Add "move" operation via MOVE HTTP verb (#191)

* feat: implement file move operation

- Add move operation to PATCH endpoint for files
- Use Operation: move, Target-Type: file, Target: path
- Automatically creates parent directories if needed
- Preserves all internal links using FileManager.renameFile()
- Validates paths and prevents overwrites
- Add tests for edge cases

* refactor: simplify PATCH endpoint validation logic

- Add new error codes for clearer validation messages
- Use consistent returnCannedResponse pattern throughout
- Reorder validation checks for better flow
- Separate file operations from applyPatch operations early
- Maintain upstream coding style and patterns

* feat: add path validation security and consistent error handling to file move

- Add path traversal protection to prevent access outside vault
- Use returnCannedResponse consistently throughout handleMoveOperation
- Add proper error codes to ErrorCode enum and ERROR_CODE_MESSAGES
- Validate paths early to prevent directory path destinations
- Check parent directory existence before creating
- Add comprehensive security tests for path traversal attempts
- Normalize paths to handle backslashes and multiple slashes

* docs: Add OpenAPI documentation for file move operation

- Add move operation to PATCH endpoint enum
- Update Target parameter description for move operations
- Include example for file move functionality
- Documents Operation: move, Target-Type: file usage

* Implement a custom MOVE HTTP method

* Place MOVE under additionalOperations in OpenAPI spec

Stoplight Elements (forked build) expects non-standard HTTP methods
to be nested under an `additionalOperations` key on the path item
rather than as direct siblings of `get`/`post`/etc.  Without this,
the MOVE operation is ignored by the doc renderer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Refine MOVE endpoint headers and destination handling

- Rename Overwrite: T/F to Allow-Overwrite: true/false to match the
  boolean header convention used elsewhere in this API (e.g.
  Create-Target-If-Missing, Reject-If-Content-Preexists). Defaults to
  false, which preserves the safe no-overwrite behaviour.

- Treat a trailing slash in the Destination header as a directory
  target: the source filename is appended automatically, so
  "Destination: archive/" moves "notes/todo.md" to "archive/todo.md".
  This mirrors the behaviour of Unix mv and removes an otherwise
  confusing 400 error.

- Move path normalisation (backslash conversion, slash collapsing)
  before the traversal check so that a Windows-style path cannot
  bypass the leading-slash guard.

- Fix a bug in the .all() route registration where this.handle(...)
  returned a middleware function that was never called; requests were
  silently dropped, causing all MOVE tests to time out.

- Remove the now-unreachable InvalidDestinationPath error code and fix
  the numeric ordering of the remaining new error codes in types.ts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Refactor MOVE into VaultOperations and add vault_move MCP tool

Moves the core file-rename logic out of RequestHandler._vaultMove and into a
new VaultOperations.moveVaultFile method, following the same pattern used for
all other vault operations (read, write, append, delete, patch). The HTTP
handler now owns only the HTTP-specific concerns: header parsing, path
normalisation, and mapping typed errors to status codes.

Adds a vault_move MCP tool that exposes the same operation to MCP clients,
including path-traversal validation and trailing-slash destination handling
(preserves source filename when destination ends with '/').

Introduces DestinationAlreadyExistsError alongside the existing
FileNotFoundError so callers can distinguish the two failure modes without
inspecting error messages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Change MOVE endpoint response from 201 to 204

The 201 + JSON body (message, oldPath, newPath) was borrowed from WebDAV
semantics, but those fields carry no new information — the caller already
knows both paths. 204 No Content matches the pattern used by every other
mutating endpoint in this API (PUT, DELETE, PATCH on non-patch operations).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add Content-Location header to MOVE 204 response

Sets Content-Location to the vault-relative path of the file at its new
location (e.g. "archive/file.md"), matching the convention already used
by the active and periodic routes.

Also corrects two test assertions whose expected error codes didn't match
the current ErrorCode enum.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Document and test Content-Location on active file routes

The Content-Location header was already being set on all /active/ responses
(via redirectToVaultPath and direct res.set calls), but had no unit test
coverage, no OpenAPI documentation, and a loose integration test assertion.

Adds unit tests for all five verbs (GET, PUT, POST, PATCH, DELETE), adds
Content-Location header documentation to the OpenAPI spec for each
corresponding success response, and tightens the integration test assertion
to check the exact vault-relative path rather than just truthiness.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Document and test Content-Location on periodic note routes

Mirrors the active-file commit: Content-Location was already being set on
all /periodic/ responses but had no unit test coverage, no OpenAPI
documentation, and a loose integration test assertion.

Adds unit tests for all five verbs on the current-period route, adds
Content-Location header documentation to the OpenAPI spec for both the
current-period and date-specific variants of each operation, and tightens
the integration test to verify the header value matches a Markdown file path.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add integration tests for MOVE endpoint and vault_move MCP tool

Covers the happy path (file moves, source gone, dest has original
content), trailing-slash destination resolution, missing/invalid
input errors (404, 400, 409), and Allow-Overwrite / allowOverwrite
overwrite semantics for both the REST and MCP surfaces.

