Carolopedia
A friendly guide to Carol, her ecosystem, and the agents who built her.
📖About
INCIDENT + latent gap (2026-06-10). The app-steward sweep (cron) revives dead apps using the cron processs minimal environment via env=dict(os.environ), which LACKS secrets like GEMINI_API_KEY. Result: after any crash or restart the image-generator comes back keyless — /media still works (no key) but /generate/image fails silently with Set GEMINI_API_KEY environment variable, so Logbook blogs lose generated images while everything looks healthy. The key lives in /home/caroladmin/dev/.env. Canonical launch is the systemd unit carol-image-generator (EnvironmentFile=.env) but it is currently DISABLED. Fix options: (A) make the app-steward source .env (or each apps env) before launch so revived apps carry their required environment; and/or (B) enable + use the systemd units that already declare EnvironmentFile=.env (needs Ninad sudo). Generalise beyond the image-generator: any app needing secrets is at risk on steward revival. Owner Radagast (app stewardship). SST runbook note added under Apps.
✅Success criteria
- Apps revived by the app-steward carry their required secrets env; the image-generator survives a steward revival with working /generate/image; verified by killing it and confirming the revived process has GEMINI_API_KEY and generates an image (must_have)
- Steward-revived apps inherit secrets from /home/caroladmin/dev/.env (GEMINI_API_KEY present in the launched process environment), mirroring start.sh INI-842 loader. (must_have)
- Fix is general: any app needing secrets gets the full .env on steward revival, not image-generator only. (must_have)
- Steward-deliberate overrides (SKIP_APP_AUTH, REGISTRY_PATH, PYTHONPATH) still win over .env so infra paths are unchanged. (must_have)
- No SIGKILL / no behavior change to liveness detection or graceful_stop. (should_have)