# Review Checklist Use this checklist for repository reviews and pull requests. ## Safety - Destructive actions default to dry-run or read-only. - Real changes require explicit `--execute` and operator confirmation. - Inputs are validated before use. - Paths, service names, disks, volumes, and inventory targets are constrained. - Rollback or recovery thinking is documented where the operation can change state. ## Bash - Uses `#!/usr/bin/env bash`. - Uses `set -o errexit`, `set -o nounset`, and `set -o pipefail`. - Missing commands return a clear warning or invalid-input/dependency exit. - Output uses `OK`, `WARNING`, and `CRITICAL` consistently. - Exit codes follow repo convention: `0` OK, `1` operational issue, `2` invalid input or missing dependency. - Help output exists for scripts that accept arguments. ## Ansible - Target hosts are explicit and appropriate for the role. - Modules are preferred over `shell` or `command`. - Check mode and diff mode are considered. - Tasks are idempotent or clearly documented when a check is inherently read-only or platform-specific. - Handlers, tags, defaults, and validation tasks are used where useful. - Inventory, vars, and role defaults do not contain secrets or real environment data. ## Documentation - README files explain current state without overstating completeness. - Runbooks include scope, pre-checks, execution controls, post-checks, and evidence. - Docs avoid tutorial filler and fake enterprise complexity. - Important limitations are linked or documented. - `CHANGELOG.md` is updated for meaningful repo changes. ## Operational Realism - The change reflects RHEL/Oracle Linux, Debian/Ubuntu, AIX, Veritas, GPFS, Zabbix, ELK, Docker, Kubernetes/K3s, Terraform, VMware, or Proxmox operations accurately. - Examples remain sanitized. - Placeholder projects are identified as placeholders. - There is no unnecessary abstraction or invented complexity. ## Validation - Changed Bash scripts pass `bash -n`. - `shellcheck` was run if available, or its absence was reported. - Ansible syntax/lint checks were run if available and relevant. - YAML/Markdown sanity checks were run if available. - Failures and skipped checks are visible in the final summary.