# ansible - Doramagic AI Context Pack

> 定位：安装前体验与判断资产。它帮助宿主 AI 有一个好的开始，但不代表已经安装、执行或验证目标项目。

## 充分原则

- **充分原则，不是压缩原则**：AI Context Pack 应该充分到让宿主 AI 在开工前理解项目价值、能力边界、使用入口、风险和证据来源；它可以分层组织，但不以最短摘要为目标。
- **压缩策略**：只压缩噪声和重复内容，不压缩会影响判断和开工质量的上下文。

## 给宿主 AI 的使用方式

你正在读取 Doramagic 为 ansible 编译的 AI Context Pack。请把它当作开工前上下文：帮助用户理解适合谁、能做什么、如何开始、哪些必须安装后验证、风险在哪里。不要声称你已经安装、运行或执行了目标项目。

## Claim 消费规则

- **事实来源**：Repo Evidence + Claim/Evidence Graph；Human Wiki 只提供显著性、术语和叙事结构。
- **事实最低状态**：`supported`
- `supported`：可以作为项目事实使用，但回答中必须引用 claim_id 和证据路径。
- `weak`：只能作为低置信度线索，必须要求用户继续核实。
- `inferred`：只能用于风险提示或待确认问题，不能包装成项目事实。
- `unverified`：不得作为事实使用，应明确说证据不足。
- `contradicted`：必须展示冲突来源，不得替用户强行选择一个版本。

## 它最适合谁

- **希望把专业流程带进宿主 AI 的用户**：仓库包含 Skill 文档。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim：`clm_0003` supported 0.86

## 它能做什么

- **AI Skill / Agent 指令资产库**（可做安装前预览）：项目包含可被宿主 AI 读取的 Skill 或 Agent 指令文件，可用于把专业流程带入 Claude、Codex、Cursor 等宿主。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim：`clm_0001` supported 0.86
- **命令行启动或安装流程**（需要安装后验证）：项目文档中存在可执行命令，真实使用需要在本地或宿主环境中运行这些命令。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等 Claim：`clm_0002` supported 0.86

## 怎么开始

- `pip install -e .` 证据：`context/dev-environment.md` Claim：`clm_0004` unverified 0.25, `clm_0013` unverified 0.25
- `pip install -r requirements.txt` 证据：`hacking/README.md` Claim：`clm_0005` supported 0.86
- `pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check` 证据：`.azure-pipelines/scripts/report-coverage.sh` Claim：`clm_0006` unverified 0.25
- `git clone --bare "${galaxy_local_test_role_git_repo}" "${galaxy_local_test_role_http_repo}"` 证据：`test/integration/targets/ansible-galaxy/runme.sh` Claim：`clm_0007` unverified 0.25
- `git clone "${galaxy_local_test_role_git_repo}" "${galaxy_local_test_role}"` 证据：`test/integration/targets/ansible-galaxy/runme.sh` Claim：`clm_0008` unverified 0.25
- `pip install "${base_dir}" --disable-pip-version-check --no-deps` 证据：`test/integration/targets/ansible-test-installed/runme.sh` Claim：`clm_0009` unverified 0.25
- `pip install tomli` 证据：`test/integration/targets/ansible-vault/runme.sh` Claim：`clm_0010` unverified 0.25
- `pip install pexpect==4.9.0 passlib==1.7.4` 证据：`test/integration/targets/builtin_vars_prompt/runme.sh` Claim：`clm_0011` unverified 0.25
- `pip install pexpect==4.9.0` 证据：`test/integration/targets/debugger/runme.sh` Claim：`clm_0011` unverified 0.25, `clm_0012` unverified 0.25
- `pip install -e "${base_dir}" "${pip_options[@]}"` 证据：`test/integration/targets/entry_points/runme.sh` Claim：`clm_0013` unverified 0.25

## 继续前判断卡

- **当前建议**：仅建议沙盒试装
- **为什么**：项目存在安装命令、宿主配置或本地写入线索，不建议直接进入主力环境，应先在隔离环境试装。

### 30 秒判断

- **现在怎么做**：仅建议沙盒试装
- **最小安全下一步**：先跑 Prompt Preview；若仍要安装，只在隔离环境试装
- **先别相信**：真实输出质量不能在安装前相信。
- **继续会触碰**：命令执行、宿主 AI 配置、本地环境或项目文件

### 现在可以相信

- **适合人群线索：希望把专业流程带进宿主 AI 的用户**（supported）：有 supported claim 或项目证据支撑，但仍不等于真实安装效果。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim：`clm_0003` supported 0.86
- **能力存在：AI Skill / Agent 指令资产库**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim：`clm_0001` supported 0.86
- **能力存在：命令行启动或安装流程**（supported）：可以相信项目包含这类能力线索；是否适合你的具体任务仍要试用或安装后验证。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等 Claim：`clm_0002` supported 0.86
- **存在 Quick Start / 安装命令线索**（supported）：可以相信项目文档出现过启动或安装入口；不要因此直接在主力环境运行。 证据：`hacking/README.md` Claim：`clm_0005` supported 0.86

### 现在还不能相信

- **真实输出质量不能在安装前相信。**（unverified）：Prompt Preview 只能展示引导方式，不能证明真实项目中的结果质量。
- **宿主 AI 版本兼容性不能在安装前相信。**（unverified）：Claude、Cursor、Codex、Gemini 等宿主加载规则和版本差异必须在真实环境验证。
- **不会污染现有宿主 AI 行为，不能直接相信。**（inferred）：Skill、plugin、AGENTS/CLAUDE/GEMINI 指令可能改变宿主 AI 的默认行为。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md`, `AGENTS.md` 等
- **可安全回滚不能默认相信。**（unverified）：除非项目明确提供卸载和恢复说明，否则必须先在隔离环境验证。
- **真实安装后是否与用户当前宿主 AI 版本兼容？**（unverified）：兼容性只能通过实际宿主环境验证。
- **项目输出质量是否满足用户具体任务？**（unverified）：安装前预览只能展示流程和边界，不能替代真实评测。
- **安装命令是否需要网络、权限或全局写入？**（unverified）：这影响企业环境和个人环境的安装风险。 证据：`context/dev-environment.md`

