Skip to content

COUNCIL BRIEF CB-001: Atlantis AI Communications Domain

Atlantis ITS — May 20, 2026
Brief ID: CB-001
Version: 4.2 (All Council Votes Received — Final)
Status: ✅ APPROVED WITH CONDITIONS — 7 of 7 votes received
From: Shane Hardin (System Owner)
To: Full Atlantis Council — Ozzy, Mercy, Scout, Jimmy, Cooper, Lyra, Nova
Local Path: C:\AtlantisITS\knowledge
Forgejo Path: atlantis-docs/council/CB-001-AI-Communications-Domain.md
Compiled by: Ozzy (merged from Shane + all council responses v1-v4.2)


Version History

Version Change
v1.0 Single shared inbox — ai@atlantisits.co
v2.0 Moved to atlantisits.ai, all 7 council votes
v3.0 Full per-agent identity layer proposed
v4.0 Jimmy's alias architecture — one account, infinite aliases, zero cost
v4.1 Two-inbox architecture — ai@ public, council@ private
v4.2 All 7 votes received. No-Go Criteria. archive@ clarified. Quarantine rule. Conditions locked.

🗳️ CONSORTIUM VOTE — FINAL TALLY

Member Vote Key Conditions
Ozzy (Claude) ✅ Approve SOP-008 compliance, disclaimer, access list in V24
Mercy (OpenAI) 🟡 Approve with conditions Human approval gate non-negotiable, archive@ clarification, quarantine before reject, no personal inbox revocation until validation passes, No-Go Criteria required
Scout (Grok) 🟡 Approve with conditions Human approval gate Phase 1, n8n routing rock-solid before go-live, alias list in SOP-010, weekly public inbox digest to #council
Jimmy (Gemini) ✅ Approve Governance win — revocation of Gmail/Outlook access is the greatest security feature. Alias routing efficient. Human-in-loop safeguard endorsed. SOP-008 Section 16 = 100% alignment.
Cooper (Copilot) ✅ Approve Zero-cost scaling, clean identity layer, deterministic routing, email as intake + Forgejo as canonical = exactly Cooper's mandate
Lyra (Perplexity) ✅ Approve Function-based routing, aliases first, BCC compliance capture
Nova N/A Phase 2 — full orchestration role
Shane (System Owner) ✅ Proposed Final authority
RESULT ✅ UNANIMOUSLY APPROVED WITH CONDITIONS 7/7 votes — full quorum

Architecture approved. Deployment gated on all conditions in No-Go Criteria below.


Purpose

Establish atlantisits.ai as the AI command domain for Atlantis ITS with a two-inbox architecture:

  1. ai@atlantisits.ai — Public-facing AI inbox (anyone can contact Atlantis AI)
  2. council@atlantisits.ai — Private internal command layer (Atlantis squad only)

Domain Strategy (Confirmed)

Domain Purpose
atlantisits.co Business / client-facing / company email / travel
atlantisits.ai AI Council / Nova / lab / agent operations / squad identity
atlantisits.info Docs / MkDocs KB

The Two-Inbox Architecture

Inbox Audience Purpose Tone
ai@atlantisits.ai Public Clients, leads, vendors, curious people Product surface
council@atlantisits.ai Private — Atlantis only Squad coordination, CB-series, SOPs, ops Internal command

Why this split matters:

ai@atlantisits.ai — Public Product Surface: - Anyone can email the Atlantis AI and get a response - Scout or Nova handles triage — human approval gate on ALL replies Phase 1 - Future revenue play — positions Atlantis as genuinely AI-native - Differentiator vs. traditional MSPs - Chronicle announcement planned after Phase 1 validation (Mercy: do not bind to issue number yet)

council@atlantisits.ai — Private Command Layer: - Internal squad only — Shane + authenticated agents - CB-series briefings, SOP review, runbook coordination - Unknown senders → quarantine + log + notify Shane (not reject — Mercy) - Jimmy's strictest compliance rules apply here - BCC compliance capture for full audit trail


