Deloitte × Kindo - Operational Dashboard

Executive Overview

Sandbox race condition identified — root cause found in cleanup process; fix in testing, expected in next release (v3.16 deployed last week). Multiple integration reliability issues surfaced — ThreatConnect MCP failing ~80% of tool calls, Jira DC triggers non-functional, and no ability to route agents to specific integrations when multiples are configured.

64 open items remain (12 urgent). 76 of 195 total items delivered across all workstreams (39% delivered). Deloitte teams flagging lack of centralized priority tracking and visibility into issue status.

195

Total Items

Delivered

Open

Urgent

🚧 Key Blockers

🔥

ThreatConnect MCP — ~80% Tool Call Failure Rate CRITICAL

ThreatConnect integration parameters consistently rejected. ~80% of tool calls fail and the system retries until one succeeds. Engineering is actively investigating the root cause in the MCP configuration.

🔥

Integration Routing — Cannot Select Specific Integration NOT STARTED

When multiple integrations of the same type are configured (e.g., 3 Jira instances or 3 CrowdStrike), there is no way to specify which one an agent should use. This is a long-standing request that has not yet been picked up by engineering.

🔧

Sandbox Cleanup Race Condition FIX IN TESTING

Root cause identified in the sandbox cleanup process causing failures. Fix is being tested and expected in the next release. Instance already upgraded to v3.16.

⚠️

Jira Data Center Triggers Non-Functional UNDER REVIEW

Custom Jira Data Center triggers do not initiate agents. Multiple configurations attempted with no success. Engineering is reviewing the issue.

⚠️

Agent Run UI — Completion Not Reflected UNDER REVIEW

Agent runs complete on the backend but the front end does not update automatically. Users must manually refresh the page 2-3 times to see results. A fix is currently under review.

📦

SailPoint ISC Write Operations NOT STARTED

SailPoint integration is currently limited to read operations only. Write operations (e.g., creating application objects) were requested over a month ago but have not yet been picked up.

🎯 3 Main Priorities

🔧

Fix ThreatConnect MCP Reliability CRITICAL

~80% of ThreatConnect tool calls fail due to parameter configuration issues. Engineering is actively investigating. This is the most impactful integration issue for the cyber workstream.

⚡

Deliver Integration Routing Capability NOT STARTED

Agents cannot specify which integration instance to use when multiple are configured. This blocks multi-environment workflows across Jira, CrowdStrike, and other tools. Has not been picked up by engineering yet.

📦

Deploy Sandbox Fix + SMK Automation Package IN PROGRESS

Sandbox race condition fix is being tested and expected in the next release. SMK deployment automation package with preflight checks is ready for delivery to Deloitte.

🆕 Raised This Week Since Apr 21, 2026

1 Critical 3 New ▼

Items added or escalated since the last Monday. Helps meeting prep — see what's new without scrolling the full backlog.

Apr 23

ThreatConnect MCP — ~80% Failure Rate Escalated CRITICAL

Tool call reliability regression surfaced during Apr 23 weekly connect. Parameters rejected on nearly every call; system brute-forces retries. Escalated to engineering with priority.

Raised by: Nathan Ellis (Deloitte Cyber)

Apr 23

Integration Routing — Cannot Target Specific Instance NEW

Long-standing request re-escalated. When multiple integrations of the same type are configured, there is no way to direct an agent to a specific one. Blocks multi-environment workflows across Jira, CrowdStrike, and others.

Raised by: Nathan Ellis (Deloitte Cyber)

Apr 23

Agent Output UI Enhancements — Resizable Windows LOW PRIORITY

Request for resizable prompt/output windows and cleaner tool call output display. Also: show which asset and user ID was used during tool calls for audit trail.

Raised by: Deloitte ITS team

Apr 22

Instance Upgraded to v3.16 COMPLETE

Deloitte production instance upgraded to platform version 3.16. Includes Canvas URL navigation, API action step fix, and foundation for upcoming sandbox cleanup fix.

Deployed by: Kindo Engineering

🚀 Release Tracking

v3.16 Current Next Release ▼

Track which issues shipped in the current release and what's targeted for the next one.

