Executive Overview
Program Status
YELLOW
RSA next week — key fixes shipped
Program Summary
56% complete — 54 of 96 items delivered across 6 workstreams.
✅
Blockers cleared — Jira Data Center and ThreatConnect integrations fixed and operational.
📅
RSA next week — in-person review session Monday Mar 24 with Deloitte leadership.
🖼️
Canvas is the #1 request — URL params and navigation needed for SOC production deployment. Strategic path under discussion.
⚡
Agent reliability Phase 1 — first drops expected end of March. Currently 15% through.
🛡️ Cyber / Adelina
🟡
14 of 43 items delivered (33%) — the most active and complex workstream with 29 open items across integrations, Canvas, and agent reliability.
✅ This week: Jira DC and ThreatConnect integrations fixed and operational. SMK v1.0.3.0 deployed. Command Center live.
⚠️ Next: RSA in-person review Mon Mar 24. Agent reliability Phase 1 (end of March). SMK v1.0.3.1 release pre-RSA.
✅ This week: Jira DC and ThreatConnect integrations fixed and operational. SMK v1.0.3.0 deployed. Command Center live.
⚠️ Next: RSA in-person review Mon Mar 24. Agent reliability Phase 1 (end of March). SMK v1.0.3.1 release pre-RSA.
🔐 IAM / J&J
🟢
21 of 23 items delivered (91%) — nearly complete.
Remaining: Audit log for dashboards, multi-agent flow research. Both low-urgency backlog items.
Remaining: Audit log for dashboards, multi-agent flow research. Both low-urgency backlog items.
🔑 IAM POC (SailPoint / Entra)
🟢
9 of 10 items delivered (90%) — nearly complete.
Remaining: ServiceNow OAuth2 connection bug (ENG-8794). Low risk to overall program.
Remaining: ServiceNow OAuth2 connection bug (ENG-8794). Low risk to overall program.
🏢 ERP Security (SAP)
✅
7 of 7 delivered — SAP ODATA and user validation workflows operational. Workstream closed.
🌐 NetOps (Cisco)
✅
3 of 3 delivered — Cisco integration operational. Workstream closed.
🌍 Meta Global Ops
🔴
0 of 10 delivered — entirely unresourced. Automated QA testing platform for Meta via Deloitte.
Blocked: Needs RACI plan, squad allocation, and Deloitte kickoff before any work begins. 4 high-priority items waiting.
Blocked: Needs RACI plan, squad allocation, and Deloitte kickoff before any work begins. 4 high-priority items waiting.
Click to expand detail sections
▶
🔍 Key Health Questions — Reporting Period: Mar 12–20, 2026
| Question | Status | Explanation |
|---|---|---|
| Is the team behind schedule? | ⚠️ Possible | Agent reliability at 15%. Cyber workstream at 33% — most complex track. |
| Problems preventing cycle goal? | 🟢 Mitigated | Jira DC auth and ThreatConnect validation issues are now resolved and operational. |
| Foresee issues for next period? | ⚠️ Possible | RSA Conference (next week) will reduce engineering bandwidth. In-person review session Monday. |
| Unscheduled tasks this cycle? | ⚠️ Some | SMK 1.0.3.1 release prep unplanned. Jira DC + ThreatConnect debugging (now resolved) consumed cycles. |
| Have any estimates changed? | 🟢 No | — |
| Tasks added or deleted this cycle? | ⚠️ Yes | 4 new issues from Mar 17 Cyber Weekly. Jira DC and ThreatConnect escalations now resolved. |
| Technical problems encountered? | 🟢 Resolved | Jira DC auth flow and ThreatConnect MCP parameter validation — both fixed and deployed. |
| Resource problems? | ⚠️ Possible | Meta Global Ops fully unresourced (10 backlog items, 0 assigned). RSA week reduces available engineering. |
▶
✅ Accomplishments This Period — Week of Mar 12–20
| Accomplishment | Owner | Status |
|---|---|---|
| SMK system upgrade to v1.0.3.0 — deployed to Deloitte hosted + self-managed instances | Engineering | ✅ Complete |
| Dashboard/Canvas agent cleanup — auto-created agents now hidden from main list, new "Dashboard Agents" filter tab live | Aashman | ✅ Complete |
| DLP data scrubbing fix — customer PII was being incorrectly scrubbed; resolved | Engineering | ✅ Complete |
| Feature flag management decoupled — SMK feature flags separated from deployment-specific configuration | Engineering | ✅ Complete |
| Command Center now live — visible in hosted instance and v1.0.3.0 SMK | Engineering | ✅ Complete |
| Jira Data Center auth fix — basic auth vs API token mismatch resolved for self-hosted Jira DC | Engineering | ✅ Complete |
| ThreatConnect MCP parameter fix — validation errors causing retry loops now resolved | Engineering | ✅ Complete |
▶
📋 Plans for Next Period — Mar 20–Apr 2
| Plan | Owner | Target |
|---|---|---|
