v0.9.0-rc.37

Determinism fix: a burst of deletes no longer silently drops the next write to a peer (#243). A bulk delete could open a peer's circuit breaker and block all subsequent syncs to it, so a committed write would never cross that hop — in the C2-failover relay topology (the peer is the sole relay), it reached no downstream node. A cross-hop-liveness violation: the write succeeded locally but vanished, with no error surfaced to the caller.

Fixed

• Absent document tripped the peer circuit breaker — automerge_sync.rs. initiate_sync_inner turned a deleted/absent document (store.get → None) into Err via .context("Document not found for sync"), which surfaces as SyncError::Document (Fatal / non-retryable) and increments the per-peer circuit breaker. A burst of ≥ failure_threshold (default 5) deletes then opened the breaker and blocked all subsequent syncs to that peer until open_timeout (default 5 s) elapsed — silently dropping unrelated, healthy writes. (Threshold and recovery matched the observed ≥5-deletes trigger and <5 s self-heal exactly.) Fix: an absent document is a clean skip (Ok) — there is nothing to send, and the deletion itself propagates via the tombstone sync path; a local document-state condition must never trip a peer-health breaker. Mirrors the existing send-side tombstone guard. Regression test absent_document_sync_does_not_trip_circuit_breaker (6 absent-doc syncs above the threshold must not open the breaker); lab-validated on the 7-node failover lab (post-burst write→peer: TIMEOUT → 0.01 s; breaker opens: 6+ → 0).