Item	Release	Status	Notes
📦 Next Release (Upcoming)
Sandbox cleanup race condition fix	Next Release	⚠️ In Testing	Root cause identified (EBS unmount). Fix in testing, expected imminently.
Canvas disclaimer customization	Next Release	⚠️ In Release	Separate disclaimers for Canvas and chat interfaces.
Agent failure notes enhancement	Next Release	⚠️ In Release	Improved visibility into why an agent failed.
✅ v3.16 (Current — Deployed Apr 22)
Canvas URL parameter navigation	v3.16	✅ Complete	Drill-down navigation and contextual filtering on Canvas dashboards.
API Action Step fix	v3.16	✅ Complete	Dynamic body now has access to previous step outputs.
SAP integration fix	v3.16	✅ Complete	Serialization error regression on Deloitte ITS instance resolved.
Profile dropdown organization name	v3.16	✅ Complete	Displays organization name for non-admin users.
Canvas AI disclaimer banner	v3.16	✅ Complete	Sticky header disclaimer added to Canvas pages.

👥 Priority Queue by Team

3 Workstreams ▼

Top priority items for each Deloitte workstream. Use this view to focus discussion on what matters most to your team.

🛡️ Cyber — Nathan Ellis / Adelina Kaza

ThreatConnect MCP — ~80% Failure Rate CRITICAL

Tool call parameters consistently rejected. System brute-forces retries. Blocks cyber workstream productivity. Engineering investigating.

Integration Routing — Multi-Instance Selection NOT STARTED

Cannot direct agents to specific CrowdStrike or Jira instances. Blocks multi-environment cyber workflows.

Selective Data Flow Control COMPLETE

Data flow control between model context windows delivered for Cyber workstream (Apr 7).

AEF Context Window — 1M Context Active COMPLETE

Bedrock extended context flag set. 1M context window now active for enhanced analysis (Apr 6).

⚙️ IT Services — Zun Huang / Harshal Sarode

Jira Data Center Triggers Non-Functional UNDER REVIEW

Custom Jira DC triggers don't initiate agents on ITS. Multiple configurations attempted. Engineering reviewing.

SAP / Oracle Integration Progress IN PROGRESS

SAP serialization fix deployed (Apr 14). Oracle integration partially in progress. Ongoing work for ITS workstream.

Agent UI — Completion Not Reflected UNDER REVIEW

Agent runs complete on backend but UI doesn't update. Users must manually refresh 2-3 times to see results.

Agent Output UI Enhancements LOW PRIORITY

Resizable windows, readable tool call output, and asset/user ID visibility during tool calls.

🔑 SailPoint — USI Practitioners

SailPoint ISC Write Operations NOT STARTED

Integration limited to read-only. Write operations (e.g., creating application objects) requested over a month ago but not yet picked up.

Integration Routing — Multi-Instance Selection NOT STARTED

Same routing gap affects SailPoint environments. Cannot target specific ISC instance when multiples configured.

Sandbox Stability for Testing FIX IN TESTING

Race condition fix expected in next release. Affects testing workflows in sandbox environments.

Dashboards

Each dashboard tracks a different class of work across the Deloitte engagement.

● On Track

Training

Platform training program for Deloitte teams - pilot session, LMS, video content, and live trainer coordination.

Bug Fixes & Info Requests

Active bugs, configuration issues, and operational requests from Deloitte teams requiring engineering response.

Platform enhancements, new integrations, and capability requests surfaced through Deloitte engagement calls.

Open Items

High Priority

Workstreams

Engagement Information Flow

Full mind map showing all request sources, classifications, and resolution paths across the Deloitte engagement.

🗺️ View Full Engagement Mind Map

Request sources → Requests → Classification (Bug / Training / Feature) → Resolution paths. Interactive - click to explore.

