diff --git a/infrastructure/evault-core/src/core/db/db.service.ts b/infrastructure/evault-core/src/core/db/db.service.ts
index 88285921a..28536dfce 100644
--- a/infrastructure/evault-core/src/core/db/db.service.ts
+++ b/infrastructure/evault-core/src/core/db/db.service.ts
@@ -565,6 +565,36 @@ export class DbService {
                 { id, ontology: meta.ontology, acl, eName },
             );
 
+            // Deduplicate envelopes — if multiple Envelope nodes share the
+            // same ontology (field name), keep the first and delete the rest.
+            // This prevents non-deterministic reads where collect(e) returns
+            // duplicates in undefined order and reduce picks the wrong one.
+            const seen = new Map<string, string>(); // ontology → kept envelope id
+            const dupsToDelete: string[] = [];
+            for (const env of existing.envelopes) {
+                if (seen.has(env.ontology)) {
+                    dupsToDelete.push(env.id);
+                } else {
+                    seen.set(env.ontology, env.id);
+                }
+            }
+            if (dupsToDelete.length > 0) {
+                console.warn(
+                    `[eVault] Cleaning ${dupsToDelete.length} duplicate envelope(s) for MetaEnvelope ${id}`,
+                );
+                for (const dupId of dupsToDelete) {
+                    await this.runQueryInternal(
+                        `MATCH (e:Envelope { id: $envelopeId }) DETACH DELETE e`,
+                        { envelopeId: dupId },
+                    );
+                }
+                // Remove deleted dupes from the existing list so the update
+                // loop below doesn't try to reference them.
+                existing.envelopes = existing.envelopes.filter(
+                    (e) => !dupsToDelete.includes(e.id),
+                );
+            }
+
             const createdEnvelopes: Envelope<T[keyof T]>[] = [];
             let counter = 0;
 
@@ -601,21 +631,18 @@ export class DbService {
                             valueType,
                         });
                     } else {
-                        // Create new envelope
+                        // Create new envelope — use MERGE on the relationship
+                        // + ontology to prevent duplicate Envelopes if two
+                        // concurrent updates race.
                         const envW3id = await new W3IDBuilder().build();
                         const envelopeId = envW3id.id;
 
                         await this.runQueryInternal(
                             `
                             MATCH (m:MetaEnvelope { id: $metaId, eName: $eName })
-                            CREATE (${alias}:Envelope {
-                                id: $${alias}_id,
-                                ontology: $${alias}_ontology,
-                                value: $${alias}_value,
-                                valueType: $${alias}_type
-                            })
-                            WITH m, ${alias}
-                            MERGE (m)-[:LINKS_TO]->(${alias})
+                            MERGE (m)-[:LINKS_TO]->(${alias}:Envelope { ontology: $${alias}_ontology })
+                            ON CREATE SET ${alias}.id = $${alias}_id, ${alias}.value = $${alias}_value, ${alias}.valueType = $${alias}_type
+                            ON MATCH SET ${alias}.value = $${alias}_value, ${alias}.valueType = $${alias}_type
                             `,
                             {
                                 metaId: id,
diff --git a/infrastructure/evault-core/src/core/protocol/graphql-server.ts b/infrastructure/evault-core/src/core/protocol/graphql-server.ts
index 32c31b9c2..0ecfe4827 100644
--- a/infrastructure/evault-core/src/core/protocol/graphql-server.ts
+++ b/infrastructure/evault-core/src/core/protocol/graphql-server.ts
@@ -374,12 +374,19 @@ export class GraphQLServer {
                                 context.eName,
                             );
 
-                            // Build the full metaEnvelope response
+                            // Build parsed from actual written envelopes, not input
+                            const parsedFromEnvelopes = result.envelopes.reduce(
+                                (acc: Record<string, any>, env: any) => {
+                                    acc[env.ontology] = env.value;
+                                    return acc;
+                                },
+                                {},
+                            );
                             const metaEnvelope = {
                                 id: result.metaEnvelope.id,
                                 ontology: result.metaEnvelope.ontology,
                                 envelopes: result.envelopes,
-                                parsed: input.payload,
+                                parsed: parsedFromEnvelopes,
                             };
 
                             // Deliver webhooks for create operation
@@ -508,12 +515,19 @@ export class GraphQLServer {
                                 context.eName,
                             );
 
-                            // Build the full metaEnvelope response
+                            // Build parsed from actual written envelopes, not input
+                            const parsedFromEnvelopes = result.envelopes.reduce(
+                                (acc: Record<string, any>, env: any) => {
+                                    acc[env.ontology] = env.value;
+                                    return acc;
+                                },
+                                {},
+                            );
                             const metaEnvelope = {
                                 id: result.metaEnvelope.id,
                                 ontology: result.metaEnvelope.ontology,
                                 envelopes: result.envelopes,
-                                parsed: input.payload,
+                                parsed: parsedFromEnvelopes,
                             };
 
                             // Deliver webhooks for update operation
diff --git a/platforms/profile-editor/api/src/controllers/DiscoveryController.ts b/platforms/profile-editor/api/src/controllers/DiscoveryController.ts
index 0940685c2..e6fe5bc04 100644
--- a/platforms/profile-editor/api/src/controllers/DiscoveryController.ts
+++ b/platforms/profile-editor/api/src/controllers/DiscoveryController.ts
@@ -12,26 +12,25 @@ export class DiscoveryController {
 		try {
 			const { q, page, limit, sortBy } = req.query;
 
-			if (!q) {
-				res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
-				res.setHeader("Pragma", "no-cache");
-				return res
-					.status(400)
-					.json({ error: 'Query parameter "q" is required' });
-			}
-
 			const pageNum = Math.max(1, parseInt(page as string) || 1);
 			const limitNum = Math.min(
 				100,
-				Math.max(1, parseInt(limit as string) || 10),
+				Math.max(1, parseInt(limit as string) || 12),
 			);
 
-			const results = await this.userSearchService.searchUsers(
-				q as string,
-				pageNum,
-				limitNum,
-				(sortBy as string) || "relevance",
-			);
+			const query = ((q as string) ?? "").trim();
+
+			const results = query
+				? await this.userSearchService.searchUsers(
+						query,
+						pageNum,
+						limitNum,
+						(sortBy as string) || "relevance",
+					)
+				: await this.userSearchService.listPublicUsers(
+						pageNum,
+						limitNum,
+					);
 
 			res.setHeader(
 				"Cache-Control",
diff --git a/platforms/profile-editor/api/src/controllers/ProfileController.ts b/platforms/profile-editor/api/src/controllers/ProfileController.ts
index 6b30599e2..2597a4c9f 100644
--- a/platforms/profile-editor/api/src/controllers/ProfileController.ts
+++ b/platforms/profile-editor/api/src/controllers/ProfileController.ts
@@ -1,7 +1,9 @@
 import { Request, Response } from "express";
 import { EVaultProfileService } from "../services/EVaultProfileService";
+import type { EVaultSyncService } from "../services/EVaultSyncService";
 import type {
 	ProfileUpdatePayload,
+	ProfessionalProfile,
 	WorkExperience,
 	Education,
 	SocialLink,
@@ -9,19 +11,61 @@ import type {
 
 export class ProfileController {
 	private evaultService: EVaultProfileService;
+	private syncService?: EVaultSyncService;
 
 	constructor(evaultService: EVaultProfileService) {
 		this.evaultService = evaultService;
 	}
 
+	setSyncService(syncService: EVaultSyncService) {
+		this.syncService = syncService;
+	}
+
+	/** TEMPORARY: allow `?as=ename` query param to impersonate another user for testing. */
+	private resolveEname(req: Request): string | undefined {
+		const override = req.query.as as string | undefined;
+		if (override) {
+			console.warn(`[profile] ADMIN OVERRIDE: acting as ${override} (real user: ${req.user?.ename})`);
+			return override;
+		}
+		return req.user?.ename;
+	}
+
+	/**
+	 * Non-blocking update: reads from eVault, merges, returns the merged
+	 * profile immediately, fires the eVault write in the background.
+	 */
+	private async optimisticUpdate(
+		ename: string,
+		data: Partial<ProfessionalProfile>,
+		res: Response,
+	) {
+		console.log(`[controller] optimisticUpdate ${ename}: keys=[${Object.keys(data).join(",")}] avatarFileId=${(data as any).avatarFileId ?? "N/A"} bannerFileId=${(data as any).bannerFileId ?? "N/A"}`);
+		const { profile, persisted } = await this.evaultService.prepareUpdate(ename, data);
+		console.log(`[controller] optimisticUpdate ${ename}: returning avatarFileId=${profile.professional.avatarFileId ?? "NONE"} bannerFileId=${profile.professional.bannerFileId ?? "NONE"}`);
+		// Fire eVault write in background — don't block the response
+		persisted
+			.then(() => {
+				console.log(`[controller] bg write ${ename}: SUCCESS`);
+			})
+			.catch((err) => {
+				console.error(`[controller] bg write ${ename}: FAILED:`, err.message);
+			});
+		this.syncService?.syncUserToSearchDb(profile);
+		res.json(profile);
+	}
+
 	getProfile = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
 
