Skip to main content
KernelWork

Platform overview

Licensed modules. Three layers. One closed loop.

IT consultancies lose margin in the gaps between tools — decisions in chat, specs in document editors, tasks in project trackers, hours in spreadsheets, and client status in email threads. KernelWork eliminates those gaps with integrated licensed modules, structured around the three layers of a consultancy engagement.

Deployment is a procurement choice: self-hosted under your license is the standard path for full control; we operate dedicated or shared infrastructure when that fits better.

Layer 1 · Execution

Live

Doing the work — where delivery actually happens.

The three Execution modules are live today. They replace the fragmented stack most consultancies currently operate: separate chat platforms, project trackers, and document tools that never share context with each other.

Module 1 · Chat, Video Calls & Calendar

Structured communication — indexed by engagement, not by time.

Pain: Separate chat workspaces per client mean separate logins, separate billing, and context that fragments the moment a team member switches engagements.

  • Dedicated spaces per client engagement — one workspace, zero workspace-hopping.
  • Files, links, and decisions stay pinned beside the conversation your PM monitors daily.
  • Controlled guest flows: invite client stakeholders into scoped channels without exposing other engagements.
  • Scheduled meetings attach to calendar events — join links live in-thread, not orphaned in separate apps.
  • Recordings land in object storage you document and control.
workspace.your-agency.com
Meeting in progress

Engagements

Acme Corp

# delivery

# sprint-4

# design-review

Vertex Group

# uat

# design

Nordic Fintech

# discovery

# acme · delivery

PinnedSOW_v2.pdfSpec_final.docxBudget_Q2.xlsx

Sarah 09:14

SOW v2 approved by legal ✓ — pinned above. Kick-off call still on for Monday.

Kick-off call · Acme Corp

5 participants · 00:18:42

Live
S
T
M
G
g

+1 guest stakeholder

Tom 09:31

Recording will land in vault automatically. Sprint 4 board is ready when you are.

Message # delivery…

Module 2 · Agile Boards

Sprint boards beside the stand-up channel.

Pain: A separate project tracker per client means separate admin, separate billing, and sprint boards your PMs open in a different tab from where the stand-up conversation is happening.

  • Sprint boards and backlogs live beside the channel the team uses for daily stand-ups.
  • Turn the Agile module off for content-only or light-touch retainers — fewer moving parts.
  • Delivery leads get full kanban and sprint views without a separate vendor login.
  • Ticket context surfaces directly in threads — no copy-pasting tracker links into chat.
workspace.your-agency.com
Sprint 4 · 8 / 12 done

Acme Corp

# delivery

# sprint-4

# design-review

Stand-up

AUTH-14 unblocked, moving to review

Need design sign-off on AUTH-17

To do

2

AUTH-19

Rate-limit login endpoint

Backend

AUTH-20

Refresh token rotation

Backend

In progress

2

AUTH-14

SSO integration — SAML 2.0

Backend

FE-22

Login page redesign

Frontend

Review

2

AUTH-17

MFA enforcement policy

Security

FE-19

Avatar upload flow

Frontend

Done

3

AUTH-11

Password complexity rules

Backend

AUTH-12

Session timeout logic

Backend

FE-18

Dark mode tokens

Frontend

AUTH-14

In progress

SSO integration — SAML 2.0

Assignee
Tom R.
Points5
SprintSprint 4
TagBackend

In-context thread

Metadata mapping done, testing IdP handshake now

PR up — needs review before EOD

Reply…

Module 3 · Living Documentation

The source of truth — always current, always in-context.

Pain: SOWs on shared drives, runbooks in external wiki tools, architecture decisions buried in email threads — no single source of truth, and none of it lives beside the actual delivery work.

  • Long-lived reference material — SOWs, runbooks, handover docs — in the same tenant as delivery.
  • Real-time collaborative editing so specs evolve with the engagement, not behind it.
  • Permissions inherit from your workspace model — no separate docs tool to administer.
  • Docs link directly from channel threads and agile tickets — no context switching.
  • Search stays inside the tenant boundary you define and sell to clients.
workspace.your-agency.com
SavedShare

Acme Corp · Living Docs

Statement of Work — Phase 2

Last edited by Sarah · 2 hours ago

BIH1H2

1. Scope of Delivery

This engagement covers the design, development, and handover of the authentication module (SAML 2.0 SSO, MFA enforcement) and the client-facing portal for Acme Corp. Work is governed by the rates and milestones defined in Schedule A.

Timeline: Phase 2 runs 6 April – 30 June 2025. Delivery lead confirms scope is fixed after SOW sign-off.

2. Commercials

Fixed-fee engagement: €60,000 exc. VAT. Payment in three milestones: kick-off (30%), mid-sprint review (40%), final acceptance (30%). Expenses capped at 5% of total fee without written approval.

Out-of-scope requests will be raised as change requests and agreed in writing before work commences.

Comments

Sarah

09:14

Confirm Phase 2 end date with client — June 30 still holds per last call.

→ # deliverylinked

Tom

Resolved

Expense cap updated to 5% per legal.

