SanctumOS now features its first comprehensive CRM solution with the revolutionary Sanctum CRM. This CRM demonstrates the power of API-first architecture by seamlessly bridging business data management with Broca2 agents through secure, MCP-compatible API endpoints.
We're excited to announce Sanctum CRM, the first CRM system designed specifically for the SanctumOS ecosystem. This CRM represents a breakthrough in agentic business management, demonstrating how traditional business software can be seamlessly integrated with AI agents without compromising security or functionality.
Repository: github.com/sanctumos/sanctum-crm
Highlights of Sanctum CRM
đ¤ AI Agent Integration
MCP-compatible API: Complete integration with Model Context Protocol for seamless Letta AI and other agentic system connectivity.
First boot configuration: Intelligent 5-step installation wizard that automatically detects server environments and configures the system.
Dynamic configuration management: Database-driven settings with encryption support for secure, flexible configuration.
đ Security-First Design
Fixed database path: Security-hardened SQLite database location prevents path traversal attacks.
API key authentication: Secure communication between AI agents and the CRM using configurable API keys.
Input validation: Comprehensive validation for all user inputs and API requests with XSS and SQL injection protection.
Session security: Enhanced session management with proper timeout and cleanup.
đ¨ Modern Web Interface
Bootstrap 5 UI: Clean, responsive interface with modern styling and mobile-first design.
Admin dashboard: Comprehensive management interface for users, contacts, deals, and system configuration.
Real-time updates: Live data updates with comprehensive reporting and analytics.
Why This Matters
This CRM demonstrates the true power of API-first architecture in the agentic era. Previously, integrating business software with AI agents required complex custom integrations and security compromises. Now, CRMs can seamlessly integrate with AI agents through standardized MCP protocols:
- Zero custom integrations: No need to build custom connectors for each AI system
- Secure communication: MCP protocol ensures standardized, secure communication
- Scalable architecture: API-first design handles high-volume business operations
- Easy deployment: Drop-in installation with intelligent first-boot configuration
Technical Architecture
Core Components
ConfigManager.php: Dynamic configuration system with encryption supportInstallationManager.php: First-boot setup and environment validationEnvironmentDetector.php: Server environment analysis and optimizationDatabase.php: SQLite database handler with direct extension support
API Layer
- MCP-compatible endpoints: RESTful API designed for Model Context Protocol integration
- Authentication system: API key and session-based authentication
- Rate limiting: Built-in protection against abuse with configurable limits
- Error handling: Comprehensive error responses with proper HTTP status codes
Data Flow
- AI agents send requests to MCP-compatible API endpoints
- CRM processes requests through authentication and validation
- Database operations execute with proper security and error handling
- Responses return to AI agents in standardized MCP format
- Web interface provides human oversight and management capabilities
Key Features
đ First Boot Configuration
Intelligent setup wizard: 5-step installation process that automatically detects and configures the server environment.
Environment validation: Comprehensive checks for PHP version, extensions, and server configuration.
Company setup: Streamlined company information configuration with dynamic branding.
Admin user creation: Secure administrator account setup with API key generation.
đ¤ AI Agent Capabilities
Contact management: AI agents can create, update, and manage contact records through MCP APIs.
Deal tracking: Comprehensive deal pipeline management with AI agent integration.
User management: AI agents can manage users and API keys for system administration.
Configuration management: Dynamic settings management through secure API endpoints.
đ§ Advanced Configuration
Database-driven settings: All configuration stored securely in SQLite with encryption support.
Environment detection: Automatic server environment analysis and optimization.
API key management: Secure authentication with configurable keys and rate limiting.
Comprehensive testing: 100% test coverage with unit, integration, E2E, and API tests.
