scripts/resources/roles/ — role template files extracted from init_ansible_project.sh heredocs: common_python, common_packages, user_management (tasks + defaults), bootstrap_ansible_user.
scripts/resources/playbooks/ — playbook templates extracted from init_ansible_project.sh heredocs: setup_ansible_user.yml, bootstrap.yml.
scripts/resources/port_config.yml — YAML-driven port categorization config for discover_hosts.py; supports port_tech, group_ports, group_comments, ini_legacy_order, default_ports. Loaded at runtime with graceful fallback to built-in defaults if missing or if PyYAML is unavailable.
scripts/resources/discover_hosts.py — --port-config <path> flag to specify a custom port categorization config.
init_ansible_project.sh: check_deps() preflight function — validates required binaries (ssh-keygen, git, python3) and all scripts/resources/ files are present before any work begins; also checks ansible-vault when --with-vault is active.
setup.sh: Guard --help exit with BASH_SOURCE check to prevent closing the user's shell when the script is sourced.

init_ansible_project.sh: All role and playbook scaffolding functions now copy from scripts/resources/ instead of emitting inline heredocs — same pattern as discover_hosts.py.
init_ansible_project.sh: SCRIPT_DIR and RESOURCES_DIR resolved once at script startup; all resource lookups use $RESOURCES_DIR.
init_ansible_project.sh: Three mkdir error-handling blocks replaced — removed set +e / mkdir_err.log / set -e pattern in favour of mkdir -p ... || error_exit N "...".
init_ansible_project.sh: Removed ~600-line legacy heredoc wrapper (_legacy_create_dynamic_inventory_UNUSED) and all commented-out # log DEBUG / # echo "[ECHO]" lines.
init_ansible_project.sh: Section numbering corrected — headers now run sequentially 1 → 1b → 2 → 3 → 4 → 5 → 6 → 7 → 8 with no gaps.
init_ansible_project.sh: Root-level duplicate (init_ansible_project.sh) removed; scripts/init_ansible_project.sh is the sole canonical location.
setup.sh: Removed stale root-path fallback for init_ansible_project.sh; errors out cleanly if scripts/init_ansible_project.sh is not found.
README.md: Section 6 updated to reflect copy-from-resources model for discover_hosts.py and port_config.yml; Advanced Scanner Flags updated with --port-config and customization notes; unimplemented flags removed.
docs/CONTRIBUTING.md: Updated stale reference — discover_hosts.py is now a standalone resource file, not embedded in init_ansible_project.sh.
docs/ROADMAP.md: Init Script Robustness section updated to reflect completed work; role template extraction added as next tracked item.

init_ansible_project.sh: Replaced unsafe eval-based ssh-keygen call with an array-based command to prevent shell injection.
init_ansible_project.sh: Removed duplicate argument parsing block and redundant vault prompt that ran a second time after the main parse loop.