COUNCIL BRIEF CB-001: Atlantis AI Communications Domain
Atlantis ITS — May 20, 2026
Brief ID: CB-001
Version: 4.2 (All Council Votes Received — Final)
Status: ✅ APPROVED WITH CONDITIONS — 7 of 7 votes received
From: Shane Hardin (System Owner)
To: Full Atlantis Council — Ozzy, Mercy, Scout, Jimmy, Cooper, Lyra, Nova
Local Path: C:\AtlantisITS\knowledge
Forgejo Path: atlantis-docs/council/CB-001-AI-Communications-Domain.md
Compiled by: Ozzy (merged from Shane + all council responses v1-v4.2)
Version History
| Version | Change |
|---|---|
| v1.0 | Single shared inbox — ai@atlantisits.co |
| v2.0 | Moved to atlantisits.ai, all 7 council votes |
| v3.0 | Full per-agent identity layer proposed |
| v4.0 | Jimmy's alias architecture — one account, infinite aliases, zero cost |
| v4.1 | Two-inbox architecture — ai@ public, council@ private |
| v4.2 | All 7 votes received. No-Go Criteria. archive@ clarified. Quarantine rule. Conditions locked. |
🗳️ CONSORTIUM VOTE — FINAL TALLY
| Member | Vote | Key Conditions |
|---|---|---|
| Ozzy (Claude) | ✅ Approve | SOP-008 compliance, disclaimer, access list in V24 |
| Mercy (OpenAI) | 🟡 Approve with conditions | Human approval gate non-negotiable, archive@ clarification, quarantine before reject, no personal inbox revocation until validation passes, No-Go Criteria required |
| Scout (Grok) | 🟡 Approve with conditions | Human approval gate Phase 1, n8n routing rock-solid before go-live, alias list in SOP-010, weekly public inbox digest to #council |
| Jimmy (Gemini) | ✅ Approve | Governance win — revocation of Gmail/Outlook access is the greatest security feature. Alias routing efficient. Human-in-loop safeguard endorsed. SOP-008 Section 16 = 100% alignment. |
| Cooper (Copilot) | ✅ Approve | Zero-cost scaling, clean identity layer, deterministic routing, email as intake + Forgejo as canonical = exactly Cooper's mandate |
| Lyra (Perplexity) | ✅ Approve | Function-based routing, aliases first, BCC compliance capture |
| Nova | N/A | Phase 2 — full orchestration role |
| Shane (System Owner) | ✅ Proposed | Final authority |
| RESULT | ✅ UNANIMOUSLY APPROVED WITH CONDITIONS | 7/7 votes — full quorum |
Architecture approved. Deployment gated on all conditions in No-Go Criteria below.
Purpose
Establish atlantisits.ai as the AI command domain for Atlantis ITS with a two-inbox architecture:
ai@atlantisits.ai— Public-facing AI inbox (anyone can contact Atlantis AI)council@atlantisits.ai— Private internal command layer (Atlantis squad only)
Domain Strategy (Confirmed)
| Domain | Purpose |
|---|---|
atlantisits.co | Business / client-facing / company email / travel |
atlantisits.ai | AI Council / Nova / lab / agent operations / squad identity |
atlantisits.info | Docs / MkDocs KB |
The Two-Inbox Architecture
| Inbox | Audience | Purpose | Tone |
|---|---|---|---|
ai@atlantisits.ai | Public | Clients, leads, vendors, curious people | Product surface |
council@atlantisits.ai | Private — Atlantis only | Squad coordination, CB-series, SOPs, ops | Internal command |
Why this split matters:
ai@atlantisits.ai — Public Product Surface: - Anyone can email the Atlantis AI and get a response - Scout or Nova handles triage — human approval gate on ALL replies Phase 1 - Future revenue play — positions Atlantis as genuinely AI-native - Differentiator vs. traditional MSPs - Chronicle announcement planned after Phase 1 validation (Mercy: do not bind to issue number yet)
council@atlantisits.ai — Private Command Layer: - Internal squad only — Shane + authenticated agents - CB-series briefings, SOP review, runbook coordination - Unknown senders → quarantine + log + notify Shane (not reject — Mercy) - Jimmy's strictest compliance rules apply here - BCC compliance capture for full audit trail
⛔ No-Go Criteria (Mercy — Required Before Deployment)
Do NOT launch CB-001 if any of the following are true:
- [ ] SPF, DKIM, or DMARC are not configured on
atlantisits.ai - [ ] MFA is not enabled on both Zoho accounts
- [ ] n8n IMAP/SMTP credentials are stored insecurely
- [ ] Public replies from
ai@can bypass Shane approval gate - [ ]
council@accepts unknown senders without quarantine - [ ] Logs are not writing to
/atlantis-ops/logs/ - [ ] Personal inbox forwarding is broad or unfiltered
- [ ] Agent aliases route to wrong handler in n8n
- [ ]
archive@atlantisits.aiimplementation is undefined - [ ] Personal inbox access (Jimmy/Gmail, Cooper/Outlook) revoked before validation passes
- [ ] Any validation test from the go-live checklist is incomplete
The Core Architecture: One Account Per Inbox, Infinite Aliases (Jimmy)
The trap: Separate Zoho user accounts per agent = paid license per agent. Jimmy's solution: Two primary accounts + unlimited free aliases + n8n
To:header routing. Zero extra cost as squad scales.