| RSA in-person review session — Mo, Bryan/Nick, Kindo team meet Monday afternoon to walk through full update list | Tony / Mo Nezarati | Mon Mar 24 |
| Agent long-running reliability (Phase 1) — context compaction, automatic retries, better error messages. Currently 15% through. | Engineering | End of March |
| SMK v1.0.3.1 release package — includes dashboard agent cleanup, Jira DC fix, ThreatConnect fix + additional improvements | Brandon | Pre-RSA |
| Webhook retry context preservation — ensure workflow restarts retain original webhook trigger context (feedback from Deloitte) | Engineering | Apr |
| Streamlined one-click SMK installation — environment validation tooling + simplified deployment process | Engineering | In progress |
▶
🎯 Key Schedule Milestones
| Milestone | Target Date | Status |
|---|---|---|
| Jira DC + ThreatConnect integration fixes deployed | Mar 20 (Fri) | ✅ Done |
| RSA Conference — in-person review session with Deloitte | Mar 24 (Mon PM) | ⚠️ Scheduled |
| Agent reliability Phase 1 — first capability drops | End of March | ⚠️ 15% |
| SMK v1.0.3.1 release to Deloitte | Pre-RSA | ⚠️ In Progress |
| Program dashboard ready for Deloitte leadership | Pre-RSA | ⚠️ In Progress |
| Agent reliability Phase 2 — compaction + full retry | Mid-April | Planned |
| Meta Global Ops — squad allocation & kickoff | TBD | Not Started |
▶
🔺 Active Risks
| ID | Impact | Trend | Description | Mitigation |
|---|---|---|---|---|
| R1 | Low | 📉 | RSA readiness — Jira DC resolved. Jira DC integration is now operational. ThreatConnect also fixed. RSA in-person review Monday. | Jira DC and ThreatConnect fixes deployed. SMK v1.0.3.1 release in progress for pre-RSA. |
| R3 | Med | 📈 | Agent reliability below Deloitte expectations. Agents quit during long tasks. Timeout Band-Aids applied; root cause fix at 15%. | Phase 1 drops end of March. Context compaction + retries + better error reporting. |
| R4 | Med | ➡️ | Meta Global Ops fully unresourced. 10 backlog items, 4 high-priority, zero squad allocated. | Defer until post-RSA. Allocate squad in next Program Planning cycle. |
▶
🚨 Key Issues
| ID | Description | Status | Owner | Due Date |
|---|---|---|---|---|
| I1 | ✅ RESOLVED | Engineering | Mar 20 | |
| I2 | ✅ RESOLVED | Engineering | Mar 20 | |
| I3 | Okta integration bug (ENG-8639) — partial/no data, "Client association GWT kit is invalid" error. Blocks Okta write tools (ENG-8795). | 🔴 OPEN | Unassigned | TBD |
| I4 | ServiceNow OAuth2 (ENG-8794) — OAuth2 connection fails while REST API works. | 🔴 OPEN | Unassigned | TBD |
| I5 | SMK v1.0.3.1 not yet released — dashboard agent cleanup, Jira DC fix, ThreatConnect fix and other improvements not yet in customers' instances. | ⚠️ IN PROGRESS | Brandon | Pre-RSA |
▶
📝 Key Decisions
| ID | Decision | Decision Maker | Date |
|---|---|---|---|
| D2 | RSA in-person review scheduled Monday afternoon — full update walkthrough with Mo, Bryan/Nick | Tony / Mo | Mar 19 |
| D4 | Webhook retry must preserve original trigger context (Deloitte feedback → accepted as enhancement) | Tony / Bryan | Mar 19 |
| D5 | Agent reliability Phase 1 target: end of March; iterative drops after that | Engineering | Mar 19 |
▶
📞 Most Recent Call: Deloitte Cyber Weekly — Mar 19, 2026
Kindo Attendees
Charlie Hulcher, Aashman, Tony Wong, Bryan Vann, Mo Nezarati, Joana Dias
Deloitte Attendees
Matthew
✅ RESOLVED: Jira Data Center integration fixed — basic auth vs API token mismatch resolved for self-hosted Jira DC. Now operational.
✅ RESOLVED: ThreatConnect MCP tool calls fixed — validation error retry loops resolved. Integration now operational.
📅 RSA MEETING PLANNED: Monday afternoon at RSA — Mo arrives SF ~10AM from Toronto, available after ~12PM. Bryan + Nick to join. Full update walkthrough in person.
✅ DELIVERED: SMK v1.0.3.0 upgrade, Command Center live, dashboard agent cleanup (Mar 16), DLP scrubbing fix, feature flag decoupling. Some items need v1.0.3.1 for SMK instances.
💡 FEEDBACK CAPTURED: Workflow restart doesn't preserve webhook trigger context — accepted as enhancement. Per-step retry (not just full restart) requested for hard failures.
▶
🧭 Strategic Discussion Guide — Key Decisions for Stakeholders
1. Canvas: Tactical Fixes vs. Strategic Rebuild
Decision Required
Canvas is the #1 request category and is blocking SOC production deployment. Three paths: tactical fixes (URL params, navigation), Kindo API (Deloitte builds custom UIs), or generative UI (~90 days R&D).
