Executive Overview
Program Status
YELLOW
Cyber workstream most active with 28 open items (6 new from today's call); task worker reliability is URGENT (ENG-8920). Key integration fixes shipped. SMK v1.0.3.1 released. No application logging in SMK — high-impact gap.
Program Summary
59% complete — 59 of 100 items delivered across 6 workstreams. (+6 new issues filed from Mar 23 Office Hours call, +2 done since last update: ThreatConnect integration done, SMK v1.0.3.1 released. Okta write tools moved to Agency team; Okta bug fixed. MITRE ATT&CK canceled.)
Top 3 Unresolved Blockers:
🚨
Task Worker Heartbeat Loss (ENG-8920) — URGENT — Known bug: task worker loses Hatchet heartbeat and silently stops processing. Second occurrence. No logs available to diagnose. Kindo confirmed highest priority. Critical for RSA and production.
🔴
ServiceNow OAuth2 (ENG-8794) — OAuth2 connection fails while REST API works. Blocks ServiceNow integration. Assigned to Yash Kothari.
🔑
Okta Write/Create Action Tools (AGE-354) — Expand Okta integration with write/create action tools. Required for full Okta workflow support.
3 Main Priorities:
📅
RSA This Week — Preparing to demo Portfolio & Program Management functionality. In-person review session tomorrow (Tue Mar 24) with Mo, Bryan/Nick. SMK v1.0.3.1 released ✅.
🖼️
Canvas is the #1 request — URL params and navigation needed for SOC production deployment. Strategic path under discussion.
⚡
Agent Reliability Phase 1 — Currently at level 6 of 10. Target: 8 of 10 by end of Sprint 3.
✅ What's Working
🎓 Training
🟢
Targeting scalable LMS for 75+ engineers. This is Arun's stated priority #1.
Target date: Week of April 6, 2026 (April 6, 7, or 8)
Previous target: Week of March 30 — shifted due to Kindo team attending RSAC
Format: ~3-hour virtual pilot session, 7:00–10:00 AM PT
Scope: Train 75 India-based engineers. Pilot group: 10–15 super users first.
Target date: Week of April 6, 2026 (April 6, 7, or 8)
Previous target: Week of March 30 — shifted due to Kindo team attending RSAC
Format: ~3-hour virtual pilot session, 7:00–10:00 AM PT
Scope: Train 75 India-based engineers. Pilot group: 10–15 super users first.
📊 Portfolio Management
🟢
V1 is live and pulling real-time data.
Dashboard operational with executive overview, workstream tracking, project views, risks, and delivery cadence. Continuously updated from Linear + call transcripts.
Dashboard operational with executive overview, workstream tracking, project views, risks, and delivery cadence. Continuously updated from Linear + call transcripts.
⚙️ Operational Groups
🛡️ Cyber / SaaS
🔴
Blocked by the canvas approach (API solution pivot).
Canvas is the #1 request from Deloitte. Current architecture has a hard ceiling. Strategic path under discussion — tactical fixes vs. Kindo API vs. generative UI.
Canvas is the #1 request from Deloitte. Current architecture has a hard ceiling. Strategic path under discussion — tactical fixes vs. Kindo API vs. generative UI.
📦 Adelina / SMK Installs
🟡
Currently triage/ad hoc → solution development
Marcos and Brandon are designing an Efficient SMK install process based on Deloitte learnings. New Linear project created. Moving from reactive triage to a structured install workflow.
Marcos and Brandon are designing an Efficient SMK install process based on Deloitte learnings. New Linear project created. Moving from reactive triage to a structured install workflow.
🌍 Meta Global Ops
🟡
Dormant. Backlog exists but nothing assigned or actively worked.
Led by: Arun (CTO)
10 issues in backlog, 4 high-priority. Automated QA testing platform for Meta via Deloitte. Awaiting resource allocation and kickoff.
Led by: Arun (CTO)
10 issues in backlog, 4 high-priority. Automated QA testing platform for Meta via Deloitte. Awaiting resource allocation and kickoff.
Click to expand detail sections
▶
🔍 Key Health Questions — Reporting Period: Mar 12–20, 2026
| Question | Status | Explanation |
|---|---|---|
| Is the team behind schedule? | ⚠️ Possible | Agent reliability at 15%. Cyber workstream at 33% — most complex track. |
| Problems preventing cycle goal? | 🟢 Mitigated | Jira DC auth and ThreatConnect validation issues are now resolved and operational. |
| Tasks added or deleted this cycle? | ⚠️ Yes | 4 new issues from Mar 17 Cyber Weekly. Jira DC and ThreatConnect escalations now resolved. Pareto analysis: AI-PMO reassessing all new and prior tasks against changing requirements — identifying which remain critical to sprint/release goals and which can be deprioritized or deleted without impact. |
| Foresee issues for next period? | ⚠️ Possible | RSA Conference (next week) will reduce engineering bandwidth. In-person review session Monday. |
| Unscheduled tasks this cycle? | ⚠️ Some | SMK 1.0.3.1 release prep unplanned. Jira DC + ThreatConnect debugging (now resolved) consumed cycles. |
| Have any estimates changed? | ⚠️ Yes | T&C baseline estimates produced for surviving Promise + Stretch items: 160h Promise (4 sprints), 59h Stretch. Assumes autonomous pipeline execution (Warren + Joana). |
| Technical problems encountered? | 🟢 Resolved | Jira DC auth flow and ThreatConnect MCP parameter validation — both fixed and deployed. |
| Resource problems? | ⚠️ Possible | Meta Global Ops fully unresourced (10 backlog items, 0 assigned). RSA week reduces available engineering. |
▶
🧭 Strategic Priorities for Portfolio Stakeholders
1. Canvas: Tactical Fixes vs. Strategic Rebuild
Decision Required
Canvas is the #1 request category and is blocking SOC production deployment. Three paths: tactical fixes (URL params, navigation), Kindo API (Deloitte builds custom UIs), or generative UI (~90 days R&D).
