Merge Reliability Matrix

Status: 2026-05-20

Audience: ForkPress maintainers. For user workflow documentation, start with Merging and Conflict Review.

Current Summary

Merge policy remains conservative: apply source exactly, preserve target, or leave an auditable conflict.
Strong coverage exists for WordPress semantic graphs, plugin validator audit metadata, filesystem safety, branch birth, ID bands, stale reviews, crash recovery, and Git publication paths.
Review-first behavior is still intentional for ambiguous plugin-owned repairs, unsafe media regeneration, cyclic or semantically unclear schema changes, and platform-specific crash windows that need broader product kill harnesses.
Release-gate notes in this page are point-in-time evidence. Check GitHub releases and release workflow runs when making a current release claim.

ForkPress COW merge is intentionally conservative: it should either apply a source change exactly, preserve target state, or leave an auditable conflict. It should not silently rewrite WordPress data to make conflicts disappear.

This page tracks what is already covered and where merge reliability still depends on review, future validators, or broader end-to-end tests.

Objective Audit

This audit maps the current reliability objective to concrete artifacts. It is intentionally stricter than “tests pass”: an item is only treated as covered when there is a test or document that exercises the specific merge invariant.

Recent additions in the current merge-reliability work:

Branch reset now finalizes birth metadata against the private staged tree before publishing it: DB merge base, file merge base, row identities, and AUTOINCREMENT ID-band reservations are all complete before the reset branch becomes routable/listed again.
Plugin validators now receive first-class pre-merge target context: FORKPRESS_MERGE_TARGET_BEFORE_DB and, when file context exists, FORKPRESS_MERGE_TARGET_BEFORE_ROOT. The focused tests/cow/plugin_validator.php contract probe verifies that a validator can compare the candidate target with the target-before snapshot.
tests/cow/plugin_validator.php now includes a WooCommerce HPOS-shaped validator for real plugin graph semantics: order addresses, order metadata, order items, itemmeta, cached order options, and _product_id itemmeta pointing at wp_wc_product_meta_lookup rows. Source deletes that leave order or product graphs dangling stay reviewable with plugin logical identities instead of being treated as generic row merges.
The same plugin-validator suite now includes a Gravity Forms-shaped field map validator: entry metadata whose meta_key points at a form field removed from wp_gf_form_meta.display_meta stays reviewable with a plugin logical form-field identity.
The same plugin-validator suite now includes ACF-shaped field metadata coverage: hidden field-key postmeta that points at deleted acf-field definition posts and serialized relationship field values that point at deleted WordPress posts stay reviewable with plugin logical identities.
The same plugin-validator suite now includes an Elementor-shaped widget media validator: _elementor_data JSON image widgets that still point at a deleted attachment row or upload file stay reviewable with a plugin logical widget attachment identity.
The same plugin-validator suite now includes a Yoast SEO-shaped permalink validator: independently merged wp_yoast_indexable rows with the same object type and canonical permalink stay reviewable with a plugin logical permalink identity.
The same Yoast-shaped validator now covers wp_yoast_indexable_hierarchy rows, holding hierarchy edges whose child or ancestor indexable was removed while preserving target-side hierarchy edits for review.
tests/cow/wp_semantic_validator.php now includes a built-in WordPress global-styles validator case where source and target each add a published wp_global_styles row with the same style key. The merge stays reviewable, the audit payload includes both candidate rows, and preexisting duplicate style keys on target do not block unrelated source rows.
tests/cow/merge_smoke.php now also fast-gates the clean counterpart: independent source and target wp_global_styles rows with distinct style keys merge with zero conflicts and audit both sides. The same smoke gate keeps source-edited/target-deleted wp_global_styles rows reviewable.
