One Platform.
Zero Subscriptions.
Sanctum Core replaced ten categories of commercial SaaS with a single sovereign system. Ticketing, CRM, client portal, invoicing, asset management, knowledge base, compliance scanning, and AI integration — 15 integrated domains, built, owned, and operated in-house.
15
Integrated Domains
200+
API Endpoints
100%
Sovereign Data
$0
Per-Seat SaaS Fees
Ticketing & Workflow
Multi-tenant ticketing engine with structured workflows, priority escalation, and full audit trails. Every ticket follows a defined lifecycle from creation through resolution — no work falls through the cracks.
- 10 ticket types with template-enforced descriptions
- Status transitions with full state-machine enforcement
- Ticket-to-ticket and ticket-to-article linking
- Internal and public comment visibility controls
Sovereignty Angle
Your support history, client communications, and workflow data never leave your infrastructure. No per-agent pricing. No vendor lock-in. Full export at any time.
Sovereignty Angle
Your clients' data stays on your infrastructure. Portal access, ticket history, and invoice records are never stored on ConnectWise or HaloPSA servers you do not control.
Client Portal
White-labelled self-service portal giving your clients direct access to their data. Dashboards, ticket viewing, invoice downloads, and knowledge base access — without a single support call.
- Client dashboards with ticket and asset visibility
- Invoice downloads and payment history
- Questionnaires and security assessment reports
- Knowledge base access scoped to client account
CRM & Sales Pipeline
Full account and contact management with a deal pipeline that tracks stages, probability, and revenue. Campaign management with bulk targeting lets you drive outreach without a separate CRM subscription.
- Account and contact management with relationship tracking
- Deal pipeline with stages, probability, and value tracking
- Campaign management with bulk targeting
- Direct pipeline to invoicing and project creation
Sovereignty Angle
Your sales pipeline, client relationships, and deal data are not in HubSpot or Salesforce. Complete commercial intelligence stays on sovereign infrastructure you control.
Sovereignty Angle
Financial data stays on sovereign infrastructure. Invoice generation, payment tracking, and client billing records are never stored on third-party accounting platforms.
Invoicing & Billing
Generate professional invoices from tracked time and materials. Rate cards, discount management, and line-item detail — all connected to the project and ticket that generated the work.
- Time-entry-to-invoice pipeline with rate card lookup
- Multi-tier rate cards with discount tracking
- Market value vs. quoted price benchmarking
- PDF generation with direct email delivery and payment status tracking
Time Tracking
Track billable and non-billable time against tickets, projects, and milestones. Every time entry links directly to the work item it belongs to, creating an unbroken audit trail from effort to invoice.
- Ticket-linked time entries with billable flag
- Automatic roll-up to project and milestone level
- Direct pipeline to invoicing engine
- Duration and description tracking per entry
Sovereignty Angle
Billable hours and productivity data are commercially sensitive. They stay on sovereign infrastructure — never shared with third-party time-tracking SaaS providers.
Sovereignty Angle
Project roadmaps, budgets, and delivery velocity are competitively sensitive data. Sanctum Core keeps this on your infrastructure, not on Monday.com or Asana servers.
Project Management
Hierarchical project structure with milestones, budgets, and pricing models. Every project tracks market value, quoted price, and discount rationale — giving you commercial visibility alongside delivery progress.
- Project → Milestone → Ticket hierarchy
- Budget tracking with market value benchmarking
- Fixed-price and time-and-materials pricing models
- Multi-account project isolation
Asset Management & Auto-Discovery
Track every asset across your client base with lifecycle management, auto-discovery agents, and expiration alerts. Renewal management with auto-invoicing means nothing expires unnoticed and unbilled.
- Asset lifecycle tracking with expiration alerts
- Auto-discovery via agent scripts
- Renewal management with auto-invoicing
- Client-scoped asset visibility in portal
Sovereignty Angle
Your complete asset inventory — hardware, software, licences, and warranties — lives on sovereign infrastructure. Not in Lansweeper, not in IT Glue, not in any vendor's cloud.
Sovereignty Angle
Institutional knowledge stays in-house. No Confluence cloud, no Notion dependency. Your SOPs, policies, and procedures are versioned on infrastructure you control.
Knowledge Base
Structured wiki system with versioned articles, section-level editing, and cross-referencing. SOPs, runbooks, and documentation live alongside the tickets and projects they support.
- Section-level editing without full-article replacement
- Full version history with diff and revert
- Article-to-ticket bi-directional linking
- Article export to PDF with email distribution
MCP & AI Integration
Native Model Context Protocol server exposes every Sanctum Core entity to AI agents. Seven named agent roles autonomously create tickets, manage invoices, update knowledge base articles, and run full delivery pipelines — all through structured tool calls.
- Full CRUD via MCP tool protocol across all entities
- 7 agent roles: architect, operator, scribe, sentinel, oracle, surgeon, implementer
- Autonomous ticket creation, invoice management, and KB updates
- Session-based authentication with scoped permissions
Sovereignty Angle
AI agents interact with your data through a controlled protocol layer. The MCP server runs on your infrastructure — no data leaves the sovereign boundary to reach automation platforms.
