestValueType = t.Dict CollectionInfoKeysType, t.Union int, str, t.List str , t.Dict str, str , None CollectionManifestType = t.Dict ManifestKeysType, ManifestValueType FileManifestEntryType = t.Dict FileMetaKeysType, t.Union str, int, None ⋮---- class FilesManifestType t.TypedDict ⋮---- files: t.List FileManifestEntryType format: int ⋮---- HAS RESOLVELIB = False ⋮---- HAS RESOLVELIB = True ⋮---- display = Display ⋮---- MANIFEST FORMAT = 1 MANIFEST FILENAME = 'MANIFEST.json' ⋮---- ModifiedCo… Evidence: `lib/ansible/galaxy/collection/__init__.py`
- **type: Collection - bytes** (source_file): display = Display ⋮---- MANIFEST FILENAME = 'MANIFEST.json' ⋮---- class ConcreteArtifactsManager ⋮---- def init self, b working directory, validate certs=True, keyring=None, timeout=60, required signature count=None, ignore signature errors=None ⋮---- @property def keyring self ⋮---- @property def required successful signature count self ⋮---- @property def ignore signature errors self ⋮---- @property def require build metadata self ⋮---- @require build metadata.setter def require build metadata self, value ⋮---- def get galaxy artifact source info self, collection ⋮---- def get galaxy artifact path self, collection: Candidate - bytes ⋮---- b artifact path = download file ⋮---- def get arti… Evidence: `lib/ansible/galaxy/collection/concrete_artifact_manager.py`
- **FIXME: this goes away if we apply patterns incrementally or by groups** (source_file): display = Display ⋮---- IGNORED ALWAYS = br"^\.", b"^host vars$", b"^group vars$", b"^vars plugins$" IGNORED PATTERNS = to bytes x for x in C.INVENTORY IGNORE PATTERNS IGNORED EXTS = b'%s$' % to bytes re.escape x for x in C.INVENTORY IGNORE EXTS ⋮---- IGNORED = re.compile b' '.join IGNORED ALWAYS + IGNORED PATTERNS + IGNORED EXTS ⋮---- PATTERN WITH SUBSCRIPT = re.compile ⋮---- def order patterns patterns ⋮---- """ takes a list of patterns and reorders them by modifier to apply them consistently """ ⋮---- FIXME: this goes away if we apply patterns incrementally or by groups pattern regular = pattern intersection = pattern exclude = ⋮---- if no regular pattern was given, hence only exclude an… Evidence: `lib/ansible/inventory/manager.py`
- **Init** (source_file): INTERMEDIATE MAPPING TYPES = c.Mapping, ⋮---- INTERMEDIATE ITERABLE TYPES = tuple, set, frozenset, c.Sequence ⋮---- ITERABLE SCALARS NOT TO ITERATE = str, bytes ⋮---- def is intermediate mapping value: object - TypeGuard c.Mapping ⋮---- def is intermediate iterable value: object - TypeGuard c.Iterable ⋮---- is controller: bool = False ⋮---- def get controller serialize map - dict type, t.Callable ⋮---- def import controller module module name: str, / - t.Any Evidence: `lib/ansible/module_utils/_internal/__init__.py`
- **Ambient Context** (source_file): class AmbientContextBase ⋮---- slots = ' contextvar token', ⋮---- contextvar: t.ClassVar contextvars.ContextVar contextvar token: contextvars.Token ⋮---- def init subclass cls, kwargs - None ⋮---- @classmethod def when cls, condition: bool, /, args, kwargs - t.Self contextlib.nullcontext ⋮---- @classmethod def current cls, optional: bool = False - t.Self None ⋮---- def enter self - t.Self ⋮---- def exit self, exc type, exc val, exc tb - None Evidence: `lib/ansible/module_utils/_internal/_ambient_context.py`

## Rules the Host AI Must Follow

- **Treat this asset as pre-work context, not a runtime environment.**: The AI Context Pack contains only an evidence-backed understanding of the project, not the project's executable state. Evidence: `README.md`, `changelogs/README.md`, `context/README.md`
- **When answering the user, distinguish what can be previewed from what can only be verified after install.**: The consumer value of the pre-install experience comes from reducing bad installs and misjudgments, not from pretending to be a real run. Evidence: `README.md`, `changelogs/README.md`, `context/README.md`

## Questions the User Should Answer First

- Which host AI or local environment do you plan to use it in?
- Do you just want to experience the workflow first, or are you ready to actually install?
- What matters most to you: install cost, output quality, or conflicts with your existing rules?

