@openparachute/vault 0.1.0 → 0.2.1

package/src/published.test.ts

@@ -57,18 +57,18 @@ function makeStore(notes: Record<string, { content: string; tags?: string[]; met
   } as any;
 }
 
-describe("handleViewNote", () => {
-  it("returns 404 for non-existent note", () => {
+describe("handleViewNote", async () => {
+  it("returns 404 for non-existent note", async () => {
     const store = makeStore({});
-    const resp = handleViewNote(store, "missing");
+    const resp = await handleViewNote(store, "missing");
     expect(resp.status).toBe(404);
   });
 
-  it("returns 404 for note without publish tag (unauthenticated)", () => {
+  it("returns 404 for note without publish tag (unauthenticated)", async () => {
     const store = makeStore({
       "n1": { content: "hello", tags: ["other"] },
     });
-    const resp = handleViewNote(store, "n1");
+    const resp = await handleViewNote(store, "n1");
     expect(resp.status).toBe(404);
   });
 
@@ -76,7 +76,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n1": { content: "# Hello\n\nWorld", tags: ["publish"], path: "Blog/My Post.md" },
     });
-    const resp = handleViewNote(store, "n1");
+    const resp = await handleViewNote(store, "n1");
     expect(resp.status).toBe(200);
     expect(resp.headers.get("Content-Type")).toBe("text/html; charset=utf-8");
 
@@ -90,7 +90,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n2": { content: "Content here", metadata: { published: true } },
     });
-    const resp = handleViewNote(store, "n2");
+    const resp = await handleViewNote(store, "n2");
     expect(resp.status).toBe(200);
     const html = await resp.text();
     expect(html).toContain("<p>Content here</p>");
@@ -103,7 +103,7 @@ describe("handleViewNote", () => {
         tags: ["publish"],
       },
     });
-    const resp = handleViewNote(store, "n3");
+    const resp = await handleViewNote(store, "n3");
     const html = await resp.text();
     expect(html).toContain("<strong>bold</strong>");
     expect(html).toContain("<em>italic</em>");
@@ -117,7 +117,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n4": { content: "<script>alert('xss')</script>", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n4");
+    const resp = await handleViewNote(store, "n4");
     const html = await resp.text();
     expect(html).not.toContain("<script>");
     expect(html).toContain("&lt;script&gt;");
@@ -127,7 +127,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n6": { content: "[click me](javascript:alert(1))", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n6");
+    const resp = await handleViewNote(store, "n6");
     const html = await resp.text();
     expect(html).not.toContain("javascript:");
     expect(html).toContain("click me");
@@ -138,7 +138,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n7": { content: "[click](data:text/html;base64,PHNjcmlwdD4=)", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n7");
+    const resp = await handleViewNote(store, "n7");
     const html = await resp.text();
     expect(html).not.toContain("data:");
     expect(html).toContain("click");
@@ -148,7 +148,7 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n8": { content: "[site](https://example.com) and [mail](mailto:a@b.com)", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n8");
+    const resp = await handleViewNote(store, "n8");
     const html = await resp.text();
     expect(html).toContain('href="https://example.com"');
     expect(html).toContain('href="mailto:a@b.com"');
@@ -158,17 +158,17 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n5": { content: "test", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n5");
+    const resp = await handleViewNote(store, "n5");
     const html = await resp.text();
     expect(html).toContain("prefers-color-scheme: dark");
   });
 
   // CSP header
-  it("includes Content-Security-Policy header", () => {
+  it("includes Content-Security-Policy header", async () => {
     const store = makeStore({
       "n1": { content: "test", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n1");
+    const resp = await handleViewNote(store, "n1");
     const csp = resp.headers.get("Content-Security-Policy");
     expect(csp).toContain("script-src 'none'");
     expect(csp).toContain("default-src 'self'");
@@ -179,17 +179,17 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "private": { content: "secret stuff", tags: ["internal"] },
     });
-    const resp = handleViewNote(store, "private", { authenticated: true });
+    const resp = await handleViewNote(store, "private", { authenticated: true });
     expect(resp.status).toBe(200);
     const html = await resp.text();
     expect(html).toContain("<p>secret stuff</p>");
   });
 
