@openparachute/vault 0.3.3 → 0.4.0

package/core/src/notes.ts

@@ -1,9 +1,10 @@
-import { Database } from "bun:sqlite";
+import { Database, type SQLQueryBindings } from "bun:sqlite";
 import type { Note, NoteIndex, QueryOpts, VaultStats } from "./types.js";
 import { normalizePath } from "./paths.js";
 import {
   buildOperatorClause,
   isOperatorObject,
+  QueryError,
   requireIndexedField,
 } from "./query-operators.js";
 
@@ -35,15 +36,32 @@ export function createNote(
   const metadata = opts?.metadata ? JSON.stringify(opts.metadata) : "{}";
   const path = normalizePath(opts?.path);
 
+  // Empty-note invariant (#213): reject `content+path both absent`. Three
+  // legit shapes — content-only, path-only, both — only the empty+empty
+  // combo is the runaway-client signature that flooded a deployment with
+  // 7,453 pathless empty notes in one MCP burst. `content` only is a
+  // legitimate un-pathed jot; `path` only is a wikilink placeholder or
+  // `_schemas/*` config note.
+  if (!content.trim() && path === null) {
+    throw new EmptyNoteError();
+  }
+
   // `updated_at` is set to `created_at` on insert so a client whose optimistic
   // concurrency check falls back to `createdAt` on a never-updated note
   // (the common shape: `note.updatedAt ?? note.createdAt`) matches the stored
   // value. Hook-style writes with `skipUpdatedAt` preserve this; real user
   // edits bump it strictly upward, so `updated_at > created_at` still means
   // "user-touched since creation."
-  db.prepare(
-    `INSERT INTO notes (id, content, path, metadata, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?)`,
-  ).run(id, content, path, metadata, createdAt, createdAt);
+  try {
+    db.prepare(
+      `INSERT INTO notes (id, content, path, metadata, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?)`,
+    ).run(id, content, path, metadata, createdAt, createdAt);
+  } catch (err) {
+    if (path !== null && isPathUniqueError(err)) {
+      throw new PathConflictError(path);
+    }
+    throw err;
+  }
 
   if (opts?.tags && opts.tags.length > 0) {
     tagNote(db, id, opts.tags);
@@ -108,11 +126,98 @@ export class ConflictError extends Error {
   }
 }
 