2. Agent Reliability: Timeline & Expectations
Alignment Needed
Deloitte expects agents that run for hours reliably. Currently at 15% progress — first drops end of March, full reliability mid-April+.
3. Integration Priority Ranking
Input Requested
Remaining integration streams: ServiceNow + SAP (not started), SailPoint & Okta (bugs). Stakeholder input needed to sequence.
4. Meta Global Ops: Resource Allocation
Not Started
10-issue QA testing platform for Meta via Deloitte — entirely unresourced. Decision: priority vs. existing workstreams?
▶
✅ Accomplishments This Period — Week of Mar 12–20
| Accomplishment | Owner | Status |
|---|---|---|
| SMK system upgrade to v1.0.3.0 — deployed to Deloitte hosted + self-managed instances | Engineering | ✅ Complete |
| Dashboard/Canvas agent cleanup — auto-created agents now hidden from main list, new "Dashboard Agents" filter tab live | Aashman | ✅ Complete |
| DLP data scrubbing fix — customer PII was being incorrectly scrubbed; resolved | Engineering | ✅ Complete |
| Feature flag management decoupled — SMK feature flags separated from deployment-specific configuration | Engineering | ✅ Complete |
| Command Center now live — visible in hosted instance and v1.0.3.0 SMK | Engineering | ✅ Complete |
| Jira Data Center auth fix — basic auth vs API token mismatch resolved for self-hosted Jira DC | Engineering | ✅ Complete |
| ThreatConnect MCP parameter fix — validation errors causing retry loops now resolved | Engineering | ✅ Complete |
▶
🔺 Active Risks
| ID | Impact | Trend | Description | Mitigation |
|---|---|---|---|---|
| R1 | Low | 📉 | RSA readiness — Jira DC resolved. Jira DC integration is now operational. ThreatConnect also fixed. RSA in-person review Monday. | Jira DC and ThreatConnect fixes deployed. SMK v1.0.3.1 release in progress for pre-RSA. |
| R3 | Med | 📈 | Agent reliability below Deloitte expectations. Agents quit during long tasks. Timeout Band-Aids applied; root cause fix at 15%. | Phase 1 drops end of March. Context compaction + retries + better error reporting. |
| R4 | Med | ➡️ | Meta Global Ops fully unresourced. 10 backlog items, 4 high-priority, zero squad allocated. | Defer until post-RSA. Allocate squad in next Program Planning cycle. |
▶
🚨 Key Issues
| ID | Description | Status | Owner | Due Date |
|---|---|---|---|---|
| I1 | ✅ RESOLVED | Engineering | Mar 20 | |
| I2 | ✅ RESOLVED | Engineering | Mar 20 | |
| I3 | ✅ RESOLVED | Agency | Mar 22 | |
| I4 | ServiceNow OAuth2 (ENG-8794) — OAuth2 connection fails while REST API works. | 🔴 OPEN | Unassigned | TBD |
| I5 | ✅ RESOLVED | Brandon | Mar 22 |
▶
📋 Plans for Next Period — Mar 20–Apr 2
| Plan | Owner | Target |
|---|---|---|
| RSA in-person review session — Mo, Bryan/Nick, Kindo team meet Monday afternoon to walk through full update list | Tony / Mo Nezarati | Mon Mar 24 |
| Agent long-running reliability (Phase 1) — context compaction, automatic retries, better error messages. Currently 15% through. | Engineering | End of March |
| SMK v1.0.3.1 release package — includes dashboard agent cleanup, Jira DC fix, ThreatConnect fix + additional improvements | Brandon | Pre-RSA |
| Webhook retry context preservation — ensure workflow restarts retain original webhook trigger context (feedback from Deloitte) | Engineering | Apr |
| Streamlined one-click SMK installation — environment validation tooling + simplified deployment process | Engineering | In progress |
▶
🎯 Key Schedule Milestones
| Milestone | Target Date | Status |
|---|---|---|
| Jira DC + ThreatConnect integration fixes deployed | Mar 20 (Fri) | ✅ Done |
| RSA Conference — in-person review session with Deloitte | Mar 24 (Mon PM) | ⚠️ Scheduled |
| Agent reliability Phase 1 — first capability drops | End of March | ⚠️ 15% |
| SMK v1.0.3.1 release to Deloitte | Pre-RSA | ✅ Done |
| Program dashboard ready for Deloitte leadership | Pre-RSA | ⚠️ In Progress |
| Agent reliability Phase 2 — compaction + full retry | Mid-April | Planned |
| Meta Global Ops — squad allocation & kickoff | TBD | Not Started |
▶
📝 Key Decisions
| ID | Decision | Decision Maker | Date |
|---|---|---|---|
| D2 | RSA in-person review scheduled Monday afternoon — full update walkthrough with Mo, Bryan/Nick | Tony / Mo | Mar 19 |
| D4 | Webhook retry must preserve original trigger context (Deloitte feedback → accepted as enhancement) | Tony / Bryan | Mar 19 |
| D5 | Agent reliability Phase 1 target: end of March; iterative drops after that | Engineering | Mar 19 |
▶
📞 Most Recent Call: Office Hours — Deployment Q&A — Mar 23, 2026
Kindo Attendees
Tony Wong, Marcos Pagnucco, Mo Nezarati, Bryan Vann, Mathew Varghese, Chriwong
Deloitte Attendees
Hvajrapu (Ram), Naellis (Nate), Dbrignardello, Prudhvi Yendluri, Masarma, Adkaza, Troy Presley
🚨 URGENT — Task Worker Failure (ENG-8920): Task worker lost heartbeat and silently stopped processing — second occurrence. Known bug confirmed by Marcos. No application logs to diagnose. Kindo acknowledged as highest priority. Patch being coordinated.
