---
profile: production

skip_list:
  - var-naming[no-role-prefix]  # Allow variables without role prefix
  - risky-shell-pipe  # We handle pipefail where needed
  - command-instead-of-module  # curl for GPG keys is intentional

warn_list:
  - args[module]  # Warn on module args issues

kinds:
  - playbook: "**/playbook.yml"
  - tasks: "**/tasks/*.yml"
  - vars: "**/defaults/*.yml"
  - handlers: "**/handlers/*.yml"

exclude_paths:
  - .github/
  - venv/
  - dist/

use_default_rules: true
