Skip to content

Security & compliance

Private, identity-first, and PR-gated. The design assumes all ingested content is untrusted until reviewed.

  •   Identity


    Entra ID SSO everywhere. Managed Identity / workload identity for n8n → Azure OpenAI & ADO. No long-lived secrets or PATs.

  •   Network


    Static site gated at the host (Static Web Apps / App Service Easy Auth). Private endpoints where hosted on App Service.

  •   Data


    Classification on every page. Confidential comms are link-only. Secret scan runs in CI before publish.

  •   Governance


    Automation opens PRs; only humans merge. Owner-routed reviewers. Hand-edit guard on /_generated.

  •   Audit


    Full trail: PR → git history → n8n run → prompt hash → Log Analytics.

  •   Prompt safety


    Source treated as data, never instructions. Prompts versioned + reviewed; golden-output tests.

Handling sensitive information

Confidential & restricted content never leaves its source

Teams/Outlook comms from the automations (and any item labelled confidential/restricted) are never sent to the LLM and never mirrored into the wiki. The wiki holds a link-only stub; access is enforced in the source system. This is enforced in code, not by policy alone.

  • Deletes → tombstones. Removed sources are marked [DEPRECATED]; nothing silently goes stale, nothing is hard-deleted (audit history kept).
  • Legacy → short summary. Large stale docs become an ≤8-line summary + link, not a full mirror.
  • Excel → summary, not grid. Sheet names/shape/headers + link; the workbook stays the record.
  • China (21Vianet) is a separate cloud; China content is classified and kept in-region. The global wiki holds non-sensitive summaries + links only.