-  it("returns 404 for unpublished note when not authenticated", () => {
+  it("returns 404 for unpublished note when not authenticated", async () => {
     const store = makeStore({
       "private": { content: "secret stuff", tags: ["internal"] },
     });
-    const resp = handleViewNote(store, "private");
+    const resp = await handleViewNote(store, "private");
     expect(resp.status).toBe(404);
   });
 
@@ -198,17 +198,17 @@ describe("handleViewNote", () => {
     const store = makeStore({
       "n1": { content: "public content", tags: ["public"] },
     });
-    const resp = handleViewNote(store, "n1", { publishedTag: "public" });
+    const resp = await handleViewNote(store, "n1", { publishedTag: "public" });
     expect(resp.status).toBe(200);
     const html = await resp.text();
     expect(html).toContain("<p>public content</p>");
   });
 
-  it("rejects note with default tag when custom tag is configured", () => {
+  it("rejects note with default tag when custom tag is configured", async () => {
     const store = makeStore({
       "n1": { content: "content", tags: ["publish"] },
     });
-    const resp = handleViewNote(store, "n1", { publishedTag: "public" });
+    const resp = await handleViewNote(store, "n1", { publishedTag: "public" });
     expect(resp.status).toBe(404);
   });
 });

package/src/routes.ts

@@ -16,6 +16,13 @@ import { listUnresolvedWikilinks } from "../core/src/wikilinks.ts";
 import { toNoteIndex, filterMetadata } from "../core/src/notes.ts";
 import * as linkOps from "../core/src/links.ts";
 import * as tagSchemaOps from "../core/src/tag-schemas.ts";
+import {
+  expandContent,
+  DEFAULT_EXPAND_DEPTH,
+  MAX_EXPAND_DEPTH,
+  type ExpandContext,
+  type ExpandMode,
+} from "../core/src/expand.ts";
 import { join, extname, normalize } from "path";
 import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from "fs";
 import { vaultDir } from "./config.ts";
@@ -65,18 +72,39 @@ function parseIncludeMetadata(url: URL): boolean | string[] | undefined {
   return fields;
 }
 
+/**
+ * Parse expand_links/expand_depth/expand_mode from query params, returning
+ * an (ExpandContext, depth) pair if expansion is requested, else null.
+ */
+function parseExpandParams(
+  url: URL,
+  db: any,
+): { ctx: ExpandContext; depth: number } | null {
+  if (!parseBool(parseQuery(url, "expand_links"), false)) return null;
+  const modeRaw = parseQuery(url, "expand_mode");
+  const mode: ExpandMode = modeRaw === "summary" ? "summary" : "full";
+  const depth = Math.max(
+    0,
+    Math.min(
+      parseInt10(parseQuery(url, "expand_depth")) ?? DEFAULT_EXPAND_DEPTH,
+      MAX_EXPAND_DEPTH,
+    ),
+  );
+  return { ctx: { db, mode, expanded: new Set() }, depth };
+}
+
 
 /**
  * Resolve a note by ID or path. Tries ID first, then case-insensitive path.
  */
-function resolveNote(store: Store, idOrPath: string): Note | null {
-  const byId = store.getNote(idOrPath);
+async function resolveNote(store: Store, idOrPath: string): Promise<Note | null> {
+  const byId = await store.getNote(idOrPath);
   if (byId) return byId;
-  return store.getNoteByPath(idOrPath);
+  return await store.getNoteByPath(idOrPath);
 }
 