→

🔍 Key Health Questions Reporting Period: Apr 27, 2026

▼

Question	Status	Explanation
Is the team behind schedule?	🔴 Yes	Multiple issues raised weeks/months ago still lack updates. Centralized priority tracking dashboard promised >1 month ago has not been shared with Deloitte. 64 open items remain, 12 urgent.
Problems preventing cycle goal?	🔴 Active	ThreatConnect MCP ~80% failure rate blocking cyber workstream. Jira DC triggers non-functional. No integration routing capability for multi-instance environments. Sandbox fix still in testing.
Tasks added or deleted this cycle?	⚠️ Yes	New issues from Apr 23: Jira DC triggers, ThreatConnect MCP reliability regression, integration routing request, SailPoint write ops, agent failure notes, UI resizability. Instance upgraded to v3.16.
Foresee issues for next period?	🔴 Yes	Sandbox fix release imminent but not yet deployed. ThreatConnect and integration routing have no ETA. Deloitte expressed frustration over lack of updates and visibility. New SMK deployment (#3 Digital Identity) needs preflight validation.
Unscheduled tasks this cycle?	⚠️ Several	Jira DC trigger investigation, ThreatConnect MCP deep-dive, agent UI resizability request, agent failure notes, and agent run asset/user visibility enhancement all surfaced at Apr 23 meeting.
Have any estimates changed?	⚠️ Yes	Sandbox fix ETA moved to "tomorrow morning at latest" (from Apr 23 call). Canvas disclaimer customization targeted for next release. Integration routing and ThreatConnect have no estimates.
Technical problems encountered?	🔴 Active	ThreatConnect MCP parameter schema causing ~80% failure rate. Sandbox cleanup race condition found (EBS unmount). Jira DC triggers never fire. Agent completion not reflected in UI without manual refresh.
Resource problems?	🔴 Yes	Project management gap - primary PM (Mo) absent for 2 weeks with no coverage. Deloitte teams have no visibility into issue tracking or prioritization. Meta Global Ops remains unresourced.

✅ Accomplishments This Period

▼

Accomplishment	Done	Status
Canvas URL parameter navigation — drill-down navigation and contextual filtering now supported on Canvas dashboards	Apr 24	✅ Complete
Instance upgrade to v3.16 — deployed to Deloitte instance	Apr 22	✅ Complete
API Action Step fix — dynamic body now has access to previous step outputs	Apr 22	✅ Complete
Sandbox race condition root cause identified — deep debugging session captured logs and identified root cause in cleanup process	Apr 21	✅ Complete
SAP integration fix — serialization error regression on Deloitte ITS instance resolved	Apr 14	✅ Complete
Profile dropdown organization name — now displays organization name for non-admin users	Apr 14	✅ Complete
Canvas AI disclaimer banner — sticky header disclaimer added to Canvas pages	Apr 8	✅ Complete
SAP MCP serialization fix — resolved serialization errors on ITS instance	Apr 7	✅ Complete
Selective data flow control — data flow control between model context windows for Cyber workstream	Apr 7	✅ Complete
Agent workflow restart fix — webhook trigger context now preserved on restart	Apr 6	✅ Complete
AEF context window fix — Bedrock extended context flag set; 1M context now active	Apr 6	✅ Complete
Task worker / Hatchet stability — heartbeat reconnection patch deployed and holding; no restarts needed	Apr 2	✅ Complete
Chat UI session visibility — Agent ID and session ID now surfaced without URL extraction	Apr 2	✅ Complete
SMK white-label logo CORS fix — resolved CORS issues with custom logo assets	Mar 24	✅ Complete
Jira Data Center auth fix — basic auth vs API token mismatch resolved for self-hosted Jira DC	Mar 19	✅ Complete
Okta disconnected state fix — resolved incorrect disconnected state display	Mar 19	✅ Complete
Dashboard/Canvas agent cleanup — auto-created agents hidden from main list, new "Dashboard Agents" filter tab	Mar 16	✅ Complete
DLP data scrubbing fix — customer PII scrubbing issue resolved	Mar 11	✅ Complete
Sandbox cleanup fix — race condition fix in testing, expected in next release	—	⚠️ In Testing
Canvas disclaimer customization — separate disclaimers for Canvas and chat; in next release	—	⚠️ In Release
Agent failure notes enhancement — improved visibility into why an agent failed; in next release	—	⚠️ In Release
Preflight script with pre-flight checks — deployment automation package ready for Deloitte testing	—	⚠️ Delivering