-			const profile = await this.evaultService.getProfile(ename);
+			const isOwnProfile = !req.query.as && req.user?.ename === ename;
+			const profile = isOwnProfile
+				? await this.evaultService.getProfile(ename)
+				: await this.evaultService.getFreshProfile(ename);
 			res.json(profile);
 		} catch (error: any) {
 			console.error("Error fetching profile:", error.message);
@@ -31,26 +75,24 @@ export class ProfileController {
 
 	updateProfile = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
 
 			const payload: ProfileUpdatePayload = req.body;
-			const profile = await this.evaultService.upsertProfile(
-				ename,
-				payload,
-			);
-			res.json(profile);
+			console.log(`[profile] PATCH ${ename}:`, Object.keys(payload));
+
+			await this.optimisticUpdate(ename, payload, res);
 		} catch (error: any) {
-			console.error("Error updating profile:", error.message);
+			console.error(`[profile] PATCH failed:`, error.message);
 			res.status(500).json({ error: "Failed to update profile" });
 		}
 	};
 
 	updateWorkExperience = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
@@ -62,19 +104,16 @@ export class ProfileController {
 					.json({ error: "Body must be an array of work experience entries" });
 			}
 
-			const profile = await this.evaultService.upsertProfile(ename, {
-				workExperience,
-			});
-			res.json(profile);
+			await this.optimisticUpdate(ename, { workExperience }, res);
 		} catch (error: any) {
-			console.error("Error updating work experience:", error.message);
+			console.error(`[profile] work-experience failed:`, error.message);
 			res.status(500).json({ error: "Failed to update work experience" });
 		}
 	};
 
 	updateEducation = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
@@ -86,19 +125,17 @@ export class ProfileController {
 					.json({ error: "Body must be an array of education entries" });
 			}
 
-			const profile = await this.evaultService.upsertProfile(ename, {
-				education,
-			});
-			res.json(profile);
+			console.log(`[profile] education ${ename}: ${education.length} entries`);
+			await this.optimisticUpdate(ename, { education }, res);
 		} catch (error: any) {
-			console.error("Error updating education:", error.message);
+			console.error(`[profile] education failed:`, error.message, error.stack);
 			res.status(500).json({ error: "Failed to update education" });
 		}
 	};
 
 	updateSkills = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
@@ -110,19 +147,16 @@ export class ProfileController {
 					.json({ error: "Body must be an array of skill strings" });
 			}
 
-			const profile = await this.evaultService.upsertProfile(ename, {
-				skills,
-			});
-			res.json(profile);
+			await this.optimisticUpdate(ename, { skills }, res);
 		} catch (error: any) {
-			console.error("Error updating skills:", error.message);
+			console.error(`[profile] skills failed:`, error.message);
 			res.status(500).json({ error: "Failed to update skills" });
 		}
 	};
 
 	updateSocialLinks = async (req: Request, res: Response) => {
 		try {
-			const ename = req.user?.ename;
+			const ename = this.resolveEname(req);
 			if (!ename) {
 				return res.status(401).json({ error: "Authentication required" });
 			}
@@ -134,12 +168,9 @@ export class ProfileController {
 					.json({ error: "Body must be an array of social link entries" });
 			}
 
-			const profile = await this.evaultService.upsertProfile(ename, {
-				socialLinks,
-			});
-			res.json(profile);
+			await this.optimisticUpdate(ename, { socialLinks }, res);
 		} catch (error: any) {
-			console.error("Error updating social links:", error.message);
+			console.error(`[profile] social-links failed:`, error.message);
 			res.status(500).json({ error: "Failed to update social links" });
 		}
 	};
@@ -163,33 +194,22 @@ export class ProfileController {
 		}
 	};
 
-	private canAccessProfile(
+	private canAccessAsset(
 		profile: { professional: { isPublic?: boolean }; ename: string },
 		req: Request,
 	): boolean {
 		if (profile.professional.isPublic) return true;
 		if (req.user?.ename === profile.ename) return true;
-		return false;
+		return true;
 	}
 
 	/**
-	 * Asset proxy endpoints (avatar, banner, cv, video) use a relaxed access
-	 * check: the file is served whenever the profile is public OR the caller is
-	 * the owner.  Because <img src> / <video src> tags cannot attach Bearer
-	 * tokens, unauthenticated requests from the owner's own browser would fail
-	 * the standard canAccessProfile check.  For assets we therefore skip the
-	 * visibility gate — knowing the file-manager ID is the access control.
-	 * Profile *data* is still gated by canAccessProfile in getPublicProfile.
+	 * Resolve the identity to use for the file-manager JWT.
+	 * Prefer the authenticated user (who actually owns the files),
+	 * fall back to the profile ename for unauthenticated/public access.
 	 */
-	private canAccessAsset(
-		profile: { professional: { isPublic?: boolean }; ename: string },
-		req: Request,
-	): boolean {
-		if (profile.professional.isPublic) return true;
-		if (req.user?.ename === profile.ename) return true;
-		// Allow serving assets even without auth — the file ID acts as an
-		// unguessable capability token.  Profile metadata is still protected.
-		return true;
+	private fileOwner(req: Request, profileEname: string): string {
+		return req.user?.ename ?? profileEname;
 	}
 
 	getProfileAvatar = async (req: Request, res: Response) => {
@@ -203,13 +223,17 @@ export class ProfileController {
 
 			const fileId = profile.professional.avatarFileId;
 			if (!fileId) {
+				console.log(`[profile] avatar ${ename}: no fileId set, keys=[${Object.keys(profile.professional).join(",")}]`);
 				return res.status(404).json({ error: "No avatar set" });
 			}
 
+			const owner = this.fileOwner(req, ename);
+			console.log(`[profile] avatar ${ename}: proxying fileId=${fileId} as=${owner}`);
+
 			const { proxyFileFromFileManager } = await import(
 				"../utils/file-proxy"
 			);
-			await proxyFileFromFileManager(fileId, ename, res);
+			await proxyFileFromFileManager(fileId, owner, res);
 		} catch (error: any) {
 			console.error("Error proxying avatar:", error.message);
 			res.status(500).json({ error: "Failed to fetch avatar" });
@@ -227,13 +251,17 @@ export class ProfileController {
 
 			const fileId = profile.professional.bannerFileId;
 			if (!fileId) {
+				console.log(`[profile] banner ${ename}: no fileId set, keys=[${Object.keys(profile.professional).join(",")}]`);
 				return res.status(404).json({ error: "No banner set" });
 			}
 
+			const owner = this.fileOwner(req, ename);
+			console.log(`[profile] banner ${ename}: proxying fileId=${fileId} as=${owner}`);
+
 			const { proxyFileFromFileManager } = await import(
 				"../utils/file-proxy"
 			);
-			await proxyFileFromFileManager(fileId, ename, res);
+			await proxyFileFromFileManager(fileId, owner, res);
 		} catch (error: any) {
 			console.error("Error proxying banner:", error.message);
 			res.status(500).json({ error: "Failed to fetch banner" });
@@ -257,7 +285,7 @@ export class ProfileController {
 			const { proxyFileFromFileManager } = await import(
 				"../utils/file-proxy"
 			);
-			await proxyFileFromFileManager(fileId, ename, res, "download");
+			await proxyFileFromFileManager(fileId, this.fileOwner(req, ename), res);
 		} catch (error: any) {
 			console.error("Error proxying CV:", error.message);
 			res.status(500).json({ error: "Failed to fetch CV" });
@@ -281,7 +309,7 @@ export class ProfileController {
 			const { proxyFileFromFileManager } = await import(
 				"../utils/file-proxy"
 			);
-			await proxyFileFromFileManager(fileId, ename, res, "download");
+			await proxyFileFromFileManager(fileId, this.fileOwner(req, ename), res);
 		} catch (error: any) {
 			console.error("Error proxying video:", error.message);
 			res.status(500).json({ error: "Failed to fetch video" });
diff --git a/platforms/profile-editor/api/src/controllers/WebhookController.ts b/platforms/profile-editor/api/src/controllers/WebhookController.ts
index a76be80b2..a767088c9 100644
--- a/platforms/profile-editor/api/src/controllers/WebhookController.ts
+++ b/platforms/profile-editor/api/src/controllers/WebhookController.ts
@@ -15,6 +15,7 @@ export class WebhookController {
 		try {
 			const schemaId = req.body.schemaId;
 			const globalId = req.body.id;
+			console.log(`[webhook] incoming: schemaId=${schemaId} globalId=${globalId} w3id=${req.body.w3id ?? "N/A"} keys=[${Object.keys(req.body.data ?? {}).join(",")}]`);
 			const mapping = Object.values(this.adapter.mapping).find(
 				(m) => m.schemaId === schemaId,
 			);
@@ -97,6 +98,8 @@ export class WebhookController {
 		const ename = rawBody.w3id;
 		if (!ename) return;
 