-function requireNote(store: Store, idOrPath: string): Note {
-  const note = resolveNote(store, idOrPath);
+async function requireNote(store: Store, idOrPath: string): Promise<Note> {
+  const note = await resolveNote(store, idOrPath);
   if (!note) throw new NotFoundError(`Note not found: "${idOrPath}"`);
   return note;
 }
@@ -110,16 +138,21 @@ export async function handleNotes(
 
       // Single note by id/path
       if (id) {
-        const note = resolveNote(store, id);
+        const note = await resolveNote(store, id);
         if (!note) return json({ error: "Note not found", id }, 404);
         const includeContent = parseBool(parseQuery(url, "include_content"), true);
         let result: any = includeContent ? { ...note } : toNoteIndex(note);
+        const expand = parseExpandParams(url, db);
+        if (expand && includeContent && typeof result.content === "string") {
+          expand.ctx.expanded.add(note.id);
+          result.content = expandContent(result.content, expand.ctx, expand.depth);
+        }
         result = filterMetadata(result, parseIncludeMetadata(url));
         if (parseBool(parseQuery(url, "include_links"), false)) {
           result.links = linkOps.getLinksHydrated(db, note.id);
         }
         if (parseBool(parseQuery(url, "include_attachments"), false)) {
-          result.attachments = store.getAttachments(note.id);
+          result.attachments = await store.getAttachments(note.id);
         }
         return json(result);
       }
@@ -128,10 +161,19 @@ export async function handleNotes(
       if (search) {
         const searchTags = parseQueryList(url, "tag");
         const limit = parseInt10(parseQuery(url, "limit")) ?? 50;
-        const results = store.searchNotes(search, { tags: searchTags, limit });
+        const results = await store.searchNotes(search, { tags: searchTags, limit });
         const includeContent = parseBool(parseQuery(url, "include_content"), false);
         const inclMeta = parseIncludeMetadata(url);
-        let output = includeContent ? results : results.map(toNoteIndex);
+        let output: any[] = includeContent ? results.map((n) => ({ ...n })) : results.map(toNoteIndex);
+        const expand = parseExpandParams(url, db);
+        if (expand && includeContent) {
+          for (const n of output) expand.ctx.expanded.add(n.id);
+          for (const n of output) {
+            if (typeof n.content === "string") {
+              n.content = expandContent(n.content, expand.ctx, expand.depth);
+            }
+          }
+        }
         if (inclMeta !== undefined && inclMeta !== true) {
           output = output.map((n: any) => filterMetadata(n, inclMeta));
         }
@@ -140,7 +182,7 @@ export async function handleNotes(
 
       // Structured query
       const tags = parseQueryList(url, "tag");
-      let results: Note[] = store.queryNotes({
+      let results: Note[] = await store.queryNotes({
         tags,
         tagMatch: (parseQuery(url, "tag_match") as "all" | "any") ?? (tags && tags.length > 1 ? "any" : undefined),
         excludeTags: parseQueryList(url, "exclude_tag"),
@@ -157,7 +199,7 @@ export async function handleNotes(
       // Near-scope filter (graph neighborhood)
       const nearNoteId = parseQuery(url, "near[note_id]");
       if (nearNoteId) {
-        const anchor = resolveNote(store, nearNoteId);
+        const anchor = await resolveNote(store, nearNoteId);
         if (!anchor) return json({ error: "Anchor note not found", note_id: nearNoteId }, 404);
         const depth = Math.min(parseInt10(parseQuery(url, "near[depth]")) ?? 2, 5);
         const relationship = parseQuery(url, "near[relationship]") ?? undefined;
@@ -170,7 +212,16 @@ export async function handleNotes(
       const includeLinks = parseBool(parseQuery(url, "include_links"), false);
       const includeAttachments = parseBool(parseQuery(url, "include_attachments"), false);
       const inclMeta = parseIncludeMetadata(url);
-      let output: any[] = includeContent ? results : results.map(toNoteIndex);
+      let output: any[] = includeContent ? results.map((n) => ({ ...n })) : results.map(toNoteIndex);
+      const expand = parseExpandParams(url, db);
+      if (expand && includeContent) {
+        for (const n of output) expand.ctx.expanded.add(n.id);
+        for (const n of output) {
+          if (typeof n.content === "string") {
+            n.content = expandContent(n.content, expand.ctx, expand.depth);
+          }
+        }
+      }
       if (inclMeta !== undefined && inclMeta !== true) {
         output = output.map((n: any) => filterMetadata(n, inclMeta));
       }
@@ -194,12 +245,14 @@ export async function handleNotes(
       }
 