+/**
+ * Thrown by `createNote` / `updateNote` when the requested path is already
+ * taken by another note. Surfaces as 409 at the HTTP layer so clients can
+ * distinguish "path taken — pick another" from a generic 500.
+ *
+ * Detected by catching SQLite's UNIQUE-constraint error on the
+ * `idx_notes_path_unique` partial index (schema v5+). Matches the tag
+ * "UNIQUE constraint failed: notes.path" rather than a numeric code so
+ * we keep working if bun:sqlite changes its error class hierarchy.
+ */
+export class PathConflictError extends Error {
+  code = "PATH_CONFLICT" as const;
+  path: string;
+
+  constructor(path: string) {
+    super(`path_conflict: another note already uses path "${path}"`);
+    this.name = "PathConflictError";
+    this.path = path;
+  }
+}
+
+/**
+ * Per-call item cap on `createNote`/`updateNote` batch entry points
+ * (MCP `create-note` / `update-note` and HTTP `POST /api/notes`).
+ * Single source of truth — both transports import from here so the cap
+ * can never silently drift between them. See #213 for the runaway-client
+ * incident that motivated the cap (7,453 empty notes in one MCP burst).
+ */
+export const MAX_BATCH_SIZE = 500;
+
+/**
+ * Thrown by `createNote` / `updateNote` when the proposed note state has
+ * neither content nor path. The vault accepts un-pathed jots (content only)
+ * and path-only placeholders (wikilink stubs, `_schemas/*`), but a note
+ * with neither is the runaway-client signature flagged in #213 — one MCP
+ * burst flooded a deployment with 7,453 empty pathless rows. Surfaces as
+ * 400 at the HTTP layer.
+ */
+export class EmptyNoteError extends Error {
+  code = "EMPTY_NOTE" as const;
+  note_id: string | null;
+  /**
+   * Zero-based position in a batch call when the empty entry is rejected via
+   * the transport-layer pre-validation pass (HTTP `POST /api/notes` or MCP
+   * `create-note` with `notes: [...]`). `null` for single-update rejections
+   * and for Store-level throws that don't know their batch context.
+   */
+  item_index: number | null;
+
+  constructor(noteId: string | null = null, itemIndex: number | null = null) {
+    super(
+      noteId
+        ? `empty_note: update would leave note "${noteId}" with neither content nor path`
+        : itemIndex !== null
+          ? `empty_note: a note must have either content or a path (item index ${itemIndex})`
+          : `empty_note: a note must have either content or a path`,
+    );
+    this.name = "EmptyNoteError";
+    this.note_id = noteId;
+    this.item_index = itemIndex;
+  }
+}
+
+/**
+ * Match bun:sqlite's UNIQUE-constraint error on the notes.path index. The
+ * error class is `SQLiteError` but matching on the message is sufficient
+ * here — the index name and column are stable parts of the schema, and
+ * bun:sqlite has carried this exact message text since 1.0.
+ */
+function isPathUniqueError(err: unknown): boolean {
+  if (!(err instanceof Error)) return false;
+  return err.message.includes("UNIQUE constraint failed: notes.path");
+}
+
 export function updateNote(
   db: Database,
   id: string,
   updates: {
     content?: string;
+    /**
+     * Atomic content append. Computed via SQL string concatenation
+     * (`content = content || ?`), so two concurrent appends never
+     * overwrite each other — the second simply lands after the first.
+     * Mutually exclusive with `content`.
+     */
+    append?: string;
+    /**
+     * Atomic content prepend. Same SQL-level guarantee as `append`.
+     * Mutually exclusive with `content`. May be combined with `append`
+     * in a single call (both contributions land).
+     */
+    prepend?: string;
     path?: string;
     metadata?: Record<string, unknown>;
     created_at?: string;
@@ -125,8 +230,45 @@ export function updateNote(
     if_updated_at?: string;
   },
 ): Note {
+  if (updates.content !== undefined && (updates.append !== undefined || updates.prepend !== undefined)) {
+    throw new Error(
+      "update-note: `content` is mutually exclusive with `append`/`prepend`. Pick full-replace or additive — not both in the same call.",
+    );
+  }
+
+  // Empty-note invariant (#213): when this update touches content or path,
+  // reject if the post-state would be empty content + null path. We only
+  // enforce on transitions that actually touch the relevant fields, so
+  // metadata-only or tag-only updates against legacy empty rows still pass.
+  // Hook-style writes (skipUpdatedAt) are exempted — they're machine-level
+  // marker writes that legitimately may run against any shape of row.
+  const touchesContent = updates.content !== undefined
+    || updates.append !== undefined
+    || updates.prepend !== undefined;
+  const touchesPath = updates.path !== undefined;
+  if ((touchesContent || touchesPath) && !updates.skipUpdatedAt) {
+    const current = getNote(db, id);
+    if (current) {
+      let finalContent: string;
+      if (updates.content !== undefined) {
+        finalContent = updates.content;
+      } else if (touchesContent) {
+        finalContent = (updates.prepend ?? "") + current.content + (updates.append ?? "");
+      } else {
+        finalContent = current.content;
+      }
+      const finalPath = touchesPath ? normalizePath(updates.path) : (current.path ?? null);
+      if (!finalContent.trim() && !finalPath) {
+        throw new EmptyNoteError(id);
+      }
+    }
+    // If `current` is null we fall through — existing code paths handle the
+    // missing-row case downstream (the conditional UPDATE returns 0 rows;
+    // OC throws ConflictError; non-OC returns silently).
+  }
+
   const sets: string[] = [];
-  const values: unknown[] = [];
+  const values: (string | null)[] = [];
 