2. Agent Reliability: Timeline & Expectations
Alignment Needed
Deloitte expects agents that run for hours reliably. Currently at 15% progress — first drops end of March, full reliability mid-April+.
3. Integration Priority Ranking
Input Requested
Remaining integration streams: ServiceNow + SAP (not started), SailPoint & Okta (bugs). Stakeholder input needed to sequence.
4. Meta Global Ops: Resource Allocation
Not Started
10-issue QA testing platform for Meta via Deloitte — entirely unresourced. Decision: priority vs. existing workstreams?
▶
🔄 Changes Since 2026-03-17 — 4 new issues
| Issue | Title | Type | Source |
|---|---|---|---|
| ENG-8792 | API action step: Dynamic input mode fails to resolve variables from prior workflow steps | 🔴 Bug | Mar 17 Cyber Weekly |
| ENG-8793 | Workflow list: Add ability to filter workflows by creator | 🟡 Feature | Mar 17 Cyber Weekly |
| ENG-8794 | ServiceNow integration: OAuth2 connection fails while REST API works | 🔴 Bug | Mar 17 Cyber Weekly |
| ENG-8795 | Expand Okta integration with write/create action tools | 🔴 Feature | Mar 17 Cyber Weekly |
▶
📞 Previous Call Context (2026-03-18)
- ▸ Discussion focused on internal Deloitte infra friction — K8s environment differences not fully understood internally
- ▸ NGINX ingress deprecation referenced by Deloitte, but Kindo ships AWS ALB (not the same thing, per Marcos)
- ▸ Amazon Bedrock model catalog — some models require preliminary customer steps to enable access
Workstreams
🛡️ Cyber / Adelina Squad
workstream:cyber-adelina
33% complete14 of 43
29
Open
14
Done
27
Cancelled
Squad: CharlieAashmanMadisonDoinkBrandon
🔐 IAM / Johnson & Johnson
workstream:iam-jnj
91% complete21 of 23
2
Open
21
Done
12
Cancelled
Squad: YashAashmanSeanCharlie
🔑 IAM POC (SailPoint / Entra)
workstream:iam-poc
90% complete9 of 10
1
Open
9
Done
1
Cancelled
Squad: AashmanSeanDevon
🏢 ERP Security (SAP)
workstream:erp-security
100% complete7 of 7
0
Open
7
Done
2
Cancelled
Squad: SeanHannahAmanda
🌐 NetOps (Cisco)
workstream:netops
100% complete3 of 3
0
Open
3
Done
3
Cancelled
Squad: Charlie
🌍 Meta Global Ops
workstream:meta-global-ops
0% complete0 of 10
10
Backlog
0
Done
0
Cancelled
Squad: Unassigned
Strategic Project View
Projects group related work across workstreams. This view helps stakeholders understand scope, strategic impact, and cross-cutting dependencies — not just individual tickets.
Active Projects
9
+ 2 completed
Large Scope
2
Canvas + Meta QA
Medium Scope
3
Reliability · Extensions · Multi-Agent
Small / Focused
4
SMK · API · GitOps · Auth
🖼️
Canvas Production Readiness
6 active · 1 done
LARGE SCOPE
In Progress
Strategic Context: Transform Canvas from an internal tool into a production-grade end-user interface for Deloitte. Canvas is the primary surface Deloitte's teams interact with daily — and it's currently blocking production deployment for the SOC.
🗣️ Customer Voice — What Deloitte Is Asking For
1. Show Kindo agent data in Canvas — Matthew wants Canvas to display data about what agents are running, their status, and project-related information. Essentially showing Kindo agent data as tool data in dashboards.
2. Navigation between Canvas dashboards — Matthew wants linking between different dashboards, menus, navigation — an interconnected experience, not isolated views.
3. URL parameters for drill-down — "Right now, if I wanted to push this to production for our SOC, I can't do that unless I have those URL parameters." Click one dashboard → opens another with filter context. This is the #1 production blocker.
4. More interactive web app capability — Deloitte leadership "don't love the current UI experience." If Canvas can't deliver sufficient interactivity, they will build their own UI. The IAM team is already considering this. This affects every workstream at Deloitte, not just Cyber.
⚠️ Pattern Problem & Architectural Limit
Escalation cycle: Every time a Canvas request is fulfilled, the next one comes immediately. Endless escalation on a limited architecture.
Architecture ceiling: Current Canvas is JSON dashboards — not infinitely scalable. Stacking features on this architecture has a hard ceiling.
🔮 Strategic Path Forward
Real solution: Build a v0/Lovable/Replit-style generative UI system — estimated as a quarter-sized initiative (~90 days R&D) to reach operational confidence.
Agreed tactical approach: Ship immediate Canvas fixes now (URL params, navigation) + offer a Kindo API (relatively easy). Position generative UI as a 2026 roadmap item without committing to a specific timeline.