       if (includeLinks || includeAttachments) {
-        return json(output.map((n: any) => {
-          const enriched = { ...n };
+        const enrichedOut: any[] = [];
+        for (const n of output) {
+          const enriched: any = { ...n };
           if (includeLinks) enriched.links = linkOps.getLinksHydrated(db, n.id);
-          if (includeAttachments) enriched.attachments = store.getAttachments(n.id);
-          return enriched;
-        }));
+          if (includeAttachments) enriched.attachments = await store.getAttachments(n.id);
+          enrichedOut.push(enriched);
+        }
+        return json(enrichedOut);
       }
 
       return json(output);
@@ -212,7 +265,7 @@ export async function handleNotes(
 
       const created: Note[] = [];
       for (const item of items) {
-        const note = store.createNote(item.content ?? "", {
+        const note = await store.createNote(item.content ?? "", {
           id: item.id,
           path: item.path,
           tags: item.tags,
@@ -223,18 +276,18 @@ export async function handleNotes(
         // Create explicit links
         if (item.links) {
           for (const link of item.links as { target: string; relationship: string }[]) {
-            const target = resolveNote(store, link.target);
-            if (target) store.createLink(note.id, target.id, link.relationship);
+            const target = await resolveNote(store, link.target);
+            if (target) await store.createLink(note.id, target.id, link.relationship);
           }
         }
 
-        created.push(store.getNote(note.id) ?? note);
+        created.push((await store.getNote(note.id)) ?? note);
       }
 
       // Apply tag schema defaults
       for (const note of created) {
         if (note.tags?.length) {
-          applySchemaDefaults(store, db, [note.id], note.tags);
+          await applySchemaDefaults(store, db, [note.id], note.tags);
         }
       }
 
@@ -254,16 +307,16 @@ export async function handleNotes(
   // Attachments sub-routes (keep as-is — Daily needs them)
   if (sub === "/attachments") {
     if (method === "POST") {
-      const note = resolveNote(store, idOrPath);
+      const note = await resolveNote(store, idOrPath);
       if (!note) return json({ error: "Not found" }, 404);
       const body = await req.json() as { path: string; mimeType: string };
       if (!body.path || !body.mimeType) return json({ error: "path and mimeType are required" }, 400);
-      return json(store.addAttachment(note.id, body.path, body.mimeType), 201);
+      return json(await store.addAttachment(note.id, body.path, body.mimeType), 201);
     }
     if (method === "GET") {
-      const note = resolveNote(store, idOrPath);
+      const note = await resolveNote(store, idOrPath);
       if (!note) return json({ error: "Not found" }, 404);
-      return json(store.getAttachments(note.id));
+      return json(await store.getAttachments(note.id));
     }
     return json({ error: "Method not allowed" }, 405);
   }
@@ -272,16 +325,21 @@ export async function handleNotes(
 
