Thanks, that's a good reframe. the core changes i see:
-
RevisionService.collectRevisions (L151) needs encrypted-note handling. cipher changes completely between saves, so diff-based revisions store the full content every time. standalone revisions (no parent_id, skipping the merge path at L105-109) could fix this. there's also a cross-device edge case where unsynced plaintext revisions could upload after encryption is enabled on another device, a flag on the revisions table could handle this
-
SearchEngine.ts has two indexing queries (L140, L238) that include all non-E2EE notes. adding an is_locally_encrypted filter to both would exclude encrypted notes from FTS
-
for editing, a plugin has to build its own editor panel since it can't gate Note.load across all paths. option-gated Note.load lets the existing editor work transparently
-
Note.save's beforeChangeItemJson (L849) captures full cipher diffs on every save. needs suppression for encrypted notes
-
decrypted temp files need cleanup on app quit, but there's no plugin onExit hook
search filter and an onExit hook could be plugin APIs, but revision handling, Note.load gating, and item_changes suppression are internal to core services. i'll update section 3.7 to frame these as core changes needed.