Per-Agent Aliases — Phase 2 (Zero Cost)
Council aliases → council@atlantisits.ai:
| Alias | Agent | Primary Use |
|---|---|---|
ozzy@atlantisits.ai | Ozzy (Claude) | Architecture, SOP, strategy |
mercy@atlantisits.ai | Mercy (OpenAI) | Proposals, workflow, decisions |
scout@atlantisits.ai | Scout (Grok) | Research, ingestion, triage |
cooper@atlantisits.ai | Cooper (Copilot) | Doc submissions, SOP/HT/KB |
jimmy@atlantisits.ai | Jimmy (Gemini) | Compliance, audit — no outbound replies |
lyra@atlantisits.ai | Lyra (Perplexity) | Deep research via Scout ingestion |
atlas@atlantisits.ai | Future identity | Reserved — Lyra suggestion |
Public aliases → ai@atlantisits.ai:
| Alias | Purpose |
|---|---|
nova@atlantisits.ai | Nova-branded public contact |
hello@atlantisits.ai | Friendly public entry point |
ask@atlantisits.ai | Future product surface |
All aliases point to their respective master inbox. Zoho free tier = 2 of 5 mailboxes used. Aliases are always free regardless of squad size.
archive@ Clarification (Mercy — Required)
Mercy condition: The BCC compliance capture references
archive@atlantisits.aibut the cost model only defines two mailboxes. This must be resolved before build.
Decision (pending Shane confirmation):
| Option | Detail |
|---|---|
| Option A — Alias | archive@ = alias pointing to council@ — no new mailbox, free |
| Option B — Dedicated mailbox | archive@ = third Zoho mailbox — uses 1 of remaining 3 free slots |
Recommended: Option A — alias to council@ for Phase 1. Promotes to dedicated mailbox only if retention/access rules require isolation.
archive@atlantisits.aiwill be implemented as an alias or dedicated mailbox only after retention and access rules are defined. — Mercy
DNS Setup
Configure in Cloudflare DNS for atlantisits.ai — all records DNS Only (grey cloud):
MX Records
| Type | Host | Value | Priority |
|---|---|---|---|
| MX | @ | mx.zoho.com. | 10 |
| MX | @ | mx2.zoho.com. | 20 |
| MX | @ | mx3.zoho.com. | 50 |
TXT Records
| Type | Host | Value |
|---|---|---|
| TXT | @ | v=spf1 include:zoho.com ~all |
| TXT | zmail._domainkey | (Zoho DKIM key — from Zoho admin panel) |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:council@atlantisits.ai |
⚠️ SPF + DKIM + DMARC must be configured before first send — No-Go gate. ⚠️ Plan DNS maintenance window. Validate with
dig MX atlantisits.aibefore cutover.
