While Secure Notes ensures that the content remains encrypted (even the backend cannot see it), we realized that for Enterprise teams, knowing who, when, and in what context data was shared is just as critical. Here is how we solved the Audit & Compliance challenge using Runs on Atlassian (RoA) and Rovo AI.
1. The "Trust Proxy" Architecture
"Runs on Atlassian" is more than just hosting—it's the core of our security model. The Atlassian infrastructure acts as the trusted proxy for the key exchange. Without it, secure verified delivery wouldn't be possible. This architecture allows us to capture Contextual Metadata without compromising message privacy:
Descriptions: User-provided context about the note.
Issue & Project Context: Tracking strictly where the sensitive data flows.
We built dedicated Audit UIs:
- Global Page: Users can track their own sharing history.
- Admin Page: Administrators get a birds-eye view of all secure communication flows within the organization.
2. Next-Gen Security: AI Forensics with Rovo
(Note: While we are not submitting for the "Best Rovo Apps" category, we felt this integration was too powerful to leave out. We wanted to share how Rovo can be used for genuine Security Operations).
Standard audit logs are passive—you have to know what you are looking for. We asked: "Can AI find security threats for us?"
With our Forge SQL + Rovo integration, security moves to a new level. We don't just query data; we ask Rovo to find behavioral anomalies.
The Prompt:
"Find any unusual or suspicious activity related to Secure Notes usage."
The Rovo Result: Instead of a simple list, Rovo automatically formulated a complex investigation strategy.
The Agentic Workflow: Crucially, this is not a pre-coded "find anomaly" button. It uses the same single SQL action we use for standard reports. However, Rovo intelligently breaks down this high-level request and decides to execute multiple, distinct SQL queries to investigate different threat vectors in parallel. It autonomously decided to check for::
"Burner" Notes: Created and immediately deleted (potential testing or hiding tracks).
Bot Activity: Viewed within seconds of creation.
Mass Leakage: High volume sharing to multiple users.
Rovo successfully analyzed the SQL data and returned a Human-Readable Forensic Report:
"There are notes that were deleted within just a few minutes of being created... This can sometimes indicate accidental creation, testing, or attempts to hide activity."
This turns Rovo from a simple chatbot into an active Security Analyst, capable of enforcing compliance using Row-Level Security (RLS) to ensure admins see everything while users see only their own data.
Log in or sign up for Devpost to join the conversation.