   // GET /notes/:idOrPath — single note
   if (method === "GET") {
-    const note = resolveNote(store, idOrPath);
+    const note = await resolveNote(store, idOrPath);
     if (!note) return json({ error: "Not found" }, 404);
     const includeContent = parseBool(parseQuery(url, "include_content"), true);
     let result: any = includeContent ? { ...note } : toNoteIndex(note);
+    const expand = parseExpandParams(url, db);
+    if (expand && includeContent && typeof result.content === "string") {
+      expand.ctx.expanded.add(note.id);
+      result.content = expandContent(result.content, expand.ctx, expand.depth);
+    }
     result = filterMetadata(result, parseIncludeMetadata(url));
     if (parseBool(parseQuery(url, "include_links"), false)) {
       result.links = linkOps.getLinksHydrated(db, note.id);
     }
     if (parseBool(parseQuery(url, "include_attachments"), false)) {
-      result.attachments = store.getAttachments(note.id);
+      result.attachments = await store.getAttachments(note.id);
     }
     return json(result);
   }
@@ -289,28 +347,30 @@ export async function handleNotes(
   // PATCH /notes/:idOrPath — update (content, path, metadata, tags, links)
   if (method === "PATCH") {
     try {
-      const note = resolveNote(store, idOrPath);
+      const note = await resolveNote(store, idOrPath);
       if (!note) throw new NotFoundError(`Note not found: "${idOrPath}"`);
       const body = await req.json() as any;
 
-      // Remove links first (before content update for bracket removal)
-      const linksRemove = body.links?.remove as { target: string; relationship: string }[] | undefined;
+      // --- Plan bracket cleanup for wikilink removals (no DB writes yet) ---
+      // The actual link deletions happen only after the core UPDATE succeeds,
+      // so a conflict leaves the note untouched.
       let contentOverride = body.content as string | undefined;
+      const linksRemove = body.links?.remove as { target: string; relationship: string }[] | undefined;
+      const resolvedLinksToRemove: { targetId: string; relationship: string }[] = [];
       if (linksRemove) {
         for (const link of linksRemove) {
-          const target = resolveNote(store, link.target);
-          if (target) {
-            store.deleteLink(note.id, target.id, link.relationship);
-            if (link.relationship === "wikilink" && target.path) {
-              const current = contentOverride ?? note.content;
-              const cleaned = removeWikilinkBrackets(current, target.path);
-              if (cleaned !== current) contentOverride = cleaned;
-            }
+          const target = await resolveNote(store, link.target);
+          if (!target) continue;
+          resolvedLinksToRemove.push({ targetId: target.id, relationship: link.relationship });
+          if (link.relationship === "wikilink" && target.path) {
+            const current = contentOverride ?? note.content;
+            const cleaned = removeWikilinkBrackets(current, target.path);
+            if (cleaned !== current) contentOverride = cleaned;
           }
         }
       }
 
-      // Core update
+      // --- Core update (runs the if_updated_at check atomically) ---
       const updates: any = {};
       if (contentOverride !== undefined) updates.content = contentOverride;
       if (body.path !== undefined) updates.path = body.path;
@@ -321,40 +381,63 @@ export async function handleNotes(
       if (body.created_at !== undefined || body.createdAt !== undefined) {
         updates.created_at = body.created_at ?? body.createdAt;
       }
+      if (body.if_updated_at !== undefined) {
+        updates.if_updated_at = body.if_updated_at;
+      }
 
       if (Object.keys(updates).length > 0) {
-        store.updateNote(note.id, updates);
+        await store.updateNote(note.id, updates);
+      }
+
+      // --- Remove links (after core UPDATE; conflict would have thrown already) ---
+      for (const { targetId, relationship } of resolvedLinksToRemove) {
+        await store.deleteLink(note.id, targetId, relationship);
       }
 
       // Tags
       if (body.tags?.add?.length) {
-        store.tagNote(note.id, body.tags.add);
-        applySchemaDefaults(store, db, [note.id], body.tags.add);
+        await store.tagNote(note.id, body.tags.add);
+        await applySchemaDefaults(store, db, [note.id], body.tags.add);
       }
       if (body.tags?.remove?.length) {
-        store.untagNote(note.id, body.tags.remove);
+        await store.untagNote(note.id, body.tags.remove);
       }
 