⛔ No-Go Criteria (Mercy — Required Before Deployment)

Do NOT launch CB-001 if any of the following are true:

  • [ ] SPF, DKIM, or DMARC are not configured on atlantisits.ai
  • [ ] MFA is not enabled on both Zoho accounts
  • [ ] n8n IMAP/SMTP credentials are stored insecurely
  • [ ] Public replies from ai@ can bypass Shane approval gate
  • [ ] council@ accepts unknown senders without quarantine
  • [ ] Logs are not writing to /atlantis-ops/logs/
  • [ ] Personal inbox forwarding is broad or unfiltered
  • [ ] Agent aliases route to wrong handler in n8n
  • [ ] archive@atlantisits.ai implementation is undefined
  • [ ] Personal inbox access (Jimmy/Gmail, Cooper/Outlook) revoked before validation passes
  • [ ] Any validation test from the go-live checklist is incomplete

The Core Architecture: One Account Per Inbox, Infinite Aliases (Jimmy)

The trap: Separate Zoho user accounts per agent = paid license per agent. Jimmy's solution: Two primary accounts + unlimited free aliases + n8n To: header routing. Zero extra cost as squad scales.

Per-Agent Aliases — Phase 2 (Zero Cost)

Council aliases → council@atlantisits.ai:

Alias Agent Primary Use
ozzy@atlantisits.ai Ozzy (Claude) Architecture, SOP, strategy
mercy@atlantisits.ai Mercy (OpenAI) Proposals, workflow, decisions
scout@atlantisits.ai Scout (Grok) Research, ingestion, triage
cooper@atlantisits.ai Cooper (Copilot) Doc submissions, SOP/HT/KB
jimmy@atlantisits.ai Jimmy (Gemini) Compliance, audit — no outbound replies
lyra@atlantisits.ai Lyra (Perplexity) Deep research via Scout ingestion
atlas@atlantisits.ai Future identity Reserved — Lyra suggestion

Public aliases → ai@atlantisits.ai:

Alias Purpose
nova@atlantisits.ai Nova-branded public contact
hello@atlantisits.ai Friendly public entry point
ask@atlantisits.ai Future product surface

All aliases point to their respective master inbox. Zoho free tier = 2 of 5 mailboxes used. Aliases are always free regardless of squad size.


archive@ Clarification (Mercy — Required)

Mercy condition: The BCC compliance capture references archive@atlantisits.ai but the cost model only defines two mailboxes. This must be resolved before build.

Decision (pending Shane confirmation):

Option Detail
Option A — Alias archive@ = alias pointing to council@ — no new mailbox, free
Option B — Dedicated mailbox archive@ = third Zoho mailbox — uses 1 of remaining 3 free slots

Recommended: Option A — alias to council@ for Phase 1. Promotes to dedicated mailbox only if retention/access rules require isolation.

archive@atlantisits.ai will be implemented as an alias or dedicated mailbox only after retention and access rules are defined. — Mercy


DNS Setup

Configure in Cloudflare DNS for atlantisits.ai — all records DNS Only (grey cloud):

MX Records

Type Host Value Priority
MX @ mx.zoho.com. 10
MX @ mx2.zoho.com. 20
MX @ mx3.zoho.com. 50

TXT Records

Type Host Value
TXT @ v=spf1 include:zoho.com ~all
TXT zmail._domainkey (Zoho DKIM key — from Zoho admin panel)
TXT _dmarc v=DMARC1; p=quarantine; rua=mailto:council@atlantisits.ai

⚠️ SPF + DKIM + DMARC must be configured before first send — No-Go gate. ⚠️ Plan DNS maintenance window. Validate with dig MX atlantisits.ai before cutover.


