Docs

How to use Vitrus

Everything in one page: connect your tools, ask questions, read the gap box, wire up your agents, manage your team. Self-hosting instead? See the open-source docs on GitHub.

Getting startedConnect your sourcesAsk & answersGaps · Graph · Entities · VerifyAgent access (MCP)Team & permissionsAccount & billing

1 · Getting started

From zero to first answer in about three minutes.

  1. Sign in with GitHub or Google. Your first sign-in creates a personal workspace — its name defaults to your own name and can be changed anytime in Account.
  2. Connect a source (next section). Two connectors are included on Free; the first sync usually completes in under a minute.
  3. Ask a question on the Ask page in plain language, in any language. You get an answer, its sources, and — the point of Vitrus — an honest yellow box listing what your company has not written down.

Free plan: 1 brain · 1 seat · 2 connectors · 5,000 nodes. Limits are enforced when you act (connect/invite), never by hiding pages.

2 · Connect your sources

Each connector ingests its source into typed, permission-aware nodes. Tokens are stored AES-256-GCM encrypted, isolated per workspace; source permissions are re-captured on every sync (fail-closed).

Messaging

Slack

Live sync

Channel threads → one node per thread, @mentions auto-linked to people. Ingests: thread.

  1. Create an app at api.slack.com/apps → "From scratch", pick your workspace.
  2. OAuth & Permissions → Bot Token Scopes: add `channels:history`, `channels:read`, `users:read` (+ `groups:history`/`groups:read` for private channels).
  3. Install the app to the workspace and copy the `xoxb-…` bot token.
  4. Invite the bot to the channel (`/invite @YourApp`), find the channel ID (channel details → bottom), paste both into the form.

Permissions: ACL from channel membership — private channel → only members can see it. · Private channels stay private: membership is re-captured on every sync and enforced on every answer. · provider docs ↗

→ Connect it on the Connectors page (bot token + channel id).

WhatsApp

Live webhook

Customer support messages (Business Cloud API) → nodes, in real time via webhook. Ingests: message.

  1. In Meta for Developers, create a WhatsApp Business app and note the Phone number ID.
  2. Create a System User permanent token with `whatsapp_business_messaging` permission (`EAAG…`).
  3. Paste token + phone number ID here, then set the webhook URL shown by your deployment (`/webhooks/whatsapp`) with your verify token in the Meta dashboard.

Permissions: ACL = 'whatsapp:<phoneNumberId>' group (fail-closed — only the support team sees customer chats). · WhatsApp is webhook-only by design — messages flow in in real time; there is no history pull. · provider docs ↗

→ Connect it on the Connectors page (access token + phone number id).

Discord

Live sync

Channel messages → batched conversation nodes; authors auto-linked to people. Ingests: message.

  1. Create an app at discord.com/developers/applications → Bot → copy the bot token.
  2. Enable the "Message Content Intent" under Bot settings.
  3. Invite the bot to your server with the `Read Message History` + `View Channel` permissions.
  4. Right-click the channel → Copy Channel ID (enable Developer Mode in Discord settings first) and connect.

Permissions: ACL = 'discord:workspace' group (channel membership not mapped yet → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (bot token + channel id).

Code

GitHub

Live sync

Repo issues, PRs & discussions → typed nodes, authors auto-linked to people. Ingests: issue/PR.

  1. Open github.com/settings/tokens → "Generate new token (classic)" — or a fine-grained token scoped to one repository.
  2. Grant read-only scope: `repo` → for public repos `public_repo` is enough; fine-grained: Issues + Pull requests → Read.
  3. Copy the `ghp_…` token, paste it into the connector form, and set Repository to `owner/repo`.
  4. Connect — the first sync pulls issues, PRs and discussions; authors are auto-linked to people nodes.

Permissions: ACL from repo visibility — private repo → 'github:<repo>' group (fail-closed). · Private repo? Access is captured as a fail-closed `github:<repo>` group — only members see those nodes. · provider docs ↗

→ Connect it on the Connectors page (personal access token + repository).

GitLab

Live sync

Issues & MRs → nodes (GitHub connector parity); authors auto-linked to people. Ingests: issue/MR.

  1. GitLab → Preferences → Access Tokens → create a token with the `read_api` scope (`glpat-…`).
  2. Set Project to the full path (`group/project`).
  3. Connect — issues and merge requests arrive as nodes (GitHub-connector parity).

Permissions: ACL = 'gitlab:workspace' group (project visibility not mapped yet → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (access token + project).

Docs

Notion

Live sync

Workspace pages → markdown nodes (headings, lists, todos preserved). Ingests: page.

  1. Open notion.so/my-integrations → "New integration" (internal), pick the workspace.
  2. Copy the `secret_…` token.
  3. Share the pages/databases you want ingested with the integration (page ⋯ menu → Connections → your integration).
  4. Paste the token — no extra config needed; the token defines what the brain can see.

Permissions: ACL = 'notion:workspace' group (per-page sharing not exposed by API → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (integration token + database).

Google Drive

Live sync

Google Docs & text files → markdown nodes; owners auto-linked to people. Ingests: document.

  1. Create an OAuth token with the `drive.readonly` scope (Google Cloud Console → OAuth, or the OAuth Playground for a quick test).
  2. Optionally copy a folder ID from the Drive URL to limit ingestion to one folder.
  3. Paste the `ya29.…` access token and connect — Google Docs and text files become markdown nodes.