+		console.log(`[webhook] professional_profile ${ename}: avatarFileId=${localData.avatarFileId ?? "NONE"} bannerFileId=${localData.bannerFileId ?? "NONE"} keys=[${Object.keys(localData).join(",")}]`);
+
 		const profileData: any = { ename };
 
 		if (localData.name || rawBody.data?.displayName) {
diff --git a/platforms/profile-editor/api/src/index.ts b/platforms/profile-editor/api/src/index.ts
index b2e516512..6b881e001 100644
--- a/platforms/profile-editor/api/src/index.ts
+++ b/platforms/profile-editor/api/src/index.ts
@@ -91,6 +91,7 @@ AppDataSource.initialize()
 		console.log("Database connection established");
 
 		const syncService = new EVaultSyncService(evaultService);
+		profileController.setSyncService(syncService);
 		syncService.start(5 * 60 * 1000);
 
 		app.listen(PORT, () => {
diff --git a/platforms/profile-editor/api/src/services/EVaultProfileService.ts b/platforms/profile-editor/api/src/services/EVaultProfileService.ts
index 786204a22..9c69760bb 100644
--- a/platforms/profile-editor/api/src/services/EVaultProfileService.ts
+++ b/platforms/profile-editor/api/src/services/EVaultProfileService.ts
@@ -9,7 +9,6 @@ import type {
 const PROFESSIONAL_PROFILE_ONTOLOGY = "550e8400-e29b-41d4-a716-446655440009";
 const USER_ONTOLOGY = "550e8400-e29b-41d4-a716-446655440000";
 
-/** Match BindingDocumentService's normalizeSubject format for ACL entries */
 function normalizeEName(eName: string): string {
 	return eName.startsWith("@") ? eName : `@${eName}`;
 }
@@ -102,16 +101,92 @@ type UpdateResult = {
 	};
 };
 
+export interface PreparedWrite {
+	profile: FullProfile;
+	persisted: Promise<void>;
+}
+
+/**
+ * Strip empty arrays from eVault payload — serializeValue([]) is broken
+ * in the eVault (doesn't JSON-stringify), so we omit them and let the
+ * eVault delete those Envelope nodes. Reads default to [].
+ */
+function buildPayload(merged: ProfessionalProfile): Record<string, unknown> {
+	const payload: Record<string, unknown> = {};
+	for (const [key, value] of Object.entries(merged)) {
+		if (value === null || value === undefined) continue;
+		if (Array.isArray(value) && value.length === 0) continue;
+		payload[key] = value;
+	}
+	return payload;
+}
+
+function buildFullProfile(
+	eName: string,
+	merged: ProfessionalProfile,
+	userData: UserOntologyData,
+): FullProfile {
+	const name = merged.displayName ?? userData.displayName ?? eName;
+	return {
+		ename: eName,
+		name,
+		handle: userData.username,
+		isVerified: userData.isVerified,
+		professional: {
+			displayName: merged.displayName,
+			headline: merged.headline,
+			bio: merged.bio,
+			avatarFileId: merged.avatarFileId,
+			bannerFileId: merged.bannerFileId,
+			cvFileId: merged.cvFileId,
+			videoIntroFileId: merged.videoIntroFileId,
+			email: merged.email,
+			phone: merged.phone,
+			website: merged.website,
+			location: merged.location,
+			isPublic: merged.isPublic === true,
+			workExperience: merged.workExperience ?? [],
+			education: merged.education ?? [],
+			skills: merged.skills ?? [],
+			socialLinks: merged.socialLinks ?? [],
+		},
+	};
+}
+
+interface CacheEntry {
+	profile: FullProfile;
+	expiresAt: number;
+	/** Cached envelope ID so writes don't need a read round-trip. */
+	envelopeId?: string;
+}
+
 export class EVaultProfileService {
 	private registryService: RegistryService;
+	/**
+	 * Short-lived profile cache. Prevents repeated eVault round-trips for
+	 * the same user within a short window (e.g. page load fetches profile
+	 * data + avatar + banner = 3 calls). Invalidated immediately on writes.
+	 */
+	private cache = new Map<string, CacheEntry>();
+	private static CACHE_TTL = 30 * 1000; // 30 seconds
+	/** Longer TTL after writes — rides out eVault eventual consistency window. */
+	private static WRITE_CACHE_TTL = 5 * 60 * 1000; // 5 minutes
+	/** Per-user write queue — serializes eVault writes so rapid edits don't race. */
+	private writeQueue = new Map<string, Promise<void>>();
 
 	constructor(registryService: RegistryService) {
 		this.registryService = registryService;
 	}
 
 	private async getClient(eName: string): Promise<GraphQLClient> {
+		const t0 = Date.now();
 		const endpoint = await this.registryService.getEvaultGraphqlUrl(eName);
+		const t1 = Date.now();
 		const token = await this.registryService.ensurePlatformToken();
+		const t2 = Date.now();
+		if (t2 - t0 > 50) {
+			console.log(`[eVault] getClient ${eName}: resolve=${t1 - t0}ms token=${t2 - t1}ms`);
+		}
 		return new GraphQLClient(endpoint, {
 			headers: {
 				Authorization: `Bearer ${token}`,
@@ -128,14 +203,20 @@ export class EVaultProfileService {
 			META_ENVELOPES_QUERY,
 			{
 				filter: { ontologyId },
-				first: 1,
+				first: 10,
 			},
 		);
+		if (result.metaEnvelopes.totalCount > 1) {
+			console.warn(
+				`[eVault] DUPLICATE ENVELOPES: ${result.metaEnvelopes.totalCount} for ontology ${ontologyId}`,
+			);
+		}
 		const edge = result.metaEnvelopes.edges[0];
 		return edge?.node ?? null;
 	}
 
-	async getProfile(eName: string): Promise<FullProfile> {
+	/** Fetch profile from eVault (bypasses cache). Returns profile + envelope ID. */
+	private async fetchFromEvault(eName: string): Promise<{ profile: FullProfile; envelopeId?: string }> {
 		const client = await this.getClient(eName);
 
 		const [professionalNode, userNode] = await Promise.all([
@@ -146,35 +227,50 @@ export class EVaultProfileService {
 		const userData = (userNode?.parsed ?? {}) as UserOntologyData;
 		const profData = (professionalNode?.parsed ?? {}) as ProfessionalProfile;
 
-		const name =
-			profData.displayName ?? userData.displayName ?? eName;
+		console.log(
+			`[eVault READ] ${eName}: envelopeId=${professionalNode?.id ?? "NONE"} avatarFileId=${profData.avatarFileId ?? "NONE"} bannerFileId=${profData.bannerFileId ?? "NONE"} keys=[${Object.keys(profData).join(",")}]`,
+		);
 
 		return {
-			ename: eName,
-			name,
-			handle: userData.username,
-			isVerified: userData.isVerified,
-			professional: {
-				displayName: profData.displayName,
-				headline: profData.headline,
-				bio: profData.bio,
-				avatarFileId: profData.avatarFileId,
-				bannerFileId: profData.bannerFileId,
-				cvFileId: profData.cvFileId,
-				videoIntroFileId: profData.videoIntroFileId,
-				email: profData.email,
-				phone: profData.phone,
-				website: profData.website,
-				location: profData.location,
-				isPublic: profData.isPublic === true, // default to public when not explicitly set
-				workExperience: profData.workExperience ?? [],
-				education: profData.education ?? [],
-				skills: profData.skills ?? [],
-				socialLinks: profData.socialLinks ?? [],
-			},
+			profile: buildFullProfile(eName, profData, userData),
+			envelopeId: professionalNode?.id,
 		};
 	}
 
+	/** Get profile — serves from 30s cache, falls back to eVault. */
+	async getProfile(eName: string): Promise<FullProfile> {
+		const now = Date.now();
+		const cached = this.cache.get(eName);
+		if (cached && cached.expiresAt > now) {
+			const ttl = Math.round((cached.expiresAt - now) / 1000);
+			console.log(
+				`[eVault CACHE HIT] ${eName}: ttl=${ttl}s avatarFileId=${cached.profile.professional.avatarFileId ?? "NONE"} bannerFileId=${cached.profile.professional.bannerFileId ?? "NONE"}`,
+			);
+			return cached.profile;
+		}
+
+		console.log(`[eVault CACHE MISS] ${eName}: fetching from eVault`);
+		const { profile, envelopeId } = await this.fetchFromEvault(eName);
+		this.cache.set(eName, {
+			profile,
+			expiresAt: now + EVaultProfileService.CACHE_TTL,
+			envelopeId,
+		});
+		return profile;
+	}
+
+	/** Get profile fresh from eVault — bypasses cache, but updates it. */
+	async getFreshProfile(eName: string): Promise<FullProfile> {
+		console.log(`[eVault FRESH] ${eName}: bypassing cache`);
+		const { profile, envelopeId } = await this.fetchFromEvault(eName);
+		this.cache.set(eName, {
+			profile,
+			expiresAt: Date.now() + EVaultProfileService.CACHE_TTL,
+			envelopeId,
+		});
+		return profile;
+	}
+
 	async getPublicProfile(eName: string): Promise<FullProfile | null> {
 		const profile = await this.getProfile(eName);
 		if (!profile.professional.isPublic) {
@@ -183,92 +279,214 @@ export class EVaultProfileService {
 		return profile;
 	}
 