Impacts: All Deloitte teams (cross-workstream)
Dependencies: Chat Actions Public API (for Kindo API path)
Stakeholder Input Needed: Priority ranking of tactical fixes, acceptance of generative UI timeline, whether to invest in Kindo API as interim
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8509 | Interactive web page UI functionality for canvases | 🔴 High | Backlog |
| ENG-8860 | URL parameters for drill-down navigation | — | Triage |
| ENG-8598 | Canvas editor: filters + multi-page navigation without JSON editing | 🟡 Med | Backlog |
| ENG-8057 | Implement observability for canvas | 🟡 Med | Backlog |
| ENG-8563 | Dashboard sharing for authorized recipients | — | Backlog |
| ENG-8514 | Mermaid graph/diagram support in canvas markdown | — | Backlog |
| ENG-7580 | Audit log everything in dashboards | — | Backlog |
🔄
Chat / Agent Long-Running Reliability
3 active
MEDIUM SCOPE
Critical Path
Strategic Context: Deloitte's core use case requires agents that run reliably for hours. Today, agents quit due to context overflow, timeouts, and unrecoverable failures. Currently 15% through — first drops expected end of March.
🗣️ Customer Voice — What Deloitte Is Experiencing
Agents quit mid-task — agents stop after hitting timeouts or unspecified failures. Initial timeout increases were a "Band-Aid." Deloitte needs agents that work for hours on complex tasks.
Uninformative error states — "Red boxes that don't give any real information about what's happening." When agents fail, users have no way to understand why or what to do next.
No per-step retry — if an agent hard-fails mid-run, the only option is restarting the entire workflow. Deloitte requested a "retry this step" button for unrecoverable automatic failures.
Webhook restart loses context — "The retry does not work if it's a web trigger. It won't pull in the same context from the webhook." Restarts lose the original triggering data.
No visibility into intermediate steps — "We don't know the results of step 2 or step 3 of a 5-step agent." Need to see/analyze results from each individual step.
Impacts: Cyber/Adelina (primary), all workflow users
Timeline: Phase 1 end of March, iterative drops after
Stakeholder Input Needed: Acceptable failure modes, retry vs. restart preferences, minimum session duration requirements
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8859 | Workflow restart doesn't preserve webhook trigger context | — | Triage |
| ENG-8511 | Selective data flow between model context windows ("Plan Mode") | — | Todo |
| ENG-8502 | Conversation compaction (continuous conversation) | — | Todo |
🔌
Deloitte Platform Extensions
5 active
MEDIUM SCOPE
In Progress
Strategic Context: New integrations and platform capabilities requested specifically by Deloitte. Each extension expands what Deloitte teams can automate in their security and identity workflows.
🗣️ Customer Voice — Integration Needs
🔴 Jira Data Center (CRITICAL) — completely broken after recent deployment. Auth flow requests API token when using basic auth for self-hosted Jira DC. "Number one critical — we definitely need to get fixed ASAP. Needed for RSA."
⚠️ ThreatConnect (degraded) — connects but 6+ validation error retries per successful call. MCP parameter descriptions may be unclear to the agent. "I'm limping along with it." Possible fix in main but not in SMK release cut.
ServiceNow + SAP — connectivity needed for test systems. ServiceNow OAuth2 fails while REST works. SAP needs JCo/RFC connectivity.
SailPoint & Okta — Okta shows partial/no data with "GWT kit invalid" error. Deloitte sending full list of SailPoint write ops they need.
Version confusion — "Is there a way to see what version of the integration we have?" Deloitte doesn't know whether fixes in main are in their instance.
Impacts: Cyber (Jira, ThreatConnect), IAM (ServiceNow, SailPoint, Okta), all teams (JSON output)
Dependencies: SMK release pipeline (fixes in main vs. deployed)
Stakeholder Input Needed: Integration priority ranking, test system access for ServiceNow/SAP, Okta write ops scope
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8794 | ServiceNow OAuth2 connection fails | 🔴 High | Backlog |
| ENG-8863 | ThreatConnect MCP parameter validation errors | — | Triage |
| ENG-8463 | BYO Embeddings (Pinecone) | — | Backlog |
| ENG-8233 | Delete deprecated CrowdStrike standalone MCP | 🟢 Low | Backlog |
| ENG-7911 | Structured JSON Output (JSON Schema Enforcement) | — | Backlog |
📦
Efficient SMK Install
2 active · both 🔴 High
SMALL SCOPE
HIGH URGENCY
Strategic Context: Streamlining the self-managed Kindo (SMK) deployment experience. Critical for scaling to 7 planned SMK deployments across Deloitte teams.
🗣️ Customer Voice
Installation friction — initial deployments had many slowdowns: environments not set up, prerequisites not tested, multiple manual steps. "It always looks good when we come in, push a button, and it works."
Privacy / AI policy compliance — Adelina's team requires users to sign on and acknowledge Deloitte's AI use policy before accessing the system. Must be configurable per deployment.
Agent portability — need to import agents between Kindo installations so configurations don't have to be recreated manually for each SMK instance.
Impacts: All SMK deployments (7 planned)
Stakeholder Input Needed: Privacy notice requirements per deployment, agent export/import scope, environment pre-validation checklist
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8596 | Configurable privacy notice flow for whitelabelled deployments | 🔴 High | Todo |
| ENG-7913 | Import Agents between Kindo installations | 🔴 High | Backlog |
🤖
Multi-Agent Orchestration
2 active
MEDIUM SCOPE
Future / Strategic
Strategic Context: Enable agents to trigger and coordinate other agents — a prerequisite for complex multi-step workflows. This is a platform capability that will unlock new use cases across all Deloitte workstreams. Currently in research/backlog phase.
