Skip to main content
DigitalSanctum.
Sovereign Form Infrastructure

Forms that do not leak your process.

Sanctum Forms is the form layer for the sovereign stack: reusable templates, per-client instances, embeddable public forms, authenticated respondent journeys, autosaved response workspaces, and operational hand-off into Notify, Core, webhooks, exports, and MCP.

Template → instance architecture
Public + OIDC respondent modes
Autosaved response workspaces
forms.digitalsanctum.com.au / instances
Sanctum Forms dashboard interface

Template

Reusable schema + settings

Instance

Client/project deployment

Endpoint

Hosted, embedded, or API

23

Field Types

Text, email, dates, files, signatures, ratings, ordered lists, grouped checkboxes, and more.

2

Deployment Surfaces

Hosted respondent pages plus a framework-agnostic <sanctum-form> web component.

4

Workspace States

Invited, in-progress, submitted, and archived respondent workspaces with event history.

5

MCP Tools

Agent-readable operations for forms, submissions, status updates, and exports.

Not a contact-form plugin

A governed intake system for work that matters.

Most form tools stop at “submit payload.” Sanctum Forms keeps going: it models reusable templates, deploys controlled instances, authenticates respondents where required, preserves drafts, invites named recipients, records workspace events, dispatches notifications, posts webhooks with retry state, and exposes submissions to operators and agents.

01 — Model

Design once. Deploy per client, project, or campaign.

Sanctum Forms separates reusable form templates from deployed form instances. Templates carry the schema, settings, notification configuration, and version chain. Instances carry the live slug, endpoint ID, account and project context, origin controls, and status.

  • Versioned templates with supersession and deploy-from-template flows.
  • Per-instance slugs, endpoint IDs, allowed origins, status, project ID, account name, and project name.
  • Template upgrades propagate to deployed instances without confusing authoring from delivery.
01

Template

Field schema, settings, Notify template, notification recipients, version group.

02

Instance

Client/project deployment, slug, endpoint, status, allowed origins.

03

Workspace

Respondent-specific state, payload, field metadata, token, events.

Sanctum Forms drag-and-drop form builder
Rendered Sanctum Forms public form with draft autosave
02 — Publish

Embed forms without surrendering the host page.

Operators can publish forms as hosted respondent pages or embed them anywhere with a custom element. The public schema endpoint returns the current field schema, settings, submit-button configuration, form status, and draft token; the submission endpoint accepts JSON or multipart uploads.

  • Framework-agnostic <sanctum-form> custom element for static sites, React, Vue, or plain HTML.
  • Hosted /f/:slug respondent renderer for clients who need a complete form URL.
  • Allowed-origin enforcement, paused/archived status handling, honeypot protection, and public rate limiting.
03 — Complete

Respondent journeys with memory, invitations, and audit events.

A serious form is not always completed in one sitting by one anonymous visitor. Sanctum Forms supports server-side drafts and response workspaces: named or emailed respondents receive workspace-specific URLs, continue from a saved payload, and leave an event trail as fields change and submissions complete.

  • Anonymous draft tokens or authenticated respondent IDs preserve in-progress answers.
  • Response workspaces track payload, field metadata, status, version, submit time, and submitted submission ID.
  • Append-only response events capture workspace creation, views, field updates, submits, reopens, and archive actions.

Workspace

/f/client-onboarding/r/token

in_progress

payload.version

7

last event

field_updated

Event Trail

workspace_createdsystem
workspace_viewedrespondent
field_updatedoperator
submittedrespondent
Capabilities

What the platform actually does.

Rich field model

23 field types including file upload, signature, rating, combobox, radio, checkbox groups, ordered lists, dates, ranges, and hidden fields.

Submission validation

Required-field enforcement, field-scoped errors, invalid-payload handling, status gates, and JSON/multipart parsing before persistence.

File intake

Uploads validate accepted MIME/extensions and size limits before being written to the configured storage directory.

OIDC respondent access

Forms can be public, optional-auth, or required-auth, with tenant-contact and client-contact scope checks for sensitive intake.

Operational dispatch

Submissions can notify configured recipients via Sanctum Notify and post canonical webhook envelopes with retry and terminal status tracking.

Operator + agent workflows

React operator pages manage instances, templates, submissions, and response workspaces; MCP tools expose form and submission operations to agents.

04 — Operate

Submission handling that lands inside the business.

The value of a form is the work it starts. Sanctum Forms stores every submission with source URL, status, notes, Notify and webhook dispatch state, and optional Core contact/ticket links. Operators can export CSV or JSON, while agents can list, inspect, update, and export through the MCP server.

Submit

Public endpoint validates payload

Store

Submission row + files + metadata

Notify

Email recipients via Sanctum Notify

Webhook

Canonical envelope with retry status

Act

Core links, export, dashboard, MCP

Sanctum Forms template detail view with metadata and version tracking
The Sovereignty Angle

Keep forms, identities, attachments, drafts, and workflows inside your boundary.

There is no third-party form SaaS receiving your submissions, injecting tracking scripts, mining conversion data, or owning your respondent identities. Sanctum Forms runs as part of your stack: your database, your OIDC provider, your storage, your Notify service, your webhooks, your Core links, your operational history.