tests/cow/wp_semantic_validator.php now includes built-in WordPress Site Editor object validator cases for duplicate published wp_template and wp_template_part rows with the same theme object key. These stay reviewable with WordPress-scoped audit payloads, while preexisting duplicate template keys do not block unrelated source templates.
Built-in WordPress semantic validation now cross-checks attachment upload metadata against the merged filesystem. Source-side deletes of generated-file and original_image uploads still referenced by merged attachment metadata are blocked as file conflicts before the files disappear, and preexisting missing generated files on target do not block unrelated merges.
tests/cow/wp_semantic_validator.php now includes a built-in WordPress term route validator case where source and target create taxonomy terms with the same taxonomy, parent, and slug. Newly introduced duplicates stay reviewable, while preexisting duplicate term routes do not block unrelated source terms.
tests/cow/wp_semantic_validator.php now includes a built-in WordPress user login validator case where source and target create users with the same case-insensitive login identity. Newly introduced duplicates stay reviewable, while preexisting duplicate user logins do not block unrelated source users.
tests/cow/wp_semantic_validator.php now includes a plugin custom-post-type graph validator case where a deleted CPT row leaves plugin custom-table JSON, serialized PHP, and option references stale. The merge stays reviewable and plugin-scoped audit output identifies both stale graph owners.
Source deletes of core WordPress owner rows are now held when target-edited dependent rows still point at them, including posts/postmeta, posts/comments, users/usermeta, users/comments, terms/term taxonomy, terms/termmeta, comments/commentmeta, and threaded comment parents. The target remains coherent before review instead of deleting the owner row and relying on a later missing-owner validator finding.
Attachment deletes are also held when the target branch adds or edits _thumbnail_id postmeta that points at the attachment. This covers the common featured-image reference stored as a metadata value rather than an owner column.
Source page and attachment deletes are held when the target branch changes scalar WordPress options that point at them, currently page_on_front, page_for_posts, and site_icon.
Source child-row deletes for target-referenced WordPress owners now inherit the same guard where the child is needed to keep the target-owned object coherent. A target-edited nav menu option keeps both the wp_terms row and its wp_term_taxonomy row before review, and target-edited attachment option references keep attachment-owned wp_postmeta rows from being silently removed.
Built-in WordPress semantic validation now covers stale post_parent references from revisions as well as child pages and attachments, so a source-deleted parent post cannot leave target-edited revision rows dangling without a review conflict.
Source post, term, and menu-item deletes are held when target-edited nav menu metadata points at them through _menu_item_object_id or _menu_item_menu_item_parent, with type-aware sibling metadata checks to avoid conflating taxonomy IDs with post IDs.
Reviewed table rebuild conflicts now retain rebuild-plan evidence for direct source indexes/triggers, dependent views, and dependent view triggers. tests/cow/schema_review.php proves dependency-only source drift returns the reviewed conflict to needs-action even when the table DDL itself did not change.
Applied plugin merge drivers now rerun discovered plugin validators before recording a plugin-driver resolution. If the same plugin/conflict type is still reported for the same validator object or logical_identity, the driver is rejected instead of closing an uncleared validator finding; ForkPress-owned driver execution also rolls back target DB/files.
The built-in WordPress semantic validator now scans block.json file: references in active plugins and records review conflicts when a merge leaves standard block metadata pointing at a missing or unsafe plugin asset.
