I know this is the obvious answer, but doesnt metasploit fit most of those requirements? A former co-worker friend put plenty of his own stuff into metasploit. And it has an RPC daemon that can be used for external apps. Also have an SVN repo. As far as users, you could just add users and properly manage permissions with sudo with proper fine tuning. Just my 2 cents, though from the sound of it, you're more talented than I in much of this... I've yet to delve into exploit development for instance. Guess I've spent too much time lately on my telco stuff, but hey, thats my line of work.