       // Add links
       if (body.links?.add) {
         for (const link of body.links.add as { target: string; relationship: string; metadata?: Record<string, unknown> }[]) {
-          const target = resolveNote(store, link.target);
-          if (target) store.createLink(note.id, target.id, link.relationship, link.metadata);
+          const target = await resolveNote(store, link.target);
+          if (target) await store.createLink(note.id, target.id, link.relationship, link.metadata);
         }
       }
 
-      return json(store.getNote(note.id));
+      return json(await store.getNote(note.id));
     } catch (e: any) {
       if (e instanceof NotFoundError) return json({ error: e.message }, 404);
+      // Duck-type on `code` rather than `instanceof ConflictError`: this
+      // error originates in the core package and survives any future
+      // bundling / module-boundary split more robustly than a prototype check.
+      if (e && e.code === "CONFLICT") {
+        return json(
+          {
+            error: "conflict",
+            message: e.message,
+            note_id: e.note_id,
+            current_updated_at: e.current_updated_at ?? null,
+            expected_updated_at: e.expected_updated_at,
+          },
+          409,
+        );
+      }
       throw e;
     }
   }
 
   // DELETE /notes/:idOrPath — admin only (enforced at server level)
   if (method === "DELETE") {
-    const note = resolveNote(store, idOrPath);
+    const note = await resolveNote(store, idOrPath);
     if (!note) return json({ error: "Not found" }, 404);
-    store.deleteNote(note.id);
+    await store.deleteNote(note.id);
     return json({ deleted: true, id: note.id });
   }
 
@@ -367,16 +450,15 @@ export async function handleNotes(
 
 export async function handleTags(req: Request, store: Store, subpath = ""): Promise<Response> {
   const url = new URL(req.url);
-  const db = (store as any).db;
 
   // GET /tags — list all, or get single tag detail
   if (req.method === "GET" && subpath === "") {
     const singleTag = parseQuery(url, "tag");
 
     if (singleTag) {
-      const allTags = store.listTags();
+      const allTags = await store.listTags();
       const found = allTags.find((t) => t.name === singleTag);
-      const schema = store.getTagSchema(singleTag);
+      const schema = await store.getTagSchema(singleTag);
       return json({
         name: singleTag,
         count: found?.count ?? 0,
@@ -385,9 +467,9 @@ export async function handleTags(req: Request, store: Store, subpath = ""): Prom
       });
     }
 
-    const tags = store.listTags();
+    const tags = await store.listTags();
     if (parseBool(parseQuery(url, "include_schema"), false)) {
-      const schemas = store.getTagSchemaMap();
+      const schemas = await store.getTagSchemaMap();
       return json(tags.map((t) => ({
         ...t,
         description: schemas[t.name]?.description ?? null,
@@ -404,9 +486,9 @@ export async function handleTags(req: Request, store: Store, subpath = ""): Prom
 
   // GET /tags/:name — single tag detail
   if (req.method === "GET") {
-    const allTags = store.listTags();
+    const allTags = await store.listTags();
     const found = allTags.find((t) => t.name === tagName);
-    const schema = store.getTagSchema(tagName);
+    const schema = await store.getTagSchema(tagName);
     return json({
       name: tagName,
       count: found?.count ?? 0,
@@ -418,9 +500,9 @@ export async function handleTags(req: Request, store: Store, subpath = ""): Prom
   // PUT /tags/:name — upsert tag schema (description + fields)
   if (req.method === "PUT") {
     const body = await req.json() as { description?: string; fields?: Record<string, unknown> };
-    const existing = store.getTagSchema(tagName);
+    const existing = await store.getTagSchema(tagName);
     const mergedFields = { ...existing?.fields, ...(body.fields as any) };
-    const schema = store.upsertTagSchema(tagName, {
+    const schema = await store.upsertTagSchema(tagName, {
       description: body.description ?? existing?.description,
       fields: Object.keys(mergedFields).length > 0 ? mergedFields : undefined,
     });
@@ -429,8 +511,8 @@ export async function handleTags(req: Request, store: Store, subpath = ""): Prom
 