### 继续会触碰什么

- **命令执行**：包管理器、网络下载、本地插件目录、项目配置或用户主目录。 原因：运行第一条命令就可能产生环境改动；必须先判断是否值得跑。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等
- **宿主 AI 配置**：Claude/Codex/Cursor/Gemini/OpenCode 等宿主的 plugin、Skill 或规则加载配置。 原因：宿主配置会改变 AI 后续工作方式，可能和用户已有规则冲突。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md`, `AGENTS.md` 等
- **本地环境或项目文件**：安装结果、插件缓存、项目配置或本地依赖目录。 原因：安装前无法证明写入范围和回滚方式，需要隔离验证。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等
- **宿主 AI 上下文**：AI Context Pack、Prompt Preview、Skill 路由、风险规则和项目事实。 原因：导入上下文会影响宿主 AI 后续判断，必须避免把未验证项包装成事实。

### 最小安全下一步

- **先跑 Prompt Preview**：用安装前交互式试用判断工作方式是否匹配，不需要授权或改环境。（适用：任何项目都适用，尤其是输出质量未知时。）
- **只在隔离目录或测试账号试装**：避免安装命令污染主力宿主 AI、真实项目或用户主目录。（适用：存在命令执行、插件配置或本地写入线索时。）
- **先备份宿主 AI 配置**：Skill、plugin、规则文件可能改变 Claude/Cursor/Codex 的默认行为。（适用：存在插件 manifest、Skill 或宿主规则入口时。）
- **安装后只验证一个最小任务**：先验证加载、兼容、输出质量和回滚，再决定是否深用。（适用：准备从试用进入真实工作流时。）

### 退出方式

- **保留安装前状态**：记录原始宿主配置和项目状态，后续才能判断是否可恢复。
- **准备移除宿主 plugin / Skill / 规则入口**：如果试装后行为异常，可以把宿主 AI 恢复到试装前状态。
- **记录安装命令和写入路径**：没有明确卸载说明时，至少要知道哪些目录或配置需要手动清理。
- **如果没有回滚路径，不进入主力环境**：不可回滚是继续前阻断项，不应靠信任或运气继续。

## 哪些只能预览

- 解释项目适合谁和能做什么
- 基于项目文档演示典型对话流程
- 帮助用户判断是否值得安装或继续研究

## 哪些必须安装后验证

- 真实安装 Skill、插件或 CLI
- 执行脚本、修改本地文件或访问外部服务
- 验证真实输出质量、性能和兼容性

## 边界与风险判断卡

- **把安装前预览误认为真实运行**：用户可能高估项目已经完成的配置、权限和兼容性验证。 处理方式：明确区分 prompt_preview_can_do 与 runtime_required。 Claim：`clm_0018` inferred 0.45
- **命令执行会修改本地环境**：安装命令可能写入用户主目录、宿主插件目录或项目配置。 处理方式：先在隔离环境或测试账号中运行。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等 Claim：`clm_0019` supported 0.86
- **待确认**：真实安装后是否与用户当前宿主 AI 版本兼容？。原因：兼容性只能通过实际宿主环境验证。
- **待确认**：项目输出质量是否满足用户具体任务？。原因：安装前预览只能展示流程和边界，不能替代真实评测。
- **待确认**：安装命令是否需要网络、权限或全局写入？。原因：这影响企业环境和个人环境的安装风险。

## 开工前工作上下文

### 加载顺序

- 先读取 how_to_use.host_ai_instruction，建立安装前判断资产的边界。
- 读取 claim_graph_summary，确认事实来自 Claim/Evidence Graph，而不是 Human Wiki 叙事。
- 再读取 intended_users、capabilities 和 quick_start_candidates，判断用户是否匹配。
- 需要执行具体任务时，优先查 role_skill_index，再查 evidence_index。
- 遇到真实安装、文件修改、网络访问、性能或兼容性问题时，转入 risk_card 和 boundaries.runtime_required。

### 任务路由

- **AI Skill / Agent 指令资产库**：先基于 role_skill_index / evidence_index 帮用户挑选可用角色、Skill 或工作流。 边界：可做安装前 Prompt 体验。 证据：`.claude/skills/azp-logs/SKILL.md`, `.claude/skills/context/SKILL.md`, `.claude/skills/review/SKILL.md` Claim：`clm_0001` supported 0.86
- **命令行启动或安装流程**：先说明这是安装后验证能力，再给出安装前检查清单。 边界：必须真实安装或运行后验证。 证据：`.azure-pipelines/scripts/report-coverage.sh`, `context/dev-environment.md`, `hacking/README.md`, `test/integration/targets/ansible-galaxy/runme.sh` 等 Claim：`clm_0002` supported 0.86

### 上下文规模

- 文件总数：5677
- 重要文件覆盖：40/5677
- 证据索引条目：53
- 角色 / Skill 条目：3

### 证据不足时的处理

- **missing_evidence**：说明证据不足，要求用户提供目标文件、README 段落或安装后验证记录；不要补全事实。
- **out_of_scope_request**：说明该任务超出当前 AI Context Pack 证据范围，并建议用户先查看 Human Manual 或真实安装后验证。
- **runtime_request**：给出安装前检查清单和命令来源，但不要替用户执行命令或声称已执行。
- **source_conflict**：同时展示冲突来源，标记为待核实，不要强行选择一个版本。

## Prompt Recipes

### 适配判断

- 目标：判断这个项目是否适合用户当前任务。
- 预期输出：适配结论、关键理由、证据引用、安装前可预览内容、必须安装后验证内容、下一步建议。

```text
请基于 ansible 的 AI Context Pack，先问我 3 个必要问题，然后判断它是否适合我的任务。回答必须包含：适合谁、能做什么、不能做什么、是否值得安装、证据来自哪里。所有项目事实必须引用 evidence_refs、source_paths 或 claim_id。
```

