Knox.
Internal AI platform
Internal · Active Development

One app for everything
our techs need to know.
Built like a vault.

Knox connects dispatching, training, and knowledge into one platform — unifying the tools our technicians use daily, powered by AI that runs inside our own walls.

10+
Tools unified
8yr
Of data ready to analyze
0
Client data leaves our network
~3mo
To usable MVP
What we're solving

Dispatching, training, and knowledge aren't connected yet.

Tickets land without structured matching to who's qualified. Training isn't tied to the work techs do. Knowledge lives in scattered systems. Each gap reinforces the others.

01
Ticket matching lacks structure
No systematic way to match what a ticket requires to who's certified, available, and has the best track record for that type of work.
02
Training disconnected from work
Documentation gets written. Techs don't have time to absorb it. No certification system ties training completion to dispatch eligibility.
03
Knowledge is fragmented
OneNote, ConnectWise, tribal knowledge — answers exist, but finding them costs more than answering from scratch. Per-client configuration history is largely undocumented.
04
Engineering absorbs the overflow
Escalations that could have been resolved at Helpdesk consume Engineering capacity that should go to internal systems, security, and infrastructure.
05
Reactive, not proactive
Client problems become our problems when the phone rings. Cross-client patterns go unnoticed. SLA breaches are discovered after the fact.
06
On-site when remote would do
Techs dispatched on-site for categories that resolve remotely most of the time. Separate trips to the same location for tickets that could have been bundled.
07
We solve the same problem repeatedly
The same issue hits multiple clients. No one connects them. The fix gets re-derived each time instead of documented once.
08
Documentation is a chore
The fix isn't more discipline — it's making documenting easier than not documenting. Resolution notes are often empty or insufficient.
The app

Knox is the starting point for every tech's day.

Type a client name. See everything that matters about them. Ask a question and Knox pulls the answer from whichever system has it. Resolve a ticket and Knox drafts the documentation.

knoxplatform.dev / clients / acme-corp
how do we handle Intune autopilot for Acme Corp
Snapshot
Acme Corp
Hybrid AD · Entra Connect
MFA: Authenticator (number match)
M365 Business Premium × 47
Patched 2 days ago
Risk score
62 ↑ 8
3 ThreatLocker elevations
Sign-in risk +12% wk/wk
No Huntress incidents
Coming due
2 items
SSL cert · 14 days
Quarterly access review · overdue
Backup verified
OneNote Intune Autopilot — Acme-specific deployment notes updated 23d ago
Knox KB Acme · Autopilot enrollment process (migrated) v3 · 2 mo ago
ConnectWise Ticket #48211 — Autopilot hash collection issue (resolved) 6 wks ago

Dispatch intelligence

Structured ticket-to-tech matching. Certified techs ranked by fit, availability, and track record. Remote-first prompting. Ticket bundling for on-site visits.

Training & certification

AI-generated assessments tied to dispatch categories. Techs certify to become eligible. Pre-certified from 8 years of historical performance data.

Unified search

One box. Every system. Semantic search that understands what you mean, not just what you typed.

Document this

Resolve a ticket, click once, get a draft KB article. Three tiers: general, per-client, and procedural. Configuration changes documented automatically.

Find the gap

Knox flags tickets that resolved without matching documentation. Closure quality gate catches empty resolution notes before they disappear.

Snapshot view

Tenant type, MFA, license mix, recent activity, risk trend, what's coming due. At a glance.

How it's built

A layered platform designed to grow.

Knox is what techs see. Underneath is a layered platform where each layer has one job. The Privacy Boundary is the hard rule: nothing identifying crosses it without being tokenized first.

Knox
What our techs use
Unified client view Semantic search Dispatch intelligence Training & certification Doc-Assist Tech Assist Snapshot Recurring Obligations
Executive views
What leadership reads
Monthly trends report Risk dashboard Repeat-issue digest Skill gap visibility Training completion KPI dashboards
Intelligence layer
Where the AI lives
Categorize Cluster Score Correlate Narrate Ticket pre-classification SLA prediction Escalation prediction Pattern detection Embeddings store
Privacy Boundary
The vault. Nothing passes raw.
Tokenize identifiers Filter secrets Local key Audit log Local-model routing
Data layer
Where the truth already lives
BrightGauge N-central ConnectWise OneNote MSP Process ThreatLocker Huntress DNSFilter ESET M365 Graph GlassHive QuickBooks
Why it's called Knox

Client data stays inside our walls.