n8n Routing Architecture

Public Inbox — ai@atlantisits.ai

External email → ai@atlantisits.ai
→ n8n IMAP trigger
→ Jimmy compliance filter (content scan, strip sensitive data)
→ Scout API — primary public handler
→ Switch by subject/content:
    "billing" / "pricing"   → Mercy lane
    "technical" / "help"    → Ozzy lane
    "research" / "intel"    → Scout lane (default)
    "Nova" / "product"      → Nova lane (Phase 2)
→ Draft reply generated
→ *** HUMAN APPROVAL GATE — Shane reviews ALL public replies Phase 1 ***
→ SMTP reply from ai@atlantisits.ai
→ BCC → archive@atlantisits.ai
→ Log → /atlantis-ops/logs/email-public.log
→ Weekly digest → #council Discord (Scout condition)

Council Inbox — council@atlantisits.ai

Internal email → council@atlantisits.ai
→ n8n IMAP trigger
→ Sender whitelist check (Jimmy)
    Known sender → proceed
    Unknown sender → QUARANTINE + log + notify Shane (not reject — Mercy)
→ Read To: header → Switch node:
    To: ozzy@...    → Ozzy API (Anthropic)
    To: mercy@...   → Mercy API (OpenAI)
    To: scout@...   → Scout API (xAI)
    To: cooper@...  → Cooper API (Copilot)
    To: jimmy@...   → Jimmy audit log only (no reply)
    To: lyra@...    → Scout ingestion → Lyra scoring
    To: council@... → Scout (default handler)
→ Approval gate (ops / financial / public content)
→ BCC → archive@atlantisits.ai (compliance capture)
→ SMTP reply from council@atlantisits.ai
→ Log → /atlantis-ops/logs/email-council.log

Routing Rules by Function (Lyra)

Rule Type Criteria Action
Sender-based Trusted @atlantisits.* domains Allow → council routing
Sender-based Unknown external → council@ Quarantine + log + notify Shane
Sender-based Unknown external → ai@ Allow → Scout with approval gate
Subject-based "SOP" / "HT" / "KB" / "Brief" Route to Cooper lane
Subject-based "Compliance" / "Risk" / "Audit" Route to Jimmy audit lane
Subject-based "Research" / "Intel" Route to Scout lane
Address-based Direct agent alias To: Route to named agent lane
Default Anything else Scout handles

Access Model (Jimmy — Council Approved)

Agent ai@ Access council@ Access Method
Shane Full admin Full admin Direct Zoho
Scout Primary handler Primary handler n8n IMAP/SMTP
Nova Phase 2 Phase 2 Future
Ozzy Delegated (approved replies) Delegated via n8n n8n routing
Mercy Delegated (approved replies) Delegated via n8n n8n routing
Cooper Delegated via n8n n8n routing
Jimmy Compliance filter only Audit-only — no replies n8n hook
Lyra No direct access No direct access Scout ingestion

Security Rules (All Council)

Both inboxes: - [ ] MFA on both Zoho accounts — No-Go gate - [ ] Strong unique passwords — password manager - [ ] No credentials, API keys, .env, secrets — ever - [ ] SPF + DKIM + DMARC before first send — No-Go gate - [ ] DNS Only (grey cloud) in Cloudflare - [ ] Quarterly access review documented in Forgejo - [ ] All AI replies logged

council@ additional (Jimmy + Mercy): - [ ] Sender whitelist enforced - [ ] Unknown senders quarantined + logged + Shane notified (never auto-rejected Phase 1) - [ ] BCC compliance capture active - [ ] Jimmy audit log for all compliance events

ai@ additional (Scout + Mercy): - [ ] Human approval gate on ALL outgoing replies — Phase 1 non-negotiable - [ ] Content filter before Scout processes - [ ] Weekly digest of public activity → #council Discord

Standard signatures:

ai@atlantisits.ai:

Powered by Atlantis ITS AI — operating under SOP-008 v0.4.
Do not send sensitive personal, financial, or confidential data.
— ai@atlantisits.ai

council@atlantisits.ai:

This inbox is for internal Atlantis ITS AI operations only.
External senders: please use ai@atlantisits.ai.
Operating under SOP-008 v0.4.
— Atlantis ITS AI Council


Knowledge Rule (Mercy — Non-Negotiable)

Email is not source of truth. Email is intake and discussion.