Running the tests revealed that Allow-Overwrite: true was silently
producing a 500 because renameFile cannot overwrite an existing file.
Fixed moveVaultFile to delete the destination via adapter.remove
before renaming when allowOverwrite is true, consistent with the
pattern already used in deleteVaultFile.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Document vault_move in MCP endpoint description

The vault_move tool was missing from the Available Tools table in the
/mcp/ endpoint documentation. Added the entry and regenerated
docs/openapi.yaml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Document vault_move in README MCP tools table

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Return 400 on malformed percent-encoding in Destination header

decodeURIComponent throws a URIError on invalid sequences like '%E0%'.
Without a try/catch this bubbled into the generic error handler and
produced a 500. Wrap the decode step and return a new
InvalidDestinationHeader (40022) error code instead.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Treat empty Destination header as vault-root target in MOVE

A Destination header consisting entirely of whitespace was previously
rejected with MissingDestinationHeader (400) because Node.js HTTP
strips OWS from field values before Express sees them, leaving an
empty string that the original !rawDestination guard caught.

Change the guard to rawDestination === undefined so that an explicitly
sent (but empty) Destination header is allowed through. After
normalization the empty string maps to the vault root, and the existing
!normalized branch in the newPath calculation appends the source
filename, moving the file to the root of the vault with its name
preserved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Return immediately from the MOVE branch in the vault .all() handler

Without the return, control falls through after handle() completes,
making the control flow harder to reason about and creating a risk
that a future edit adds code after the if/else that would execute
even for handled MOVE requests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Guard against data loss when source and destination paths are equal in moveVaultFile

When allowOverwrite was true and destination equaled source, the
overwrite branch deleted the destination (which is the same file as
the source) before calling renameFile on the now-deleted handle,
silently destroying the file.

Add an early return when sourcePath === destinationPath, treating
a same-path move as a no-op. An integration test covers the
allowOverwrite variant that previously caused the deletion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Declare OpenAPI document version as 3.2.0

The additionalOperations field used to document the MOVE verb is a
standard OpenAPI 3.2 Path Item field. The document was previously
declared as 3.0.2, making that field a spec violation. No schema
content changes are needed: none of the 3.0→3.1 breaking constructs
(nullable, boolean exclusiveMaximum/Minimum, format:binary/base64)
appear in this document.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Add missing ERROR_CODE_MESSAGES entry for InvalidDestinationHeader

ErrorCode.InvalidDestinationHeader (40022) was defined in types.ts but
had no corresponding entry in the ERROR_CODE_MESSAGES Record, causing
TypeScript to emit a compile error and MOVE error responses for malformed
Destination headers to include an undefined message string.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Trim destination in vault_move before normalization

The HTTP MOVE handler trims the raw Destination header value before
normalization; the MCP vault_move tool was missing the equivalent step.
A whitespace-only destination would pass the traversal check and reach
moveVaultFile as a blank path, causing a runtime failure. Adding trim()
aligns MCP behavior with the HTTP handler.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Replace substring-based traversal check with resolve-and-contain

The previous check (normalized.includes("..") || normalized.startsWith("/"))
was too broad: it rejected legitimate filenames containing ".." as a
substring (e.g. "notes..md") and was redundant for the leading-slash case
once normalization was in place.

The new check uses posix.resolve against a synthetic vault root and
asserts the resolved path starts with that root. This correctly handles
all traversal attempts (including multi-segment ".." sequences and
absolute paths) while allowing filenames that merely happen to contain
".." as a substring.

Applied consistently in both the HTTP MOVE handler and the MCP vault_move
tool. Tests added for both the rejection and the newly-allowed case.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Reject Destination paths starting with '/' before traversal check

posix.resolve treats its second argument as absolute when it starts with
'/', ignoring the synthetic root entirely. A destination like
/vault/notes/file.md resolves to itself, passes the startsWith check,
and reaches Obsidian's API with an absolute-looking path it does not
understand. Adding an explicit leading-slash guard before the
posix.resolve step ensures any absolute path — including those that
happen to share the synthetic-root prefix — is rejected with
PathTraversalNotAllowed (HTTP) or the equivalent MCP error.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Document percent-encoding requirement for Destination header

The Destination header is decoded server-side with decodeURIComponent,
matching how the Target header works on PATCH endpoints. HTTP/1.1
headers are Latin-1 by default, so raw UTF-8 bytes in header values
will be misinterpreted; clients must percent-encode non-ASCII characters
(e.g. r%C3%A9sum%C3%A9.md for résumé.md). Adds the same guidance
already present in the Target header docs to the Destination header
description, and notes that Content-Location values for non-ASCII paths
will likewise be percent-encoded.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix missing trailing slash in periodic note integration test URLs

The /periodic/:period/ routes require a trailing slash. All test calls
used /periodic/daily without one, producing a 404 from Express before
the handler was ever reached. This was a pre-existing bug on main.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Return actual post-rename path from moveVaultFile; document Content-Location encoding

moveVaultFile now returns the path Obsidian reports after renameFile
completes (sourceFile.path), matching the pattern every other endpoint
uses — reading the canonical path from the TFile object rather than
echoing back the client-provided string. Both the REST Content-Location
header and the MCP newPath response field now reflect this value.

