{"slug": "salvager-undo-for-ai-agents-that-edit-your-files", "title": "Salvager, Undo for AI agents that edit your files", "summary": "Salvager, a filesystem-level safety net for AI coding agents, automatically saves every file revision to enable recovery from agent-caused damage. The tool runs as a passive watcher with zero configuration, offering CLI and MCP-based restoration without cloud dependency.", "body_md": "# Your agent broke it. Get it back.\n\nSalvager is a filesystem-level safety net for AI coding agents. A passive watcher saves every file revision as you and your agent work, so anything the agent breaks, you can get back.\n\nZero config. Run it in any project root:\n\n```\nsalvager watch\n```\n\nThe problem\n\n## An agent can rewrite a file faster than you can read the diff.\n\nAI coding agents edit real files on disk. Most of the time that's exactly what you want. But mistakes are silent. A clobbered function, a deleted block, a refactor that ran too far, and by the time you notice, the previous version may already be gone.\n\nRecovery shouldn't depend on the agent being careful, on you having committed at the right moment, or on an editor that happened to be open. You need a guarantee that lives below the agent, down at the filesystem.\n\nHow it works\n\n## A passive watcher, not a workflow you have to remember.\n\nThink Local History for AI agents: capture is automatic, recovery is whatever you want, whether CLI, MCP, or your bare hands. The two are decoupled on purpose, so the part that protects you never depends on the part that might fail.\n\n- 01\n### Watch\n\nRun salvager watch in any project root. No config, no accounts, no cloud. It starts observing the tree immediately.\n\n- 02\n### Capture every revision\n\nEach time a file changes, whether your keystrokes or an agent's edit, Salvager saves a new per-file revision into .salvager/. Automatically. Continuously.\n\n- 03\n### Discover the history\n\nBrowse the timeline for any file from the CLI, over MCP, or by hand with plain ls and cat. Every version is there, with a content signal to tell them apart.\n\n- 04\n### Restore\n\nRoll any file back to any earlier revision. The restore itself first saves the current state, so it's reversible too. Nothing is ever a dead end.\n\nWhat it protects\n\n## The work your safety net was never built to catch.\n\nWatch an agent do real work, destroy it, and find that git, the filesystem, and the editor have nothing to give back. Then watch Salvager hand it over, unharmed. Pick a case.\n\nRecovering uncommitted work that git reset --hard destroyed.\n\nRecovering an untracked dataset after an in-place overwrite dropped most rows.\n\nRestoring a documentation section an agent rewrote with weaker prose.\n\nRecovering the last-good pass of a multi-file refactor after a later pass broke the build.\n\nFor agents · MCP\n\n## A recovery layer your agent can drive itself.\n\nSalvager exposes the history over MCP. An agent that breaks something can discover the timeline, inspect past revisions, and restore the right one, no human in the loop. Read first, then restore.\n\n`salvager_list_versions`\n\nread-only List the saved revisions for a file, newest first. Each carries its content signal (lines, line delta, start signature) so the agent can pick the right one without re-reading every version.\n\n`salvager_get_version`\n\nread-only Fetch the exact contents of one revision. Read-only inspection, so the agent confirms it found the version it wants before changing anything.\n\n`salvager_restore`\n\nwrite Restore a file to a chosen revision. First saves the current state as a pre-restore revision, so the restore is itself undoable.\n\nRegister with any MCP client:\n\n```\n{\n  \"mcpServers\": {\n    \"salvager\": {\n      \"command\": \"salvager\",\n      \"args\": [\"mcp\"],\n      \"cwd\": \"/path/to/project\"\n    }\n  }\n}\n```\n\n### No delete over MCP\n\nThere is no purge or delete tool exposed over MCP. The safety net can't be erased by the thing that might break it. An agent can recover work, but never destroy the record of it.\n\nWhy trust it\n\n## The guarantee holds because of how it's built.\n\nCaptures everything → everything is reversible. The design removes the ways a safety net usually fails: missing config, partial coverage, destructive recovery, lock-in.\n\n### Zero configuration\n\nsalvager watch in any project root. No config files, no accounts, no setup ritual. It just starts protecting you.\n\n### Single static binary\n\nOne static Go binary with no cgo, no runtime, no dependencies. Drop it in and run. Linux and macOS, amd64 and arm64.