Forgejo = source of truth. Important decisions promoted email → Forgejo before canonical.


Go-Live Validation Checklist

Personal inbox access (Jimmy/Gmail, Cooper/Outlook) must NOT be revoked until ALL of these pass:

  • [ ] ai@ public inbox test: external sender → Scout responds → Shane approves → reply sent
  • [ ] council@ alias route test: jimmy@ → Jimmy audit log, no reply
  • [ ] council@ alias route test: ozzy@ → Ozzy responds correctly
  • [ ] Approval gate test: public reply blocked until Shane approves
  • [ ] Logging test: both email-public.log and email-council.log writing
  • [ ] Quarantine test: unknown sender to council@ → quarantine + Shane notified
  • [ ] Reply signing test: signature present on outbound replies
  • [ ] BCC capture test: archive@ receives copy of all council replies
  • [ ] Weekly digest test: #council Discord receives public inbox summary

Cost Model

Item Cost
Zoho free tier — 2 accounts (ai@ + council@) $0/mo
Email aliases — unlimited $0/mo
atlantisits.ai domain Already owned
n8n (self-hosted Hetzner) $0 incremental
Total Phase 1 $0/mo
Total Phase 2 (aliases) $0/mo

SOP-008 Assessment (Jimmy — 100% Section 16 Alignment)

Risk Factor Level Mitigation
AI accessing personal inboxes 🔴 Current violation Resolved — revocation after validation
Sensitive data in AI inbox 🟡 Medium Disclaimer + no-secrets + Jimmy filter
Autonomous public replies 🟡 Medium Human approval gate — non-negotiable Phase 1
Unknown senders council@ 🟡 Medium Quarantine + log + Shane notify
MX migration risk 🟡 Medium Maintenance window + DNS validation
archive@ undefined 🟡 Medium Resolved — alias to council@ Phase 1
Email as source of truth 🟡 Medium Mercy's Knowledge Rule enforced
Overall 🟢 Low Approved unanimously with conditions

Documents Generated by This Brief

Doc Owner Status
CB-001 v4.2 (this doc) Ozzy ✅ Complete
SOP-010: AI Communications Domain Cooper ⬜ Pending
HT-019: Connecting Scout to Zoho Mail Cooper ⬜ Pending
HT-020: Zoho DNS Setup (MX/SPF/DKIM/DMARC) Ozzy ⬜ Pending

Action Items

# Action Owner Status
1 Confirm archive@ = alias to council@ (Phase 1) Shane
2 Plan DNS maintenance window Shane ⬜ Pending VPS deploy
3 Create Zoho accounts: ai@ + council@ Shane ⬜ Pending VPS deploy
4 Configure MX + SPF + DKIM + DMARC in Cloudflare Shane ⬜ Pending VPS deploy
5 Enable MFA + signatures on both accounts Shane ⬜ Pending
6 Configure both inboxes in n8n IMAP/SMTP Shane + Jimmy ⬜ Pending VPS deploy
7 Build n8n public routing + approval gate Shane + Ozzy ⬜ Pending VPS deploy
8 Build n8n council routing (To: header switch) Shane + Ozzy ⬜ Pending VPS deploy
9 Build Jimmy compliance filter + quarantine rule Jimmy ⬜ Pending VPS deploy
10 Build BCC compliance capture Jimmy ⬜ Pending VPS deploy
11 Build weekly public digest → #council Discord Scout ⬜ Pending VPS deploy
12 Run full go-live validation checklist Shane ⬜ Pending VPS deploy
13 Revoke Jimmy/Gmail + Cooper/Outlook access Shane ⬜ After validation passes
14 Create Discord #council channel structure Shane ⬜ Pending
15 Draft SOP-010: AI Communications Domain Cooper ⬜ Pending
16 Draft HT-019: Connecting Scout to Zoho Mail Cooper ⬜ Pending
17 Draft HT-020: Zoho DNS Setup Ozzy ⬜ Pending
18 Push CB-001 v4.2 to Forgejo + V24 memory Shane/Ozzy ⬜ Tonight