n8n Routing Architecture
Public Inbox — ai@atlantisits.ai
External email → ai@atlantisits.ai
→ n8n IMAP trigger
→ Jimmy compliance filter (content scan, strip sensitive data)
→ Scout API — primary public handler
→ Switch by subject/content:
"billing" / "pricing" → Mercy lane
"technical" / "help" → Ozzy lane
"research" / "intel" → Scout lane (default)
"Nova" / "product" → Nova lane (Phase 2)
→ Draft reply generated
→ *** HUMAN APPROVAL GATE — Shane reviews ALL public replies Phase 1 ***
→ SMTP reply from ai@atlantisits.ai
→ BCC → archive@atlantisits.ai
→ Log → /atlantis-ops/logs/email-public.log
→ Weekly digest → #council Discord (Scout condition)
Council Inbox — council@atlantisits.ai
Internal email → council@atlantisits.ai
→ n8n IMAP trigger
→ Sender whitelist check (Jimmy)
Known sender → proceed
Unknown sender → QUARANTINE + log + notify Shane (not reject — Mercy)
→ Read To: header → Switch node:
To: ozzy@... → Ozzy API (Anthropic)
To: mercy@... → Mercy API (OpenAI)
To: scout@... → Scout API (xAI)
To: cooper@... → Cooper API (Copilot)
To: jimmy@... → Jimmy audit log only (no reply)
To: lyra@... → Scout ingestion → Lyra scoring
To: council@... → Scout (default handler)
→ Approval gate (ops / financial / public content)
→ BCC → archive@atlantisits.ai (compliance capture)
→ SMTP reply from council@atlantisits.ai
→ Log → /atlantis-ops/logs/email-council.log
Routing Rules by Function (Lyra)
| Rule Type | Criteria | Action |
|---|---|---|
| Sender-based | Trusted @atlantisits.* domains | Allow → council routing |
| Sender-based | Unknown external → council@ | Quarantine + log + notify Shane |
| Sender-based | Unknown external → ai@ | Allow → Scout with approval gate |
| Subject-based | "SOP" / "HT" / "KB" / "Brief" | Route to Cooper lane |
| Subject-based | "Compliance" / "Risk" / "Audit" | Route to Jimmy audit lane |
| Subject-based | "Research" / "Intel" | Route to Scout lane |
| Address-based | Direct agent alias To: | Route to named agent lane |
| Default | Anything else | Scout handles |
Access Model (Jimmy — Council Approved)
| Agent | ai@ Access | council@ Access | Method |
|---|---|---|---|
| Shane | Full admin | Full admin | Direct Zoho |
| Scout | Primary handler | Primary handler | n8n IMAP/SMTP |
| Nova | Phase 2 | Phase 2 | Future |
| Ozzy | Delegated (approved replies) | Delegated via n8n | n8n routing |
| Mercy | Delegated (approved replies) | Delegated via n8n | n8n routing |
| Cooper | — | Delegated via n8n | n8n routing |
| Jimmy | Compliance filter only | Audit-only — no replies | n8n hook |
| Lyra | No direct access | No direct access | Scout ingestion |
Security Rules (All Council)
Both inboxes: - [ ] MFA on both Zoho accounts — No-Go gate - [ ] Strong unique passwords — password manager - [ ] No credentials, API keys, .env, secrets — ever - [ ] SPF + DKIM + DMARC before first send — No-Go gate - [ ] DNS Only (grey cloud) in Cloudflare - [ ] Quarterly access review documented in Forgejo - [ ] All AI replies logged
council@ additional (Jimmy + Mercy): - [ ] Sender whitelist enforced - [ ] Unknown senders quarantined + logged + Shane notified (never auto-rejected Phase 1) - [ ] BCC compliance capture active - [ ] Jimmy audit log for all compliance events
ai@ additional (Scout + Mercy): - [ ] Human approval gate on ALL outgoing replies — Phase 1 non-negotiable - [ ] Content filter before Scout processes - [ ] Weekly digest of public activity → #council Discord
Standard signatures:
ai@atlantisits.ai:
Powered by Atlantis ITS AI — operating under SOP-008 v0.4.
Do not send sensitive personal, financial, or confidential data.
— ai@atlantisits.ai
council@atlantisits.ai:
This inbox is for internal Atlantis ITS AI operations only.
External senders: please use ai@atlantisits.ai.
Operating under SOP-008 v0.4.
