{"results":[{"id":"ai-loop-host-accessor-syntax","text":"AI-loop action functions use the `ftl[\"hostname\"].module()` accessor pattern with `await` for sequential module calls (e.g., `await ftl[\"stargate\"].user(name=\"admin\")`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ai-loop-observe-condition-action-pattern","text":"FTL2 AI-loop rules follow an observe → condition → action pattern: the loop runs `observe` to gather state, calls `condition(state)` to decide whether to act, and calls `action(ftl)` if the condition returns True.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ai-reconciliation-loop-pattern","text":"The AI reconciliation loop follows the pattern: observe → decide → act → verify; cost converges toward zero as deterministic rules replace AI reasoning.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ansible-gradual-migration-path","text":"FTL2 enables gradual Ansible migration without workflow disruption: familiar CLI/inventory/FQCN patterns reduce learning curve while the universal module system (four addressing syntaxes, dual native/bundled execution modes) lets teams run existing Ansible collections alongside faster FTL2 natives incrementally.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"ansible-migration-production-ready","text":"Ansible teams migrating to FTL2 retain familiar patterns while immediately gaining production-grade deployment capabilities: gradual migration preserves CLI, inventory, FQCN, and variable precedence patterns, while state-driven reliability and security-first lifecycle provide enterprise-grade re-runnability and hardening from day one.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"authorized-key-module-fqcn","text":"SSH public keys are deployed via `ftl.host.ansible.posix.authorized_key()` using the full FQCN pattern, supporting user/key/state parameters.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automation-context-is-primary-user-class","text":"`AutomationContext` is the primary user-facing class in FTL2's automation framework, providing the `async with automation() as ftl:` pattern.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automation-context-manager-pattern","text":"FTL2 scripts use `async with automation(state_file=..., secret_bindings=...) as ftl:` as the core entry point — this context manager sets up inventory, state, and secrets.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"automation-quiet-parameter","text":"`automation(quiet=True)` suppresses all console output during execution. Combined with `fail_fast=True`, this is the standard pattern for programmatic/embedded usage (TUI, watchdog, CI).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"catbeez-complete-deployment-pattern","text":"Catbeez demonstrates an FTL2 deployment pattern that combines three production concerns: layered security (localhost binding, Caddy TLS, firewalld drop zone, SSH source-IP restriction, SELinux), DNS-to-TLS automation (Cloudflare DNS-only records enabling Caddy ACME challenges), and hot-reload publishing (HTML5/WASM asset upload with dynamic discovery, no restart required) — illustrating how these concerns compose in a web application hosting scenario.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"check-mode-validate-then-execute-pattern","text":"The recommended workflow for critical operations is validate-then-execute: run check mode first, inspect for failures, then execute for real only if validation passes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cli-rich-targeting-ansible-familiar","text":"The FTL2 CLI provides Ansible-familiar syntax with rich targeting capabilities: the `-m -i -a` flag pattern mirrors Ansible, shlex parsing handles quoted arguments correctly, the --limit flag supports group names, host names, glob patterns, and `!` exclusion, and three run modes (normal, check, teardown) cover the full lifecycle.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloud-to-configured-host-pipeline","text":"FTL2 supports a provision-then-configure workflow within a single run: `add_host()` dynamically registers a newly created host with connection parameters and group assignment, and a two-phase bootstrap pattern (root → admin re-registration) can harden access before applying configuration. State persistence across these steps supports crash recovery and re-runs.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"cloudflare-caddy-tls-deployment-pattern","text":"FTL2 deployments use a consistent Cloudflare+Caddy TLS pattern: Cloudflare DNS records are set to DNS-only (not proxied) so Caddy can perform Let's Encrypt ACME challenges on port 80 and terminate TLS directly, avoiding certificate conflicts between Cloudflare and the origin server.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"complete-targeting-to-execution-pipeline","text":"FTL2 provides a unified pipeline from host selection to module execution: the CLI's rich pattern-based targeting (groups, globs, exclusions) feeds into flexible multi-format inventory resolution, which feeds into four module addressing syntaxes — creating a seamless path from \"which hosts\" to \"what action.\"","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"deployment-incremental-verification-pattern","text":"FTL2 deployments follow an incremental verification pattern: each layer (DNS, TLS, services) is confirmed working before proceeding to the next.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"deployment-security-first-lifecycle","text":"FTL2 production deployments can follow a security-first lifecycle from bootstrap to runtime: two-phase host registration hardens access before content deployment, and runtime protection layers (such as localhost binding, reverse proxy TLS termination, firewalld drop zone, SELinux booleans, and SSH IP restrictions) provide defense-in-depth at network boundaries, as demonstrated in the Catbeez deployment pattern.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"dual-onramp-unified-production","text":"FTL2 offers two complementary onramps to production-grade automation: greenfield developers can start with zero-setup PEP 723 scripts and progress to optimized cloud execution without intermediate tooling, while Ansible teams can migrate gradually by retaining familiar patterns (CLI, inventory, FQCN, variable precedence) and immediately gaining state-driven reliability and security-first lifecycle features. Both paths lead to production-capable deployments, though the specific observability and security characteristics available depend on which features each path exercises.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"dynamic-hosts-full-security-lifecycle","text":"FTL2's unified inventory model means dynamically provisioned hosts can receive the same security treatment as static infrastructure: add_host registration integrates runtime-discovered hosts into the same addressing model where security-first lifecycle patterns — such as two-phase bootstrap, security-before-content ordering, and layered network hardening — can be applied consistently, rather than requiring separate or reduced security workflows for dynamic hosts.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"edge-to-application-security-perimeter","text":"FTL2 deployments can implement a layered edge-to-application security perimeter. In observed patterns, Cloudflare DNS-only mode delegates TLS to Caddy (enabling Let's Encrypt ACME), Caddy terminates HTTPS and reverse-proxies to a localhost-only application, firewalld's drop zone silently discards uninvited traffic, SSH is restricted to source IP ranges, and SELinux enforces network connect policies. This pattern has been documented in catbeez deployments and the Cloudflare+Caddy TLS approach is used consistently across FTL2 deployments.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":52,"limit":20,"offset":0}