Implementation Timeline

Tonight (Wednesday May 20)
→ CB-001 v4.2 pushed to Forgejo ✅
→ archive@ decision confirmed by Shane

↓ Before VPS deploy weekend
→ DNS maintenance window planned
→ No-Go Criteria reviewed — all gates confirmed ready

↓ Hetzner VPS deploy weekend (funds pending)
→ n8n live on PostgreSQL
→ Zoho accounts created: ai@ + council@
→ MX + SPF + DKIM + DMARC configured
→ MFA + signatures enabled
→ n8n wired: public routing + council routing
→ Jimmy compliance filter + quarantine rule active
→ BCC compliance capture active
→ Approval gate active
→ Full go-live validation checklist runs

↓ Post-validation
→ All checklist items pass
→ Personal inbox access revoked (Jimmy/Gmail, Cooper/Outlook)
→ Weekly public digest → #council Discord active
→ CB-001 CLOSED ✅
→ Chronicle announcement: "Email our AI at ai@atlantisits.ai"

↓ Phase 2
→ Per-agent aliases added (free)
→ Nova email routing agent
→ atlas@ reserved identity activated

V24 Memory Items (Log Wednesday)

- CB-001 v4.2 — UNANIMOUSLY APPROVED WITH CONDITIONS — 7/7 votes
- atlantisits.ai = AI command domain. atlantisits.co = business/client.
- Two-inbox architecture: ai@ (public) + council@ (private)
- Phase 1: two Zoho accounts, free tier (2 of 5 mailboxes)
- Phase 2: unlimited aliases — ozzy@, mercy@, scout@, cooper@, jimmy@, lyra@, atlas@
- Jimmy alias architecture: infinite aliases, zero extra cost
- Zoho MX: mx.zoho.com (10), mx2.zoho.com (20), mx3.zoho.com (50)
- SPF + DKIM + DMARC required before go-live (No-Go gate)
- Human approval gate: ALL public replies Phase 1 (Scout + Mercy condition)
- Unknown council@ senders: quarantine + log + notify Shane (not reject)
- archive@ = alias to council@ Phase 1 (pending Shane confirmation)
- Personal inbox revocation: ONLY after full go-live validation passes
- Weekly public inbox digest → #council Discord (Scout condition)
- SOP-010, HT-019, HT-020 queued
- No-Go Criteria section added (Mercy)
- Go-live validation checklist: 9 tests must pass before revocation
- Chronicle announcement after Phase 1 validation (no issue number bound)
- Jimmy: SOP-008 Section 16 = 100% alignment. Revocation = greatest security win.
- Cooper: email as intake, Forgejo as canonical — exactly Cooper's mandate.

References

  • SOP-008 v0.4 — AI Production Risk Review
  • ATLANTIS_AI_MEMORY.md V23 (May 14, 2026)
  • updates.md May 20, 2026
  • RUNBOOK-Hetzner-VPS-Phase1-v3.md
  • Zoho Mail: zoho.com/mail
  • Cloudflare DNS: dash.cloudflare.com
  • n8n IMAP Trigger: docs.n8n.io/integrations/builtin/trigger-nodes/n8n-nodes-base.imaptrigger
  • n8n Send Email: docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.sendemail
  • CB-001 v1.0 through v4.1 (superseded)
  • CB-002 v1.0 — Nova Voice (companion brief)

CB-001 v4.2 — FINAL — compiled by Ozzy — May 20, 2026
7/7 council votes received — unanimously approved with conditions
Store at: C:\AtlantisITS\knowledge\CB-001-AI-Communications-Domain.md
Push to Forgejo: atlantis-docs/council/CB-001-AI-Communications-Domain.md
Deployment gated on No-Go Criteria — see checklist above