a996cc6908
When you click Run, Steward now parses the playbook and renders a field for each declared variable instead of a blank extra-vars textarea. The form loads on demand via HTMX (/ansible/run-form/<source>/<playbook>). - sources.discover_playbook_variables: parse vars: defaults + vars_prompt: (vars_prompt wins on name collision; non-scalar vars skipped; role/include vars not traversed). Flags secret-looking names + vars_prompt private. - Run-time values flow through a JSON extra-vars file (-e @file), which is space/quote-safe — fixes a latent shlex-split bug in the old -e key=value textarea path. executor.build_extra_vars_file (pure) + start_run merge. - Secret-flagged fields are masked AND routed through an unpersisted secret_vars channel (runner.trigger_run → start_run), so passwords entered at run time never land in the DB / run history. - Defaults shown as placeholders (not prefilled): an untouched field falls through to the inventory/play default instead of overriding it. - routes: run_form HTMX endpoint; _parse_run_params now returns (params, secret_vars, err) and reads var__/secret__ fields. Schedules drop secret vars (can't prompt unattended). - templates: ansible/_run_form.html fragment; browse.html rewired to HTMX, static JS run-form removed. Advanced section keeps limit/tags/check + a free-form extra-vars escape hatch. - tests: test_playbook_variables.py (discovery + extra-vars file). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>