## Acceptance Checks

- Every capability claim can be traced back to a file path in evidence_refs.
- AI_CONTEXT_PACK.md does not package previews as a real run.
- The user can understand who it fits, what it can do, how to start, and the risk boundaries within 3 minutes.

---

## Doramagic Context Augmentation

The following sections strengthen the repository context for a host AI. Human Manual data is a reading route, and pitfall notes become operating constraints.

## Human Manual Outline

Usage rule: this is only a reading route and salience signal, not factual authority. Concrete claims must still return to repo evidence or Claim Graph.

Host AI hard rules:
- Do not treat page titles, section order, summaries, or importance values as factual project evidence.
- When explaining the Human Manual outline, state that it is only a reading route or salience signal.
- Capability, installation, compatibility, runtime state, and risk claims must cite repo evidence, source paths, or Claim Graph.

- **Overview & Core Architecture**: importance `high`
  - source_paths: lib/ansible/__main__.py, lib/ansible/cli/__init__.py, lib/ansible/cli/playbook.py, lib/ansible/cli/galaxy.py, lib/ansible/cli/vault.py
- **Plugin & Extension System**: importance `high`
  - source_paths: lib/ansible/plugins/loader.py, lib/ansible/plugins/action/__init__.py, lib/ansible/plugins/action/normal.py, lib/ansible/plugins/action/command.py, lib/ansible/plugins/connection/ssh.py
- **Built-in Modules & Facts Gathering**: importance `high`
  - source_paths: lib/ansible/modules/command.py, lib/ansible/modules/shell.py, lib/ansible/modules/copy.py, lib/ansible/modules/file.py, lib/ansible/modules/lineinfile.py
- **Development, Testing & Community Workflow**: importance `high`
  - source_paths: hacking/README.md, hacking/test-module.py, hacking/env-setup, hacking/report.py, hacking/azp/run.py

## Repo Inspection Evidence

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `8d63341579aa1c62024f3bce1a8af3f9a1b22a16`
- inspected_files: `README.md`, `pyproject.toml`, `requirements.txt`

Host AI hard rules:
- Without repo_clone_verified=true, do not claim that the source code has been read.
- Without repo_inspection_verified=true, do not write README, docs, or package-file conclusions as facts.
- Without quick_start_verified=true, do not claim that the Quick Start path has run successfully.

## Doramagic Pitfall Constraints

These rules come from Doramagic discovery, validation, or compilation findings. The host AI must treat them as operating constraints, not background notes.

### Constraint 1: Installation risk requires verification

- Trigger: Developers should check this installation risk before relying on the project: btrfs scrub status doesn't update via ansible
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: btrfs scrub status doesn't update via ansible. Context: Observed when using python, linux
- Why it matters: Developers may fail before the first successful local run: btrfs scrub status doesn't update via ansible
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87213
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 2: Configuration risk requires verification

- Trigger: Developers should check this configuration risk before relying on the project: Action plugin: how to execute module with check mode unset?
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Action plugin: how to execute module with check mode unset?. Context: Observed when using python, docker
- Why it matters: Developers may misconfigure credentials, environment, or host setup: Action plugin: how to execute module with check mode unset?
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87071
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 3: Configuration risk requires verification

- Trigger: Developers should check this configuration risk before relying on the project: [regression] PowerShell v5 support broke with ansible-core 2.21
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: [regression] PowerShell v5 support broke with ansible-core 2.21. Context: Observed when using python, windows, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: [regression] PowerShell v5 support broke with ansible-core 2.21
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87147
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 4: Configuration risk requires verification

- Trigger: Developers should check this configuration risk before relying on the project: argument_specs with list of str accept integer in it
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: argument_specs with list of str accept integer in it. Context: Observed when using python, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: argument_specs with list of str accept integer in it
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87217
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 5: Configuration risk requires verification

- Trigger: Developers should check this configuration risk before relying on the project: getent returns misleading error when service override fails due to platform limitations on Alpine
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: getent returns misleading error when service override fails due to platform limitations on Alpine. Context: Observed when using python, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: getent returns misleading error when service override fails due to platform limitations on Alpine
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/85568
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.