### 安装前体验

- 目标：让用户在安装前感受核心工作流，同时避免把预览包装成真实能力或营销承诺。
- 预期输出：一段带边界标签的体验剧本、安装后验证清单和谨慎建议；不含真实运行承诺或强营销表述。

```text
请把 ansible 当作安装前体验资产，而不是已安装工具或真实运行环境。

请严格输出四段：
1. 先问我 3 个必要问题。
2. 给出一段“体验剧本”：用 [安装前可预览]、[必须安装后验证]、[证据不足] 三种标签展示它可能如何引导工作流。
3. 给出安装后验证清单：列出哪些能力只有真实安装、真实宿主加载、真实项目运行后才能确认。
4. 给出谨慎建议：只能说“值得继续研究/试装”“先补充信息后再判断”或“不建议继续”，不得替项目背书。

硬性边界：
- 不要声称已经安装、运行、执行测试、修改文件或产生真实结果。
- 不要写“自动适配”“确保通过”“完美适配”“强烈建议安装”等承诺性表达。
- 如果描述安装后的工作方式，必须使用“如果安装成功且宿主正确加载 Skill，它可能会……”这种条件句。
- 体验剧本只能写成“示例台词/假设流程”：使用“可能会询问/可能会建议/可能会展示”，不要写“已写入、已生成、已通过、正在运行、正在生成”。
- Prompt Preview 不负责给安装命令；如用户准备试装，只能提示先阅读 Quick Start 和 Risk Card，并在隔离环境验证。
- 所有项目事实必须来自 supported claim、evidence_refs 或 source_paths；inferred/unverified 只能作风险或待确认项。

```

### 角色 / Skill 选择

- 目标：从项目里的角色或 Skill 中挑选最匹配的资产。
- 预期输出：候选角色或 Skill 列表，每项包含适用场景、证据路径、风险边界和是否需要安装后验证。

```text
请读取 role_skill_index，根据我的目标任务推荐 3-5 个最相关的角色或 Skill。每个推荐都要说明适用场景、可能输出、风险边界和 evidence_refs。
```

### 风险预检

- 目标：安装或引入前识别环境、权限、规则冲突和质量风险。
- 预期输出：环境、权限、依赖、许可、宿主冲突、质量风险和未知项的检查清单。

```text
请基于 risk_card、boundaries 和 quick_start_candidates，给我一份安装前风险预检清单。不要替我执行命令，只说明我应该检查什么、为什么检查、失败会有什么影响。
```

### 宿主 AI 开工指令

- 目标：把项目上下文转成一次对话开始前的宿主 AI 指令。
- 预期输出：一段边界明确、证据引用明确、适合复制给宿主 AI 的开工前指令。

```text
请基于 ansible 的 AI Context Pack，生成一段我可以粘贴给宿主 AI 的开工前指令。这段指令必须遵守 not_runtime=true，不能声称项目已经安装、运行或产生真实结果。
```

## 角色 / Skill 索引

- 共索引 3 个角色 / Skill / 项目文档条目。

- **azp-logs**（skill）：Download Azure Pipelines CI logs for analysis 激活提示：当用户任务与“azp-logs”描述的流程高度相关时，先用它做安装前体验，再决定是否安装。 证据：`.claude/skills/azp-logs/SKILL.md`
- **context**（skill）：Load Ansible project development guidelines, testing conventions, PR review processes, and code structure reference into context 激活提示：当用户任务与“context”描述的流程高度相关时，先用它做安装前体验，再决定是否安装。 证据：`.claude/skills/context/SKILL.md`
- **review**（skill）：Review an Ansible PR following the project's standardized process from CLAUDE.md 激活提示：当用户任务与“review”描述的流程高度相关时，先用它做安装前体验，再决定是否安装。 证据：`.claude/skills/review/SKILL.md`