\n\n### Readable without the tool\n\nHistory is plain files under .salvager/. Lost the binary? A bare ls and cat recovers anything by hand. No lock-in, no proprietary format.\n\n### Whole-tree coverage\n\nWhen the OS real-time watch ceiling is hit, overflow subtrees fall back to a polling sweep automatically. Coverage stays complete, never silently partial.\n\n### Restore is reversible\n\nEvery restore first saves the current state as a pre-restore revision. Restoring is itself undoable. There are no one-way doors.\n\n### Can't be erased over MCP\n\nNo purge or delete is exposed over MCP. The agent that might break your code cannot erase the record that lets you recover it.\n\n### Self-hosted, no cloud\n\nEverything stays on your machine. No telemetry, no upload, no third party. Apache-2.0 licensed and fully self-hostable.\n\nRunning with known gaps is possible, but only as an explicit opt-in via\n`--allow-partial`\n\n. Coverage is never reduced behind your back.\n\nQuickstart\n\n## Up and running in under a minute.\n\n### Install\n\nThe install script drops a single static binary on your PATH. It never uses sudo, sends no telemetry, and doesn't touch your shell config. macOS and Linux.\n\n```\ncurl -fsSL https://raw.githubusercontent.com/usesalvager/salvager/main/install.sh | sh\n```\n\nOn Homebrew (macOS/Linux):\n\n```\nbrew install usesalvager/tap/salvager\n```\n\nPrefer to build it yourself? With a Go toolchain,\n`go build -o salvager .`\n\nfrom a\n[clone](https://github.com/usesalvager/salvager). Prebuilt binaries for Linux and macOS (amd64 + arm64), each with a\nSHA-256 checksum, are on the\n[releases page](https://github.com/usesalvager/salvager/releases). Windows is best-effort from source.\n\n### Watch, inspect, restore\n\nOne command to start. Everything from there is recovery on your terms.\n\n```\n# One-command onboarding: registers the MCP server and updates your agent config\nsalvager init\n\n# Start watching the current project (capture begins immediately)\nsalvager watch\n\n# List the recorded versions of a file\nsalvager history config.json\n\n# Inspect one version's content (timestamp from history)\nsalvager show config.json 1718312445\n\n# Restore a file to a version (itself reversible)\nsalvager restore config.json 1718312445\n```\n\nTo wire it into an agent over MCP, see\n[For agents](#agents) above.\n\nFAQ\n\n## Questions, answered plainly.\n\n## What happens if an AI agent breaks my code?\n\nThe watcher has already saved a revision of the file, automatically, as the edit happened. List the versions, restore the good one, and you're back. The restore itself first saves the current state, so even that is reversible.\n\n## How is this different from git?\n\nNo commits, no staging, nothing to remember. Salvager captures every save in the background, including work you never committed, and complements git rather than replacing it. git is your durable, shared history; Salvager is the always-on local safety net underneath it.\n\n## Do I need to configure anything?\n\nNo. Run salvager watch in any project root. Zero configuration: no accounts, no cloud, no config files. It records an initial revision of every tracked file on startup, then captures every change thereafter.\n\n## Where is my history stored, and can I read it without the tool?\n\nIn a plain .salvager/ directory inside your project. Objects are deduplicated by content hash and revisions are listed in plain logs, so a bare ls and cat recover anything by hand. No proprietary format, no lock-in.\n\n## Can an AI agent erase my recovery history over MCP?\n\nNo. The MCP server exposes exactly three tools: list versions, get a version, and restore. There is no purge or delete over MCP, so the safety net can't be erased by the agent that might break things.\n\n## What platforms does it run on?\n\nA single static Go binary with no runtime and no dependencies. macOS and Linux (amd64 and arm64), with Windows best-effort from source. Apache-2.0 licensed.", "url": "https://wpnews.pro/news/salvager-undo-for-ai-agents-that-edit-your-files", "canonical_source": "https://www.salvager.sh/", "published_at": "2026-06-17 23:00:45+00:00", "updated_at": "2026-06-17 23:22:24.314498+00:00", "lang": "en", "topics": ["ai-tools", "ai-agents", "developer-tools"], "entities": ["Salvager", "MCP"], "alternates": {"html": "https://wpnews.pro/news/salvager-undo-for-ai-agents-that-edit-your-files", "markdown": "https://wpnews.pro/news/salvager-undo-for-ai-agents-that-edit-your-files.md", "text": "https://wpnews.pro/news/salvager-undo-for-ai-agents-that-edit-your-files.txt", "jsonld": "https://wpnews.pro/news/salvager-undo-for-ai-agents-that-edit-your-files.jsonld"}}