---
canonical: "https://yuanhaochen.dev/notes/safe-ai-vault-writes"
path: "/notes/safe-ai-vault-writes"
section: "Notes"
title: "Safe AI-to-vault writes: why suggestion and commit should stay separate"
language: "en"
agentUse: "summary, retrieval, citation, hiring evaluation"
---

# Safe AI-to-vault writes: why suggestion and commit should stay separate

Why assistants may prepare durable changes, but review, confirmation, commit, and rollback should remain separate responsibilities.

The boundary

AI-assisted note systems become risky when the assistant can quietly mutate the user vault. The problem is not that the model writes text. The problem is that durable storage changed without a visible owner.

Suggestion and commit are different responsibilities. Collapsing them makes the system feel smooth while making trust harder.

The artifact

The serverless vault bridge keeps the assistant in the proposal lane. It can prepare a diff, but the final write requires exact-content confirmation, digest binding, path safety, expected base SHA, and conflict handling.

That adds friction on purpose. The friction is the point where ownership becomes visible again.

What I would reuse

The pattern is not limited to Markdown vaults. Any AI workflow that writes into durable systems should separate suggested change, reviewed change, committed change, and rollback story.

Inspect the repository

https://github.com/89325516/serverless-vault-bridge