Skip to content
AskFlorence
Main Navigation ArchitectureFlorence AIAgentsMembersAgent PlatformValidationInfrastructure

Appearance

Sidebar Navigation

Overview

Home

Glossary

System Architecture

Consumer & Agent Flow

Florence AI

Overview

Principles

Runtime

Tool surface

Adding a tool

Tool registry

Knowledge: SBC scenarios & CSR

Voice

Evals & observability

Provider risk & portability

Outage playbook

Roadmap

Build plan

Agents

Overview

Workflows & pain points

Members

Overview

Medicaid coverage gap

Carriers

Overview

Marketplaces

Overview

Agency

Overview

Regulations

Overview

Agent Platform

Overview

Auth Architecture

MongoDB Permissioning

Compliance Model

Data Models

Data Sources

Overview

CMS Marketplace API

CMS dependency map

PUF Data

State Subsidies

SBE Ingestion Playbook

SBE State Watchouts + Decisions

CA Phase C/D Playbook

NY Phase C/D Playbook

Validation

Overview

Methodology

APTC Formula

California 2026

New York 2026

CAPS Formula

Scenario Results

Infrastructure

Account Inventory

AWS Setup Runbook

AWS Organizations

CloudTrail

GuardDuty

Security Hub

Config

CloudFront + WAFv2

Data sources & ingest

Phase 4 DNS

Change Log

Vulnerability Management

MongoDB Setup

Access Control

Data Classification

Documentation Hosting

Post-deploy Smoke

Development

Preflight (local CI mirror)

Testing strategy

Compliance

Overview (auditor entry point)

SOC 2 Control Mapping

HIPAA Control Mapping

CMS EDE Appendix A Mapping

Risk Assessment

Encryption Policy

Data Retention Policy

Privacy Impact Assessment

Consent Capture & Versioning

Incident Response Plan

Access Control Policy

Marketing vs. Portal Analytics

Vendor / Subprocessor Register

Dependency Vulnerability Policy

BAA / Compliance Evidence

Compliance-Automation Integration

Compliance-Automation Vendor Evaluation

Penetration Test Reports

Architecture

Portal entry handoff

Mobile app strategy

Deferred architecture decisions

Session cookie architecture

Share flows

Decisions (ADRs)

Index

0001 — Atlas project isolation

0002 — Append-only audit log

0003 — Narrow-scoped Mongo users

0004 — Cross-cluster Atlas PrivateLink

0005 — Delayed-job architecture

0006 — Mongo user simplification

0007 — Terraform owns ECS task def

0008 — E2E testing strategy

0009 — Self-hosted analytics + observability (superseded)

0010 — PostHog HIPAA Cloud (supersedes 0009)

Runbooks

Security Incident Response

Break-Glass Root Login

Onboard Team Member

Offboard Team Member

Atlas user provisioning

Deploy via Terraform (ENG-277)

Rollback via Terraform (ENG-277)

S3 data bucket migration (planned Phase 11)

Access Reviews

2026-Q2 Review

Session log

Index

2026-04-23 — Phase 10 DNS cutover

2026-04-22 — Phase 8 prod AWS mirror

2026-04-22 — Phase 7 Atlas VPC peering

2026-04-22 — Phase 6 CloudFront + WAF

2026-04-21 — Phase 5 staging go-live

2026-04-17 — Atlas staging

Briefs

Index

Member portal plan (ENG-187)

2026-04-16/17 handoff

2026-04-17 Atlas handoff

System briefing (2026-04-17)

Creative AdBundance proposal brief

Creative AdBundance analytics brief

ElevenLabs RN integration research

Policies

Overview

On this page

Session Brief — Atlas staging provisioning (2026-04-17) ​

Handoff for the parallel AWS-migration session. No passwords in this file; all credentials live in .env.staging.local at the repo root.

Staging Atlas project ​

  • Project name: askflorence-staging
  • Project ID: 69e31af12fd2c0aef51bbb41
  • Org ID: 69dc20c64005b222804daf75
  • Console URL: https://cloud.mongodb.com/v2/69e31af12fd2c0aef51bbb41

Cluster ​

  • Name: askflorence-staging
  • Host: askflorence-staging.efsikmv.mongodb.net
  • Connection SRV: mongodb+srv://askflorence-staging.efsikmv.mongodb.net
  • Tier: M0 (free, shared)
  • Provider / region: AWS US_EAST_1 (matches prod)
  • MongoDB version: 8.0.21
  • Database: askflorence
  • Seeded from: askflorence-prod-01 snapshot taken 2026-04-17 via mongodump → mongorestore. 35,056 docs across 6 collections (plans=4326, zip_county=30338, regions=357, plan_years=31, agent_survey_responses=4, audit_log=0). Data size 231 MB (well under M0's 512 MB limit).