## 证据索引

- 共索引 53 条证据。

- **Ansible**（documentation）：! PyPI version https://img.shields.io/pypi/v/ansible-core.svg https://pypi.org/project/ansible-core ! Docs badge https://img.shields.io/badge/docs-latest-brightgreen.svg https://docs.ansible.com/ansible/latest/ ! Chat badge https://img.shields.io/badge/chat-Matrix-brightgreen.svg https://docs.ansible.com/ansible/devel/community/communication.html real-time-chat ! Ansible forum https://img.shields.io/badge/forum-Ansible-orange.svg https://docs.ansible.com/ansible/devel/community/communication.html forum ! Build Status https://dev.azure.com/ansible/ansible/ apis/build/status/CI?branchName=devel https://dev.azure.com/ansible/ansible/ build/latest?definitionId=20&branchName=devel ! Ansible Code… 证据：`README.md`
- **Readme**（documentation）：As part of the release process a version-specific CHANGELOG-vX.Y.rst will be generated from fragments in the fragments directory. 证据：`changelogs/README.md`
- **Context for Humans and Agents**（documentation）：This directory contains information about developing ansible-core. It should be equally applicable to both humans and agents. 证据：`context/README.md`
- **Readme**（documentation）：'Hacking' directory tools ========================= 证据：`hacking/README.md`
- **Azure Pipelines Scripts**（documentation）：This directory contains the following scripts: 证据：`hacking/azp/README.md`
- **backport scripts**（documentation）：This directory contains scripts useful for dealing with and maintaining backports. Scripts in it depend on pygithub, and expect a valid environment variable called GITHUB TOKEN . 证据：`hacking/backport/README.md`
- **Readme**（documentation）：This is a directory of common responses to save some typing when responding to GitHub tickets to avoid some carpal tunnel syndrome events as Ansible maintainers deal with the ticket influx. 证据：`hacking/ticket_stubs/README.md`
- **Readme**（documentation）："Protomatter - an unstable substance which every ethical scientist in the galaxy has denounced as dangerously unpredictable." 证据：`lib/ansible/_internal/ansible_collections/ansible/_protomatter/README.md`
- **Readme**（documentation）：A brief description of the APB goes here. 证据：`lib/ansible/galaxy/data/apb/README.md`
- **Role Name**（documentation）：Adds a service to your Ansible Container https://github.com/ansible/ansible-container project. Run the following commands to install the service: 证据：`lib/ansible/galaxy/data/container/README.md`
- **Readme**（documentation）：A brief description of the role goes here. 证据：`lib/ansible/galaxy/data/default/role/README.md`
- **Readme**（documentation）：A brief description of the role goes here. 证据：`lib/ansible/galaxy/data/network/README.md`
- **Readme**（documentation）：This is a simple collection used to test failures with ansible-test sanity --test validate-modules . 证据：`test/integration/targets/ansible-test-sanity-validate-modules/ansible_collections/ns/failure/README.md`
- **Readme**（documentation）：This is a simple PowerShell-only collection used to verify that ansible-test works on a collection. 证据：`test/integration/targets/ansible-test-sanity-validate-modules/ansible_collections/ns/ps_only/README.md`
- **Readme**（documentation）：This is a simple collection used to verify that ansible-test works on a collection. 证据：`test/integration/targets/ansible-test-sanity/ansible_collections/ns/col/README.md`
- **Readme**（documentation）：Based on 证据：`test/integration/targets/ansible-vault/invalid_format/README.md`
- **IMPORTANT**（documentation）：Files under this directory are not actual plugins and modules used by Ansible and as such should not be modified . They are used for testing purposes only and are temporary . 证据：`test/support/README.md`
- **Readme**（documentation）：file is encrypted with password of 'test-encrypted-file-password' 证据：`test/integration/targets/ansible-vault/roles/test_vault_file_encrypted_embedded/README.md`
- **Readme**（documentation）：A readme 证据：`test/units/cli/test_data/collection_skeleton/README.md`
- **Readme**（documentation）：A brief description of the role goes here. 证据：`test/units/cli/test_data/role_skeleton/README.md`
- **AGENTS.md**（documentation）：This file provides guidance to Claude Code claude.ai/code and other compatible agentic tools when working with code in this repository. 证据：`AGENTS.md`
- **Claude**（documentation）：- @AGENTS.md - @~/.claude/ansible.md - @CLAUDE.local.md 证据：`CLAUDE.md`
- **Contributing**（documentation）：Changes should be limited to what's necessary to solve the problem at hand. Avoid unrelated reformatting, refactoring, or style adjustments in the same change. 证据：`context/contributing.md`
- **Find all errors and failures**（skill_instruction）：Azure Pipelines Logs Downloader ================================ 证据：`.claude/skills/azp-logs/SKILL.md`
- **System Instructions**（skill_instruction）：When this skill is invoked, read the AGENTS.md file from the repository root @../../../AGENTS.md and load its content into context. This provides comprehensive Ansible development guidelines. 证据：`.claude/skills/context/SKILL.md`
- **Skill**（skill_instruction）：PR Review Command ================= 证据：`.claude/skills/review/SKILL.md`
- **improve type hinting and include stdout/stderr if any in the message**（source_file）：def path to str value: t.Any - str ⋮---- @t.overload def run args: t.Any, env: dict str, t.Any None, cwd: pathlib.Path str, capture output: t.Literal True - CompletedProcess: ... ⋮---- @t.overload def run args: t.Any, env: dict str, t.Any None, cwd: pathlib.Path str, capture output: t.Literal False - None: ... ⋮---- @t.overload def run args: t.Any, env: dict str, t.Any None, cwd: pathlib.Path str, capture output: bool - CompletedProcess None: ... ⋮---- @t.overload def run args: t.Any, env: dict str, t.Any None, cwd: pathlib.Path str - None: ... ⋮---- """Run the specified command.""" args = arg.relative to cwd if isinstance arg, pathlib.Path else arg for arg in args ⋮---- str args = tuple pa… 证据：`packaging/release.py`
