Obsidian
Pairing Obsidian lets ~Alter recognise the shape of your local knowledge graph: the structure of how you think across notes, the rhythm of where you spend attention. Note contents never leave your machine; only the shape of the graph is read.
What pairing does not authorise
Pairing this connector is a read commitment, not delegation. Specifically, ~Alter cannot use this pairing to:
- •Read, transmit, or store the contents of any note in your vault.
- •Modify, create, or delete any note, folder, or attachment.
- •Sync your vault to ~alter servers, or anywhere else, in any form.
- •Read note titles or filenames. Only structural counts and link topology are read.
- •Surface your knowledge-graph data to any third party without a separate consent row scoped to that recipient.
The OAuth or attestation scope we request is the minimum required to recognise the pattern described in What we read. Anything beyond that is structurally refused at the connector boundary, not promised by trust. How pairing works.
What we read
- Vault topology: number of notes, number of folders, depth distribution. Magnitudes, not names.
- Anonymised link graph: how strongly notes interconnect as a structure. Never the link text or note identity.
- Activity cadence: when notes are touched, aggregated to weekly buckets. Never which note, never the change.
- The vault hash that proves the same vault is still being paired across sessions.
What we don't read
~Alter explicitly refuses these fields even when the OAuth scope or API permits them. Every refusal is enforced at the connector boundary, not by trust.
- Note bodies, titles, filenames, or any plaintext.
- Tags, frontmatter values, or any metadata field a note carries.
- Attachments, embeds, images, or any binary content.
- Sync to a remote. Pairing reads locally and writes only the aggregated shape back to ~alter.
- Plugin manifests or which community plugins you have installed.
Where it lives
The graph-shape signal is computed in alter-runtime on your machine. Only the aggregated topology vector is sent to ~alter's pairing ledger, keyed to your ~handle, with a T2 ownership-confirmed tier badge. The vault itself never leaves your device. Revoking tears down the runtime watcher and deletes the aggregated vector.
How to revoke
Revocation is immediate. Ask the AI client you paired through to revoke this connector, or revoke it from your consent surface over the same connection. Either path revokes the provider token, stops all further reads, and purges the derived signals this connector fed into your identity vector. An audit row records the revocation.
One thing is kept on purpose. The connector retains a record that this account was paired and when it was disconnected, so the same account cannot be unpaired and re-paired in quick succession to churn your identity vector. That cooldown record holds the raw profile snapshot until the window passes. It is never read into a new signal while disconnected, and it is not shared with anyone.
Prefer the command line? The CLI is the optional deeper path and revokes the same connector:
CLI (optional)
alter pair revoke obsidianPairing this connector does not enrol you in any matching, ranking, or matching surface. Every downstream use requires its own consent row. See the consent model.