Prepared for: EY Information Security Team Date: March 2026 Status: Proposed (LOE Review)
jordotech
/ ey-application-level-encryption.md
Last active
March 26, 2026 22:12
EY Application-Level S3 Encryption - Technical Overview
jordotech
/ admin-feature-ENG-857-no-celery-design-20260326-134155.md
Last active
March 26, 2026 21:16
Design: Application-Level S3 Encryption for EY Environments — LOE & Technical Design
jordotech
/ ey-platform-access-control.md
Created
March 25, 2026 17:21
Capitol AI — Data Access Controls for Customer Organizations
Capitol AI has implemented platform-level access control that restricts who can view and download an organization's files. Access is determined by the user's verified email domain — only users with authorized email addresses (e.g., @ey.com) can access the organization's data, even if other users have platform administrator privileges.
This control works alongside the existing External Key Management (EKM) encryption to provide multiple independent layers of data protection.
jordotech
/ per-org-s3-access-isolation.md
Created
March 25, 2026 15:23
ENG-893: Per-Org S3 Access Isolation — Strategy & Test Results
Capitol.ai is a multi-tenant platform where organizations share the same AWS infrastructure. A Capitol.ai admin can add themselves to any organization (e.g., EY) and gain full access to that org's S3 files — uploads, workflow files, and generated outputs. Client orgs need assurance that only users with verified email domains can access their data.
We implement email-domain-scoped IAM role assumption — a belt-and-suspenders approach combining STS AssumeRole with explicit IAM Deny policies.
jordotech
/ celery-to-async-worker.md
Last active
March 21, 2026 20:58
ENG-857: Replacing Celery with Async Workers — Internal Briefing
ENG-857: Replacing Celery with Async Workers — Internal Briefing
Branch: feature/ENG-857-no-celery (agentic-backend + terraform)
Status: Deployed to HMG, ready for load testing
jordotech
/ skills-repo-split-analysis.md
Created
March 10, 2026 20:08
Analysis: Should skills/ live in a separate repo? (spoiler: no)
TL;DR: The skills/ directory is 3.6MB / 282 files — smaller than a single retina screenshot. Splitting it into a separate repo adds real operational complexity to solve a non-problem, and partially reintroduces the version-coupling failures that caused the outages we're trying to fix.
Total: 3.6 MB, 282 files
jordotech
/ skill-management-update.md
Created
March 7, 2026 15:54
RFC: Git-Tracked Claude Skill Management — replace manual platform.claude.com uploads with CLI-driven, version-pinned deployments
jordotech
/ multi-regional-deployment-plan.md
Last active
March 6, 2026 17:32
Multi-Regional Deployment: EY SSO Region Redirect - Implementation Plan
jordotech
/ agentic-backend-pr-comparison.md
Created
February 25, 2026 16:21
PR #363 (sso_user_id_updates by CapitolCoder) — 527 additions, 8 deletions, 3 files
PR #362 (feature/COM-18-ad-phase-1 by jordotech) — 8 additions, 1 deletion, 1 file
Both PRs add Authorization: Bearer header support to get_current_user() so SSO users can authenticate with agentic-backend.
| Aspect | PR #363 | PR #362 (ours) |
jordotech
/ platform-api-pr-comparison.md
Created
February 25, 2026 16:20
PR #365 (sso_user_id_updates by CapitolCoder) — 3,143 additions, 80 deletions, 16 files
PR #363 (feature/COM-18-ad-phase-1 by jordotech) — 3,124 additions, 264 deletions, 22 files
Both PRs target the same goal: make platform-api Auth0-aware so SSO users get proper UUIDs instead of Auth0 sub strings.
| Aspect | PR #365 | PR #363 |
NewerOlder