🔴 NO APPLICATION LOGGING (ENG-8924): Major gap — Deloitte's SMK deployment has no permanent log storage. Audit logs ≠ application logs. CloudWatch Logs recommended but requires K8s add-on. Kindo's turnkey installer includes this; Deloitte's custom deployment does not.
⚠️ LOGO NOT RENDERING (ENG-8921): Deloitte logo in S3 not displaying. Suspected CORS issue. Fix call scheduled: Marcos + Nate at 1:30 PM PST today.
💬 CHAT DISCLAIMER (ENG-8922): Deloitte wants the "content created" note below the chat bar. Marcos provided the environment variable.
📊 GRAFANA DASHBOARDS (ENG-8923): Marcos demoed platform overview dashboard (ingress, Hatchet tasks, agent runs). Will share JSON. OTEL collector → Prometheus → Grafana.
📦 STREAMLINED INSTALL: Deloitte enthusiastic about simplified install. May have new environment with fewer guardrails. Turnkey includes CloudWatch + X-Ray traces.
🏢 ORG MANAGEMENT (ENG-8925): Creating new orgs not possible via SMK UI. Need specialized Kindo IAM engineer meeting. Resource isolation across orgs is shared (backlog item). Not priority now.
▶
🔄 Changes Since Last Update — 6 new issues + status changes
| Issue | Title | Type | Source |
|---|---|---|---|
| ENG-8920 | Task worker loses Hatchet heartbeat and silently stops processing | 🚨 Urgent | Mar 23 Office Hours |
| ENG-8921 | SMK white-label logo not rendering from S3 bucket (suspected CORS) | 🟡 Bug | Mar 23 Office Hours |
| ENG-8922 | Document configurable disclaimer message below chat input | 🟢 Feature | Mar 23 Office Hours |
| ENG-8923 | Share Grafana dashboard JSON + document OTEL metrics for SMK | 🟡 Feature | Mar 23 Office Hours |
| ENG-8924 | Document container log forwarding to CloudWatch for non-turnkey SMK | 🟡 Feature | Mar 23 Office Hours |
| ENG-8925 | Support multi-organization creation and resource isolation in SMK | 🟢 Feature | Mar 23 Office Hours |
Status Changes Since Last Update
▸ ENG-8721 (ThreatConnect) → Done ✅
▸ ENG-8732 (Release package v1.0.3.1) → Done ✅
▸ ENG-8795 (Okta write tools) → Canceled (moved to AGE-354 on Agency team)
▸ ENG-8513 (MITRE ATT&CK) → Canceled
▸ ENG-8792 (API action step bug) → Todo, assigned to Hannah Bernstein
▸ ENG-8794 (ServiceNow OAuth2) → assigned to Yash Kothari
▸ ENG-8859 (Webhook restart context) → Todo, assigned to Yash Kothari
▸ ENG-8860 (Canvas URL params) → priority upgraded to High
▸ ENG-8502 (Conversation compaction) → priority upgraded to High
▸ ENG-7911 (Structured JSON) → priority upgraded to High
▸ ENG-6440 (48hr session timeout) → priority upgraded to High
▶
📞 Previous Call: Cyber Weekly — Mar 19, 2026
✅ RESOLVED: Jira DC auth fixed. ThreatConnect MCP fixed. Both operational.
📅 RSA: Monday afternoon review — Mo, Bryan, Nick.
💡 FEEDBACK: Workflow restart loses webhook context (accepted as enhancement). Per-step retry requested.
▶
📞 Previous Call Context (2026-03-18)
- ▸ Discussion focused on internal Deloitte infra friction — K8s environment differences not fully understood internally
- ▸ NGINX ingress deprecation referenced by Deloitte, but Kindo ships AWS ALB (not the same thing, per Marcos)
- ▸ Amazon Bedrock model catalog — some models require preliminary customer steps to enable access
Workstreams
🛡️ Cyber / Adelina Squad
workstream:cyber-adelina
40% complete19 of 47
28
Open
19
Done
29
Cancelled
Squad: CharlieAashmanMadisonDoinkBrandon
🔐 IAM / Johnson & Johnson
workstream:iam-jnj
91% complete21 of 23
2
Open
21
Done
12
Cancelled
Squad: YashAashmanSeanCharlie
🔑 IAM POC (SailPoint / Entra)
workstream:iam-poc
90% complete9 of 10
1
Open
9
Done
1
Cancelled
Squad: AashmanSeanDevon
🏢 ERP Security (SAP)
workstream:erp-security
100% complete7 of 7
0
Open
7
Done
2
Cancelled
Squad: SeanHannahAmanda
🌐 NetOps (Cisco)
workstream:netops
100% complete3 of 3
0
Open
3
Done
3
Cancelled
Squad: Charlie
🌍 Meta Global Ops
workstream:meta-global-ops
0% complete0 of 10
10
Backlog
0
Done
0
Cancelled
Squad: Unassigned
Strategic Project View
Projects group related work across workstreams. This view helps stakeholders understand scope, strategic impact, and cross-cutting dependencies — not just individual tickets.
