Security & compliance¶
Private, identity-first, and PR-gated. The design assumes all ingested content is untrusted until reviewed.
-
Identity
Entra ID SSO everywhere. Managed Identity / workload identity for n8n → Azure OpenAI & ADO. No long-lived secrets or PATs.
-
Network
Static site gated at the host (Static Web Apps / App Service Easy Auth). Private endpoints where hosted on App Service.
-
Data
Classification on every page. Confidential comms are link-only. Secret scan runs in CI before publish.
-
Governance
Automation opens PRs; only humans merge. Owner-routed reviewers. Hand-edit guard on
/_generated. -
Audit
Full trail: PR → git history → n8n run → prompt hash → Log Analytics.
-
Prompt safety
Source treated as data, never instructions. Prompts versioned + reviewed; golden-output tests.
Handling sensitive information¶
Confidential & restricted content never leaves its source
Teams/Outlook comms from the automations (and any item labelled confidential/restricted) are never sent to the LLM and never mirrored into the wiki. The wiki holds a link-only stub; access is enforced in the source system. This is enforced in code, not by policy alone.
- Deletes → tombstones. Removed sources are marked
[DEPRECATED]; nothing silently goes stale, nothing is hard-deleted (audit history kept). - Legacy → short summary. Large stale docs become an ≤8-line summary + link, not a full mirror.
- Excel → summary, not grid. Sheet names/shape/headers + link; the workbook stays the record.
- China (21Vianet) is a separate cloud; China content is classified and kept in-region. The global wiki holds non-sensitive summaries + links only.