serverless-vault-bridge

A serverless Markdown vault bridge for ChatGPT Actions and MCP that separates proposed AI edits from committed GitHub writes.

serverless-vault-bridge

Why this article exists

I built this around a small but important discomfort: if AI can help maintain a knowledge vault, it should not quietly mutate the vault behind the user. The bridge makes the assistant prepare a diff, then forces the final write through exact-content confirmation.

Problem

AI-assisted note systems need safe write boundaries: path safety, API authentication, diff review, digest-bound confirmation, expected base SHA, and conflict handling before storage changes.

What shipped

Cloudflare Worker-compatible runtime, GitHub Contents API storage adapter, ChatGPT Actions OpenAPI, MCP JSON-RPC endpoint, proposal tokens, path policy, CAS conflict handling, and behavior tests.

Evidence

The README names the propose-review-commit tool flow and failure semantics for path traversal, token mismatch, digest mismatch, path mismatch, base SHA mismatch, and CAS conflicts.

Inspect path

Inspect `src/`, `test/`, `wrangler.toml.example`, the OpenAPI schema, and tests for auth, path safety, token binding, CAS conflicts, and MCP parity.

Boundary

It is not a sync engine, database, agent framework, or direct write API for high-risk automation.

What changed

The important boundary became clearer: not chat versus agent, but suggestion versus commit, with ownership and rollback kept visible.

Next question

Where should approval live when AI can prepare a change but should not own the final mutation?

Open public repository

https://github.com/89325516/serverless-vault-bridge