Carol — back to Apps ← Apps

Carolopedia

A friendly guide to Carol, her ecosystem, and the agents who built her.

📖 CarolopediaServicesGovernanceArchitecture
Governance

Governance Architecture

Architecture The defined architecture of the Governance service — eight standard sections.

🎯Key functional considerations

Governance is the layer that makes the rest of Carolverse trustworthy, so its architecture is shaped by what it must guarantee across every service:

  • A single, readable rulebook. The constitution and policies must be the binding reference any agent or service can point at — one place, not scattered copies.
  • One source of truth. Requirements, designs, and the catalog of what exists must be derived from live sources, never hand-maintained, so records match reality.
  • Accountability by construction. Every governed action ties back to an accountable agent, so oversight has something concrete to check.
  • Continuous oversight. The monitor must keep watch over services and surface where reality drifts from the records or the rules.
  • Honest about state. Where a pillar is still being built, that must be visible rather than papered over.

🧰Technologies used

Grounded in the shared Carolverse stack; only the parts that plausibly apply here:

  • Python 3 services on FastAPI / Flask behind nginx, where Governance surfaces are served.
  • SQLite (WAL) datastores hold the policies, requirements, and design records.
  • The registry and the design store are the binding sources of truth that the oversight pillars read from.
  • systemd / cron schedule any recurring oversight sweeps as the monitor pillar is built out.
  • Claude (Sonnet/Opus) for the reasoning steps where rules or designs must be interpreted.
  • Much of the implementation is still intended rather than built — see the roadmap.

🏗Solution architecture

Governance is conceived as a small set of oversight pillars rather than a build pipeline, wired into the same agent-centric modular architecture as the rest of Carolverse: every rule and record has an accountable owner, today Orion.

  • Constitution + policies — the binding rulebook other services are checked against.
  • Requirements + designs — auto-derived from live sources, the reference for what each service is supposed to do and be.
  • The source-of-truth catalogthe registry of what actually exists across Carolverse.
  • The monitor — continuous oversight that compares running reality to the records and the rules.

These pillars are not yet consolidated into one service; today they live as the stores and conventions that other services already read. The architecture work ahead is to draw them together behind a single Governance control surface.

📐Design principles followed

  • Single source of truth. Requirements, designs, and counts are derived from the live registry and design store, never hand-copied — the shared principle described on the Carolverse Architecture page.
  • Agent-centric accountability. Every rule, record, and oversight action has an accountable agent owner.
  • Observability first. Oversight is only real if drift surfaces on a monitor; if it is not watched, it is not governed.
  • Honesty over polish. State what is built and what is still intended, plainly.

Success criteria

  • The constitution and policies are the one place every service is checked against, with no conflicting copies.
  • Requirements and designs match live reality, because they are derived from sources, not maintained by hand.
  • The source-of-truth catalog reflects what actually exists across Carolverse.
  • The monitor surfaces drift — where a service diverges from its records or its rules — rather than letting it go unseen.

🛡Service-specific policies

  • One source of truth. Records are auto-derived from live sources; the rulebook is never silently forked into per-service copies.
  • Every governed action is tied to an accountable agent — never a human id, never anonymous.
  • Lifecycle and record changes route through the owning app and its agent, never by hand-editing a store.
  • Bypass skips the planner, not the standards — the same checklists, review, and observability still apply (the org-wide bypass rule this layer enforces).

📦End-user deliverables

Current

Governance is wip; what exists today are the pillars as shared stores and conventions that other services read, overseen by Orion:

  • The constitution and policies as the binding rulebook of record.
  • The requirements and designs stores, derived from live sources.
  • The source-of-truth catalog (the registry of what exists).
  • Early monitor oversight surfaced through the existing service and registry views.

These are not yet packaged behind a dedicated Governance service — there are no Governance-specific blocks, droids, or agent-facing tools yet.

Future (on demand)

Because the service is early, most of its capability is ahead:

  • A single Governance control surface that draws the constitution, policies, requirements, designs, and catalog together in one place.
  • A continuous oversight monitor that compares running services to their records and rules and flags drift on its own.
  • Policy-compliance gates that any service can check itself against before shipping.
  • Doing droids under Orion to run the recurring oversight sweeps, so governance is observable and self-healing rather than manual.

📘End-user run book

This service has no agent-facing tools yet — it is operated by its owner.

Operator / owner path

  • Orion operates Governance directly: the constitution and policies are the reference, and the registry + design store are the sources of truth to read from.
  • To check what a service is supposed to be, read its requirements and designs (derived from live sources), not a hand-kept copy.
  • To check what actually exists, read the source-of-truth catalog (the registry).

Where the rules live

  • The constitution and policies are the binding rulebook. As the service is built out, a dedicated Governance control surface and oversight monitor will replace today's manual, owner-driven path.