   // Hooks and other machine-level writers pass `skipUpdatedAt: true` so
   // their metadata markers don't look like user activity. See issue #44.
@@ -150,6 +292,34 @@ export function updateNote(
     sets.push("content = ?");
     values.push(updates.content);
   }
+  if (updates.append !== undefined || updates.prepend !== undefined) {
+    // Atomic concat at the SQL layer. SQLite's `||` operator on the
+    // existing `content` column means a concurrent reader-then-writer
+    // race window is impossible: each `UPDATE` evaluates `content`
+    // under the write lock, so two simultaneous appends both land
+    // (in some order) instead of one clobbering the other.
+    //
+    // Frontmatter-aware prepend (#203): if the note opens with a YAML
+    // frontmatter block (`---\n...\n---\n`), the prepend is injected
+    // *after* the closing `---\n` so parsers that expect frontmatter
+    // at byte 0 still find it. Detection uses `instr(content, '\n---\n')`
+    // — the closing fence is whatever `\n---\n` appears after the
+    // opening one. If no frontmatter is detected, prepend goes at
+    // byte 0 as before. Atomicity is preserved: the entire transform
+    // is one UPDATE expression evaluated under the write lock.
+    sets.push(
+      "content = CASE "
+        + "WHEN substr(content, 1, 4) = '---' || char(10) "
+        + "AND instr(content, char(10) || '---' || char(10)) > 0 "
+        + "THEN substr(content, 1, instr(content, char(10) || '---' || char(10)) + 4) || ? "
+        + "|| substr(content, instr(content, char(10) || '---' || char(10)) + 5) || ? "
+        + "ELSE ? || content || ? "
+        + "END",
+    );
+    const prependVal = updates.prepend ?? "";
+    const appendVal = updates.append ?? "";
+    values.push(prependVal, appendVal, prependVal, appendVal);
+  }
   if (updates.path !== undefined) {
     sets.push("path = ?");
     values.push(normalizePath(updates.path));
@@ -167,13 +337,15 @@ export function updateNote(
   // need to validate the precondition; a conditional UPDATE that sets
   // updated_at to itself does exactly that atomically — even a no-net-
   // change UPDATE takes the write lock in WAL mode, so it still serializes
-  // with other writers and `.changes` reflects whether the WHERE matched.
+  // with other writers. `RETURNING id` reports the row only when WHERE
+  // matched — `.changes` is unreliable inside multi-statement transactions
+  // (vault#261).
   if (sets.length === 0) {
     if (updates.if_updated_at !== undefined) {
       const probe = db.prepare(
-        "UPDATE notes SET updated_at = updated_at WHERE id = ? AND updated_at IS ?",
-      ).run(id, updates.if_updated_at);
-      if (probe.changes === 0) {
+        "UPDATE notes SET updated_at = updated_at WHERE id = ? AND updated_at IS ? RETURNING id",
+      ).get(id, updates.if_updated_at) as { id: string } | null;
+      if (probe === null) {
         throwConflictOrMissing(db, id, updates.if_updated_at);
       }
     }
@@ -187,9 +359,23 @@ export function updateNote(
     values.push(updates.if_updated_at);
   }
 
-  const res = db.prepare(sql).run(...values);
+  let matched: { id: string } | null = null;
+  try {
+    if (updates.if_updated_at !== undefined) {
+      matched = db.prepare(`${sql} RETURNING id`).get(...values) as
+        | { id: string }
+        | null;
+    } else {
+      db.prepare(sql).run(...values);
+    }
+  } catch (err) {
+    if (updates.path !== undefined && isPathUniqueError(err)) {
+      throw new PathConflictError(normalizePath(updates.path) ?? updates.path);
+    }
+    throw err;
+  }
 
-  if (updates.if_updated_at !== undefined && res.changes === 0) {
+  if (updates.if_updated_at !== undefined && matched === null) {
     throwConflictOrMissing(db, id, updates.if_updated_at);
   }
 
@@ -212,21 +398,38 @@ export function deleteNote(db: Database, id: string): void {
 
 export function queryNotes(db: Database, opts: QueryOpts): Note[] {
   const conditions: string[] = [];
-  const params: unknown[] = [];
+  const params: SQLQueryBindings[] = [];
   const joins: string[] = [];
 