   // DELETE /tags/:name — delete tag + schema from all notes
   if (req.method === "DELETE") {
-    store.deleteTagSchema(tagName);
-    return json(store.deleteTag(tagName));
+    await store.deleteTagSchema(tagName);
+    return json(await store.deleteTag(tagName));
   }
 
   return json({ error: "Method not allowed" }, 405);
@@ -440,7 +522,7 @@ export async function handleTags(req: Request, store: Store, subpath = ""): Prom
 // Find-path — GET /api/find-path?source=...&target=...
 // ---------------------------------------------------------------------------
 
-export function handleFindPath(req: Request, store: Store): Response {
+export async function handleFindPath(req: Request, store: Store): Promise<Response> {
   if (req.method !== "GET") return json({ error: "Method not allowed" }, 405);
 
   const url = new URL(req.url);
@@ -450,9 +532,9 @@ export function handleFindPath(req: Request, store: Store): Response {
 
   const db = (store as any).db;
   try {
-    const sourceNote = resolveNote(store, source);
+    const sourceNote = await resolveNote(store, source);
     if (!sourceNote) return json({ error: `Note not found: "${source}"` }, 404);
-    const targetNote = resolveNote(store, target);
+    const targetNote = await resolveNote(store, target);
     if (!targetNote) return json({ error: `Note not found: "${target}"` }, 404);
     const maxDepth = Math.min(parseInt10(parseQuery(url, "max_depth")) ?? 5, 10);
 
@@ -482,7 +564,7 @@ export async function handleVault(
       description: vaultConfig.description ?? null,
     };
     if (parseBool(parseQuery(url, "include_stats"), false)) {
-      result.stats = store.getVaultStats();
+      result.stats = await store.getVaultStats();
     }
     return json(result);
   }
@@ -611,13 +693,13 @@ function isNotePublished(note: { tags?: string[]; metadata?: unknown }, publishe
  * GET /view/:idOrPath — serve a note as clean HTML.
  * Supports ID or path resolution.
  */
-export function handleViewNote(
+export async function handleViewNote(
   store: Store,
   idOrPath: string,
   options: { authenticated?: boolean; publishedTag?: string } = {},
-): Response {
+): Promise<Response> {
   const { authenticated = false, publishedTag = "publish" } = options;
-  const note = resolveNote(store, idOrPath);
+  const note = await resolveNote(store, idOrPath);
   if (!note) {
     return new Response("Not Found", { status: 404, headers: { "Content-Type": "text/plain" } });
   }
@@ -773,7 +855,7 @@ export async function handleStorage(req: Request, path: string, vault: string):
 // Tag schema defaults — same logic as core/src/mcp.ts applySchemaDefaults
 // ---------------------------------------------------------------------------
 
-function applySchemaDefaults(store: Store, db: any, noteIds: string[], tags: string[]): void {
+async function applySchemaDefaults(store: Store, db: any, noteIds: string[], tags: string[]): Promise<void> {
   const schemas = tagSchemaOps.getTagSchemaMap(db);
   if (Object.keys(schemas).length === 0) return;
 
@@ -790,7 +872,7 @@ function applySchemaDefaults(store: Store, db: any, noteIds: string[], tags: str
   if (Object.keys(defaults).length === 0) return;
 
   for (const noteId of noteIds) {
-    const note = store.getNote(noteId);
+    const note = await store.getNote(noteId);
     if (!note) continue;
     const existing = (note.metadata as Record<string, unknown>) ?? {};
     const missing: Record<string, unknown> = {};
@@ -798,7 +880,7 @@ function applySchemaDefaults(store: Store, db: any, noteIds: string[], tags: str
       if (!(field in existing)) missing[field] = value;
     }
     if (Object.keys(missing).length === 0) continue;
-    store.updateNote(noteId, {
+    await store.updateNote(noteId, {
       metadata: { ...existing, ...missing },
       skipUpdatedAt: true,
     });