Also adds a percent-encoding note to the shared ContentLocationHeader
description in the OpenAPI spec, so all endpoints consistently document
that non-ASCII names appear percent-encoded in that header.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Guard moveVaultFile against empty destination path

Adds an early check that rejects empty-string destinations before any
vault adapter calls are made. This prevents adapter operations on an
invalid path when a caller bypasses the normalization logic that would
normally resolve an empty destination to a vault-root move.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Align MCP vault_move empty-destination handling with REST behavior

When the caller passes an empty or whitespace-only destination, the REST
MOVE handler resolves it to the vault root by appending the source
filename (matching the trailing-slash convention). The MCP handler was
missing the !normalized guard, so it forwarded an empty string to
moveVaultFile instead. This commit adds the same guard and covers the
case with two new tests.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Correct MOVE destination docs: escape check, not dot-dot check

The documentation in move.jsonnet and the vault_move MCP tool
description both said the destination "must not contain '..'" — but the
actual validation resolves the path against a synthetic vault root and
rejects only paths that escape it. That means a/../b.md is accepted
(resolves within the vault) while ../../etc/passwd is rejected.

Update both the Destination header description and the 400 response
description in move.jsonnet to reflect the real rule, and regenerate
docs/openapi.yaml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Use realistic mock return value in vault_move dot-dot substring test

The test was mocking moveVaultFile to resolve undefined, which is not a
valid return type and masked any assertion on the returned newPath.
Mock it with the real destination string and assert on newPath so the
test exercises the full round-trip.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Guillaume Duquesnay <guillaume.duquesnay@gmail.com>
Co-authored-by: Adam Coddington <me@adamcoddington.net>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: 4 people

README.md

@@ -264,6 +264,7 @@ The exact config syntax varies by client; see the [Quick start](#mcp-clients) ex
 | `vault_append` | Append content to the end of a vault file |
 | `vault_patch` | Patch a specific heading, block reference, or frontmatter field |
 | `vault_delete` | Delete a vault file |
+| `vault_move` | Move (rename) a vault file to a new path |
 | `vault_get_document_map` | List the headings, block references, and frontmatter fields in a file |
 | `active_file_get_path` | Return the vault path of the file currently open in Obsidian |
 | `periodic_note_get_path` | Return the vault path of the current periodic note (`daily`, `weekly`, `monthly`, `quarterly`, `yearly`) |