Active Projects
9
+ 2 completed
Large Scope
2
Canvas + Meta QA
Medium Scope
3
Reliability · Extensions · Multi-Agent
Small / Focused
4
SMK · API · GitOps · Auth
🖼️
Canvas Production Readiness
6 active · 1 done
LARGE SCOPE
In Progress
Strategic Context: Transform Canvas from an internal tool into a production-grade end-user interface for Deloitte. Canvas is the primary surface Deloitte's teams interact with daily — and it's currently blocking production deployment for the SOC.
🗣️ Customer Voice — What Deloitte Is Asking For
1. Show Kindo agent data in Canvas — Matthew wants Canvas to display data about what agents are running, their status, and project-related information. Essentially showing Kindo agent data as tool data in dashboards.
2. Navigation between Canvas dashboards — Matthew wants linking between different dashboards, menus, navigation — an interconnected experience, not isolated views.
3. URL parameters for drill-down — "Right now, if I wanted to push this to production for our SOC, I can't do that unless I have those URL parameters." Click one dashboard → opens another with filter context. This is the #1 production blocker.
4. More interactive web app capability — Deloitte leadership "don't love the current UI experience." If Canvas can't deliver sufficient interactivity, they will build their own UI. The IAM team is already considering this. This affects every workstream at Deloitte, not just Cyber.
⚠️ Pattern Problem & Architectural Limit
Escalation cycle: Every time a Canvas request is fulfilled, the next one comes immediately. Endless escalation on a limited architecture.
Architecture ceiling: Current Canvas is JSON dashboards — not infinitely scalable. Stacking features on this architecture has a hard ceiling.
🔮 Strategic Path Forward
Real solution: Build a v0/Lovable/Replit-style generative UI system — estimated as a quarter-sized initiative (~90 days R&D) to reach operational confidence.
Agreed tactical approach: Ship immediate Canvas fixes now (URL params, navigation) + offer a Kindo API (relatively easy). Position generative UI as a 2026 roadmap item without committing to a specific timeline.
Impacts: All Deloitte teams (cross-workstream)
Dependencies: Chat Actions Public API (for Kindo API path)
Stakeholder Input Needed: Priority ranking of tactical fixes, acceptance of generative UI timeline, whether to invest in Kindo API as interim
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8509 | Interactive web page UI functionality for canvases | 🔴 High | Backlog |
| ENG-8860 | URL parameters for drill-down navigation | 🔴 High | Backlog |
| ENG-8598 | Canvas editor: filters + multi-page navigation without JSON editing | 🟡 Med | Backlog |
| ENG-8057 | Implement observability for canvas | 🟡 Med | Backlog |
| ENG-8563 | Dashboard sharing for authorized recipients | — | Backlog |
| ENG-8514 | Mermaid graph/diagram support in canvas markdown | — | Backlog |
| ENG-7580 | Audit log everything in dashboards | — | Backlog |
🔄
Chat / Agent Long-Running Reliability
3 active
MEDIUM SCOPE
Critical Path
Strategic Context: Deloitte's core use case requires agents that run reliably for hours. Today, agents quit due to context overflow, timeouts, and unrecoverable failures. Currently 15% through — first drops expected end of March.
🗣️ Customer Voice — What Deloitte Is Experiencing
Agents quit mid-task — agents stop after hitting timeouts or unspecified failures. Initial timeout increases were a "Band-Aid." Deloitte needs agents that work for hours on complex tasks.
Uninformative error states — "Red boxes that don't give any real information about what's happening." When agents fail, users have no way to understand why or what to do next.
No per-step retry — if an agent hard-fails mid-run, the only option is restarting the entire workflow. Deloitte requested a "retry this step" button for unrecoverable automatic failures.
Webhook restart loses context — "The retry does not work if it's a web trigger. It won't pull in the same context from the webhook." Restarts lose the original triggering data.
No visibility into intermediate steps — "We don't know the results of step 2 or step 3 of a 5-step agent." Need to see/analyze results from each individual step.
Impacts: Cyber/Adelina (primary), all workflow users
Timeline: Phase 1 end of March, iterative drops after
Stakeholder Input Needed: Acceptable failure modes, retry vs. restart preferences, minimum session duration requirements
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8859 | Workflow restart doesn't preserve webhook trigger context | — | Triage |
| ENG-8511 | Selective data flow between model context windows ("Plan Mode") | — | Todo |
| ENG-8502 | Conversation compaction (continuous conversation) | — | Todo |
🔌
Deloitte Platform Extensions
5 active
MEDIUM SCOPE
In Progress
Strategic Context: New integrations and platform capabilities requested specifically by Deloitte. Each extension expands what Deloitte teams can automate in their security and identity workflows.
🗣️ Customer Voice — Integration Needs
🔴 Jira Data Center (CRITICAL) — completely broken after recent deployment. Auth flow requests API token when using basic auth for self-hosted Jira DC. "Number one critical — we definitely need to get fixed ASAP. Needed for RSA."
⚠️ ThreatConnect (degraded) — connects but 6+ validation error retries per successful call. MCP parameter descriptions may be unclear to the agent. "I'm limping along with it." Possible fix in main but not in SMK release cut.
ServiceNow + SAP — connectivity needed for test systems. ServiceNow OAuth2 fails while REST works. SAP needs JCo/RFC connectivity.
SailPoint & Okta — Okta shows partial/no data with "GWT kit invalid" error. Deloitte sending full list of SailPoint write ops they need.
Version confusion — "Is there a way to see what version of the integration we have?" Deloitte doesn't know whether fixes in main are in their instance.
