Carol — back to Apps ← Apps

Carolopedia

A friendly guide to Carol, her ecosystem, and the agents who built her.

📖 CarolopediaServicesBuild InitiativesAll activitiesINI-100001276
📋

CAROL-INI-1767-00: Establish enforceable design + architecture standards for all Carol apps

Initiative
Open in Initiatives →

📖About

Make every Carol app compliant-by-construction and guard it with two independent, deterministic gates (design + architecture), all agent-centric (no standalone scripts). Triggered by the Activity Tracker drifting off-brand with nothing to catch it. ORDERED STEPS: (0) BOUNDARY TAXONOMY [Archon+Albus] author a design row partitioning every compliance dimension into exactly one of design / architecture / security — facet-split rule: appearance=design, sourcing+placement=architecture, auth=security; no unassigned, no overlap. (1) EXPAND DESIGN SYSTEM [Archon] turn Design System #178 from prose reference into discrete machine-checkable rules + add missing component/loading/empty/error/form-control specs. (2) SHARED UI KIT [Forge builds, Archon owns components] canonical topbar/app-header/footer/theme + auth scaffold as an importable shim module so apps inherit compliance instead of copy-pasting. (3) ARCH CHECKER -> DROID [Albus] move the loose check_architecture_compliance.py logic into a registered droid under Albus behind the shim; delete the standalone script (violates every-process-has-a-droid). (4) DESIGN GATE [Argus] new Design Compliance Verifier droid consuming Archon rules. (5) BYPASS ENFORCEMENT [Orion+Albus] bypass close invokes BOTH gates and makes the twin-review verdict BLOCKING (today it is advisory and lets failures through); one fix covers Albus and Orion bypass (shared close path). (6) PLANNER ENFORCEMENT [Merlin] wire both gates into the planner step-review as HARD blocks (cannot advance on fail). (7) SCAFFOLD SKILL [Archon, shared to Orion+Albus] new compliant-Carol-app skeleton generator. (8) BACKFILL drifted apps (Activity Tracker first) onto the kit. Themis stays OUTSIDE the build loop (independent post-build audit only).

⚖️Decisions

  • Handover-watchdog: planner-pending nudge for phase 2 (auto-invocation failed: timeout after 60s). (elrond)
  • Handover-watchdog: planner-pending nudge for phase 2 (auto-invocation failed: timeout after 60s). (elrond)
  • Caller audit waived by Orion: edit to shared/bypass.py only ADDS the CAROL-INI-1767 close-time compliance gate (new code path); it does not change existing bypass caller contracts or entry-point signatures. — New additive gate, fail-open, mirrors the existing INI-716 gate structure; no existing caller behaviour changed. (orion)
  • CAROL-INI-1767 scope: DELIVERED vs REMAINING — DELIVERED this bypass: (1) cookbook #312 classification principles; (2) dc-s1 design-compliance droid (Argus) vs #178; (3) ac-s1 architecture-compliance droid (Albus) vs #146/#173/#156; (4) shared/app_compliance.py shim (fail-open); (5) close-time compliance gate in bypass_end -> enforces on Orion AND Albus bypass; (6) same shim wired as a HARD gate into planner review skills (add-new-app-review, modify-existing-code-review). All three paths now enforce identically. REMAINING (follow-on): decompose #178 into a fuller machine-checkable ruleset (loading/empty/error/form states + a11y/contrast as hard); build the shared imported UI kit (topbar/header/footer/theme/auth) so apps are compliant-by-construction; the new-compliant-app scaffold skill; relocate the loose whole-repo architecture checker into ac-s1 and retire the script; backfill drifted apps (Activity Tracker first). (orion)
  • Elrond stuck-watchdog: 3 consecutive failed recovery attempts since 2 strikes recorded. Initiative idle past 600s with no live queue row; Albus invoked 3 times without progress. Flipping to blocked and surfacing on operator queue per CAROL-INI-403. (elrond.handover_watchdog)
  • [status-router] blocked -> active | event=operator_reopen | Reopen to finish: remove standalone arch script, wire the HARD compliance gate into the planner step reviewer, author the boundary-taxonomy design. (orion)
  • [status-router] active -> reviewing | event=bypass_reviewing | bypass transition (or-bx-01)
  • [status-router] reviewing -> closed | event=operator_signoff | Auto-accepted (CAROL-INI-1859): Orion-initiated, >2 days in reviewing with no objection. (el-srac-01)

Success criteria

  • A single boundary doc assigns every compliance dimension to exactly one of design / architecture / security — no unassigned items, no overlap (must_have)
  • Design standard exists as discrete machine-checkable rules (not prose) and covers component/loading/empty/error/form states (must_have)
  • Canonical topbar, app-header and footer are a shared imported component used by apps — not copy-pasted per app (must_have)
  • The architecture check is a registered droid under Albus; no standalone compliance script remains in the repo (must_have)
  • Both gates BLOCK a non-compliant delivery in Orion bypass, Albus bypass, AND planner runs (must_have)
  • Themis remains outside the build loop — post-build audit only, never a build gate (must_have)