docs/openapi.yaml

@@ -79,7 +79,7 @@ info:
     **Certificate warning** — the plugin generates a self-signed TLS certificate on first run. Most browsers will block requests to an untrusted certificate, so you may need to add it as a trusted certificate in your OS or browser settings before requests will go through. The steps vary by environment — search for "trust self-signed certificate" plus your OS or browser name if you're unsure. If that proves too cumbersome, you can enable the insecure HTTP server in your plugin settings instead and select "HTTP (insecure mode)" from the **Try It** section.
   title: "Local REST API for Obsidian"
   version: "1.0"
-openapi: "3.0.2"
+openapi: "3.2.0"
 paths:
   /:
     get:
@@ -123,6 +123,12 @@ paths:
       responses:
         "204":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           content:
             application/json:
@@ -256,6 +262,12 @@ paths:
                   something else here
                 type: "string"
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           description: "File or target section does not exist"
       summary: |
@@ -546,6 +558,12 @@ paths:
       responses:
         "200":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -683,8 +701,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section updated. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; content appended to end of file."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -805,8 +835,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section replaced. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; entire file replaced."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -940,6 +982,7 @@ paths:
         | `vault_append` | Append content to the end of a vault file |
         | `vault_patch` | Patch a specific heading, block reference, or frontmatter field |
         | `vault_delete` | Delete a vault file |
+        | `vault_move` | Move (rename) a vault file to a new path |
         | `vault_get_document_map` | List the headings, block references, and frontmatter fields in a file |
         | `active_file_get_path` | Return the vault path of the file currently open in Obsidian |
         | `periodic_note_get_path` | Return the vault path of the current periodic note (daily, weekly, monthly, quarterly, yearly) |
@@ -1139,6 +1182,12 @@ paths:
       responses:
         "204":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           content:
             application/json:
@@ -1285,6 +1334,12 @@ paths:
                   something else here
                 type: "string"
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           description: "File or target section does not exist"
       summary: |
@@ -1588,6 +1643,12 @@ paths:
       responses:
         "200":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -1738,8 +1799,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section updated. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; content appended to end of file."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -1873,8 +1946,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section replaced. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; entire file replaced."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -1932,6 +2017,12 @@ paths:
       responses:
         "204":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           content:
             application/json:
@@ -2096,6 +2187,12 @@ paths:
                   something else here
                 type: "string"
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "404":
           description: "File or target section does not exist"
       summary: |
@@ -2417,6 +2514,12 @@ paths:
       responses:
         "200":
           description: "Success"
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -2585,8 +2688,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section updated. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; content appended to end of file."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -2738,8 +2853,20 @@ paths:
               schema:
                 type: "string"
           description: "Success; targeted section replaced. The full updated file content is returned."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "204":
           description: "Success; entire file replaced."
+          headers:
+            Content-Location:
+              description: "Vault-relative path of the file that was acted on, e.g. `notes/file.md`. Non-ASCII characters are percent-encoded."
+              schema:
+                example: "notes/file.md"
+                type: "string"
         "400":
           content:
             application/json:
@@ -2986,6 +3113,75 @@ paths:
       tags:
         - "Vault Directories"
   "/vault/{filename}":
+    additionalOperations:
+      move:
+        description: |
+          Moves a file from its current location to a new location specified in the Destination header. This operation preserves file history and updates internal links.
+        parameters:
+          - description: |
+              The new path for the file, relative to your vault root. The path must not escape the vault root (relative segments like `..` are permitted as long as the resolved path remains inside the vault). Absolute paths (starting with `/`) are rejected. If the path ends with a trailing slash, the source filename is preserved and the file is placed in that directory (e.g. "archive/" moves "notes/todo.md" to "archive/todo.md"). If the path contains non-ASCII characters (e.g. accented letters), percent-encode the value (e.g. `r%C3%A9sum%C3%A9.md` for `résumé.md`).
+            in: "header"
+            name: "Destination"
+            required: true
+            schema:
+              format: "path"
+              type: "string"
+          - description: |
+              If "true", the move proceeds even when a file already exists at the destination. Defaults to "false", which returns a 409 if the destination exists.
+            in: "header"
+            name: "Allow-Overwrite"
+            required: false
+            schema:
+              default: "false"
+              enum:
+                - "true"
+                - "false"
+              type: "string"
+          - description: "Path to the relevant file (relative to your vault root).\n Optionally, you may include a reference to target a sub-part of the document; see \"Targeting a Sub-part of your Document\" for details."
+            in: "path"
+            name: "filename"
+            required: true
+            schema:
+              format: "path"
+              type: "string"
+        responses:
+          "204":
+            description: "File successfully moved."
+            headers:
+              Content-Location:
+                description: "The vault-relative path of the file at its new location (e.g. `archive/file.md`). Non-ASCII characters are percent-encoded."
+                schema:
+                  type: "string"
+          "400":
+            content:
+              application/json:
+                schema:
+                  "$ref": "#/components/schemas/Error"
+            description: |
+              Bad request - Missing Destination header, malformed percent-encoding, or path escapes the vault root (e.g. starts with "/").
+          "404":
+            content:
+              application/json:
+                schema:
+                  "$ref": "#/components/schemas/Error"
+            description: "Source file does not exist."
+          "405":
+            content:
+              application/json:
+                schema:
+                  "$ref": "#/components/schemas/Error"
+            description: |
+              Your path references a directory instead of a file; this request method is valid only for files.
+          "409":
+            content:
+              application/json:
+                schema:
+                  "$ref": "#/components/schemas/Error"
+            description: "Destination file already exists."
+        summary: |
+          Move a file to a new location in your vault.
+        tags:
+          - "Vault Files"
     delete:
       parameters:
         - description: "Path to the relevant file (relative to your vault root).\n Optionally, you may include a reference to target a sub-part of the document; see \"Targeting a Sub-part of your Document\" for details."

docs/src/lib/descriptions/mcp.md

@@ -14,6 +14,7 @@ Include the `MCP-Protocol-Version` header on all requests after initialization,
 | `vault_append` | Append content to the end of a vault file |
 | `vault_patch` | Patch a specific heading, block reference, or frontmatter field |
 | `vault_delete` | Delete a vault file |
+| `vault_move` | Move (rename) a vault file to a new path |
 | `vault_get_document_map` | List the headings, block references, and frontmatter fields in a file |
 | `active_file_get_path` | Return the vault path of the file currently open in Obsidian |
 | `periodic_note_get_path` | Return the vault path of the current periodic note (daily, weekly, monthly, quarterly, yearly) |