Impacts: Cyber (Jira, ThreatConnect), IAM (ServiceNow, SailPoint, Okta), all teams (JSON output)
Dependencies: SMK release pipeline (fixes in main vs. deployed)
Stakeholder Input Needed: Integration priority ranking, test system access for ServiceNow/SAP, Okta write ops scope
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8794 | ServiceNow OAuth2 connection fails | 🔴 High | Backlog |
| ENG-8863 | ThreatConnect MCP parameter validation errors | — | Triage |
| ENG-8463 | BYO Embeddings (Pinecone) | — | Backlog |
| ENG-8233 | Delete deprecated CrowdStrike standalone MCP | 🟢 Low | Backlog |
| ENG-7911 | Structured JSON Output (JSON Schema Enforcement) | — | Backlog |
📦
Efficient SMK Install
2 active · both 🔴 High
SMALL SCOPE
HIGH URGENCY
Strategic Context: Streamlining the self-managed Kindo (SMK) deployment experience. Critical for scaling to 7 planned SMK deployments across Deloitte teams.
🗣️ Customer Voice
Installation friction — initial deployments had many slowdowns: environments not set up, prerequisites not tested, multiple manual steps. "It always looks good when we come in, push a button, and it works."
Privacy / AI policy compliance — Adelina's team requires users to sign on and acknowledge Deloitte's AI use policy before accessing the system. Must be configurable per deployment.
Agent portability — need to import agents between Kindo installations so configurations don't have to be recreated manually for each SMK instance.
Impacts: All SMK deployments (7 planned)
Stakeholder Input Needed: Privacy notice requirements per deployment, agent export/import scope, environment pre-validation checklist
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8596 | Configurable privacy notice flow for whitelabelled deployments | 🔴 High | Todo |
| ENG-7913 | Import Agents between Kindo installations | 🔴 High | Backlog |
🤖
Multi-Agent Orchestration
2 active
MEDIUM SCOPE
Future / Strategic
Strategic Context: Enable agents to trigger and coordinate other agents — a prerequisite for complex multi-step workflows. This is a platform capability that will unlock new use cases across all Deloitte workstreams. Currently in research/backlog phase.
Impacts: All workstreams (platform capability)
Dependencies: Chat/Agent Reliability must stabilize first
Stakeholder Input Needed: Priority use cases for multi-agent workflows, acceptable latency
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-7910 | "Agent Trigger" Type & Inter-Agent Orchestration Lifecycle | — | Backlog |
| ENG-6801 | Hatchet flow control & multi-agent tool research | — | Backlog |
🔗
Chat Actions Public API
1 active
SMALL SCOPE
New
Strategic Context: Public API with streaming support for custom UI integrations. Enables Deloitte to build bespoke interfaces on top of Kindo's agent infrastructure.
🗣️ Customer Voice
Streaming API — currently must poll run IDs repeatedly with no idea how long to wait. Need real-time streaming to see results step-by-step as agents work.
Ephemeral tool calls — today, to do any dynamic tool calling, they must create a full agent. Need the ability to trigger tool calls without agent creation — from Canvas or scripts.
Kindo API as Canvas interim — agreed as a tactical path: offer a Kindo API (relatively easy to build) so Deloitte can build custom UIs while generative UI is on the roadmap.
Impacts: All teams — enables custom UI path, unblocks Canvas limitations
Stakeholder Input Needed: API scope requirements, streaming vs. polling preference, authentication model
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8861 | Agents API: streaming support for real-time results | — | Triage |
📝
Agent Version Control
1 active
SMALL SCOPE
Future
Strategic Context: GitOps workflow for agents and canvases — version control, collaboration, and rollback. Critical for enterprise governance as Deloitte teams scale agent usage across multiple teams and deployments.
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8512 | GitOps for agents and canvases — version control & collaboration | — | Backlog |
🔒
Auth & Session Hardening
1 active
SMALL SCOPE
Backlog
Strategic Context: Session timeout and authentication hardening. Enterprise requirement for security compliance in Deloitte's environment.
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-6440 | 48-hour session timeout | — | Backlog |
🌍
Meta Global Ops — Automated QA Testing Platform
10 active · 0 assigned · all backlog
LARGE SCOPE
Not Started
Strategic Context: Build an automated QA testing platform for Meta via Deloitte. New engagement with significant scope — browser automation, mobile testing, visual comparison, ticketing integrations. Entirely unresourced. Requires RACI definition and phased engagement plan before work can begin.
Impacts: New revenue stream via Deloitte
Prerequisites: RACI plan, squad allocation, Deloitte kickoff
Stakeholder Input Needed: Priority vs. other workstreams, resource allocation, timeline expectations
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8472 | RACI & Phased Engagement Plan with Deloitte | 🔴 High | Backlog |
| ENG-8469 | 2FA & Identity Flow Workarounds | 🔴 High | Backlog |
| ENG-8466 | Screenshot / Visual Comparison Engine | 🔴 High | Backlog |
| ENG-8465 | Web Flow Hardening & Demo Polish | 🔴 High | Backlog |
| ENG-8471 | Performance, Scale, and Reliability at Meta Scale | 🟡 Med | Backlog |
| ENG-8467 | Mobile Browser Emulation | 🟡 Med | Backlog |
| ENG-8470 | Messaging & Ticketing Integrations (Google Chat, Salesforce) | 🟡 Med | Backlog |
| ENG-8468 | Full Mobile App Testing via Device Farm Partner | 🟢 Low | Backlog |
| ENG-8317 | Browser output visibility in product — live sidebar viewport | — | Backlog |
| ENG-8056 | Implement Chromium for Browser Use in Sandbox Pod | — | Backlog |
✅
Release 2026.03.0
SMK integration validation, PII cleanup, SMK Installer — all shipped.
✅
Scalable Integrations
Microsoft Defender MCP + Microsoft Graph Alerts — both delivered.