Linked tickets

AUTH-14SSO integrationIn progress
AUTH-17MFA enforcementReview

Permissions

Inherited from workspace

Delivery lead

Full edit

Consultant

Comment

Guest (client)

View only

Version

v3 · current

v2 · Apr 12

v1 · Apr 3

Layer 2 · Governance

In product

Running the business — where margin is won or lost.

Governance ships inside the same tenant as delivery: engagements with budget and member rates, time entry and approval, invoicing from approved hours, realtime burn and portfolio views, bench and capacity planning — plus enterprise-grade SSO, audit logging, and a secure vault for credentials. This layer is in product today and continues to deepen (integrations, analytics, and policy knobs vary by plan).

Talk to sales for a walkthrough against your engagement model and procurement checklist.

Steering committee reports & delivery

Client-ready PDFs — generated, branded, and repeatable.In product

Stop rebuilding the Friday deck by hand. KernelWork renders steering-grade PDFs from live engagement data — cover pages, budget and burn, hours, invoicing, sprint velocity where agile is enabled, plus tenant-wide portfolio margin and capacity & bench reports. Successful renders persist to your object store with time-limited share links. Draft mode can gate the first approvals per engagement; scheduled delivery emails those artefacts on a cadence you control, using provider or SMTP transport — with sensible fallbacks when corporate gateways cap attachment size.

Module 4 · Financial Oversight

Real-time budget vs. actual — before scope creep becomes an invoice problem.In product

Pain: External time sheets require consultants to reconstruct their day from memory at month-end. Billable hours slip, invoices run late, and no one can see utilisation against delivery scope until it is already too late.

  • Log hours against the channel, ticket, or doc you are actively working on — no context switch.
  • Budget vs. actual updates live as hours accrue — not at month-end when the damage is done.
  • Project leads see utilisation against scope and get alerts before overruns happen.
  • Invoices built from approved, billable time for the engagement — with optional agile task context on line items.
  • Time data stays in your tenant alongside delivery artefacts — not in a third-party service.
workspace.your-agency.com
Financial Oversight

Active timer

Acme Corp

# delivery · AUTH-14

1:23:04

Today

5h 12m

This week

22h 40m

Billable

18h 55m

Budget vs. actual

Acme Corp

38.4k / €60k

64% consumed

Vertex Group

21.6k / €24k

90% consumed · review scope

Nordic Fintech

5.4k / €18k

30% consumed

Utilisation — this week

Tom R.

36h

Sarah M.

32h

Ali K.

28h

Jana P.

16h

Module 5 · Resource Planning

Bench capacity, allocations, and upcoming rolloff — visible before you sign the next SOW.In product

Pain: Capacity decisions get made in spreadsheets and hallway conversations. By the time a project lead realises the team is overcommitted, the SOW is signed and the client is expecting delivery on a timeline that is no longer achievable.

  • High-level capacity planner that answers: who is available for the next engagement, at what capacity.
  • Bench view across all active retainers — not per-project silos that miss cross-engagement load.
  • Allocation against sprint commitments surfaced alongside the agile board.
  • Operations and finance directors see bench health without interrupting delivery leads.
workspace.your-agency.com
Resource Planning · May 2025

Bench capacity — across engagements

Tom R.

Backend

15% free

Sarah M.

Delivery lead

20% free

Ali K.

Frontend

20% free

Jana P.

DevOps

40% free

Chris B.

Backend

100% free

Acme Corp

Vertex Group

Nordic Fintech

Bench (unallocated)

Upcoming availability

Chris B.

Available now

Jana P.

Free from Jun 2

Ali K.

Free from Jul 1

Allocation gap

Nordic Fintech engagement starts Jun 15. Backend capacity not assigned — 2 weeks until gap.

Module 6 · Secure Asset Vault

Project secrets — encrypted and scoped, not passed around in messages.In product

The vault ships as a first-class module; exact policies, rotation UX, and compliance mapping depend on your plan and deployment — confirm with sales for procurement packets.

Pain: API keys, environment configs, and client credentials travel through chat messages, shared spreadsheets, and email. Every consultant who has ever forwarded a staging password knows the security exposure this creates.

  • Encrypted storage for project secrets: API keys, credentials, environment configs — scoped to each workspace.
  • Access control inherits from your workspace permissions — no separate secrets tool to administer.
  • Audit log for every secret read or rotation — evidence for client security reviews.
  • Searchable via Unified Search — find a credential as fast as you find a message.
workspace.your-agency.com
Encrypted at rest

Acme Corp · Vault

Name

Value

Access

STRIPE_SECRET_KEY

sk_live_••••••••••••••••••••••••

Delivery lead

DB_PASSWORD_PROD

••••••••••••••••••••••••••

Delivery lead

SAML_IDP_CERT

-----BEGIN CERT•••••••••••

Backend

SENDGRID_API_KEY

SG.••••••••••••••••••••••••

Backend

S3_SECRET_ACCESS_KEY

••••••••••••••••••••••••••

DevOps

Access log

Tom R. Read

DB_PASSWORD_PROD

09:14

Ali K. Read

SAML_IDP_CERT

08:52

Sarah M. Rotated

STRIPE_SECRET_KEY

Yesterday

Jana P. Read

S3_SECRET_ACCESS_KEY

Yesterday

Permissions per role

Delivery lead

Read + Rotate

Backend

Read (scoped)

DevOps

Read (scoped)

Consultant

No access

Guest

No access

Layer 3 · Transparency

Expanding

The client experience — professional by default.