Getting Started
For SanctumOS Users
- Clone the repository:
git clone https://github.com/sanctumos/sanctum-crm.git - Start the server:
cd public && php -S localhost:8000 - Complete setup: Follow the 5-step installation wizard
- Configure AI agents: Use the generated API keys for MCP integration
For AI Agent Integration
- Get API key: Generate API key from the admin panel
- Configure MCP: Set up MCP client with Sanctum CRM endpoints
- Test integration: Use the provided API endpoints for contact and deal management
- Deploy agents: Integrate with Letta AI or other MCP-compatible systems
Example MCP Integration
// Example MCP tool for Letta AI
const crmTool = {
name: "sanctum_crm",
description: "Customer Relationship Management system",
parameters: {
action: {
type: "string",
enum: ["create_contact", "update_contact", "get_contacts", "create_deal"],
description: "Action to perform"
},
contact_data: {
type: "object",
description: "Contact information"
}
}
};
// Example MCP tool for Letta AI const crmTool = { name: "sanctum_crm", description: "Customer Relationship Management system", parameters: { action: { type: "string", enum: ["create_contact", "update_contact", "get_contacts", "create_deal"], description: "Action to perform" }, contact_data: { type: "object", description: "Contact information" } } };
## Technical Implementation
### API Architecture
The CRM follows MCP-compatible API patterns:
bash
# Contact management
GET /api/v1/contacts # List all contacts
POST /api/v1/contacts # Create new contact
PUT /api/v1/contacts/123 # Update contact
DELETE /api/v1/contacts/123 # Delete contact
# Configuration management
GET /api/v1/settings # Get system configuration
PUT /api/v1/settings # Update configuration
GET /api/v1/installation/status # Get installation status
Technical Implementation
API Architecture
The CRM follows MCP-compatible API patterns:
# Contact management
GET /api/v1/contacts # List all contacts
POST /api/v1/contacts # Create new contact
PUT /api/v1/contacts/123 # Update contact
DELETE /api/v1/contacts/123 # Delete contact
# Configuration management
GET /api/v1/settings # Get system configuration
PUT /api/v1/settings # Update configuration
GET /api/v1/installation/status # Get installation status
Contact management
GET /api/v1/contacts # List all contacts POST /api/v1/contacts # Create new contact PUT /api/v1/contacts/123 # Update contact DELETE /api/v1/contacts/123 # Delete contact
Configuration management
GET /api/v1/settings # Get system configuration PUT /api/v1/settings # Update configuration GET /api/v1/installation/status # Get installation status
## Technical Implementation ### API Architecture The CRM follows MCP-compatible API patterns:bash # Contact management GET /api/v1/contacts # List all contacts POST /api/v1/contacts # Create new contact PUT /api/v1/contacts/123 # Update contact DELETE /api/v1/contacts/123 # Delete contact # Configuration management GET /api/v1/settings # Get system configuration PUT /api/v1/settings # Update configuration GET /api/v1/installation/status # Get installation status
Security Features
- API key authentication: All requests require valid API key
- Rate limiting: Per-IP and per-endpoint limits prevent abuse
- Input validation: All user input is sanitized and validated
- Session isolation: User sessions are properly isolated and managed
What's Next
This CRM opens the door for many new business automation possibilities:
- Activity Feed System: Comprehensive activity tracking for contact interactions
- Sanctum Agent Direct Integration: Built-in chatbot interface for direct AI agent interaction
- Enhanced MCP Compatibility: Advanced Model Context Protocol features
- Multi-tenant support: Support for multiple organizations
- Advanced analytics: Business intelligence and reporting features
Key Learnings from Development
The development of this CRM revealed important patterns for agentic business software:
- API-first design: MCP compatibility enables seamless AI agent integration
- First boot configuration: Intelligent setup reduces deployment complexity
- Security by design: Fixed paths and input validation prevent common attacks
- Comprehensive testing: 100% test coverage ensures reliability and maintainability
Community Impact
This CRM demonstrates the power of API-first architecture in the agentic era and provides a reference implementation for future business software development. The MCP integration serves as a template for integrating any business system with AI agents, while the first boot configuration shows how to reduce deployment complexity.
We invite the community to:
- Deploy Sanctum CRM and provide feedback
- Develop MCP integrations using this as a reference implementation
- Contribute improvements to the CRM functionality
- Share integration patterns for other business systems
Sanctum CRM represents a major milestone in the evolution of business software toward agentic integration. This CRM proves that traditional business software can be seamlessly integrated with AI agents while maintaining security, functionality, and ease of use.
_Sanctum CRM is available now and ready for deployment. Check out the comprehensive documentation for detailed implementation details and the API reference for complete endpoint documentation._