All Open Issues
🛡️ Cyber / Adelina — Open Issues 31
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8920 | 🚨 Task worker loses Hatchet heartbeat and silently stops processing | Triage | 🚨 Urgent | — |
| ENG-8597 | Collaborative alert triage workflow | Backlog | 🟡 Med | — |
| ENG-8792 | API action step: Dynamic input fails to resolve variables | Todo | 🔴 High | Hannah Bernstein |
| TEK-58 | Expand SailPoint ISC tool coverage (moved to Teka team) | Todo | 🔴 High | Damien S. |
| ENG-8596 | Add configurable privacy notice flow for whitelabelled deployments | Todo | 🔴 High | — |
| ENG-8721 | ✅ Done | 🔴 High | Brandon C | |
| ENG-8425 | Get ServiceNow and SAP connectivity working with test systems | Todo | 🔴 High | — |
| ENG-8744 | Docs site gaps: workflow tutorial, cyber walkthroughs, memory patterns | Confirming | 🔴 High | Doink |
| ENG-8509 | Interactive web page UI functionality for canvases | Backlog | 🔴 High | — |
| ENG-7913 | Import Agents between Kindo installations | Backlog | 🔴 High | — |
| ENG-8732 | ✅ Done | 🔴 High | — | |
| ENG-8730 | Model management: delete/modify models without direct DB access | Backlog | 🔴 High | — |
| ENG-8729 | SMK system status verification endpoint | Backlog | 🔴 High | — |
| ENG-8921 | SMK white-label logo not rendering from S3 (CORS) | Triage | 🟡 Med | — |
| ENG-8923 | Share Grafana dashboard JSON + OTEL metrics docs for SMK | Triage | 🟡 Med | — |
| ENG-8924 | Document container log forwarding to CloudWatch for non-turnkey SMK | Triage | 🟡 Med | — |
| ENG-8793 | Workflow list: Add ability to filter workflows by creator | Backlog | 🟡 Med | — |
| ENG-8598 | Canvas editor: filters and multi-page navigation without JSON editing | Backlog | 🟡 Med | — |
| ENG-8423 | Canvas: Production-ready primary end-user UI mode with hierarchical nav | Backlog | 🟡 Med | — |
| ENG-8057 | Implement observability for canvas | Backlog | 🟡 Med | — |
| ENG-8563 | Add dashboard sharing for authorized recipients | Backlog | 🟡 Med | — |
| ENG-8922 | Document configurable disclaimer message below chat input | Triage | 🟢 Low | — |
| ENG-8925 | Support multi-organization creation and resource isolation in SMK | Triage | 🟢 Low | — |
| ENG-8424 | Native prompt saving and management | Backlog | 🟢 Low | — |
| ENG-8233 | Delete deprecated standalone CrowdStrike Falcon MCP server | Backlog | 🟢 Low | — |
| ENG-8463 | BYO Embeddings: Allow custom OpenAI-compatible embeddings endpoint | Triage | 🟢 Low | — |
| ENG-8511 | Selective data flow control between model context windows | Todo | — | — |
| ENG-8514 | Mermaid graph/diagram support in canvas markdown | Backlog | — | — |
| ENG-8513 | Canceled | — | — | |
| ENG-8512 | GitOps approach for agents & canvases — version control & collab | Backlog | — | — |
| ENG-8319 | Sub-agent execution support — first-class agent-triggers-agent | Backlog | — | — |
| ENG-7911 | Structured JSON Output (JSON Schema Enforcement) | Backlog | 🔴 High | — |
| ENG-7910 | "Agent Trigger" Type & Inter-Agent Orchestration Lifecycle | Backlog | — | — |
🔐 IAM / J&J — Open Issues 2
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-7580 | Audit Log Everything in Dashboards | Backlog | — | — |
| ENG-6801 | Hatchet flow control & multi-agent tool research | Backlog | — | — |
🔑 IAM POC — Open Issues 1
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8794 | ServiceNow integration: OAuth2 connection fails while REST API works | Backlog | 🔴 High | Yash Kothari |
🌍 Meta Global Ops — All Issues (Backlog) 10
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8472 | RACI & Phased Engagement Plan with Deloitte | Backlog | 🔴 High | — |
| ENG-8469 | 2FA & Identity Flow Workarounds | Backlog | 🔴 High | — |
| ENG-8466 | Screenshot / Visual Comparison Engine | Backlog | 🔴 High | — |
| ENG-8465 | Web Flow Hardening & Demo Polish | Backlog | 🔴 High | — |
| ENG-8471 | Performance, Scale, and Reliability at Meta Scale | Backlog | 🟡 Med | — |
| ENG-8467 | Mobile Browser Emulation | Backlog | 🟡 Med | — |
| ENG-8470 | Messaging & Ticketing Integrations (Google Chat, Salesforce) | Backlog | 🟡 Med | — |
| ENG-8468 | Full Mobile App Testing via Device Farm Partner | Backlog | 🟢 Low | — |
| ENG-8317 | Browser output visibility in product — live sidebar viewport | Backlog | — | — |
| ENG-8056 | Implement Chromium for Browser Use in Sandbox Pod | Backlog | — | — |
Delivery Cadence — Two-Week Team Cycle
📦 Week 1 — BUILD
TUESDAY
Requirements Day (Human Touchpoint)
8:00 AM — Adelina (90 min)
9:45 AM — Cyber (90 min)
11:30 AM — J&J (90 min)
1:30 PM — Meta (90 min)
Each: Deliver → Gather → Deep Dive → Scope Triage → Commit
9:45 AM — Cyber (90 min)
11:30 AM — J&J (90 min)
1:30 PM — Meta (90 min)
Each: Deliver → Gather → Deep Dive → Scope Triage → Commit
TUE PM – WED
🤖 Agentic Sprint Execution
Requirements → Akira pipeline → 3 parallel squads
12 sprints per release in ~6.5 hours
