Since launch

Three weeks in. Here's what's landed, what's next, and what's still on the bench.

Parachute went public on April 23. Since then, the load-bearing primitive a partner team was waiting for shipped, Notes grew up enough to handle multiple vaults, and cross-origin OAuth stopped being a yak to shave. Below is the work, named honestly.

Vault

Portable export — the load-bearing one

Lossless markdown export — vault as substrate, anything else as projection vault#308

parachute-vault export <dir> writes your whole vault out as one-file-per-note markdown with YAML frontmatter. parachute-vault import <dir> --blow-away replays it back to byte-equivalent state. IDs survive, typed links survive, tag schemas survive, attachments survive, multi-line metadata survives.

What that unlocks: a git repo of the export is a deterministic projection of the vault — auditable, browseable, time-travelable. Edit the same vault in Obsidian or Logseq, then re-import, and the IDs and typed links come home unbroken. Disaster recovery is "untar somewhere and run import --blow-away --yes." A partner team can build a custom dashboard against the export format without ever having to negotiate vault-internal access.

The whole thing is documented in the cookbook — format spec, round-trip guarantees, a nightly git-projection recipe, the edge cases. That cookbook is the contract.

Upsert-by-id on update-note. if_missing: "create" lets sync loops collapse query-then-create into one call. Saves a partner's nightly drift detector 500-ish round trips. vault#309
JSON int coercion in schema validation. Integer-typed fields stopped warning on legitimate JSON-decoded values. vault#310
REST/MCP symmetry on links and schema. Both surfaces now apply links.add on the create branch, and both surface schema-conflict warnings the same way. The "use whichever surface fits" promise is finally true at the byte level. vault#321, vault#287

Notes

Grew up

Multi-vault PWA — one install, every vault notes#115

The header now carries a vault popover. "Connected" lists every vault Notes has OAuthed into; "Available from your hub" lists vaults published at your hub's well-known doc that you haven't connected yet, each with an inline Connect button. One Notes install, every vault on your hub, no profile-switching tax.

If you self-host a hub with four vaults, you no longer see the same vault's URL collide with the other three. That sounds like plumbing — it was, in fact, the thing standing between Notes-as-PWA and Notes-as-daily-driver for anyone with more than one vault.

Hierarchical capture tags. Quick captures land under capture/text and capture/voice with a real schema, not a flat string. Future capture/photo / capture/web-clip slot in without renames. notes#126
Capture autosave that doesn't eat your text. The 5-second autosave is now a background draft, not a finalize-and-clear — the bug where typing "hello world" and waiting wiped your textarea is gone. notes#134
Schema-audit UI in Settings. See what tag schemas Notes expects vs what your vault has, with a one-click "Set up missing tags." A banner surfaces at connect-time if the active vault is misaligned. notes#129
Global text-size zoom. Settings → Default / Larger / Largest scales the whole app (not just the reader) and the keyboard shortcuts work the way you'd expect (Cmd-=, Cmd--, Cmd-0). notes#127, notes#137
Graceful vault-unreachable UX. Restart your Mac, forget to start your vault, open Notes — you get a "Vault down" banner with a Retry button and exponential backoff probing, not a blank screen and a 502 in the console. notes#113

Hub

Crossed origins, found roots

Cross-origin approve flow — localhost ↔ tailnet ↔ cloudflare all work hub#245

The "Cross-origin request rejected" failure when approving an OAuth client from a different layer (operator on localhost approving for a tailnet-exposed hub, or vice versa) is gone. The hub now considers itself bound to its configured issuer, its loopback aliases, and any current expose origin — matching the actual ways a real operator reaches it.

Per-vault hint on the approve page. When Notes asks to OAuth into vault:gitcoin on a four-vault hub, the operator sees which vault they're approving. No more guessing. hub#244
Per-vault keys in the OAuth services catalog. A token narrowed to one vault now carries services["vault:<name>"].url, so Notes' four-vault popover stops collapsing every entry onto the same URL. hub#247
Trailing-slash fix on services-proxy routing. Mount entries written with paths: ["/notes/"] match sub-paths properly — the silent blank-screen-when-the-SPA-shell-loads-but-no-assets-do bug is closed. hub#197
Install-source visibility in parachute status. Each row now says whether the running service is bun-linked (with the git short-SHA) or installed from npm (with the version), and flags stale services.json cached versions. No more spending half an hour wondering whether the bundle is fresh. hub#243

Patterns

Working out loud

Cookbook section, seeded. Vault portable export is the first entry — format, recipes, gotchas, worked example. More to follow.
Building a surface on top of Parachute Vault. A new guide for anyone wanting to build a UI, a dashboard, or a domain-specific tool against the vault API. patterns#58
Governance Rule 4 — bundle by session. One PR per coherent unit of work, multiple commits inside. The site refresh you're reading is itself the canonical example.

Still on the bench

Named so the roadmap doesn't drift from reality:

Multi-user UX polish. Multi-user hosting shipped (2026-05-27): one admin, N users, each with their own vault(s), plus admin-initiated password reset. Still on the bench: self-service signup, invite links, and role granularity below admin/user — waiting for the right pull.
Notes header layout. The popover landed; the header chrome around it could still be tighter. Cleanup pass queued, not blocked on anything.
A dashboard SDK. The "build a custom dashboard against the export format" pattern wants a small typed helper library. Today it's a recipe; tomorrow it's a package. Shape's clear; nothing's written yet.
Web-AI connectors — claude.ai, ChatGPT, Gemini. The plumbing works (parachute expose is live) but we haven't put any of them in front of broad users yet. Polishing the on-ramp before announcing.

Try the new stuff

If you already have a vault running, parachute upgrade vault picks up portable export and the schema improvements. If you don't yet:

bun add -g @openparachute/hub && parachute install vault

Then read the export cookbook for a full tour of what the substrate now does.

Full install → Blog → Roadmap →