The built-in WordPress attachment upload validator now rejects upload metadata paths after normalization if they escape wp-content/uploads, so generated-size metadata such as ../../../../database/.ht.sqlite cannot be treated as a valid managed database file.
The built-in WordPress attachment upload validator now also rejects upload metadata paths that resolve to symlinks or other non-regular filesystem entries, so generated-size metadata cannot satisfy an attachment reference by pointing at a special upload entry.
The built-in WordPress attachment upload validator now records review conflicts when multiple attachment rows claim the same regular upload file, so duplicate ownership is caught even without a plugin media validator.
The built-in WordPress attachment upload validator now records review conflicts when one attachment has duplicate _wp_attached_file or _wp_attachment_metadata rows, so branch merges cannot hide ambiguous media state behind whichever postmeta row WordPress reads last.
The built-in WordPress attachment upload validator also records review conflicts when distinct upload paths differ only by case, so merges cannot introduce media metadata that is ambiguous on default macOS or Windows filesystems.
The built-in WordPress attachment upload validator now records review conflicts when a safe _wp_attachment_metadata.file path disagrees with the safe _wp_attached_file path for the same attachment.
The built-in WordPress attachment upload validator now records review conflicts when an image attachment has a safe _wp_attached_file upload path but no _wp_attachment_metadata row.
The built-in WordPress attachment upload validator now records review conflicts when backup-size metadata has non-positive or non-numeric dimensions, or when backup-size filesize metadata no longer matches the referenced upload file, matching the existing original/generated-size metadata checks.
The built-in WordPress attachment upload validator now records review conflicts when attachment post_mime_type, generated-size mime-type, or backup-size mime-type metadata disagrees with the referenced upload file extension for common WordPress media extensions.
The same validator also records review conflicts when recognizable upload bytes for original, generated-size, or backup-size files disagree with common WordPress media file extensions, such as PDF bytes behind a .jpg path.
The built-in WordPress attachment upload validator now records review conflicts when generated-size, original_image, or backup-size child metadata filenames contain safe subdirectories instead of basenames. It resolves those child paths relative to the attachment directory for file evidence, matching WordPress behavior, while still rejecting unsafe .., empty segment, absolute, URL-like, and drive-letter child paths.
The built-in WordPress attachment upload validator now records review conflicts when a present _wp_attachment_metadata.original_image value is empty or not a string, so malformed scaled-image metadata cannot skip the original-image filename checks.
The built-in WordPress attachment upload validator now records generated-size and backup-size child mime-type metadata as invalid shape when the field is present but empty or non-string. tests/cow/media_validator.php covers empty and numeric child MIME values and verifies those cases do not inflate the built-in MIME-drift queue.
Non-AUTOINCREMENT INTEGER PRIMARY KEY plugin-table parent collisions now also hold dependent source child rows when a foreign key would otherwise bind them to a different target parent row with the same key.
Plugin AUTOINCREMENT parent rows with branch-band IDs but colliding plugin-defined unique/logical keys now hold dependent source child rows with an auditable parent unique-collision reason instead of surfacing only a low-level constraint failure.
Explicit out-of-band parent page imports now have focused coverage for wp_posts.post_parent: an in-band child page behind a held explicit parent stays review-held, so ForkPress does not merge a dangling page hierarchy.
Release v0.1.43 was published from trunk commit 01f0e423614e89f6404c20a16e7dd2306a43d4b0 after all five release targets built, packaged, and smoke-tested, including aarch64-apple-darwin.
Existing non-main Git branch updates now reject missing branch SQLite databases before staging or publishing pushed files, matching the runtime write guard for incomplete branch-birth metadata.