-  // Include tags — "all" (default): must have ALL tags; "any": must have ANY tag
+  // Include tags — "all" (default): must have ALL tags; "any": must have ANY tag.
+  // The `_tagsExpanded` internal field carries per-input-tag descendant sets
+  // when the tag-hierarchy resolver (see core/src/tag-hierarchy.ts) has
+  // expanded the input — `tags: ["manual"]` becomes the set
+  // `{manual, voice, text, ...}` per declared `_tags/*` config notes. Falls
+  // back to `[opts.tags[i]]` (single-element set) when no expansion is set,
+  // preserving the original semantics.
   if (opts.tags && opts.tags.length > 0) {
+    const tagSets: string[][] = (opts as QueryOpts & { _tagsExpanded?: string[][] })._tagsExpanded
+      ?? opts.tags.map((t) => [t]);
     const match = opts.tagMatch ?? "all";
     if (match === "any") {
-      const placeholders = opts.tags.map(() => "?").join(", ");
-      joins.push(`JOIN note_tags nt_or ON nt_or.note_id = n.id AND nt_or.tag_name IN (${placeholders})`);
-      params.push(...opts.tags);
+      // Flatten all expanded sets and dedupe — a note tagged with any one
+      // matches the input.
+      const flat = Array.from(new Set(tagSets.flat()));
+      if (flat.length > 0) {
+        const placeholders = flat.map(() => "?").join(", ");
+        joins.push(`JOIN note_tags nt_or ON nt_or.note_id = n.id AND nt_or.tag_name IN (${placeholders})`);
+        params.push(...flat);
+      }
     } else {
-      for (let i = 0; i < opts.tags.length; i++) {
+      // "all": one JOIN per input tag, each accepting the input or any descendant.
+      for (let i = 0; i < tagSets.length; i++) {
+        const set = tagSets[i] ?? [];
+        if (set.length === 0) continue;
         const alias = `nt${i}`;
-        joins.push(`JOIN note_tags ${alias} ON ${alias}.note_id = n.id AND ${alias}.tag_name = ?`);
-        params.push(opts.tags[i]);
+        const placeholders = set.map(() => "?").join(", ");
+        joins.push(`JOIN note_tags ${alias} ON ${alias}.note_id = n.id AND ${alias}.tag_name IN (${placeholders})`);
+        params.push(...set);
       }
     }
   }
@@ -259,6 +462,20 @@ export function queryNotes(db: Database, opts: QueryOpts): Note[] {
     );
   }
 
+  // ID set filter — used by `near` to push neighborhood scoping into SQL so
+  // that LIMIT applies to the neighborhood, not the whole notes table.
+  if (opts.ids !== undefined) {
+    if (opts.ids.length === 0) {
+      // Caller asked for "in this empty set" — no rows match. Short-circuit
+      // with an always-false condition; building `IN ()` would be a SQL error.
+      conditions.push("0 = 1");
+    } else {
+      const placeholders = opts.ids.map(() => "?").join(", ");
+      conditions.push(`n.id IN (${placeholders})`);
+      params.push(...opts.ids);
+    }
+  }
+
   // Exact path match (case-insensitive)
   if (opts.path) {
     conditions.push("n.path = ? COLLATE NOCASE");
@@ -291,14 +508,51 @@ export function queryNotes(db: Database, opts: QueryOpts): Note[] {
     }
   }
 
-  // Date range
-  if (opts.dateFrom) {
-    conditions.push("n.created_at >= ?");
-    params.push(opts.dateFrom);
+  // Date range. Two accepted shapes:
+  //   - Legacy `dateFrom` / `dateTo` — always filters on `n.created_at`
+  //     (vault ingestion time).
+  //   - Generalized `dateFilter: { field, from, to }` — filters on the
+  //     named field. `created_at` (default) maps to `n.created_at`; any
+  //     other field must be declared `indexed: true` so the SQL targets
+  //     a real B-tree index. The two shapes are mutually exclusive — the
+  //     combination would silently AND, which would be surprising.
+  const hasLegacyDate = opts.dateFrom !== undefined || opts.dateTo !== undefined;
+  const hasDateFilter = opts.dateFilter !== undefined;
+  if (hasLegacyDate && hasDateFilter) {
+    throw new QueryError(
+      `cannot combine top-level date_from/date_to with date_filter — pass one or the other`,
+      "INVALID_QUERY",
+    );
   }
-  if (opts.dateTo) {
-    conditions.push("n.created_at < ?");
-    params.push(opts.dateTo);
+  if (hasDateFilter) {
+    const filter = opts.dateFilter!;
+    const field = filter.field ?? "created_at";
+    let column: string;
+    if (field === "created_at") {
+      column = "n.created_at";
+    } else {
+      // Re-uses the same indexed-field gate as `metadata` operator queries
+      // and `orderBy` so the error message and contract are consistent.
+      requireIndexedField(db, field);
+      column = `"meta_${field}"`;
+    }
+    if (filter.from !== undefined) {
+      conditions.push(`${column} >= ?`);
+      params.push(filter.from);
+    }
+    if (filter.to !== undefined) {
+      conditions.push(`${column} < ?`);
+      params.push(filter.to);
+    }
+  } else if (hasLegacyDate) {
+    if (opts.dateFrom) {
+      conditions.push("n.created_at >= ?");
+      params.push(opts.dateFrom);
+    }
+    if (opts.dateTo) {
+      conditions.push("n.created_at < ?");
+      params.push(opts.dateTo);
+    }
   }
 
