Knowledge management for the AI era

Git solved knowledge management
for everything else.

A collaborative editor for humans. Markdown in Git for AI agents. A specification engine that measures what your documents fail to say.

Request early access Read the thesis ↓
$ git clone https://token@dogfood.vanamd.com/git/workspace
Cloning into 'workspace'...
remote: Enumerating objects: 4821, done.
remote: Total 4821 (delta 0), reused 4821
Receiving objects: 100% (4821/4821), 3.2 MiB | 12.4 MiB/s, done.
 
$ ls workspace/engineering/
ADRs/   runbooks/   architecture/   onboarding/
 
$ git log --oneline engineering/ADRs/ADR-001.md
a3f9c12 jane.smith: updated decision rationale with benchmark data
8e4d701 alex.k: initial ADR — Git as canonical source
 
$
The thesis

Git repositories are the best-designed knowledge management system in existence. Versioning, ownership, review workflows, structured format, full history. The reason engineers don't spend hours searching for information is that Git imposed a discipline on code that no other knowledge tool has imposed on anything else.

Meanwhile, organizational knowledge — policies, processes, runbooks, institutional wisdom — lives across a dozen tools in proprietary formats. That was tolerable when only humans needed to read it. Humans can infer, navigate ambiguity, fill gaps with context. AI agents cannot.

VanaMD brings Git's discipline to the rest of the organization's knowledge. A collaborative editor non-technical people can use. Markdown in Git underneath so it's natively readable by AI. A specification engine that measures how much of each document's meaning must be inferred. Built for two audiences as first-class consumers of the same knowledge base.

What healthy knowledge requires

VANA — the four properties

Every organizational knowledge system that works at scale has these four properties. Most have none.

V

Versioned

Every edit is a Git commit. Full history, blame, diff. You know who changed what, when, and why. So does the agent.

A

Authoritative

One source of truth. Clear ownership. Clear canonical status. When a human or an agent retrieves an answer, there is no ambiguity about whether it's current.

N

Native format

Every document is clean Markdown. An auto-generated llms.txt tells agents what's available. Trust directives tell them how much to rely on what they're reading. The format is the interface.

A

Accessible

A substrate only AI can read is a database. A substrate only humans can read is a wiki. VanaMD gives humans a collaborative editor — and serves agents the same content through protocols designed for them.

Five layers. One knowledge base. Two audiences.

What VanaMD ships

Everything ships together. There is no integration to configure, no format to convert, no pipeline to maintain.

✏️

Collaborative WYSIWYG editor

Non-technical users write normally. Real-time collaboration, comments, version history. Markdown in Git underneath — invisible discipline for people creating knowledge.

Git-backed versioning + HTTP clone

True version control — branching, merging, blame, diff — on all organizational knowledge. Any tool that reads Git reads this. git clone https://token@your-instance/git/workspace and you have everything.

🤖

MCP server — 13 tools, 3-tier permissionsNew

AI agents connect via the Model Context Protocol. 13 tools across read, write, and admin tiers. Workspace → collection → zone permission model. Write tools disabled by default — you control what agents can do.

📐

Knowledge Shapes — purpose-built renderersNew

Not all documents are the same. Decision records show status, alternatives, consequences. Runbooks show steps with verification. Research shows sources with trust ratings. Each shape renders how documents are actually used.

🔬

Specification engine — 90%+ recall

Measures how much of each document's meaning must be inferred. Surfaces ambiguous terms, underspecified procedures, contradictions, and missing context. Most organizational knowledge is 20–30% specified — AI agents and new hires cannot fill the rest.

🕸️

Knowledge graph + gap analysis

Staleness detection, gap analysis, contradiction flagging. Surfaces what's missing, not just what exists — so humans and agents can trust what they find.

📋

Compliance + governance dashboard

Attestation tracking, review workflows, direction-aware classification, audit trails backed by Git history. Built-in compliance lifecycle for regulated environments.

↔️

Bidirectional epistemic trust layer

Inbound directives tell agents how much to trust each document. Outbound evaluation scores agent actions before they modify content. Agent policy files versioned in Git — trust constraints travel with content, auditable via git log.

📄

Auto-generated llms.txt index

Every document in the knowledge base is discoverable by AI agents without custom integration. Machine-readable index at /llms.txt — updated automatically on every change.

Specification analysis

A code linter
for prose

Most knowledge management tools tell you what documents exist. VanaMD tells you what they fail to say.

The specification engine analyzes documents and measures their specification depth — how completely they state what they mean. The engine reaches 90%+ recall on planted specification gaps across a synthetic eval harness, validated against 3 iterative improvement cycles.

Incident Response Procedure spec_depth: 47/100
GAP Undefined term: "on-call rotation" — no definition of who is on call or how rotation is scheduled
GAP Vague timeline: "within a reasonable timeframe" — no quantified SLA for initial response
GAP Implicit assumption: assumes access to production credentials — no documented procedure for credential retrieval
GAP Missing context: escalation path for Severity 1 incidents not specified
Knowledge Shapes

Documents rendered
for how they're used

An ADR is not a runbook. A research brief is not a meeting note. VanaMD renders each document type with purpose-built UI — the shape surfaces what matters for that document's purpose.