Keep aarch64 macOS release and APFS sparsebundle E2E green on trunk for future releases; do not treat a transient compact skip as proof that compaction itself succeeded.

Current Guarantees

Branches have separate SQLite files and separate file trees.
AUTOINCREMENT branch ID bands prevent routine ID collisions before JSON or serialized references are written.
The DB merge records source-applied, target-kept, target-wins, conflict, resolution, ID-band, row-identity, and rollback-failure metadata outside the WordPress database.
Source row inserts and updates are verified after SQLite accepts the write. If target-side triggers rewrote or removed the row, the write is rolled back and the merge remains reviewable.
Row target-constraint conflicts expose source choices as blocked while current target foreign-key state, target-side CHECK constraints, or target trigger rewrites make the audited source row invalid.
Reviewed source conflict resolutions use the same row postcondition guard.
File changes are merged separately from DB rows and unsafe paths remain conflicts.
Conflict resolution validates that the target still matches the audited value. If the target drifted, resolution stops and asks for a fresh audit.

Reliability Gaps

Recent focused coverage also tightens three roadmap edges:

tests/cow/merge_smoke.php verifies WordPress nav_menu counts are recomputed from published nav_menu_item relationships only, while draft menu items and non-menu post relationships remain preserved without inflating the count.
tests/cow/plugin_validator.php includes a Yoast SEO-shaped wp_yoast_indexable fixture where an index row points at a deleted WordPress post and target SEO title/description edits stay reviewable. The same validator now holds duplicate canonical permalink groups for review when source and target independently add indexables for the same URL, and hierarchy edges whose child or ancestor indexable was removed.
The same suite includes an Elementor-shaped _elementor_data fixture where plugin-owned JSON points at a deleted attachment row/upload file while target widget edits remain visible for review.
The same suite includes Events Calendar-shaped _EventVenueID and _EventOrganizerID fixtures where scalar event postmeta points at deleted tribe_venue and tribe_organizer posts while target event/date edits remain visible for review.
The Events Calendar-shaped validator also covers plugin option/cache JSON: tribe_events_recent_event_ids can preserve target-side option edits while holding stale deleted-event IDs as plugin-scoped conflicts with logical identities.
crates/forkpress-storage/src/lib.rs covers the branch-reset crash window after reset birth metadata has been finalized but before the reset branch is published, proving old metadata/base snapshots are restored and reset can be retried cleanly.

Keep aarch64 macOS release and APFS sparsebundle E2E green on trunk for future releases. Add a separate product check if compact-success itself becomes release-critical.

Test Direction

Every new reliability claim should have one of these test shapes:

A PHP unit test in tests/cow/merge.php for deterministic DB merge behavior.
A COW E2E test in tests/cow/e2e.sh for real WordPress/runtime behavior.
A Rust unit test for CLI, storage, Git publication, release packaging, or platform-specific lifecycle behavior.
A CI workflow gate when the behavior only exists on a target platform, such as APFS sparsebundles or Windows ReFS.

For fast local iteration on merge logic, start with:

make test-cow-merge-smoke

This smoke gate includes regressions for pages created, edited, and deleted on a feature branch while main also creates content. Page-plus-postmeta, page-plus-comment, page-plus-threaded-comment, page-plus-author, page-plus-custom-post-type, page-plus-taxonomy, page-plus-menu, page-plus-child-page, page-plus-revision, page-plus-reusable-block, page-plus-synced-pattern, page-plus-navigation-block, page-plus-template-part, page-plus-template, global-styles, page-plus-attachment, page-plus-image-block, page-plus-gallery, page-plus-file-block, page-plus-media-text, page-plus-audio-cover-video, and page-plus-options cases must complete with zero conflicts while preserving branch-specific IDs inside author/user, comment/user, and threaded-comment graphs, plugin-like CPT graphs, menu relationships, parent/child and revision post_parent page graphs, theme-mod locations, reusable-block and synced-pattern comments plus synced-pattern metadata, core/navigation comments that reference wp_navigation rows, template-part comments that reference wp_template_part rows, page template assignments that reference wp_template rows, attachment metadata, core/image/core/gallery/core/file/core/media-text/ core/audio/core/cover/core/video block JSON, upload files, JSON payloads, and serialized payloads without rewrite. It also includes page/postmeta, child page, revision, user, comment, threaded comment, taxonomy term, reusable block, synced pattern, navigation block, template part, template, menu, attachment, media block page, and option edit/delete conflict cases that must stay reviewable and keep the target deletion until review. The page/postmeta case covers the wp_posts row and its wp_postmeta graph, the child page case covers a deleted child wp_posts row while preserving the unchanged parent page, the revision case covers a deleted revision row while preserving its unchanged parent page, the user case covers wp_users and wp_usermeta, the comment cases cover deleted parentless and reply comments while preserving unchanged authors and parent comments, the taxonomy case covers term rows, term-taxonomy rows, termmeta, and page-term relationships, the reusable block and synced pattern cases cover deleted wp_block rows and target page cleanup while synced patterns also preserve wp_pattern_sync_status metadata cleanup, the navigation block case covers the deleted wp_navigation row and target page cleanup, the template part case covers the deleted wp_template_part row and target page cleanup, the template case covers the deleted wp_template row and target page template assignment cleanup, the menu case covers menu terms, taxonomy rows, menu item posts, menu item metadata, relationships, and theme-mod location cleanup, the attachment case covers the DB and file graph, the media block page case covers a deleted page plus core/audio, core/cover, and core/video attachment rows, attachment metadata, and upload files, and the option cases cover JSON and serialized wp_options rows plus global front/posts page singleton, serialized sticky-post, and scalar site-icon option disagreements, plus serialized theme-mod custom-logo and media-image widget media/audio/video/gallery widgets, pages widget exclusions, nav-menu widget, nav-menu auto-add, content-bearing widgets, and menu-location disagreements, that must stay reviewable.