   const direction = opts.sort === "desc" ? "DESC" : "ASC";
@@ -453,15 +707,34 @@ export function renameTag(db: Database, oldName: string, newName: string): Renam
 
   db.exec("BEGIN");
   try {
-    // Order matters: the note_tags FK points at tags(name), and tag_schemas'
-    // FK cascades on delete. Seed the new row, move the schema + note_tags
-    // onto it, then drop the old row.
-    db.prepare("INSERT INTO tags (name) VALUES (?)").run(newName);
-    db.prepare("UPDATE tag_schemas SET tag_name = ? WHERE tag_name = ?").run(newName, oldName);
-    const updated = db.prepare("UPDATE note_tags SET tag_name = ? WHERE tag_name = ?").run(newName, oldName);
+    // Order matters: note_tags' FK points at tags(name). Copy the old row's
+    // identity columns onto a new row keyed by `newName`, repoint note_tags,
+    // then drop the old row. Description/fields/relationships/parent_names
+    // travel with the rename — they're tag-identity data.
+    const old = db.prepare(
+      "SELECT description, fields, relationships, parent_names, created_at FROM tags WHERE name = ?",
+    ).get(oldName) as
+      | { description: string | null; fields: string | null; relationships: string | null; parent_names: string | null; created_at: string | null }
+      | undefined;
+    const now = new Date().toISOString();
+    db.prepare(
+      `INSERT INTO tags (name, description, fields, relationships, parent_names, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?)`,
+    ).run(
+      newName,
+      old?.description ?? null,
+      old?.fields ?? null,
+      old?.relationships ?? null,
+      old?.parent_names ?? null,
+      old?.created_at ?? now,
+      now,
+    );
+    const renamed = db.prepare(
+      "UPDATE note_tags SET tag_name = ? WHERE tag_name = ? RETURNING note_id",
+    ).all(newName, oldName) as { note_id: string }[];
     db.prepare("DELETE FROM tags WHERE name = ?").run(oldName);
     db.exec("COMMIT");
-    return { renamed: Number(updated.changes) };
+    return { renamed: renamed.length };
   } catch (err) {
     db.exec("ROLLBACK");
     throw err;
@@ -500,8 +773,9 @@ export function mergeTags(
       const before = (countStmt.get(source) as { c: number }).c;
       retagStmt.run(target, source);
       deleteNoteTagsStmt.run(source);
-      // tag_schemas has ON DELETE CASCADE from tags(name), so dropping the
-      // tag row also drops its schema — which is what we want for a merge.
+      // Dropping the tag row drops its identity (description, fields,
+      // relationships, parent_names) along with it — which is what we want
+      // for a merge: the source's identity is consumed by the target.
       deleteTagStmt.run(source);
       merged[source] = before;
     }
@@ -615,6 +889,9 @@ export function getVaultStats(
   const tagCountRow = db.prepare("SELECT COUNT(DISTINCT tag_name) as c FROM note_tags").get() as { c: number };
   const tagCount = tagCountRow.c;
 
+  const attachmentCountRow = db.prepare("SELECT COUNT(*) as c FROM attachments").get() as { c: number };
+  const attachmentCount = attachmentCountRow.c;
+
   const linkCountRow = db.prepare("SELECT COUNT(*) as c FROM links").get() as { c: number };
   const linkCount = linkCountRow.c;
 
