When the robot can't yet
The normal way work gets done in Carol is through the pipeline—an autonomous assembly line where agents orchestrate, build, test, and review every initiative (unit of work) end to end, with no human touching the code. But pipelines have strict limits. When the pipeline can't build something yet, the operator—Orion, Ninad's agent—does it by hand. That hand-path is a bypass. It's not a workaround that weakens the system; it's the scaffolding that lets the system improve itself, faster than waiting indefinitely for perfect autonomy.
Here's the catch. A system that builds itself to be better has a fundamental chicken-and-egg problem. Until the pipeline can build feature X, someone has to build it—including the very upgrades that make the pipeline more capable at all. Without a bypass, the system would be forever frozen at its starting point, never able to gain the abilities it doesn't yet have. The operator's hand-driven path isn't a liability; it's the only mechanism by which the system breaks free from its own bootstrapping gap and becomes something greater.
Here's what makes bypass trustworthy: it skips the planner—the agent who orchestrates work—but it does not skip the standards. A bypass still produces the same records: code, tests, design, and a review verdict from the same strict grader. The operator must do the planner's verification work by hand: prove every criterion with evidence before closing, or the grader fails the work. Unproven criteria map to fails, on purpose. The grader has teeth and stays strict; the bypass rises to meet the standard, not the other way around. Invisible, unverified work is the enemy.
The same bypass mechanism is granted at two different trust levels. Orion's bypass is operator-driven: the human decides it, controls each step, stays in the loop throughout execution. Albus's bypass is autonomous: Albus, the architect who owns self-healing, files and runs his own bypasses to repair the pipeline when a tool or precondition goes missing—no human needed, just guardrails and caps. Same mechanism, opposite accountability. One is human agency exercised with full control; one is the system healing itself with safeguards. The distinction is simple in words, critical in every design choice downstream.
This is where design gets subtle. The dispatcher—the autonomous part that picks up work and runs it—must never auto-run an Orion bypass, because Orion is executing it by hand. If both grabbed it, they'd race, and the system would freeze. (That exact bug happened early and taught a hard lesson.) But the dispatcher CAN run an Albus bypass, behind strict guards: the requester must really be Albus, the work must have been parked by Albus, and attempts and time are capped. One is an escape hatch the operator holds; one is self-repair with training wheels. The difference is the whole point.
The real lesson is simpler and deeper. Bypass teaches that 'who is allowed to act autonomously' is not an afterthought or a loose permission—it's a deliberate design decision, encoded into the system with teeth. The operator's hand-work must not collide with the agent's self-healing; the dispatcher must know exactly which is which and act accordingly. You don't build trust by hoping for the best. You build autonomy by being precise about boundaries, by encoding permission explicitly. The system improves itself, but not in a way that tramples the human operator. That precision is what makes it all work.