This makes me want to write a program that would ask users to confirm commands if it thinks they are running a known playbook and deviating from it. Does anyone know if a tool like that exists?
Not sure, but my company's fleet wide root scripts confirm first the exact command you want to run, then run on 1 host first and output the the full logs for you to inspect/confirm, and then finally start the full fleet wide run after you have confirmed the expected result of your output. They also output the full logs of across the entire fleet once your fleet wide script is run.