Impacts: All workstreams (platform capability)
Dependencies: Chat/Agent Reliability must stabilize first
Stakeholder Input Needed: Priority use cases for multi-agent workflows, acceptable latency
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-7910 | "Agent Trigger" Type & Inter-Agent Orchestration Lifecycle | — | Backlog |
| ENG-6801 | Hatchet flow control & multi-agent tool research | — | Backlog |
🔗
Chat Actions Public API
1 active
SMALL SCOPE
New
Strategic Context: Public API with streaming support for custom UI integrations. Enables Deloitte to build bespoke interfaces on top of Kindo's agent infrastructure.
🗣️ Customer Voice
Streaming API — currently must poll run IDs repeatedly with no idea how long to wait. Need real-time streaming to see results step-by-step as agents work.
Ephemeral tool calls — today, to do any dynamic tool calling, they must create a full agent. Need the ability to trigger tool calls without agent creation — from Canvas or scripts.
Kindo API as Canvas interim — agreed as a tactical path: offer a Kindo API (relatively easy to build) so Deloitte can build custom UIs while generative UI is on the roadmap.
Impacts: All teams — enables custom UI path, unblocks Canvas limitations
Stakeholder Input Needed: API scope requirements, streaming vs. polling preference, authentication model
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8861 | Agents API: streaming support for real-time results | — | Triage |
📝
Agent Version Control
1 active
SMALL SCOPE
Future
Strategic Context: GitOps workflow for agents and canvases — version control, collaboration, and rollback. Critical for enterprise governance as Deloitte teams scale agent usage across multiple teams and deployments.
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8512 | GitOps for agents and canvases — version control & collaboration | — | Backlog |
🔒
Auth & Session Hardening
1 active
SMALL SCOPE
Backlog
Strategic Context: Session timeout and authentication hardening. Enterprise requirement for security compliance in Deloitte's environment.
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-6440 | 48-hour session timeout | — | Backlog |
🌍
Meta Global Ops — Automated QA Testing Platform
10 active · 0 assigned · all backlog
LARGE SCOPE
Not Started
Strategic Context: Build an automated QA testing platform for Meta via Deloitte. New engagement with significant scope — browser automation, mobile testing, visual comparison, ticketing integrations. Entirely unresourced. Requires RACI definition and phased engagement plan before work can begin.
Impacts: New revenue stream via Deloitte
Prerequisites: RACI plan, squad allocation, Deloitte kickoff
Stakeholder Input Needed: Priority vs. other workstreams, resource allocation, timeline expectations
▶ Show issues
| Issue | Title | Priority | State |
|---|---|---|---|
| ENG-8472 | RACI & Phased Engagement Plan with Deloitte | 🔴 High | Backlog |
| ENG-8469 | 2FA & Identity Flow Workarounds | 🔴 High | Backlog |
| ENG-8466 | Screenshot / Visual Comparison Engine | 🔴 High | Backlog |
| ENG-8465 | Web Flow Hardening & Demo Polish | 🔴 High | Backlog |
| ENG-8471 | Performance, Scale, and Reliability at Meta Scale | 🟡 Med | Backlog |
| ENG-8467 | Mobile Browser Emulation | 🟡 Med | Backlog |
| ENG-8470 | Messaging & Ticketing Integrations (Google Chat, Salesforce) | 🟡 Med | Backlog |
| ENG-8468 | Full Mobile App Testing via Device Farm Partner | 🟢 Low | Backlog |
| ENG-8317 | Browser output visibility in product — live sidebar viewport | — | Backlog |
| ENG-8056 | Implement Chromium for Browser Use in Sandbox Pod | — | Backlog |
✅
Release 2026.03.0
SMK integration validation, PII cleanup, SMK Installer — all shipped.
✅
Scalable Integrations
Microsoft Defender MCP + Microsoft Graph Alerts — both delivered.