Client-facing surfaces and unified discovery already exist in the workspace. What continues to expand is full white-label packaging, cross-module search depth, and assistive intelligence — ask sales what is enabled for your tenant and roadmap quarter.

Talk to sales about portal branding, discovery scope, and KernelAI availability.

Module 7 · White-Label Client Portal

What clients see — under your brand, not ours.Expanding

Pain: Clients chase status updates by email. Consultancies spend time writing update decks that are outdated the moment they are sent. Neither side has a shared, reliable view of where the engagement stands.

  • A client portal experience ships in the product; fully custom domains and end-to-end white-label polish vary by roadmap and plan — confirm before you promise in a client SOW.
  • Clients see a curated view: sprint progress, approved documents, and budget health.
  • Scoped access — client A sees client A's portal only. No cross-engagement exposure.
  • No KernelWork branding visible to your clients — you own the relationship.
A
Apex Consulting · Client Portal
portal.apex-consulting.com

Overview

Sprint

Documents

Budget

Sprint 4 · In progress

67%

8 of 12 done

Milestone 1

Complete

Milestone 2

Complete

Milestone 3

In progress

Approved documents

PDF

Statement of Work v2

Apr 3

PDF

Design Specification

Apr 10

PDF

Security Assessment

Apr 18

PDF

Sprint 3 Report

Apr 28

Budget health

Consumed

€38,400

Total

€60,000

64% consumed · on track

Next invoice

May 31

Payment terms

Net 30

Remaining

€21,600

Module 8 · Unified Search

One search. Every module. Instant answers.Expanding

Unified discovery ships in the admin workspace; coverage across vault, CRM, and every artefact type grows release over release.

Pain: Information is scattered across chat history, document editors, project trackers, and spreadsheets. Finding the right decision, credential, or spec requires knowing which tool it lives in — which is often the thing nobody remembers.

  • Cross-module search: find a secret in the Vault, a decision in Chat, a task in a Sprint — one query.
  • Results are permission-scoped — consultants only surface what they have access to.
  • Search stays inside your tenant boundary — no data leaves your environment.
  • Available as a global shortcut in the desktop shell for high-volume delivery environments.
workspace.your-agency.com
⌘K · Unified Search
⌘K

retainer SLA

All workspacesesc

Chat

3 results

# delivery

Apr 12

Sarah: SLA clause updated in SOW v2 — pinned above

# sprint-4

Apr 14

Tom: Client confirmed 99.9% uptime SLA in writing

Docs

2 results

Statement of Work — Phase 2

Full edit

…uptime SLA of 99.9% applies from go-live…

Security & Compliance Policy

View

…SLA breach procedure outlined in Appendix B…

Tickets

1 result
AUTH-17Review

MFA enforcement policy — SLA compliance requirement

Vault

0 results

No vault secrets match · access not in scope

Module 9 · KernelAI

Intelligence that understands the SOW.Roadmap

Today: the stack includes targeted assist hooks (for example staff-approved weekly engagement summaries where enabled), alongside deterministic risk and forecast signals in reporting. Roadmap: broader “SOW health” panels, spec-from-notes acceleration, and deeper cross-module automation — scope varies by release; treat the mock below as the north star, not a guarantee for every tenant on day one.

Pain: Delivery health is reactive — problems surface in retrospectives or client escalations, not before they affect the engagement. No tool connects the agreed scope to the actual work happening day by day.

  • Roadmap emphasis: full “SOW health” panels, faster spec drafting from meetings, and tighter assistive overrun narratives — building on deterministic risk and forecast data you already get in reports today.
  • Designed to enhance every module over time — intelligence embedded where the work happens, not a bolt-on chatbot.
workspace.your-agency.com
KernelAI

SOW health audit

Acme Corp · Phase 2

Scope alignment

92

Milestone pace

74

Budget adherence

88

Risk indicators

61

AI insight

Sprint velocity down 18% vs. agreed pace. Milestone 3 at risk if not addressed this week.

Spec from meeting notes

Kick-off call · Apr 28 · 1h 23m

Generated draft

Objective: Deliver SAML 2.0 SSO and MFA enforcement before go-live on June 30.

Agreed scope: Authentication module only. Billing integration deferred to Phase 3.

Decision: Client to provide IdP metadata by May 5. Delay triggers scope review.

Owner: Tom R. — AUTH-14, AUTH-17.

Budget overrun prediction

Vertex Group · Retainer

At risk

+€3,200

projected overrun by May 31

113% of budget on current pace

Recommended actions

1

Raise change request for 12h over-scope

2

Review Ali K. allocation (90% on Vertex)

3

Flag to client before next billing cycle

North-star mock — panels and depth vary by release and tenant configuration.

Solutions for agencies →Pricing →Trust & Infrastructure →

← Home