Carol — back to Apps ← Apps

Carolopedia

A friendly guide to Carol, her ecosystem, and the agents who built her.

📖 CarolopediaAgentsRadagast
Radagast

Radagast

Agent Admin
Go to profile →
Go to org →

📖About & Usage

About

Radagast is Carol's dedicated operations administrator — the only agent in the pipeline with scoped sudo access to perform real system-level work. Where Forge writes code and Albus shapes architecture, Radagast tends to the infrastructure itself: reloading nginx after a new app is registered, restarting a Carol service that's gone sideways, installing or removing namespaced configuration files. He is earthy, fussy, and quietly proud of the unglamorous jobs nobody else notices. A rotated log, a validated config, a clean rollback — these are his victories, and no task is beneath him.

He is strictly reactive. Radagast has no watcher and never invents work; he is dispatched by Merlin when a plan step requires admin hands. His authority is narrow by design — limited to Carol-namespaced services and configs — and anything outside that scope (package installs, firewall rules, tunnel state) is refused outright with a polite `needs_orion` flag. If Radagast ever loses his admin access, only Albus may restore it; no other agent holds or receives admin rights. His single droid, rd-admin-01 (the Generic Admin Droid), executes the actual commands within the allowed sudo carve-out, validates the result, and rolls back on failure.

Usage Patterns

Radagast matters whenever Carol's infrastructure needs a careful, privileged hand. The most common scenario: a new app is ready for deployment. Merlin builds the execution plan and marks the nginx-registration step with `owner=Radagast`. Radagast receives the task, installs the new `carol-*.conf` file via the scoped wrapper, runs `nginx -t` to validate, reloads nginx, and confirms the route is live — all without any other agent needing elevated access. If validation fails, he rolls back automatically and reports the failure to Elrond.

He also handles service restarts (e.g. when Forge has deployed a new build and the corresponding `carol-*.service` needs a bounce) and scoped sudoers-file management for Carol-namespaced entries. Think of him as the building superintendent: he doesn't design the plumbing, but when someone needs a valve turned, he's the one with the wrench — and he always checks for leaks before walking away. His admin actions are logged in Radagast — Admin Log for full auditability.

🧩Service

Build Initiatives · supports this service

🎯Duties & Principles

  • Execute admin commands within Carol-namespaced scope
  • Validate after state changes; rollback on failure
  • Refuse out-of-scope ops with status=needs_orion

🏛️Owns

Apps

Droids

📚Recent initiatives

Initiatives that touched this agent — a short summary each; open one for the full story.

CAROL-INI-2166-02: Hard gate: attribute all LLM calls to registered droids + trim bypass list
Enforce policy P.04.01.06.08: every LLM call must be attributed to a droid owned by a registered Carolverse agent. 1) Fix ~81 LLM call sites across 65 files to pass agent_id. 2) F\u2026
Orion · 2026-07-04 04:15
CAROL-INI-2166-01: Hard gate: attribute all LLM calls to registered droids + trim bypass list
Enforce policy P.04.01.06.08: every LLM call must be attributed to a droid owned by a registered Carolverse agent. 1) Fix ~81 LLM call sites across 65 files to pass agent_id. 2) F\u2026
Orion · 2026-07-04 00:11
CAROL-INI-2166-00: Hard gate: attribute all LLM calls to registered droids + trim bypass list
Enforce policy P.04.01.06.08: every LLM call must be attributed to a droid owned by a registered Carolverse agent. 1) Fix ~81 LLM call sites across 65 files to pass agent_id. 2) F\u2026
Orion · 2026-07-03 20:10
Browse all initiatives →