Allowlist ​

  • Only entry: Taha's laptop IP (136.38.212.186/32).
  • Explicitly NOT present: 0.0.0.0/0. Do not add.
  • Next step (AWS session's responsibility): add VPC peering for AWS staging VPC CIDR 10.40.0.0/16 and replace the laptop entry once the VPC peer is healthy.

Users ​

All six users live in this staging project only. Never created on the prod project this session.

UsernameRoleEnv var (in .env.staging.local)Purpose
app_read_stagingbuilt-in read@askflorenceMONGODB_URIApp read path
app_writer_surveyrole_writer_survey@adminMONGODB_URI_SURVEY_WRITEPhase 2 survey writes (#52)
app_writer_plansrole_writer_plans@adminMONGODB_URI_PLANS_WRITEIngest scripts (scripts/db/*.js)
app_writer_agentsrole_writer_agents@adminMONGODB_URI_AGENTS_WRITEPhase 5 agent portal
app_admin_agentsrole_admin_agents@adminMONGODB_URI_AGENTS_ADMINAdmin dashboard
audit_readerrole_audit_reader@adminMONGODB_URI_AUDIT_READCompliance reporting

Passwords: 32-char random (openssl). Stored only in .env.staging.local (gitignored, mode 600). Not reproduced in this brief.

Role design (quick ref) ​

  • role_writer_survey — FIND/INSERT/UPDATE/REMOVE on agent_survey_responses.
  • role_writer_plans — FIND/INSERT/UPDATE/REMOVE + CREATE_INDEX/DROP_INDEX/COLL_MOD on plans, zip_county, regions, plan_years, audit_log.
  • role_writer_agents — FIND/INSERT/UPDATE/REMOVE on agents, agencies, agent_sessions; FIND/INSERT only on agent_audit_log (append-only enforced at DB layer); no access to admins.
  • role_admin_agents — everything role_writer_agents has plus FIND/INSERT/UPDATE/REMOVE on admins; still append-only on agent_audit_log.
  • role_audit_reader — FIND on agent_audit_log only.

Full rationale: docs/adr/0003-narrow-scoped-mongo-users.md. Runbook for repeating against prod: docs/runbooks/atlas-user-provisioning.md.

Verification ​

12 probes run post-provision (6 positive, 6 negative). All pass. Notable:

  • Append-only guarantee holds for both app_writer_agents and app_admin_agents — neither can update or remove on agent_audit_log.
  • app_writer_agents cannot see admins at all (not even read).
  • Each writer is blocked from collections outside its scope.

What's intentionally NOT done this session ​

  • No changes to the prod Atlas project AskFlorence (ID 69dc20c64005b222804dafa4). Its app-read and app-write users are unchanged.
  • No app_super_admin user for /sa-login — ships when the admin dashboard is actually built.
  • No code changes in the repo — src/lib/db.ts, src/lib/agent-db.ts, scripts/audit/lib/db-helpers.js, and all API routes untouched.
  • No env vars added to Vercel. AWS session copies from .env.staging.local into AWS Secrets Manager.

Probe-row note ​

agent_audit_log has one {_probe: true} row from the positive verification probe. By design it cannot be deleted — no role (not even app_admin_agents) has remove on that collection. The row will be cleared when the log is rotated / TTL-expired. Leave it.

Rollback ​

One command drops the entire staging project (cluster, roles, users, allowlist):

atlas projects delete 69e31af12fd2c0aef51bbb41

Related artifacts ​

  • .env.staging.local — credentials (gitignored, mode 600).
  • docs/adr/0001-atlas-project-isolation.md — why a separate project, not a shared one.
  • docs/adr/0002-append-only-audit-log.md — why append-only at the DB layer.
  • docs/adr/0003-narrow-scoped-mongo-users.md — the full role/user design.
  • docs/runbooks/atlas-user-provisioning.md — how to repeat this for prod.
  • docs/session-log/2026-04-17-atlas-staging.md — auditor-facing session log.
  • docs/compliance/soc2/controls.md, docs/compliance/hipaa/safeguards.md, docs/compliance/ede/appendix-a-mapping.md — control mappings seeded with the entries this session satisfies.
Pager
Previous page2026-04-16/17 handoff
Next pageSystem briefing (2026-04-17)

AskFlorence Internal Documentation. Not for public distribution.

AskFlorence

Internal Documentation

Access restricted. Not for public distribution.