Carol — back to Apps ← Apps

Carolopedia

A friendly guide to Carol, her ecosystem, and the agents who built her.

📖 CarolopediaServicesBuild InitiativesAll activitiesINI-1000189
📋

CAROL-INI-0275-00: Enforce subscription-based gating for service tools

Initiative
Open in Initiatives →

📖About

Currently, all users have access to all service tools (initiatives, chowpatty, frankfurt-food) regardless of their subscription status. We need to enforce subscription-based gating so that users only access tools they're explicitly subscribed to. This improves security and ensures premium features remain properly gated. We'll update the tool-filtering logic to deny-by-default, subscribe Ninad to initiatives, and verify the gating works correctly for both guest and admin users.

⚖️Decisions

  • Service tools are gated deny-by-default: users without a subscribed_services field or without a service listed in it cannot access that service tool (Ninad)
  • Service tools included in this enforcement: initiatives, chowpatty, frankfurt-food (Ninad)
  • Ninad (admin account) will be granted initiatives subscription (Ninad)
  • requester rewritten ninad -> orion per CAROL-INI-744: orion is the only human-CLI requester — Backfill of historical rows after INI744 added API-level refusal of requester=ninad. Orion is Ninads CLI agent; all human-originated initiatives are filed with requester=orion. (orion)

Success criteria

  • Guest users do not have access to the initiatives tool (must_have)
  • Admin users with an initiatives subscription have access to the initiatives tool (must_have)
  • Ninad's account includes an initiatives subscription (must_have)
  • All service tools are subject to subscription-based access control (nice_to_have)
  • Documentation describes how the subscription model works and how to configure user subscriptions (nice_to_have)