🔺 Active Risks

▼

ID	Impact	Trend	Description	Mitigation
R1	High	📈	ThreatConnect MCP Reliability. ~80% of tool calls fail - parameters rejected, system brute-forces retries. Blocks cyber workstream productivity.	Escalated to engineering with priority Apr 23. Root cause suspected in MCP parameter schema. No fix ETA yet.
R2	High	🆕	Integration Routing Gap. No way to specify which integration instance an agent should use when multiples are configured. Blocks multi-environment workflows.	Escalated to engineering Apr 23. No ETA or prior tracking visible. Critical for CrowdStrike, Jira, and other multi-instance deployments.
R3	High	📈	Project Management Visibility. Primary PM (Mo) absent 2 weeks. No centralized priority tracker shared with Deloitte despite being promised >1 month ago. Multiple teams with conflicting priorities and no coordination.	Marcos covering Apr 23 meeting, committed to getting updates today. Mo to provide personal update to Deloitte. Out-of-band meeting proposed for next week.
R4	Med	📉	Sandbox Stability. Race condition in cleanup process identified (EBS unmount). Fix in testing. Instance upgraded to v3.16 Apr 22.	Fix expected in next release (tomorrow morning at latest per Apr 23). Debugging session with Nathan was productive - root cause confirmed.
R5	Med	🆕	Jira DC Triggers Non-Functional. Custom Jira Data Center triggers do not initiate agents on ITS. Lower priority than integration routing but blocks automation workflows.	Identified Apr 23. Lower priority per Deloitte - other backlog items take precedence. Being tracked.
R6	Med	➡️	Integration Backlog. SailPoint write ops waiting >1 month. SAP/Oracle partially in progress. Jira DC triggers broken. Direct Connect (ThreatConnect) MCP failing.	SAP work ongoing. SailPoint and other integration requests lack ETA. Integration priority ranking needed from Deloitte stakeholders.
R7	Med	➡️	SMK deployment scalability. Preflight script ready for delivery. Deployment #3 (Digital Identity) planned. Enterprise AWS guardrails remain a challenge.	Preflight automation package being sent to Deloitte for testing. Manual checklist + Terraform automation in development.
R8	Med	➡️	Agent UI / UX gaps. Agent run completion not reflected in UI. Tool call output not readable (long JSON). Resizable windows requested. Agent failure notes unclear.	Agent failure notes and disclaimer customization in next release. UI resizability is a new request - not on current roadmap.

Most Recent Meeting Deployment Q&A - Weekly Connect (Apr 23)

4 Critical 8 Action Items ▼

📞 Deployment Q&A - Weekly Connect - Apr 23, 2026

Participants: Marcos Pagnucco (Kindo), Nathan Ellis (Deloitte), Sumanth Tadikonda, Harish, Harshal Vasudeo, and ~40 others

🔥 ThreatConnect MCP - ~80% Failure Rate - Every time a tool call is made to ThreatConnect, ~80% of calls fail because parameters are rejected. System retries/brute-forces until one succeeds. Something wrong with MCP parameter configuration or description. Escalated to engineering.

🔥 Integration Routing - Cannot Select Specific Integration - When multiple integrations of the same type are configured (e.g., 3 Jiras, 3 CrowdStrikes), there is no way to specify which one an agent should use. Long-standing request tracked by Mo - no status update provided for weeks. Escalated with priority.

🔥 PM Visibility Gap - No Updates for 2 Weeks - Primary PM (Mo) absent for 2 weeks. No status updates provided to Deloitte. Centralized priority tracking dashboard promised over a month ago was never shown. Multiple teams with different priorities and no visibility into what's being tracked. Nathan: "I'm getting a little frustrated because we've been waiting for updates."