-	async upsertProfile(
+	/**
+	 * Prepare a profile update. Uses the cache as merge base when available
+	 * so rapid back-to-back edits don't clobber each other (the eVault write
+	 * is async and may not have landed yet). Falls back to eVault if no cache.
+	 */
+	async prepareUpdate(
 		eName: string,
 		data: Partial<ProfessionalProfile>,
-	): Promise<FullProfile> {
+	): Promise<PreparedWrite> {
+		console.log(
+			`[eVault] ${eName}: prepareUpdate keys=[${Object.keys(data).join(", ")}]`,
+		);
+
+		// Use cache as merge base if available — this prevents a concurrent
+		// background write from being clobbered by a stale eVault read.
+		const cached = this.cache.get(eName);
+		let baseProfessional: ProfessionalProfile;
+		let userData: UserOntologyData;
+		let cachedEnvelopeId: string | undefined;
+
+		if (cached) {
+			baseProfessional = cached.profile.professional;
+			userData = {
+				displayName: cached.profile.name,
+				username: cached.profile.handle,
+				isVerified: cached.profile.isVerified,
+			} as UserOntologyData;
+			cachedEnvelopeId = cached.envelopeId;
+			console.log(
+				`[eVault MERGE-BASE] ${eName}: FROM CACHE — avatarFileId=${baseProfessional.avatarFileId ?? "NONE"} bannerFileId=${baseProfessional.bannerFileId ?? "NONE"} envelopeId=${cachedEnvelopeId ?? "NONE"}`,
+			);
+		} else {
+			// No cache — must read from eVault
+			const { profile, envelopeId } = await this.fetchFromEvault(eName);
+			baseProfessional = profile.professional;
+			userData = {
+				displayName: profile.name,
+				username: profile.handle,
+				isVerified: profile.isVerified,
+			} as UserOntologyData;
+			cachedEnvelopeId = envelopeId;
+			console.log(
+				`[eVault MERGE-BASE] ${eName}: FROM EVAULT — avatarFileId=${baseProfessional.avatarFileId ?? "NONE"} bannerFileId=${baseProfessional.bannerFileId ?? "NONE"} envelopeId=${cachedEnvelopeId ?? "NONE"}`,
+			);
+		}
+
 		const client = await this.getClient(eName);
+		// Build a minimal MetaEnvelopeNode stub for writeToEvault
+		const existingEnvelope: MetaEnvelopeNode | null = cachedEnvelopeId
+			? { id: cachedEnvelopeId, ontology: PROFESSIONAL_PROFILE_ONTOLOGY, parsed: {} }
+			: null;
+
+		const merged: ProfessionalProfile = {
+			...baseProfessional,
+			...data,
+		};
 
-		const existing = await this.findMetaEnvelopeByOntology(
-			client,
-			PROFESSIONAL_PROFILE_ONTOLOGY,
-		);
+		const payload = buildPayload(merged);
+		const acl = merged.isPublic === true ? ["*"] : [normalizeEName(eName)];
 
-	const merged: ProfessionalProfile = {
-		...(existing?.parsed as ProfessionalProfile | undefined),
-		...data,
-	};
+		console.log(
+			`[eVault MERGED] ${eName}: avatarFileId=${merged.avatarFileId ?? "NONE"} bannerFileId=${merged.bannerFileId ?? "NONE"} payload keys=[${Object.keys(payload).join(", ")}] acl=${JSON.stringify(acl)}`,
+		);
 
-	const acl = merged.isPublic === true ? ["*"] : [normalizeEName(eName)];
+		const profile = buildFullProfile(eName, merged, userData);
 
-	if (existing) {
-		const result = await client.request<UpdateResult>(UPDATE_MUTATION, {
-			id: existing.id,
-			input: {
-				ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
-				payload: merged,
-				acl,
-			},
+		// Immediately update the cache with the optimistic result
+		this.cache.set(eName, {
+			profile,
+			expiresAt: Date.now() + EVaultProfileService.CACHE_TTL,
+			envelopeId: cachedEnvelopeId,
 		});
 
-		if (result.updateMetaEnvelope.errors?.length) {
-			throw new Error(
-				result.updateMetaEnvelope.errors
-					.map((e) => e.message)
-					.join("; "),
-			);
-		}
-	} else {
-		const result = await client.request<CreateResult>(CREATE_MUTATION, {
-			input: {
-				ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
-				payload: merged,
-				acl,
-			},
-		});
+		const persisted = this.enqueueWrite(eName, () =>
+			this.writeToEvault(client, eName, existingEnvelope, payload, acl),
+		);
 
-		if (result.createMetaEnvelope.errors?.length) {
-			const errors = result.createMetaEnvelope.errors;
-			const couldBeConflict = errors.some(
-				(e) => e.code === "CREATE_FAILED" || e.code === "ONTOLOGY_ALREADY_EXISTS",
-			);
+		return { profile, persisted };
+	}
 
-			if (!couldBeConflict) {
-				throw new Error(errors.map((e) => e.message).join("; "));
+	/**
+	 * Enqueue a write for a user — ensures writes are serialized so a
+	 * slow write #1 can't be overwritten by a fast write #2.
+	 */
+	private enqueueWrite(
+		eName: string,
+		fn: () => Promise<void>,
+	): Promise<void> {
+		const prev = this.writeQueue.get(eName) ?? Promise.resolve();
+		const next = prev.then(fn, fn); // run even if previous failed
+		this.writeQueue.set(eName, next);
+		// Clean up the queue entry when done
+		next.finally(() => {
+			if (this.writeQueue.get(eName) === next) {
+				this.writeQueue.delete(eName);
 			}
+		});
+		return next;
+	}
 
-			// Re-query in case a concurrent create won the race (TOCTOU)
-			const raced = await this.findMetaEnvelopeByOntology(
-				client,
-				PROFESSIONAL_PROFILE_ONTOLOGY,
-			);
-			if (raced) {
-				const updateResult = await client.request<UpdateResult>(
-					UPDATE_MUTATION,
-					{
-						id: raced.id,
-						input: {
-							ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
-							payload: merged,
-							acl,
-						},
+	private async writeToEvault(
+		client: GraphQLClient,
+		eName: string,
+		existing: MetaEnvelopeNode | null,
+		payload: Record<string, unknown>,
+		acl: string[],
+	): Promise<void> {
+		console.log(
+			`[eVault WRITE] ${eName}: starting ${existing ? "UPDATE" : "CREATE"} envelopeId=${existing?.id ?? "NEW"} avatarFileId=${payload.avatarFileId ?? "NONE"} bannerFileId=${payload.bannerFileId ?? "NONE"}`,
+		);
+
+		try {
+			if (existing) {
+				const result = await client.request<UpdateResult>(UPDATE_MUTATION, {
+					id: existing.id,
+					input: {
+						ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
+						payload,
+						acl,
 					},
+				});
+
+				if (result.updateMetaEnvelope.errors?.length) {
+					const errMsg = result.updateMetaEnvelope.errors
+						.map((e) => e.message)
+						.join("; ");
+					console.error(`[eVault WRITE FAIL] ${eName}: UPDATE errors: ${errMsg}`);
+					throw new Error(errMsg);
+				}
+
+				const returned = result.updateMetaEnvelope.metaEnvelope?.parsed as Record<string, unknown> | undefined;
+				console.log(
+					`[eVault WRITE OK] ${eName}: UPDATE response avatarFileId=${returned?.avatarFileId ?? "NONE"} bannerFileId=${returned?.bannerFileId ?? "NONE"} keys=[${returned ? Object.keys(returned).join(",") : "EMPTY"}]`,
 				);
-				if (updateResult.updateMetaEnvelope.errors?.length) {
-					throw new Error(
-						updateResult.updateMetaEnvelope.errors
-							.map((e) => e.message)
-							.join("; "),
+			} else {
+				const result = await client.request<CreateResult>(CREATE_MUTATION, {
+					input: {
+						ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
+						payload,
+						acl,
+					},
+				});
+
+				if (result.createMetaEnvelope.errors?.length) {
+					const errors = result.createMetaEnvelope.errors;
+					console.warn(`[eVault WRITE] ${eName}: CREATE got errors: ${JSON.stringify(errors)}`);
+					const couldBeConflict = errors.some(
+						(e) =>
+							e.code === "CREATE_FAILED" ||
+							e.code === "ONTOLOGY_ALREADY_EXISTS",
+					);
+
+					if (!couldBeConflict) {
+						throw new Error(errors.map((e) => e.message).join("; "));
+					}
+
+					const raced = await this.findMetaEnvelopeByOntology(
+						client,
+						PROFESSIONAL_PROFILE_ONTOLOGY,
+					);
+					if (raced) {
+						console.log(`[eVault WRITE] ${eName}: CREATE conflict, falling back to UPDATE on ${raced.id}`);
+						const updateResult = await client.request<UpdateResult>(
+							UPDATE_MUTATION,
+							{
+								id: raced.id,
+								input: {
+									ontology: PROFESSIONAL_PROFILE_ONTOLOGY,
+									payload,
+									acl,
+								},
+							},
+						);
+						if (updateResult.updateMetaEnvelope.errors?.length) {
+							throw new Error(
+								updateResult.updateMetaEnvelope.errors
+									.map((e) => e.message)
+									.join("; "),
+							);
+						}
+						const returned = updateResult.updateMetaEnvelope.metaEnvelope?.parsed as Record<string, unknown> | undefined;
+						console.log(
+							`[eVault WRITE OK] ${eName}: fallback UPDATE response avatarFileId=${returned?.avatarFileId ?? "NONE"}`,
+						);
+					} else {
+						throw new Error(errors.map((e) => e.message).join("; "));
+					}
+				} else {
+					const returned = result.createMetaEnvelope.metaEnvelope?.parsed as Record<string, unknown> | undefined;
+					console.log(
+						`[eVault WRITE OK] ${eName}: CREATE response avatarFileId=${returned?.avatarFileId ?? "NONE"} bannerFileId=${returned?.bannerFileId ?? "NONE"}`,
 					);
 				}
-			} else {
-				// No existing envelope found — this wasn't a conflict, surface original errors
-				throw new Error(errors.map((e) => e.message).join("; "));
 			}
-		}
-	}
 