For filesystem merge behavior, including binary changes and conflicts, safe relative symlinks, unsafe absolute/root-escaping/self-referential/managed-path symlink conflicts, directory/file type replacement review, and source directory deletes with target descendants, run:

make test-cow-filesystem

For WordPress branch UI and router handling, including async create/merge requests and browser-like no-header submissions that should be answered before WordPress admin-post.php or admin-page bootstrap, run:

make test-cow-branch-ui

For explicit import IDs or primary-key rewrites at or outside a branch’s reserved AUTOINCREMENT ID band, run:

make test-cow-explicit-ids

For all cheap COW helper/UI/router checks, run:

make test-cow-fast

The CI e2e jobs run this fast target before building the production runtime bundle, so helper-level merge, Git publication, branch UI, and router regressions fail before the static PHP build.

For Git-created branch, branch-birth metadata, push rollback, and Git publication crash/failpoint changes, run:

make test-cow-git-server

For the default local iteration gate, let the changed-file planner choose the smallest focused COW/PHP checks for the current diff:

make test-cow-changed

See docs/merge-test-speed.md for the planner rules and CI preflight behavior.

For branch-birth metadata validation, frozen pre-write filesystem base snapshots, and cleanup isolation without the Git publication harness, run:

make test-cow-branch-birth

For ID-band allocation, in-band branch reuse, branch-reset reuse protection, JSON/serialized branch ID preservation, and non-bandable INTEGER PRIMARY KEY plugin collision checks, run:

make test-cow-id-bands

For a semantic-only fast gate that skips Git publication, branch UI, router, schema, and generic filesystem checks while still covering page smoke merges, ID bands, explicit IDs, media/upload validators, plugin validators, stale audits, and WordPress semantic reference validators, run:

make test-cow-semantic-fast

For the focused runtime WordPress semantic E2E slice, which starts a real ForkPress site and merges branch-created page/edit/delete, media upload, menus, reusable blocks, options, comments, users, terms, CPT data, and plugin-shaped DB/JSON/serialized/file graphs before exiting the larger E2E script, run:

make test-cow-e2e-semantic FORKPRESS_E2E_BIN=/path/to/forkpress

For schema dependency planning and review-only cases such as dependent source-added views/triggers, source-added views or triggers that depend on source-added tables, cyclic source-added views/triggers, source-added expression unique indexes blocked by target rows, or source-added triggers with missing dependencies, run:

make test-cow-schema-review

For WordPress upload/media validator changes, including missing required attachment metadata rows, missing original, metadata-side original, original_image, backup, or generated upload files, missing or empty metadata-side original file fields, invalid serialized attachment metadata, duplicate attachment upload metadata rows, duplicate original/generated upload ownership, invalid image_meta, invalid original/generated/backup dimensions, original/generated/backup filesize drift, attachment post_mime_type and generated-size/backup mime-type drift against known upload file extensions, attached-file metadata drift, generated-size, original_image, or backup filename drift, unsafe primary/metadata/generated/original_image/backup paths including URL-like and Windows drive-letter primary/metadata upload metadata, and malformed or incomplete generated-size or backup-size metadata, run:

make test-cow-media-validator

For WordPress semantic reference validators, including pages left pointing at deleted reusable blocks, synced patterns, or template parts, child pages or attachments left pointing at deleted post_parent rows, posts or attachments left pointing at deleted post_author users, postmeta rows left pointing at deleted posts, usermeta rows left pointing at deleted users, and nav menu items left pointing at deleted parent menu items or deleted pages, plus featured-image postmeta left pointing at deleted attachments/files, target-added or target-edited _thumbnail_id metadata pointing at source-deleted attachments, target-edited page_on_front, page_for_posts, or site_icon options pointing at source-deleted objects, target-edited _menu_item_object_id or _menu_item_menu_item_parent metadata pointing at source-deleted menu objects, and core/audio, core/cover, core/file, core/image, core/video, core/media-text, or core/gallery block JSON left pointing at deleted attachments/files from content-bearing custom post types as well as posts/pages, core/query block JSON including taxQuery and core/latest-posts filters left pointing at deleted author users or taxonomy terms, core/avatar block JSON left pointing at deleted users, core/navigation-link and core/navigation-submenu block JSON left pointing at deleted pages or taxonomy terms, term relationships left pointing at deleted taxonomy terms, term taxonomy rows left pointing at deleted terms, child taxonomy terms left pointing at deleted parent terms, termmeta rows left pointing at deleted terms, comments left pointing at deleted posts/users/parent comments, commentmeta left pointing at deleted comments, options/widgets/theme mods left pointing at deleted WordPress objects, the built-in WordPress page-route and term-route validators that hold duplicate route-visible page slugs and taxonomy term slugs for review, the built-in WordPress user-login validator that holds duplicate case-insensitive wp_users.user_login identities for review, and the built-in WordPress global-styles validator that holds duplicate published wp_global_styles style keys, plus duplicate published wp_template and wp_template_part Site Editor object keys, and the built-in attachment upload validator that holds exact or case-insensitive duplicate upload ownership for review, run:

make test-cow-wp-semantic-validator

For plugin-owned DB/JSON/file graph validator changes, including serialized or JSON option/postmeta references, unsafe plugin-owned file references including URL-like and Windows drive-letter file paths, validator runner contract checks, rerun replacement evidence, explicit plugin source-evidence drift, and first-class plugin logical-identity drift, run:

make test-cow-plugin-validator

For stale-audit revalidation, source/target drift, deleted target rows, no-primary-key rowid reuse, WordPress semantic identity replacement across posts, postmeta, options, terms, taxonomy, termmeta, users, usermeta, comments, and commentmeta, custom/plugin non-PK UNIQUE logical-key replacement, row-context-backed cell conflict identity drift, and guarded --after-revalidate resolution changes, run:

make test-cow-stale-audit

For the broader PHP merge gate without building ForkPress or starting the full WordPress E2E harness, run:

make test-cow-merge

Prefer adding validators before adding automatic conflict resolution for plugin or schema cases. A reliable reviewable conflict is better than an automatic merge that invents WordPress semantics.

See docs/plugin-merge-validators.md for the proposed plugin validator contract.

See docs/merge-repair-policy.md for the repair-versus-review policy for WordPress and plugin semantic graphs.

See docs/stale-audit-workflow.md for the proposed stale-audit revalidation workflow.

See docs/merge-crash-consistency.md for the merge crash-consistency boundary map.