All Open Issues
🛡️ Cyber / Adelina — Open Issues 29
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8597 | Command Center: collaborative alert triage workflow | Triage | 🔴 High | — |
| ENG-8795 | Expand Okta integration with write/create action tools | Triage | 🔴 High | — |
| ENG-8792 | API action step: Dynamic input fails to resolve variables | Triage | 🔴 High | — |
| ENG-8640 | Expand SailPoint ISC tool coverage | Triage | 🔴 High | — |
| ENG-8639 | Okta integration bug: partial/no data, disconnected state | Triage | 🔴 High | — |
| ENG-8596 | Add configurable privacy notice flow for whitelabelled deployments | Todo | 🔴 High | — |
| ENG-8721 | ThreatConnect Integration | Todo | 🔴 High | Aashman |
| ENG-8425 | Get ServiceNow and SAP connectivity working with test systems | Todo | 🔴 High | — |
| ENG-8744 | Docs site gaps: workflow tutorial, cyber walkthroughs, memory patterns | Confirming | 🔴 High | Doink |
| ENG-8509 | Interactive web page UI functionality for canvases | Backlog | 🔴 High | — |
| ENG-7913 | Import Agents between Kindo installations | Backlog | 🔴 High | — |
| ENG-8732 | Release package 2026.03.1 (Opus 4.6 + GPT OSS 120) | Backlog | 🔴 High | Brandon |
| ENG-8730 | Model management: delete/modify models without direct DB access | Backlog | 🔴 High | — |
| ENG-8729 | SMK system status verification endpoint | Backlog | 🔴 High | — |
| ENG-8793 | Workflow list: Add ability to filter workflows by creator | Triage | 🟡 Med | — |
| ENG-8598 | Canvas editor: filters and multi-page navigation without JSON editing | Backlog | 🟡 Med | — |
| ENG-8423 | Canvas: Production-ready primary end-user UI mode with hierarchical nav | Backlog | 🟡 Med | — |
| ENG-8057 | Implement observability for canvas | Backlog | 🟡 Med | — |
| ENG-8563 | Add dashboard sharing for authorized recipients | Backlog | 🟡 Med | — |
| ENG-8424 | Native prompt saving and management | Backlog | 🟢 Low | — |
| ENG-8233 | Delete deprecated standalone CrowdStrike Falcon MCP server | Backlog | 🟢 Low | — |
| ENG-8463 | BYO Embeddings: Allow custom OpenAI-compatible embeddings endpoint | Backlog | 🟢 Low | — |
| ENG-8511 | Selective data flow control between model context windows | Todo | — | — |
| ENG-8514 | Mermaid graph/diagram support in canvas markdown | Backlog | — | — |
| ENG-8513 | MITRE ATT&CK tool integration | Backlog | — | — |
| ENG-8512 | GitOps approach for agents & canvases — version control & collab | Backlog | — | — |
| ENG-8319 | Sub-agent execution support — first-class agent-triggers-agent | Backlog | — | — |
| ENG-7911 | Structured JSON Output (JSON Schema Enforcement) | Backlog | — | — |
| ENG-7910 | "Agent Trigger" Type & Inter-Agent Orchestration Lifecycle | Backlog | — | — |
🔐 IAM / J&J — Open Issues 2
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-7580 | Audit Log Everything in Dashboards | Backlog | — | — |
| ENG-6801 | Hatchet flow control & multi-agent tool research | Backlog | — | — |
🔑 IAM POC — Open Issues 1
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8794 | ServiceNow integration: OAuth2 connection fails while REST API works | Triage | 🔴 High | — |
🌍 Meta Global Ops — All Issues (Backlog) 10
| Issue | Title | State | Priority | Assignee |
|---|---|---|---|---|
| ENG-8472 | RACI & Phased Engagement Plan with Deloitte | Backlog | 🔴 High | — |
| ENG-8469 | 2FA & Identity Flow Workarounds | Backlog | 🔴 High | — |
| ENG-8466 | Screenshot / Visual Comparison Engine | Backlog | 🔴 High | — |
| ENG-8465 | Web Flow Hardening & Demo Polish | Backlog | 🔴 High | — |
| ENG-8471 | Performance, Scale, and Reliability at Meta Scale | Backlog | 🟡 Med | — |
| ENG-8467 | Mobile Browser Emulation | Backlog | 🟡 Med | — |
| ENG-8470 | Messaging & Ticketing Integrations (Google Chat, Salesforce) | Backlog | 🟡 Med | — |
| ENG-8468 | Full Mobile App Testing via Device Farm Partner | Backlog | 🟢 Low | — |
| ENG-8317 | Browser output visibility in product — live sidebar viewport | Backlog | — | — |
| ENG-8056 | Implement Chromium for Browser Use in Sandbox Pod | Backlog | — | — |
Delivery Cadence — Two-Week Team Cycle
📦 Week 1 — BUILD
TUESDAY
Requirements Day (Human Touchpoint)
8:00 AM — Adelina (90 min)
9:45 AM — Cyber (90 min)
11:30 AM — J&J (90 min)
1:30 PM — Meta (90 min)
Each: Deliver → Gather → Deep Dive → Scope Triage → Commit
9:45 AM — Cyber (90 min)
11:30 AM — J&J (90 min)
1:30 PM — Meta (90 min)
Each: Deliver → Gather → Deep Dive → Scope Triage → Commit
TUE PM – WED
🤖 Agentic Sprint Execution
Requirements → Akira pipeline → 3 parallel squads
12 sprints per release in ~6.5 hours
60-min sprint cycles: Req → Arch → Build → Test → Ship
12 sprints per release in ~6.5 hours
