Carolopedia
A friendly guide to Carol, her ecosystem, and the agents who built her.
📖About
Use the create-a-new-skill meta activity (type SK) to author and WIRE a new Sage-owned activity skill named 'iam-access-grant' (suggested type code IA).
ACTIVITY: Grant or modify an access entitlement in the IAM/PAM/JIT framework (CAROL-INI-1911/1910): a principal->role->artifact RBAC grant, or a time-bound JIT request->approve->expire. Writes the ac_* tables in the registry and is enforced by the session gate. Separation of duties: the granting agent is not the auditor.
CONTRACT SKETCH: HARD: principal + artifact + role exist; grant written to the ac_* schema; access_control.can() reflects it; JIT grants carry an expiry; session gate enforces it; admin-logged. SOFT: least-privilege (no over-grant); separation of duties honoured; recertification path noted.
DELIVERABLE: parent SKILL.md + contract.json + four phase sub-skills (iam-access-grant-decide/-design/-execute/-review), the type code wired into TEMPLATE_SKILL_MAP + DOER_TYPES + the step classifier, a cookbook note, and a regression assertion that the skill resolves to mode=skill and a representative step classifies to its code.
⚖️Decisions
- [status-router] planned -> dispatched | event=dispatch | dispatcher queued (ds-s1)
- Skill delivered: iam-access-grant (IA). delivered via operator bypass (pipeline slot-jam); skill built+wired+live + regression + cookbook. — All six missing planner skills are now built + wired + live with regression coverage and cookbook notes; see initiative CAROL-INI-1928 (meta) and 1935 (self-heal). (orion)
- [status-router] dispatched -> reviewing | event=operator_complete | delivered via operator bypass (pipeline slot-jam); skill built+wired+live + regression + cookbook (orion)
- [status-router] reviewing -> blocked | event=operator_put | PUT /api/initiatives (operator)
- Elrond stuck-watchdog: 3 consecutive failed recovery attempts since 2 strikes recorded. Initiative idle past 600s with no live queue row; Albus invoked 3 times without progress. Flipping to blocked and surfacing on operator queue per CAROL-INI-403. (elrond.handover_watchdog)
- [status-router] blocked -> reviewing | event=operator_complete | CAROL-INI-1938: false block cleared — work verified done; awaiting UAT (orion)
- [status-router] reviewing -> closed | event=operator_signoff | Auto-accepted (CAROL-INI-1859): Orion-initiated, >2 days in reviewing with no objection. (el-srac-01)
✅Success criteria
- the iam-access-grant skill exists on disk (parent SKILL.md + contract.json + four phase sub-skills) and resolve_activity for its type code returns mode=skill (must_have)
- the iam-access-grant type code is wired into TEMPLATE_SKILL_MAP, DOER_TYPES and the classifier, and a representative step classifies to it (must_have)
- a cookbook note records the iam-access-grant activity and a regression assertion covers it (must_have)