Client identifiers are tokenized before any external AI call. Sensitive analysis runs on local hardware with ECC memory. Nothing identifying leaves the building.

Acme Corp
Real data
stays local
CLIENT_07
Tokenized
at the boundary
Insight
De-tokenized
on return

Tokenization

Client names, hostnames, emails, IPs — all replaced with stable anonymous tokens before any external AI call. The mapping never leaves our key store.

On-prem inference

Sensitive workloads — security incidents, anything touching credentials or PII — run on a dedicated local AI server with 96 GB of ECC GPU memory. Never leaves the building. Ever.

Mesh-only access

Knox has no public DNS, no internet-facing ports. Every connection — technicians, dashboards, anything — runs through our private Netbird mesh. From the office, from home, from a client site: same private network.

Passportal stays separate

Knox has no live connection to Passportal. Credentials never enter the AI pipeline. Documentation may be exported once as a seed for Knox's own KB; after that, all new docs land in Knox.

No-train contracts

External AI services run on contractual no-training tiers. Documented vendor agreements, not handshake assurances.

Full audit log

Every AI call is logged: what was sent, what came back, who triggered it. Reviewable, reportable, defensible.

Analytical power preserved

Stable tokens mean Knox can still cluster, score, and trend across clients — privacy doesn't cost us insight.

How we get there

Data first, then code. Each phase ships standalone value.

Development begins with a discovery analysis against 8 years of ConnectWise data — before any code is written. That analysis produces the taxonomy, certifications, KB priorities, and training plan that Knox operationalizes phase by phase.

Stage 0
Discovery analysis Now
Analyze 8 years of ConnectWise data via Claude Team plan. Validate dispatch taxonomy. Map tech certifications from historical performance. Identify KB gaps and training priorities. Quantify Engineering capacity consumed by escalations.
1–2 weeks
Phase 0
Foundation
Platform spine. Privacy Boundary stood up. Data ingestion from BrightGauge, N-central, ConnectWise, OneNote. Dispatch taxonomy imported. Pre-certifications loaded. KB seeded.
3–4 weeks
Phase 1a
Knox MVP + Dispatch Demo-able
Knox v1 in techs' hands: unified client view, semantic search. Dispatch match engine live. Ticket intake pre-processing via Claude. Monthly trends. Repeat-issue detection.
8–10 weeks
Phase 1b
Training + Dispatch maturity
Training system live: AI-generated assessments, grading, certification tracking. Ticket closure quality gate. Module maintenance dashboard.
3–4 weeks
Phase 2
Intelligence matures
Doc-Assist AI workflow. Multi-source client risk scoring. Recurring Obligations. SLA/escalation prediction. Cross-client pattern detection. Assisted ticket classification.
10–12 weeks
Phase 3
Full loop running
Tech Assist. Semi-automated dispatching. Client communication drafting. Scope documentation. Quarterly analysis cycle formalized.
months 4–7
Phase 4–5
Financial · Marketing
QuickBooks integration: profitability per client. GlassHive: ticket-trend content generation, win/loss analysis.
month 8+
What it's built on

Standard tools. Nothing exotic.

Python everywhere so both developers can work on any part. Well-supported, internally hostable, replaceable if needed.

Backend
Python · FastAPI
Where the AI ecosystem lives. Async-native, type-checked, fast where it matters.
Database
Postgres · pgvector
Relational data and vector embeddings in one place. Mature, free, runs anywhere.
Background work
arq · Redis
Ingestion, batch categorization, embedding generation. Simpler than Celery at our scale.
Local AI serving
vLLM
Best-in-class throughput for self-hosted LLMs. Containerized with GPU pinning.
External AI
Claude API · Sonnet
Ticket pre-processing, training generation and grading, communication drafting, scope documentation. All calls tokenized.
Host platform
Ubuntu Server · Docker Compose
Bare metal. Workloads as containers. ZFS mirror for storage. Simpler than Proxmox for this single-host deployment.
Network access
Netbird mesh
Private WireGuard mesh. Same access from office, home, or client site. No public ports.
Auth
OIDC · Entra
Single sign-on through our existing M365. No separate user database to maintain.
Frontend
React (likely)
Knox's interactive client view earns a real SPA. Decision finalized first design pass.

Other languages permitted for one-off tools and experiments. The platform standardizes.