60-min sprint cycles: Req → Arch → Build → Test → Ship
12 sprints per release in ~6.5 hours
60-min sprint cycles: Req → Arch → Build → Test → Ship
THU – FRI
🧑 Human Review Gates
Quality review · Edge cases · Staging verification · Evidence packages
FRIDAY
📊 Status Report #1 → Each Team
Staging links · Demo recordings · Visual progress · Blockers w/ mitigation
✨ Week 2 — HOLD & POLISH
MON – THU
Release Complete
Polish · Document · Prep demos · Address review findings · Prep delivery presentation for Tuesday
FRIDAY
📊 Status Report #2 → Each Team
Release-ready summary with staging links · Preview of Tuesday delivery
NEXT TUE
🔁 Deliver + New Intake (Cycle Repeats)
Full release cycle = equivalent of 4-5 traditional sprints, delivered every 2 weeks
Intake
Day 1
Tuesday
Agentic Build
~6.5h
12 sprints
Human Review
+2 days
Thu – Fri
Release Ready
Day 5
Friday
Delivery
Day 15
Next Tuesday
Monthly Program Management Overlay
🗓️ Week 1 — Cycle A Build
MONDAY
Program Planning (Internal)
Unified backlog review · Cross-team prioritization · Contract scope governance · Capacity allocation
TUESDAY
Requirements Intake (Cycle A)
All 4 teams back-to-back + Deliver Cycle B results
FRIDAY
Status Reports + Program Check-in
Story prioritization · Issue/blocker list · Scope triage results
🗓️ Week 3 — Cycle B Build
TUESDAY
Requirements Intake (Cycle B)
All 4 teams + Deliver Cycle A results
WEDNESDAY
Reality Check (Internal)
Staging review · Progress to monthly goals · Time/cost/scope assessment · Cross-team adjustments
FRIDAY
Status Reports + Program Check-in
🗓️ Week 4 — Monthly Review
THURSDAY
Monthly Program Review & Re-Assessment
Cycle results across all 4 teams · Unified backlog re-prioritization · Contract scope audit · Dependencies reassessed · Velocity trends · Pod 2 sync
FRIDAY
Portfolio Summary → Deloitte Leadership
Roll-up to Vikram, Kush, Arun
Scope Governance
🐛
Bug / Defect
Software doesn't function per docs.kindo.ai
→ Support ticket → SLA response
Sev1: 4hr · Sev2: 1 business day
Sev1: 4hr · Sev2: 1 business day
Covered by $500K/yr support fee
✅
In-Scope Feature
Functionality documented or implied by docs.kindo.ai
→ Build in current cycle
→ Deliver next Tuesday
→ Deliver next Tuesday
Covered by $5M/yr license
🚫
Out-of-Scope / Bespoke
Functionality NOT in docs.kindo.ai or product roadmap
→ Flag for SOW negotiation
→ Additional Services amendment
→ Additional Services amendment
Separate SOW / rate card
📜 Scope Authority: docs.kindo.ai
The reference contract defines the product by its Documentation. For the Deloitte engagement, docs.kindo.ai serves as the canonical baseline.
Every requirement is triaged against this baseline:
Deloitte Request
→
Diff vs docs.kindo.ai
→
Bug
In-Scope
Out-of-Scope
🧑 Human Decision Gates
| Gate | Who Decides | When | Scope |
|---|---|---|---|
| 🧑 Scope Commitment | Deloitte team | Tuesday requirements session | Approves what they want built |
| 🧑 Sprint Approval | Kindo (Tony/Charlie) | Tuesday PM (internal) | Reviews sprint plan before agents execute |
| 🧑 Evidence Review | Kindo (Tony/Charlie) | Thursday–Friday | Verifies delivered work before staging |
| 🧑 Scope Triage | Tony | Gray zone requests | Build vs. flag for SOW |
| 🧑 Monthly Re-prioritization | Kindo leadership | Week 4 Thursday | Unified backlog adjustment |
Team & Stakeholders
🏢 Deloitte
VikramSenior Leadership
KushSenior Leadership
ArunProgram Leadership
MatthewCyber / Adelina Squad
Adelina SquadTeam Leads TBD
J&J SquadTeam Leads TBD
Meta SquadTeam Leads TBD
⚡ Kindo
Tony WongChief Delivery Officer
Mo NezaratiEngagement Lead
Charlie HulcherEngineering
Joana DiasProgram Support
Mathew VargheseCRO
AkiraAI Program Manager
BurkeAI Engineering
🔧 Engineering Squad
AashmanPrimary IC — dashboards, canvas, MCP, integrations
MadisonCrowdStrike, ThreatConnect
Yash KothariIAM J&J dashboards
Sean WalkerSAP, SailPoint, IAM
Devon PeroutkyIAM POC, Entra AD
HannahSAP ODATA
AmandaSAP user validation
Brandon CSMK validation, release packages
Doink (kinDOS)Docs site, call transcript processing
MarcosInfrastructure (ALB, K8s)
⏱️ Time Commitments
Deloitte Teams (per team)
Requirements Intake + Delivery Review90 min × 2/mo
Friday Status Report (read + click)~10 min × 4/mo
Total per team~3.5 hrs/month
Deloitte Leadership
Monthly Portfolio Summary (async read)~20 min
Monthly Review Discussion (optional)30–60 min
Total~1 hr/month
Tony's Time
Program Planning2 hrs
Requirements Intake (4 teams × 90 min × 2)12 hrs
Friday Program Check-ins2 hrs
Reality Check1.5 hrs
Monthly Program Review2 hrs
Total~19.5 hrs/month
Risks & Blockers
URGENT — Task Worker Heartbeat Loss (ENG-8920)
Task worker loses Hatchet heartbeat and silently stops processing. Second occurrence. Known bug, patch in progress. No application logs available to diagnose. Kindo acknowledged as highest priority. Critical for RSA demo and production readiness.
