Closed the morning security-lockdown bypasses properly, fixed two live exposures (credential vault + caroladmin sudo), enforced no-agent-switching as policy, and re-wired the RSI engine to its real objective: fix the pipeline, never just unblock initiatives.
Verified all 14 criteria live; fixed the OS-isolation regression that crashed Albus RSI diagnoses (bypass book group-write); re-scoped deferred lockdown promises into CAROL-INI-2400 (3 new criteria incl.
CAROL-INI-2392: credential vault split to a radagast-only mode-600 store (33 rows), key directory with a staged PRIVATE key sealed 700/600, old table purged+VACUUMed, new read-only Radagast executor op keeps Heimdall's nightly rotation visibility; also reopened the standing maintenance anchor (closed Jun-29, nightly reseed refused since).
Removed the last run-as grant (caroladmin-to-forge, unused relic) via the az break-glass; sudoers sweep now shows ZERO run-as rules between identities.
CAROL-INI-2423 shipped 6 enforcements: the diagnosis loop can no longer retrigger blocked work on diagnosis-complete (pipeline-fix-only path); a blocked initiative retriggers ONLY after its pipeline fix carries an [rsi-pipeline-fix-verified] decision; Albus prompt/contract made single-objective with contradictions removed; Leo per-initiative unblock loop deleted + crash fixed; the success measure changed from unblock-leverage (target 150) to durable verified pipeline fix (target 100) and reads an honest 0/116 today; cookbook 425 rewritten + entry 455.