60-min sprint cycles: Req → Arch → Build → Test → Ship
THU – FRI
🧑 Human Review Gates
Quality review · Edge cases · Staging verification · Evidence packages
FRIDAY
📊 Status Report #1 → Each Team
Staging links · Demo recordings · Visual progress · Blockers w/ mitigation
✨ Week 2 — HOLD & POLISH
MON – THU
Release Complete
Polish · Document · Prep demos · Address review findings · Prep delivery presentation for Tuesday
FRIDAY
📊 Status Report #2 → Each Team
Release-ready summary with staging links · Preview of Tuesday delivery
NEXT TUE
🔁 Deliver + New Intake (Cycle Repeats)
Full release cycle = equivalent of 4-5 traditional sprints, delivered every 2 weeks
Intake
Day 1
Tuesday
Agentic Build
~6.5h
12 sprints
Human Review
+2 days
Thu – Fri
Release Ready
Day 5
Friday
Delivery
Day 15
Next Tuesday
Monthly Program Management Overlay
🗓️ Week 1 — Cycle A Build
MONDAY
Program Planning (Internal)
Unified backlog review · Cross-team prioritization · Contract scope governance · Capacity allocation
TUESDAY
Requirements Intake (Cycle A)
All 4 teams back-to-back + Deliver Cycle B results
FRIDAY
Status Reports + Program Check-in
Story prioritization · Issue/blocker list · Scope triage results
🗓️ Week 3 — Cycle B Build
TUESDAY
Requirements Intake (Cycle B)
All 4 teams + Deliver Cycle A results
WEDNESDAY
Reality Check (Internal)
Staging review · Progress to monthly goals · Time/cost/scope assessment · Cross-team adjustments
FRIDAY
Status Reports + Program Check-in
🗓️ Week 4 — Monthly Review
THURSDAY
Monthly Program Review & Re-Assessment
Cycle results across all 4 teams · Unified backlog re-prioritization · Contract scope audit · Dependencies reassessed · Velocity trends · Pod 2 sync
FRIDAY
Portfolio Summary → Deloitte Leadership
Roll-up to Vikram, Kush, Arun
Scope Governance
🐛
Bug / Defect
Software doesn't function per docs.kindo.ai
→ Support ticket → SLA response
Sev1: 4hr · Sev2: 1 business day
Sev1: 4hr · Sev2: 1 business day
Covered by $500K/yr support fee
✅
In-Scope Feature
Functionality documented or implied by docs.kindo.ai
→ Build in current cycle
→ Deliver next Tuesday
→ Deliver next Tuesday
Covered by $5M/yr license
🚫
Out-of-Scope / Bespoke
Functionality NOT in docs.kindo.ai or product roadmap
→ Flag for SOW negotiation
→ Additional Services amendment
→ Additional Services amendment
Separate SOW / rate card
📜 Scope Authority: docs.kindo.ai
The reference contract defines the product by its Documentation. For the Deloitte engagement, docs.kindo.ai serves as the canonical baseline.
Every requirement is triaged against this baseline:
Deloitte Request
→
Diff vs docs.kindo.ai
→
Bug
In-Scope
Out-of-Scope
🧑 Human Decision Gates
| Gate | Who Decides | When | Scope |
|---|---|---|---|
| 🧑 Scope Commitment | Deloitte team | Tuesday requirements session | Approves what they want built |
| 🧑 Sprint Approval | Kindo (Tony/Charlie) | Tuesday PM (internal) | Reviews sprint plan before agents execute |
| 🧑 Evidence Review | Kindo (Tony/Charlie) | Thursday–Friday | Verifies delivered work before staging |
| 🧑 Scope Triage | Tony | Gray zone requests | Build vs. flag for SOW |
| 🧑 Monthly Re-prioritization | Kindo leadership | Week 4 Thursday | Unified backlog adjustment |
Team & Stakeholders
🏢 Deloitte
VikramSenior Leadership
KushSenior Leadership
ArunProgram Leadership
MatthewCyber / Adelina Squad
Adelina SquadTeam Leads TBD
J&J SquadTeam Leads TBD
Meta SquadTeam Leads TBD
⚡ Kindo
Tony WongChief Delivery Officer
Mo NezaratiEngagement Lead
Charlie HulcherEngineering
Joana DiasProgram Support
Mathew VargheseCRO
AkiraAI Program Manager
BurkeAI Engineering
🔧 Engineering Squad
AashmanPrimary IC — dashboards, canvas, MCP, integrations
MadisonCrowdStrike, ThreatConnect
Yash KothariIAM J&J dashboards
Sean WalkerSAP, SailPoint, IAM
Devon PeroutkyIAM POC, Entra AD
HannahSAP ODATA
AmandaSAP user validation
Brandon CSMK validation, release packages
Doink (kinDOS)Docs site, call transcript processing
MarcosInfrastructure (ALB, K8s)
⏱️ Time Commitments
Deloitte Teams (per team)
Requirements Intake + Delivery Review90 min × 2/mo
Friday Status Report (read + click)~10 min × 4/mo
Total per team~3.5 hrs/month
Deloitte Leadership
Monthly Portfolio Summary (async read)~20 min
Monthly Review Discussion (optional)30–60 min
Total~1 hr/month
Tony's Time
Program Planning2 hrs
Requirements Intake (4 teams × 90 min × 2)12 hrs
Friday Program Check-ins2 hrs
Reality Check1.5 hrs
Monthly Program Review2 hrs
Total~19.5 hrs/month
Risks & Blockers
Jira Data Center Auth Broken — RESOLVED
Basic auth vs API token mismatch for self-hosted Jira DC has been fixed and deployed. Integration now operational.