Urgent BlockerNo Application Logging in SMK (ENG-8924)
Audit logs ≠ application logs. Container logs have no permanent storage in Deloitte's deployment. When task worker dies, nothing to diagnose. CloudWatch Logs setup needed.
Operational GapSMK White-Label Logo Not Rendering (ENG-8921)
S3-hosted logo not displaying. Suspected CORS issue. Separate fix call scheduled for 1:30 PM PST with Marcos + Nate.
Bug — Fix ScheduledServiceNow OAuth2 Bug (ENG-8794)
OAuth2 connection fails while REST API works. Now assigned to Yash Kothari.
BlockerOkta Integration Bug (TEK-60) — RESOLVED
Partial/no data, disconnected state. Fixed — status Done in Linear. Okta write tools (ENG-8795) moved to Agency team as AGE-354.
ResolvedJira Data Center Auth Broken — RESOLVED
Fixed and deployed. Integration operational.
Resolved Mar 20ThreatConnect MCP Tool Call Failures — RESOLVED
Fixed. ENG-8721 marked Done in Linear.
ResolvedMeta Global Ops — Fully Unresourced
10 issues, all in backlog, zero assigned. 4 high-priority items. No squad allocated.
Capacity Risk~25 Unassigned Open Issues
Significant portion of open portfolio has no squad allocation. Particularly acute for Cyber and cross-workstream items.
Capacity Risk🔗 Key Dependencies
| Dependency | Blocks | Status |
|---|---|---|
| Okta connection bug fix (ENG-8639) | ENG-8795 (Okta write tools) | In Triage |
| SMK release package (ENG-8732) | 7 SMK deployments | In Progress |
| SailPoint write ops (email from Deloitte) | ENG-8640 (SailPoint expansion) | Waiting |
| Deloitte Bedrock access setup | Model catalog availability | TBD |
| Docs site gaps (ENG-8744) | Scope baseline (docs.kindo.ai as Exhibit D) | Confirming |
📡 Integration Signals (Reconfirmed)
| Integration | Issue | Status | Notes |
|---|---|---|---|
| Workday | AGE-149 | Requested | Reconfirmed as requested capability |
| Oracle | ENG-6612 | Requested | Reconfirmed — on-prem + cloud support required |
Program Structure — The Two-Pod Engine
AKIRA — AI PROGRAM MANAGER
Decomposes requirements into executable sprint campaigns · Human oversight at every gate
Pod 1: Kingdom Portfolio & Program Management
Fulfills the Deloitte contract
- 4 Deloitte teams (Adelina, Cyber, J&J, Meta)
- 7 SMK deployments
- Requirement triage & client delivery
- Scope governance against docs.kindo.ai
- 3 parallel squads, 60-min sprint cycles
- 12 sprints/release in ~6.5 hours
Pod 2: Akira Autonomous Product Development
Builds Akira into the Kindo product
- Build Akira into Kindo platform
- New product surfaces
- Platform capabilities
- The engine IS the product
- Continuous delivery
- Contract learnings feed into product
💡 Key Insight
Pod 1 delivers the Kingdom contract. Pod 2 builds Akira into the Kindo product. They share the same agentic architecture, sprint mechanics, and oversight model. What we build for Deloitte proves what we sell to the next 100 customers.
Operational Burn Reduction
70-80%
Lower vs. traditional delivery
Sprint Velocity
12
Sprints per release in ~6.5 hrs
Equivalent Traditional Pace
4-5×
Sprint scope compressed to 2 weeks
🚀 Implementation Phases
Phase 0: Pre-RSA (Now → RSA)
☑ Matthew warm-intro email · ☐ Prepare program dashboard · ☐ Lock docs.kindo.ai as scope baseline · ☐ Prepare RSA walkthrough materials
Phase 1: First Cycle (Post-RSA, ~1 week after)
First Tuesday requirements intake with all 4 teams · Run delivery manually — Burke builds, Tony reviews · Generate first Friday status reports · Validate cadence with real requirements
Phase 2: Cadence Established (Cycles 2-3)
Semi-automated Reality Check and status reports · Scope triage process validated · Monthly Program Review produces first Cycle Results · Pod 2 feeds contract learnings into product
Phase 3: Full Engine (Cycle 4+)
Fully automated status, tracking, sprint execution · Humans attend only decision gates · Portfolio governance on live data · The engine that delivers Deloitte becomes the product demo for 100 more
🎭 What Deloitte Sees vs. What Actually Happens
| What Deloitte Sees | What Actually Happens |
|---|---|
| "We have a structured delivery team" | 2 Mini-CEO Pods, 3 parallel squads, AI program management |
| "Requirements captured Tuesday, delivered next Tuesday" | 12 agentic sprints in 6.5 hours, held for human review |
| "Weekly status with staging links" | Auto-generated from pipeline state, not manually compiled |
| "Monthly portfolio view across all teams" | Akira synthesizes cross-team status in real-time |
| "Requests triaged against documented capabilities" | Automated diff against docs.kindo.ai, contract-aware scope governance |
| "Startup speed with enterprise rigor" | 70-80% lower operational burn, dual-pod engine |