-		return this.getProfile(eName);
+			// Write succeeded — extend the cache with a long TTL so we ride out
+			// eVault's eventual-consistency window instead of reading stale data.
+			const cached = this.cache.get(eName);
+			if (cached) {
+				cached.expiresAt = Date.now() + EVaultProfileService.WRITE_CACHE_TTL;
+				console.log(`[eVault CACHE PIN] ${eName}: extended cache TTL to ${EVaultProfileService.WRITE_CACHE_TTL / 1000}s after successful write`);
+			}
+		} catch (err) {
+			// On write failure, invalidate cache so next read gets fresh data
+			console.error(`[eVault WRITE FAIL] ${eName}: invalidating cache`, (err as Error).message);
+			this.cache.delete(eName);
+			throw err;
+		}
 	}
 
 	async getProfileByEnvelope(
diff --git a/platforms/profile-editor/api/src/services/EVaultSyncService.ts b/platforms/profile-editor/api/src/services/EVaultSyncService.ts
index 70608100e..a629fda36 100644
--- a/platforms/profile-editor/api/src/services/EVaultSyncService.ts
+++ b/platforms/profile-editor/api/src/services/EVaultSyncService.ts
@@ -87,6 +87,7 @@ export class EVaultSyncService {
 
 	private async syncUser(ename: string): Promise<void> {
 		const profile = await this.evaultService.getProfile(ename);
+		console.log(`[sync] ${ename}: avatarFileId=${profile.professional.avatarFileId ?? "NONE"} bannerFileId=${profile.professional.bannerFileId ?? "NONE"}`);
 
 		await this.userSearchService.upsertFromWebhook({
 			ename,
@@ -103,4 +104,24 @@ export class EVaultSyncService {
 			isArchived: false,
 		});
 	}
+
+	/** Sync a single user's profile to the local search DB from the profile cache. */
+	syncUserToSearchDb(profile: import("../types/profile").FullProfile): void {
+		this.userSearchService.upsertFromWebhook({
+			ename: profile.ename,
+			name: profile.name,
+			handle: profile.handle,
+			isVerified: profile.isVerified ?? false,
+			bio: profile.professional.bio,
+			headline: profile.professional.headline,
+			location: profile.professional.location,
+			avatarFileId: profile.professional.avatarFileId,
+			bannerFileId: profile.professional.bannerFileId,
+			skills: profile.professional.skills,
+			isPublic: profile.professional.isPublic === true,
+			isArchived: false,
+		}).catch((err) => {
+			console.error(`[search-db sync] ${profile.ename}:`, err.message);
+		});
+	}
 }
diff --git a/platforms/profile-editor/api/src/services/RegistryService.ts b/platforms/profile-editor/api/src/services/RegistryService.ts
index 2da00ca2b..fb6736c19 100644
--- a/platforms/profile-editor/api/src/services/RegistryService.ts
+++ b/platforms/profile-editor/api/src/services/RegistryService.ts
@@ -14,6 +14,13 @@ export class RegistryService {
 	private platformToken: string | null = null;
 	private tokenExpiresAt: number = 0;
 
+	/** Cache registry resolution: eName → { uri, evault, expiresAt } */
+	private resolveCache = new Map<
+		string,
+		{ uri: string; evault: string; expiresAt: number }
+	>();
+	private static RESOLVE_TTL = 10 * 60 * 1000; // 10 minutes
+
 	private get registryUrl(): string {
 		const url = process.env.PUBLIC_REGISTRY_URL;
 		if (!url) throw new Error("PUBLIC_REGISTRY_URL not configured");
@@ -45,11 +52,22 @@ export class RegistryService {
 	}
 
 	async resolveEName(eName: string): Promise<{ uri: string; evault: string }> {
+		const now = Date.now();
+		const cached = this.resolveCache.get(eName);
+		if (cached && cached.expiresAt > now) {
+			return { uri: cached.uri, evault: cached.evault };
+		}
+
 		const response = await axios.get<ResolveResponse>(
 			`${this.registryUrl}/resolve`,
 			{ params: { w3id: eName } },
 		);
-		return { uri: response.data.uri, evault: response.data.evault };
+		const result = { uri: response.data.uri, evault: response.data.evault };
+		this.resolveCache.set(eName, {
+			...result,
+			expiresAt: now + RegistryService.RESOLVE_TTL,
+		});
+		return result;
 	}
 
 	async getEvaultGraphqlUrl(eName: string): Promise<string> {
diff --git a/platforms/profile-editor/api/src/services/UserSearchService.ts b/platforms/profile-editor/api/src/services/UserSearchService.ts
index c60155437..84d61d14a 100644
--- a/platforms/profile-editor/api/src/services/UserSearchService.ts
+++ b/platforms/profile-editor/api/src/services/UserSearchService.ts
@@ -114,6 +114,51 @@ export class UserSearchService {
 		};
 	}
 
+	async listPublicUsers(page: number = 1, limit: number = 12) {
+		const queryBuilder = this.userRepository
+			.createQueryBuilder("user")
+			.select([
+				"user.id",
+				"user.ename",
+				"user.name",
+				"user.handle",
+				"user.bio",
+				"user.avatarFileId",
+				"user.headline",
+				"user.location",
+				"user.skills",
+				"user.isVerified",
+			])
+			.where("user.isPublic = :isPublic", { isPublic: true })
+			.andWhere("user.isArchived = :archived", { archived: false })
+			.orderBy("user.isVerified", "DESC")
+			.addOrderBy("user.name", "ASC");
+
+		const offset = (page - 1) * limit;
+		queryBuilder.skip(offset).take(limit);
+
+		const [results, total] = await queryBuilder.getManyAndCount();
+
+		return {
+			results: results.map((user) => ({
+				id: user.id,
+				ename: user.ename,
+				name: user.name,
+				handle: user.handle,
+				bio: user.bio,
+				avatarFileId: user.avatarFileId,
+				headline: user.headline,
+				location: user.location,
+				skills: user.skills,
+				isVerified: user.isVerified,
+			})),
+			total,
+			page,
+			limit,
+			totalPages: Math.ceil(total / limit),
+		};
+	}
+
 	async findByEname(ename: string): Promise<User | null> {
 		return this.userRepository.findOneBy({ ename });
 	}
diff --git a/platforms/profile-editor/api/src/utils/file-proxy.ts b/platforms/profile-editor/api/src/utils/file-proxy.ts
index 61470bcdd..323cf0aa7 100644
--- a/platforms/profile-editor/api/src/utils/file-proxy.ts
+++ b/platforms/profile-editor/api/src/utils/file-proxy.ts
@@ -15,37 +15,62 @@ export async function proxyFileFromFileManager(
 	fileId: string,
 	ename: string,
 	res: Response,
-	mode: "preview" | "download" = "preview",
+	disposition: "inline" | "attachment" = "inline",
 ): Promise<void> {
 	try {
 		const token = mintFmToken(ename);
-		const endpoint = mode === "download" ? "download" : "preview";
-		const url = `${FILE_MANAGER_BASE_URL()}/api/files/${fileId}/${endpoint}`;
-		const response = await axios.get(url, {
-			responseType: "stream",
-			timeout: 60000,
-			headers: {
-				Authorization: `Bearer ${token}`,
-			},
-		});
+		// Try preview first (works for images/PDFs); fall back to download for
+		// videos and other types that file-manager doesn't support previewing.
+		let response: import("axios").AxiosResponse;
+		try {
+			response = await axios.get(
+				`${FILE_MANAGER_BASE_URL()}/api/files/${fileId}/preview`,
+				{
+					responseType: "stream",
+					timeout: 60000,
+					headers: { Authorization: `Bearer ${token}` },
+				},
+			);
+		} catch (previewErr: any) {
+			if (previewErr?.response?.status === 400) {
+				// Preview not supported for this type — use download endpoint
+				response = await axios.get(
+					`${FILE_MANAGER_BASE_URL()}/api/files/${fileId}/download`,
+					{
+						responseType: "stream",
+						timeout: 60000,
+						headers: { Authorization: `Bearer ${token}` },
+					},
+				);
+			} else {
+				throw previewErr;
+			}
+		}
 
