Platform

Your secure AI back-end, in a few API calls.

Typed records and documents, hybrid search, citation-grounded RAG, per-customer isolation, and least-privilege keys — behind one coherent API, with typed SDKs for TypeScript, Python, and Java, a CLI, and an MCP server. Reach it from your code, from your own app (fork the data-plane UI or build on the React toolkit), or natively from an agent over MCP.

Start lean. Scale to a compliance-grade, audited posture without re-platforming.

Vectros is in an invite-only 0.x preview. Request access and we’ll get you a key. Self-serve and a free tier are on the way as we open access.

Four pillars, one substrate

One platform, one data model you declare once.

Structured data & documents

Define your own typed schemas — fields, validation, indexing, references, sensitivity — and write records against them. Ingest documents inline or by file upload and organize them in folders. Every write to an audited model is versioned; optimistic concurrency protects against lost updates.

Hybrid search & grounded RAG

One search call spans records and documents in keyword, semantic, or hybrid mode. The same indexed content grounds chat, retrieval-augmented generation over your own data, and document-scoped Q&A — streamed, with citations back to the source.

Identity, isolation & scoped keys

Every data-plane resource is partitioned by an auth-derived context that fails closed; lookups never cross a context boundary. Scoped keys carry exactly the permissions you grant and nothing more.

Compliance & trust, when you turn it on

Redact-at-write for sensitive fields, search-index exclusion, read-time masking, and a tamper-evident audit and version history — plus per-customer / per-context hard-delete for tenant decommissioning (distinct from end-subject erasure). Hardened through extensive adversarial security review. Compliance specifics are available under NDA.

Pick the surface that fits where you work

One API. Six ways to reach it.

API

The core REST surface — data, documents, search, inference, identity, auth. Everything else is a client on top of it.

SDKs

Typed clients for TypeScript, Python, and Java. Construct one with a token and environment, then call sub-clients by area — records, schemas, documents, folders, search, inference, identity.

CLI

The blueprint lifecycle — init, validate, plan, bootstrap, and end-to-end test — plus direct provisioning of contexts, identities, scoped keys, roles, and access bindings.

MCP server

Twenty-one data-plane tools that let an AI agent read and write your Vectros data natively over MCP. Vectros data-plane tools only — no web or external-search tools, by design.

Blueprints

An app model as one config file — schemas, access profile, a service principal, optional seed data — provisioned in one command, then driven from an agent with zero application code.

Reference apps

Forkable reference front-ends: a data-plane app to fork for a customer-facing UI, and a control-plane admin app.

The shortest path to running something

The no-code path, end to end.

Scaffold your own app from a bundled exemplar, then provision it.

terminal
# Scaffold a new "my-intake" app from the clinical-intake exemplar:
vectros blueprint init my-intake --from clinical-intake

# Check it before you provision anything (offline, no credentials):
vectros blueprint validate ./my-intake.blueprint.yaml

# Provision it — idempotently:
vectros bootstrap --blueprint ./my-intake.blueprint.yaml

bootstrap provisions the schemas, an application context, a service principal, a least-privilege access profile, and a narrow scoped key — and converges on re-run instead of duplicating. From there, drive it through an MCP agent or the data-plane UI. No application code.

One real prerequisite — the bridge token. bootstrap needs a short-lived bridge token from the developer portal (a browser sign-in, or VECTROS_BOOTSTRAP_TOKEN for scripted runs). There is no fully unattended path that mints one for you — and your root key never touches the flow. We call that out so nothing surprises you.

The CLI is the trust boundary, not the blueprint: a blueprint is untrusted input, and the scope gate mints only data-plane scopes (records · schemas · search · documents · folders · inference). Control-plane scopes are hard-rejected — there is no override flag.

Start here

Three entry points.

The platform overview & docs map

The four pillars in full context, organized so you always know where to look (explanation → how-to → reference for each area).

The blueprint walkthroughs

Getting-started, clinical-intake, coding-agent-memory, and second-brain — complete builds you can follow end to end.

The generated API reference

The authoritative, always-current request and response shapes, rendered from the OpenAPI specification.

A note on version reality

For the careful reader.

Not every client tracks the same SDK version yet. The CLI and MCP server bundle a newer build than the React toolkit and the reference web apps, so a small set of calls — partial updates to records, documents, and folders (RFC-7386 PATCH), and creating a record by either schema name or schema id — land on the newer clients first. Each call’s supported clients are marked in the docs, so you know exactly what yours can do rather than discovering it at runtime.

Invite-only today. Request access and we’ll get you a key.