Automated Sync Should Auto-Resolve and Never Clobber

When you build automation that syncs shared state across many machines, the load-bearing rule is simple: never lose a write. Conflicts should resolve automatically rather than halting the flow and waiting for a human, but “automatic” must never mean overwriting one side. Force-pushes, hard resets, and blind “take ours/theirs” strategies all silently discard work — ban them outright.

Prefer a resolution ladder that escalates while always keeping both sides: fast-forward when possible, then rebase, then a union merge that preserves both contributions, and finally a keep-both copy for anything genuinely unmergeable. The flow keeps moving; nothing is ever destroyed.

Put the safety in the flow, not in a gate or a freeze. Serialize every writer on a single shared lock so there is exactly one committer per tree, add backstops that refuse to publish secrets and oversized binaries, and emit a legible event for every auto-resolution so the system reports its real state instead of pretending nothing happened.

Finally, prove these guarantees against the real system before shipping. Bets like “never lose a write” or “this merge keeps both sides” should be validated against reality, not asserted from mocks.