Follow-Up Work

PR #46 should be treated as a merge-reliability hardening milestone, not the final proof that all merges are automatic or fully reliable. The next work should stay focused on these areas:

Add more validators for real plugins with known cross-table, serialized, JSON, and file graphs. Add plugin-owned merge drivers only when the plugin can prove a deterministic repair.
Build broader external kill harnesses for public Git push/serve entry points, then verify recovery from a fresh process after each interruption.
Expand explicit-ID/import handling beyond the currently covered AUTOINCREMENT row insert/rewrite and known WordPress reference cases.
Add guarded plugin/schema stale-audit resolution flows where the plugin or schema planner can prove the reviewed choice is still valid.
Keep conflict resolution modeled as a first-class contract in audit output: every conflict class should advertise its legal executable choices, resolution strategy, generic resolver support, and revalidation support before the CLI or UI offers an action. Audit output should also expose lifecycle and next-action fields so deferred, needs-action, reviewed, validated, and resolved conflicts are not inferred from free-form review notes. Conflict state changes now append merge_conflict_events, giving UI and API clients a durable event stream for recorded, reviewed, revalidated, and resolved conflicts; validation-only merge-resolve calls are persisted as validated resolutions with resolution-validated events, --apply-reviewed applies the latest unapplied validated choice, payload-specific blockers such as cyclic schema source resolution, unresolved target dependencies for source-dropped tables/views, foreign-key row, unique-collision row, and primary-key-addressable cell source choices blocked by current target state, target-side row CHECK constraints, target trigger rewrites, unsafe filesystem source payloads, and target-descendant directory deletions are exposed as blocked_resolution_choices, conflict rows expose a stable conflict_key for logical UI grouping plus previous_conflict_id lineage for recurring conflicts and plugin validator replacement evidence on the same source/target branch pair, conflict rows are scoped to the merge run so repeated unresolved conflicts and identical payload conflicts on different branch pairs receive their own rows/events, and blocked resolver attempts append resolution-blocked events that move the still-open conflict back to needs-action/manual-review queues instead of leaving UI clients to offer a stale validated apply, and merge-audit --conflict-key <key> can focus conflict, conflict-event, or resolution audit output on one logical conflict group, merge-review conflict-key <key> [--run <id>] can attach review status by logical key, merge-resolve conflict-key <key> [--run <id>] can validate or apply a conflict choice by logical key when that key is unambiguous, and merge-audit --lifecycle-state <state> can focus conflict queues and conflict-event history on unreviewed, deferred, needs-action, reviewed, validated, or resolved records without clients reimplementing lifecycle inference, merge-audit --resolution-choice source|target|plugin-driver and --blocked-resolution-choice source|target can focus queues using the same live contract that merge-resolve enforces, merge-audit --next-action <action> can focus queues by the action a UI should offer next, merge-audit --latest-revalidation-status <status> can focus conflicts whose latest revalidation guard is still current or has drifted again, and merge-audit --stale-status <status> can query live conflict staleness before revalidation. merge-audit --records conflicts --group-by lifecycle, --group-by next-action, --group-by conflict-key, --group-by latest-revalidation-status, and --group-by stale-status can summarize queue counts by lifecycle, required action, logical conflict, current guard status, or live stale status without client-side aggregation. merge-audit --records conflicts --group-by resolution-strategy, --group-by generic-resolver, and --group-by after-revalidate summarize which queues are generic-resolver ready and which require guarded revalidation before apply; the same names are also filters for focusing conflict and conflict-event records. merge-audit --records conflict-events --group-by event-type, --group-by lifecycle, --group-by conflict-key, and the plugin groupings can summarize recorded, review, revalidation, blocked-resolution, and resolution event history without client-side aggregation.
Improve deterministic schema dependency planning for safe view/trigger reorderings while keeping cyclic or semantic ambiguity review-only.
Keep aarch64 macOS release artifacts and APFS sparsebundle E2E runs green for each release. Refresh release-gate evidence from GitHub releases and workflow runs when this note changes; do not use this page as the source of truth for the current published version.