- **My Collection**（documentation）：Welcome to my test collection doc for {{ namespace }}. 证据：`test/units/cli/test_data/collection_skeleton/docs/My Collection.md`
- **Init**（source_file）：def get controller serialize map - dict type, t.Callable ⋮---- def import controller module module name: str, / - t.Any ⋮---- def setup - None 证据：`lib/ansible/_internal/__init__.py`
- **Init**（source_file）：sentinel = object ⋮---- class HasCurrent t.Protocol ⋮---- current: t.Any ⋮---- class StateTrackingMixIn HasCurrent ⋮---- def init self, args, kwargs - None ⋮---- def enter self - None ⋮---- def exit self, args, kwargs - None ⋮---- def get stack self - list t.Any ⋮---- class EncryptedStringBehavior enum.Enum ⋮---- PRESERVE = enum.auto ⋮---- DECRYPT = enum.auto ⋮---- REDACT = enum.auto ⋮---- FAIL = enum.auto ⋮---- class AnsibleVariableVisitor ⋮---- def enter self - t.Any ⋮---- def exit self, args, kwargs - t.Any ⋮---- def early visit self, value, value type - t.Any ⋮---- result = TrustedAsTemplate .tag value ⋮---- result = value ⋮---- result = sentinel ⋮---- def visit key self, key: t.Any - t… 证据：`lib/ansible/_internal/_json/__init__.py`
- **gets templated here unlike rest of loop control fields, depends on loop var above**（source_file）：display = Display ⋮---- PRESERVE = frozenset ⋮---- POLYMORPHIC RESULT EXPRESSION = trust as template " task.polymorphic result" ⋮---- class NoRecordedResultError AnsibleError ⋮---- default message = "No task result has been recorded." ⋮---- class NotALoopError AnsibleError ⋮---- default message = "The current task is not a loop." ⋮---- @dataclasses.dataclass kw only=True, slots=True class CurrentTask ⋮---- def lazy transform self, value: t.Any - t.Any ⋮---- @property def result self - c.Mapping str, object ⋮---- task ctx = TaskContext.current ⋮---- @property def loop result self - c.Mapping str, object ⋮---- @property def polymorphic result self - c.Mapping str, object ⋮---- @dataclasses.da… 证据：`lib/ansible/_internal/_task.py`
- **Init**（source_file）：jinja2 version = importlib.metadata.version 'jinja2' ⋮---- MINIMUM JINJA VERSION = 3, 1 CURRENT JINJA VERSION = tuple map int, jinja2 version.split '.', maxsplit=2 :2 证据：`lib/ansible/_internal/_templating/__init__.py`
- **Leading/trailing whitespace on conditional expressions is not a problem, except we can't tell if the expression is empt…**（source_file）：display = Display ⋮---- shared empty unmask type names: frozenset str = frozenset ⋮---- TRANSFORM CHAIN LIMIT: int = 10 ⋮---- class TemplateMode enum.Enum ⋮---- DEFAULT = enum.auto STOP ON TEMPLATE = enum.auto STOP ON CONTAINER = enum.auto ALWAYS FINALIZE = enum.auto ⋮---- @dataclasses.dataclass kw only=True, slots=True, frozen=True class TemplateOptions ⋮---- DEFAULT: t.ClassVar t.Self ⋮---- value for omit: object = Omit escape backslashes: bool = True preserve trailing newlines: bool = True ⋮---- overrides: TemplateOverrides = TemplateOverrides.DEFAULT ⋮---- class TemplateEncountered Exception ⋮---- @t.final @dataclasses.dataclass kw only=True, slots=True, frozen=True class TemplateExpres… 证据：`lib/ansible/_internal/_templating/_engine.py`
- **patch us early to load vendored deps transparently**（source_file）：path = ⋮---- def ensure vendored path entry ⋮---- vendored path entry = os.path.dirname file vendored module names = set m 1 for m in pkgutil.iter modules vendored path entry , '' m 1 == m.name ⋮---- patch us early to load vendored deps transparently ⋮---- handle reload case by removing the existing entry, wherever it might be ⋮---- already loaded vendored modules = set sys.modules.keys .intersection vendored module names 证据：`lib/ansible/_vendor/__init__.py`
- **noinspection PyBroadException**（source_file）：PY MIN = 3, 13 ⋮---- def check blocking io ⋮---- """Check stdin/stdout/stderr to make sure they are using blocking IO.""" handles = ⋮---- noinspection PyBroadException ⋮---- fd = handle.fileno ⋮---- continue not a real file handle, such as during the import sanity test ⋮---- def initialize locale ⋮---- fs enc = sys.getfilesystemencoding ⋮---- display = Display ⋮---- ex msg = ' '.join ex.message, ex. help text or '' .strip ⋮---- ex msg = str ex ⋮---- HAS ARGCOMPLETE = True ⋮---- HAS ARGCOMPLETE = False ⋮---- class CLI ABC ⋮---- """ code behind bin/ansible programs """ ⋮---- PAGER = C.config.get config value 'PAGER' ⋮---- -F quit-if-one-screen -R allow raw ansi control chars -S chop long line… 证据：`lib/ansible/cli/__init__.py`
- **Playbook**（source_file）：display = Display ⋮---- class PlaybookCLI CLI ⋮---- name = 'ansible-playbook' ⋮---- USES CONNECTION = True ⋮---- def init parser self ⋮---- def post process args self, options ⋮---- havetags = bool options.tags or options.skip tags ⋮---- options = super PlaybookCLI, self .post process args options ⋮---- def run self ⋮---- sshpass = None becomepass = None passwords = {} ⋮---- b playbook dirs = ⋮---- resource = get collection playbook path playbook ⋮---- playbook collection = resource 2 ⋮---- playbook collection = get collection name from path playbook ⋮---- b playbook dir = os.path.dirname os.path.abspath to bytes playbook, errors='surrogate or strict' ⋮---- passwords = {'conn pass': sshpass… 证据：`lib/ansible/cli/playbook.py`
- **FIXME: see if this can live in utils/path**（source_file）：INTERNAL DEFS = {'lookup': ' terms', } ⋮---- GALAXY SERVER DEF = ⋮---- GALAXY SERVER ADDITIONAL = { ⋮---- @t.runtime checkable class EncryptedStringProtocol t.Protocol ⋮---- def decrypt self - str: ... ⋮---- def get config label plugin type: str, plugin name: str, config: str - str ⋮---- entry = f'{config!r}' ⋮---- def ensure type value: object, value type: str None, origin: str None = None, origin ftype: str None = None - t.Any ⋮---- original value = value copy tags = value type not in 'temppath', 'tmppath', 'tmp' ⋮---- value = ensure type value, value type, origin ⋮---- value = AnsibleTagHelper.tag copy original value, item for item in value ⋮---- value = AnsibleTagHelper.tag copy origina… 证据：`lib/ansible/config/manager.py`