Resolved Mar 20ThreatConnect MCP Tool Call Failures — RESOLVED
Validation errors on MCP parameters causing 6+ retries have been fixed. Integration now operational.
Resolved Mar 20Okta Integration Bug (ENG-8639)
Partial/no data, disconnected state — "Client association GWT kit is invalid" error. Blocks ENG-8795 (Okta write tools, explicit Deloitte request).
BlockerServiceNow OAuth2 Bug (ENG-8794)
OAuth2 connection fails while REST API works. Related to broader ServiceNow/SAP connectivity (ENG-8425, ENG-8304).
BlockerMeta Global Ops — Fully Unresourced
10 issues, all in backlog, zero assigned. 4 high-priority items (RACI plan, 2FA workarounds, screenshot engine, web flow hardening). No squad allocated.
Capacity RiskDeloitte K8s Environment Confusion
From today's call: Deloitte doesn't fully understand differences in their own K8s environments. NGINX ingress vs AWS ALB confusion. May cause deployment friction.
Infra RiskAmazon Bedrock Access Prerequisites
Some Bedrock models require preliminary customer steps to enable access. Deloitte may not have completed these.
Dependency~25 Unassigned Open Issues
Significant portion of open portfolio has no squad allocation. Particularly acute for Cyber (12 open, many unassigned) and all cross-workstream items.
Capacity Risk🔗 Key Dependencies
| Dependency | Blocks | Status |
|---|---|---|
| Okta connection bug fix (ENG-8639) | ENG-8795 (Okta write tools) | In Triage |
| SMK release package (ENG-8732) | 7 SMK deployments | In Progress |
| SailPoint write ops (email from Deloitte) | ENG-8640 (SailPoint expansion) | Waiting |
| Deloitte Bedrock access setup | Model catalog availability | TBD |
| Docs site gaps (ENG-8744) | Scope baseline (docs.kindo.ai as Exhibit D) | Confirming |
📡 Integration Signals (Reconfirmed)
| Integration | Issue | Status | Notes |
|---|---|---|---|
| Workday | AGE-149 | Requested | Reconfirmed as requested capability |
| Oracle | ENG-6612 | Requested | Reconfirmed — on-prem + cloud support required |
Program Structure — The Two-Pod Engine
AKIRA — AI PROGRAM MANAGER
Decomposes requirements into executable sprint campaigns · Human oversight at every gate
Pod 1: Kingdom Portfolio & Program Management
Fulfills the Deloitte contract
- 4 Deloitte teams (Adelina, Cyber, J&J, Meta)
- 7 SMK deployments
- Requirement triage & client delivery
- Scope governance against docs.kindo.ai
- 3 parallel squads, 60-min sprint cycles
- 12 sprints/release in ~6.5 hours
Pod 2: Akira Autonomous Product Development
Builds Akira into the Kindo product
- Build Akira into Kindo platform
- New product surfaces
- Platform capabilities
- The engine IS the product
- Continuous delivery
- Contract learnings feed into product
💡 Key Insight
Pod 1 delivers the Kingdom contract. Pod 2 builds Akira into the Kindo product. They share the same agentic architecture, sprint mechanics, and oversight model. What we build for Deloitte proves what we sell to the next 100 customers.
Operational Burn Reduction
70-80%
Lower vs. traditional delivery
Sprint Velocity
12
Sprints per release in ~6.5 hrs
Equivalent Traditional Pace
4-5×
Sprint scope compressed to 2 weeks
🚀 Implementation Phases
Phase 0: Pre-RSA (Now → RSA)
☑ Matthew warm-intro email · ☐ Prepare program dashboard · ☐ Lock docs.kindo.ai as scope baseline · ☐ Prepare RSA walkthrough materials
Phase 1: First Cycle (Post-RSA, ~1 week after)
First Tuesday requirements intake with all 4 teams · Run delivery manually — Burke builds, Tony reviews · Generate first Friday status reports · Validate cadence with real requirements
Phase 2: Cadence Established (Cycles 2-3)
Semi-automated Reality Check and status reports · Scope triage process validated · Monthly Program Review produces first Cycle Results · Pod 2 feeds contract learnings into product
Phase 3: Full Engine (Cycle 4+)
Fully automated status, tracking, sprint execution · Humans attend only decision gates · Portfolio governance on live data · The engine that delivers Deloitte becomes the product demo for 100 more
🎭 What Deloitte Sees vs. What Actually Happens
| What Deloitte Sees | What Actually Happens |
|---|---|
| "We have a structured delivery team" | 2 Mini-CEO Pods, 3 parallel squads, AI program management |
| "Requirements captured Tuesday, delivered next Tuesday" | 12 agentic sprints in 6.5 hours, held for human review |
| "Weekly status with staging links" | Auto-generated from pipeline state, not manually compiled |
| "Monthly portfolio view across all teams" | Akira synthesizes cross-team status in real-time |
| "Requests triaged against documented capabilities" | Automated diff against docs.kindo.ai, contract-aware scope governance |
| "Startup speed with enterprise rigor" | 70-80% lower operational burn, dual-pod engine |