⚖️

Decision

Shows status, alternatives considered, consequences, and decision history. Every option that was evaluated — not just the one chosen.

status · alternatives · rationale · consequences
📊

Analytical

Research and analysis with source trust ratings, findings summary, and confidence indicators. Built for documents that require interpretation.

findings · sources · confidence · citations
🏛️

Governance

Enforcement level, review schedule, attestation status, and compliance lifecycle. Surfaces what requires action — not just what the policy says.

enforcement · review cycle · attestations · lifecycle
🗓️

Temporal

Time-aware rendering for evolving documents — change history, validity windows, expiry indicators. Knowledge that has a date.

validity · expiry · change log · owner
🔢

Sequence

Step cards with state tracking. Each step shows completion status, prerequisites, and verification criteria — for runbooks and procedures.

steps · state · verification · prerequisites
📚

Register

Sortable, filterable table view for reference documents. Unique entry enforcement, search, and structured field display.

sortable · filterable · unique entries · search
AI agent access

MCP server —
13 tools, 3-tier permissions

AI agents connect to VanaMD via the Model Context Protocol. 13 tools across three permission tiers — workspace, collection, and zone.

Write tools are disabled by default. You control exactly what agents can do. Permission grants are scoped, auditable, and revocable. Agent actions leave an audit trail in Git history.

MCP tools — vanamd 13 tools
search_documents read
get_document read
list_collections read
get_knowledge_graph read
get_spec_analysis read
list_gaps read
create_document write
update_document write
move_document write
create_collection write
set_trust_directive write
submit_attestation admin
manage_permissions admin
90%+
Specification analysis recall
measured via synthetic eval harness · planted gap detection · 3 improvement iterations
91
Holdout quality score
behavioural test suite · 91 scenarios passing · 38 VanaMD-custom endpoints
89/89
API parity endpoints
Outline-compatible · 110 total endpoints · 23 skipped (no contract)
13
MCP tools available
read · write · admin tiers · workspace → collection → zone permissions
Security posture

Hardened, not deferred

17 security hardening measures across 5 audits. Not "we'll harden it later" — hardened in the open, documented in Git.

TLS + HSTS preload

All traffic over TLS 1.2+. HSTS preload header. Caddy handles certificate rotation automatically.

Rate limiting

Per-API-key rate limiting at 600 req/min. Standard headers exposed: X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After.

CORS policy

Strict origin allowlist. No wildcard origins. Preflight handling with correct methods and headers.

Input validation sweep

XSS, SQL injection, and oversized body protection. All user input validated at API boundaries. SetEscapeHTML enforced on all JSON responses.

Error handling audit

Internal error messages never leak to API responses. Stack traces sanitized. All error paths reviewed in SEC-9.

ABAC + classification

Attribute-based access control. Document classification levels. Non-admin cannot access restricted documents without explicit grants.

Questions

What people ask

How is VanaMD different from Confluence, Notion, or GitBook?
Those tools store knowledge in proprietary formats requiring lossy conversion before AI can read them. They have no specification depth measurement, no trust calibration for AI agents, and no structural analysis of what's missing. VanaMD's format is Git + Markdown — already the format AI agents read. The discipline is built in, not bolted on.
What is a specification engine?
A specification engine analyzes documents and measures their specification depth — how completely they state what they mean. Most organizational knowledge is 20–30% specified: humans fill gaps with tribal knowledge, but AI agents and new hires cannot. The engine identifies ambiguous terms, underspecified procedures, contradictions, and missing context — the metric nobody else measures. VanaMD's engine reaches 90%+ recall on planted gaps.
What are Knowledge Shapes?
Knowledge Shapes are purpose-built renderers for different document types. An ADR is not a runbook. A research brief is not a meeting note. Each shape renders what matters for that document's purpose — Decisions show alternatives and consequences, Governance shapes show review schedules and attestation status, Sequence shapes show step-by-step state. Documents look different because they are different.
How does the MCP integration work?
VanaMD ships a Model Context Protocol server with 13 tools across read, write, and admin tiers. AI agents (Claude, GPT-4, etc.) connect via the MCP protocol. Permissions are scoped at workspace, collection, and zone levels. Write tools are disabled by default — you explicitly grant what agents can do. All agent actions are auditable via Git history.
What is the epistemic trust layer?
VanaMD's bidirectional epistemic trust layer addresses a gap no other knowledge tool fills: when an AI agent retrieves a document, it has no signal about how much to trust it. The inbound side injects trust directives alongside content. The outbound side evaluates agent-generated content before it modifies the knowledge base. Trust constraints are versioned in Git — they travel with content and are auditable via git log.
How does Git clone work?
VanaMD implements the Git Smart HTTP protocol. git clone https://API_KEY@your-instance/git/workspace clones the entire knowledge base as a standard Git repository. Every document is a Markdown file. Every edit is a commit. Any tool that reads Git — CI systems, AI agents, developer tooling — reads the knowledge base directly. No export, no conversion, no integration required.

What if your organization's knowledge had the same discipline Git gives code?

We're building VanaMD in the open. Get occasional updates on progress, architecture decisions, and what we're learning.

Request early access
Matt Rathbun · matt.rathbun@gmail.com · Building in the open