[codex] Keep session tokens target-local during COW merges

[adamziel]

What it does

Keeps WordPress wp_usermeta.session_tokens rows target-local during COW merges, records auditable target-kept decisions for those skipped auth-state rows, and tightens the semantic WordPress E2E gate so hidden merge conflicts fail the test instead of being tolerated.

Rationale

A real UI merge was succeeding at the CLI layer while the latest merge run was completed_with_conflicts because branch-local WordPress session tokens diverged between source and target. Session tokens are runtime authentication state, not portable site content, so importing them from a branch is both noisy and undesirable.

Implementation

• Adds a target-local WordPress row classifier for wp_usermeta.meta_key = session_tokens.
• Skips source changes and source-only rows for those session token records while writing target-kept merge decisions.
• Adds focused PHP regression coverage for target/source token divergence and source-only token rows.
• Requires the semantic WordPress object graph E2E merge to finish with status: completed and zero recorded conflicts.
• Updates the merge reliability checklist to document the stricter clean-merge gate.

Testing instructions

Already run locally:

php -l scripts/cow/merge.php
php -l tests/cow/merge.php
php tests/cow/merge.php
make test-cow
bash -n tests/cow/e2e.sh
git diff --check

[adamziel]

Added one more E2E guard on this PR: the independently banded WordPress post merge now requires an exact status: completed line and verifies the latest band-merge-source -> band-merge-target merge run has zero merge_conflicts rows. I also tightened the semantic graph status grep to exact-line matching so completed_with_conflicts cannot pass by prefix.\n\nFocused checks run after the change:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Folded the reliability-matrix note into the clean banded-post gate commit and force-pushed the branch. Current PR #63 head: bf52bf7.\n\nFocused checks rerun:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added another semantic E2E assertion on this PR: after merging, the branch-local edited pages now have to preserve their exact edited block content and branch-specific author IDs, not merely exist by title. The reliability matrix now records that stronger page edit/delete evidence. Current PR #63 head: 1afc9c9.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added a second semantic media assertion: the E2E runtime now exposes post_parent for semantic posts, and the merged media checks require each attachment to keep its branch page parent in addition to the original/generated upload file checks. Current PR #63 head: 7a27c95.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added one more plugin-shaped graph assertion: semantic E2E now verifies the custom-table child JSON payload keeps the same parent ID as the child row and the parent graph. Current PR #63 head: 33ff854.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added a plugin-owned filesystem assertion: semantic E2E now checks the branch-specific plugin graph file contents, not only that the file exists. This strengthens the custom-table/JSON/serialized/file object graph coverage on this PR. Current PR #63 head: 5810a0b.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added a semantic option graph assertion: serialized and JSON option payloads now have to point to the branch's actual merged author/user ID, instead of only requiring a nonzero user reference. Current PR #63 head: 077ff40.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added setup-side validation for the semantic E2E fixture: before merge, each branch now proves its branch-local graph is coherent for attachment parent links, option/JSON option user refs, plugin child payload refs, and plugin file contents. That separates bad fixture setup from merge regressions. Current PR #63 head: 544c028.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added a real block/media semantic assertion: the runtime page now includes a core/image block referencing the branch media attachment, and both pre-merge and post-merge checks verify the block JSON still points at that attachment. Current PR #63 head: a184f11.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n

[adamziel]

Added the featured-image side of the semantic media graph: pages now store _thumbnail_id pointing at their branch attachment, and both pre-merge and post-merge checks verify that featured-media ref survives with the attachment row/files and image block ref. Current PR #63 head: b7cf09a.\n\nFocused checks run:\n\nbash\nbash -n tests/cow/e2e.sh\ngit diff --check\n