— Atlantis ITS AI Council
Knowledge Rule (Mercy — Non-Negotiable)
Email is not source of truth. Email is intake and discussion.
Forgejo = source of truth. Important decisions promoted email → Forgejo before canonical.
Go-Live Validation Checklist
Personal inbox access (Jimmy/Gmail, Cooper/Outlook) must NOT be revoked until ALL of these pass:
- [ ]
ai@public inbox test: external sender → Scout responds → Shane approves → reply sent - [ ]
council@alias route test:jimmy@→ Jimmy audit log, no reply - [ ]
council@alias route test:ozzy@→ Ozzy responds correctly - [ ] Approval gate test: public reply blocked until Shane approves
- [ ] Logging test: both
email-public.logandemail-council.logwriting - [ ] Quarantine test: unknown sender to
council@→ quarantine + Shane notified - [ ] Reply signing test: signature present on outbound replies
- [ ] BCC capture test: archive@ receives copy of all council replies
- [ ] Weekly digest test: #council Discord receives public inbox summary
Cost Model
| Item | Cost |
|---|---|
| Zoho free tier — 2 accounts (ai@ + council@) | $0/mo |
| Email aliases — unlimited | $0/mo |
atlantisits.ai domain | Already owned |
| n8n (self-hosted Hetzner) | $0 incremental |
| Total Phase 1 | $0/mo |
| Total Phase 2 (aliases) | $0/mo |
SOP-008 Assessment (Jimmy — 100% Section 16 Alignment)
| Risk Factor | Level | Mitigation |
|---|---|---|
| AI accessing personal inboxes | 🔴 Current violation | Resolved — revocation after validation |
| Sensitive data in AI inbox | 🟡 Medium | Disclaimer + no-secrets + Jimmy filter |
| Autonomous public replies | 🟡 Medium | Human approval gate — non-negotiable Phase 1 |
| Unknown senders council@ | 🟡 Medium | Quarantine + log + Shane notify |
| MX migration risk | 🟡 Medium | Maintenance window + DNS validation |
| archive@ undefined | 🟡 Medium | Resolved — alias to council@ Phase 1 |
| Email as source of truth | 🟡 Medium | Mercy's Knowledge Rule enforced |
| Overall | 🟢 Low | Approved unanimously with conditions |
Documents Generated by This Brief
| Doc | Owner | Status |
|---|---|---|
| CB-001 v4.2 (this doc) | Ozzy | ✅ Complete |
| SOP-010: AI Communications Domain | Cooper | ⬜ Pending |
| HT-019: Connecting Scout to Zoho Mail | Cooper | ⬜ Pending |
| HT-020: Zoho DNS Setup (MX/SPF/DKIM/DMARC) | Ozzy | ⬜ Pending |
Action Items
| # | Action | Owner | Status |
|---|---|---|---|
| 1 | Confirm archive@ = alias to council@ (Phase 1) | Shane | ⬜ |
| 2 | Plan DNS maintenance window | Shane | ⬜ Pending VPS deploy |
| 3 | Create Zoho accounts: ai@ + council@ | Shane | ⬜ Pending VPS deploy |
| 4 | Configure MX + SPF + DKIM + DMARC in Cloudflare | Shane | ⬜ Pending VPS deploy |
| 5 | Enable MFA + signatures on both accounts | Shane | ⬜ Pending |
| 6 | Configure both inboxes in n8n IMAP/SMTP | Shane + Jimmy | ⬜ Pending VPS deploy |
| 7 | Build n8n public routing + approval gate | Shane + Ozzy | ⬜ Pending VPS deploy |
| 8 | Build n8n council routing (To: header switch) | Shane + Ozzy | ⬜ Pending VPS deploy |
| 9 | Build Jimmy compliance filter + quarantine rule | Jimmy | ⬜ Pending VPS deploy |
| 10 | Build BCC compliance capture | Jimmy | ⬜ Pending VPS deploy |
| 11 | Build weekly public digest → #council Discord | Scout | ⬜ Pending VPS deploy |
| 12 | Run full go-live validation checklist | Shane | ⬜ Pending VPS deploy |
| 13 | Revoke Jimmy/Gmail + Cooper/Outlook access | Shane | ⬜ After validation passes |