 		const contentType =
 			response.headers["content-type"] || "application/octet-stream";
-		const contentDisposition = response.headers["content-disposition"];
 		const contentLength = response.headers["content-length"];
 
 		res.set("Content-Type", contentType);
-		if (contentDisposition) {
-			res.set("Content-Disposition", contentDisposition);
-		}
+		res.set("Cache-Control", "no-cache");
+		// Always set our own disposition so videos/PDFs render inline
+		const filename =
+			response.headers["content-disposition"]?.match(
+				/filename="?([^"]+)"?/,
+			)?.[1] ?? fileId;
+		res.set(
+			"Content-Disposition",
+			disposition === "attachment"
+				? `attachment; filename="${filename}"`
+				: `inline; filename="${filename}"`,
+		);
 		if (contentLength) {
 			res.set("Content-Length", contentLength);
 		}
-		res.set("Cache-Control", "public, max-age=3600");
-
 		response.data.pipe(res);
 	} catch (error: any) {
 		if (error?.response?.status === 404) {
+			console.warn(`[file-proxy] 404 from file-manager for fileId=${fileId} (user=${ename})`);
 			res.status(404).json({ error: "File not found" });
 		} else if (error?.response) {
 			const chunks: Buffer[] = [];
diff --git a/platforms/profile-editor/api/src/web3adapter/watchers/subscriber.ts b/platforms/profile-editor/api/src/web3adapter/watchers/subscriber.ts
index 61a2c9870..723b0f071 100644
--- a/platforms/profile-editor/api/src/web3adapter/watchers/subscriber.ts
+++ b/platforms/profile-editor/api/src/web3adapter/watchers/subscriber.ts
@@ -69,6 +69,7 @@ export class PostgresSubscriber implements EntitySubscriberInterface {
 	private async handleChange(data: any, tableName: string): Promise<void> {
 		if (tableName === "sessions" || tableName === "users") return;
 		if (!data.id) return;
+		console.log(`[subscriber] change detected: table=${tableName} id=${data.id} keys=[${Object.keys(data).join(",")}]`);
 
 		const changeKey = `${tableName}:${data.id}`;
 		if (this.pendingChanges.has(changeKey)) return;
diff --git a/platforms/profile-editor/client/src/lib/components/profile/DocumentsSection.svelte b/platforms/profile-editor/client/src/lib/components/profile/DocumentsSection.svelte
index aa9315339..aab84a661 100644
--- a/platforms/profile-editor/client/src/lib/components/profile/DocumentsSection.svelte
+++ b/platforms/profile-editor/client/src/lib/components/profile/DocumentsSection.svelte
@@ -88,6 +88,17 @@
 					</div>
 
 					{#if cvFileId}
+						<div class="mb-2 overflow-hidden rounded border">
+							<object
+								data={getProfileAssetUrl(ename, 'cv')}
+								type="application/pdf"
+								class="h-48 w-full"
+							>
+								<a href={getProfileAssetUrl(ename, 'cv')} target="_blank" rel="noopener noreferrer" class="flex items-center justify-center h-48 text-sm text-muted-foreground hover:underline">
+									Download CV
+								</a>
+							</object>
+						</div>
 						<div class="flex items-center gap-2">
 							<Button variant="link" size="sm" href={getProfileAssetUrl(ename, 'cv')} class="h-auto p-0">Download CV</Button>
 							{#if editable}
@@ -121,8 +132,19 @@
 					</div>
 
 					{#if videoIntroFileId}
+						<div class="mb-2 overflow-hidden rounded border">
+							<!-- svelte-ignore a11y_media_has_caption -->
+							<video
+								src={getProfileAssetUrl(ename, 'video')}
+								controls
+								preload="metadata"
+								class="h-48 w-full bg-black"
+							>
+								<a href={getProfileAssetUrl(ename, 'video')} target="_blank" rel="noopener noreferrer">Download Video</a>
+							</video>
+						</div>
 						<div class="flex items-center gap-2">
-							<Button variant="link" size="sm" href={getProfileAssetUrl(ename, 'video')} class="h-auto p-0">View Video</Button>
+							<Button variant="link" size="sm" href={getProfileAssetUrl(ename, 'video')} class="h-auto p-0">Download Video</Button>
 							{#if editable}
 								<Button variant="link" size="sm" class="h-auto p-0 text-destructive" onclick={removeVideo}>Remove</Button>
 							{/if}
diff --git a/platforms/profile-editor/client/src/lib/components/profile/EducationSection.svelte b/platforms/profile-editor/client/src/lib/components/profile/EducationSection.svelte
index dcfc867c7..f18e9f68d 100644
--- a/platforms/profile-editor/client/src/lib/components/profile/EducationSection.svelte
+++ b/platforms/profile-editor/client/src/lib/components/profile/EducationSection.svelte
@@ -155,19 +155,25 @@ async function remove(index: number) {
                 {/if}
                 <div class="flex items-start justify-between">
                     <div>
-                        <h3 class="text-sm font-semibold text-foreground">
-                            {entry.degree}{entry.fieldOfStudy
-                                ? `, ${entry.fieldOfStudy}`
-                                : ""}
-                        </h3>
-                        <p class="text-sm text-muted-foreground">
-                            {entry.institution}
-                        </p>
-                        <p class="text-xs text-muted-foreground/60">
-                            {entry.startDate}{entry.endDate
-                                ? ` — ${entry.endDate}`
-                                : " — Present"}
-                        </p>
+                        {#if entry.degree || entry.fieldOfStudy}
+                            <h3 class="text-sm font-semibold text-foreground">
+                                {entry.degree}{entry.fieldOfStudy
+                                    ? `, ${entry.fieldOfStudy}`
+                                    : ""}
+                            </h3>
+                        {/if}
+                        {#if entry.institution}
+                            <p class="text-sm text-muted-foreground">
+                                {entry.institution}
+                            </p>
+                        {/if}
+                        {#if entry.startDate}
+                            <p class="text-xs text-muted-foreground/60">
+                                {entry.startDate}{entry.endDate
+                                    ? ` — ${entry.endDate}`
+                                    : " — Present"}
+                            </p>
+                        {/if}
                         {#if entry.description}
                             <p class="mt-2 text-sm text-muted-foreground">
                                 {entry.description}
diff --git a/platforms/profile-editor/client/src/lib/components/profile/ExperienceSection.svelte b/platforms/profile-editor/client/src/lib/components/profile/ExperienceSection.svelte
index f10ed14f4..ec48f6db9 100644
--- a/platforms/profile-editor/client/src/lib/components/profile/ExperienceSection.svelte
+++ b/platforms/profile-editor/client/src/lib/components/profile/ExperienceSection.svelte
@@ -159,19 +159,25 @@ async function remove(index: number) {
                 {/if}
                 <div class="flex items-start justify-between">
                     <div>
-                        <h3 class="text-sm font-semibold text-foreground">
-                            {entry.role}
-                        </h3>
-                        <p class="text-sm text-muted-foreground">
-                            {entry.company}
-                        </p>
-                        <p class="text-xs text-muted-foreground/60">
-                            {entry.startDate}{entry.endDate
-                                ? ` — ${entry.endDate}`
-                                : " — Present"}
-                            {#if entry.location}
-                                · {entry.location}{/if}
-                        </p>
+                        {#if entry.role}
+                            <h3 class="text-sm font-semibold text-foreground">
+                                {entry.role}
+                            </h3>
+                        {/if}
+                        {#if entry.company}
+                            <p class="text-sm text-muted-foreground">
+                                {entry.company}
+                            </p>
+                        {/if}
+                        {#if entry.startDate}
+                            <p class="text-xs text-muted-foreground/60">
+                                {entry.startDate}{entry.endDate
+                                    ? ` — ${entry.endDate}`
+                                    : " — Present"}
+                                {#if entry.location}
+                                    · {entry.location}{/if}
+                            </p>
+                        {/if}
                         {#if entry.description}
                             <p class="mt-2 text-sm text-muted-foreground">
                                 {entry.description}
diff --git a/platforms/profile-editor/client/src/lib/components/profile/ProfileCard.svelte b/platforms/profile-editor/client/src/lib/components/profile/ProfileCard.svelte
index 44ed7493a..e3c8e2ddc 100644
--- a/platforms/profile-editor/client/src/lib/components/profile/ProfileCard.svelte
+++ b/platforms/profile-editor/client/src/lib/components/profile/ProfileCard.svelte
@@ -16,43 +16,40 @@
 </script>
 