- **DTFIX-FUTURE: these fallback cases mask incorrect use of AnsibleError.message, what should we do?**（source_file）：class ExitCode enum.IntEnum ⋮---- SUCCESS = 0 GENERIC ERROR = 1 HOST FAILED = 2 HOST UNREACHABLE = 4 PARSER ERROR = 4 INVALID CLI OPTION = 5 UNICODE ERROR = 6 KEYBOARD INTERRUPT = 99 UNKNOWN ERROR = 250 ⋮---- class AnsibleError Exception ⋮---- exit code = ExitCode.GENERIC ERROR default message = '' default help text: str None = None include cause message = True """ When True , the exception message will be augmented with cause message s . Subclasses doing complex error analysis can disable this to take responsibility for reporting cause messages as needed. """ ⋮---- DTFIX-FUTURE: these fallback cases mask incorrect use of AnsibleError.message, what should we do? ⋮---- message = '' ⋮---- mes… 证据：`lib/ansible/errors/__init__.py`
- **module common is relative to module utils, so fix the path**（source_file）：display = Display ⋮---- @dataclasses.dataclass frozen=True, order=True class ModuleUtilsProcessEntry ⋮---- name parts: tuple str, ... is ambiguous: bool = False child is redirected: bool = False is optional: bool = False ⋮---- @classmethod def from module cls, module: types.ModuleType, append: str None = None - t.Self ⋮---- name = module. name ⋮---- @classmethod def from module name cls, module name: str - t.Self ⋮---- REPLACER = b" REPLACER JSONARGS = b" " REPLACER SELINUX = b" " ⋮---- module common is relative to module utils, so fix the path MODULE UTILS PATH = os.path.join os.path.dirname file , '..', 'module utils' SHEBANG PLACEHOLDER = ' shebang placeholder' ⋮---- ⋮---- def strip comm… 证据：`lib/ansible/executor/module_common.py`
- **Play Iterator**（source_file）：display = Display ⋮---- all = 'PlayIterator', 'IteratingStates', 'FailedStates' ⋮---- class IteratingStates IntEnum ⋮---- SETUP = 0 TASKS = 1 RESCUE = 2 ALWAYS = 3 HANDLERS = 4 COMPLETE = 5 VALIDATE = 6 ⋮---- class FailedStates IntFlag ⋮---- NONE = 0 SETUP = 1 TASKS = 2 RESCUE = 4 ALWAYS = 8 HANDLERS = 16 VALIDATE = 32 ⋮---- class HostState ⋮---- def init self, blocks ⋮---- def repr self ⋮---- def str self ⋮---- def eq self, other ⋮---- def get current block self ⋮---- def copy self ⋮---- new state = HostState self. blocks ⋮---- class PlayIterator ⋮---- def init self, inventory, play, play context, variable manager, all vars, start at done=False ⋮---- setup block = Block play=self. play ⋮--… 证据：`lib/ansible/executor/play_iterator.py`
- **Playbook Executor**（source_file）：display = Display ⋮---- class PlaybookExecutor ⋮---- def init self, playbooks, inventory, variable manager, loader, passwords ⋮---- def run self ⋮---- result = 0 entrylist = entry = {} ⋮---- resource = get collection playbook path playbook ⋮---- playbook path = resource 1 playbook collection = resource 2 ⋮---- playbook path = playbook ⋮---- playbook collection = get collection name from path playbook ⋮---- pb = Playbook.load playbook path, variable manager=self. variable manager, loader=self. loader ⋮---- entry = {'playbook': playbook path} ⋮---- i = 1 plays = pb.get plays ⋮---- all vars = self. variable manager.get vars play=play templar = TemplateEngine loader=self. loader, variables=all… 证据：`lib/ansible/executor/playbook_executor.py`
- **get search path for this task to pass to lookup plugins**（source_file）：display = Display ⋮---- DELEGATED CONNECTION PLUGIN VAR NAMES = frozenset { ⋮---- all = 'TaskExecutor' ⋮---- class TaskExecutor ⋮---- @property def task self - Task ⋮---- def run self - UnifiedTaskResult ⋮---- task ctx = TaskContext.current ⋮---- items = self. get loop items ⋮---- items = None ⋮---- utr = self. execute ⋮---- utr = self. run loop items ⋮---- utr = UnifiedTaskResult.create from action exception ex ⋮---- def get loop items self - list t.Any None ⋮---- """ Loads a lookup plugin to handle the with portion of a task if specified , and returns the items result. """ ⋮---- get search path for this task to pass to lookup plugins ⋮---- terms = self. task.loop ⋮---- terms = task ctx.ta… 证据：`lib/ansible/executor/task_executor.py`
- **Defer to CLI handling**（source_file）：all = 'TaskQueueManager' ⋮---- STDIN FILENO = 0 STDOUT FILENO = 1 STDERR FILENO = 2 ⋮---- display = Display ⋮---- @dataclasses.dataclass frozen=True, kw only=True, slots=True class CallbackSend ⋮---- method name: str wire task result: WireTaskResult ⋮---- class DisplaySend ⋮---- def init self, method, args, kwargs ⋮---- @dataclasses.dataclass class PromptSend ⋮---- worker id: int prompt: str private: bool = True seconds: int = None interrupt input: t.Iterable bytes = None complete input: t.Iterable bytes = None ⋮---- class FinalQueue multiprocessing.queues.SimpleQueue ⋮---- def init self, args, kwargs ⋮---- def send callback self, method name: str, host: Host, task: Task, utr: UnifiedTaskRe… 证据：`lib/ansible/executor/task_queue_manager.py`
- **Init**（source_file）：def get collections galaxy meta info ⋮---- meta path = os.path.join os.path.dirname file , 'data', 'collections galaxy meta.yml' ⋮---- class Galaxy object ⋮---- def init self ⋮---- roles path = context.CLIARGS.get 'roles path', C.DEFAULT ROLES PATH ⋮---- type path = context.CLIARGS.get 'role type', 'default' ⋮---- type path = os.path.join type path, context.CLIARGS.get 'type' ⋮---- @property def default role skeleton path self ⋮---- def add role self, role ⋮---- def remove role self, role name 证据：`lib/ansible/galaxy/__init__.py`