Permissions: ACL = 'drive:workspace' group (Drive sharing not mapped yet → fail-closed). · Tokens expire — for production use a refresh-token flow; the vault stores whatever you provide encrypted (AES-256-GCM). · provider docs ↗

→ Connect it on the Connectors page (oauth token + folder id).

Confluence

Live sync

Spaces & pages → text nodes; authors auto-linked to people. Ingests: page.

  1. Use the same Atlassian API token type as Jira (id.atlassian.com → Security → API tokens).
  2. Fill in site + account email; optionally a space key (e.g. ENG).
  3. Connect — pages are converted from Confluence storage format to markdown nodes.

Permissions: ACL = 'confluence:workspace' group (page restrictions not mapped → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (api token + site, account email, space key).

Project

Linear

Live sync

Issues (title, description, state) → nodes; assignees auto-linked to people. Ingests: issue.

  1. Linear → Settings → API → "Personal API keys" → create a key (`lin_api_…`).
  2. Optionally note a team key (e.g. ENG) to limit ingestion to one team.
  3. Paste the key (and team, if any) into the form and connect.

Permissions: ACL = 'linear:workspace' group (per-issue sharing not exposed → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (api key + team).

Jira

Live sync

Issues via REST → nodes; assignees auto-linked to people. Ingests: issue.

  1. Create an API token at id.atlassian.com/manage-profile/security/api-tokens (`ATATT…`).
  2. Fill in your site (e.g. `yourco.atlassian.net`) and the Atlassian account email the token belongs to.
  3. Optionally set a project key (e.g. PROJ) to limit ingestion; connect — issues arrive as nodes with status and assignee.

Permissions: ACL = 'jira:workspace' group (per-issue security not exposed → fail-closed). · provider docs ↗

→ Connect it on the Connectors page (api token + site, account email, project key).

Comms

Email

Staged file

Messages → nodes; participants (from/to/cc) become the ACL + linked people. Ingests: message.

  1. Email is a staged connector today: export your mailbox to the documented JSON shape (see docs/PROVIDERS on GitHub).
  2. Drop the export where your operator configured `VITRUS_SYNC_DATA/<org>/email.json`.
  3. A token is still required when connecting — it is proof of authorization, stored encrypted.

Permissions: Fail-closed: only participants of a thread can see it (public:true → org-wide). · Participants (from/to/cc) become the ACL: only people on a thread can see it.

→ Connect it on the Connectors page (imap / api token + mailbox).

Calendar

Staged file

Events → nodes; attendees linked to people, time captured for bi-temporal queries. Ingests: event.

  1. Calendar is a staged connector today: export events to the documented JSON shape.
  2. Drop the export at `VITRUS_SYNC_DATA/<org>/calendar.json` (operator-side).
  3. Attendees become the ACL; event times power bi-temporal queries ("what did we know before the launch?").

Permissions: Attendees → ACL; event time → capturedAt (temporal gap detection).

→ Connect it on the Connectors page (calendar api token + calendar).

MCP

MCP server

Live sync

Bridge ANY MCP server as a source — short-circuit the connector race (Glean has 100+). Ingests: resource.

  1. Take any MCP server that speaks Streamable HTTP and exposes resources (docs servers, wikis, internal tools).
  2. Paste its URL; if it requires auth, provide the bearer token — type `none` for public servers.
  3. Connect — the bridge lists the server's resources and ingests their text content as nodes.

Permissions: ACL = 'mcp:workspace' group (upstream ACL not mapped → fail-closed). · This short-circuits the connector race: anything with an MCP server can become a source. · provider docs ↗

→ Connect it on the Connectors page (server token + mcp server url).

13 connectors today. Missing one? Tell us — or bridge it yourself via the MCP connector above.

3 · Ask & answers

One question in, four things out — and every claim traceable.

AnswerSynthesized from your sources only — citations like [1] link each sentence to the node it came from.
SourcesClick any citation to open the node with the exact supporting passages highlighted (trace-to-source).
Gap boxThe yellow box: what was referenced but never documented, what contradicts, what went stale. This is deterministic — not an LLM guessing.
ConfidenceA 0–1 score from retrieval strength and source age. Low confidence + gaps = the honest “we don't really know this”.

4 · The glass-box pages

The same engine, four lenses — nothing is a black box.

GapsEverything your brain knows it doesn't know: missing docs, contradictions, stale knowledge, single-point (bus-factor) risks, uncited claims. Sorted, filterable, actionable.
GraphThe typed knowledge graph — how decisions, people, incidents and documents connect. Wikilinks become edges automatically.
EntitiesPeople and projects extracted across all sources — the same “alice” from Slack and GitHub fuses into one node.
VerifyPaste any claim → grounded / stale / contradicted / unsupported, with supporting sources and conflicts. Deterministic; agents can call it too.

5 · Agent access (MCP)

Your agents read the same brain your team does — org-scoped, ACL-filtered, audited.

Every workspace has an MCP endpoint: https://api.vitrus.dev/t/<org>/mcp. The Agent access page gives copy-paste setup for Claude Code, Codex, Cursor, OpenClaw, Hermes and raw HTTP — your token carries your identity, so an agent sees exactly what you see, never more.

claude mcp add --transport http vitrus \
  https://api.vitrus.dev/t/<org>/mcp \
  --header "Authorization: Bearer <token>"

Exposed tools: think · search · verify · gap_report · node · skill_export. Rotate the token by signing out.

6 · Team & permissions

Fail-closed by construction: if the source restricted it, the brain restricts it.

7 · Account & billing

Transparent pricing, no data hostage.