Sovereignty Angle
Your automation logic runs on your infrastructure. No Zapier webhooks, no Make scenarios hosted on third-party servers. Trigger conditions and execution logs stay sovereign.
Automation Engine
Trigger-action automation rules that replace Zapier and Make. Define conditions, map actions, and let the engine execute with full logging. The actual workflow automation the "What It Replaced" section promises.
- Trigger-action rules with conditional logic
- Full execution logging and audit trail
- Event-driven execution across all platform entities
- No per-task pricing — unlimited automations
Artefact Management
Versioned document and file management with sensitivity classification. Link artefacts to tickets, projects, and milestones. Track supersession chains so you always know the current version.
- Multiple artefact types: file, URL, code path, document, credential ref
- Sensitivity levels: public, internal, confidential, restricted
- Version history with revert capability
- Bi-directional linking to tickets and projects
Sovereignty Angle
Contracts, credentials, and compliance documents are classified and stored on sovereign infrastructure. No Google Drive, no Dropbox — full control over document lifecycle.
Sovereignty Angle
Audit trails and compliance evidence are generated from actual system data on sovereign infrastructure — not reconstructed from third-party logs you do not control. Assessment results never leave your boundary.
Security & Compliance
Active security scanning engine powered by Sentinel. Essential 8 and NIST CSF compliance frameworks, questionnaire-driven assessments, scored audit reports, and vendor risk analysis — not passive logging, but active assessment.
- Essential 8 and NIST CSF compliance frameworks
- Questionnaire-driven assessments with scored audit reports
- Vendor risk analysis and immutable audit trails
- Reusable compliance templates — Essential 8, NIST CSF controls, workflow blueprints
Notification System
Event-driven notifications with user-configurable preferences. Choose realtime, daily digest, or weekly summary delivery. Email templates and critical alert routing ensure nothing important gets missed.
- User preferences: realtime, daily digest, or weekly summary
- Customisable email templates
- Critical alert routing for high-priority events
- Event-driven triggers across all platform entities
Sovereignty Angle
Notification data and user preferences are not in Twilio or SendGrid. Alert routing, delivery logs, and communication history stay on sovereign infrastructure.
Sovereignty Angle
Search indices run on sovereign infrastructure. Your query patterns and search behaviour are not being mined by a SaaS provider to train their models or sell analytics.
Search
Cross-entity fuzzy search that spans tickets, articles, projects, milestones, products, contacts, and assets. Find anything in the system with a single query — scoped by entity type when precision matters.
- Fuzzy matching across all entity types
- Entity-type scoping for targeted results
- MCP-accessible for AI agent queries
- Relevance-ranked results
Reporting & Analytics
Concrete business intelligence — not vague dashboards. Revenue trend analysis, cash position aging, pipeline forecasting, and project budget tracking give you the numbers that drive decisions.
- Revenue trend analysis and cash position aging (30/60/90)
- Pipeline forecasting from unbilled milestones
- Project budget vs. actual spend tracking
- Asset reliability scoring and team velocity metrics
Sovereignty Angle
Business intelligence stays in-house. Revenue data, utilisation metrics, and delivery velocity are derived from your own system — no third-party BI tools required.
Built for MSPs
Sanctum Core is not generic SaaS. It was designed for managed service provider operations — client isolation, multi-tenant ticketing, rate cards, and compliance frameworks are native, not bolted on.
- Multi-tenant client isolation by design
- Rate cards with per-client pricing tiers
- Compliance frameworks (Essential 8, NIST CSF) native
- White-labelled client portal included
- Asset management with auto-discovery agents
Enterprise Security
Authentication, authorisation, and access control built for enterprise requirements.
2FA / TOTP
Two-factor authentication with time-based one-time passwords
SSO via OpenID Connect
Single sign-on through Sanctum Auth with PKCE flow
API Token Auth
Programmatic access with scoped API tokens
RBAC
Role-based access control with scope-based filtering
Built on PostgreSQL, FastAPI, and React — fully API-driven. We run our entire business on it.
What It Replaced
Ten categories of commercial SaaS, consolidated into one sovereign platform.
Ticketing & Workflow
Replaced:
Jira, Linear, Zendesk
CRM & Sales
Replaced:
HubSpot, Pipedrive, Salesforce
Knowledge Base
Replaced:
Confluence, Notion, GitBook
Invoicing & Billing
Replaced:
Xero, FreshBooks, QuickBooks
Time Tracking
Replaced:
Toggl, Clockify, Harvest
Project Management
Replaced:
Monday.com, Asana, Basecamp
Automation & AI
Replaced:
Zapier, Make, n8n
Asset Management
Replaced:
Snipe-IT, Lansweeper, IT Glue
Client Portal
Replaced:
ConnectWise Portal, HaloPSA
Security & Compliance
Replaced:
Datto RMM, vCISO Tools