- **Allow a dict representing this dataclass to be splatted directly.**（source_file）：HAS PACKAGING = False ⋮---- HAS PACKAGING = True ⋮---- HAS DISTLIB = False ⋮---- HAS DISTLIB = True ⋮---- ManifestKeysType = t.Literal FileMetaKeysType = t.Literal CollectionInfoKeysType = t.Literal ManifestValueType = t.Dict CollectionInfoKeysType, t.Union int, str, t.List str , t.Dict str, str , None CollectionManifestType = t.Dict ManifestKeysType, ManifestValueType FileManifestEntryType = t.Dict FileMetaKeysType, t.Union str, int, None ⋮---- class FilesManifestType t.TypedDict ⋮---- files: t.List FileManifestEntryType format: int ⋮---- HAS RESOLVELIB = False ⋮---- HAS RESOLVELIB = True ⋮---- display = Display ⋮---- MANIFEST FORMAT = 1 MANIFEST FILENAME = 'MANIFEST.json' ⋮---- ModifiedCo… 证据：`lib/ansible/galaxy/collection/__init__.py`
- **type: Collection - bytes**（source_file）：display = Display ⋮---- MANIFEST FILENAME = 'MANIFEST.json' ⋮---- class ConcreteArtifactsManager ⋮---- def init self, b working directory, validate certs=True, keyring=None, timeout=60, required signature count=None, ignore signature errors=None ⋮---- @property def keyring self ⋮---- @property def required successful signature count self ⋮---- @property def ignore signature errors self ⋮---- @property def require build metadata self ⋮---- @require build metadata.setter def require build metadata self, value ⋮---- def get galaxy artifact source info self, collection ⋮---- def get galaxy artifact path self, collection: Candidate - bytes ⋮---- b artifact path = download file ⋮---- def get arti… 证据：`lib/ansible/galaxy/collection/concrete_artifact_manager.py`
- **Ansible Collection - {{ namespace }}.{{ collection name }}**（source_file）：{ SPDX-License-Identifier: MIT-0 } Ansible Collection - {{ namespace }}.{{ collection name }} 证据：`lib/ansible/galaxy/data/default/collection/README.md.j2`
- **Collections Plugins Directory**（source_file）：{ SPDX-License-Identifier: MIT-0 } Collections Plugins Directory 证据：`lib/ansible/galaxy/data/default/collection/plugins/README.md.j2`
- **FIXME: this goes away if we apply patterns incrementally or by groups**（source_file）：display = Display ⋮---- IGNORED ALWAYS = br"^\.", b"^host vars$", b"^group vars$", b"^vars plugins$" IGNORED PATTERNS = to bytes x for x in C.INVENTORY IGNORE PATTERNS IGNORED EXTS = b'%s$' % to bytes re.escape x for x in C.INVENTORY IGNORE EXTS ⋮---- IGNORED = re.compile b' '.join IGNORED ALWAYS + IGNORED PATTERNS + IGNORED EXTS ⋮---- PATTERN WITH SUBSCRIPT = re.compile ⋮---- def order patterns patterns ⋮---- """ takes a list of patterns and reorders them by modifier to apply them consistently """ ⋮---- FIXME: this goes away if we apply patterns incrementally or by groups pattern regular = pattern intersection = pattern exclude = ⋮---- if no regular pattern was given, hence only exclude an… 证据：`lib/ansible/inventory/manager.py`
- **Init**（source_file）：INTERMEDIATE MAPPING TYPES = c.Mapping, ⋮---- INTERMEDIATE ITERABLE TYPES = tuple, set, frozenset, c.Sequence ⋮---- ITERABLE SCALARS NOT TO ITERATE = str, bytes ⋮---- def is intermediate mapping value: object - TypeGuard c.Mapping ⋮---- def is intermediate iterable value: object - TypeGuard c.Iterable ⋮---- is controller: bool = False ⋮---- def get controller serialize map - dict type, t.Callable ⋮---- def import controller module module name: str, / - t.Any 证据：`lib/ansible/module_utils/_internal/__init__.py`
- **include the existing tags first so new tags of the same type will overwrite**（source_file）：tag dataclass kwargs = dict frozen=True, repr=False, kw only=True, slots=True ⋮---- tag dataclass kwargs = dict frozen=True, repr=False ⋮---- T = t.TypeVar ' T' TAnsibleSerializable = t.TypeVar ' TAnsibleSerializable', bound='AnsibleSerializable' TAnsibleDatatagBase = t.TypeVar ' TAnsibleDatatagBase', bound='AnsibleDatatagBase' TAnsibleTaggedObject = t.TypeVar ' TAnsibleTaggedObject', bound='AnsibleTaggedObject' ⋮---- NO INSTANCE STORAGE = t.cast t.Tuple str , tuple ANSIBLE TAGGED OBJECT SLOTS = tuple ' ansible tags mapping', ⋮---- empty frozenset: t.FrozenSet = frozenset ⋮---- class AnsibleTagHelper ⋮---- @staticmethod def untag value: T, tag types: t.Type AnsibleDatatagBase - T ⋮---- tag… 证据：`lib/ansible/module_utils/_internal/_datatag/__init__.py`
- **the value of is controller can change after import; always pick it up from the module**（source_file）：T = t.TypeVar ' T', AnsibleProfileJSONEncoder, AnsibleProfileJSONDecoder ⋮---- def get encoder decoder profile: str types.ModuleType, return type: type T - type T ⋮---- class name = 'Encoder' if return type is AnsibleProfileJSONEncoder else 'Decoder' ⋮---- def get module serialization profile name name: str, controller to module: bool - str ⋮---- name = f'module {name} c2m' ⋮---- name = f'module {name} m2c' ⋮---- def get module serialization profile module name name: str, controller to module: bool - str ⋮---- def get serialization profile name: str types.ModuleType - JSONSerializationProfile ⋮---- def get serialization module name: str types.ModuleType - types.ModuleType ⋮---- def get seri… 证据：`lib/ansible/module_utils/_internal/_json/__init__.py`
- **DTFIX-FUTURE: once we have separate control/data channels for module-to-controller and back , warn about this conversion**（source_file）：NoneType: t.Final type = type None ⋮---- json subclassable scalar types: t.Final tuple type, ... = str, float, int ⋮---- json scalar types: t.Final tuple type, ... = str, float, int, bool, NoneType ⋮---- json container types: t.Final tuple type, ... = dict, list, tuple ⋮---- json types: t.Final tuple type, ... = json scalar types + json container types ⋮---- intercept containers = frozenset ⋮---- common module types: frozenset type AnsibleSerializable = frozenset ⋮---- common module response types: frozenset type AnsibleSerializable = frozenset ⋮---- T encoder = t.TypeVar ' T encoder', bound="AnsibleProfileJSONEncoder" T decoder = t.TypeVar ' T decoder', bound="AnsibleProfileJSONDecoder" ⋮-… 证据：`lib/ansible/module_utils/_internal/_json/_profiles/__init__.py`