| 14 | Create Discord #council channel structure | Shane | ⬜ Pending |
| 15 | Draft SOP-010: AI Communications Domain | Cooper | ⬜ Pending |
| 16 | Draft HT-019: Connecting Scout to Zoho Mail | Cooper | ⬜ Pending |
| 17 | Draft HT-020: Zoho DNS Setup | Ozzy | ⬜ Pending |
| 18 | Push CB-001 v4.2 to Forgejo + V24 memory | Shane/Ozzy | ⬜ Tonight |
Implementation Timeline
Tonight (Wednesday May 20)
→ CB-001 v4.2 pushed to Forgejo ✅
→ archive@ decision confirmed by Shane
↓ Before VPS deploy weekend
→ DNS maintenance window planned
→ No-Go Criteria reviewed — all gates confirmed ready
↓ Hetzner VPS deploy weekend (funds pending)
→ n8n live on PostgreSQL
→ Zoho accounts created: ai@ + council@
→ MX + SPF + DKIM + DMARC configured
→ MFA + signatures enabled
→ n8n wired: public routing + council routing
→ Jimmy compliance filter + quarantine rule active
→ BCC compliance capture active
→ Approval gate active
→ Full go-live validation checklist runs
↓ Post-validation
→ All checklist items pass
→ Personal inbox access revoked (Jimmy/Gmail, Cooper/Outlook)
→ Weekly public digest → #council Discord active
→ CB-001 CLOSED ✅
→ Chronicle announcement: "Email our AI at ai@atlantisits.ai"
↓ Phase 2
→ Per-agent aliases added (free)
→ Nova email routing agent
→ atlas@ reserved identity activated
V24 Memory Items (Log Wednesday)
- CB-001 v4.2 — UNANIMOUSLY APPROVED WITH CONDITIONS — 7/7 votes
- atlantisits.ai = AI command domain. atlantisits.co = business/client.
- Two-inbox architecture: ai@ (public) + council@ (private)
- Phase 1: two Zoho accounts, free tier (2 of 5 mailboxes)
- Phase 2: unlimited aliases — ozzy@, mercy@, scout@, cooper@, jimmy@, lyra@, atlas@
- Jimmy alias architecture: infinite aliases, zero extra cost
- Zoho MX: mx.zoho.com (10), mx2.zoho.com (20), mx3.zoho.com (50)
- SPF + DKIM + DMARC required before go-live (No-Go gate)
- Human approval gate: ALL public replies Phase 1 (Scout + Mercy condition)
- Unknown council@ senders: quarantine + log + notify Shane (not reject)
- archive@ = alias to council@ Phase 1 (pending Shane confirmation)
- Personal inbox revocation: ONLY after full go-live validation passes
- Weekly public inbox digest → #council Discord (Scout condition)
- SOP-010, HT-019, HT-020 queued
- No-Go Criteria section added (Mercy)
- Go-live validation checklist: 9 tests must pass before revocation
- Chronicle announcement after Phase 1 validation (no issue number bound)
- Jimmy: SOP-008 Section 16 = 100% alignment. Revocation = greatest security win.
- Cooper: email as intake, Forgejo as canonical — exactly Cooper's mandate.
References
- SOP-008 v0.4 — AI Production Risk Review
- ATLANTIS_AI_MEMORY.md V23 (May 14, 2026)
updates.mdMay 20, 2026- RUNBOOK-Hetzner-VPS-Phase1-v3.md
- Zoho Mail: zoho.com/mail
- Cloudflare DNS: dash.cloudflare.com
- n8n IMAP Trigger: docs.n8n.io/integrations/builtin/trigger-nodes/n8n-nodes-base.imaptrigger
- n8n Send Email: docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.sendemail
- CB-001 v1.0 through v4.1 (superseded)
- CB-002 v1.0 — Nova Voice (companion brief)
CB-001 v4.2 — FINAL — compiled by Ozzy — May 20, 2026
7/7 council votes received — unanimously approved with conditions
Store at: C:\AtlantisITS\knowledge\CB-001-AI-Communications-Domain.md
Push to Forgejo: atlantis-docs/council/CB-001-AI-Communications-Domain.md
Deployment gated on No-Go Criteria — see checklist above