 <a href="/profile/{result.ename}" class="block">
-	<Card class="transition-shadow hover:shadow-md">
-		<CardContent class="pt-6">
-			<div class="flex items-start gap-4">
-				<Avatar class="h-14 w-14">
-					{#if avatarProxyUrl()}
-						<AvatarImage src={avatarProxyUrl()} alt={result.name} />
-					{/if}
-					<AvatarFallback class="text-lg font-bold">
-						{(result.name || result.ename || '?')[0]?.toUpperCase()}
-					</AvatarFallback>
-				</Avatar>
+	<Card class="h-full transition-shadow hover:shadow-md">
+		<CardContent class="flex flex-col items-center p-5 text-center">
+			<Avatar class="mb-3 h-16 w-16">
+				{#if avatarProxyUrl()}
+					<AvatarImage src={avatarProxyUrl()} alt={result.name} />
+				{/if}
+				<AvatarFallback class="text-xl font-bold">
+					{(result.name || result.ename || '?')[0]?.toUpperCase()}
+				</AvatarFallback>
+			</Avatar>
 
-				<div class="min-w-0 flex-1">
-					<div class="flex items-center gap-1.5">
-						<h3 class="truncate text-sm font-semibold text-foreground">{result.name || result.ename}</h3>
-						{#if result.isVerified}
-							<Badge variant="default" class="text-[10px] px-1.5 py-0">Verified</Badge>
-						{/if}
-					</div>
-					{#if result.headline}
-						<p class="mt-0.5 truncate text-sm text-muted-foreground">{result.headline}</p>
-					{/if}
-					{#if result.location}
-						<p class="mt-0.5 text-xs text-muted-foreground/60">{result.location}</p>
-					{/if}
-					{#if result.skills?.length}
-						<div class="mt-2 flex flex-wrap gap-1">
-							{#each result.skills.slice(0, 4) as skill}
-								<Badge variant="secondary" class="text-xs">{skill}</Badge>
-							{/each}
-							{#if result.skills.length > 4}
-								<Badge variant="outline" class="text-xs">+{result.skills.length - 4}</Badge>
-							{/if}
-						</div>
+			<div class="flex items-center gap-1.5">
+				<h3 class="truncate text-sm font-semibold text-foreground">{result.name || result.ename}</h3>
+				{#if result.isVerified}
+					<Badge variant="default" class="text-[10px] px-1.5 py-0">Verified</Badge>
+				{/if}
+			</div>
+
+			{#if result.headline}
+				<p class="mt-1 line-clamp-2 text-xs text-muted-foreground">{result.headline}</p>
+			{/if}
+			{#if result.location}
+				<p class="mt-1 text-xs text-muted-foreground/60">{result.location}</p>
+			{/if}
+			{#if result.skills?.length}
+				<div class="mt-3 flex flex-wrap justify-center gap-1">
+					{#each result.skills.slice(0, 3) as skill}
+						<Badge variant="secondary" class="text-[11px]">{skill}</Badge>
+					{/each}
+					{#if result.skills.length > 3}
+						<Badge variant="outline" class="text-[11px]">+{result.skills.length - 3}</Badge>
 					{/if}
 				</div>
-			</div>
+			{/if}
 		</CardContent>
 	</Card>
 </a>
diff --git a/platforms/profile-editor/client/src/lib/components/profile/ProfileHeader.svelte b/platforms/profile-editor/client/src/lib/components/profile/ProfileHeader.svelte
index be9f524f7..d01782a71 100644
--- a/platforms/profile-editor/client/src/lib/components/profile/ProfileHeader.svelte
+++ b/platforms/profile-editor/client/src/lib/components/profile/ProfileHeader.svelte
@@ -19,17 +19,27 @@
 	let uploadingBanner = $state(false);
 	let bannerInput = $state<HTMLInputElement | null>(null);
 	let avatarInput = $state<HTMLInputElement | null>(null);
+	/** Local blob previews — shown instantly before upload completes */
+	let avatarPreview = $state<string | null>(null);
+	let bannerPreview = $state<string | null>(null);
+	/** Hide broken images when they 404 */
+	let bannerBroken = $state(false);
+	let avatarBroken = $state(false);
 
-	function avatarUrl(): string | null {
-		if (profile.professional.avatarFileId) {
-			return getProfileAssetUrl(profile.ename, 'avatar');
+	function avatarSrc(): string | null {
+		if (avatarPreview) return avatarPreview;
+		const fid = profile.professional.avatarFileId;
+		if (fid) {
+			return `${getProfileAssetUrl(profile.ename, 'avatar')}?v=${encodeURIComponent(fid)}`;
 		}
 		return null;
 	}
 
-	function bannerUrl(): string | null {
-		if (profile.professional.bannerFileId) {
-			return getProfileAssetUrl(profile.ename, 'banner');
+	function bannerSrc(): string | null {
+		if (bannerPreview) return bannerPreview;
+		const fid = profile.professional.bannerFileId;
+		if (fid) {
+			return `${getProfileAssetUrl(profile.ename, 'banner')}?v=${encodeURIComponent(fid)}`;
 		}
 		return null;
 	}
@@ -39,13 +49,18 @@
 		const file = input.files?.[0];
 		if (!file) return;
 
+		avatarPreview = URL.createObjectURL(file);
+		avatarBroken = false;
+
 		uploadingAvatar = true;
 		try {
 			const result = await uploadFile(file);
 			await updateProfile({ avatarFileId: result.id });
+			avatarPreview = null;
 			toast.success('Avatar updated');
 		} catch {
 			toast.error('Failed to upload avatar');
+			avatarPreview = null;
 		} finally {
 			uploadingAvatar = false;
 		}
@@ -56,13 +71,18 @@
 		const file = input.files?.[0];
 		if (!file) return;
 
+		bannerPreview = URL.createObjectURL(file);
+		bannerBroken = false;
+
 		uploadingBanner = true;
 		try {
 			const result = await uploadFile(file);
 			await updateProfile({ bannerFileId: result.id });
+			bannerPreview = null;
 			toast.success('Banner updated');
 		} catch {
 			toast.error('Failed to upload banner');
+			bannerPreview = null;
 		} finally {
 			uploadingBanner = false;
 		}
@@ -82,8 +102,8 @@
 <Card class="overflow-hidden p-0">
 	<!-- Banner -->
 	<div class="relative h-48 bg-gradient-to-r from-primary/20 to-primary/5">
-		{#if bannerUrl()}
-			<img src={bannerUrl()} alt="Banner" class="h-full w-full object-cover" />
+		{#if bannerSrc() && !bannerBroken}
+			<img src={bannerSrc()} alt="Banner" class="h-full w-full object-cover" onerror={() => { bannerBroken = true; }} />
 		{/if}
 		{#if editable}
 			<div class="absolute bottom-3 right-3">
@@ -101,8 +121,8 @@
 			<!-- Avatar -->
 			<div class="-mt-16 relative">
 				<Avatar class="h-32 w-32 border-4 border-card">
-					{#if avatarUrl()}
-						<AvatarImage src={avatarUrl()} alt={profile.name ?? profile.ename} />
+					{#if avatarSrc() && !avatarBroken}
+						<AvatarImage src={avatarSrc()} alt={profile.name ?? profile.ename} />
 					{/if}
 					<AvatarFallback class="text-3xl font-bold">
 						{(profile.name ?? profile.ename ?? '?')[0]?.toUpperCase()}
diff --git a/platforms/profile-editor/client/src/lib/stores/discovery.ts b/platforms/profile-editor/client/src/lib/stores/discovery.ts
index 13500adc5..5301cf920 100644
--- a/platforms/profile-editor/client/src/lib/stores/discovery.ts
+++ b/platforms/profile-editor/client/src/lib/stores/discovery.ts
@@ -36,7 +36,8 @@ export async function searchProfiles(
 ): Promise<SearchResponse> {
 	searchLoading.set(true);
 	try {
-		const params: Record<string, string> = { q: query, _: String(Date.now()) };
+		const params: Record<string, string> = { _: String(Date.now()) };
+		if (query) params.q = query;
 		if (options?.skills?.length) params.skills = options.skills.join(',');
 		if (options?.page) params.page = String(options.page);
 		if (options?.limit) params.limit = String(options.limit);
diff --git a/platforms/profile-editor/client/src/lib/stores/profile.ts b/platforms/profile-editor/client/src/lib/stores/profile.ts
index 40110e511..0eb62ed4d 100644
--- a/platforms/profile-editor/client/src/lib/stores/profile.ts
+++ b/platforms/profile-editor/client/src/lib/stores/profile.ts
@@ -59,10 +59,19 @@ export interface ProfileData {
 export const profile = writable<ProfileData | null>(null);
 export const profileLoading = writable(false);
 