🔧 Sandbox Race Condition - Fix in Testing - Root cause found: race condition in cleanup process causing EBS unmount failures. Deep debugging session with Nathan captured critical logs. Fix in testing - expected tomorrow morning at latest. Instance already upgraded to v3.16.

⚠️ Agent UI - Completion Still Not Reflected - Agents complete on backend but UI doesn't update. Users must refresh manually 2-3 times. Front-end polling/streaming issue persists despite backend improvements.

⚠️ Jira DC Triggers Non-Functional - Custom Jira Data Center triggers don't initiate agents at all on ITS. Multiple filter configurations attempted. Lower priority than integration routing per Deloitte.

📦 SailPoint ISC Write Operations - Requested 1-1.5 months ago. Jira created by Mo, no status update provided. Currently read-only - write operations needed.

📦 Canvas Disclaimer Customization - Separate disclaimers for Canvas and chat. Implemented, in next release (same release as sandbox fix).

📦 Agent Failure Notes - Better visibility into why agents failed. Engineering has discussed; expected in next release.

💡 Agent Output UI Enhancements (New request - Low Priority) - Tool call output areas are cluttered and not readable. Request for resizable windows for prompt/output areas. Also: show which asset and user ID was used during tool calls.

📦 SMK Deployment Automation - Preflight script with new pre-flight functionality ready. Marcos to send package + instructions to Deloitte within hours. Validates cluster networking, connection strings, and access before deployment.

📅 Meeting Cadence - Out-of-band meeting proposed for next week to bring full updates that Marcos couldn't provide. Mo expected to provide personal update to Deloitte.

📦 SMK Installs - Deployment Progress

2 Complete 1 Planned 4 Blockers ▼

Key deployment status and improvement initiatives from Cyber Weekly (Apr 2), Office Hours (Apr 2), and prior sessions.

Deployment Status

Deployment	Status	Key Issues
Deployment #1	✅ Complete	Security group/connectivity issues discovered during install
Deployment #2	✅ Complete	Calico CNI vs VPC CNI caused ingress automation failure
Deployment #3 (Digital Identity)	🔵 Planned	Bastion host access being requested, same environment challenges expected

Key Improvements In Progress

Initiative	Status	Details
Preflight Script (Helm chart)	✅ Ready	Preflight automation package with pre-flight validation complete. Marcos delivering to Deloitte with instructions (Apr 23). Checks cluster networking, connection strings, and access before deployment.
Manual Deployment Checklist	⚠️ In Progress	For enterprise teams with multiple departments involved in provisioning and access.
Infrastructure Automation (Terraform)	⚠️ In Progress	Turnkey AWS provisioning, handed to Deloitte infra team for testing.
Script Migration to Helm Charts	⚠️ In Progress	Moving bastion host scripts into cluster, reducing external dependencies.

Current Blockers

Blocker	Severity	Mitigation
Task worker / Hatchet instability	✅ Resolved	Heartbeat/Hatchet reconnection patch deployed and stable. No restarts needed since fix.
Sandbox cleanup race condition	⚠️ Fix In Testing	Race condition in cleanup process identified (EBS unmount). Fix in testing, expected in next release. Instance upgraded to v3.16 on Apr 22.
ThreatConnect MCP ~80% failure rate	🔴 Critical	Tool call parameters consistently rejected. System brute-forces retries. Escalated to engineering Apr 23.
No observability configured	⚠️ Medium	Deployed instances lack OpenTelemetry/Grafana monitoring.
Enterprise AWS guardrails	⚠️ Medium	IAM roles, network subnets will be a challenge for every customer deployment.

🏛️ Deloitte × Kindo — Program Dashboard

Weekly Operational Review

Executive Overview

🆕 Raised This Week Since Apr 21, 2026

🚀 Release Tracking

👥 Priority Queue by Team

Dashboards

Engagement Information Flow

🔍 Key Health Questions Reporting Period: Apr 27, 2026

✅ Accomplishments This Period

🔺 Active Risks

Most Recent Meeting Deployment Q&A - Weekly Connect (Apr 23)

📦 SMK Installs - Deployment Progress

Deployment Status

Key Improvements In Progress

Current Blockers