## 宿主 AI 必须遵守的规则

- **把本资产当作开工前上下文，而不是运行环境。**：AI Context Pack 只包含证据化项目理解，不包含目标项目的可执行状态。 证据：`README.md`, `changelogs/README.md`, `context/README.md`
- **回答用户时区分可预览内容与必须安装后才能验证的内容。**：安装前体验的消费者价值来自降低误装和误判，而不是伪装成真实运行。 证据：`README.md`, `changelogs/README.md`, `context/README.md`

## 用户开工前应该回答的问题

- 你准备在哪个宿主 AI 或本地环境中使用它？
- 你只是想先体验工作流，还是准备真实安装？
- 你最在意的是安装成本、输出质量、还是和现有规则的冲突？

## 验收标准

- 所有能力声明都能回指到 evidence_refs 中的文件路径。
- AI_CONTEXT_PACK.md 没有把预览包装成真实运行。
- 用户能在 3 分钟内看懂适合谁、能做什么、如何开始和风险边界。

---

## Doramagic Context Augmentation

下面内容用于强化 Repomix/AI Context Pack 主体。Human Manual 只提供阅读骨架；踩坑日志会被转成宿主 AI 必须遵守的工作约束。

## Human Manual 骨架

使用规则：这里只是项目阅读路线和显著性信号，不是事实权威。具体事实仍必须回到 repo evidence / Claim Graph。

宿主 AI 硬性规则：
- 不得把页标题、章节顺序、摘要或 importance 当作项目事实证据。
- 解释 Human Manual 骨架时，必须明确说它只是阅读路线/显著性信号。
- 能力、安装、兼容性、运行状态和风险判断必须引用 repo evidence、source path 或 Claim Graph。

- **项目概览与代码组织**：importance `high`
  - source_paths: README.md, lib/ansible/release.py, lib/ansible/__init__.py, bin/ansible, context/README.md
- **Playbook 执行核心**：importance `high`
  - source_paths: lib/ansible/executor/playbook_executor.py, lib/ansible/executor/task_executor.py, lib/ansible/executor/task_queue_manager.py, lib/ansible/executor/play_iterator.py, lib/ansible/playbook/play.py
- **模块、插件与连接体系**：importance `high`
  - source_paths: lib/ansible/modules/__init__.py, lib/ansible/plugins/action/__init__.py, lib/ansible/plugins/connection/ssh.py, lib/ansible/plugins/connection/winrm.py, lib/ansible/plugins/connection/psrp.py
- **Inventory、Templating 与 CLI 工具链**：importance `high`
  - source_paths: lib/ansible/inventory/manager.py, lib/ansible/plugins/inventory/__init__.py, lib/ansible/_internal/_templating/_engine.py, lib/ansible/vars/manager.py, lib/ansible/module_utils/facts/ansible_collector.py

## Repo Inspection Evidence / 源码检查证据

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `8d63341579aa1c62024f3bce1a8af3f9a1b22a16`
- inspected_files: `README.md`, `pyproject.toml`, `requirements.txt`

宿主 AI 硬性规则：
- 没有 repo_clone_verified=true 时，不得声称已经读过源码。
- 没有 repo_inspection_verified=true 时，不得把 README/docs/package 文件判断写成事实。
- 没有 quick_start_verified=true 时，不得声称 Quick Start 已跑通。

## Doramagic Pitfall Constraints / 踩坑约束

这些规则来自 Doramagic 发现、验证或编译过程中的项目专属坑点。宿主 AI 必须把它们当作工作约束，而不是普通说明文字。

### Constraint 1: 来源证据：powershell exec_wrapper fails when multiple powershell.exe entries are found in PATH

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：powershell exec_wrapper fails when multiple powershell.exe entries are found in PATH
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | https://github.com/ansible/ansible/issues/87228 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 2: 来源证据：ansible.builtin.copy module - updates pre-existing files' ownership of dest directory if remote_src: true

- Trigger: GitHub 社区证据显示该项目存在一个配置相关的待验证问题：ansible.builtin.copy module - updates pre-existing files' ownership of dest directory if remote_src: true
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | https://github.com/ansible/ansible/issues/79725 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 3: 来源证据：getent returns misleading error when service override fails due to platform limitations on Alpine

- Trigger: GitHub 社区证据显示该项目存在一个配置相关的待验证问题：getent returns misleading error when service override fails due to platform limitations on Alpine
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | https://github.com/ansible/ansible/issues/85568 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 4: 来源证据：argument_specs with list of str accept integer in it

- Trigger: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：argument_specs with list of str accept integer in it
- Why it matters: 可能影响授权、密钥配置或安全边界。
- Evidence: community_evidence:github | https://github.com/ansible/ansible/issues/87217 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 5: 失败模式：installation: btrfs scrub status doesn't update via ansible

- Trigger: Developers should check this installation risk before relying on the project: btrfs scrub status doesn't update via ansible
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: btrfs scrub status doesn't update via ansible. Context: Observed when using python, linux
- Why it matters: Developers may fail before the first successful local run: btrfs scrub status doesn't update via ansible
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87213 | btrfs scrub status doesn't update via ansible
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 6: 来源证据：btrfs scrub status doesn't update via ansible

- Trigger: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：btrfs scrub status doesn't update via ansible
- Host AI rule: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Why it matters: 可能增加新用户试用和生产接入成本。
- Evidence: community_evidence:github | https://github.com/ansible/ansible/issues/87213 | 来源讨论提到 python 相关条件，需在安装/试用前复核。
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 7: 失败模式：configuration: Action plugin: how to execute module with check mode unset?

- Trigger: Developers should check this configuration risk before relying on the project: Action plugin: how to execute module with check mode unset?
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: Action plugin: how to execute module with check mode unset?. Context: Observed when using python, docker
- Why it matters: Developers may misconfigure credentials, environment, or host setup: Action plugin: how to execute module with check mode unset?
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87071 | Action plugin: how to execute module with check mode unset?
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 8: 失败模式：configuration: [regression] PowerShell v5 support broke with ansible-core 2.21

- Trigger: Developers should check this configuration risk before relying on the project: [regression] PowerShell v5 support broke with ansible-core 2.21
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: [regression] PowerShell v5 support broke with ansible-core 2.21. Context: Observed when using python, windows, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: [regression] PowerShell v5 support broke with ansible-core 2.21
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87147 | [regression] PowerShell v5 support broke with ansible-core 2.21
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 9: 失败模式：configuration: argument_specs with list of str accept integer in it

- Trigger: Developers should check this configuration risk before relying on the project: argument_specs with list of str accept integer in it
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: argument_specs with list of str accept integer in it. Context: Observed when using python, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: argument_specs with list of str accept integer in it
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/87217 | argument_specs with list of str accept integer in it
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。

### Constraint 10: 失败模式：configuration: getent returns misleading error when service override fails due to platform limitations on Al...

- Trigger: Developers should check this configuration risk before relying on the project: getent returns misleading error when service override fails due to platform limitations on Alpine
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: getent returns misleading error when service override fails due to platform limitations on Alpine. Context: Observed when using python, linux
- Why it matters: Developers may misconfigure credentials, environment, or host setup: getent returns misleading error when service override fails due to platform limitations on Alpine
- Evidence: failure_mode_cluster:github_issue | https://github.com/ansible/ansible/issues/85568 | getent returns misleading error when service override fails due to platform limitations on Alpine
- Hard boundary: 不要把这个坑点包装成已解决、已验证或可忽略，除非后续验证证据明确证明它已经关闭。