@@ -629,6 +906,7 @@ export function getVaultStats(
     notesByMonth: monthRows,
     topTags: topTagRows,
     tagCount,
+    attachmentCount,
     linkCount,
   };
 }

package/core/src/obsidian.ts

@@ -82,8 +82,8 @@ export function parseFrontmatter(raw: string): {
     // Key: value pair — keys must be YAML-valid (word chars and hyphens, no spaces)
     const kvMatch = line.match(/^([\w][\w-]*):\s*(.*)/);
     if (kvMatch) {
-      const key = kvMatch[1];
-      const value = kvMatch[2].trim();
+      const key = kvMatch[1]!;
+      const value = kvMatch[2]!.trim();
 
       if (value === "[]") {
         frontmatter[key] = [];
@@ -143,7 +143,7 @@ export function extractInlineTags(content: string): string[] {
   const regex = /(?:^|\s)#([\w][\w/-]*[\w]|[\w])/gm;
   let match: RegExpExecArray | null;
   while ((match = regex.exec(stripped)) !== null) {
-    tags.add(match[1].toLowerCase());
+    tags.add(match[1]!.toLowerCase());
   }
   return [...tags];
 }

package/core/src/paths.ts

@@ -39,7 +39,7 @@ export function normalizePath(path: string | null | undefined): string | null {
  */
 export function pathTitle(path: string): string {
   const segments = path.split("/");
-  return segments[segments.length - 1];
+  return segments[segments.length - 1]!;
 }
 
 /**

package/core/src/query-operators.ts

@@ -15,7 +15,7 @@
  * See `Parachute/Decisions/2026-04-19-metadata-indexing-via-tag-schemas`.
  */
 
-import { Database } from "bun:sqlite";
+import { Database, type SQLQueryBindings } from "bun:sqlite";
 import { getIndexedField, type IndexedField } from "./indexed-fields.js";
 
 export const SUPPORTED_OPS = [
@@ -68,6 +68,22 @@ function validateOperatorObject(field: string, obj: Record<string, unknown>): vo
   }
 }
 
+function toBinding(field: string, op: string, value: unknown): SQLQueryBindings {
+  if (
+    value === null ||
+    typeof value === "string" ||
+    typeof value === "number" ||
+    typeof value === "boolean" ||
+    typeof value === "bigint"
+  ) {
+    return value;
+  }
+  throw new QueryError(
+    `operator "${op}" on metadata field "${field}" expects a primitive value (string, number, boolean, bigint, or null), got ${typeof value}`,
+    "INVALID_OPERATOR_VALUE",
+  );
+}
+
 /**
  * Look up `field` in `indexed_fields` or throw a loud error suggesting the
  * caller declare it via `update-tag` with `indexed: true`.
@@ -91,14 +107,14 @@ export function requireIndexedField(db: Database, field: string): IndexedField {
 export function buildOperatorClause(
   field: string,
   opObj: Record<string, unknown>,
-): { sql: string; params: unknown[] } {
+): { sql: string; params: SQLQueryBindings[] } {
   validateOperatorObject(field, opObj);
   // `field` came from indexed_fields (which validated it via FIELD_NAME_RE
   // when the declaration was recorded), so interpolating it into the column
   // name is safe.
   const col = `"meta_${field}"`;
   const parts: string[] = [];
-  const params: unknown[] = [];
+  const params: SQLQueryBindings[] = [];
 
   for (const [op, value] of Object.entries(opObj)) {
     switch (op as QueryOp) {
@@ -107,7 +123,7 @@ export function buildOperatorClause(
           parts.push(`${col} IS NULL`);
         } else {
           parts.push(`${col} = ?`);
-          params.push(value);
+          params.push(toBinding(field, op, value));
         }
         break;
       case "ne":
@@ -119,7 +135,7 @@ export function buildOperatorClause(
           // that has no value for the field would be silently excluded. Be
           // explicit: either the column is null, or the values differ.
           parts.push(`(${col} IS NULL OR ${col} <> ?)`);
-          params.push(value);
+          params.push(toBinding(field, op, value));
         }
         break;
       case "gt":
@@ -128,7 +144,7 @@ export function buildOperatorClause(
       case "lte": {
         const sym = op === "gt" ? ">" : op === "gte" ? ">=" : op === "lt" ? "<" : "<=";
         parts.push(`${col} ${sym} ?`);
-        params.push(value);
+        params.push(toBinding(field, op, value));
         break;
       }
       case "in":
@@ -152,7 +168,7 @@ export function buildOperatorClause(
         } else {
           parts.push(`(${col} IS NULL OR ${col} NOT IN (${placeholders}))`);
         }
-        for (const v of value) params.push(v);
+        for (const v of value) params.push(toBinding(field, op, v));
         break;
       }
       case "exists":