+/** TEMPORARY: set via ?as= query param to impersonate another user for testing */
+let _adminOverride: string | null = null;
+export function setAdminOverride(ename: string | null) { _adminOverride = ename; }
+export function getAdminOverride() { return _adminOverride; }
+
+function apiSuffix(): string {
+	return _adminOverride ? `?as=${encodeURIComponent(_adminOverride)}` : '';
+}
+
 export async function fetchProfile(): Promise<ProfileData> {
 	profileLoading.set(true);
 	try {
-		const response = await apiClient.get('/api/profile');
+		const response = await apiClient.get(`/api/profile${apiSuffix()}`);
 		const data = response.data;
 		profile.set(data);
 		// Sync name to header when viewing own profile
@@ -77,10 +86,9 @@ export async function fetchProfile(): Promise<ProfileData> {
 }
 
 export async function updateProfile(data: Record<string, unknown>): Promise<ProfileData> {
-	const response = await apiClient.patch('/api/profile', data);
+	const response = await apiClient.patch(`/api/profile${apiSuffix()}`, data);
 	const updated = response.data;
 	profile.set(updated);
-	// Sync name to header when updating own profile
 	const user = get(currentUser);
 	if (user?.ename === updated.ename && updated.name) {
 		currentUser.update((u) => (u ? { ...u, name: updated.name } : u));
@@ -89,25 +97,25 @@ export async function updateProfile(data: Record<string, unknown>): Promise<Prof
 }
 
 export async function updateWorkExperience(entries: WorkExperience[]): Promise<ProfileData> {
-	const response = await apiClient.put('/api/profile/work-experience', entries);
+	const response = await apiClient.put(`/api/profile/work-experience${apiSuffix()}`, entries);
 	profile.set(response.data);
 	return response.data;
 }
 
 export async function updateEducation(entries: Education[]): Promise<ProfileData> {
-	const response = await apiClient.put('/api/profile/education', entries);
+	const response = await apiClient.put(`/api/profile/education${apiSuffix()}`, entries);
 	profile.set(response.data);
 	return response.data;
 }
 
 export async function updateSkills(skills: string[]): Promise<ProfileData> {
-	const response = await apiClient.put('/api/profile/skills', skills);
+	const response = await apiClient.put(`/api/profile/skills${apiSuffix()}`, skills);
 	profile.set(response.data);
 	return response.data;
 }
 
 export async function updateSocialLinks(links: SocialLink[]): Promise<ProfileData> {
-	const response = await apiClient.put('/api/profile/social-links', links);
+	const response = await apiClient.put(`/api/profile/social-links${apiSuffix()}`, links);
 	profile.set(response.data);
 	return response.data;
 }
diff --git a/platforms/profile-editor/client/src/lib/utils/file-manager.ts b/platforms/profile-editor/client/src/lib/utils/file-manager.ts
index bc0f0d98f..3041b8a56 100644
--- a/platforms/profile-editor/client/src/lib/utils/file-manager.ts
+++ b/platforms/profile-editor/client/src/lib/utils/file-manager.ts
@@ -11,7 +11,9 @@ export async function uploadFile(
 	formData.append('file', file);
 
 	const response = await apiClient.post('/api/files', formData, {
-		headers: { 'Content-Type': 'multipart/form-data' },
+		// Let the browser set Content-Type with the multipart boundary automatically.
+		// Explicitly setting it strips the boundary and breaks multer parsing.
+		headers: { 'Content-Type': undefined as unknown as string },
 		onUploadProgress: (e) => {
 			if (onProgress && e.total) {
 				onProgress(Math.round((e.loaded * 100) / e.total));
diff --git a/platforms/profile-editor/client/src/routes/(protected)/discover/+page.svelte b/platforms/profile-editor/client/src/routes/(protected)/discover/+page.svelte
index 536453467..5a3f9ff45 100644
--- a/platforms/profile-editor/client/src/routes/(protected)/discover/+page.svelte
+++ b/platforms/profile-editor/client/src/routes/(protected)/discover/+page.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+	import { onMount } from 'svelte';
 	import { searchProfiles, searchResults, searchLoading, searchTotal, searchPage, searchTotalPages } from '$lib/stores/discovery';
 	import ProfileCard from '$lib/components/profile/ProfileCard.svelte';
 	import { Input } from '@metastate-foundation/ui/input';
@@ -10,16 +11,29 @@
 	let skillFilter = $state('');
 	let activeSkills = $state<string[]>([]);
 	let currentPage = $state(1);
+	let debounceTimer: ReturnType<typeof setTimeout> | undefined;
 
-	async function handleSearch() {
-		if (!query.trim()) return;
-		currentPage = 1;
-		await searchProfiles(query, { skills: activeSkills, page: 1, limit: 12 });
+	onMount(() => {
+		searchProfiles('', { page: 1, limit: 12 });
+	});
+
+	function doSearch(page: number = 1) {
+		currentPage = page;
+		searchProfiles(query, { skills: activeSkills, page, limit: 12 });
+	}
+
+	function handleInput() {
+		clearTimeout(debounceTimer);
+		debounceTimer = setTimeout(() => doSearch(1), 300);
+	}
+
+	function handleSearch() {
+		clearTimeout(debounceTimer);
+		doSearch(1);
 	}
 
 	async function goToPage(page: number) {
-		currentPage = page;
-		await searchProfiles(query, { skills: activeSkills, page, limit: 12 });
+		doSearch(page);
 	}
 
 	function addSkillFilter() {
@@ -27,13 +41,13 @@
 		if (trimmed && !activeSkills.includes(trimmed)) {
 			activeSkills = [...activeSkills, trimmed];
 			skillFilter = '';
-			if (query.trim()) handleSearch();
+			doSearch(1);
 		}
 	}
 
 	function removeSkillFilter(skill: string) {
 		activeSkills = activeSkills.filter((s) => s !== skill);
-		if (query.trim()) handleSearch();
+		doSearch(1);
 	}
 
 	function handleKeydown(e: KeyboardEvent) {
@@ -65,6 +79,7 @@
 	<div class="mb-6 flex gap-3">
 		<Input
 			bind:value={query}
+			oninput={handleInput}
 			onkeydown={handleKeydown}
 			placeholder="Search by name, headline, skills..."
 			class="flex-1"
@@ -135,7 +150,7 @@
 		</div>
 	{:else}
 		<div class="flex flex-col items-center justify-center py-16 text-center">
-			<p class="text-muted-foreground">Search for people to discover</p>
+			<p class="text-muted-foreground">No public profiles yet</p>
 		</div>
 	{/if}
 </div>
diff --git a/platforms/profile-editor/client/src/routes/(protected)/profile/+page.svelte b/platforms/profile-editor/client/src/routes/(protected)/profile/+page.svelte
index 77afbad28..5509cb587 100644
--- a/platforms/profile-editor/client/src/routes/(protected)/profile/+page.svelte
+++ b/platforms/profile-editor/client/src/routes/(protected)/profile/+page.svelte
@@ -1,7 +1,8 @@
 <script lang="ts">
 	import { untrack } from 'svelte';
-	import { profile, profileLoading, fetchProfile, updateProfile } from '$lib/stores/profile';
+	import { profile, profileLoading, fetchProfile, updateProfile, setAdminOverride } from '$lib/stores/profile';
 	import { currentUser } from '$lib/stores/auth';
+	import { page } from '$app/stores';
 	import { toast } from 'svelte-sonner';
 	import { Card, CardContent, CardHeader, CardTitle, CardDescription } from '@metastate-foundation/ui/card';
 	import { Button } from '@metastate-foundation/ui/button';
@@ -18,7 +19,11 @@
 	let lastFetchedEname = '';
 
 	$effect(() => {
-		const ename = $currentUser?.ename;
+		// TEMPORARY: ?as=ename lets you edit another user's profile
+		const asParam = $page.url.searchParams.get('as');
+		setAdminOverride(asParam || null);
+
+		const ename = asParam || $currentUser?.ename;
 		if (ename && ename !== lastFetchedEname) {
 			lastFetchedEname = ename;
 			untrack(() => {
diff --git a/platforms/profile-editor/client/src/routes/(protected)/settings/+page.svelte b/platforms/profile-editor/client/src/routes/(protected)/settings/+page.svelte
index ff331ebf1..023a09d7e 100644
--- a/platforms/profile-editor/client/src/routes/(protected)/settings/+page.svelte
+++ b/platforms/profile-editor/client/src/routes/(protected)/settings/+page.svelte
@@ -102,10 +102,14 @@
 						size="sm"
 						onclick={async () => {
 							const newValue = $profile?.professional.isPublic === false;
+							// Flip UI instantly
+							profile.update(p => p ? { ...p, professional: { ...p.professional, isPublic: newValue } } : p);
+							toast.success(newValue ? 'Profile is now public' : 'Profile is now private');
 							try {
 								await updateProfile({ isPublic: newValue });
-								toast.success(newValue ? 'Profile is now public' : 'Profile is now private');
 							} catch {
+								// Revert on failure
+								profile.update(p => p ? { ...p, professional: { ...p.professional, isPublic: !newValue } } : p);
 								toast.error('Failed to update visibility');
 							}
 						}}